From f8683dd52e37aa99b744993fc35177585a9b612b Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Mon, 18 Nov 2019 11:55:22 +0100 Subject: Rebase to 2.11.0-beta2 version Clean specfile and move configuration to their own files --- .gitignore | 1 + KeyTable | 6 + README.fedora | 102 ++++++++++++ SigningTable | 25 +++ TrustedHosts | 9 ++ opendkim.conf | 133 +++++++++++++++ opendkim.spec | 395 +++------------------------------------------ opendkim.sysconfig | 8 + opendkim.ticket35+37.patch | 173 -------------------- sources | 2 +- 10 files changed, 310 insertions(+), 544 deletions(-) create mode 100644 KeyTable create mode 100644 README.fedora create mode 100644 SigningTable create mode 100644 TrustedHosts create mode 100644 opendkim.conf create mode 100644 opendkim.sysconfig delete mode 100644 opendkim.ticket35+37.patch diff --git a/.gitignore b/.gitignore index a8b620b..9004201 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /opendkim-2.10.3.tar.gz /opendkim.ticket226.patch /opendkim-2.11.0.Alpha0.tar.gz +/opendkim-2.11.0-0.12.fc33.src.rpm diff --git a/KeyTable b/KeyTable new file mode 100644 index 0000000..e804d68 --- /dev/null +++ b/KeyTable @@ -0,0 +1,6 @@ +# OPENDKIM KEY TABLE +# To use this file, uncomment the #KeyTable option in /etc/opendkim.conf, +# then uncomment the following line and replace example.com with your domain +# name, then restart OpenDKIM. Additional keys may be added on separate lines. + +#default._domainkey.example.com example.com:default:/etc/opendkim/keys/default.private diff --git a/README.fedora b/README.fedora new file mode 100644 index 0000000..da173c2 --- /dev/null +++ b/README.fedora @@ -0,0 +1,102 @@ +##################################### +#FEDORA-SPECIFIC README FOR OPENDKIM# +##################################### +Last updated: Apr 30, 2015 by Steve Jenkins (steve@stevejenkins.com) + +Generating keys for OpenDKIM +============================ +After installing the opendkim package, you MUST generate a pair of keys (public and private) before +attempting to start the opendkim service. + +A valid private key must exist in the location expected by /etc/opendkim.conf before the service will start. + +A matching public key must be included in your domain's DNS records before remote systems can validate +your outgoing mail's DKIM signature. + + +Generating Keys Automatically +============================= +To automatically create a pair of default keys for the local domain, do: + +% sudo /usr/sbin/opendkim-default-keygen + +The default keygen script will attempt to fetch the local domain name, generate a private and public key for +the domain, then save them in /etc/opendkim/keys as default.private and default.txt with the proper +ownership and permissions. + +NOTE: The default key generation script MUST be run by a privileged user (or root). Otherwise, the resulting +private key ownership and permissions will not be correct. + + +Generating Keys Manually +======================== +A privileged user (or root) can manually generate a set of keys by doing the following: + +1) Create a directory to store the new keys: + +% sudo mkdir /etc/opendkim/keys/example.com + +2) Generate keys in that directory for a specific domain name and selector: + +% sudo /usr/sbin/opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default + +3) Set the proper ownership for the directory and private key: + +% sudo chown -R root:opendkim /etc/opendkim/keys/example.com + +4) Set secure permissions for the private key: + +% sudo chmod 640 /etc/opendkim/keys/example.com/default.private + +5) Set standard permissions for the public key: + +% sudo chmod 644 /etc/opendkim/keys/example.com/default.txt + + +Updating Key Location(s) in Configuration Files +=============================================== +If you run the opendkim-default-keygen script, the default keys will be saved in /etc/opendkim/keys as +default.private and default.txt, which is the location expected by the default /etc/opendkim.conf file. + +If you manually generate