Merge branch 'master' into epel8

1 files changed, 51 insertions, 378 deletions

diff --git a/opendkim.spec b/opendkim.spec
index a884fb4..139737b 100644
--- a/opendkim.spec
+++ b/opendkim.spec
@@ -1,52 +1,37 @@
-%global systemd (0%{?fedora} >= 18) || (0%{?rhel} >= 7)
 %global upname OpenDKIM
 %global bigname OPENDKIM
 
+%global full_version 2.11.0-Beta2
+
 Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
 Name: opendkim
 Version: 2.11.0
-Release: 0.11%{?dist}
+Release: 0.17%{?dist}
 License: BSD and Sendmail
 URL: http://%{name}.org/
-Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.Alpha0.tar.gz
+Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/%{full_version}.tar.gz
+Source1: opendkim.conf
+Source2: opendkim.sysconfig
+Source3: SigningTable
+Source4: KeyTable
+Source5: TrustedHosts
+Source6: README.fedora
 
-# https://sourceforge.net/p/opendkim/patches/35/
-# https://sourceforge.net/p/opendkim/patches/37/
-# Patches rediffed and combined (both modify configure)
-Patch0: %{name}.ticket35+37.patch
-Patch1: %{name}.lua_load_dump.patch
+# https://github.com/trusteddomainproject/OpenDKIM/pull/70
+Patch0: 0001-support-for-lua-5.3.patch
 
 # Required for all versions
 Requires: lib%{name}%{?_isa} = %{version}-%{release}
 BuildRequires: openssl-devel, libtool, pkgconfig, libbsd, libbsd-devel, opendbx-devel, lua-devel
 Requires(pre): shadow-utils
 
-%if %systemd
-# Required for systemd
 %{?systemd_requires}
 BuildRequires: systemd
 BuildRequires: libdb-devel, libmemcached-devel
-%else
-# Required for SysV
-Requires(post): chkconfig
-Requires(preun): chkconfig, initscripts
-Requires(postun): initscripts
-BuildRequires: db4-devel
-%endif
-
-# sendmail-devel renamed for F26+
-%if 0%{?fedora} > 25
+
 BuildRequires: sendmail-milter-devel
-%else
-BuildRequires: sendmail-devel
-%endif
 
-%if 0%{?rhel} == 5
-Requires(post): policycoreutils
-%else
 BuildRequires: openldap-devel
-%endif
-
 
 %description
 %{upname} allows signing and/or verification of email through an open source
@@ -71,20 +56,15 @@ This package contains the static libraries, headers, and other support files
 required for developing applications against libopendkim.
 
 %prep
-%autosetup -p1
+%autosetup -p1 -n %{upname}-%{full_version}
 
 %build
+autoreconf -iv
 # Always use system libtool instead of pacakge-provided one to
 # properly handle 32 versus 64 bit detection and settings
 %define LIBTOOL LIBTOOL=`which libtool`
 
-%if %systemd
-# Configure with options available to systemd
 %configure --with-odbx --with-db --with-libmemcached --with-openldap --enable-query_cache --with-lua
-%else
-# Configure with options available to SysV
-%configure --with-odbx --with-db --with-openldap --enable-query_cache --with-lua
-%endif
 
 # Remove rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
@@ -96,320 +76,25 @@ install -d %{buildroot}%{_sysconfdir}
 install -d %{buildroot}%{_sysconfdir}/sysconfig
 install -m 0755 contrib/init/redhat/%{name}-default-keygen %{buildroot}%{_sbindir}/%{name}-default-keygen
 
