[__opendkim_genkey]: Key always gets replaced against remote hosts #19

New issue

Closed

opened 2022-03-15 07:57:18 +00:00 by evilham · 0 comments

evilham commented 2022-03-15 07:57:18 +00:00

Collaborator

Copy link

Due to:

type/__opendkim_genkey/gencode-remote

Line 51 in af04f74

if ! [ -f "${DIRECTORY}${SELECTOR}.private" ]; then

Running __opendkim_genkey with the same arguments against a remote host results in:

# After first cdist run
root@tests:/var/db/dkim # sha256 default.private 
SHA256 (default.private) = 571d5b85185d6434930b9e03efe0144706757db24dfb0e64a57b520793febfdc
# Second cdist run, where the private key has been replaced
root@tests:/var/db/dkim # sha256 default.private
SHA256 (default.private) = c75c270ef5aa6f2556269a1deb56179f4f48a64e7fd8d719549a8f4aa28f6ba2

This is an issue wherever the type has already deployed the service as replacing the key requires DNS changes.

Due to: https://code.ungleich.ch/ungleich-public/cdist-contrib/src/commit/af04f7464b3130a48dd9eee2668cd8da906c4fbb/type/__opendkim_genkey/gencode-remote#L51 Running `__opendkim_genkey` with the same arguments against a remote host results in: ``` # After first cdist run root@tests:/var/db/dkim # sha256 default.private SHA256 (default.private) = 571d5b85185d6434930b9e03efe0144706757db24dfb0e64a57b520793febfdc # Second cdist run, where the private key has been replaced root@tests:/var/db/dkim # sha256 default.private SHA256 (default.private) = c75c270ef5aa6f2556269a1deb56179f4f48a64e7fd8d719549a8f4aa28f6ba2 ``` This is an issue wherever the type has already deployed the service as replacing the key requires DNS changes.

evilham referenced this issue 2022-03-15 08:12:19 +00:00

[__opendkim_genkey] key's selector is the de-facto object id #20

evilham referenced this issue 2022-03-15 21:41:14 +00:00

[__opendkim_genkey] key's selector is the de-facto object id #20

evilham referenced this issue from a commit 2022-03-25 10:02:26 +00:00

[__opendkim_key] Overall improvements in key management

evilham referenced this issue from a pull request that will close it, 2022-03-25 10:04:31 +00:00

[__opendkim_key] Overall improvements in key management #22

evilham referenced this issue from a commit 2023-04-21 13:01:39 +00:00

[__opendkim_key] Overall improvements in key management

fnux closed this issue 2024-05-15 11:45:52 +00:00

fnux referenced this issue from a commit 2024-05-15 11:45:53 +00:00

[__opendkim_key] Overall improvements in key management

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

opendkim-debian

kjg_passwordconfig

synapse-upstream-apt-repository

haproxy-dualstack

synapse-upstream-repository

root-mail-dma

No results found.

Labels

Clear labels   

bug

  

confirmed

  

critical

  

discussion

  

documentation

  

enhancement

  

feedback-required

  

good-first-issue

  

ready

  

reviewed

  

suggestion

  

support

No labels

bug

confirmed

critical

discussion

documentation

enhancement

feedback-required

good-first-issue

ready

reviewed

suggestion

support

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: ungleich-public/cdist-contrib#19

No description provided.