diff options
author | stevejenkins <steve@stevejenkins.com> | 2015-03-03 19:47:55 -0800 |
---|---|---|
committer | stevejenkins <steve@stevejenkins.com> | 2015-03-03 19:47:55 -0800 |
commit | d66c980fc3917bca6b661ae0e6e290c9e2618e22 (patch) | |
tree | 51bbff831f29970e0d0d40f1a10eb627dac0fd67 | |
parent | c3cbd1d8520e5f2aeecca4141ff918056ae74d91 (diff) | |
download | opendkim_EL6-d66c980fc3917bca6b661ae0e6e290c9e2618e22.tar.gz |
Update to 2.10.1-1
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | opendkim.spec | 121 | ||||
-rw-r--r-- | sources | 5 |
3 files changed, 103 insertions, 24 deletions
@@ -16,3 +16,4 @@ /opendkim.autocreate-keys-no.patch /opendkim.keygen-permissions.patch /opendkim.systemd-no-default-genkey.patch +/opendkim-2.10.1.tar.gz diff --git a/opendkim.spec b/opendkim.spec index bbb58ec..0e2f152 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -4,8 +4,8 @@ Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail Name: opendkim -Version: 2.9.2 -Release: 3%{?dist} +Version: 2.10.1 +Release: 1%{?dist} License: BSD and Sendmail URL: http://opendkim.org/ Group: System Environment/Daemons @@ -26,18 +26,16 @@ BuildRequires: libmemcached-devel #Requires (postun): initscripts #BuildRequires: db4-devel +# Required for all versions BuildRequires: libbsd BuildRequires: libbsd-devel BuildRequires: pkgconfig BuildRequires: openssl-devel BuildRequires: sendmail-devel -BuildRequires: unbound-devel Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz -Patch0: %{name}.keygen-permissions.patch -Patch1: %{name}.autocreate-keys-no.patch -Patch2: %{name}.systemd-no-default-genkey.patch +# Patch0: %{name}.patchname.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -81,12 +79,10 @@ It is not required when the init system used is systemd. %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 +#%patch0 -p1 %build -%configure --with-unbound --with-libmemcached --with-db +%configure --with-libmemcached --with-db sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool @@ -191,9 +187,6 @@ cat > %{buildroot}%{_sysconfdir}/sysconfig/%{name} << 'EOF' # Set the necessary startup options OPTIONS="-x %{_sysconfdir}/%{name}.conf -P %{_localstatedir}/run/%{name}/%{name}.pid" -# Determine whether default DKIM keys are automatically created on start (deprecated) -# AUTOCREATE_DKIM_KEYS=YES - # Set the default DKIM selector DKIM_SELECTOR=default @@ -250,6 +243,86 @@ cat > %{buildroot}%{_sysconfdir}/%{name}/TrustedHosts << 'EOF' #192.168.1.0/24 EOF +cat > README.fedora << 'EOF' +##################################### +#FEDORA-SPECIFIC README FOR OPENDKIM# +##################################### +Last updated: Mar 3, 2015 by Steve Jenkins (steve@stevejenkins.com) + +Generating keys for OpenDKIM +============================ +After installing the opendkim package, you MUST generate a pair of keys (public and private) before +attempting to start the opendkim service. + +A valid private key must exist in the location expected by /etc/opendkim.conf before the service will start. + +A matching public key must be included in your domain's DNS records before remote systems can validate +your outgoing mail's DKIM signature. + + +Generating Keys Automatically +============================= +To automatically create a pair of default keys for the local domain, do: + +% sudo /usr/sbin/opendkim-default-keygen + +The default keygen script will attempt to fetch the local domain name, generate a private and public key for +the domain, then save them in /etc/opendkim/keys as default.private and default.txt with the proper +ownership and permissions. + +NOTE: The default key generation script MUST be run by a privileged user (or root). Otherwise, the resulting +private key ownership and permissions will not be correct. + + +Generating Keys Manually +======================== +A privileged user (or root) can manually generate a set of keys by doing the following: + +1) Create a directory to store the new keys: + +% sudo mkdir /etc/opendkim/keys/example.com + +2) Generate keys in that directory for a specific domain name and selector: + +% sudo /usr/sbin/opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default + +3) Set the proper ownership for the directory and private key: + +% sudo chown -R root:opendkim /etc/opendkim/keys/example.com + +4) Set secure permissions for the private key: + +% sudo chmod 640 /etc/opendkim/keys/example.com/default.private + +5) Set standard permissions for the public key: + +% sudo chmod 644 /etc/opendkim/keys/example.com/default.txt + + +Updating Key Location(s) in Configuration Files +=============================================== +If you run the opendkim-default-keygen script, the default keys will be saved in /etc/opendkim/keys as +default.private and default.txt, which is the location expected by the default /etc/opendkim.conf file. + +If you manually generate your own keys, you must update the key location and name in /etc/opendkim.conf +before attempting to start the opendkim service. + + +Additional Configuration Help +============================= +For help configuring your MTA (Postfix, Sendmail, etc.) with OpenDKIM, setting up DNS records with your +public DKIM key, as well as instructions on configuring OpenDKIM to sign outgoing mail for multiple +domains, follow the how-to at: + +http://wp.me/p1iGgP-ou + +Official documentation for OpenDKIM is available at http://opendkim.org/ + +OpenDKIM mailing lists are available at http://lists.opendkim.org/ + +### +EOF + install -p -d %{buildroot}%{_sysconfdir}/tmpfiles.d cat > %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf <<'EOF' D %{_localstatedir}/run/%{name} 0700 %{name} %{name} - @@ -314,7 +387,6 @@ fi exit 0 %triggerun -- %{name} < 2.8.0-1 -/usr/bin/systemd-sysv-convert --save %{name} >/dev/null 2>&1 || : /bin/systemctl enable %{name}.service >/dev/null 2>&1 /sbin/chkconfig --del %{name} >/dev/null 2>&1 || : /bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || : @@ -335,19 +407,19 @@ rm -rf %{buildroot} %doc contrib/convert/convert_keylist.sh %{name}/*.sample %doc %{name}/%{name}.conf.simple-verify %{name}/%{name}.conf.simple %doc %{name}/README contrib/lua/*.lua -%doc contrib/stats/README.%{name}-reportstats +%doc README.fedora %config(noreplace) %{_sysconfdir}/%{name}.conf %config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf -%config(noreplace) %attr(640,root,%{name}) %{_sysconfdir}/%{name}/SigningTable -%config(noreplace) %attr(640,root,%{name}) %{_sysconfdir}/%{name}/KeyTable -%config(noreplace) %attr(640,root,%{name}) %{_sysconfdir}/%{name}/TrustedHosts +%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/SigningTable +%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/KeyTable +%config(noreplace) %attr(640,%{name},%{name}) %{_sysconfdir}/%{name}/TrustedHosts %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %{_sbindir}/* %{_mandir}/*/* %dir %attr(-,%{name},%{name}) %{_localstatedir}/spool/%{name} %dir %attr(-,%{name},%{name}) %{_localstatedir}/run/%{name} %dir %attr(-,root,%{name}) %{_sysconfdir}/%{name} -%dir %attr(750,root,%{name}) %{_sysconfdir}/%{name}/keys +%dir %attr(750,%name,%{name}) %{_sysconfdir}/%{name}/keys %attr(0644,root,root) %{_unitdir}/%{name}.service %attr(0755,root,root) %{_sbindir}/%{name}-default-keygen @@ -369,10 +441,19 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/*.pc %changelog +* Tue Mar 03 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-1 +- Updated to use newer upstream 2.10.1 source code + +* Tue Dec 09 2014 Steve Jenkins <steve@stevejenkins.com> - 2.10.0-1 +- Updated to use newer upstream 2.10.0 source code +- Removed unbound compile option due to orphaned upstream dependency +- Removed AUTOCREATE_DKIM_KEYS option +- Added README.fedora with basic key generation and config instructions + * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -* Mon Aug 4 2014 Steve Jenkins <steve@stevejenkins.com> - 2.9.2-2 +* Mon Aug 04 2014 Steve Jenkins <steve@stevejenkins.com> - 2.9.2-2 - Change file ownerships/permissions to fix https://bugzilla.redhat.com/show_bug.cgi?id=891292 - Default keys no longer created on startup. Privileged user must run opendkim-default-keygen or create manually (after install) @@ -1,4 +1 @@ -80043a5147ae4ff2feb7f8d32ed2ccac opendkim.autocreate-keys-no.patch -a6a9c36328a9b4c18f5fca19e3b1aabc opendkim.keygen-permissions.patch -4f9d50fcd8428c280b2a4739cf4b8492 opendkim.systemd-no-default-genkey.patch -08cc80a2aedec62b0444d8d6af24a155 opendkim-2.9.2.tar.gz +e75c2944634f875a301d85ab30c2d094 opendkim-2.10.1.tar.gz |