[packages/opendkim] PLDize; default configs; init script; rel 0.2 (wip)
mis
mis at pld-linux.org
Wed Sep 26 22:35:26 CEST 2018
commit 76407ed76ed090127710f74a09bd78c5ba4e51ca
Author: mis <mistoo at gmail.com>
Date: Wed Sep 26 22:35:05 2018 +0200
PLDize; default configs; init script; rel 0.2 (wip)
key.table | 1 +
opendkim.conf | 43 ++++++++++++++++++++++++
opendkim.init | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
opendkim.spec | 65 +++++++++++++++++++++++++-----------
opendkim.sysconfig | 0
signing.table | 2 ++
trusted.hosts | 6 ++++
7 files changed, 194 insertions(+), 19 deletions(-)
---
diff --git a/opendkim.spec b/opendkim.spec
index 078af4a..ae5f326 100644
--- a/opendkim.spec
+++ b/opendkim.spec
@@ -1,10 +1,16 @@
Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
Name: opendkim
Version: 2.10.3
-Release: 0.1
+Release: 0.2
License: BSD and Sendmail
Group: Daemons
Source0: http://downloads.sourceforge.net/opendkim/%{name}-%{version}.tar.gz
+Source1: %{name}.conf
+Source2: %{name}.sysconfig
+Source3: %{name}.init
+Source4: signing.table
+Source5: key.table
+Source6: trusted.hosts
# Source0-md5: 916e691cdd16cfabd1cd6efe745323f9
URL: http://opendkim.org/
BuildRequires: db-devel
@@ -17,6 +23,8 @@ BuildRequires: unbound-devel
Requires: %{name}-libs = %{version}-%{release}
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+%define no_install_post_check_tmpfiles 1
+
%description
OpenDKIM allows signing and/or verification of email through an open
source library that implements the DKIM service, plus a milter-based
@@ -54,40 +62,59 @@ rm -rf $RPM_BUILD_ROOT
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,%{name}/keys}
install -d $RPM_BUILD_ROOT%{_initrddir}
install -d $RPM_BUILD_ROOT%{systemdunitdir}
-install -p contrib/init/redhat/%{name} $RPM_BUILD_ROOT%{_initrddir}/%{name}
-cp -p contrib/systemd/%{name}.service $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
+install -d $RPM_BUILD_ROOT%{_localstatedir}/spool/%{name}
+install -d $RPM_BUILD_ROOT%{_localstatedir}/run/%{name}
+cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/%{name}
+cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_initrddir}/%{name}
+cp -p %{SOURCE1} %{SOURCE4} %{SOURCE5} %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
+#cp -p contrib/systemd/%{name}.service $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
cp -p contrib/init/redhat/%{name}-default-keygen $RPM_BUILD_ROOT%{_sbindir}/%{name}-default-keygen
%clean
rm -rf $RPM_BUILD_ROOT
-%post libs -p /sbin/ldconfig
-%postun libs -p /sbin/ldconfig
+%pre
+%groupadd -g 322 -r %{name}
+%useradd -r -u 322 -d /usr/share/empty -s /bin/false -c "OpenDKIM User" -g %{name} %{name}
+# MTA group in general?
+#%addusertogroup %{name} postfix
+
+%preun
+if [ "$1" = "0" ];then
+ %service %{name} stop
+ /sbin/chkconfig --del %{name}
+fi
+%systemd_preun %{name}.service
+
+%postun
+if [ "$1" = "0" ]; then
+ %userremove %{name}
+ %groupremove %{name}
+fi
+%systemd_reload
%files
%defattr(644,root,root,755)
%doc FEATURES KNOWNBUGS LICENSE LICENSE.Sendmail RELEASE_NOTES RELEASE_NOTES.Sendmail INSTALL
%doc contrib/convert/convert_keylist.sh %{name}/*.sample
%doc %{name}/%{name}.conf.simple-verify %{name}/%{name}.conf.simple
-%doc %{name}/README contrib/lua/*.lua
-%doc contrib/stats/README.%{name}-reportstats
-%config(noreplace) %{_sysconfdir}/%{name}.conf
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
-%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/SigningTable
-%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/KeyTable
-%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/TrustedHosts
+%doc %{name}/README
+%attr(754,root,root) /etc/rc.d/init.d/%{name}
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/%{name}.conf
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/signing.table
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/key.table
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/trusted.hosts
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
-%attr(755,root,root) %{_sbindir}/*
-%{_mandir}/*/*
+%dir %attr(700,%{name},%{name}) %{_sysconfdir}/%{name}/keys
+%attr(755,root,root) %{_sbindir}/%{name}*
+%{_mandir}/man*/*
%dir %attr(-,%{name},%{name}) %{_localstatedir}/spool/%{name}
-%dir %attr(-,%{name},%{name}) %{_localstatedir}/run/%{name}
+%dir %attr(770,root,%{name}) %{_localstatedir}/run/%{name}
%dir %attr(-,root,%{name}) %{_sysconfdir}/%{name}
-%dir %attr(750,%{name},%{name}) %{_sysconfdir}/%{name}/keys
-%{systemdunitdir}/%{name}.service
-%attr(755,root,root) %{_sbindir}/%{name}-default-keygen
+#%{systemdunitdir}/%{name}.service
%files libs
%defattr(644,root,root,755)
diff --git a/key.table b/key.table
new file mode 100644
index 0000000..23bb665
--- /dev/null
+++ b/key.table
@@ -0,0 +1 @@
+example example.com:YYYYMM:/etc/opendkim/keys/example.private
\ No newline at end of file
diff --git a/opendkim.conf b/opendkim.conf
new file mode 100644
index 0000000..ee978a9
--- /dev/null
+++ b/opendkim.conf
@@ -0,0 +1,43 @@
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+# Socket that should be established by the filter to receive connections from MTA in order to provide service.
