Update to version 2.10.2-1

3 files changed, 122 insertions, 74 deletions

diff --git a/.gitignore b/.gitignore
index 4efae63..e1f6716 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,4 @@
 /opendkim.systemd-no-default-genkey.patch
 /opendkim-2.10.1.tar.gz
 /opendkim.init.patch
+/opendkim-2.10.2.tar.gz
diff --git a/opendkim.spec b/opendkim.spec
index 93f9318..8c34320 100644
--- a/opendkim.spec
+++ b/opendkim.spec
@@ -4,8 +4,8 @@
 
 Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
 Name: opendkim
-Version: 2.10.1
-Release: 13%{?dist}
+Version: 2.10.2
+Release: 1%{?dist}
 Group: System Environment/Daemons
 License: BSD and Sendmail
 URL: http://%{name}.org/
@@ -36,7 +36,7 @@ Requires(postun): initscripts
 BuildRequires: db4-devel
 %endif
 
-Patch0: %{name}.init.patch
+#Patch0: %{name}.init.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -71,7 +71,7 @@ required for developing applications against libopendkim.
 #%patch0 -p1
 %else
 # Apply SysV patches
-%patch0 -p1
+#%patch0 -p1
 %endif
 
 %build
@@ -115,77 +115,122 @@ required for developing applications against libopendkim.
 
 ## See %{_defaultdocdir}/%{name}/INSTALL for detailed instructions.
 
+## DEPRECATED CONFIGURATION OPTIONS
+## 
+## The following configuration options are no longer valid.  They should be
+## removed from your existing configuration file to prevent potential issues.
+## Failure to do so may result in %{name} being unable to start.
+## 
+## Removed in 2.10.0:
+##   AddAllSignatureResults
+##   ADSPAction
+##   ADSPNoSuchDomain
+##   BogusPolicy
+##   DisableADSP
+##   LDAPSoftStart
+##   LocalADSP
+##   NoDiscardableMailTo
+##   On-PolicyError
+##   SendADSPReports
+##   UnprotectedPolicy
+
 ## CONFIGURATION OPTIONS
 
-# Specifies the path to the process ID file.
+##  Specifies the path to the process ID file.
 PidFile	%{_localstatedir}/run/%{name}/%{name}.pid
 
-# Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
-# Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
-# messages.
+##  Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
+##  Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
+##  messages.
 Mode	v
 
-# Log activity to the system log.
+##  Log activity to the system log.
 Syslog	yes
 
-# Log additional entries indicating successful signing or verification of messages.
+##  Log additional entries indicating successful signing or verification of messages.
 SyslogSuccess	yes
 
-# If logging is enabled, include detailed logging about why or why not a message was
-# signed or verified. This causes an increase in the amount of log data generated
-# for each message, so set this to No (or comment it out) if it gets too noisy.
+##  If logging is enabled, include detailed logging about why or why not a message was
+##  signed or verified. This causes an increase in the amount of log data generated
+##  for each message, so set this to No (or comment it out) if it gets too noisy.
 LogWhy	yes
 
-# Attempt to become the specified user before starting operations.
+##  Attempt to become the specified user before starting operations.
 UserID	%{name}:%{name}
 
-# Create a socket through which your MTA can communicate.
+##  Create a socket through which your MTA can communicate.
 Socket	inet:8891@localhost
 
-# Required to use local socket with MTAs that access the socket as a non-
-# privileged user (e.g. Postfix)
+##  Required to use local socket with MTAs that access the socket as a non-
+##  privileged user (e.g. Postfix)
 Umask	002
 
-# This specifies a text file in which to store DKIM transaction statistics.
-# %{upname} must be manually compiled with --enable-stats to enable this feature.
-#Statistics	%{_localstatedir}/spool/%{name}/stats.dat
+##  This specifies a text file in which to store DKIM transaction statistics.
+##  %{upname} must be manually compiled with --enable-stats to enable this feature.
+# Statistics	%{_localstatedir}/spool/%{name}/stats.dat
+
+##  Specifies whether or not the filter should generate report mail back
+##  to senders when verification fails and an address for such a purpose
+##  is provided. See opendkim.conf(5) for details.
+SendReports	yes
+
+##  Specifies the sending address to be used on From: headers of outgoing
+##  failure reports.  By default, the e-mail address of the user executing
+##  the filter is used (executing_user@hostname).
+# ReportAddress	"Example.com Postmaster" <postmaster@example.com>
+
+##  Add a DKIM-Filter header field to messages passing through this filter
+##  to identify messages it has processed.
+SoftwareHeader	yes
 
