diff options
| author |   Michael Orlitzky <mjo@gentoo.org> | 2019-03-27 12:53:38 -0400 |
|---|---|---|
| committer | Michael Orlitzky <mjo@gentoo.org> | 2019-03-27 13:18:09 -0400 |
| commit | 8fb71c916f648e79897e202076fc5447df07c991 (patch) | |
| tree | b294f4d67cbd270282c0c89d3114703466cbdeb0 /mail-filter | |
| parent | mail-filter/opendkim: new revision with a consistent config file. (diff) | |
| download | gentoo-8fb71c916f648e79897e202076fc5447df07c991.tar.gz gentoo-8fb71c916f648e79897e202076fc5447df07c991.tar.bz2 gentoo-8fb71c916f648e79897e202076fc5447df07c991.zip | |
mail-filter/opendkim: use /var/lib/opendkim in pkg_config.
The keys that are generated by opendkim-genkey are data, in a sense,
and not configuration files. As a result, I think it's more appropriate
to store them in /var/lib/opendkim than in /etc/opendkim where they were
previously stored. This commit moves the keys, and also tightens the
permissions on them a bit so that the "opendkim" user can only read them.
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11
Diffstat (limited to 'mail-filter')
| -rw-r--r-- | mail-filter/opendkim/opendkim-2.10.3-r8.ebuild | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/mail-filter/opendkim/opendkim-2.10.3-r8.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r8.ebuild index c45d7104150b..f2e43b0041fa 100644 --- a/mail-filter/opendkim/opendkim-2.10.3-r8.ebuild +++ b/mail-filter/opendkim/opendkim-2.10.3-r8.ebuild @@ -55,7 +55,7 @@ src_prepare() { # We delete the "Socket" setting because it's overridden by our # conf.d file. - sed -e 's:/var/db/dkim:/etc/opendkim:g' \ + sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \ -e 's:/var/db/opendkim:/var/lib/opendkim:g' \ -e 's:/etc/mail:/etc/opendkim:g' \ -e 's:mailnull:opendkim:g' \ @@ -183,28 +183,32 @@ pkg_config() { local selector keysize pubkey read -p "Enter the selector name (default ${HOSTNAME}): " selector - [[ -n "${selector}" ]] || selector=${HOSTNAME} + [[ -n "${selector}" ]] || selector="${HOSTNAME}" if [[ -z "${selector}" ]]; then eerror "Oddly enough, you don't have a HOSTNAME." return 1 fi - if [[ -f "${ROOT}"etc/opendkim/${selector}.private ]]; then + if [[ -f "${ROOT}var/lib/opendkim/${selector}.private" ]]; then ewarn "The private key for this selector already exists." else keysize=1024 - # generate the private and public keys - opendkim-genkey -b ${keysize} -D "${ROOT}"etc/opendkim/ \ - -s ${selector} -d '(your domain)' && \ - chown opendkim:opendkim \ - "${ROOT}"etc/opendkim/"${selector}".private || \ - { eerror "Failed to create private and public keys." ; return 1; } - chmod go-r "${ROOT}"etc/opendkim/"${selector}".private + # Generate the private and public keys. Note that opendkim-genkeys + # sets umask=077 on its own to keep these safe. However, we want + # them to be readable (only!) to the opendkim user, and we manage + # that by changing their groups and making everything group-readable. + opendkim-genkey -b ${keysize} -D "${ROOT}"var/lib/opendkim/ \ + -s "${selector}" -d '(your domain)' && \ + chgrp --no-dereference opendkim \ + "${ROOT}var/lib/opendkim/${selector}".{private,txt} || \ + { eerror "Failed to create private and public keys." ; + return 1; } + chmod g+r "${ROOT}var/lib/opendkim/${selector}".{private,txt} fi # opendkim selector configuration echo einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:" - einfo " Keyfile /etc/opendkim/${selector}.private" + einfo " Keyfile /var/lib/opendkim/${selector}.private" einfo " Selector ${selector}" # MTA configuration @@ -216,7 +220,7 @@ pkg_config() { # DNS configuration einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:" - cat "${ROOT}"etc/opendkim/${selector}.txt + cat "${ROOT}var/lib/opendkim/${selector}.txt" einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:" einfo " http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text" } |