diff --git a/type/__opendkim/files/opendkim.conf.sh b/type/__opendkim/files/opendkim.conf.sh index 52e51a5..468b262 100755 --- a/type/__opendkim/files/opendkim.conf.sh +++ b/type/__opendkim/files/opendkim.conf.sh @@ -3,9 +3,6 @@ echo "# Managed remotely, manual changes will be lost." -# Used for OS-specific configuration. -os=$(cat "${__global:?}/explorer/os") - # Optional chdir(2) if [ "$BASEDIR" ]; then @@ -66,16 +63,3 @@ if [ "$USERID" ]; then printf "UserID %s\n" "$USERID" fi - -if [ "$os" = "debian" ]; then - cat <<- EOF - # In Debian, opendkim runs as user "opendkim". A umask of 007 is required when - # using a local socket with MTAs that access the socket as a non-privileged - # user (for example, Postfix). You may need to add user "postfix" to group - # "opendkim" in that case. - UserID opendkim - UMask 007 - - PidFile /run/opendkim/opendkim.pid - EOF -fi diff --git a/type/__opendkim/man.rst b/type/__opendkim/man.rst index d800068..e3f3e7a 100644 --- a/type/__opendkim/man.rst +++ b/type/__opendkim/man.rst @@ -14,8 +14,8 @@ installation and basic configuration of an instance of OpenDKIM. Note that this type does not generate or ensure that a key is present: use `cdist-type__opendkim-genkey(7)` for that. -Note that this type is currently only implemented for Debian, Alpine Linux and -FreeBSD. Please contribute an implementation if you can. +Note that this type is currently only implemented for Alpine Linux and FreeBSD. +Please contribute an implementation if you can. REQUIRED PARAMETERS diff --git a/type/__opendkim/manifest b/type/__opendkim/manifest index 42bb96e..dbd9fc0 100755 --- a/type/__opendkim/manifest +++ b/type/__opendkim/manifest @@ -21,20 +21,13 @@ os=$(cat "${__global:?}/explorer/os") CFG_DIR="/etc/opendkim" -CFG_FILE="$CFG_DIR/opendkim.conf" service="opendkim" case "$os" in 'alpine') : ;; -'debian') - CFG_DIR="/etc/dkimkeys" - CFG_FILE="/etc/opendkim.conf" - ;; 'freebsd') CFG_DIR="/usr/local/etc/mail" - CFG_FILE="$CFG_DIR/opendkim.conf" - service="milter-opendkim" ;; *) @@ -82,7 +75,7 @@ fi # Generate and deploy configuration file. source_file="${__object:?}/files/opendkim.conf" -target_file="${CFG_FILE}" +target_file="${CFG_DIR}/opendkim.conf" mkdir -p "${__object:?}/files" diff --git a/type/__opendkim_genkey/gencode-remote b/type/__opendkim_genkey/gencode-remote index 6cfbb3a..d8dfb4d 100755 --- a/type/__opendkim_genkey/gencode-remote +++ b/type/__opendkim_genkey/gencode-remote @@ -18,30 +18,6 @@ # along with cdist. If not, see . # -os=$(cat "${__global:?}/explorer/os") - - -case "$os" in -'debian') - KEYS_DIR="/etc/dkimkeys/" -;; -'freebsd'|'alpine') - KEYS_DIR="/var/db/dkim/" -;; -*) - cat <<- EOF >&2 - __opendkim_genkey does not support $os (yet). Exiting. - EOF - exit 1 -;; -esac - -if [ -f "${__object:?}/parameter/directory" ]; -then - # Be forgiving about a lack of trailing slash - KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" -fi - # Required parameters DOMAIN="$(cat "${__object:?}/parameter/domain")" SELECTOR="$(cat "${__object:?}/parameter/selector")" @@ -52,6 +28,12 @@ if [ -f "${__object:?}/parameter/bits" ]; then BITS="-b $(cat "${__object:?}/parameter/bits")" fi +DIRECTORY="/var/db/dkim/" +if [ -f "${__object:?}/parameter/directory" ]; then + # Be forgiving about a lack of trailing slash + DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" +fi + # Boolean parameters SUBDOMAINS= if [ -f "${__object:?}/parameter/no-subdomains" ]; then @@ -66,9 +48,9 @@ fi user="$(cat "${__object:?}/user")" group="$(cat "${__object:?}/group")" -if ! [ -f "${KEYS_DIR}${SELECTOR}.private" ]; then - echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$KEYS_DIR $RESTRICTED --selector=$SELECTOR $SUBDOMAINS" - echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.private" +if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then + echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS" + echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.private" # This is usually generated, if it weren't we do not want to fail - echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.txt || true" + echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.txt || true" fi diff --git a/type/__opendkim_genkey/man.rst b/type/__opendkim_genkey/man.rst index 3251ec1..b3fd013 100644 --- a/type/__opendkim_genkey/man.rst +++ b/type/__opendkim_genkey/man.rst @@ -17,7 +17,7 @@ will be added to the OpenDKIM signing table, using either the domain or the provided key for the `domain:selector:keyfile` value in the table. An existing key will not be overwritten. -Currently, this type is only implemented for Debian, Alpine Linux and FreeBSD. +Currently, this type is only implemented for Alpine Linux and FreeBSD. Please contribute an implementation if you can. REQUIRED PARAMETERS diff --git a/type/__opendkim_genkey/manifest b/type/__opendkim_genkey/manifest index 289e7fe..50dcee5 100755 --- a/type/__opendkim_genkey/manifest +++ b/type/__opendkim_genkey/manifest @@ -21,18 +21,13 @@ os=$(cat "${__global:?}/explorer/os") -CFG_DIR="/etc/opendkim/" -KEYS_DIR="/var/db/dkim/" +CFG_DIR="/etc/opendkim" user="opendkim" group="opendkim" case "$os" in 'alpine') : ;; -'debian') - CFG_DIR="/etc/dkimkeys/" - KEYS_DIR="/etc/dkimkeys/" -;; 'freebsd') CFG_DIR="/usr/local/etc/mail" user="mailnull" @@ -40,9 +35,9 @@ case "$os" in ;; *) cat <<- EOF >&2 - __opendkim_genkey does not support $os (yet). Exiting. + __opendkim_genkey currently only supports Alpine Linux. Please + contribute an implementation for $os if you can. EOF - exit 1 ;; esac # Persist user and group for gencode-remote @@ -52,10 +47,11 @@ printf '%s' "${group}" > "${__object:?}/group" SELECTOR="$(cat "${__object:?}/parameter/selector")" DOMAIN="$(cat "${__object:?}/parameter/domain")" +DIRECTORY="/var/db/dkim/" if [ -f "${__object:?}/parameter/directory" ]; then # Be forgiving about a lack of trailing slash - KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" + DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" fi SIGKEY="${DOMAIN:?}" @@ -65,18 +61,16 @@ then fi # Ensure the key-container directory exists with the proper permissions -__directory "${KEYS_DIR}" \ +__directory "${DIRECTORY}" \ --mode 0750 \ --owner "${user}" --group "${group}" # OS-specific code case "$os" in 'alpine') + # This is needed for opendkim-genkey __package opendkim-utils ;; -'debian') - __package opendkim-tools -;; esac key_table="${CFG_DIR}/KeyTable" @@ -84,7 +78,7 @@ signing_table="${CFG_DIR}/SigningTable" __line "line-key-${__object_id:?}" \ --file "${key_table}" \ - --line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${KEYS_DIR:?}${SELECTOR:?}.private" + --line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private" __line "line-sig-${__object_id:?}" \ --file "${signing_table}" \