Compare commits
1 commit
master
...
opendkim-d
Author | SHA1 | Date | |
---|---|---|---|
d2669ee230 |
6 changed files with 69 additions and 22 deletions
|
@ -3,6 +3,9 @@
|
||||||
|
|
||||||
echo "# Managed remotely, manual changes will be lost."
|
echo "# Managed remotely, manual changes will be lost."
|
||||||
|
|
||||||
|
# Used for OS-specific configuration.
|
||||||
|
os=$(cat "${__global:?}/explorer/os")
|
||||||
|
|
||||||
# Optional chdir(2)
|
# Optional chdir(2)
|
||||||
if [ "$BASEDIR" ];
|
if [ "$BASEDIR" ];
|
||||||
then
|
then
|
||||||
|
@ -63,3 +66,16 @@ if [ "$USERID" ];
|
||||||
then
|
then
|
||||||
printf "UserID %s\n" "$USERID"
|
printf "UserID %s\n" "$USERID"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$os" = "debian" ]; then
|
||||||
|
cat <<- EOF
|
||||||
|
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
|
||||||
|
# using a local socket with MTAs that access the socket as a non-privileged
|
||||||
|
# user (for example, Postfix). You may need to add user "postfix" to group
|
||||||
|
# "opendkim" in that case.
|
||||||
|
UserID opendkim
|
||||||
|
UMask 007
|
||||||
|
|
||||||
|
PidFile /run/opendkim/opendkim.pid
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
|
@ -14,8 +14,8 @@ installation and basic configuration of an instance of OpenDKIM.
|
||||||
Note that this type does not generate or ensure that a key is present: use
|
Note that this type does not generate or ensure that a key is present: use
|
||||||
`cdist-type__opendkim-genkey(7)` for that.
|
`cdist-type__opendkim-genkey(7)` for that.
|
||||||
|
|
||||||
Note that this type is currently only implemented for Alpine Linux and FreeBSD.
|
Note that this type is currently only implemented for Debian, Alpine Linux and
|
||||||
Please contribute an implementation if you can.
|
FreeBSD. Please contribute an implementation if you can.
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
|
|
|
@ -21,13 +21,20 @@
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
os=$(cat "${__global:?}/explorer/os")
|
||||||
|
|
||||||
CFG_DIR="/etc/opendkim"
|
CFG_DIR="/etc/opendkim"
|
||||||
|
CFG_FILE="$CFG_DIR/opendkim.conf"
|
||||||
service="opendkim"
|
service="opendkim"
|
||||||
case "$os" in
|
case "$os" in
|
||||||
'alpine')
|
'alpine')
|
||||||
:
|
:
|
||||||
;;
|
;;
|
||||||
|
'debian')
|
||||||
|
CFG_DIR="/etc/dkimkeys"
|
||||||
|
CFG_FILE="/etc/opendkim.conf"
|
||||||
|
;;
|
||||||
'freebsd')
|
'freebsd')
|
||||||
CFG_DIR="/usr/local/etc/mail"
|
CFG_DIR="/usr/local/etc/mail"
|
||||||
|
CFG_FILE="$CFG_DIR/opendkim.conf"
|
||||||
|
|
||||||
service="milter-opendkim"
|
service="milter-opendkim"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
@ -75,7 +82,7 @@ fi
|
||||||
|
|
||||||
# Generate and deploy configuration file.
|
# Generate and deploy configuration file.
|
||||||
source_file="${__object:?}/files/opendkim.conf"
|
source_file="${__object:?}/files/opendkim.conf"
|
||||||
target_file="${CFG_DIR}/opendkim.conf"
|
target_file="${CFG_FILE}"
|
||||||
|
|
||||||
mkdir -p "${__object:?}/files"
|
mkdir -p "${__object:?}/files"
|
||||||
|
|
||||||
|
|
|
@ -18,6 +18,30 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
os=$(cat "${__global:?}/explorer/os")
|
||||||
|
|
||||||
|
|
||||||
|
case "$os" in
|
||||||
|
'debian')
|
||||||
|
KEYS_DIR="/etc/dkimkeys/"
|
||||||
|
;;
|
||||||
|
'freebsd'|'alpine')
