[rpms/postsrsd] epel10: Revert "Retired: Long term failure to build"

[David Beveridge <dave@bevhost.com>]

            A new commit has been pushed.

            Repo   : rpms/postsrsd
            Branch : epel10
            Commit : 4afb7eaf2dcb71e82ef60f467e30bd1ec64df87f
            Author : David Beveridge <dave@bevhost.com>
            Date   : 2026-06-07T06:08:38+10:00
            Stats  : +390/-1 in 5 file(s)
            URL    : https://src.fedoraproject.org/rpms/postsrsd/c/4afb7eaf2dcb71e82ef60f467e30bd1ec64df87f?branch=epel10

            Log:
            Revert "Retired: Long term failure to build"

This reverts commit 6f44189f25f4447d18af9e9f23ac1aac0316010d.

Signed-off-by: David Beveridge <dave@bevhost.com>

---
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7773a4c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/postsrsd-*.tar.gz

diff --git a/dead.package b/dead.package
deleted file mode 100644
index ab7426e..0000000
--- a/dead.package
+++ /dev/null
@@ -1 +0,0 @@
-Retired: Long term failure to build

diff --git a/postsrsd.conf b/postsrsd.conf
new file mode 100644
index 0000000..99c67b2
--- /dev/null
+++ b/postsrsd.conf
@@ -0,0 +1,169 @@
+# PostSRSd example configuration file
+# Copyright 2022 Timo Röhling
+# SPDX-License-Identifier: FSFUL
+#
+# The copyright holder gives unlimited permission to copy, distribute and modify
+# this file.
+
+# Local domains
+# Your local domains need not be rewritten, so PostSRSd has to know about them.
+#
+# Example:
+#     domains = { "example.com", "example.org", "example.net" }
+#
+domains = {}
+
+# Local domains (file storage)
+# Instead of listing your local domains directly, you can also write them to a
+# file and have PostSRSd read it. This is particularly useful if you have a
+# large number of domains for which you need to act as mail forwarder.
+#
+# Example:
+#     domains-file = "/etc/postsrsd.domains"
+#
+#domains-file =
+
+# Dedicated SRS rewrite domain.
+# The local domain which is used to create the ephemeral SRS envelope
+# addresses. It is recommended that you use a dedicated mail domain for SRS if
+# you serve multiple unrelated domains (e.g. for your customers), to prevent
+# privacy issues. If unset, the first configured local domain is used.
+#
+# Example:
+#     srs-domain = "srs.example.com"
+#
+#srs-domain =
+
+# Socketmap lookup table for Postfix integration.
+# Traditionally, PostSRSd interacts with Postfix through the canonicalization
+# lookup tables of the cleanup daemon. If you use a unix socket, be aware that
+# most Postfix instances will jail their cleanup daemon in a /var/spool/postfix
+# chroot, so no other path will be visible to them.
+#
+# Examples:
+#     socketmap = unix:/var/spool/postfix/srs
+#     socketmap = inet:localhost:10003
+#
+socketmap = unix:/var/spool/postfix/srs
+
+# Socketmap connection keep-alive timeout.
+# After PostSRSd has served a socketmap request, it will keep the connection
+# open for a while longer, in case Postfix has additional queries. PostSRSd
+# will close the connection after the configured time (in seconds) has expired.
+#
+# Examples:
+#     keep-alive = 30
+#
+keep-alive = 30
+
+# Milter endpoint for MTA integration.
+# PostSRSd can act as a milter to rewrite envelope addresses if it has been
+# built with milter support.
+#
+# Examples:
+#     milter = unix:/var/spool/postfix/srs_milter
+#     milter = inet:localhost:9997
+#
+#milter =
+
+# Original envelope sender handling.
+# When the envelope sender is rewritten, the original address can either be
+# embedded in the rewritten address, or stored in a local database. Embedding
+# makes PostSRSd work fully stateless, but the full sender address needs to fit
+# into the localpart of the embedded address, effectively limiting the length
+# of forwardable sender addresses to 51 octets. Storing the sender address in a
+# database circumvents this problem, but makes PostSRSd vulnerable to an
