PLDize; default configs; init script; rel 0.2 (wip)

diff --git a/key.table b/key.table
new file mode 100644 (file)
index 0000000..23bb665
--- /dev/null
+++ b/key.table
@@ -0,0 +1 @@
+example     example.com:YYYYMM:/etc/opendkim/keys/example.private
\ No newline at end of file

diff --git a/opendkim.conf b/opendkim.conf
new file mode 100644 (file)
index 0000000..ee978a9
--- /dev/null
+++ b/opendkim.conf
@@ -0,0 +1,43 @@
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+# Socket that should be established by the filter to receive connections from MTA in order to provide service.
+# socketspec is in one of two forms: local:path (UNIX domain socket) or inet[6]:port[@host]]
+Socket local:/var/run/opendkim/opendkim.sock
+
+# Log to syslog
+Syslog          yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+UMask           002
+
+# OpenDKIM user
+# Remember to add user postfix to group opendkim
+UserID          opendkim
+
+# Map domains in From addresses to keys used to sign messages
+KeyTable        /etc/opendkim/key.table
+SigningTable    refile:/etc/opendkim/signing.table
+
+# Hosts to ignore when verifying signatures
+ExternalIgnoreList  /etc/opendkim/trusted.hosts
+InternalHosts       /etc/opendkim/trusted.hosts
+
+# Commonly-used options; the commented-out versions show the defaults.
+Canonicalization    relaxed/simple
+Mode            sv
+SubDomains      no
+#ADSPAction     continue
+AutoRestart     yes
+AutoRestartRate     10/1M
+Background      yes
+DNSTimeout      5
+SignatureAlgorithm  rsa-sha256
+
+# Always oversign From (sign using actual From and a null From to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier.  From is oversigned by default in the Debian package
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders     From

diff --git a/opendkim.init b/opendkim.init
new file mode 100644 (file)
index 0000000..fc4fa3e
--- /dev/null
+++ b/opendkim.init
@@ -0,0 +1,96 @@
+#!/bin/sh
+# opendkim DomainKeys Identified Mail service
+# chkconfig:   345 85 15
+# description: OpenDKIM implements the DomainKeys Identified Mail (DKIM)
+#              service and a milter-based filter application that can plug
+#              in to any milter-aware MTA.
+# processname: opendkim
+# pidfile: /var/run/opendkim/opendkim.pid
+# config:      /etc/opendkim/opendkim.conf
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+prog="/usr/sbin/opendkim"
+svname="opendkim"
+
+sysconfig="/etc/sysconfig/$svname"
+lockfile="/var/lock/subsys/$svname"
+pidfile="/var/run/$svname/$svname.pid"
+conffile="/etc/opendkim/$svname.conf"
+
+# Get service config
+[ -f $sysconfig ] && . $sysconfig
+
+start() {
+       # Check if the service is already running?
+       if [ ! -f $lockfile ]; then
+               msg_starting "$svname"
+               daemon $prog -x $conffile -P $pidfile
+               RETVAL=$?
+               [ $RETVAL -eq 0 ] && touch $lockfile
+       else
+               msg_already_running "$svname"
+       fi
+}
+
+stop() {
+       # Stop daemons.
+       if [ -f $lockfile ]; then
+               msg_stopping "$svname"
+               killproc -p $pidfile $prog
+               RETVAL=$?
+               rm -f $lockfile $pidfile >/dev/null 2>&1
+       else
+               msg_not_running "$svname"
+       fi
+}
+
+reload() {
+       if [ -f $lockfile ]; then
+               msg_reloading "$svname"
+               killproc -p $pidfile $prog -HUP
+               RETVAL=$?
+       else
+               msg_not_running "$svname"
+               RETVAL=7
+       fi
+}
+
+condrestart() {
+       if [ ! -f $lockfile ]; then
+               msg_not_running "$svname"
+               RETVAL=$1
+               return
+       fi
+       stop
+       start
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+  start)
+       start
+       ;;
+  stop)
+       stop
+       ;;
+  restart)
+       stop
+       start
+       ;;
+  try-restart)
+       condrestart 0
+       ;;
+  status)
+       status --pidfile $pidfile $svname
+       RETVAL=$?
+       ;;
+  *)
+       msg_usage "$0 {start|stop|restart|try-restart|status}"
+       exit 3
+       ;;
+esac
+
+exit $RETVAL