 ## SIGNING OPTIONS
 
-# Selects the canonicalization method(s) to be used when signing messages.
+##  Selects the canonicalization method(s) to be used when signing messages.
 Canonicalization	relaxed/relaxed
 
-# Domain(s) whose mail should be signed by this filter. Mail from other domains will
-# be verified rather than being signed. Uncomment and use your domain name.
-# This parameter is not required if a SigningTable is in use.
-#Domain	example.com
+##  Domain(s) whose mail should be signed by this filter. Mail from other domains will
+##  be verified rather than being signed. Uncomment and use your domain name.
+##  This parameter is not required if a SigningTable is in use.
+# Domain	example.com
 
-# Defines the name of the selector to be used when signing messages.
+##  Defines the name of the selector to be used when signing messages.
 Selector	default
 
-# Specifies the minimum number of key bits for acceptable keys and signatures.
-MinimumKeyBits 1024
+##  Specifies the minimum number of key bits for acceptable keys and signatures.
+MinimumKeyBits	1024
 
-# Gives the location of a private key to be used for signing ALL messages. This
-# directive is ignored if KeyTable is enabled.
+##  Gives the location of a private key to be used for signing ALL messages. This
+##  directive is ignored if KeyTable is enabled.
 KeyFile	%{_sysconfdir}/%{name}/keys/default.private
 
-# Gives the location of a file mapping key names to signing keys. In simple terms,
-# this tells %{upname} where to find your keys. If present, overrides any KeyFile
-# directive in the configuration file. Requires SigningTable be enabled.
-#KeyTable	%{_sysconfdir}/%{name}/KeyTable
-
-# Defines a table used to select one or more signatures to apply to a message based
-# on the address found in the From: header field. In simple terms, this tells
-# %{upname} how to use your keys. Requires KeyTable be enabled.
-#SigningTable	refile:%{_sysconfdir}/%{name}/SigningTable
-
-# Identifies a set of "external" hosts that may send mail through the server as one
-# of the signing domains without credentials as such.
-#ExternalIgnoreList	refile:%{_sysconfdir}/%{name}/TrustedHosts
-
-# Identifies a set "internal" hosts whose mail should be signed rather than verified.
-#InternalHosts	refile:%{_sysconfdir}/%{name}/TrustedHosts
+##  Gives the location of a file mapping key names to signing keys. In simple terms,
+##  this tells %{upname} where to find your keys. If present, overrides any KeyFile
+##  directive in the configuration file. Requires SigningTable be enabled.
+# KeyTable	%{_sysconfdir}/%{name}/KeyTable
+
+##  Defines a table used to select one or more signatures to apply to a message based
+##  on the address found in the From: header field. In simple terms, this tells
+##  %{upname} how to use your keys. Requires KeyTable be enabled.
+# SigningTable	refile:%{_sysconfdir}/%{name}/SigningTable
+
+##  Identifies a set of "external" hosts that may send mail through the server as one
+##  of the signing domains without credentials as such.
+# ExternalIgnoreList	refile:%{_sysconfdir}/%{name}/TrustedHosts
+
+##  Identifies a set "internal" hosts whose mail should be signed rather than verified.
+# InternalHosts	refile:%{_sysconfdir}/%{name}/TrustedHosts
+
+##  Contains a list of IP addresses, CIDR blocks, hostnames or domain names
+##  whose mail should be neither signed nor verified by this filter.  See man
+##  page for file format.
+# PeerList	X.X.X.X
+
+##  Always oversign From (sign using actual From and a null From to prevent
+##  malicious signatures header fields (From and/or others) between the signer
+##  and the verifier.  From is oversigned by default in the Fedora package
+##  because it is often the identity key used by reputation systems and thus
+##  somewhat security sensitive.
+OversignHeaders	From
 EOF
 
 %{__cat} > %{buildroot}%{_sysconfdir}/sysconfig/%{name} << 'EOF'
@@ -253,7 +298,7 @@ EOF
 #####################################
 #FEDORA-SPECIFIC README FOR %{bigname}#
 #####################################
-Last updated: Mar 3, 2015 by Steve Jenkins (steve@stevejenkins.com)
+Last updated: Apr 30, 2015 by Steve Jenkins (steve@stevejenkins.com)
 
 Generating keys for %{upname}
 ============================
@@ -316,9 +361,20 @@ before attempting to start the %{name} service.
 