|
||||||
|
KEYS_DIR="/var/db/dkim/"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
cat <<- EOF >&2
|
||||||
|
__opendkim_genkey does not support $os (yet). Exiting.
|
||||||
|
EOF
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if [ -f "${__object:?}/parameter/directory" ];
|
||||||
|
then
|
||||||
|
# Be forgiving about a lack of trailing slash
|
||||||
|
KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
||||||
|
fi
|
||||||
|
|
||||||
# Required parameters
|
# Required parameters
|
||||||
DOMAIN="$(cat "${__object:?}/parameter/domain")"
|
DOMAIN="$(cat "${__object:?}/parameter/domain")"
|
||||||
SELECTOR="$(cat "${__object:?}/parameter/selector")"
|
SELECTOR="$(cat "${__object:?}/parameter/selector")"
|
||||||
|
@ -28,12 +52,6 @@ if [ -f "${__object:?}/parameter/bits" ]; then
|
||||||
BITS="-b $(cat "${__object:?}/parameter/bits")"
|
BITS="-b $(cat "${__object:?}/parameter/bits")"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
DIRECTORY="/var/db/dkim/"
|
|
||||||
if [ -f "${__object:?}/parameter/directory" ]; then
|
|
||||||
# Be forgiving about a lack of trailing slash
|
|
||||||
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Boolean parameters
|
# Boolean parameters
|
||||||
SUBDOMAINS=
|
SUBDOMAINS=
|
||||||
if [ -f "${__object:?}/parameter/no-subdomains" ]; then
|
if [ -f "${__object:?}/parameter/no-subdomains" ]; then
|
||||||
|
@ -48,9 +66,9 @@ fi
|
||||||
user="$(cat "${__object:?}/user")"
|
user="$(cat "${__object:?}/user")"
|
||||||
group="$(cat "${__object:?}/group")"
|
group="$(cat "${__object:?}/group")"
|
||||||
|
|
||||||
if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then
|
if ! [ -f "${KEYS_DIR}${SELECTOR}.private" ]; then
|
||||||
echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$DIRECTORY $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
|
echo "opendkim-genkey $BITS --domain=$DOMAIN --directory=$KEYS_DIR $RESTRICTED --selector=$SELECTOR $SUBDOMAINS"
|
||||||
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.private"
|
echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.private"
|
||||||
# This is usually generated, if it weren't we do not want to fail
|
# This is usually generated, if it weren't we do not want to fail
|
||||||
echo "chown ${user}:${group} ${DIRECTORY}${SELECTOR}.txt || true"
|
echo "chown ${user}:${group} ${KEYS_DIR}${SELECTOR}.txt || true"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -17,7 +17,7 @@ will be added to the OpenDKIM signing table, using either the domain or the
|
||||||
provided key for the `domain:selector:keyfile` value in the table. An existing
|
provided key for the `domain:selector:keyfile` value in the table. An existing
|
||||||
key will not be overwritten.
|
key will not be overwritten.
|
||||||
|
|
||||||
Currently, this type is only implemented for Alpine Linux and FreeBSD.
|
Currently, this type is only implemented for Debian, Alpine Linux and FreeBSD.
|
||||||
Please contribute an implementation if you can.
