From 26fd1e22fe5e9bb9e22a83c030897c531d792595 Mon Sep 17 00:00:00 2001 From: Gonne Date: Tue, 22 Apr 2025 09:57:43 +0200 Subject: [PATCH 1/4] Add exec permission to mounted nix store from remote machine Solves the error ``` [gonne@nodens:~]$ sudo nixos-install --flake 'git+https://gitea.mathebau.de/gonne/nixConfig?ref=updates#ghatanothoa' building the flake in git+https://gitea.mathebau.de/gonne/nixConfig?ref=updates&rev=711f80c85e185ca9fe32a27492b5295f2ddc7a2f... error: builder for '/nix/store/0iblfp7h8l97qflgcsv3kpnwvfzvr6bi-builder.pl.drv' failed with exit code 1; last 1 log lines: > error: executing '/nix/store/9nw8b61s8lfdn8fkabxhbz0s775gjhbr-bash-5.2p37/bin/bash': Permission denied For full logs, run 'nix log /nix/store/0iblfp7h8l97qflgcsv3kpnwvfzvr6bi-builder.pl.drv'. error: builder for '/nix/store/ssy2yzclqcsddsmqw60yd7vwc7843fw3-daniel-authorized_keys.drv' failed with exit code 1; last 1 log lines: > error: executing '/nix/store/9nw8b61s8lfdn8fkabxhbz0s775gjhbr-bash-5.2p37/bin/bash': Permission denied For full logs, run 'nix log /nix/store/ssy2yzclqcsddsmqw60yd7vwc7843fw3-daniel-authorized_keys.drv'. error: builder for '/nix/store/k4npfvmszrzr49yrm5k4hiz3p2c32jl7-etc-os-release.drv' failed with exit code 1; last 1 log lines: > error: executing '/nix/store/9nw8b61s8lfdn8fkabxhbz0s775gjhbr-bash-5.2p37/bin/bash': Permission denied For full logs, run 'nix log /nix/store/k4npfvmszrzr49yrm5k4hiz3p2c32jl7-etc-os-release.drv'. error: builder for '/nix/store/s72czr6ba3kf87hahwmg5lvjd9dwnjnz-mounts.sh.drv' failed with exit code 1; last 1 log lines: > error: executing '/nix/store/9nw8b61s8lfdn8fkabxhbz0s775gjhbr-bash-5.2p37/bin/bash': Permission denied For full logs, run 'nix log /nix/store/s72czr6ba3kf87hahwmg5lvjd9dwnjnz-mounts.sh.drv'. error: 1 dependencies of derivation '/nix/store/mm45kds7svlvi0w3fj33pfbcjbzcx2nl-nixos-system-ghatanothoa-25.05pre-git.drv' failed to build [gonne@nodens:~]$ ``` --- nixos/machines/nodens/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/machines/nodens/hardware-configuration.nix b/nixos/machines/nodens/hardware-configuration.nix index 756354c..f65d7fb 100644 --- a/nixos/machines/nodens/hardware-configuration.nix +++ b/nixos/machines/nodens/hardware-configuration.nix @@ -51,6 +51,7 @@ "subvol=nix" "users" # Allows any user to mount and unmount "nofail" # Prevent system from failing if this drive doesn't mount + "exec" # needed for the nixos-install command ]; }; From ea084a021b7f8c5407a7120f8ba2c08e1ad8f17f Mon Sep 17 00:00:00 2001 From: Gonne Date: Mon, 7 Apr 2025 17:41:06 +0200 Subject: [PATCH 2/4] Documentation and usage example for sieve script --- packages/alias-to-sieve/Cargo.toml | 4 + packages/alias-to-sieve/README.md | 82 +++++++++++++++++++ .../alias-to-sieve/testdata/example.aliases | 8 ++ 3 files changed, 94 insertions(+) create mode 100644 packages/alias-to-sieve/README.md create mode 100644 packages/alias-to-sieve/testdata/example.aliases diff --git a/packages/alias-to-sieve/Cargo.toml b/packages/alias-to-sieve/Cargo.toml index 77b7e28..488dab9 100644 --- a/packages/alias-to-sieve/Cargo.toml +++ b/packages/alias-to-sieve/Cargo.toml @@ -4,6 +4,10 @@ version = "0.1.0" edition = "2021" rust-version = "1.68.2" +description = "Convert an alias file to a sieve script for stalwart-mail" +readme = "README.md" +license = " AGPL-3.0-only" +keywords = ["mail", "sieve", "alias", "stalwart"] [dependencies] fqdn = {version = "0.4.2", features = ["domain-label-length-limited-to-63", "domain-name-without-special-chars"]} diff --git a/packages/alias-to-sieve/README.md b/packages/alias-to-sieve/README.md new file mode 100644 index 0000000..66d21ff --- /dev/null +++ b/packages/alias-to-sieve/README.md @@ -0,0 +1,82 @@ +This script converts an alias file to a sieve script for [stalwart-mail](https://stalw.art/). + +All local-parts are considered to be case-insensitive. + +## Usage +Given an alias file [`testdata/example.aliases`](testdata/example.aliases) that contains lines of redirects of the form local-part with optional `@fqdn` followed by a space followed by a list (space or comma+space separated) list of destinations that consist of a local-part and optionally an `@fqdn`. +If you don't define an fqdn along any of the addresses, the default domain from your commandline input will be appended. + +An example using the testdata directory of this repository: +```shell +$ ./alias_to_sieve testdata/example.aliases example.com +``` +```sieve +require ["variables", "copy", "vnd.stalwart.expressions", "envelope", "editheader"]; + +let "i" "0"; +while "i < count(envelope.to)" { + let "redirected" "false"; + if eval "eq_ignore_case(envelope.to[i], 'cali@example.com')" { + addheader "Delivered-To" "cali@example.com"; + redirect :copy "camilia@example.com"; + + deleteheader :index 1 :is "Delivered-To" "cali@example.com"; + let "redirected" "true"; + } + if eval "eq_ignore_case(envelope.to[i], 'camila@example.com')" { + addheader "Delivered-To" "camila@example.com"; + redirect :copy "camila@example.edu"; + + deleteheader :index 1 :is "Delivered-To" "camila@example.com"; + let "redirected" "true"; + } + if eval "eq_ignore_case(envelope.to[i], 'jaiden@example.com')" { + addheader "Delivered-To" "jaiden@example.com"; + redirect :copy "jaiden@example.edu"; + + deleteheader :index 1 :is "Delivered-To" "jaiden@example.com"; + let "redirected" "true"; + } + if eval "eq_ignore_case(envelope.to[i], 'priscilla@example.com')" { + addheader "Delivered-To" "priscilla@example.com"; + redirect :copy "baldwin@example.org"; + + deleteheader :index 1 :is "Delivered-To" "priscilla@example.com"; + let "redirected" "true"; + } + if eval "eq_ignore_case(envelope.to[i], 'root@example.com')" { + addheader "Delivered-To" "root@example.com"; + redirect :copy "baldwin@example.org"; + redirect :copy "jaiden@example.edu"; + + deleteheader :index 1 :is "Delivered-To" "root@example.com"; + let "redirected" "true"; + } + if eval "eq_ignore_case(envelope.to[i], 'webteam@example.com')" { + addheader "Delivered-To" "webteam@example.com"; + redirect :copy "baldwin@example.org"; + redirect :copy "camilia@example.com"; + redirect :copy "jaiden@example.edu"; + + deleteheader :index 1 :is "Delivered-To" "webteam@example.com"; + let "redirected" "true"; + } + if eval "!redirected" { + let "destination" "envelope.to[i]"; + redirect :copy "${destination}"; + } + let "i" "i+1"; +} +discard; +``` + +If you have multiple domains with multiple alias files, pass them all in one run: `$ ./alias_to_sieve simple.aliases example.com example.aliases example.org`. + +## Limitations +You cannot use apostrophes (') in any mail addresses although allowed by [RFC 5322](https://www.rfc-editor.org/rfc/rfc5322) since they would break termination of strings in sieve. + +This parser is not designed with security in mind. While the above gives some basic protection against code injection, I have no idea whether sieve has other pitfalls that might allow them. + +This is my first rust project, consume the code with care. + +The generated code is specific to stalwart-mail and contains non-standard sieve features. diff --git a/packages/alias-to-sieve/testdata/example.aliases b/packages/alias-to-sieve/testdata/example.aliases new file mode 100644 index 0000000..ba95a1f --- /dev/null +++ b/packages/alias-to-sieve/testdata/example.aliases @@ -0,0 +1,8 @@ +priscilla baldwin@example.org +jaiden jaiden@example.edu +camila camila@example.edu + +cali camilia + +webteam root, camilia +root priscilla jaiden From 8a1469242a1b308f3f1619be177fb09abd5a760d Mon Sep 17 00:00:00 2001 From: Gonne Date: Sat, 19 Apr 2025 16:19:47 +0200 Subject: [PATCH 3/4] nix flake update --- flake-module.nix | 4 ++-- flake.lock | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/flake-module.nix b/flake-module.nix index 0531612..8d06ec0 100644 --- a/flake-module.nix +++ b/flake-module.nix @@ -63,7 +63,7 @@ overlays = [ (_: prev: { inherit (self'.packages) alias-to-sieve; # add custom package to convert alias files to sieve scripts on the stalwart machine - stalwart-mail = assert lib.assertMsg (prev.stalwart-mail.version == "0.11.6-unstable-2025-02-04") '' + stalwart-mail = assert lib.assertMsg (prev.stalwart-mail.version == "0.11.7") '' 1. If the bug https://github.com/stalwartlabs/sieve/issues/11 is resolved to our satisfaction, try to remove this overlay. 2. Check whether sieve-rs recieved new updates that our patch needs to be rebased upon. 3. Check whether the sieve-rs patch below that exchanges the dependency needs updates. @@ -90,7 +90,7 @@ ./patches/sieve-rs.patch ]; # Replace the string with `lib.fakeHash` after version changes in order to get the new hash value. - cargoHash = "sha256-0U0Z13a2vRxMFnaaHeXBjvYDjKStgqmuDboUVssVMQw="; + cargoHash = "sha256-fP5dyTmuwydPGCgpP6XtVFSHE0HwGfvw5UjwNz0R3ek="; } ); }; diff --git a/flake.lock b/flake.lock index 8cb1fc0..157977f 100644 --- a/flake.lock +++ b/flake.lock @@ -698,11 +698,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1743827369, - "narHash": "sha256-rpqepOZ8Eo1zg+KJeWoq1HAOgoMCDloqv5r2EAa9TSA=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "42a1c966be226125b48c384171c44c651c236c22", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { @@ -849,11 +849,11 @@ ] }, "locked": { - "lastModified": 1743910657, - "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "523f58a4faff6c67f5f685bed33a7721e984c304", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { From 9fd19b9da8d8d9af736160fb3971fefffd4f6b68 Mon Sep 17 00:00:00 2001 From: Gonne Date: Sat, 19 Apr 2025 16:20:02 +0200 Subject: [PATCH 4/4] cargo update --- packages/alias-to-sieve/Cargo.lock | 8 ++++---- packages/alias-to-sieve/Cargo.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/alias-to-sieve/Cargo.lock b/packages/alias-to-sieve/Cargo.lock index f7dffe3..0ed3cd8 100644 --- a/packages/alias-to-sieve/Cargo.lock +++ b/packages/alias-to-sieve/Cargo.lock @@ -101,9 +101,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.171" +version = "0.2.172" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c19937216e9d3aa9956d9bb8dfc0b0c8beb6058fc4f7a4dc4d850edf86a237d6" +checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" [[package]] name = "log" @@ -170,9 +170,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.94" +version = "1.0.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84" +checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" dependencies = [ "unicode-ident", ] diff --git a/packages/alias-to-sieve/Cargo.toml b/packages/alias-to-sieve/Cargo.toml index 488dab9..9debbdd 100644 --- a/packages/alias-to-sieve/Cargo.toml +++ b/packages/alias-to-sieve/Cargo.toml @@ -10,5 +10,5 @@ license = " AGPL-3.0-only" keywords = ["mail", "sieve", "alias", "stalwart"] [dependencies] -fqdn = {version = "0.4.2", features = ["domain-label-length-limited-to-63", "domain-name-without-special-chars"]} +fqdn = {version = "0.4.6", features = ["domain-label-length-limited-to-63", "domain-name-without-special-chars"]} email-address-parser = "2.0.0"