your own keys, you must update the key location and name in /etc/opendkim.conf +before attempting to start the opendkim service. + +Using OpenDKIM with SQL Datasets +================================ +OpenDKIM on RedHat-based systems relies on OpenDBX for database access. Depending on which database you use, +you may have to manually install one of the following OpenDBX subpackages (all of which are available via yum): + +- opendbx-firebird +- opendbx-mssql +- opendbx-mysql +- opendbx-postgresql +- opendbx-sqlite +- opendbx-sqlite2 +- opendbx-sybase + +If you have OpenDKIM configured to use SQL datasets on a systemd-based server, it might also be necessary to start +the opendkim service after the database servers by referencing your database unit file(s) in the "After" section of +the OpenDKIM unit file. + +For example, if using both MariaDB and PostgreSQL, in /usr/lib/systemd/system/opendkim.service change: + +After=network.target nss-lookup.target syslog.target + +to: + +After=network.target nss-lookup.target syslog.target mariadb.service postgresql.service + + +Additional Configuration Help +============================= +For help configuring your MTA (Postfix, Sendmail, etc.) with OpenDKIM, setting up DNS records with your +public DKIM key, as well as instructions on configuring OpenDKIM to sign outgoing mail for multiple +domains, follow the how-to at: + +http://wp.me/p1iGgP-ou + +Official documentation for OpenDKIM is available at http://opendkim.org/ + +OpenDKIM mailing lists are available at http://lists.opendkim.org/ + +### diff --git a/SigningTable b/SigningTable new file mode 100644 index 0000000..e8161a1 --- /dev/null +++ b/SigningTable @@ -0,0 +1,25 @@ +# OPENDKIM SIGNING TABLE +# This table controls how to apply one or more signatures to outgoing messages based +# on the address found in the From: header field. In simple terms, this tells +# OpenDKIM "how" to apply your keys. + +# To use this file, uncomment the SigningTable option in /etc/opendkim.conf, +# then uncomment one of the usage examples below and replace example.com with your +# domain name, then restart OpenDKIM. + +# WILDCARD EXAMPLE +# Enables signing for any address on the listed domain(s), but will work only if +# "refile:/etc/opendkim/SigningTable" is included in /etc/opendkim.conf. +# Create additional lines for additional domains. + +#*@example.com default._domainkey.example.com + +# NON-WILDCARD EXAMPLE +# If "file:" (instead of "refile:") is specified in /etc/opendkim.conf, then +# wildcards will not work. Instead, full user@host is checked first, then simply host, +# then user@.domain (with all superdomains checked in sequence, so "foo.example.com" +# would first check "user@foo.example.com", then "user@.example.com", then "user@.com"), +# then .domain, then user@*, and finally *. See the opendkim.conf(5) man page under +# "SigningTable" for more details. + +#example.com default._domainkey.example.com diff --git a/TrustedHosts b/TrustedHosts new file mode 100644 index 0000000..7a086d4 --- /dev/null +++ b/TrustedHosts @@ -0,0 +1,9 @@ +# OPENDKIM TRUSTED HOSTS +# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts +# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts +# may be added on separate lines (IP addresses, hostnames, or CIDR ranges). +# The localhost IP (127.0.0.1) should always be the first entry in this file. +127.0.0.1 +::1 +#host.example.com +#192.168.1.0/24 diff --git a/opendkim.conf b/opendkim.conf new file mode 100644 index 0000000..ed2c3de --- /dev/null +++ b/opendkim.conf @@ -0,0 +1,133 @@ +## BASIC OPENDKIM CONFIGURATION FILE +## See opendkim.conf(5) or /usr/share/doc/opendkim/opendkim.conf.sample for more + +## BEFORE running OpenDKIM you must: + +## - make your MTA (Postfix, Sendmail, etc.) aware of OpenDKIM +## - generate keys for your domain (if signing) +## - edit your DNS records to publish your public keys (if signing) + +## See /usr/share/doc/opendkim/INSTALL for detailed instructions. + +## DEPRECATED CONFIGURATION