diff --git a/type/__opendkim/files/opendkim.conf.sh b/type/__opendkim/files/opendkim.conf.sh index 468b262..52e51a5 100755 --- a/type/__opendkim/files/opendkim.conf.sh +++ b/type/__opendkim/files/opendkim.conf.sh @@ -3,6 +3,9 @@ echo "# Managed remotely, manual changes will be lost." +# Used for OS-specific configuration. +os=$(cat "${__global:?}/explorer/os") + # Optional chdir(2) if [ "$BASEDIR" ]; then @@ -63,3 +66,16 @@ if [ "$USERID" ]; then printf "UserID %s\n" "$USERID" fi + +if [ "$os" = "debian" ]; then + cat <<- EOF + # In Debian, opendkim runs as user "opendkim". A umask of 007 is required when + # using a local socket with MTAs that access the socket as a non-privileged + # user (for example, Postfix). You may need to add user "postfix" to group + # "opendkim" in that case. + UserID opendkim + UMask 007 + + PidFile /run/opendkim/opendkim.pid + EOF +fi diff --git a/type/__opendkim/man.rst b/type/__opendkim/man.rst index e3f3e7a..d800068 100644 --- a/type/__opendkim/man.rst +++ b/type/__opendkim/man.rst @@ -14,8 +14,8 @@ installation and basic configuration of an instance of OpenDKIM. Note that this type does not generate or ensure that a key is present: use `cdist-type__opendkim-genkey(7)` for that. -Note that this type is currently only implemented for Alpine Linux and FreeBSD. -Please contribute an implementation if you can. +Note that this type is currently only implemented for Debian, Alpine Linux and +FreeBSD. Please contribute an implementation if you can. REQUIRED PARAMETERS diff --git a/type/__opendkim/manifest b/type/__opendkim/manifest index dbd9fc0..42bb96e 100755 --- a/type/__opendkim/manifest +++ b/type/__opendkim/manifest @@ -21,13 +21,20 @@ os=$(cat "${__global:?}/explorer/os") CFG_DIR="/etc/opendkim" +CFG_FILE="$CFG_DIR/opendkim.conf" service="opendkim" case "$os" in 'alpine') : ;; +'debian') + CFG_DIR="/etc/dkimkeys" + CFG_FILE="/etc/opendkim.conf" + ;; 'freebsd') CFG_DIR="/usr/local/etc/mail" + CFG_FILE="$CFG_DIR/opendkim.conf" + service="milter-opendkim" ;; *) @@ -75,7 +82,7 @@ fi # Generate and deploy configuration file. source_file="${__object:?}/files/opendkim.conf" -target_file="${CFG_DIR}/opendkim.conf" +target_file="${CFG_FILE}" mkdir -p "${__object:?}/files" diff --git a/type/__opendkim_genkey/gencode-remote b/type/__opendkim_genkey/gencode-remote index d8dfb4d..6cfbb3a 100755 --- a/type/__opendkim_genkey/gencode-remote +++ b/type/__opendkim_genkey/gencode-remote @@ -18,6 +18,30 @@ # along with cdist. If not, see . # +os=$(cat "${__global:?}/explorer/os") + + +case "$os" in +'debian') + KEYS_DIR="/etc/dkimkeys/" +;; +'freebsd'|'alpine') + KEYS_DIR="/var/db/dkim/" +;; +*) + cat <<- EOF >&2 + __opendkim_genkey does not support $os (yet). Exiting. + EOF + exit 1 +;; +esac + +if [ -f "${__object:?}/parameter/directory" ]; +then + # Be forgiving about a lack of trailing slash + KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" +fi + # Required parameters DOMAIN="$(cat "${__object:?}/parameter/domain")" SELECTOR="$(cat "${__object:?}/parameter/selector")" @@ -28,12 +52,6 @@ if [ -f "${__object:?}/parameter/bits" ]; then BITS="-b $(cat "${__object:?}/parameter/bits")" fi -DIRECTORY="/var/db/dkim/" -if [ -f "${__object:?}/parameter/directory" ]; then - # Be forgiving about a lack of trailing slash - DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" -fi - # Boolean parameters SUBDOMAINS= if [ -f "${__object:?}/parameter/no-subdomains" ]; then @@ -48,9 +66,9 @@ fi user="$(cat "${__object:?}/user")" group="$(cat "${__object:?}/group")" -if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then - echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS" - echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.private" +if ! [ -f "${KEYS_DIR}${SELECTOR}.private" ]; then + echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$KEYS_DIR $RESTRICTED --selector=$SELECTOR $SUBDOMAINS" + echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.private" # This is usually generated, if it weren't we do not want to fail - echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.txt || true" + echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.txt || true" fi diff --git a/type/__opendkim_genkey/man.rst b/type/__opendkim_genkey/man.rst index b3fd013..3251ec1 100644 --- a/type/__opendkim_genkey/man.rst +++ b/type/__opendkim_genkey/man.rst @@ -17,7 +17,7 @@ will be added to the OpenDKIM signing table, using either the domain or the provided key for the `domain:selector:keyfile` value in the table. An existing key will not be overwritten. -Currently, this type is only implemented for Alpine Linux and FreeBSD. +Currently, this type is only implemented for Debian, Alpine Linux and FreeBSD. Please contribute an implementation if you can. REQUIRED PARAMETERS diff --git a/type/__opendkim_genkey/manifest b/type/__opendkim_genkey/manifest index 50dcee5..289e7fe 100755 --- a/type/__opendkim_genkey/manifest +++ b/type/__opendkim_genkey/manifest @@ -21,13 +21,18 @@ os=$(cat "${__global:?}/explorer/os") -CFG_DIR="/etc/opendkim" +CFG_DIR="/etc/opendkim/" +KEYS_DIR="/var/db/dkim/" user="opendkim" group="opendkim" case "$os" in 'alpine') : ;; +'debian') + CFG_DIR="/etc/dkimkeys/" + KEYS_DIR="/etc/dkimkeys/" +;; 'freebsd') CFG_DIR="/usr/local/etc/mail" user="mailnull" @@ -35,9 +40,9 @@ case "$os" in ;; *) cat <<- EOF >&2 - __opendkim_genkey currently only supports Alpine Linux. Please - contribute an implementation for $os if you can. + __opendkim_genkey does not support $os (yet). Exiting. EOF + exit 1 ;; esac # Persist user and group for gencode-remote @@ -47,11 +52,10 @@ printf '%s' "${group}" > "${__object:?}/group" SELECTOR="$(cat "${__object:?}/parameter/selector")" DOMAIN="$(cat "${__object:?}/parameter/domain")" -DIRECTORY="/var/db/dkim/" if [ -f "${__object:?}/parameter/directory" ]; then # Be forgiving about a lack of trailing slash - DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" + KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" fi SIGKEY="${DOMAIN:?}" @@ -61,16 +65,18 @@ then fi # Ensure the key-container directory exists with the proper permissions -__directory "${DIRECTORY}" \ +__directory "${KEYS_DIR}" \ --mode 0750 \ --owner "${user}" --group "${group}" # OS-specific code case "$os" in 'alpine') - # This is needed for opendkim-genkey __package opendkim-utils ;; +'debian') + __package opendkim-tools +;; esac key_table="${CFG_DIR}/KeyTable" @@ -78,7 +84,7 @@ signing_table="${CFG_DIR}/SigningTable" __line "line-key-${__object_id:?}" \ --file "${key_table}" \ - --line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private" + --line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${KEYS_DIR:?}${SELECTOR:?}.private" __line "line-sig-${__object_id:?}" \ --file "${signing_table}" \