diff --git a/type/__opendkim/files/opendkim.conf.sh b/type/__opendkim/files/opendkim.conf.sh index 468b262..7e7fab0 100755 --- a/type/__opendkim/files/opendkim.conf.sh +++ b/type/__opendkim/files/opendkim.conf.sh @@ -3,6 +3,9 @@ echo "# Managed remotely, manual changes will be lost." +# Used for OS-specific configuration. +os=$(cat "${__global:?}/explorer/os") + # Optional chdir(2) if [ "$BASEDIR" ]; then @@ -63,3 +66,8 @@ if [ "$USERID" ]; then printf "UserID %s\n" "$USERID" fi + +if [ "$PIDFILE" ]; +then + printf "PidFile %s\n" "$PIDFILE" +fi diff --git a/type/__opendkim/man.rst b/type/__opendkim/man.rst index 996f16d..765e7d3 100644 --- a/type/__opendkim/man.rst +++ b/type/__opendkim/man.rst @@ -14,8 +14,8 @@ installation and basic configuration of an instance of OpenDKIM. Note that this type does not generate or ensure that a key is present: use `cdist-type__opendkim-genkey(7)` for that. -Note that this type is currently only implemented for Alpine Linux and FreeBSD. -Please contribute an implementation if you can. +Note that this type is currently only implemented for Debian, Alpine Linux and +FreeBSD. Please contribute an implementation if you can. REQUIRED PARAMETERS @@ -45,6 +45,9 @@ custom-config The string following this parameter is appended as-is in the configuration, to enable more complex configurations. +pidfile + Specifies the path to a file that should be created at process start + containing the process ID. BOOLEAN PARAMETERS ------------------ diff --git a/type/__opendkim/manifest b/type/__opendkim/manifest index dbd9fc0..9565493 100755 --- a/type/__opendkim/manifest +++ b/type/__opendkim/manifest @@ -21,13 +21,20 @@ os=$(cat "${__global:?}/explorer/os") CFG_DIR="/etc/opendkim" +CFG_FILE="$CFG_DIR/opendkim.conf" service="opendkim" case "$os" in 'alpine') : ;; +'debian') + CFG_DIR="/etc/dkimkeys" + CFG_FILE="/etc/opendkim.conf" + ;; 'freebsd') CFG_DIR="/usr/local/etc/mail" + CFG_FILE="$CFG_DIR/opendkim.conf" + service="milter-opendkim" ;; *) @@ -70,12 +77,37 @@ if [ -f "${__object:?}/parameter/userid" ]; then export USERID fi +if [ -f "${__object:?}/parameter/pidfile" ]; then + PIDFILE="$(cat "${__object:?}/parameter/pidfile")" + export PIDFILE +fi + +# Debian: set configuration specific to debian packaging if no explicit value +# is requested. +if [ "$os" = "debian" ]; then + # In Debian, opendkim runs as user "opendkim". A umask of 007 is required when + # using a local socket with MTAs that access the socket as a non-privileged + # user (for example, Postfix). You may need to add user "postfix" to group + # "opendkim" in that case. + if [ -z "$USERID" ]; then + export USERID="opendkim" + fi + + if [ -z "$UMASK" ]; then + export UMASK="007" + fi + + if [ -z "$PIDFILE" ]; then + export PIDFILE="/run/opendkim/opendkim.pid" + fi +fi + # Boolean parameters [ -f "${__object:?}/parameter/syslog" ] && export SYSLOG=yes # Generate and deploy configuration file. source_file="${__object:?}/files/opendkim.conf" -target_file="${CFG_DIR}/opendkim.conf" +target_file="${CFG_FILE}" mkdir -p "${__object:?}/files" diff --git a/type/__opendkim/parameter/optional b/type/__opendkim/parameter/optional index af59609..3ad5a9b 100644 --- a/type/__opendkim/parameter/optional +++ b/type/__opendkim/parameter/optional @@ -4,3 +4,4 @@ subdomains umask userid custom-config +pidfile diff --git a/type/__opendkim_genkey/explorer/key-state b/type/__opendkim_genkey/explorer/key-state index 75998f9..5c6724d 100755 --- a/type/__opendkim_genkey/explorer/key-state +++ b/type/__opendkim_genkey/explorer/key-state @@ -1,12 +1,24 @@ #!