[__opendkim*] add debian support #32
7 changed files with 84 additions and 33 deletions
|
|
@ -3,6 +3,9 @@
|
|||
|
||||
echo "# Managed remotely, manual changes will be lost."
|
||||
|
||||
# Used for OS-specific configuration.
|
||||
os=$(cat "${__global:?}/explorer/os")
|
||||
|
|
||||
|
||||
# Optional chdir(2)
|
||||
if [ "$BASEDIR" ];
|
||||
then
|
||||
|
|
@ -63,3 +66,8 @@ if [ "$USERID" ];
|
|||
then
|
||||
printf "UserID %s\n" "$USERID"
|
||||
fi
|
||||
|
||||
if [ "$PIDFILE" ];
|
||||
then
|
||||
printf "PidFile %s\n" "$PIDFILE"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ installation and basic configuration of an instance of OpenDKIM.
|
|||
Note that this type does not generate or ensure that a key is present: use
|
||||
`cdist-type__opendkim-genkey(7)` for that.
|
||||
|
||||
Note that this type is currently only implemented for Alpine Linux and FreeBSD.
|
||||
Please contribute an implementation if you can.
|
||||
Note that this type is currently only implemented for Debian, Alpine Linux and
|
||||
evilham
commented
Nit-pick: could we write things alphabetically here? :-D Nit-pick: could we write things alphabetically here? :-D
|
||||
FreeBSD. Please contribute an implementation if you can.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
|
|
@ -45,6 +45,9 @@ custom-config
|
|||
The string following this parameter is appended as-is in the configuration, to
|
||||
enable more complex configurations.
|
||||
|
||||
pidfile
|
||||
Specifies the path to a file that should be created at process start
|
||||
containing the process ID.
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
|
|
|
|||
|
|
@ -21,13 +21,20 @@
|
|||
os=$(cat "${__global:?}/explorer/os")
|
||||
|
||||
CFG_DIR="/etc/opendkim"
|
||||
CFG_FILE="$CFG_DIR/opendkim.conf"
|
||||
service="opendkim"
|
||||
case "$os" in
|
||||
'alpine')
|
||||
:
|
||||
;;
|
||||
'debian')
|
||||
CFG_DIR="/etc/dkimkeys"
|
||||
CFG_FILE="/etc/opendkim.conf"
|
||||
;;
|
||||
'freebsd')
|
||||
CFG_DIR="/usr/local/etc/mail"
|
||||
CFG_FILE="$CFG_DIR/opendkim.conf"
|
||||
|
evilham
commented
This seems redundant as it is the default. This seems redundant as it is the default.
|
||||
|
||||
service="milter-opendkim"
|
||||
;;
|
||||
*)
|
||||
|
|
@ -70,12 +77,37 @@ if [ -f "${__object:?}/parameter/userid" ]; then
|
|||
export USERID
|
||||
fi
|
||||
|
||||
if [ -f "${__object:?}/parameter/pidfile" ]; then
|
||||
PIDFILE="$(cat "${__object:?}/parameter/pidfile")"
|
||||
export PIDFILE
|
||||
fi
|
||||
|
||||
# Debian: set configuration specific to debian packaging if no explicit value
|
||||
# is requested.
|
||||
if [ "$os" = "debian" ]; then
|
||||
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
|
||||
# using a local socket with MTAs that access the socket as a non-privileged
|
||||
# user (for example, Postfix). You may need to add user "postfix" to group
|
||||
# "opendkim" in that case.
|
||||
if [ -z "$USERID" ]; then
|
||||
export USERID="opendkim"
|
||||
fi
|
||||
|
evilham
commented
Given that At least in theory, removing support for As a general rule for all these special cases ( Given that `USERID` exists for the `--userid` parameter, which was deprecated, I think this should instead (or additionally) check for the `UserID` being defined in `--extra-config`, and if not, appending the corresponding line; similar to `--processid`.
At least in theory, removing support for `--userid` should keep things working.
As a general rule for all these special cases (`--umask` and `--userid`, for `--pidfile` see comment below): they should be mentioned in `man.rst` as special default values.
|
||||
|
||||
if [ -z "$UMASK" ]; then
|
||||
export UMASK="007"
|
||||
fi
|
||||
|
||||
if [ -z "$PIDFILE" ]; then
|
||||
export PIDFILE="/run/opendkim/opendkim.pid"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Boolean parameters
|
||||
[ -f "${__object:?}/parameter/syslog" ] && export SYSLOG=yes
|
||||
|
||||
# Generate and deploy configuration file.
|
||||
source_file="${__object:?}/files/opendkim.conf"
|
||||
target_file="${CFG_DIR}/opendkim.conf"
|
||||
target_file="${CFG_FILE}"
|
||||
|
||||
mkdir -p "${__object:?}/files"
|
||||
|
||||
|
|
|
|||
|
|
@ -4,3 +4,4 @@ subdomains
|
|||
umask
|
||||
userid
|
||||
custom-config
|
||||
pidfile
|
||||
|
evilham
commented
Rather than add more parameters to the type (we don't want to support 100% of the We can check the contents of This keeps the type smaller and still just as flexible and out-of-the-box. Rather than add more parameters to the type (we don't want to support 100% of the `.conf`), I'd propose we rely on `--custom-config` instead.
We can check the contents of `--custom-config` and adapt that as necessary for e.g. Debian.