diff --git a/opendkim.spec b/opendkim.spec
index 078af4aff27551ab5b9726e13beaf7bb27899cfa..ae5f326373ebb3d702058ca427ea154899ffe664 100644 (file)
--- a/opendkim.spec
+++ b/opendkim.spec
@@ -1,10 +1,16 @@
 Summary:       A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
 Name:          opendkim
 Version:       2.10.3
-Release:       0.1
+Release:       0.2
 License:       BSD and Sendmail
 Group:         Daemons
 Source0:       http://downloads.sourceforge.net/opendkim/%{name}-%{version}.tar.gz
+Source1:       %{name}.conf
+Source2:       %{name}.sysconfig
+Source3:       %{name}.init
+Source4:       signing.table
+Source5:       key.table
+Source6:       trusted.hosts
 # Source0-md5: 916e691cdd16cfabd1cd6efe745323f9
 URL:           http://opendkim.org/
 BuildRequires: db-devel
@@ -17,6 +23,8 @@ BuildRequires:        unbound-devel
 Requires:      %{name}-libs = %{version}-%{release}
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
+%define no_install_post_check_tmpfiles 1
+
 %description
 OpenDKIM allows signing and/or verification of email through an open
 source library that implements the DKIM service, plus a milter-based
@@ -54,40 +62,59 @@ rm -rf $RPM_BUILD_ROOT
 %{__make} install \
        DESTDIR=$RPM_BUILD_ROOT
 
-install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,%{name}/keys}
 install -d $RPM_BUILD_ROOT%{_initrddir}
 install -d $RPM_BUILD_ROOT%{systemdunitdir}
-install -p contrib/init/redhat/%{name} $RPM_BUILD_ROOT%{_initrddir}/%{name}
-cp -p contrib/systemd/%{name}.service $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
+install -d $RPM_BUILD_ROOT%{_localstatedir}/spool/%{name}
+install -d $RPM_BUILD_ROOT%{_localstatedir}/run/%{name}
+cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/%{name}
+cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_initrddir}/%{name}
+cp -p %{SOURCE1} %{SOURCE4} %{SOURCE5} %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
+#cp -p contrib/systemd/%{name}.service $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
 cp -p contrib/init/redhat/%{name}-default-keygen $RPM_BUILD_ROOT%{_sbindir}/%{name}-default-keygen
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
-%post  libs -p /sbin/ldconfig
-%postun        libs -p /sbin/ldconfig
+%pre
+%groupadd -g 322 -r %{name}
+%useradd -r -u 322 -d /usr/share/empty -s /bin/false -c "OpenDKIM User" -g %{name} %{name}
+# MTA group in general?
+#%addusertogroup %{name} postfix
+
+%preun
+if [ "$1" = "0" ];then
+       %service %{name} stop
+       /sbin/chkconfig --del %{name}
+fi
+%systemd_preun %{name}.service
+
+%postun
+if [ "$1" = "0" ]; then
+       %userremove %{name}
+       %groupremove %{name}
+fi
+%systemd_reload
 
 %files
 %defattr(644,root,root,755)
 %doc FEATURES KNOWNBUGS LICENSE LICENSE.Sendmail RELEASE_NOTES RELEASE_NOTES.Sendmail INSTALL
 %doc contrib/convert/convert_keylist.sh %{name}/*.sample
 %doc %{name}/%{name}.conf.simple-verify %{name}/%{name}.conf.simple
-%doc %{name}/README contrib/lua/*.lua
-%doc contrib/stats/README.%{name}-reportstats
-%config(noreplace) %{_sysconfdir}/%{name}.conf
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
-%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/SigningTable
-%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/KeyTable
-%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/TrustedHosts
+%doc %{name}/README
+%attr(754,root,root) /etc/rc.d/init.d/%{name}
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/%{name}.conf
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/signing.table
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/key.table
+%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/trusted.hosts
 %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
-%attr(755,root,root) %{_sbindir}/*
-%{_mandir}/*/*
+%dir %attr(700,%{name},%{name}) %{_sysconfdir}/%{name}/keys
+%attr(755,root,root) %{_sbindir}/%{name}*
+%{_mandir}/man*/*
 %dir %attr(-,%{name},%{name}) %{_localstatedir}/spool/%{name}
-%dir %attr(-,%{name},%{name}) %{_localstatedir}/run/%{name}
+%dir %attr(770,root,%{name}) %{_localstatedir}/run/%{name}
 %dir %attr(-,root,%{name}) %{_sysconfdir}/%{name}
-%dir %attr(750,%{name},%{name}) %{_sysconfdir}/%{name}/keys
-%{systemdunitdir}/%{name}.service
-%attr(755,root,root) %{_sbindir}/%{name}-default-keygen
+#%{systemdunitdir}/%{name}.service
 
 %files libs
 %defattr(644,root,root,755)

diff --git a/opendkim.sysconfig b/opendkim.sysconfig
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/signing.table b/signing.table
new file mode 100644 (file)
index 0000000..872f906
--- /dev/null
+++ b/signing.table
@@ -0,0 +1,2 @@
+# domain match  short name
+*@example.com   example
\ No newline at end of file

diff --git a/trusted.hosts b/trusted.hosts
new file mode 100644 (file)
index 0000000..3e755a9
--- /dev/null
+++ b/trusted.hosts
@@ -0,0 +1,6 @@
+127.0.0.1
+::1
+localhost
+#myhostname
+#myhostname.example.com
+#example.com
\ No newline at end of file