OPTIONS +## +## The following configuration options are no longer valid. They should be +## removed from your existing configuration file to prevent potential issues. +## Failure to do so may result in opendkim being unable to start. +## +## Removed in 2.10.0: +## AddAllSignatureResults +## ADSPAction +## ADSPNoSuchDomain +## BogusPolicy +## DisableADSP +## LDAPSoftStart +## LocalADSP +## NoDiscardableMailTo +## On-PolicyError +## SendADSPReports +## UnprotectedPolicy + +## CONFIGURATION OPTIONS + +## Specifies the path to the process ID file. +PidFile /var/run/opendkim/opendkim.pid + +## Selects operating modes. Valid modes are s (sign) and v (verify). Default is v. +## Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing +## messages. +Mode v + +## Log activity to the system log. +Syslog yes + +## Log additional entries indicating successful signing or verification of messages. +SyslogSuccess yes + +## If logging is enabled, include detailed logging about why or why not a message was +## signed or verified. This causes an increase in the amount of log data generated +## for each message, so set this to No (or comment it out) if it gets too noisy. +LogWhy yes + +## Attempt to become the specified user before starting operations. +UserID opendkim:opendkim + +## Create a socket through which your MTA can communicate. +Socket inet:8891@localhost + +## Required to use local socket with MTAs that access the socket as a non- +## privileged user (e.g. Postfix) +Umask 002 + +## This specifies a text file in which to store DKIM transaction statistics. +## OpenDKIM must be manually compiled with --enable-stats to enable this feature. +# Statistics /var/spool/opendkim/stats.dat + +## Specifies whether or not the filter should generate report mail back +## to senders when verification fails and an address for such a purpose +## is provided. See opendkim.conf(5) for details. +SendReports yes + +## Specifies the sending address to be used on From: headers of outgoing +## failure reports. By default, the e-mail address of the user executing +## the filter is used (executing_user@hostname). +# ReportAddress "Example.com Postmaster" + +## Add a DKIM-Filter header field to messages passing through this filter +## to identify messages it has processed. +SoftwareHeader yes + +## SIGNING OPTIONS + +## Selects the canonicalization method(s) to be used when signing messages. +Canonicalization relaxed/relaxed + +## Domain(s) whose mail should be signed by this filter. Mail from other domains will +## be verified rather than being signed. Uncomment and use your domain name. +## This parameter is not required if a SigningTable is in use. +# Domain example.com + +## Defines the name of the selector to be used when signing messages. +Selector default + +## Specifies the minimum number of key bits for acceptable keys and signatures. +MinimumKeyBits 1024 + +## Gives the location of a private key to be used for signing ALL messages. This +## directive is ignored if KeyTable is enabled. +KeyFile /etc/opendkim/keys/default.private + +## Gives the location of a file mapping key names to signing keys. In simple terms, +## this tells OpenDKIM where to find your keys. If present, overrides any KeyFile +## directive in the configuration file. Requires SigningTable be enabled. +# KeyTable /etc/opendkim/KeyTable + +## Defines a table used to select one or more signatures to apply to a message based +## on the address found in the From: header field. In simple terms, this tells +## OpenDKIM how to use your keys. Requires KeyTable be enabled. +# SigningTable refile:/etc/opendkim/SigningTable + +## Identifies a set of "external" hosts that may send mail through the server as one +## of the signing domains without credentials as such. +# ExternalIgnoreList refile:/etc/opendkim/TrustedHosts + +## Identifies a set "internal" hosts whose mail should be signed rather than verified. +# InternalHosts refile:/etc/opendkim/TrustedHosts + +## Contains a list of IP addresses, CIDR