From 5f4a6cf16b5060f05a6cca8bcc383d076c4ffc9c Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Sun, 27 Jan 2019 11:48:52 +0100
Subject: [PATCH 1/3] Update fetchmail to selfbuilt 7.0.0-alpha
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fetchmail in alpine is ~5 years old — and doesn’t support current SSL/TLS
variants anymore. This especially leads to our own fetchmail not being able to
pull mail from mailu itself. Since no new fetchmail release is on the horizon,
let’s build the lastest distribution artifact — which strangely is not
6.4.0-snapshot, but 7.0.0-alpha — ourselves.
---
 services/fetchmail/Dockerfile       | 19 ++++++++++++++++++-
 services/fetchmail/fetchmail.py     |  3 +--
 towncrier/newsfragments/891.feature |  1 +
 3 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 towncrier/newsfragments/891.feature

diff --git a/services/fetchmail/Dockerfile b/services/fetchmail/Dockerfile
index 8e4d5db0..4636cd3f 100644
--- a/services/fetchmail/Dockerfile
+++ b/services/fetchmail/Dockerfile
@@ -1,13 +1,30 @@
+# First stage: Build
+FROM alpine:3.8 as builder
+
+# build dependencies
+RUN apk add --no-cache curl tar xz autoconf git gettext build-base openssl openssl-dev
+
+RUN curl 'https://netcologne.dl.sourceforge.net/project/fetchmail/branch_6.3/fetchmail-7.0.0-alpha6.tar.xz' | tar xJ
+RUN cd fetchmail-7.0.0-alpha6 && \
+    ./configure --with-ssl --prefix /usr/local --disable-nls && \
+    make
+
 FROM alpine:3.8
+
+
 # python3 shared with most images
 RUN apk add --no-cache \
     python3 py3-pip bash \
   && pip3 install --upgrade pip
+
 # Image specific layers under this line
-RUN apk add --no-cache fetchmail ca-certificates \
+RUN apk add --no-cache ca-certificates openssl \
  && pip3 install requests
 
+COPY --from=builder /fetchmail-7.0.0-alpha6/fetchmail /usr/local/bin
 COPY fetchmail.py /fetchmail.py
+
+RUN adduser -D fetchmail
 USER fetchmail
 
 CMD ["/fetchmail.py"]
diff --git a/services/fetchmail/fetchmail.py b/services/fetchmail/fetchmail.py
index 9b1bcc4f..49e57b73 100755
--- a/services/fetchmail/fetchmail.py
+++ b/services/fetchmail/fetchmail.py
@@ -22,7 +22,6 @@ poll "{host}" proto {protocol}  port {port}
     is "{user_email}"
     smtphost "{smtphost}"
     {options}
-    sslproto 'AUTO'
 """
 
 
@@ -54,7 +53,7 @@ def run(debug):
     for fetch in fetches:
         fetchmailrc = ""
         options = "options antispam 501, 504, 550, 553, 554"
-        options += " ssl" if fetch["tls"] else ""
+        options += " sslmode wrapped" if fetch["tls"] else ""
         options += " keep" if fetch["keep"] else " fetchall"
         fetchmailrc += RC_LINE.format(
             user_email=escape_rc_string(fetch["user_email"]),
diff --git a/towncrier/newsfragments/891.feature b/towncrier/newsfragments/891.feature
new file mode 100644
index 00000000..a117e921
--- /dev/null
+++ b/towncrier/newsfragments/891.feature
@@ -0,0 +1 @@
+Update Fetchmail to 7.0.0, which features more current SSL support

From 94dbddd9338223fdb4c8daf7797159535732c6f1 Mon Sep 17 00:00:00 2001
From: Nebukadneza <github@kanojo.de>
Date: Mon, 24 Jun 2019 16:07:32 +0200
Subject: [PATCH 2/3] Add -L to curl to support sourceforge redirects

As per @hoellens suggestion

Co-Authored-By: hoellen <hoellen@users.noreply.github.com>
---
 services/fetchmail/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/fetchmail/Dockerfile b/services/fetchmail/Dockerfile
index 4636cd3f..431581c7 100644
--- a/services/fetchmail/Dockerfile
+++ b/services/fetchmail/Dockerfile
@@ -4,7 +4,7 @@ FROM alpine:3.8 as builder
 # build dependencies
 RUN apk add --no-cache curl tar xz autoconf git gettext build-base openssl openssl-dev
 
-RUN curl 'https://netcologne.dl.sourceforge.net/project/fetchmail/branch_6.3/fetchmail-7.0.0-alpha6.tar.xz' | tar xJ
+RUN curl -L 'https://netcologne.dl.sourceforge.net/project/fetchmail/branch_6.3/fetchmail-7.0.0-alpha6.tar.xz' | tar xJ
 RUN cd fetchmail-7.0.0-alpha6 && \
     ./configure --with-ssl --prefix /usr/local --disable-nls && \
     make

From 5ceedde1de3e1793701108b99c8579f1c0b1c356 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Mon, 24 Jun 2019 14:24:58 +0000
Subject: [PATCH 3/3] Use more robust SF index URL now that -L helps following

---
 services/fetchmail/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/fetchmail/Dockerfile b/services/fetchmail/Dockerfile
index 431581c7..4004706d 100644
--- a/services/fetchmail/Dockerfile
+++ b/services/fetchmail/Dockerfile
@@ -4,7 +4,7 @@ FROM alpine:3.8 as builder
 # build dependencies
 RUN apk add --no-cache curl tar xz autoconf git gettext build-base openssl openssl-dev
 
-RUN curl -L 'https://netcologne.dl.sourceforge.net/project/fetchmail/branch_6.3/fetchmail-7.0.0-alpha6.tar.xz' | tar xJ
+RUN curl -L 'https://sourceforge.net/projects/fetchmail/files/branch_7-alpha/fetchmail-7.0.0-alpha6.tar.xz/download' | tar xJ
 RUN cd fetchmail-7.0.0-alpha6 && \
     ./configure --with-ssl --prefix /usr/local --disable-nls && \
     make