Labels Milestones

New Issue

[__opendkim_genkey]: Key always gets replaced against remote hosts #19

Open

opened 3 months ago by evilham · 0 comments

evilham commented 3 months ago

Collaborator

Due to:

af04f7464b/type/__opendkim_genkey/gencode-remote (L51)

Running __opendkim_genkey with the same arguments against a remote host results in:

# After first cdist run
root@tests:/var/db/dkim # sha256 default.private 
SHA256 (default.private) = 571d5b85185d6434930b9e03efe0144706757db24dfb0e64a57b520793febfdc
# Second cdist run, where the private key has been replaced
root@tests:/var/db/dkim # sha256 default.private
SHA256 (default.private) = c75c270ef5aa6f2556269a1deb56179f4f48a64e7fd8d719549a8f4aa28f6ba2

This is an issue wherever the type has already deployed the service as replacing the key requires DNS changes.

Due to: https://code.ungleich.ch/ungleich-public/cdist-contrib/src/commit/af04f7464b3130a48dd9eee2668cd8da906c4fbb/type/__opendkim_genkey/gencode-remote#L51 Running `__opendkim_genkey` with the same arguments against a remote host results in: ``` # After first cdist run root@tests:/var/db/dkim # sha256 default.private SHA256 (default.private) = 571d5b85185d6434930b9e03efe0144706757db24dfb0e64a57b520793febfdc # Second cdist run, where the private key has been replaced root@tests:/var/db/dkim # sha256 default.private SHA256 (default.private) = c75c270ef5aa6f2556269a1deb56179f4f48a64e7fd8d719549a8f4aa28f6ba2 ``` This is an issue wherever the type has already deployed the service as replacing the key requires DNS changes.

evilham referenced this issue 3 months ago

[__opendkim_genkey] key's selector is the de-facto object id #20

evilham referenced this issue 3 months ago

[__opendkim_genkey] key's selector is the de-facto object id #20

evilham referenced this issue from a commit 3 months ago

[__opendkim_key] Overall improvements in key management

evilham referenced a pull request that will close this issue 3 months ago

[__opendkim_key] Overall improvements in key management #22

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

haproxy-dualstack

kjg_passwordconfig

master

opendkim-improvements

php

root-mail-dma

synapse-upstream-apt-repository

synapse-upstream-repository

Labels

Apply labels

Clear labels

bug confirmed critical discussion documentation enhancement feedback-required good-first-issue ready reviewed suggestion support

No Label bug confirmed critical discussion documentation enhancement feedback-required good-first-issue ready reviewed suggestion support

Milestone

Set milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Assign users

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview

Loading…

Cancel

Save

There is no content yet.