type/__jitsi_meet/manifest

@@ -153,7 +153,7 @@ EOF
 
 if [ -f "${__object}/parameter/secured-domains" ]; then
   SECURED_DOMAINS_STATE='present'
-  SECURED_DOMAINS_STATE_JICOFO='present'
+  SECURED_DOMAINS_STATE_JICOFO='replace'
 else
   SECURED_DOMAINS_STATE='absent'
   SECURED_DOMAINS_STATE_JICOFO='absent'

type/__opendkim/files/opendkim.conf.sh

@@ -1,7 +1,6 @@
 #!/bin/sh -e
 # Generate an opendkim.conf(5) file for opendkim(8).
 
-echo "# Managed remotely, manual changes will be lost."
 
 # Optional chdir(2)
 if [ "$BASEDIR" ];
@@ -34,8 +33,8 @@ then
 fi
 
 # Key and Domain tables
-echo "KeyTable ${CFG_DIR}/KeyTable"
-echo "SigningTable ${CFG_DIR}/SigningTable"
+echo 'KeyTable /etc/opendkim/KeyTable'
+echo 'SigningTable /etc/opendkim/SigningTable'
 
 # Required socket to listen on
 printf "Socket %s\n" "${SOCKET:?}"

type/__opendkim/man.rst

@@ -14,8 +14,8 @@ installation and basic configuration of an instance of OpenDKIM.
 Note that this type does not generate or ensure that a key is present: use
 `cdist-type__opendkim-genkey(7)` for that.
 
-Note that this type is currently only implemented for Alpine Linux and FreeBSD.
-Please contribute an implementation if you can.
+Note that this type is currently only implemented for Alpine Linux. Please
+contribute an implementation if you can.
 
 
 REQUIRED PARAMETERS
@@ -42,9 +42,8 @@ umask
   Set the umask for the socket and PID file.
 
 userid
-  Change the user the opendkim program is to run as.
-  By default, Alpine Linux's OpenRC service will set this to `opendkim` on the
-  command-line and FreeBSD's rc will set it to `mailnull`.
+  Change the user the opendkim program is to run as. By default, Alpine Linux's
+  OpenRC service will set this to `opendkim` on the command-line.
 
 custom-config
   The string following this parameter is appended as-is in the configuration, to
@@ -87,12 +86,11 @@ SEE ALSO
 AUTHORS
 -------
 Joachim Desroches <joachim.desroches@epfl.ch>
-Evilham <contact@evilham.com>
 
 
 COPYING
 -------
-Copyright \(C) 2022 Joachim Desroches, Evilham. You can redistribute it
+Copyright \(C) 2021 Joachim Desroches. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.

type/__opendkim/manifest

@@ -20,23 +20,16 @@
 
 os=$(cat "${__global:?}/explorer/os")
 
-CFG_DIR="/etc/opendkim"
-service="opendkim"
 case "$os" in
 'alpine')
 	:
 	;;
-'freebsd')
-	CFG_DIR="/usr/local/etc/mail"
-	service="milter-opendkim"
-	;;
 *)
 	printf "__opendkim does not yet support %s.\n" "$os" >&2
 	printf "Please contribute an implementation if you can.\n" >&2
 	exit 1
 	;;
 esac
-export CFG_DIR
 
 __package opendkim
 
@@ -75,7 +68,7 @@ fi
 
 # Generate and deploy configuration file.
 source_file="${__object:?}/files/opendkim.conf"
-target_file="${CFG_DIR}/opendkim.conf"
+target_file="/etc/opendkim/opendkim.conf"
 
 mkdir -p "${__object:?}/files"
 
@@ -90,22 +83,9 @@ fi
 require="__package/opendkim" __file "$target_file" \
 	--source "$source_file" --mode 0644
 
-require="__package/opendkim" __start_on_boot "${service}"
+require="__package/opendkim" __start_on_boot opendkim
 
-# Ensure Key and Signing tables exist and have proper permissions
-key_table="${CFG_DIR}/KeyTable"
-signing_table="${CFG_DIR}/SigningTable"
-
-require="__package/opendkim" \
-	__file "${key_table}" \
-	--mode 444
-
-require="__package/opendkim" \
-	__file "${signing_table}" \
-	--mode 444
-
-require="__file${target_file} __file${key_table}
-		__file${signing_table} __start_on_boot/${service}" \
+require="__file${target_file}" \
 	__check_messages opendkim \
 		--pattern "^__file${target_file}" \
-		--execute "service ${service} restart"
+		--execute "service opendkim restart"

type/__opendkim_genkey/gencode-remote

@@ -30,8 +30,7 @@ fi
 
 DIRECTORY="/var/db/dkim/"
 if [ -f "${__object:?}/parameter/directory" ]; then
-	# Be forgiving about a lack of trailing slash
-	DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
+	DIRECTORY="$(cat "${__object:?}/parameter/directory")"
 fi
 