-%if %systemd
 install -d -m 0755 %{buildroot}%{_unitdir}
 install -m 0644 contrib/systemd/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
-%else
-install -d %{buildroot}%{_initrddir}
-install -m 0755 contrib/init/redhat/%{name} %{buildroot}%{_initrddir}/%{name}
-%endif
-
-cat > %{buildroot}%{_sysconfdir}/%{name}.conf << 'EOF'
-## BASIC %{bigname} CONFIGURATION FILE
-## See %{name}.conf(5) or %{_defaultdocdir}/%{name}/%{name}.conf.sample for more
-
-## BEFORE running %{upname} you must:
-
-## - make your MTA (Postfix, Sendmail, etc.) aware of %{upname}
-## - generate keys for your domain (if signing)
-## - edit your DNS records to publish your public keys (if signing)
-
-## See %{_defaultdocdir}/%{name}/INSTALL for detailed instructions.
-
-## DEPRECATED CONFIGURATION OPTIONS
-## 
-## The following configuration options are no longer valid.  They should be
-## removed from your existing configuration file to prevent potential issues.
-## Failure to do so may result in %{name} being unable to start.
-## 
-## Removed in 2.10.0:
-##   AddAllSignatureResults
-##   ADSPAction
-##   ADSPNoSuchDomain
-##   BogusPolicy
-##   DisableADSP
-##   LDAPSoftStart
-##   LocalADSP
-##   NoDiscardableMailTo
-##   On-PolicyError
-##   SendADSPReports
-##   UnprotectedPolicy
-
-## CONFIGURATION OPTIONS
-
-##  Specifies the path to the process ID file.
-PidFile	%{_localstatedir}/run/%{name}/%{name}.pid
-
-##  Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
-##  Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
-##  messages.
-Mode	v
-
-##  Log activity to the system log.
-Syslog	yes
-
-##  Log additional entries indicating successful signing or verification of messages.
-SyslogSuccess	yes
-
-##  If logging is enabled, include detailed logging about why or why not a message was
-##  signed or verified. This causes an increase in the amount of log data generated
-##  for each message, so set this to No (or comment it out) if it gets too noisy.
-LogWhy	yes
-
-##  Attempt to become the specified user before starting operations.
-UserID	%{name}:%{name}
-
-##  Create a socket through which your MTA can communicate.
-Socket	inet:8891@localhost
-
-##  Required to use local socket with MTAs that access the socket as a non-
-##  privileged user (e.g. Postfix)
-Umask	002
-
-##  This specifies a text file in which to store DKIM transaction statistics.
-##  %{upname} must be manually compiled with --enable-stats to enable this feature.
-# Statistics	%{_localstatedir}/spool/%{name}/stats.dat
-
-##  Specifies whether or not the filter should generate report mail back
-##  to senders when verification fails and an address for such a purpose
-##  is provided. See opendkim.conf(5) for details.
-SendReports	yes
-
-##  Specifies the sending address to be used on From: headers of outgoing
-##  failure reports.  By default, the e-mail address of the user executing
-##  the filter is used (executing_user@hostname).
-# ReportAddress	"Example.com Postmaster" <postmaster@example.com>
-
-##  Add a DKIM-Filter header field to messages passing through this filter
-##  to identify messages it has processed.
-SoftwareHeader	yes
-
-## SIGNING OPTIONS
-
-##  Selects the canonicalization method(s) to be used when signing messages.
-Canonicalization	relaxed/relaxed
-
-##  Domain(s) whose mail should be signed by this filter. Mail from other domains will
-##  be verified rather than being signed. Uncomment and use your domain name.
-##  This parameter is not required if a SigningTable is in use.
-# Domain	example.com
-
-##  Defines the name of the selector to be used when signing messages.
-Selector	default
-
-##  Specifies the minimum number of key bits for acceptable keys and signatures.
-MinimumKeyBits	1024
-
-##  Gives the location of a private key to be used for signing ALL messages. This
-##  directive is ignored if KeyTable is enabled.
-KeyFile	%{_sysconfdir}/%{name}/keys/default.private
-
-##  Gives the location of a file mapping key names to signing keys. In simple terms,
-##  this tells %{upname} where to find your keys. If present, overrides any KeyFile
-##  directive in the configuration file. Requires SigningTable be enabled.
-# KeyTable	%{_sysconfdir}/%{name}/KeyTable
-
-##  Defines a table used to select one or more signatures to apply to a message based
-##  on the address found in the From: header field. In simple terms, this tells
-##  %{upname} how to use your keys. Requires KeyTable be enabled.
-# SigningTable	refile:%{_sysconfdir}/%{name}/SigningTable
-
-##  Identifies a set of "external" hosts that may send mail through the server as one
-##  of the signing domains without credentials as such.
-# ExternalIgnoreList	refile:%{_sysconfdir}/%{name}/TrustedHosts
-
-##  Identifies a set "internal" hosts whose mail should be signed rather than verified.
-# InternalHosts	refile:%{_sysconfdir}/%{name}/TrustedHosts
-
-##  Contains a list of IP addresses, CIDR blocks, hostnames or domain names
-##  whose mail should be neither signed nor verified by this filter.  See man
-##  page for file format.
-# PeerList	X.X.X.X
-
-##  Always oversign From (sign using actual From and a null From to prevent
-##  malicious signatures header fields (From and/or others) between the signer
-##  and the verifier.  From is oversigned by default in the Fedora package
-##  because it is often the identity key used by reputation systems and thus
-##  somewhat security sensitive.
-OversignHeaders	From
-
-##  Instructs the DKIM library to maintain its own local cache of keys and
-##  policies retrieved from DNS, rather than relying on the nameserver for
-##  caching service. Useful if the nameserver being used by the filter is
-##  not local.
-# QueryCache	yes
-EOF
-
-%{__cat} > %{buildroot}%{_sysconfdir}/sysconfig/%{name} << 'EOF'
-# Set the necessary startup options
-OPTIONS="-x %{_sysconfdir}/%{name}.conf -P %{_localstatedir}/run/%{name}/%{name}.pid"
 
