From 5f4a6cf16b5060f05a6cca8bcc383d076c4ffc9c Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Sun, 27 Jan 2019 11:48:52 +0100
Subject: [PATCH] Update fetchmail to selfbuilt 7.0.0-alpha
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fetchmail in alpine is ~5 years old — and doesn’t support current SSL/TLS
variants anymore. This especially leads to our own fetchmail not being able to
pull mail from mailu itself. Since no new fetchmail release is on the horizon,
let’s build the lastest distribution artifact — which strangely is not
6.4.0-snapshot, but 7.0.0-alpha — ourselves.
---
 services/fetchmail/Dockerfile       | 19 ++++++++++++++++++-
 services/fetchmail/fetchmail.py     |  3 +--
 towncrier/newsfragments/891.feature |  1 +
 3 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 towncrier/newsfragments/891.feature

diff --git a/services/fetchmail/Dockerfile b/services/fetchmail/Dockerfile
index 8e4d5db0..4636cd3f 100644
--- a/services/fetchmail/Dockerfile
+++ b/services/fetchmail/Dockerfile
@@ -1,13 +1,30 @@
+# First stage: Build
+FROM alpine:3.8 as builder
+
+# build dependencies
+RUN apk add --no-cache curl tar xz autoconf git gettext build-base openssl openssl-dev
+
+RUN curl 'https://netcologne.dl.sourceforge.net/project/fetchmail/branch_6.3/fetchmail-7.0.0-alpha6.tar.xz' | tar xJ
+RUN cd fetchmail-7.0.0-alpha6 && \
+    ./configure --with-ssl --prefix /usr/local --disable-nls && \
+    make
+
 FROM alpine:3.8
+
+
 # python3 shared with most images
 RUN apk add --no-cache \
     python3 py3-pip bash \
   && pip3 install --upgrade pip
+
 # Image specific layers under this line
-RUN apk add --no-cache fetchmail ca-certificates \
+RUN apk add --no-cache ca-certificates openssl \
  && pip3 install requests
 
+COPY --from=builder /fetchmail-7.0.0-alpha6/fetchmail /usr/local/bin
 COPY fetchmail.py /fetchmail.py
+
+RUN adduser -D fetchmail
 USER fetchmail
 
 CMD ["/fetchmail.py"]
diff --git a/services/fetchmail/fetchmail.py b/services/fetchmail/fetchmail.py
index 9b1bcc4f..49e57b73 100755
--- a/services/fetchmail/fetchmail.py
+++ b/services/fetchmail/fetchmail.py
@@ -22,7 +22,6 @@ poll "{host}" proto {protocol}  port {port}
     is "{user_email}"
     smtphost "{smtphost}"
     {options}
-    sslproto 'AUTO'
 """
 
 
@@ -54,7 +53,7 @@ def run(debug):
     for fetch in fetches:
         fetchmailrc = ""
         options = "options antispam 501, 504, 550, 553, 554"
-        options += " ssl" if fetch["tls"] else ""
+        options += " sslmode wrapped" if fetch["tls"] else ""
         options += " keep" if fetch["keep"] else " fetchall"
         fetchmailrc += RC_LINE.format(
             user_email=escape_rc_string(fetch["user_email"]),
diff --git a/towncrier/newsfragments/891.feature b/towncrier/newsfragments/891.feature
new file mode 100644
index 00000000..a117e921
--- /dev/null
+++ b/towncrier/newsfragments/891.feature
@@ -0,0 +1 @@
+Update Fetchmail to 7.0.0, which features more current SSL support