From 9ca62889a84f4abf33a92d87eb5c3992bfa03014 Mon Sep 17 00:00:00 2001 From: Matt Domsch Date: Tue, 6 Sep 2022 08:22:22 -0400 Subject: use systemd RuntimeDirectory for socket file --- opendkim-systemd-service-simple.patch | 4 ++-- opendkim.conf | 5 +++-- opendkim.spec | 14 +++++++++++++- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/opendkim-systemd-service-simple.patch b/opendkim-systemd-service-simple.patch index 412c932..90ae21a 100644 --- a/opendkim-systemd-service-simple.patch +++ b/opendkim-systemd-service-simple.patch @@ -14,8 +14,8 @@ User=opendkim Group=opendkim +Restart=on-failure -+StandardOutput=null -+StandardError=null ++RuntimeDirectory=opendkim ++RuntimeDirectoryMode=0750 +ProtectSystem=strict +ProtectHome=true +ReadWritePaths=@logdir@/opendkim diff --git a/opendkim.conf b/opendkim.conf index 5933b4e..6561f26 100644 --- a/opendkim.conf +++ b/opendkim.conf @@ -31,7 +31,7 @@ ## CONFIGURATION OPTIONS ## Specifies the path to the process ID file. -PidFile /run/opendkim/opendkim.pid +#PidFile /run/opendkim/opendkim.pid ## Selects operating modes. Valid modes are s (sign) and v (verify). Default is v. ## Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing @@ -53,7 +53,8 @@ LogWhy yes UserID opendkim:opendkim ## Create a socket through which your MTA can communicate. -Socket inet:8891@localhost +#Socket inet:8891@localhost +Socket local:/run/opendkim/opendkim.sock ## Required to use local socket with MTAs that access the socket as a non- ## privileged user (e.g. Postfix) diff --git a/opendkim.spec b/opendkim.spec index 8256e92..d8580cf 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -1,3 +1,10 @@ +%global systemd (0%{?fedora} >= 18) || (0%{?rhel} >= 7) +# F21+ and RHEL8+ have systemd 211+ which offers RuntimeDirectory +# use that instead of tmpfiles.d +%global systemd_runtimedir (0%{?fedora} >= 21) || (0%{?rhel} >= 8) +%global tmpfiles ((0%{?fedora} >= 15) || (0%{?rhel} == 7)) && !%{systemd_runtimedir} + + %global upname OpenDKIM %global bigname OPENDKIM @@ -114,10 +121,12 @@ install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/%{name}/TrustedHosts cp %{SOURCE6} ./README.fedora +%if %{tmpfiles} install -p -d %{buildroot}/usr/lib/tmpfiles.d cat > %{buildroot}/usr/lib/tmpfiles.d/%{name}.conf <<'EOF' D %{_rundir}/%{name} 0750 %{name} %{name} - EOF +%endif rm -r %{buildroot}%{_prefix}/share/doc/%{name} rm %{buildroot}%{_libdir}/*.a @@ -166,7 +175,9 @@ exit 0 %doc %{name}/README contrib/lua/*.lua %doc README.fedora %config(noreplace) %{_sysconfdir}/%{name}.conf +%if %{tmpfiles} %config(noreplace) /usr/lib/tmpfiles.d/%{name}.conf +%endif %config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/SigningTable %config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/KeyTable %config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/TrustedHosts @@ -210,8 +221,9 @@ exit 0 %{_libdir}/pkgconfig/*.pc %changelog -* Mon Sep 5 2022 Matt Domsch 2.11.0-0.31 +* Mon Sep 5 2022 Matt Domsch 2.11.0-0.32 - fix systemd service type=simple patch to apply cleanly +- Use systemd RuntimeDirectory for socket file * Fri Jul 22 2022 Fedora Release Engineering - 2.11.0-0.30 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -- cgit