-# Set the default DKIM selector
-DKIM_SELECTOR=default
+install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}.conf
 
-# Set the default DKIM key location
-DKIM_KEYDIR=%{_sysconfdir}/%{name}/keys
-EOF
+install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
 
 mkdir -p %{buildroot}%{_sysconfdir}/%{name}
-cat > %{buildroot}%{_sysconfdir}/%{name}/SigningTable << 'EOF'
-# %{bigname} SIGNING TABLE
-# This table controls how to apply one or more signatures to outgoing messages based
-# on the address found in the From: header field. In simple terms, this tells
-# %{upname} "how" to apply your keys.
-
-# To use this file, uncomment the SigningTable option in %{_sysconfdir}/%{name}.conf,
-# then uncomment one of the usage examples below and replace example.com with your
-# domain name, then restart %{upname}.
-
-# WILDCARD EXAMPLE
-# Enables signing for any address on the listed domain(s), but will work only if
-# "refile:%{_sysconfdir}/%{name}/SigningTable" is included in %{_sysconfdir}/%{name}.conf.
-# Create additional lines for additional domains.
-
-#*@example.com default._domainkey.example.com
-
-# NON-WILDCARD EXAMPLE
-# If "file:" (instead of "refile:") is specified in %{_sysconfdir}/%{name}.conf, then
-# wildcards will not work. Instead, full user@host is checked first, then simply host,
-# then user@.domain (with all superdomains checked in sequence, so "foo.example.com"
-# would first check "user@foo.example.com", then "user@.example.com", then "user@.com"),
-# then .domain, then user@*, and finally *. See the %{name}.conf(5) man page under
-# "SigningTable" for more details.
-
-#example.com default._domainkey.example.com
-EOF
-
-cat > %{buildroot}%{_sysconfdir}/%{name}/KeyTable << 'EOF'
-# %{bigname} KEY TABLE
-# To use this file, uncomment the #KeyTable option in %{_sysconfdir}/%{name}.conf,
-# then uncomment the following line and replace example.com with your domain
-# name, then restart %{upname}. Additional keys may be added on separate lines.
-
-#default._domainkey.example.com example.com:default:%{_sysconfdir}/%{name}/keys/default.private
-EOF
-
-cat > %{buildroot}%{_sysconfdir}/%{name}/TrustedHosts << 'EOF'
-# %{bigname} TRUSTED HOSTS
-# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
-# option in %{_sysconfdir}/%{name}.conf then restart %{upname}. Additional hosts
-# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
-# The localhost IP (127.0.0.1) should always be the first entry in this file.
-127.0.0.1
-::1
-#host.example.com
-#192.168.1.0/24
-EOF
-
-cat > README.fedora << 'EOF'
-#####################################
-#FEDORA-SPECIFIC README FOR %{bigname}#
-#####################################
-Last updated: Apr 30, 2015 by Steve Jenkins (steve@stevejenkins.com)
-
-Generating keys for %{upname}
-============================
-After installing the %{name} package, you MUST generate a pair of keys (public and private) before
-attempting to start the %{name} service.
-
-A valid private key must exist in the location expected by %{_sysconfdir}/%{name}.conf before the service will start.
-
-A matching public key must be included in your domain's DNS records before remote systems can validate
-your outgoing mail's DKIM signature.
-
-
-Generating Keys Automatically
-=============================
-To automatically create a pair of default keys for the local domain, do:
-
-% sudo %{_sbindir}/%{name}-default-keygen
-
-The default keygen script will attempt to fetch the local domain name, generate a private and public key for
-the domain, then save them in %{_sysconfdir}/%{name}/keys as default.private and default.txt with the proper
-ownership and permissions.
-
-NOTE: The default key generation script MUST be run by a privileged user (or root). Otherwise, the resulting
-private key ownership and permissions will not be correct.
-
-
-Generating Keys Manually
-========================
-A privileged user (or root) can manually generate a set of keys by doing the following:
-
-1) Create a directory to store the new keys:
-
-% sudo mkdir %{_sysconfdir}/%{name}/keys/example.com
-
-2) Generate keys in that directory for a specific domain name and selector:
-
-% sudo %{_sbindir}/%{name}-genkey -D %{_sysconfdir}/%{name}/keys/example.com/ -d example.com -s default
-
-3) Set the proper ownership for the directory and private key:
-
-% sudo chown -R root:%{name} %{_sysconfdir}/%{name}/keys/example.com
+install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/SigningTable
 
