1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
README.packaging
================
fetchmail 6.5 changes relevant for packagers
--------------------------------------------
Greetings, dear packager!
The bullet points below mention a few useful hints for package(r)s:
- Getting closer to reproducible builds has a few requirements:
- SOURCE_DATE_EPOCH needs to be set
- for meson builds, make a normal "meson setup", then a "meson dist",
then re-run "meson dist" under fakeroot to set the UID/GID of
files in the tarball to 0.
- for autotools builds (./configure)
. the make command used needs to be able to export variables,
either through .export VAR (FreeBSD's make) or export VAR (GNU make).
- the TAR command needs to use a GNU tar compatible TAR_OPTIONS
variable
- Mind the license difficulties around GPL'd software mixing in
OpenSSL/SSLeay licensed or Apache licensed code!
You cannot use OpenSSL derivative works such as LibreSSL that incur the
OpenSSL or SSLeay licensing terms, see COPYING for details.
- Note OpenSSL's license changed between v1.1.1 and v3. See COPYING.
- Fetchmail requires OpenSSL or wolfSSL, for details, see README.SSL.
If you patch fetchmail to accept an older SSL/TLS library version,
YOU are responsible to provide and/or backport security fixes for it!
Only link against SSL/TLS library versions that have compatible
licenses or are covered by the license exception, and
that receive security fixes!
- Note that fetchmail's SSL/TLS client code checks the SSL library version.
Fetchmail refuses to work with a library that is older (has a lower version
number) than the header files it was compiled with, so:
be sure that the version your CI/CD pipelines build fetchmail with,
also build the SSL run-time library before or at the same time!
- Your configuration and examples MUST NOT encourage setups running
fetchmail as the root user. For system-wide setups, a separate user,
possibly in a dedicated group of its own, should be used.
If you want to support --mda setups that impersonate other users,
DO NOT suggest or endorse unmaintained software such as procmail.
Instead, suggest maintained software that supports a "delivery mode",
for instance, Sam Varshavchik's maildrop (which is part of the Courier-MTA
and available separately) and which was DESIGNED to be installed set-uid.
> If you want to defeat Python byte-code compilation and would rather like to
install fetchmailconf.py yourself, you can add
PYTHON=:
to the ./configure command or pass this in the environment. This pretends
to the configure script that no Python interpreter were installed.
- The Makefile generates a two-line "fetchmailconf" /bin/sh wrapper script that
executes the actual fetchmailconf.py with the python installation found at
configuration time, so that users can still type "fetchmailconf" rather than
"python fetchmailconf".
- Note that fetchmailconf.py supports a few command line arguments, so if you
use local wrapper scripts, be sure they pass on their own arguments properly.
Remember to use "$@" (with quotes) in shells, not $*.
- There is now a dummy fetchmailconf manual page which will just source (roff's
".so" command) the fetchmail manual page for now. You can of course keep your
symlinks in place and ignore this dummy. IF you install the dummy and
compress your man pages, be sure to test "man fetchmailconf", on some
systems, you'll need to adjust the ".so" command to point to the compressed
version.
|
