[__opendkim*] add debian support
This commit is contained in:
parent
f01f110463
commit
c56410fa1f
4 changed files with 66 additions and 19 deletions
|
@ -3,6 +3,9 @@
|
|||
|
||||
echo "# Managed remotely, manual changes will be lost."
|
||||
|
||||
# Used for OS-specific configuration.
|
||||
os=$(cat "${__global:?}/explorer/os")
|
||||
|
||||
# Optional chdir(2)
|
||||
if [ "$BASEDIR" ];
|
||||
then
|
||||
|
@ -63,3 +66,16 @@ if [ "$USERID" ];
|
|||
then
|
||||
printf "UserID %s\n" "$USERID"
|
||||
fi
|
||||
|
||||
if [ "$os" = "debian" ]; then
|
||||
cat <<- EOF
|
||||
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
|
||||
# using a local socket with MTAs that access the socket as a non-privileged
|
||||
# user (for example, Postfix). You may need to add user "postfix" to group
|
||||
# "opendkim" in that case.
|
||||
UserID opendkim
|
||||
UMask 007
|
||||
|
||||
PidFile /run/opendkim/opendkim.pid
|
||||
EOF
|
||||
fi
|
||||
|
|
|
@ -21,13 +21,20 @@
|
|||
os=$(cat "${__global:?}/explorer/os")
|
||||
|
||||
CFG_DIR="/etc/opendkim"
|
||||
CFG_FILE="$CFG_DIR/opendkim.conf"
|
||||
service="opendkim"
|
||||
case "$os" in
|
||||
'alpine')
|
||||
:
|
||||
;;
|
||||
'debian')
|
||||
CFG_DIR="/etc/dkimkeys"
|
||||
CFG_FILE="/etc/opendkim.conf"
|
||||
;;
|
||||
'freebsd')
|
||||
CFG_DIR="/usr/local/etc/mail"
|
||||
CFG_FILE="$CFG_DIR/opendkim.conf"
|
||||
|
||||
service="milter-opendkim"
|
||||
;;
|
||||
*)
|
||||
|
@ -75,7 +82,7 @@ fi
|
|||
|
||||
# Generate and deploy configuration file.
|
||||
source_file="${__object:?}/files/opendkim.conf"
|
||||
target_file="${CFG_DIR}/opendkim.conf"
|
||||
target_file="${CFG_FILE}"
|
||||
|
||||
mkdir -p "${__object:?}/files"
|
||||
|
||||
|
|
|
@ -18,6 +18,30 @@
|
|||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
os=$(cat "${__global:?}/explorer/os")
|
||||
|
||||
|
||||
case "$os" in
|
||||
'debian')
|
||||
KEYS_DIR="/etc/dkimkeys/"
|
||||
;;
|
||||
'freebsd'|'alpine')
|
||||
KEYS_DIR="/var/db/dkim/"
|
||||
;;
|
||||
*)
|
||||
cat <<- EOF >&2
|
||||
__opendkim_genkey does not support $os (yet). Exiting.
|
||||
EOF
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -f "${__object:?}/parameter/directory" ];
|
||||
then
|
||||
# Be forgiving about a lack of trailing slash
|
||||
KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
||||
fi
|
||||
|
||||
# Required parameters
|
||||
DOMAIN="$(cat "${__object:?}/parameter/domain")"
|
||||
SELECTOR="$(cat "${__object:?}/parameter/selector")"
|
||||
|
@ -28,12 +52,6 @@ if [ -f "${__object:?}/parameter/bits" ]; then
|
|||
BITS="-b $(cat "${__object:?}/parameter/bits")"
|
||||
fi
|
||||
|
||||
DIRECTORY="/var/db/dkim/"
|
||||
if [ -f "${__object:?}/parameter/directory" ]; then
|
||||
# Be forgiving about a lack of trailing slash
|
||||
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
||||
fi
|
||||
|
||||
# Boolean parameters
|
||||
SUBDOMAINS=
|
||||
if [ -f "${__object:?}/parameter/no-subdomains" ]; then
|
||||
|
@ -48,9 +66,9 @@ fi
|
|||
user="$(cat "${__object:?}/user")"
|
||||
group="$(cat "${__object:?}/group")"
|
||||
|
||||
if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then
|
||||
echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
|
||||
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.private"
|
||||
if ! [ -f "${KEYS_DIR}${SELECTOR}.private" ]; then
|
||||
echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$KEYS_DIR $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
|
||||
echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.private"
|
||||
# This is usually generated, if it weren't we do not want to fail
|
||||
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.txt || true"
|
||||
echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.txt || true"
|
||||
fi
|
||||
|
|
|
@ -21,13 +21,18 @@
|
|||
|
||||
os=$(cat "${__global:?}/explorer/os")
|
||||
|
||||
CFG_DIR="/etc/opendkim"
|
||||
CFG_DIR="/etc/opendkim/"
|
||||
KEYS_DIR="/var/db/dkim/"
|
||||
user="opendkim"
|
||||
group="opendkim"
|
||||
case "$os" in
|
||||
'alpine')
|
||||
:
|
||||
;;
|
||||
'debian')
|
||||
CFG_DIR="/etc/dkimkeys/"
|
||||
KEYS_DIR="/etc/dkimkeys/"
|
||||
;;
|
||||
'freebsd')
|
||||
CFG_DIR="/usr/local/etc/mail"
|
||||
user="mailnull"
|
||||
|
@ -35,9 +40,9 @@ case "$os" in
|
|||
;;
|
||||
*)
|
||||
cat <<- EOF >&2
|
||||
__opendkim_genkey currently only supports Alpine Linux. Please
|
||||
contribute an implementation for $os if you can.
|
||||
__opendkim_genkey does not support $os (yet). Exiting.
|
||||
EOF
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
# Persist user and group for gencode-remote
|
||||
|
@ -47,11 +52,10 @@ printf '%s' "${group}" > "${__object:?}/group"
|
|||
SELECTOR="$(cat "${__object:?}/parameter/selector")"
|
||||
DOMAIN="$(cat "${__object:?}/parameter/domain")"
|
||||
|
||||
DIRECTORY="/var/db/dkim/"
|
||||
if [ -f "${__object:?}/parameter/directory" ];
|
||||
then
|
||||
# Be forgiving about a lack of trailing slash
|
||||
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
||||
KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
||||
fi
|
||||
|
||||
SIGKEY="${DOMAIN:?}"
|
||||
|
@ -61,16 +65,18 @@ then
|
|||
fi
|
||||
|
||||
# Ensure the key-container directory exists with the proper permissions
|
||||
__directory "${DIRECTORY}" \
|
||||
__directory "${KEYS_DIR}" \
|
||||
--mode 0750 \
|
||||
--owner "${user}" --group "${group}"
|
||||
|
||||
# OS-specific code
|
||||
case "$os" in
|
||||
'alpine')
|
||||
# This is needed for opendkim-genkey
|
||||
__package opendkim-utils
|
||||
;;
|
||||
'debian')
|
||||
__package opendkim-tools
|
||||
;;
|
||||
esac
|
||||
|
||||
key_table="${CFG_DIR}/KeyTable"
|
||||
|
@ -78,7 +84,7 @@ signing_table="${CFG_DIR}/SigningTable"
|
|||
|
||||
__line "line-key-${__object_id:?}" \
|
||||
--file "${key_table}" \
|
||||
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private"
|
||||
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${KEYS_DIR:?}${SELECTOR:?}.private"
|
||||
|
||||
__line "line-sig-${__object_id:?}" \
|
||||
--file "${signing_table}" \
|
||||
|
|
Loading…
Reference in a new issue