+# attacker sending vast amounts of emails with fake sender addresses, all of
+# which need to be stored in the database.
+#
+# If you are unsure which option suits your use-case best, the vast majority of
+# mail addresses will be relatively short, so you should pick "embedded".
+#
+# Examples:
+#     original-envelope = embedded
+#     original-envelope = database
+#
+original-envelope = embedded
+
+# Database for envelope sender storage.
+# If you decide to store envelope senders in a database, this database will be
+# used. The option is ignored if original-envelope is set to "embedded". Also
+# note that PostSRSd needs to be built with SQLite or Redis support for this.
+#
+# Also note that you need to put the SQLite database into the chroot directory
+# if you jail PostSRSd; otherwise, the database file will not be accessible.
+#
+# Examples:
+#     envelope-database = "redis:localhost:6379"
+#
+# Note from the packager:
+#   currently we're using /run to setup the database, but with the above requirement that mean a SQLite database is not possible as /run is not permanent
+
+# Secret keys for signing and verifying SRS addresses.
+# Rewritten addresses are tagged with a truncated HMAC-SHA1 signature, to
+# prevent tampering and forged envelope addresses. You can have more than
+# one signing secret; each line of the secrets file is considered one secret
+# key. If an incoming signature matches any key, it is accepted. Outgoing
+# signatures will always be generated with the first configured secret.
+#
+# For security reasons, you should also make sure that the file is owned and
+# only accessible by root (chmod 600).
+#
+secrets-file = "/etc/postsrsd.secret"
+
+# SRS tag separator
+# This is the character following the initial SRS0 or SRS1 tag of a generated
+# sender address. Valid separators are "=", "+", and "-". Unless you have a
+# very good reason, you should leave this setting at its default.
+#
+separator = "="
+
+# SRS hash signature length
+# Any SRS address will be signed with a truncated hash to prevent tampering and
+# ensure that only legitimate email bounces will be returned to sender. The
+# default length provides adequate security without taking up too much valuable
+# space. Unless you know what you are doing, you should leave this setting at
+# its default.
+#
+# WARNING: You can break your mail server (or worse, turn it into a spam relay)
+# if you mess up this setting.
+#
+hash-length = 4
+
+# SRS minimum acceptable hash signature length
+# This is the mininum signature length that PostSRSd considers valid. It is a
+# separate setting because if you decide to increase the hash length, you may
+# want to keep accepting the shorter hashes for a 24 hour grace period. Again,
+# Unless you know what you are doing, you should leave this setting at its
+# default.
+#
+# WARNING: You can break your mail server (or worse, turn it into a spam relay)
+# if you mess up this setting.
+#
+hash-minimum = 4
+
+# Always rewrite sender addresses
+# You can force PostSRSd to rewrite any sender address, even if it has been
+# rewritten already. You probably do not want to do this, though.
+#
+always-rewrite = off
+
+# Execute PostSRSd as unprivileged user
+# If you set this highly recommended option, PostSRSd will drop root
+# privileges and switch to the configured user before it enters the main loop
+# to handle untrusted input.
+#
+unprivileged-user = "nobody"
+
+# Execute PostSRSd in chroot jail
+# If you set this highly recommended option, PostSRSd will jail itself
+# in the given directory, which adds an additional layer of protection
+# against the exploitation of security bugs in PostSRSd.
+#
+chroot-dir = "/run/postsrsd"
+
+# Syslog
+# PostSRSd writes log messages to stderr. If you enable this option, PostSRSd
+# will also send all messages to the syslog mail facility.
+#
+syslog = off