+# socketspec is in one of two forms: local:path (UNIX domain socket) or inet[6]:port[@host]]
+Socket local:/var/run/opendkim/opendkim.sock
+
+# Log to syslog
+Syslog yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+UMask 002
+
+# OpenDKIM user
+# Remember to add user postfix to group opendkim
+UserID opendkim
+
+# Map domains in From addresses to keys used to sign messages
+KeyTable /etc/opendkim/key.table
+SigningTable refile:/etc/opendkim/signing.table
+
+# Hosts to ignore when verifying signatures
+ExternalIgnoreList /etc/opendkim/trusted.hosts
+InternalHosts /etc/opendkim/trusted.hosts
+
+# Commonly-used options; the commented-out versions show the defaults.
+Canonicalization relaxed/simple
+Mode sv
+SubDomains no
+#ADSPAction continue
+AutoRestart yes
+AutoRestartRate 10/1M
+Background yes
+DNSTimeout 5
+SignatureAlgorithm rsa-sha256
+
+# Always oversign From (sign using actual From and a null From to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier. From is oversigned by default in the Debian package
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders From
diff --git a/opendkim.init b/opendkim.init
new file mode 100644
index 0000000..fc4fa3e
--- /dev/null
+++ b/opendkim.init
@@ -0,0 +1,96 @@
+#!/bin/sh
+# opendkim DomainKeys Identified Mail service
+# chkconfig: 345 85 15
+# description: OpenDKIM implements the DomainKeys Identified Mail (DKIM)
+# service and a milter-based filter application that can plug
+# in to any milter-aware MTA.
+# processname: opendkim
+# pidfile: /var/run/opendkim/opendkim.pid
+# config: /etc/opendkim/opendkim.conf
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+prog="/usr/sbin/opendkim"
+svname="opendkim"
+
+sysconfig="/etc/sysconfig/$svname"
+lockfile="/var/lock/subsys/$svname"
+pidfile="/var/run/$svname/$svname.pid"
+conffile="/etc/opendkim/$svname.conf"
+
+# Get service config
+[ -f $sysconfig ] && . $sysconfig
+
+start() {
+ # Check if the service is already running?
+ if [ ! -f $lockfile ]; then
+ msg_starting "$svname"
+ daemon $prog -x $conffile -P $pidfile
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && touch $lockfile
+ else
+ msg_already_running "$svname"
+ fi
+}
+
+stop() {
+ # Stop daemons.
+ if [ -f $lockfile ]; then
+ msg_stopping "$svname"
+ killproc -p $pidfile $prog
+ RETVAL=$?
+ rm -f $lockfile $pidfile >/dev/null 2>&1
+ else
+ msg_not_running "$svname"
+ fi
+}
+
+reload() {
+ if [ -f $lockfile ]; then
+ msg_reloading "$svname"
+ killproc -p $pidfile $prog -HUP
+ RETVAL=$?
+ else
+ msg_not_running "$svname"
+ RETVAL=7
+ fi
+}
+
+condrestart() {
+ if [ ! -f $lockfile ]; then
+ msg_not_running "$svname"
+ RETVAL=$1
+ return
+ fi
+ stop
+ start
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ try-restart)
+ condrestart 0
+ ;;
+ status)
+ status --pidfile $pidfile $svname
+ RETVAL=$?
+ ;;
+ *)
+ msg_usage "$0 {start|stop|restart|try-restart|status}"
+ exit 3
+ ;;
+esac
+
+exit $RETVAL
diff --git a/opendkim.sysconfig b/opendkim.sysconfig
new file mode 100644
index 0000000..e69de29
diff --git a/signing.table b/signing.table
new file mode 100644
index 0000000..872f906
--- /dev/null
+++ b/signing.table
@@ -0,0 +1,2 @@
+# domain match short name
+*@example.com example
\ No newline at end of file
diff --git a/trusted.hosts b/trusted.hosts
new file mode 100644
index 0000000..3e755a9
--- /dev/null
+++ b/trusted.hosts
@@ -0,0 +1,6 @@
+127.0.0.1
+::1
+localhost
+#myhostname
+#myhostname.example.com
+#example.com
\ No newline at end of file
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/opendkim.git/commitdiff/76407ed76ed090127710f74a09bd78c5ba4e51ca
More information about the pld-cvs-commit
mailing list