This keeps the type smaller and still just as flexible and out-of-the-box.
|
||||
|
|
|
|||
|
|
@ -1,12 +1,24 @@
|
|||
#!/bin/sh -e
|
||||
DIRECTORY="/var/db/dkim/"
|
||||
|
||||
os=$( "${__explorer:?}/os" )
|
||||
case "$os" in
|
||||
'debian')
|
||||
DIRECTORY="/etc/dkimkeys/"
|
||||
;;
|
||||
'alpine'|'freebsd')
|
||||
DIRECTORY="/var/db/dkim/"
|
||||
;;
|
||||
*)
|
||||
DIRECTORY="/var/db/dkim/"
|
||||
|
evilham
commented
I'd probably propose we keep only the I'd probably propose we keep only the `*)` case, or we leave `DIRECTORY="/var/db/dkim/"` outside of the `case` block, and only keep the `'debian')` case.
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -f "${__object:?}/parameter/directory" ];
|
||||
then
|
||||
# Be forgiving about a lack of trailing slash
|
||||
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
||||
fi
|
||||
|
||||
|
||||
KEY_ID="$(echo "${__object_id:?)}" | tr '/' '_')"
|
||||
DEFAULT_PATH="${DIRECTORY:?}${KEY_ID:?}.private"
|
||||
if [ -s "${DEFAULT_PATH}" ]; then
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ associating any given `sigkey` values to this key.
|
|||
Take into account that if you use this type without the `--domain` and
|
||||
`--selector` parameters, the `$__object_id` must be in form `$domain/$selector`.
|
||||
|
||||
Currently, this type is only implemented for Alpine Linux and FreeBSD.
|
||||
Currently, this type is only implemented for Debian, Alpine Linux and FreeBSD.
|
||||
|
evilham
commented
Same nit-pick as for Same nit-pick as for `__opendkim`, I'd suggest using alphabetical sorting.
|
||||
Please contribute an implementation if you can.
|
||||
|
||||
NOTE: the name of the key file under `--directory` will default to
|
||||
|
|
|
|||
|
|
@ -21,12 +21,20 @@
|
|||
|
||||
os=$(cat "${__global:?}/explorer/os")
|
||||
|
||||
CFG_DIR="/etc/opendkim"
|
||||
user="opendkim"
|
||||
group="opendkim"
|
||||
case "$os" in
|
||||
'alpine')
|
||||
:
|
||||
CFG_DIR="/etc/opendkim"
|
||||
user="opendkim"
|
||||
group="opendkim"
|
||||
|
||||
__package opendkim-utils
|
||||
;;
|
||||
'debian')
|
||||
CFG_DIR="/etc/dkimkeys"
|
||||
user="opendkim"
|
||||
group="opendkim"
|
||||
|
||||
__package opendkim-tools
|
||||
;;
|
||||
'freebsd')
|
||||
CFG_DIR="/usr/local/etc/mail"
|
||||
|
|
@ -35,8 +43,8 @@ case "$os" in
|
|||
;;
|
||||
*)
|
||||
cat <<- EOF >&2
|
||||
__opendkim_genkey currently only supports Alpine Linux and FreeBSD.
|
||||
Please contribute an implementation for $os if you can.
|
||||
__opendkim_genkey does not support $os (yet).
|
||||
Please contribute an implementation if you can.
|
||||
EOF
|
||||
exit 1
|
||||
;;
|
||||
|
|
@ -78,13 +86,6 @@ printf '%s' "${group:?}" > "${__object:?}/group"
|
|||
printf '%s' "${DOMAIN:?}" > "${__object:?}/domain"
|
||||
printf '%s' "${SELECTOR:?}" > "${__object:?}/selector"
|
||||
|
||||
DIRECTORY="/var/db/dkim/"
|
||||
if [ -f "${__object:?}/parameter/directory" ];
|
||||
then
|
||||
# Be forgiving about a lack of trailing slash
|
||||
DIRECTORY="$(sed -E 's!([^/])$!\1/!' < "${__object:?}/parameter/directory")"
|
||||
fi
|
||||
|
||||
SIGKEY="${DOMAIN:?}"
|
||||
if [ -f "${__object:?}/parameter/sigkey" ];
|
||||
then
|
||||
|
|
@ -96,24 +97,18 @@ then
|
|||
SIGDOMAIN="$(cat "${__object:?}/parameter/sigdomain")"
|
||||
fi
|
||||
|
||||
# Ensure the key-container directory exists with the proper permissions
|
||||
__directory "${DIRECTORY}" \
|
||||
--mode 0750 \
|
||||
--owner "${user}" --group "${group}"
|
||||
|
||||
# OS-specific code
|
||||
case "$os" in
|
||||
'alpine')
|
||||
# This is needed for opendkim-genkey
|
||||
__package opendkim-utils
|
||||
;;
|
||||
esac
|
||||
KEY_STATE="$(cut -f 1 "${__object:?}/explorer/key-state")"
|
||||
KEY_LOCATION="$(cut -f 2- "${__object:?}/explorer/key-state")"
|
||||
|
||||
keys_dir=$(dirname "${KEY_LOCATION:?}")
|
||||
key_table="${CFG_DIR}/KeyTable"
|
||||
signing_table="${CFG_DIR}/SigningTable"
|
||||
|
||||
KEY_STATE="$(cut -f 1 "${__object:?}/explorer/key-state")"
|
||||
KEY_LOCATION="$(cut -f 2- "${__object:?}/explorer/key-state")"
|
||||
# Ensure the key-container directory exists with the proper permissions
|
||||
__directory "${keys_dir}" \
|
||||
--mode 0750 \
|
||||
--owner "${user}" \
|
||||
--group "${group}"
|
||||
|
||||
__line "__opendkim_genkey/${__object_id:?}" \
|
||||
--file "${key_table}" \
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue
It seems like we are not using this really, can we remove it?