diff --git a/postsrsd.spec b/postsrsd.spec
new file mode 100644
index 0000000..eca3dd7
--- /dev/null
+++ b/postsrsd.spec
@@ -0,0 +1,219 @@
+%global build_options -DGENERATE_SRS_SECRET=OFF -DUSE_SELINUX=ON -DINIT_FLAVOR=systemd
+
+%undefine __cmake_in_source_build
+
+Name:           postsrsd
+Version:        2.0.2
+Release:        7%{?dist}
+Summary:        Sender Rewriting Scheme (SRS) provider
+
+# Automatically converted from old format: GPLv2+ - review is highly recommended.
+License:        GPL-2.0-or-later
+URL:            https://github.com/roehling/postsrsd
+Source0:        https://github.com/roehling/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
+Source1:        postsrsd.conf
+
+BuildRequires: make
+BuildRequires:     cmake
+BuildRequires:     gcc
+BuildRequires:     help2man
+BuildRequires:     selinux-policy-devel
+BuildRequires:     libconfuse-devel
+%{?systemd_requires}
+BuildRequires:     systemd
+Requires(post):    policycoreutils
+Requires(preun):   policycoreutils
+Requires(postun):  policycoreutils
+
+
+%description
+PostSRSd provides the Sender Rewriting Scheme (SRS) via TCP-based lookup tables for Postfix.
+SRS is needed if your mail server acts as forwarder.
+
+
+%prep
+%autosetup -n %{name}-%{version}
+%if (0%{?rhel} && 0%{?rhel} < 8)
+mkdir build
+cd build && %cmake .. %build_options
+%else
+%cmake %build_options
+%endif
+
+
+%build
+%if (0%{?rhel} && 0%{?rhel} < 8)
+%make_build -C build
+%else
+%cmake_build
+%endif
+
+
+%install
+%if (0%{?rhel} && 0%{?rhel} < 8)
+%make_install -C build
+%else
+%cmake_install
+%endif
+
+# %%ghost file requires it is present in the build root
+touch %{buildroot}/%{_sysconfdir}/postsrsd.secret
+
+# proper location for systemd config
+mkdir -p %{buildroot}/%{_unitdir}
+mv %{buildroot}/%{_sysconfdir}/systemd/system/postsrsd.service %{buildroot}/%{_unitdir}/postsrsd.service
+rm -rf %{buildroot}/%{_sysconfdir}/systemd
+
+# default configuration and chroot directory
+cp %{SOURCE1} %{buildroot}/%{_sysconfdir}/
+sed -ri -e "s/(\[Install\])/RuntimeDirectory=postsrsd\nRuntimeDirectoryMode=0750\n\n\1/" %{buildroot}/%{_unitdir}/postsrsd.service
+
+
+%files
+%license LICENSE
+%ghost %{_sysconfdir}/postsrsd.secret
+%config(noreplace) %{_sysconfdir}/postsrsd.conf
+%{_unitdir}/postsrsd.service
+%{_sbindir}/postsrsd
+%{_docdir}/%{name}
+%{_mandir}/man8/postsrsd.8.gz
+%{_datadir}/selinux/packages/%{name}/postsrsd.pp
+%{_datadir}/postsrsd/postsrsd-systemd-launcher
+
+
+%post
+if [ "$1" -le "1" ] ; then  # first install
+semodule -i %{_datadir}/selinux/packages/%{name}/postsrsd.pp || true
+fixfiles -R %{name} restore || true
+fi
+[ -f %{_sysconfdir}/postsrsd.secret ] || dd if=/dev/urandom bs=18 count=1 2>/dev/null | base64 >%{_sysconfdir}/postsrsd.secret
+# the admin may modify / restore from a backup, so better restore SELinux permissions unconditionally
+restorecon %{_sysconfdir}/postsrsd.secret
+%systemd_post %{name}.service
+
+
+%preun
+%systemd_preun %{name}.service
+if [ "$1" -lt "1" ] ; then  # final removal
+semodule -r postsrsd 2>/dev/null || true
+fi
+
+
+%postun
+if [ "$1" -ge "1" ] ; then  # upgrade
+semodule -i %{_datadir}/selinux/packages/%{name}/postsrsd.pp || true
+fixfiles -R %{name} restore || true
+fi
+%systemd_postun_with_restart %{name}.service
+#if [ "$1" -eq "0" ] ; then  # final removal
+#fi
+
+
+%changelog
+* Fri Jul 26 2024 Miroslav Suchý <msuchy@redhat.com> - 2.0.2-7
+- convert license to SPDX
+