|
Please contribute an implementation if you can.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
|
|
|
@ -21,13 +21,18 @@
|
||||||
|
|
||||||
os=$(cat "${__global:?}/explorer/os")
|
os=$(cat "${__global:?}/explorer/os")
|
||||||
|
|
||||||
CFG_DIR="/etc/opendkim"
|
CFG_DIR="/etc/opendkim/"
|
||||||
|
KEYS_DIR="/var/db/dkim/"
|
||||||
user="opendkim"
|
user="opendkim"
|
||||||
group="opendkim"
|
group="opendkim"
|
||||||
case "$os" in
|
case "$os" in
|
||||||
'alpine')
|
'alpine')
|
||||||
:
|
:
|
||||||
;;
|
;;
|
||||||
|
'debian')
|
||||||
|
CFG_DIR="/etc/dkimkeys/"
|
||||||
|
KEYS_DIR="/etc/dkimkeys/"
|
||||||
|
;;
|
||||||
'freebsd')
|
'freebsd')
|
||||||
CFG_DIR="/usr/local/etc/mail"
|
CFG_DIR="/usr/local/etc/mail"
|
||||||
user="mailnull"
|
user="mailnull"
|
||||||
|
@ -35,9 +40,9 @@ case "$os" in
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
cat <<- EOF >&2
|
cat <<- EOF >&2
|
||||||
__opendkim_genkey currently only supports Alpine Linux. Please
|
__opendkim_genkey does not support $os (yet). Exiting.
|
||||||
contribute an implementation for $os if you can.
|
|
||||||
EOF
|
EOF
|
||||||
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
# Persist user and group for gencode-remote
|
# Persist user and group for gencode-remote
|
||||||
|
@ -47,11 +52,10 @@ printf '%s' "${group}" > "${__object:?}/group"
|
||||||
SELECTOR="$(cat "${__object:?}/parameter/selector")"
|
SELECTOR="$(cat "${__object:?}/parameter/selector")"
|
||||||
DOMAIN="$(cat "${__object:?}/parameter/domain")"
|
DOMAIN="$(cat "${__object:?}/parameter/domain")"
|
||||||
|
|
||||||
DIRECTORY="/var/db/dkim/"
|
|
||||||
if [ -f "${__object:?}/parameter/directory" ];
|
if [ -f "${__object:?}/parameter/directory" ];
|
||||||
then
|
then
|
||||||
# Be forgiving about a lack of trailing slash
|
# Be forgiving about a lack of trailing slash
|
||||||
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
KEYS_DIR="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
SIGKEY="${DOMAIN:?}"
|
SIGKEY="${DOMAIN:?}"
|
||||||
|
@ -61,16 +65,18 @@ then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Ensure the key-container directory exists with the proper permissions
|
# Ensure the key-container directory exists with the proper permissions
|
||||||
__directory "${DIRECTORY}" \
|
__directory "${KEYS_DIR}" \
|
||||||
--mode 0750 \
|
--mode 0750 \
|
||||||
--owner "${user}" --group "${group}"
|
--owner "${user}" --group "${group}"
|
||||||
|
|
||||||
# OS-specific code
|
# OS-specific code
|
||||||
case "$os" in
|
case "$os" in
|
||||||
'alpine')
|
'alpine')
|
||||||
# This is needed for opendkim-genkey
|
|
||||||
__package opendkim-utils
|
__package opendkim-utils
|
||||||
;;
|
;;
|
||||||
|
'debian')
|
||||||
|
__package opendkim-tools
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
key_table="${CFG_DIR}/KeyTable"
|
key_table="${CFG_DIR}/KeyTable"
|
||||||
|
@ -78,7 +84,7 @@ signing_table="${CFG_DIR}/SigningTable"
|
||||||
|
|
||||||
__line "line-key-${__object_id:?}" \
|
__line "line-key-${__object_id:?}" \
|
||||||
--file "${key_table}" \
|
--file "${key_table}" \
|
||||||
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${DIRECTORY:?}${SELECTOR:?}.private"
|
--line "${SELECTOR:?}._domainkey.${DOMAIN:?} ${DOMAIN:?}:${SELECTOR:?}:${KEYS_DIR:?}${SELECTOR:?}.private"
|
||||||
|
|
||||||
__line "line-sig-${__object_id:?}" \
|
__line "line-sig-${__object_id:?}" \
|
||||||
--file "${signing_table}" \
|
--file "${signing_table}" \
|
||||||
|
|
Loading…
Reference in a new issue