-4) Set secure permissions for the private key:
+install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{name}/KeyTable
 
-% sudo chmod 640 %{_sysconfdir}/%{name}/keys/example.com/default.private
+install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/%{name}/TrustedHosts
 
-5) Set standard permissions for the public key:
+cp %{SOURCE6} ./README.fedora
 
-% sudo chmod 644 %{_sysconfdir}/%{name}/keys/example.com/default.txt
-
-
-Updating Key Location(s) in Configuration Files
-===============================================
-If you run the %{name}-default-keygen script, the default keys will be saved in %{_sysconfdir}/%{name}/keys as
-default.private and default.txt, which is the location expected by the default %{_sysconfdir}/%{name}.conf file.
-
-If you manually generate your own keys, you must update the key location and name in %{_sysconfdir}/%{name}.conf
-before attempting to start the %{name} service.
-
-
-Using %upname with SQL Datasets
-================================
-%upname on RedHat-based systems relies on OpenDBX for database access. Depending on which database you use,
-you may have to manually install one of the following OpenDBX subpackages (all of which are available via yum):
-
-- opendbx-firebird
-- opendbx-mssql
-- opendbx-mysql
-- opendbx-postgresql
-- opendbx-sqlite 
-- opendbx-sqlite2
-- opendbx-sybase
-
-If you have %upname configured to use SQL datasets on a systemd-based server, it might also be necessary to start
-the %name service after the database servers by referencing your database unit file(s) in the "After" section of
-the %upname unit file.
-
-For example, if using both MariaDB and PostgreSQL, in %{_unitdir}/%{name}.service change:
-
-After=network.target nss-lookup.target syslog.target
-
-to:
-
-After=network.target nss-lookup.target syslog.target mariadb.service postgresql.service
-
-
-Additional Configuration Help
-=============================
-For help configuring your MTA (Postfix, Sendmail, etc.) with %{upname}, setting up DNS records with your
-public DKIM key, as well as instructions on configuring %{upname} to sign outgoing mail for multiple
-domains, follow the how-to at:
-
-http://wp.me/p1iGgP-ou
-
-Official documentation for %{upname} is available at http://%{name}.org/
-
-%{upname} mailing lists are available at http://lists.%{name}.org/
-
-###
-EOF
-
-install -p -d %{buildroot}%{_sysconfdir}/tmpfiles.d
-cat > %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf <<'EOF'
-D %{_localstatedir}/run/%{name} 0700 %{name} %{name} -
+install -p -d %{buildroot}/usr/lib/tmpfiles.d
+cat > %{buildroot}/usr/lib/tmpfiles.d/%{name}.conf <<'EOF'
+D %{_rundir}/%{name} 0750 %{name} %{name} -
 EOF
 
 rm -r %{buildroot}%{_prefix}/share/doc/%{name}
@@ -417,7 +102,7 @@ rm %{buildroot}%{_libdir}/*.a
 rm %{buildroot}%{_libdir}/*.la
 
 mkdir -p %{buildroot}%{_localstatedir}/spool/%{name}
-mkdir -p %{buildroot}%{_localstatedir}/run/%{name}
+mkdir -p %{buildroot}%{_rundir}/%{name}
 mkdir -p %{buildroot}%{_sysconfdir}/%{name}
 mkdir %{buildroot}%{_sysconfdir}/%{name}/keys
 
