[packages/opendkim] PLDize; default configs; init script; rel 0.2 (wip)

Wed Sep 26 22:35:26 CEST 2018

commit 76407ed76ed090127710f74a09bd78c5ba4e51ca
Author: mis <mistoo at gmail.com>
Date:   Wed Sep 26 22:35:05 2018 +0200

    PLDize; default configs; init script; rel 0.2 (wip)

 key.table          |  1 +
 opendkim.conf      | 43 ++++++++++++++++++++++++
 opendkim.init      | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 opendkim.spec      | 65 +++++++++++++++++++++++++-----------
 opendkim.sysconfig |  0
 signing.table      |  2 ++
 trusted.hosts      |  6 ++++
 7 files changed, 194 insertions(+), 19 deletions(-)
---

diff --git a/opendkim.spec b/opendkim.spec
index 078af4a..ae5f326 100644
--- a/opendkim.spec
+++ b/opendkim.spec
@@ -1,10 +1,16 @@
 Summary:	A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
 Name:		opendkim
 Version:	2.10.3
-Release:	0.1
+Release:	0.2
 License:	BSD and Sendmail
 Group:		Daemons
 Source0:	http://downloads.sourceforge.net/opendkim/%{name}-%{version}.tar.gz
+Source1:	%{name}.conf
+Source2:	%{name}.sysconfig
+Source3:	%{name}.init
+Source4:	signing.table
+Source5:	key.table
+Source6:	trusted.hosts
 # Source0-md5:	916e691cdd16cfabd1cd6efe745323f9
 URL:		http://opendkim.org/
 BuildRequires:	db-devel
@@ -17,6 +23,8 @@ BuildRequires:	unbound-devel
 Requires:	%{name}-libs = %{version}-%{release}
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
+%define no_install_post_check_tmpfiles 1
+
 %description
 OpenDKIM allows signing and/or verification of email through an open
 source library that implements the DKIM service, plus a milter-based
@@ -54,40 +62,59 @@ rm -rf $RPM_BUILD_ROOT
 %{__make} install \
 	DESTDIR=$RPM_BUILD_ROOT
 
-install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,%{name}/keys}
 install -d $RPM_BUILD_ROOT%{_initrddir}
 install -d $RPM_BUILD_ROOT%{systemdunitdir}
-install -p contrib/init/redhat/%{name} $RPM_BUILD_ROOT%{_initrddir}/%{name}
-cp -p contrib/systemd/%{name}.service $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
+install -d $RPM_BUILD_ROOT%{_localstatedir}/spool/%{name}
+install -d $RPM_BUILD_ROOT%{_localstatedir}/run/%{name}
+cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/%{name}
+cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_initrddir}/%{name}
+cp -p %{SOURCE1} %{SOURCE4} %{SOURCE5} %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
+#cp -p contrib/systemd/%{name}.service $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
 cp -p contrib/init/redhat/%{name}-default-keygen $RPM_BUILD_ROOT%{_sbindir}/%{name}-default-keygen
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
-%post	libs -p /sbin/ldconfig
-%postun	libs -p /sbin/ldconfig
+%pre
+%groupadd -g 322 -r %{name}
+%useradd -r -u 322 -d /usr/share/empty -s /bin/false -c "OpenDKIM User" -g %{name} %{name}
+# MTA group in general?
+#%addusertogroup %{name} postfix
+
+%preun
+if [ "$1" = "0" ];then
+	%service %{name} stop
+	/sbin/chkconfig --del %{name}
+fi
+%systemd_preun %{name}.service
+
+%postun
+if [ "$1" = "0" ]; then
+	%userremove %{name}
+	%groupremove %{name}
+fi
+%systemd_reload
 
 %files
 %defattr(644,root,root,755)
 %doc FEATURES KNOWNBUGS LICENSE LICENSE.Sendmail RELEASE_NOTES RELEASE_NOTES.Sendmail INSTALL
 %doc contrib/convert/convert_keylist.sh %{name}/*.sample
 %doc %{name}/%{name}.conf.simple-verify %{name}/%{name}.conf.simple
-%doc %{name}/README contrib/lua/*.lua
-%doc contrib/stats/README.%{name}-reportstats
-%config(noreplace) %{_sysconfdir}/%{name}.conf
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
-%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/SigningTable
-%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/KeyTable
-%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/TrustedHosts
+%doc %{name}/README
+%attr(754,root,root) /etc/rc.d/init.d/%{name}
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/%{name}.conf
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/signing.table
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/key.table
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/trusted.hosts
 %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
-%attr(755,root,root) %{_sbindir}/*
-%{_mandir}/*/*
+%dir %attr(700,%{name},%{name}) %{_sysconfdir}/%{name}/keys
+%attr(755,root,root) %{_sbindir}/%{name}*
+%{_mandir}/man*/*
 %dir %attr(-,%{name},%{name}) %{_localstatedir}/spool/%{name}
-%dir %attr(-,%{name},%{name}) %{_localstatedir}/run/%{name}
+%dir %attr(770,root,%{name}) %{_localstatedir}/run/%{name}
 %dir %attr(-,root,%{name}) %{_sysconfdir}/%{name}
-%dir %attr(750,%{name},%{name}) %{_sysconfdir}/%{name}/keys
-%{systemdunitdir}/%{name}.service
-%attr(755,root,root) %{_sbindir}/%{name}-default-keygen
+#%{systemdunitdir}/%{name}.service
 