 # Boolean parameters
@@ -45,12 +44,7 @@ if [ -f "${__object:?}/parameters/unrestricted" ]; then
 	RESTRICTED=
 fi
 
-user="$(cat "${__object:?}/user")"
-group="$(cat "${__object:?}/group")"
-
 if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then
 	echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
-	echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.private"
-	# This is usually generated, if it weren't we do not want to fail
-	echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.txt || true"
+	echo "chown opendkim:opendkim ${DIRECTORY}${SELECTOR}.private"
 fi

type/__opendkim_genkey/man.rst

@@ -17,8 +17,8 @@ will be added to the OpenDKIM signing table, using either the domain or the
 provided key for the `domain:selector:keyfile` value in the table. An existing
 key will not be overwritten.
 
-Currently, this type is only implemented for Alpine Linux and FreeBSD.
-Please contribute an implementation if you can.
+Currently, this type is only implemented for Alpine Linux. Please contribute an
+implementation if you can.
 
 REQUIRED PARAMETERS
 -------------------
@@ -85,12 +85,11 @@ SEE ALSO
 AUTHORS
 -------
 Joachim Desroches <joachim.desroches@epfl.ch>
-Evilham <contact@evilham.com>
 
 
 COPYING
 -------
-Copyright \(C) 2022 Joachim Desroches, Evilham. You can redistribute it
+Copyright \(C) 2021 Joachim Desroches. You can redistribute it
 and/or modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation, either version 3 of the
 License, or (at your option) any later version.

type/__opendkim_genkey/manifest

@@ -21,18 +21,10 @@
 
 os=$(cat "${__global:?}/explorer/os")
 
-CFG_DIR="/etc/opendkim"
-user="opendkim"
-group="opendkim"
 case "$os" in
 'alpine')
 	:
 ;;
-'freebsd')
-	CFG_DIR="/usr/local/etc/mail"
-	user="mailnull"
-	group="mailnull"
-;;
 *)
 	cat <<- EOF >&2
 	__opendkim_genkey currently only supports Alpine Linux. Please
@@ -40,9 +32,6 @@ case "$os" in
 	EOF
 ;;
 esac
-# Persist user and group for gencode-remote
-printf '%s' "${user}" > "${__object:?}/user"
-printf '%s' "${group}" > "${__object:?}/group"
 
 SELECTOR="$(cat "${__object:?}/parameter/selector")"
 DOMAIN="$(cat "${__object:?}/parameter/domain")"
@@ -50,8 +39,7 @@ DOMAIN="$(cat "${__object:?}/parameter/domain")"
 DIRECTORY="/var/db/dkim/"
 if [ -f "${__object:?}/parameter/directory" ];
 then
-	# Be forgiving about a lack of trailing slash
-	DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
+	DIRECTORY="$(cat "${__object:?}/parameter/directory")"
 fi
 
 SIGKEY="${DOMAIN:?}"
@@ -60,26 +48,19 @@ then
 	SIGKEY="$(cat "${__object:?}/parameter/sigkey")"
 fi
 
-# Ensure the key-container directory exists with the proper permissions
-__directory "${DIRECTORY}" \
-	--mode 0750 \
-	--owner "${user}" --group "${group}"
+__package opendkim-utils
 
-# OS-specific code
-case "$os" in
-'alpine')
-	# This is needed for opendkim-genkey
-	__package opendkim-utils
-;;
-esac
+require='__package/opendkim-utils' \
+	__file /etc/opendkim/KeyTable
+require='__package/opendkim-utils' \
+	__file /etc/opendkim/SigningTable
 
-key_table="${CFG_DIR}/KeyTable"
-signing_table="${CFG_DIR}/SigningTable"
+require='__file/etc/opendkim/KeyTable' \
+	__line "line-key-${__object_id:?}" \
+		--file /etc/opendkim/KeyTable \
+		--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private"
 
-__line "line-key-${__object_id:?}" \
-	--file "${key_table}" \
-	--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private"
-
-__line "line-sig-${__object_id:?}" \
-	--file "${signing_table}" \
-	--line "${SIGKEY:?} ${SELECTOR:?}._domainkey.${DOMAIN:?}"
+require='__file/etc/opendkim/SigningTable' \
+	__line "line-sig-${__object_id:?}" \
+		--file /etc/opendkim/SigningTable \
+		--line "${SIGKEY:?} ${SELECTOR:?}._domainkey.${DOMAIN:?}"