[gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Michael Orlitzky" <mjo@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/
Date: Wed, 27 Mar 2019 17:19:05 +0000 (UTC)	[thread overview]
Message-ID: <1553707089.8fb71c916f648e79897e202076fc5447df07c991.mjo@gentoo> (raw)

commit:     8fb71c916f648e79897e202076fc5447df07c991
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 27 16:53:38 2019 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Mar 27 17:18:09 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8fb71c91

mail-filter/opendkim: use /var/lib/opendkim in pkg_config.

The keys that are generated by opendkim-genkey are data, in a sense,
and not configuration files. As a result, I think it's more appropriate
to store them in /var/lib/opendkim than in /etc/opendkim where they were
previously stored. This commit moves the keys, and also tightens the
permissions on them a bit so that the "opendkim" user can only read them.

Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11

 mail-filter/opendkim/opendkim-2.10.3-r8.ebuild | 28 +++++++++++++++-----------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/mail-filter/opendkim/opendkim-2.10.3-r8.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r8.ebuild
index c45d7104150..f2e43b0041f 100644
--- a/mail-filter/opendkim/opendkim-2.10.3-r8.ebuild
+++ b/mail-filter/opendkim/opendkim-2.10.3-r8.ebuild
@@ -55,7 +55,7 @@ src_prepare() {
 
 	# We delete the "Socket" setting because it's overridden by our
 	# conf.d file.
-	sed -e 's:/var/db/dkim:/etc/opendkim:g' \
+	sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \
 		-e 's:/var/db/opendkim:/var/lib/opendkim:g' \
 		-e 's:/etc/mail:/etc/opendkim:g' \
 		-e 's:mailnull:opendkim:g' \
@@ -183,28 +183,32 @@ pkg_config() {
 	local selector keysize pubkey
 
 	read -p "Enter the selector name (default ${HOSTNAME}): " selector
-	[[ -n "${selector}" ]] || selector=${HOSTNAME}
+	[[ -n "${selector}" ]] || selector="${HOSTNAME}"
 	if [[ -z "${selector}" ]]; then
 		eerror "Oddly enough, you don't have a HOSTNAME."
 		return 1
 	fi
-	if [[ -f "${ROOT}"etc/opendkim/${selector}.private ]]; then
+	if [[ -f "${ROOT}var/lib/opendkim/${selector}.private" ]]; then
 		ewarn "The private key for this selector already exists."
 	else
 		keysize=1024
-		# generate the private and public keys
-		opendkim-genkey -b ${keysize} -D "${ROOT}"etc/opendkim/ \
-			-s ${selector} -d '(your domain)' && \
-			chown opendkim:opendkim \
-			"${ROOT}"etc/opendkim/"${selector}".private || \
-				{ eerror "Failed to create private and public keys." ; return 1; }
-		chmod go-r "${ROOT}"etc/opendkim/"${selector}".private
+		# Generate the private and public keys. Note that opendkim-genkeys
+		# sets umask=077 on its own to keep these safe. However, we want
+		# them to be readable (only!) to the opendkim user, and we manage
+		# that by changing their groups and making everything group-readable.
+		opendkim-genkey -b ${keysize} -D "${ROOT}"var/lib/opendkim/ \
+			-s "${selector}" -d '(your domain)' && \
+			chgrp --no-dereference opendkim \
+				  "${ROOT}var/lib/opendkim/${selector}".{private,txt} || \
+				{ eerror "Failed to create private and public keys." ;
+				  return 1; }
+		chmod g+r "${ROOT}var/lib/opendkim/${selector}".{private,txt}
 	fi
 
 	# opendkim selector configuration
 	echo
 	einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:"
-	einfo "  Keyfile /etc/opendkim/${selector}.private"
+	einfo "  Keyfile /var/lib/opendkim/${selector}.private"
 	einfo "  Selector ${selector}"
 
 	# MTA configuration
@@ -216,7 +220,7 @@ pkg_config() {
 
 	# DNS configuration
 	einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:"
-	cat "${ROOT}"etc/opendkim/${selector}.txt
+	cat "${ROOT}var/lib/opendkim/${selector}.txt"
 	einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:"
 	einfo "  http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text"
 }

next             reply	other threads:[~2019-03-27 17:19 UTC|newest]

Thread overview: 62+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-27 17:19 Michael Orlitzky [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-10-15  2:43 [gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/ Michael Orlitzky
2024-10-14 17:50 Sam James
2024-10-14 17:50 Sam James
2024-10-14 14:12 Michael Orlitzky
2023-06-10 11:43 Michael Orlitzky
2023-06-10  4:20 Sam James
2023-06-10  4:20 Sam James
2023-02-23  1:03 Michael Orlitzky
2023-02-23  1:03 Michael Orlitzky
2022-07-29  4:17 Sam James
2022-03-23 10:35 Agostino Sarubbo
2022-03-23  9:56 Jakov Smolić
2022-03-23  0:14 Sam James
2022-02-23 12:34 Michael Orlitzky
2021-05-02  8:59 Mikle Kolyada
2021-03-25 23:31 Conrad Kostecki
2020-12-28 19:12 Michael Orlitzky
2020-12-23 18:11 Michael Orlitzky
2020-12-23 14:52 Marek Szuba
2020-12-21 13:23 Michael Orlitzky
2020-12-09 15:05 Michael Orlitzky
2020-10-01 11:09 Sam James
2019-12-18 16:32 Joonas Niilola
2019-12-15 14:46 Agostino Sarubbo
2019-12-15 13:43 Agostino Sarubbo
2019-10-08 21:42 Michael Orlitzky
2019-07-22  8:58 Mikle Kolyada
2019-07-18 14:32 Thomas Deutschmann
2019-07-04  1:55 Michael Orlitzky
2019-06-14 13:39 Michael Orlitzky
2019-06-14 13:39 Michael Orlitzky
2019-05-01  3:50 Michael Orlitzky
2019-05-01  3:50 Michael Orlitzky
2019-04-16 22:59 Michael Orlitzky
2019-04-06 11:32 Michael Orlitzky
2019-04-02  1:37 Thomas Deutschmann
2019-03-31 21:16 Michael Orlitzky
2019-03-30 10:46 Agostino Sarubbo
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-01-07 19:15 Lars Wendler
2018-09-14 22:13 Thomas Deutschmann
2017-03-31 12:09 Agostino Sarubbo
2017-03-03 23:52 Alon Bar-Lev
2016-08-05 14:14 Michał Górny
2016-06-03 13:03 Anthony G. Basile
2016-02-16 12:45 Eray Aslan
2016-02-14 10:11 Agostino Sarubbo
2016-01-15  9:03 Agostino Sarubbo

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c45d710415 dfblob:f2e43b0041 )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1553707089.8fb71c916f648e79897e202076fc5447df07c991.mjo@gentoo \
    --to=mjo@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox