Compare commits
2 commits
422b97bc1b
...
ac03f05766
Author | SHA1 | Date | |
---|---|---|---|
ac03f05766 | |||
ecd10de2d3 |
7 changed files with 80 additions and 31 deletions
|
@ -153,7 +153,7 @@ EOF
|
|||
|
||||
if [ -f "${__object}/parameter/secured-domains" ]; then
|
||||
SECURED_DOMAINS_STATE='present'
|
||||
SECURED_DOMAINS_STATE_JICOFO='replace'
|
||||
SECURED_DOMAINS_STATE_JICOFO='present'
|
||||
else
|
||||
SECURED_DOMAINS_STATE='absent'
|
||||
SECURED_DOMAINS_STATE_JICOFO='absent'
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
#!/bin/sh -e
|
||||
# Generate an opendkim.conf(5) file for opendkim(8).
|
||||
|
||||
echo "# Managed remotely, manual changes will be lost."
|
||||
|
||||
# Optional chdir(2)
|
||||
if [ "$BASEDIR" ];
|
||||
|
@ -33,8 +34,8 @@ then
|
|||
fi
|
||||
|
||||
# Key and Domain tables
|
||||
echo 'KeyTable /etc/opendkim/KeyTable'
|
||||
echo 'SigningTable /etc/opendkim/SigningTable'
|
||||
echo "KeyTable ${CFG_DIR}/KeyTable"
|
||||
echo "SigningTable ${CFG_DIR}/SigningTable"
|
||||
|
||||
# Required socket to listen on
|
||||
printf "Socket %s\n" "${SOCKET:?}"
|
||||
|
|
|
@ -14,8 +14,8 @@ installation and basic configuration of an instance of OpenDKIM.
|
|||
Note that this type does not generate or ensure that a key is present: use
|
||||
`cdist-type__opendkim-genkey(7)` for that.
|
||||
|
||||
Note that this type is currently only implemented for Alpine Linux. Please
|
||||
contribute an implementation if you can.
|
||||
Note that this type is currently only implemented for Alpine Linux and FreeBSD.
|
||||
Please contribute an implementation if you can.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
|
@ -42,8 +42,9 @@ umask
|
|||
Set the umask for the socket and PID file.
|
||||
|
||||
userid
|
||||
Change the user the opendkim program is to run as. By default, Alpine Linux's
|
||||
OpenRC service will set this to `opendkim` on the command-line.
|
||||
Change the user the opendkim program is to run as.
|
||||
By default, Alpine Linux's OpenRC service will set this to `opendkim` on the
|
||||
command-line and FreeBSD's rc will set it to `mailnull`.
|
||||
|
||||
custom-config
|
||||
The string following this parameter is appended as-is in the configuration, to
|
||||
|
@ -86,11 +87,12 @@ SEE ALSO
|
|||
AUTHORS
|
||||
-------
|
||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
||||
Evilham <contact@evilham.com>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
|
||||
Copyright \(C) 2022 Joachim Desroches, Evilham. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
|
|
@ -20,16 +20,23 @@
|
|||
|
||||
os=$(cat "${__global:?}/explorer/os")
|
||||
|
||||
CFG_DIR="/etc/opendkim"
|
||||
service="opendkim"
|
||||
case "$os" in
|
||||
'alpine')
|
||||
:
|
||||
;;
|
||||
'freebsd')
|
||||
CFG_DIR="/usr/local/etc/mail"
|
||||
service="milter-opendkim"
|
||||
;;
|
||||
*)
|
||||
printf "__opendkim does not yet support %s.\n" "$os" >&2
|
||||
printf "Please contribute an implementation if you can.\n" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
export CFG_DIR
|
||||
|
||||
__package opendkim
|
||||
|
||||
|
@ -68,7 +75,7 @@ fi
|
|||
|
||||
# Generate and deploy configuration file.
|
||||
source_file="${__object:?}/files/opendkim.conf"
|
||||
target_file="/etc/opendkim/opendkim.conf"
|
||||
target_file="${CFG_DIR}/opendkim.conf"
|
||||
|
||||
mkdir -p "${__object:?}/files"
|
||||
|
||||
|
@ -83,9 +90,22 @@ fi
|
|||
require="__package/opendkim" __file "$target_file" \
|
||||
--source "$source_file" --mode 0644
|
||||
|
||||
require="__package/opendkim" __start_on_boot opendkim
|
||||
require="__package/opendkim" __start_on_boot "${service}"
|
||||
|
||||
require="__file${target_file}" \
|
||||
# Ensure Key and Signing tables exist and have proper permissions
|
||||
key_table="${CFG_DIR}/KeyTable"
|
||||
signing_table="${CFG_DIR}/SigningTable"
|
||||
|
||||
require="__package/opendkim" \
|
||||
__file "${key_table}" \
|
||||
--mode 444
|
||||
|
||||
require="__package/opendkim" \
|
||||
__file "${signing_table}" \
|
||||
--mode 444
|
||||
|
||||
require="__file${target_file} __file${key_table}
|
||||
__file${signing_table} __start_on_boot/${service}" \
|
||||
__check_messages opendkim \
|
||||
--pattern "^__file${target_file}" \
|
||||
--execute "service opendkim restart"
|
||||
--execute "service ${service} restart"
|
||||
|
|
|
@ -30,7 +30,8 @@ fi
|
|||
|
||||
DIRECTORY="/var/db/dkim/"
|
||||
if [ -f "${__object:?}/parameter/directory" ]; then
|
||||
DIRECTORY="$(cat "${__object:?}/parameter/directory")"
|
||||
# Be forgiving about a lack of trailing slash
|
||||
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
||||
fi
|
||||
|
||||
# Boolean parameters
|
||||
|
@ -44,7 +45,12 @@ if [ -f "${__object:?}/parameters/unrestricted" ]; then
|
|||
RESTRICTED=
|
||||
fi
|
||||
|
||||
user="$(cat "${__object:?}/user")"
|
||||
group="$(cat "${__object:?}/group")"
|
||||
|
||||
if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then
|
||||
echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
|
||||
echo "chown opendkim:opendkim ${DIRECTORY}${SELECTOR}.private"
|
||||
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.private"
|
||||
# This is usually generated, if it weren't we do not want to fail
|
||||
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.txt || true"
|
||||
fi
|
||||
|
|
|
@ -17,8 +17,8 @@ will be added to the OpenDKIM signing table, using either the domain or the
|
|||
provided key for the `domain:selector:keyfile` value in the table. An existing
|
||||
key will not be overwritten.
|
||||
|
||||
Currently, this type is only implemented for Alpine Linux. Please contribute an
|
||||
implementation if you can.
|
||||
Currently, this type is only implemented for Alpine Linux and FreeBSD.
|
||||
Please contribute an implementation if you can.
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
|
@ -85,11 +85,12 @@ SEE ALSO
|
|||
AUTHORS
|
||||
-------
|
||||
Joachim Desroches <joachim.desroches@epfl.ch>
|
||||
Evilham <contact@evilham.com>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2021 Joachim Desroches. You can redistribute it
|
||||
Copyright \(C) 2022 Joachim Desroches, Evilham. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
|
|
@ -21,10 +21,18 @@
|
|||
|
||||
os=$(cat "${__global:?}/explorer/os")
|
||||
|
||||
CFG_DIR="/etc/opendkim"
|
||||
user="opendkim"
|
||||
group="opendkim"
|
||||
case "$os" in
|
||||
'alpine')
|
||||
:
|
||||
;;
|
||||
'freebsd')
|
||||
CFG_DIR="/usr/local/etc/mail"
|
||||
user="mailnull"
|
||||
group="mailnull"
|
||||
;;
|
||||
*)
|
||||
cat <<- EOF >&2
|
||||
__opendkim_genkey currently only supports Alpine Linux. Please
|
||||
|
@ -32,6 +40,9 @@ case "$os" in
|
|||
EOF
|
||||
;;
|
||||
esac
|
||||
# Persist user and group for gencode-remote
|
||||
printf '%s' "${user}" > "${__object:?}/user"
|
||||
printf '%s' "${group}" > "${__object:?}/group"
|
||||
|
||||
SELECTOR="$(cat "${__object:?}/parameter/selector")"
|
||||
DOMAIN="$(cat "${__object:?}/parameter/domain")"
|
||||
|
@ -39,7 +50,8 @@ DOMAIN="$(cat "${__object:?}/parameter/domain")"
|
|||
DIRECTORY="/var/db/dkim/"
|
||||
if [ -f "${__object:?}/parameter/directory" ];
|
||||
then
|
||||
DIRECTORY="$(cat "${__object:?}/parameter/directory")"
|
||||
# Be forgiving about a lack of trailing slash
|
||||
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
||||
fi
|
||||
|
||||
SIGKEY="${DOMAIN:?}"
|
||||
|
@ -48,19 +60,26 @@ then
|
|||
SIGKEY="$(cat "${__object:?}/parameter/sigkey")"
|
||||
fi
|
||||
|
||||
__package opendkim-utils
|
||||
# Ensure the key-container directory exists with the proper permissions
|
||||
__directory "${DIRECTORY}" \
|
||||
--mode 0750 \
|
||||
--owner "${user}" --group "${group}"
|
||||
|
||||
require='__package/opendkim-utils' \
|
||||
__file /etc/opendkim/KeyTable
|
||||
require='__package/opendkim-utils' \
|
||||
__file /etc/opendkim/SigningTable
|
||||
# OS-specific code
|
||||
case "$os" in
|
||||
'alpine')
|
||||
# This is needed for opendkim-genkey
|
||||
__package opendkim-utils
|
||||
;;
|
||||
esac
|
||||
|
||||
require='__file/etc/opendkim/KeyTable' \
|
||||
__line "line-key-${__object_id:?}" \
|
||||
--file /etc/opendkim/KeyTable \
|
||||
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private"
|
||||
key_table="${CFG_DIR}/KeyTable"
|
||||
signing_table="${CFG_DIR}/SigningTable"
|
||||
|
||||
require='__file/etc/opendkim/SigningTable' \
|
||||
__line "line-sig-${__object_id:?}" \
|
||||
--file /etc/opendkim/SigningTable \
|
||||
--line "${SIGKEY:?} ${SELECTOR:?}._domainkey.${DOMAIN:?}"
|
||||
__line "line-key-${__object_id:?}" \
|
||||
--file "${key_table}" \
|
||||
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private"
|
||||
|
||||
__line "line-sig-${__object_id:?}" \
|
||||
--file "${signing_table}" \
|
||||
--line "${SIGKEY:?} ${SELECTOR:?}._domainkey.${DOMAIN:?}"
|
||||
|
|
Loading…
Reference in a new issue