[__opendkim*] add debian support

This commit is contained in:
fnux 2024-03-26 16:39:12 +01:00
parent f01f110463
commit c56410fa1f
No known key found for this signature in database
GPG key ID: 4502C902C00A1E12
4 changed files with 66 additions and 19 deletions

View file

@ -3,6 +3,9 @@
echo "# Managed remotely, manual changes will be lost." echo "# Managed remotely, manual changes will be lost."
# Used for OS-specific configuration.
os=$(cat "${__global:?}/explorer/os")
# Optional chdir(2) # Optional chdir(2)
if [ "$BASEDIR" ]; if [ "$BASEDIR" ];
then then
@ -63,3 +66,16 @@ if [ "$USERID" ];
then then
printf "UserID %s\n" "$USERID" printf "UserID %s\n" "$USERID"
fi fi
if [ "$os" = "debian" ]; then
cat <<- EOF
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
# using a local socket with MTAs that access the socket as a non-privileged
# user (for example, Postfix). You may need to add user "postfix" to group
# "opendkim" in that case.
UserID opendkim
UMask 007
PidFile /run/opendkim/opendkim.pid
EOF
fi

View file

@ -21,13 +21,20 @@
os=$(cat "${__global:?}/explorer/os") os=$(cat "${__global:?}/explorer/os")
CFG_DIR="/etc/opendkim" CFG_DIR="/etc/opendkim"
CFG_FILE="$CFG_DIR/opendkim.conf"
service="opendkim" service="opendkim"
case "$os" in case "$os" in
'alpine') 'alpine')
: :
;; ;;
'debian')
CFG_DIR="/etc/dkimkeys"
CFG_FILE="/etc/opendkim.conf"
;;
'freebsd') 'freebsd')
CFG_DIR="/usr/local/etc/mail" CFG_DIR="/usr/local/etc/mail"
CFG_FILE="$CFG_DIR/opendkim.conf"
service="milter-opendkim" service="milter-opendkim"
;; ;;
*) *)
@ -75,7 +82,7 @@ fi
# Generate and deploy configuration file. # Generate and deploy configuration file.
source_file="${__object:?}/files/opendkim.conf" source_file="${__object:?}/files/opendkim.conf"
target_file="${CFG_DIR}/opendkim.conf" target_file="${CFG_FILE}"
mkdir -p "${__object:?}/files" mkdir -p "${__object:?}/files"

View file

@ -18,6 +18,30 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
os=$(cat "${__global:?}/explorer/os")
case "$os" in
'debian')
KEYS_DIR="/etc/dkimkeys/"
;;
'freebsd'|'alpine')
KEYS_DIR="/var/db/dkim/"
;;
*)
cat <<- EOF >&2
__opendkim_genkey does not support $os (yet). Exiting.
EOF
exit 1
;;
esac
if [ -f "${__object:?}/parameter/directory" ];
then
# Be forgiving about a lack of trailing slash
KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi
# Required parameters # Required parameters
DOMAIN="$(cat "${__object:?}/parameter/domain")" DOMAIN="$(cat "${__object:?}/parameter/domain")"
SELECTOR="$(cat "${__object:?}/parameter/selector")" SELECTOR="$(cat "${__object:?}/parameter/selector")"
@ -28,12 +52,6 @@ if [ -f "${__object:?}/parameter/bits" ]; then
BITS="-b $(cat "${__object:?}/parameter/bits")" BITS="-b $(cat "${__object:?}/parameter/bits")"
fi fi
DIRECTORY="/var/db/dkim/"
if [ -f "${__object:?}/parameter/directory" ]; then
# Be forgiving about a lack of trailing slash
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi
# Boolean parameters # Boolean parameters
SUBDOMAINS= SUBDOMAINS=
if [ -f "${__object:?}/parameter/no-subdomains" ]; then if [ -f "${__object:?}/parameter/no-subdomains" ]; then
@ -48,9 +66,9 @@ fi
user="$(cat "${__object:?}/user")" user="$(cat "${__object:?}/user")"
group="$(cat "${__object:?}/group")" group="$(cat "${__object:?}/group")"
if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then if ! [ -f "${KEYS_DIR}${SELECTOR}.private" ]; then
echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS" echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$KEYS_DIR $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.private" echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.private"
# This is usually generated, if it weren't we do not want to fail # This is usually generated, if it weren't we do not want to fail
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.txt || true" echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.txt || true"
fi fi

View file

@ -21,13 +21,18 @@
os=$(cat "${__global:?}/explorer/os") os=$(cat "${__global:?}/explorer/os")
CFG_DIR="/etc/opendkim" CFG_DIR="/etc/opendkim/"
KEYS_DIR="/var/db/dkim/"
user="opendkim" user="opendkim"
group="opendkim" group="opendkim"
case "$os" in case "$os" in
'alpine') 'alpine')
: :
;; ;;
'debian')
CFG_DIR="/etc/dkimkeys/"
KEYS_DIR="/etc/dkimkeys/"
;;
'freebsd') 'freebsd')
CFG_DIR="/usr/local/etc/mail" CFG_DIR="/usr/local/etc/mail"
user="mailnull" user="mailnull"
@ -35,9 +40,9 @@ case "$os" in
;; ;;
*) *)
cat <<- EOF >&2 cat <<- EOF >&2
__opendkim_genkey currently only supports Alpine Linux. Please __opendkim_genkey does not support $os (yet). Exiting.
contribute an implementation for $os if you can.
EOF EOF
exit 1
;; ;;
esac esac
# Persist user and group for gencode-remote # Persist user and group for gencode-remote
@ -47,11 +52,10 @@ printf '%s' "${group}" > "${__object:?}/group"
SELECTOR="$(cat "${__object:?}/parameter/selector")" SELECTOR="$(cat "${__object:?}/parameter/selector")"
DOMAIN="$(cat "${__object:?}/parameter/domain")" DOMAIN="$(cat "${__object:?}/parameter/domain")"
DIRECTORY="/var/db/dkim/"
if [ -f "${__object:?}/parameter/directory" ]; if [ -f "${__object:?}/parameter/directory" ];
then then
# Be forgiving about a lack of trailing slash # Be forgiving about a lack of trailing slash
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi fi
SIGKEY="${DOMAIN:?}" SIGKEY="${DOMAIN:?}"
@ -61,16 +65,18 @@ then
fi fi
# Ensure the key-container directory exists with the proper permissions # Ensure the key-container directory exists with the proper permissions
__directory "${DIRECTORY}" \ __directory "${KEYS_DIR}" \
--mode 0750 \ --mode 0750 \
--owner "${user}" --group "${group}" --owner "${user}" --group "${group}"
# OS-specific code # OS-specific code
case "$os" in case "$os" in
'alpine') 'alpine')
# This is needed for opendkim-genkey
__package opendkim-utils __package opendkim-utils
;; ;;
'debian')
__package opendkim-tools
;;
esac esac
key_table="${CFG_DIR}/KeyTable" key_table="${CFG_DIR}/KeyTable"
@ -78,7 +84,7 @@ signing_table="${CFG_DIR}/SigningTable"
__line "line-key-${__object_id:?}" \ __line "line-key-${__object_id:?}" \
--file "${key_table}" \ --file "${key_table}" \
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private" --line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${KEYS_DIR:?}${SELECTOR:?}.private"
__line "line-sig-${__object_id:?}" \ __line "line-sig-${__object_id:?}" \
--file "${signing_table}" \ --file "${signing_table}" \