- Move certificate generation to init script (#517013)

- Fix strict aliasing warning

exim-4.69-strictaliasing.patch

@@ -0,0 +1,11 @@
+diff -up exim-4.69/src/exim.h.strictaliasing exim-4.69/src/exim.h
+--- exim-4.69/src/exim.h.strictaliasing	2009-08-18 15:10:42.000000000 +0200
++++ exim-4.69/src/exim.h	2009-08-18 15:16:01.000000000 +0200
+@@ -484,6 +484,7 @@ union sockaddr_46 {
+   #if HAVE_IPV6
+   struct sockaddr_in6 v6;
+   #endif
++  struct sockaddr g;
+ };
+ 
+ /* If SUPPORT_TLS is not defined, ensure that USE_GNUTLS is also not defined

exim.init

@@ -28,6 +28,36 @@ fi
 
 [ -f /usr/sbin/exim ] || exit 0
 
+gen_cert() {
+	if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
+		umask 077
+		FQDN=`hostname`
+		if [ "x${FQDN}" = "x" ]; then
+			FQDN=localhost.localdomain
+		fi
+		echo -n $"Generating exim certificate: "
+		cat << EOF | openssl req -new -x509 -days 365 -nodes \
+			-out /etc/pki/tls/certs/exim.pem \
+			-keyout /etc/pki/tls/private/exim.pem &>/dev/null
+--
+SomeState
+SomeCity
+SomeOrganization
+SomeOrganizationalUnit
+${FQDN}
+root@${FQDN}
+EOF
+		if [ $? -eq 0 ]; then
+			success
+			chown exim.exim /etc/pki/tls/{private,certs}/exim.pem
+			chmod 600 /etc/pki/tls/{private,certs}/exim.pem
+		else
+			failure
+		fi
+		echo
+	fi
+}
+
 start() {
 	# check ownerships
 	# do this by seeing if /var/log/exim/main.log exists and is
@@ -39,6 +69,10 @@ start() {
 		chown -R exim:exim /var/log/exim /var/spool/exim
 	    fi
 	fi
+
+	# generate certificate if doesn't exist
+	gen_cert
+
         # Start daemons.
         echo -n $"Starting exim: "
         daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \

exim.spec

@@ -19,7 +19,7 @@ Group: System Environment/Daemons
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Provides: MTA smtpd smtpdaemon server(smtp) /usr/bin/newaliases
 Provides: /usr/sbin/sendmail /usr/bin/mailq /usr/bin/rmail
-Requires(post): /sbin/chkconfig /sbin/service %{_sbindir}/alternatives openssl
+Requires(post): /sbin/chkconfig /sbin/service %{_sbindir}/alternatives
 Requires(preun): /sbin/chkconfig /sbin/service %{_sbindir}/alternatives
 Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
 %if 0%{?buildclam}
@@ -53,6 +53,7 @@ Patch22: exim-4.66-greylist-conf.patch
 Patch23: exim-4.67-smarthost-config.patch
 Patch24: exim-4.69-dynlookup.patch
 Patch25: exim-4.69-dynlookup-config.patch
+Patch26: exim-4.69-strictaliasing.patch
 
 Requires: /etc/pki/tls/certs /etc/pki/tls/private
 Requires: /etc/aliases
@@ -183,6 +184,7 @@ greylisting unconditional.
 %patch23 -p1 -b .smarthost
 %patch24 -p1 -b .dynlookup
 %patch25 -p1 -b .dynconfig
+%patch26 -p1 -b .strictaliasing
 
 cp src/EDITME Local/Makefile
 sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
@@ -351,27 +353,6 @@ exit 0
 	--slave %{_mandir}/man1/mailq.1.gz mta-mailqman %{_mandir}/man8/exim.8.gz \
 	--initscript exim
 
-if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
-	umask 077
-	FQDN=`hostname`
-	if [ "x${FQDN}" = "x" ]; then
-		FQDN=localhost.localdomain
-	fi
-	cat << EOF | openssl req -new -x509 -days 365 -nodes \
-		-out /etc/pki/tls/certs/exim.pem \
-		-keyout /etc/pki/tls/private/exim.pem &>/dev/null
---
-SomeState
-SomeCity
-SomeOrganization
-SomeOrganizationalUnit
-${FQDN}
-root@${FQDN}
-EOF
-	chown exim.exim /etc/pki/tls/{private,certs}/exim.pem
-	chmod 600 /etc/pki/tls/{private,certs}/exim.pem
-fi
-
 %preun
 if [ $1 = 0 ]; then
 	/sbin/service exim stop > /dev/null 2>&1
@@ -503,8 +484,9 @@ test "$1"  = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null || :
 %{_sysconfdir}/cron.daily/greylist-tidy.sh
 
 %changelog
-* Wed Aug 12 2009 David Woodhouse <David.Woodhouse@intel.com>
-- Require openssl for %post
+* Tue Aug 18 2009 Miroslav Lichvar <mlichvar@redhat.com> - 4.69-14
+- Move certificate generation to init script (#517013)
+- Fix strict aliasing warning
 
 * Wed Aug 12 2009 David Woodhouse <David.Woodhouse@intel.com> - 4.69-13
 - Cope with lack of /etc/sysconfig/network (#506330)