[GF-Users] postfix-tlspol
Michael Webb
michael.webb at integrilog.com
Sun Jun 22 01:25:55 MST 2025
Hi Peter
Thank you for the examples.
Hope this helps. I have created a spec file but don't know if this is any good because I don't know how to test it (yet).
https://www.integrilog.com/adhj5jkuuk2sfsf0/postfix-tlspol/golang-github-zuplu-postfix-tlspol.spec.txt
I discovered a package called go2rpm. Took a while to find all the dependencies I needed, but the output looks reasonable.
1. Only thing that the build couldn't resolve was the spdx for 2 perceived license instances and I had to specify EXCLUDE in these 2 places for "COPYRIGHT" and "yaml" (see below).
2. Also, I contend that although the default/example config.yaml specifies 127.0.0.53:53 intended for "resolve", the preferred IP address for EL should be 127.0.0.1:53 for "bind" DNS resolver.
I think this was all I needed (Rocky 9.6) to build the spec file. I did not use a python venv and installed go2rpm directly into my os:
dnf install git golang python python3-build python3-installer python3-specfile pip rpmdevtools askalono-cli
pip install tomlkit flit-core aiohttp gitpython jinja2 go-vendor-tools
cd /root
git clone https://gitlab.com/fedora/sigs/go/go2rpm
cd go2rpm
python -m build --wheel --no-isolation
python -m installer --destdir=/ /root/go2rpm/dist/go2rpm-1.16.0.post0-py3-none-any.whl
mkdir /root/rpmspec
cd /root/rpmspec
git config --global user.name "root" #unsure what I was supposed to put here and why it cared
git config --global user.email "root at example.com" #unsure why it needed this, it did not included it in the spec file
go2rpm -d -p vendor github.com/Zuplu/postfix-tlspol
Warnings from the build:
Undetected licenses found! Please enter them manually.
* Undetected license: /tmp/tmpsnmp5mkw/postfix-tlspol-1.8.11/vendor/github.com/miekg/dns/COPYRIGHT
Enter SPDX expression (or EXCLUDE): EXCLUDE
Adding file to licensing.exclude_files...
* Undetected license: /tmp/tmpsnmp5mkw/postfix-tlspol-1.8.11/vendor/gopkg.in/yaml.v3/LICENSE
Enter SPDX expression (or EXCLUDE): EXCLUDE
Adding file to licensing.exclude_files...
LICENSE: MIT
Will be away for the week with limited access to email, so may not be very responsive.
Thanks for the help and support
Mike
-----Original Message-----
From: users-bounces at lists.ghettoforge.org <users-bounces at lists.ghettoforge.org> On Behalf Of Peter
Sent: Saturday, June 21, 2025 6:59 PM
To: users at lists.ghettoforge.org
Subject: Re: [GF-Users] postfix-tlspol
If you want to have a crack at it you can look at the one I made for
tlsrpt-reporter:
https://rpa.st/raw/GV6Q
...compare that to the PKGBUILD file from arch:
https://gitlab.archlinux.org/archlinux/packaging/packages/tlsrpt-reporter/-/raw/main/PKGBUILD?ref_type=heads
...and then you'd want to try a similar adaptation for the PKGBUILD file for postfix-tlspol:
https://gitlab.archlinux.org/archlinux/packaging/packages/postfix-tlspol/-/raw/main/PKGBUILD?ref_type=heads
Peter
On 22/06/25 02:25, Michael Webb wrote:
> Peter, Understood. Thank you. Maybe I can learn to do it. For now I
> have logged a request at the source. Someone there with hidden talents
> may be able to contribute.
> https://github.com/Zuplu/postfix-tlspol/issues/56
>
> Mike
>
> -----Original Message-----
> From: users-bounces at lists.ghettoforge.org
> <users-bounces at lists.ghettoforge.org> On Behalf Of Peter
> Sent: Friday, June 20, 2025 6:32 PM
> To: users at lists.ghettoforge.org
> Subject: Re: [GF-Users] postfix-tlspol
>
> I'm happy to do it, but there's currently no spec file available so I'll have to create one likely based on the steps in the arch PKGBUILD file.
> It might take a little while to do because I currently have a lot of other stuff on my plate and very little time to do it.
>
>
> Peter
>
>
> On 21/06/25 10:34, Michael Webb wrote:
>> Hi Peter
>>
>> I have wanted to mention this package for some time. I consider it
>> essential to postfix TLS and TLSRPT integration. Although I have been
>> compiling myself and using this package on my production servers
>> since January 2025 with ease, I believe it would benefit the EL
>> community more to have it available on GhettoForge.
>>
>> https://github.com/Zuplu/postfix-tlspol
>>
>> To the best of my knowledge, it was the first (and possibly is still
>> the
>> only) open-source program to resolve both TLSA and MTA-STS records
>> and prioritize DANE delivery when recipients have specified both
>> record types. The author has been developing this since October 2024
>> and has brought Wietse Venema into the discussion several times to
>> clarify IETF RFC language and postfix connectivity. A couple of
>> European email services providers (with high and varied volume) also
>> actively worked with the author to fix some issues. The integration
>> was extremely well done with helpful logs, console query commands for
>> testing, compact, high-speed processing, and using best practice in
>> general. The only updates for about the last 6 weeks have been
>> platform related and I personally consider it stable.
>>
>> Mike
>>
>>
>> _______________________________________________
>> users mailing list
>> users at lists.ghettoforge.org
>> http://lists.ghettoforge.org/mailman/listinfo/users
>
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.org
> http://lists.ghettoforge.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.org
> http://lists.ghettoforge.org/mailman/listinfo/users
_______________________________________________
users mailing list
users at lists.ghettoforge.org
http://lists.ghettoforge.org/mailman/listinfo/users
More information about the users
mailing list