[__opendkim*] add debian support

This commit is contained in:
fnux 2024-03-26 16:39:12 +01:00
parent f01f110463
commit d2669ee230
No known key found for this signature in database
GPG key ID: 4502C902C00A1E12
6 changed files with 69 additions and 22 deletions

View file

@ -3,6 +3,9 @@
echo "# Managed remotely, manual changes will be lost." echo "# Managed remotely, manual changes will be lost."
# Used for OS-specific configuration.
os=$(cat "${__global:?}/explorer/os")
# Optional chdir(2) # Optional chdir(2)
if [ "$BASEDIR" ]; if [ "$BASEDIR" ];
then then
@ -63,3 +66,16 @@ if [ "$USERID" ];
then then
printf "UserID %s\n" "$USERID" printf "UserID %s\n" "$USERID"
fi fi
if [ "$os" = "debian" ]; then
cat <<- EOF
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
# using a local socket with MTAs that access the socket as a non-privileged
# user (for example, Postfix). You may need to add user "postfix" to group
# "opendkim" in that case.
UserID opendkim
UMask 007
PidFile /run/opendkim/opendkim.pid
EOF
fi

View file

@ -14,8 +14,8 @@ installation and basic configuration of an instance of OpenDKIM.
Note that this type does not generate or ensure that a key is present: use Note that this type does not generate or ensure that a key is present: use
`cdist-type__opendkim-genkey(7)` for that. `cdist-type__opendkim-genkey(7)` for that.
Note that this type is currently only implemented for Alpine Linux and FreeBSD. Note that this type is currently only implemented for Debian, Alpine Linux and
Please contribute an implementation if you can. FreeBSD. Please contribute an implementation if you can.
REQUIRED PARAMETERS REQUIRED PARAMETERS

View file

@ -21,13 +21,20 @@
os=$(cat "${__global:?}/explorer/os") os=$(cat "${__global:?}/explorer/os")
CFG_DIR="/etc/opendkim" CFG_DIR="/etc/opendkim"
CFG_FILE="$CFG_DIR/opendkim.conf"
service="opendkim" service="opendkim"
case "$os" in case "$os" in
'alpine') 'alpine')
: :
;; ;;
'debian')
CFG_DIR="/etc/dkimkeys"
CFG_FILE="/etc/opendkim.conf"
;;
'freebsd') 'freebsd')
CFG_DIR="/usr/local/etc/mail" CFG_DIR="/usr/local/etc/mail"
CFG_FILE="$CFG_DIR/opendkim.conf"
service="milter-opendkim" service="milter-opendkim"
;; ;;
*) *)
@ -75,7 +82,7 @@ fi
# Generate and deploy configuration file. # Generate and deploy configuration file.
source_file="${__object:?}/files/opendkim.conf" source_file="${__object:?}/files/opendkim.conf"
target_file="${CFG_DIR}/opendkim.conf" target_file="${CFG_FILE}"
mkdir -p "${__object:?}/files" mkdir -p "${__object:?}/files"

View file

@ -18,6 +18,30 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
os=$(cat "${__global:?}/explorer/os")
case "$os" in
'debian')
KEYS_DIR="/etc/dkimkeys/"
;;
'freebsd'|'alpine')
KEYS_DIR="/var/db/dkim/"
;;
*)
cat <<- EOF >&2
__opendkim_genkey does not support $os (yet). Exiting.
EOF
exit 1
;;
esac
if [ -f "${__object:?}/parameter/directory" ];
then
# Be forgiving about a lack of trailing slash
KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi
# Required parameters # Required parameters
DOMAIN="$(cat "${__object:?}/parameter/domain")" DOMAIN="$(cat "${__object:?}/parameter/domain")"
SELECTOR="$(cat "${__object:?}/parameter/selector")" SELECTOR="$(cat "${__object:?}/parameter/selector")"
@ -28,12 +52,6 @@ if [ -f "${__object:?}/parameter/bits" ]; then
BITS="-b $(cat "${__object:?}/parameter/bits")" BITS="-b $(cat "${__object:?}/parameter/bits")"
fi fi
DIRECTORY="/var/db/dkim/"
if [ -f "${__object:?}/parameter/directory" ]; then
# Be forgiving about a lack of trailing slash
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi
# Boolean parameters # Boolean parameters
SUBDOMAINS= SUBDOMAINS=
if [ -f "${__object:?}/parameter/no-subdomains" ]; then if [ -f "${__object:?}/parameter/no-subdomains" ]; then
@ -48,9 +66,9 @@ fi
user="$(cat "${__object:?}/user")" user="$(cat "${__object:?}/user")"
group="$(cat "${__object:?}/group")" group="$(cat "${__object:?}/group")"
if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then if ! [ -f "${KEYS_DIR}${SELECTOR}.private" ]; then
echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS" echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$KEYS_DIR $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.private" echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.private"
# This is usually generated, if it weren't we do not want to fail # This is usually generated, if it weren't we do not want to fail
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.txt || true" echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.txt || true"
fi fi