 Using %upname with SQL Datasets
 ================================
-If you have %upname configured to use SQL datasets on a systemd-based server, it might be necessary to start the
-%name service after the database servers by referencing your database unit file(s) in the "After" section of the
-%upname unit file.
+%upname on RedHat-based systems relies on OpenDBX for database access. Depending on which database you use,
+you may have to manually install one of the following OpenDBX subpackages (all of which are available via yum):
+
+- opendbx-firebird
+- opendbx-mssql
+- opendbx-mysql
+- opendbx-postgresql
+- opendbx-sqlite 
+- opendbx-sqlite2
+- opendbx-sybase
+
+If you have %upname configured to use SQL datasets on a systemd-based server, it might also be necessary to start
+the %name service after the database servers by referencing your database unit file(s) in the "After" section of
+the %upname unit file.
 
 For example, if using both MariaDB and PostgreSQL, in %{_unitdir}/%{name}.service change:
 
@@ -373,26 +429,15 @@ exit 0
 
 %post
 %if %systemd
-if [ $1 -eq 1 ] ; then 
-    # Initial installation 
-    /bin/systemctl enable %{name}.service >/dev/null 2>&1 || :
-fi
-
+%systemd_post %{name}.service
 %else
-
 /sbin/chkconfig --add %{name} || :
 %endif
 
 %preun
 %if %systemd
-if [ $1 -eq 0 ] ; then
-    # Package removal, not upgrade
-    /bin/systemctl --no-reload disable %{name}.service > /dev/null 2>&1 || :
-    /bin/systemctl stop %{name}.service > /dev/null 2>&1 || :
-fi
-
+%systemd_preun %{name}.service
 %else
-
 if [ $1 -eq 0 ]; then
 	service %{name} stop >/dev/null || :
 	/sbin/chkconfig --del %{name} || :
@@ -402,14 +447,8 @@ exit 0
 
 %postun
 %if %systemd
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ] ; then
-    # Package upgrade, not uninstall
-    /bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || :
-fi
-
+%systemd_postun_with_restart %{name}.service
 %else
-
 if [ "$1" -ge "1" ] ; then
 	/sbin/service %{name} condrestart >/dev/null 2>&1 || :
 fi
@@ -417,10 +456,11 @@ exit 0
 %endif
 
 %if %systemd
+# For the switchover from initscript to service file
 %triggerun -- %{name} < 2.8.0-1
-/bin/systemctl enable %{name}.service >/dev/null 2>&1
+%systemd_post %{name}.service
 /sbin/chkconfig --del %{name} >/dev/null 2>&1 || :
-/bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || :
+%systemd_postun_with_restart %{name}.service
 %endif
 
 %post -n libopendkim -p /sbin/ldconfig
@@ -482,6 +522,14 @@ exit 0
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Mon May 11 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.2-1
+- Updated to use newer upstream 2.10.2 source code
+- Removed patches for bugs fixed in upstream source
+- Included support for systemd macros
+- Added deprecated options notice to default configuration file
+- Added new options to default configuration file
+- Updated README.fedora with additional SQL useage info
+
 * Mon Apr 13 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-13
 - Obsoleted sysvinit subpackage via libopendkim subpackage
 - Added more macros
diff --git a/sources b/sources
index e629a4e..819e746 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-d5cc6208c52eb939b538290470c88fdb  opendkim.init.patch
-e75c2944634f875a301d85ab30c2d094  opendkim-2.10.1.tar.gz
+defbae45539937a81b501a84dd217828  opendkim-2.10.2.tar.gz