+* Fri Jul 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Nov 29 2022 Marc Dequènes (Duck) <duck@redhat.com> - 1.12-3
+- fix changelog entry
+
+* Tue Nov 29 2022 Marc Dequènes (Duck) <duck@redhat.com> - 1.12-2
+- mark /etc/default/postsrsd as conffile
+
+* Wed Oct 26 2022 Marc Dequènes (Duck) <duck@redhat.com> - 1.12-1
+- NUR
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Mar 23 2021 Marc Dequènes (Duck) <duck@redhat.com> - 1.11-1
+- NUR
+
+* Fri Mar 19 2021 Alexander Boström <abo@root.snowtree.se> - 1.10-0.1
+- Update to 1.10
+- adds postsrsd-systemd-launcher wrapper script
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.6-3
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Oct 06 2020 Marc Dequènes (Duck) <duck@redhat.com> - 1.6-1
+- NUR
+- define INIT_FLAVOR as detection does not work in build environment
+- ensure build in not done in-source
+- add gcc to BuildRequires (removing it was a mistake)
+- add compat for EL7 around cmake_* macros
+
+* Thu Aug 13 2020 Marc Dequènes (Duck) <duck@redhat.com> - 1.4-10.20170118gita77bf99
+- migrate to new cmake macros for out-of-source builds
+
+* Thu Oct 05 2017 Marc Dequènes (Duck) <duck@redhat.com> - 1.4-9.20170118gita77bf99
+- use the %%ghost feature to ensure the secret file is owned by the package
+- it is then not necessary to handle its removal in %%postun
+
+* Thu Sep 28 2017 Marc Dequènes (Duck) <duck@redhat.com> - 1.4-8.20170118gita77bf99
+- Thanks Matthias Runge Mauchin for the review
+- break description line too long
+- build dependency on gcc is not needed
+
+* Wed Sep 27 2017 Marc Dequènes (Duck) <duck@redhat.com> - 1.4-7.20170118gita77bf99
+- make the changelog more readable
+- stop recreating buildroot, it is made clean already
+
+* Wed Aug 23 2017 Marc Dequènes (Duck) <duck@redhat.com> - 1.4-6.20170118gita77bf99
+- remove unnecessary Requires on make
+- use _sysconfdir macro
+- use name macro when it makes sense
+- remove unnecessary %%doc as the buildsys already populates docdir
+
+* Tue Aug 22 2017 Marc Dequènes (Duck) <duck@redhat.com> - 1.4-5.20170118gita77bf99
+- remove %%clean section, not needed in Fedora
+
+* Tue Aug 22 2017 Marc Dequènes (Duck) <duck@redhat.com> - 1.4-4.20170118gita77bf99
+- don't remove secret file during upgrade
+- start service at the end of post scriptlet
+- improve SELinux rules handling (now requires a running SELinux)
+
+* Tue Aug 22 2017 Marc Dequènes (Duck) <duck@redhat.com> - 1.4-3.20170118gita77bf99
+- Thanks Robert-André Mauchin for the review
+- snapshot is packaged to get this necessary fix: https://github.com/roehling/postsrsd/pull/65
+- fixed version
+- fixed source URL
+- use macros for standard paths and build steps
+- add missing systemd scriptlets
+- specify doc and license files
+- remove unnecessary Requires on base64
+- remove Group information unsupported in Fedora
+
+* Fri Apr 14 2017 Marc Dequènes (Duck) <duck@redhat.com> - 1.4-2
+- create /etc/postsrsd.secret if missing
+- move systemd config into directory for packages
+- move chroot directory into /run
+- autocreate chroot directory
+
+* Thu Mar 30 2017 Marc Dequènes (Duck) <duck@redhat.com> - 1.4-1
+- initial packaging
+

diff --git a/sources b/sources
new file mode 100644
index 0000000..a2d7c90
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+SHA512 (postsrsd-2.0.2.tar.gz) = 27d06ab56541ea5d452300c57dd450c47f2ad721641f29b6e79139f8fc335e1ad67338c9966dde332757c4d5e1c8be5273a972d48a231c2eaa47f0d2bd3dfac0