 %files libs
 %defattr(644,root,root,755)
diff --git a/key.table b/key.table
new file mode 100644
index 0000000..23bb665
--- /dev/null
+++ b/key.table
@@ -0,0 +1 @@
+example     example.com:YYYYMM:/etc/opendkim/keys/example.private
\ No newline at end of file
diff --git a/opendkim.conf b/opendkim.conf
new file mode 100644
index 0000000..ee978a9
--- /dev/null
+++ b/opendkim.conf
@@ -0,0 +1,43 @@
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+# Socket that should be established by the filter to receive connections from MTA in order to provide service.
+# socketspec is in one of two forms: local:path (UNIX domain socket) or inet[6]:port[@host]]
+Socket local:/var/run/opendkim/opendkim.sock
+
+# Log to syslog
+Syslog          yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+UMask           002
+
+# OpenDKIM user
+# Remember to add user postfix to group opendkim
+UserID          opendkim
+
+# Map domains in From addresses to keys used to sign messages
+KeyTable        /etc/opendkim/key.table
+SigningTable    refile:/etc/opendkim/signing.table
+
+# Hosts to ignore when verifying signatures
+ExternalIgnoreList  /etc/opendkim/trusted.hosts
+InternalHosts       /etc/opendkim/trusted.hosts
+
+# Commonly-used options; the commented-out versions show the defaults.
+Canonicalization    relaxed/simple
+Mode            sv
+SubDomains      no
+#ADSPAction     continue
+AutoRestart     yes
+AutoRestartRate     10/1M
+Background      yes
+DNSTimeout      5
+SignatureAlgorithm  rsa-sha256
+
+# Always oversign From (sign using actual From and a null From to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier.  From is oversigned by default in the Debian package
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders     From
diff --git a/opendkim.init b/opendkim.init
new file mode 100644
index 0000000..fc4fa3e
--- /dev/null
+++ b/opendkim.init
@@ -0,0 +1,96 @@
+#!/bin/sh
+# opendkim DomainKeys Identified Mail service
+# chkconfig:	345 85 15
+# description: OpenDKIM implements the DomainKeys Identified Mail (DKIM)
+#              service and a milter-based filter application that can plug
+#              in to any milter-aware MTA.
+# processname: opendkim
+# pidfile: /var/run/opendkim/opendkim.pid
+# config:	/etc/opendkim/opendkim.conf
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+prog="/usr/sbin/opendkim"
+svname="opendkim"
+
+sysconfig="/etc/sysconfig/$svname"
+lockfile="/var/lock/subsys/$svname"
+pidfile="/var/run/$svname/$svname.pid"
+conffile="/etc/opendkim/$svname.conf"
+
+# Get service config
+[ -f $sysconfig ] && . $sysconfig
+
+start() {
+	# Check if the service is already running?
+	if [ ! -f $lockfile ]; then
+		msg_starting "$svname"
+		daemon $prog -x $conffile -P $pidfile
+		RETVAL=$?
+		[ $RETVAL -eq 0 ] && touch $lockfile
+	else
+		msg_already_running "$svname"
+	fi
+}
+
+stop() {
+	# Stop daemons.
+	if [ -f $lockfile ]; then
+		msg_stopping "$svname"
+		killproc -p $pidfile $prog
+		RETVAL=$?
+		rm -f $lockfile $pidfile >/dev/null 2>&1
+	else
+		msg_not_running "$svname"
+	fi
+}
+
+reload() {
+	if [ -f $lockfile ]; then
+		msg_reloading "$svname"
+		killproc -p $pidfile $prog -HUP
+		RETVAL=$?
+	else
+		msg_not_running "$svname"
+		RETVAL=7
+	fi
+}
+
+condrestart() {
+	if [ ! -f $lockfile ]; then
+		msg_not_running "$svname"
+		RETVAL=$1
+		return
+	fi
+	stop
+	start
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  restart)
+	stop
+	start
+	;;
+  try-restart)
+	condrestart 0
+	;;
+  status)
+	status --pidfile $pidfile $svname
+	RETVAL=$?
+	;;
+  *)
+	msg_usage "$0 {start|stop|restart|try-restart|status}"
+	exit 3
+	;;
+esac
+
+exit $RETVAL
diff --git a/opendkim.sysconfig b/opendkim.sysconfig
new file mode 100644
index 0000000..e69de29
diff --git a/signing.table b/signing.table
new file mode 100644
index 0000000..872f906
--- /dev/null
+++ b/signing.table
@@ -0,0 +1,2 @@
+# domain match  short name
+*@example.com   example
\ No newline at end of file
diff --git a/trusted.hosts b/trusted.hosts
new file mode 100644
index 0000000..3e755a9
--- /dev/null
+++ b/trusted.hosts
@@ -0,0 +1,6 @@
+127.0.0.1
+::1
+localhost
+#myhostname
+#myhostname.example.com
+#example.com
\ No newline at end of file
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/opendkim.git/commitdiff/76407ed76ed090127710f74a09bd78c5ba4e51ca