@@ -430,45 +115,24 @@ chmod 0644 contrib/convert/convert_keylist.sh
 %pre
 getent group %{name} >/dev/null || groupadd -r %{name}
 getent passwd %{name} >/dev/null || \
-	useradd -r -g %{name} -G mail -d %{_localstatedir}/run/%{name} -s /sbin/nologin \
+	useradd -r -g %{name} -G mail -d %{_rundir}/%{name} -s /sbin/nologin \
 	-c "%{upname} Milter" %{name}
 exit 0
 
 %post
-%if %systemd
 %systemd_post %{name}.service
-%else
-/sbin/chkconfig --add %{name} || :
-%endif
 
 %preun
-%if %systemd
 %systemd_preun %{name}.service
-%else
-if [ $1 -eq 0 ]; then
-	service %{name} stop >/dev/null || :
-	/sbin/chkconfig --del %{name} || :
-fi
-exit 0
-%endif
 
 %postun
-%if %systemd
 %systemd_postun_with_restart %{name}.service
-%else
-if [ "$1" -ge "1" ] ; then
-	/sbin/service %{name} condrestart >/dev/null 2>&1 || :
-fi
-exit 0
-%endif
-
-%if %systemd
 # For the switchover from initscript to service file
 %triggerun -- %{name} < 2.8.0-1
 %systemd_post %{name}.service
 /sbin/chkconfig --del %{name} >/dev/null 2>&1 || :
 %systemd_postun_with_restart %{name}.service
-%endif
+
 
 %ldconfig_scriptlets -n libopendkim
 
@@ -480,7 +144,7 @@ exit 0
 %doc %{name}/README contrib/lua/*.lua
 %doc README.fedora
 %config(noreplace) %{_sysconfdir}/%{name}.conf
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
+%config(noreplace) /usr/lib/tmpfiles.d/%{name}.conf
 %config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/SigningTable
 %config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/KeyTable
 %config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/TrustedHosts
@@ -489,38 +153,47 @@ exit 0
 %{_sbindir}/*
 %{_mandir}/*/*
 %dir %attr(-,%{name},%{name}) %{_localstatedir}/spool/%{name}
-%dir %attr(0775,%{name},%{name}) %{_localstatedir}/run/%{name}
+%dir %attr(0750,%{name},%{name}) %{_rundir}/%{name}
 %dir %attr(-,root,%{name}) %{_sysconfdir}/%{name}
-%dir %attr(0750,%name,%{name}) %{_sysconfdir}/%{name}/keys
+%dir %attr(0750,root,%{name}) %{_sysconfdir}/%{name}/keys
 %attr(0755,root,root) %{_sbindir}/%{name}-default-keygen
 
-%if %systemd
 %attr(0644,root,root) %{_unitdir}/%{name}.service
-%else
-%attr(0755,root,root) %{_initrddir}/%{name}
-%endif
 
 %files -n libopendkim
-%if 0%{?_licensedir:1}
 %license LICENSE LICENSE.Sendmail
-%else
-%doc LICENSE LICENSE.Sendmail
-%endif
 %doc README
 %{_libdir}/lib%{name}.so.*
 
 %files -n libopendkim-devel
-%if 0%{?_licensedir:1}
 %license LICENSE LICENSE.Sendmail
-%else
-%doc LICENSE LICENSE.Sendmail
-%endif
 %doc lib%{name}/docs/*.html
 %{_includedir}/%{name}
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-0.17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jun 24 2020 Tomas Korbar <tkorbar@redhat.com> - 2.11.0-0.16
+- Change location of tmpfiles definiton (#1736767)
+
+* Wed Jun 24 2020 Tomas Korbar <tkorbar@redhat.com> - 2.11.0-0.15
+- Change permissions of /var/run/opendkim directory (#1744391)
+
+* Wed Jun 24 2020 Tomas Korbar <tkorbar@redhat.com> - 2.11.0-0.14
+- Change ownership of the keys directory to root (#1711713)
+
+* Wed Jun 24 2020 Tomas Korbar <tkorbar@redhat.com> - 2.11.0-0.13
+- Change /run/opendkim permissions to group writable
+- Improve the patch which adds support for lua
+- Credit: mdomsch
+
+* Mon Jun 22 2020 Tomas Korbar <tkorbar@redhat.com> - 2.11.0-0.12
+- Rebase to 2.11.0-beta2 version
+- Clean specfile and move configuration to their own files
+
 * Fri Apr 24 2020 Tomas Korbar <tkorbar@redhat.com> - 2.11.0-0.11
 - Rebuilt with lua support
 - Credit: Breno Brand Fernandes brandfbb@gmail.com