/bin/sh -e -DIRECTORY="/var/db/dkim/" + +os=$( "${__explorer:?}/os" ) +case "$os" in +'debian') + DIRECTORY="/etc/dkimkeys/" +;; +'alpine'|'freebsd') + DIRECTORY="/var/db/dkim/" +;; +*) + DIRECTORY="/var/db/dkim/" +;; +esac + if [ -f "${__object:?}/parameter/directory" ]; then # Be forgiving about a lack of trailing slash DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" fi - KEY_ID="$(echo "${__object_id:?)}" | tr '/' '_')" DEFAULT_PATH="${DIRECTORY:?}${KEY_ID:?}.private" if [ -s "${DEFAULT_PATH}" ]; then diff --git a/type/__opendkim_genkey/man.rst b/type/__opendkim_genkey/man.rst index 0d52ca3..5a9305f 100644 --- a/type/__opendkim_genkey/man.rst +++ b/type/__opendkim_genkey/man.rst @@ -22,7 +22,7 @@ associating any given `sigkey` values to this key. Take into account that if you use this type without the `--domain` and `--selector` parameters, the `$__object_id` must be in form `$domain/$selector`. -Currently, this type is only implemented for Alpine Linux and FreeBSD. +Currently, this type is only implemented for Debian, Alpine Linux and FreeBSD. Please contribute an implementation if you can. NOTE: the name of the key file under `--directory` will default to diff --git a/type/__opendkim_genkey/manifest b/type/__opendkim_genkey/manifest index 58e9b06..ddf53f9 100755 --- a/type/__opendkim_genkey/manifest +++ b/type/__opendkim_genkey/manifest @@ -21,12 +21,20 @@ os=$(cat "${__global:?}/explorer/os") -CFG_DIR="/etc/opendkim" -user="opendkim" -group="opendkim" case "$os" in 'alpine') - : + CFG_DIR="/etc/opendkim" + user="opendkim" + group="opendkim" + + __package opendkim-utils +;; +'debian') + CFG_DIR="/etc/dkimkeys" + user="opendkim" + group="opendkim" + + __package opendkim-tools ;; 'freebsd') CFG_DIR="/usr/local/etc/mail" @@ -35,8 +43,8 @@ case "$os" in ;; *) cat <<- EOF >&2 - __opendkim_genkey currently only supports Alpine Linux and FreeBSD. - Please contribute an implementation for $os if you can. + __opendkim_genkey does not support $os (yet). + Please contribute an implementation if you can. EOF exit 1 ;; @@ -78,13 +86,6 @@ printf '%s' "${group:?}" > "${__object:?}/group" printf '%s' "${DOMAIN:?}" > "${__object:?}/domain" printf '%s' "${SELECTOR:?}" > "${__object:?}/selector" -DIRECTORY="/var/db/dkim/" -if [ -f "${__object:?}/parameter/directory" ]; -then - # Be forgiving about a lack of trailing slash - DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")" -fi - SIGKEY="${DOMAIN:?}" if [ -f "${__object:?}/parameter/sigkey" ]; then @@ -96,24 +97,18 @@ then SIGDOMAIN="$(cat "${__object:?}/parameter/sigdomain")" fi -# Ensure the key-container directory exists with the proper permissions -__directory "${DIRECTORY}" \ - --mode 0750 \ - --owner "${user}" --group "${group}" - -# OS-specific code -case "$os" in -'alpine') - # This is needed for opendkim-genkey - __package opendkim-utils -;; -esac +KEY_STATE="$(cut -f 1 "${__object:?}/explorer/key-state")" +KEY_LOCATION="$(cut -f 2- "${__object:?}/explorer/key-state")" +keys_dir=$(dirname "${KEY_LOCATION:?}") key_table="${CFG_DIR}/KeyTable" signing_table="${CFG_DIR}/SigningTable" -KEY_STATE="$(cut -f 1 "${__object:?}/explorer/key-state")" -KEY_LOCATION="$(cut -f 2- "${__object:?}/explorer/key-state")" +# Ensure the key-container directory exists with the proper permissions +__directory "${keys_dir}" \ + --mode 0750 \ + --owner "${user}" \ + --group "${group}" __line "__opendkim_genkey/${__object_id:?}" \ --file "${key_table}" \