postfix: Add "noroot" and "skip-libdb-check" patches.

1/ setuid is no-op
2/ (Quickly) Allow to compile with slapos.

Work on mail_params.c, master.c, postsuper.c by Marco Mariani.

component/postfix/buildout.cfg

@@ -9,11 +9,29 @@ extends =
 
 parts = postfix
 
+[noroot.patch]
+recipe = hexagonit.recipe.download
+url =${:_profile_base_location_}/${:filename}
+filename = ${:_buildout_section_name_}
+download-only = true
+md5sum = a476856bb1a4ee2ab03963acac03cd1d
+
+[skip-libdb-check.patch]
+recipe = hexagonit.recipe.download
+url =${:_profile_base_location_}/${:filename}
+filename = ${:_buildout_section_name_}
+download-only = true
+md5sum = 55751726c33d75ab31827bf5e4f4be5d
+
 [postfix]
 recipe = slapos.recipe.cmmi
 url = ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.10.0.tar.gz
 md5sum = b2a563b2d5c53462952886e6fc4e4b7b
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
+patch-options = -p1
+patches =
+  ${noroot.patch:location}/${noroot.patch:filename}
+  ${skip-libdb-check.patch:location}/${skip-libdb-check.patch:filename}
 configure-command = make
 configure-options = makefiles CCARGS='-DUSE_TLS -DHAS_PCRE -DHAS_DB -I${libdb:location}/include -I${pcre:location}/include -I${openssl:location}/include' AUXLIBS='-L${openssl:location}/lib -L${pcre:location}/lib -L${libdb:location}/lib -lssl -lpcre -ldb -lcrypto -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${libdb:location}/lib'
 make-targets = non-interactive-package install_root=${:location}

component/postfix/noroot.patch

+--- a/src/util/set_ugid.c
++++ b/src/util/set_ugid.c
+@@ -44,7 +44,7 @@
+
+ void    set_ugid(uid_t uid, gid_t gid)
+ {
+-    int     saved_errno = errno;
++/*    int     saved_errno = errno;
+
+     if (geteuid() != 0)
+        if (seteuid(0) < 0)
+@@ -58,4 +58,4 @@ void    set_ugid(uid_t uid, gid_t gid)
+     if (msg_verbose > 1)
+        msg_info("setugid: uid %ld gid %ld", (long) uid, (long) gid);
+     errno = saved_errno;
+-}
++*/}
+--- a/src/postfix/postfix.c
++++ b/src/postfix/postfix.c
+@@ -448,12 +448,12 @@ int     main(int argc, char **argv)
+      * privileges for selected operations. That's right - it takes privileges
+      * to toss privileges.
+      */
+-    if (getuid() != 0) {
++    /*if (getuid() != 0) {
+ 	msg_error("to submit mail, use the Postfix sendmail command");
+ 	msg_fatal("the postfix command is reserved for the superuser");
+     }
+     if (unsafe() != 0)
+-	msg_fatal("the postfix command must not run as a set-uid process");
++	msg_fatal("the postfix command must not run as a set-uid process");*/
+ 
+     /*
+      * Parse switches.
+--- a/src/global/mail_params.c
++++ b/src/global/mail_params.c
+@@ -709,7 +709,9 @@ void    mail_params_init()
+     check_default_privs();
+     check_mail_owner();
+     check_sgid_group();
++    /*
+     check_overlap();
++    */
+ #ifdef HAS_DB
+     dict_db_cache_size = var_db_read_buf;
+ #endif
+--- a/src/master/master.c
++++ b/src/master/master.c
+@@ -315,10 +315,10 @@ int     main(int argc, char **argv)
+      * privileges for selected operations. That's right - it takes privileges
+      * to toss privileges.
+      */
+-    if (getuid() != 0)
++    /*if (getuid() != 0)
+        msg_fatal("the master command is reserved for the superuser");
+     if (unsafe() != 0)
+-       msg_fatal("the master command must not run as a set-uid process");
++       msg_fatal("the master command must not run as a set-uid process");*/
+ 
+     /*
+      * Process JCL.
+--- a/src/postsuper/postsuper.c
++++ b/src/postsuper/postsuper.c
+@@ -1150,10 +1150,10 @@ int     main(int argc, char **argv)
+      * the secondary groups, the process environment, and so on. Otherwise,
+      * accidents can happen. If not with Postfix, then with other software.
+      */
+-    if (unsafe() != 0)
++    /*if (unsafe() != 0)
+        msg_fatal("this postfix command must not run as a set-uid process");
+     if (getuid())
+-       msg_fatal("use of this command is reserved for the superuser");
++       msg_fatal("use of this command is reserved for the superuser");*/
+ 
+     /*
+      * Parse JCL.

component/postfix/skip-libdb-check.patch

+ makedefs | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/makedefs b/makedefs
+index 93b5949..c1377d5 100644
+--- a/makedefs
++++ b/makedefs
+@@ -284,13 +284,13 @@ case "$SYSTEM.$RELEASE" in
+ 		    elif [ -f /usr/include/db/db.h ]
+ 		    then
+ 			CCARGS="$CCARGS -I/usr/include/db"
+-		    else
++		  #  else
+ 			# No, we're not going to try db1 db2 db3 etc.
+ 			# On a properly installed system, Postfix builds
+ 			# by including <db.h> and by linking with -ldb
+-			echo "No <db.h> include file found." 1>&2
+-			echo "Install the appropriate db*-devel package first." 1>&2
+-			exit 1
++			#echo "No <db.h> include file found." 1>&2
++			#echo "Install the appropriate db*-devel package first." 1>&2
++			#exit 1
+ 		    fi
+ 		    SYSLIBS="-ldb"
+ 		    ;;
+@@ -356,12 +356,12 @@ EOF
+ 		    elif [ -f /usr/include/db/db.h ]
+ 		    then
+ 			CCARGS="$CCARGS -I/usr/include/db"
+-		    else
++		  #  else
+ 			# On a properly installed system, Postfix builds
+ 			# by including <db.h> and by linking with -ldb
+-			echo "No <db.h> include file found." 1>&2
+-			echo "Install the appropriate db*-devel package first." 1>&2
+-			exit 1
++			#echo "No <db.h> include file found." 1>&2
++			#echo "Install the appropriate db*-devel package first." 1>&2
++			#exit 1
+ 		    fi
+ 		    SYSLIBS="-ldb"
+ 		    ;;
+@@ -387,12 +387,12 @@ EOF
+ 		    elif [ -f /usr/include/db/db.h ]
+ 		    then
+ 			CCARGS="$CCARGS -I/usr/include/db"
+-		    else
++		  #  else
+ 			# On a properly installed system, Postfix builds
+ 			# by including <db.h> and by linking with -ldb
+-			echo "No <db.h> include file found." 1>&2
+-			echo "Install the appropriate db*-devel package first." 1>&2
+-			exit 1
++			#echo "No <db.h> include file found." 1>&2
++			#echo "Install the appropriate db*-devel package first." 1>&2
++			#exit 1
+ 		    fi
+ 		    SYSLIBS="-ldb"
+ 		    ;;
+-- 
+1.7.11.3
+
+