[__opendkim*] add debian support

This commit is contained in:
fnux 2024-03-26 16:39:12 +01:00
parent f01f110463
commit d2669ee230
No known key found for this signature in database
GPG key ID: 4502C902C00A1E12
6 changed files with 69 additions and 22 deletions

View file

@ -3,6 +3,9 @@
echo "# Managed remotely, manual changes will be lost."
# Used for OS-specific configuration.
os=$(cat "${__global:?}/explorer/os")
# Optional chdir(2)
if [ "$BASEDIR" ];
then
@ -63,3 +66,16 @@ if [ "$USERID" ];
then
printf "UserID %s\n" "$USERID"
fi
if [ "$os" = "debian" ]; then
cat <<- EOF
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
# using a local socket with MTAs that access the socket as a non-privileged
# user (for example, Postfix). You may need to add user "postfix" to group
# "opendkim" in that case.
UserID opendkim
UMask 007
PidFile /run/opendkim/opendkim.pid
EOF
fi

View file

@ -14,8 +14,8 @@ installation and basic configuration of an instance of OpenDKIM.
Note that this type does not generate or ensure that a key is present: use
`cdist-type__opendkim-genkey(7)` for that.
Note that this type is currently only implemented for Alpine Linux and FreeBSD.
Please contribute an implementation if you can.
Note that this type is currently only implemented for Debian, Alpine Linux and
FreeBSD. Please contribute an implementation if you can.
REQUIRED PARAMETERS

View file

@ -21,13 +21,20 @@
os=$(cat "${__global:?}/explorer/os")
CFG_DIR="/etc/opendkim"
CFG_FILE="$CFG_DIR/opendkim.conf"
service="opendkim"
case "$os" in
'alpine')
:
;;
'debian')
CFG_DIR="/etc/dkimkeys"
CFG_FILE="/etc/opendkim.conf"
;;
'freebsd')
CFG_DIR="/usr/local/etc/mail"
CFG_FILE="$CFG_DIR/opendkim.conf"
service="milter-opendkim"
;;
*)
@ -75,7 +82,7 @@ fi
# Generate and deploy configuration file.
source_file="${__object:?}/files/opendkim.conf"
target_file="${CFG_DIR}/opendkim.conf"
target_file="${CFG_FILE}"
mkdir -p "${__object:?}/files"

View file

@ -18,6 +18,30 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "${__global:?}/explorer/os")
case "$os" in
'debian')
KEYS_DIR="/etc/dkimkeys/"
;;
'freebsd'|'alpine')
KEYS_DIR="/var/db/dkim/"
;;
*)
cat <<- EOF >&2
__opendkim_genkey does not support $os (yet). Exiting.
EOF
exit 1
;;
esac
if [ -f "${__object:?}/parameter/directory" ];
then
# Be forgiving about a lack of trailing slash
KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi
# Required parameters
DOMAIN="$(cat "${__object:?}/parameter/domain")"
SELECTOR="$(cat "${__object:?}/parameter/selector")"
@ -28,12 +52,6 @@ if [ -f "${__object:?}/parameter/bits" ]; then
BITS="-b $(cat "${__object:?}/parameter/bits")"
fi
DIRECTORY="/var/db/dkim/"
if [ -f "${__object:?}/parameter/directory" ]; then
# Be forgiving about a lack of trailing slash
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi
# Boolean parameters
SUBDOMAINS=
if [ -f "${__object:?}/parameter/no-subdomains" ]; then
@ -48,9 +66,9 @@ fi
user="$(cat "${__object:?}/user")"
group="$(cat "${__object:?}/group")"
if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then
echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.private"
if ! [ -f "${KEYS_DIR}${SELECTOR}.private" ]; then
echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$KEYS_DIR $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.private"
# This is usually generated, if it weren't we do not want to fail
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.txt || true"
echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.txt || true"
fi

View file

@ -17,7 +17,7 @@ will be added to the OpenDKIM signing table, using either the domain or the
provided key for the `domain:selector:keyfile` value in the table. An existing
key will not be overwritten.
Currently, this type is only implemented for Alpine Linux and FreeBSD.
Currently, this type is only implemented for Debian, Alpine Linux and FreeBSD.
Please contribute an implementation if you can.
REQUIRED PARAMETERS

View file

@ -21,13 +21,18 @@
os=$(cat "${__global:?}/explorer/os")
CFG_DIR="/etc/opendkim"
CFG_DIR="/etc/opendkim/"
KEYS_DIR="/var/db/dkim/"
user="opendkim"
group="opendkim"
case "$os" in
'alpine')
:
;;
'debian')
CFG_DIR="/etc/dkimkeys/"
KEYS_DIR="/etc/dkimkeys/"
;;
'freebsd')
CFG_DIR="/usr/local/etc/mail"
user="mailnull"
@ -35,9 +40,9 @@ case "$os" in
;;
*)
cat <<- EOF >&2
__opendkim_genkey currently only supports Alpine Linux. Please
contribute an implementation for $os if you can.
__opendkim_genkey does not support $os (yet). Exiting.
EOF
exit 1
;;
esac
# Persist user and group for gencode-remote
@ -47,11 +52,10 @@ printf '%s' "${group}" > "${__object:?}/group"
SELECTOR="$(cat "${__object:?}/parameter/selector")"
DOMAIN="$(cat "${__object:?}/parameter/domain")"
DIRECTORY="/var/db/dkim/"
if [ -f "${__object:?}/parameter/directory" ];
then
# Be forgiving about a lack of trailing slash
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi
SIGKEY="${DOMAIN:?}"
@ -61,16 +65,18 @@ then
fi
# Ensure the key-container directory exists with the proper permissions
__directory "${DIRECTORY}" \
__directory "${KEYS_DIR}" \
--mode 0750 \
--owner "${user}" --group "${group}"
# OS-specific code
case "$os" in
'alpine')
# This is needed for opendkim-genkey
__package opendkim-utils
;;
'debian')
__package opendkim-tools
;;
esac
key_table="${CFG_DIR}/KeyTable"
@ -78,7 +84,7 @@ signing_table="${CFG_DIR}/SigningTable"
__line "line-key-${__object_id:?}" \
--file "${key_table}" \
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private"
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${KEYS_DIR:?}${SELECTOR:?}.private"
__line "line-sig-${__object_id:?}" \
--file "${signing_table}" \