View file

@ -17,7 +17,7 @@ will be added to the OpenDKIM signing table, using either the domain or the
provided key for the `domain:selector:keyfile` value in the table. An existing provided key for the `domain:selector:keyfile` value in the table. An existing
key will not be overwritten. key will not be overwritten.
Currently, this type is only implemented for Alpine Linux and FreeBSD. Currently, this type is only implemented for Debian, Alpine Linux and FreeBSD.
Please contribute an implementation if you can. Please contribute an implementation if you can.
REQUIRED PARAMETERS REQUIRED PARAMETERS

View file

@ -21,13 +21,18 @@
os=$(cat "${__global:?}/explorer/os") os=$(cat "${__global:?}/explorer/os")
CFG_DIR="/etc/opendkim" CFG_DIR="/etc/opendkim/"
KEYS_DIR="/var/db/dkim/"
user="opendkim" user="opendkim"
group="opendkim" group="opendkim"
case "$os" in case "$os" in
'alpine') 'alpine')
: :
;; ;;
'debian')
CFG_DIR="/etc/dkimkeys/"
KEYS_DIR="/etc/dkimkeys/"
;;
'freebsd') 'freebsd')
CFG_DIR="/usr/local/etc/mail" CFG_DIR="/usr/local/etc/mail"
user="mailnull" user="mailnull"
@ -35,9 +40,9 @@ case "$os" in
;; ;;
*) *)
cat <<- EOF >&2 cat <<- EOF >&2
__opendkim_genkey currently only supports Alpine Linux. Please __opendkim_genkey does not support $os (yet). Exiting.
contribute an implementation for $os if you can.
EOF EOF
exit 1
;; ;;
esac esac
# Persist user and group for gencode-remote # Persist user and group for gencode-remote
@ -47,11 +52,10 @@ printf '%s' "${group}" > "${__object:?}/group"
SELECTOR="$(cat "${__object:?}/parameter/selector")" SELECTOR="$(cat "${__object:?}/parameter/selector")"
DOMAIN="$(cat "${__object:?}/parameter/domain")" DOMAIN="$(cat "${__object:?}/parameter/domain")"
DIRECTORY="/var/db/dkim/"
if [ -f "${__object:?}/parameter/directory" ]; if [ -f "${__object:?}/parameter/directory" ];
then then
# Be forgiving about a lack of trailing slash # Be forgiving about a lack of trailing slash
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
fi fi
SIGKEY="${DOMAIN:?}" SIGKEY="${DOMAIN:?}"
@ -61,16 +65,18 @@ then
fi fi
# Ensure the key-container directory exists with the proper permissions # Ensure the key-container directory exists with the proper permissions
__directory "${DIRECTORY}" \ __directory "${KEYS_DIR}" \
--mode 0750 \ --mode 0750 \
--owner "${user}" --group "${group}" --owner "${user}" --group "${group}"
# OS-specific code # OS-specific code
case "$os" in case "$os" in
'alpine') 'alpine')
# This is needed for opendkim-genkey
__package opendkim-utils __package opendkim-utils
;; ;;
'debian')
__package opendkim-tools
;;
esac esac
key_table="${CFG_DIR}/KeyTable" key_table="${CFG_DIR}/KeyTable"
@ -78,7 +84,7 @@ signing_table="${CFG_DIR}/SigningTable"
__line "line-key-${__object_id:?}" \ __line "line-key-${__object_id:?}" \
--file "${key_table}" \ --file "${key_table}" \
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private" --line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${KEYS_DIR:?}${SELECTOR:?}.private"
__line "line-sig-${__object_id:?}" \ __line "line-sig-${__object_id:?}" \
--file "${signing_table}" \ --file "${signing_table}" \