blocks, hostnames or domain names +## whose mail should be neither signed nor verified by this filter. See man +## page for file format. +# PeerList X.X.X.X + +## Always oversign From (sign using actual From and a null From to prevent +## malicious signatures header fields (From and/or others) between the signer +## and the verifier. From is oversigned by default in the Fedora package +## because it is often the identity key used by reputation systems and thus +## somewhat security sensitive. +OversignHeaders From + +## Instructs the DKIM library to maintain its own local cache of keys and +## policies retrieved from DNS, rather than relying on the nameserver for +## caching service. Useful if the nameserver being used by the filter is +## not local. +# QueryCache yes diff --git a/opendkim.spec b/opendkim.spec index a884fb4..17c7da5 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -1,52 +1,36 @@ -%global systemd (0%{?fedora} >= 18) || (0%{?rhel} >= 7) %global upname OpenDKIM %global bigname OPENDKIM +%global full_version 2.11.0-Beta2 + Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail Name: opendkim Version: 2.11.0 -Release: 0.11%{?dist} +Release: 0.12%{?dist} License: BSD and Sendmail URL: http://%{name}.org/ -Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.Alpha0.tar.gz +Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/%{full_version}.tar.gz +Source1: opendkim.conf +Source2: opendkim.sysconfig +Source3: SigningTable +Source4: KeyTable +Source5: TrustedHosts +Source6: README.fedora -# https://sourceforge.net/p/opendkim/patches/35/ -# https://sourceforge.net/p/opendkim/patches/37/ -# Patches rediffed and combined (both modify configure) -Patch0: %{name}.ticket35+37.patch -Patch1: %{name}.lua_load_dump.patch +Patch0: opendkim.lua_load_dump.patch # Required for all versions Requires: lib%{name}%{?_isa} = %{version}-%{release} BuildRequires: openssl-devel, libtool, pkgconfig, libbsd, libbsd-devel, opendbx-devel, lua-devel Requires(pre): shadow-utils -%if %systemd -# Required for systemd %{?systemd_requires} BuildRequires: systemd BuildRequires: libdb-devel, libmemcached-devel -%else -# Required for SysV -Requires(post): chkconfig -Requires(preun): chkconfig, initscripts -Requires(postun): initscripts -BuildRequires: db4-devel -%endif - -# sendmail-devel renamed for F26+ -%if 0%{?fedora} > 25 + BuildRequires: sendmail-milter-devel -%else -BuildRequires: sendmail-devel -%endif -%if 0%{?rhel} == 5 -Requires(post): policycoreutils -%else BuildRequires: openldap-devel -%endif - %description %{upname} allows signing and/or verification of email through an open source @@ -71,20 +55,15 @@ This package contains the static libraries, headers, and other support files required for developing applications against libopendkim. %prep -%autosetup -p1 +%autosetup -p1 -n %{upname}-%{full_version} %build +autoreconf -iv # Always use system libtool instead of pacakge-provided one to # properly handle 32 versus 64 bit detection and settings %define LIBTOOL LIBTOOL=`which libtool` -%if %systemd -# Configure with options available to systemd %configure --with-odbx --with-db --with-libmemcached --with-openldap --enable-query_cache --with-lua -%else -# Configure with options available to SysV -%configure --with-odbx --with-db --with-openldap --enable-query_cache --with-lua -%endif # Remove rpath sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool @@ -96,316 +75,21 @@ install -d %{buildroot}%{_sysconfdir} install -d %{buildroot}%{_sysconfdir}/sysconfig install -m 0755 contrib/init/redhat/%{name}-default-keygen %{buildroot}%{_sbindir}/%{name}-default-keygen -%if %systemd install -d -m 0755 %{buildroot}%{_unitdir} install -m 0644 contrib/systemd/%{name}.service %{buildroot}%{_unitdir}/%{name}.service -%else -install -d %{buildroot}%{_initrddir} -install -m 0755 contrib/init/redhat/%{name} %{buildroot}%{_initrddir}/%{name} -%endif - -cat > %{buildroot}%{_sysconfdir}/%{name}.conf << 'EOF' -## BASIC %{bigname} CONFIGURATION FILE -## See %{name}.conf(5) or %{_defaultdocdir}/%{name}/%{name}.conf.sample for more - -## BEFORE running %{upname} you must: - -## - make your MTA (Postfix, Sendmail, etc.) aware of %{upname} -## - generate keys for your domain (if signing) -## - edit your DNS records to publish your public keys (if signing) - -## See %{_defaultdocdir}/%{name}/INSTALL for detailed instructions. - -## DEPRECATED CONFIGURATION OPTIONS -## -## The following configuration options are no longer valid. They should be -## removed from your existing configuration file to prevent potential issues. -## Failure to do so may result in %{name} being unable to start. -## -## Removed in 2.10.0: -## AddAllSignatureResults -## ADSPAction -## ADSPNoSuchDomain -## BogusPolicy -## DisableADSP -## LDAPSoftStart -## LocalADSP -## NoDiscardableMailTo -## On-PolicyError -## SendADSPReports -## UnprotectedPolicy - -## CONFIGURATION OPTIONS - -## Specifies the path to the process ID file. -PidFile %{_localstatedir}/run/%{name}/%{name}.pid - -## Selects operating modes. Valid modes are s (sign) and v (verify). Default is v. -## Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing -## messages. -Mode v - -## Log activity to the system log. -Syslog yes - -## Log additional entries indicating successful signing or verification of messages. -SyslogSuccess yes - -## If logging is enabled, include detailed logging about why or why not a message was -## signed or verified. This causes an increase in the amount of log data generated -## for each message, so set this to No (or comment it out) if it gets too noisy. -LogWhy yes - -## Attempt to become the specified user before starting operations. -UserID %{name}:%{name} - -## Create a socket through which your MTA can communicate. -Socket inet:8891@localhost - -## Required to use local socket with MTAs that access the socket as a non- -## privileged user (e.g. Postfix) -Umask 002 - -## This specifies a text file in which to store DKIM transaction statistics. -## %{upname} must be manually compiled with --enable-stats to enable this feature. -# Statistics %{_localstatedir}/spool/%{name}/stats.dat - -## Specifies whether or not the filter should generate report mail back -## to senders when verification fails and an address for such a purpose -## is provided. See opendkim.conf(5) for details. -SendReports yes - -## Specifies the sending address to be used on From: headers of outgoing -## failure reports. By default, the e-mail address of the user executing -## the filter is used (executing_user@hostname). -# ReportAddress "Example.com Postmaster" - -## Add a DKIM-Filter header field to messages passing through this filter -## to identify messages it has processed. -SoftwareHeader yes - -## SIGNING OPTIONS - -## Selects the canonicalization method(s) to be used when signing messages. -Canonicalization relaxed/relaxed - -## Domain(s) whose mail should be signed by this filter. Mail from other domains will -## be verified rather than being signed. Uncomment and use your domain name. -## This parameter is not required if a SigningTable is in use. -# Domain example.com - -## Defines the name of the selector to be used when signing messages. -Selector default - -## Specifies the minimum number of key bits for acceptable keys and signatures. -MinimumKeyBits 1024 - -## Gives the location of a private key to be used for signing ALL messages. This -## directive is ignored if KeyTable is enabled. -KeyFile %{_sysconfdir}/%{name}/keys/default.private - -## Gives the location of a file mapping key names to signing keys. In simple terms, -## this tells %{upname} where to find your keys. If present, overrides any KeyFile -## directive in the configuration file. Requires SigningTable be enabled. -# KeyTable %{_sysconfdir}/%{name}/KeyTable - -## Defines a table used to select one or more signatures to apply to a message based -## on the address found in the From: header field. In simple terms, this tells -## %{upname} how to use your keys. Requires KeyTable be enabled. -# SigningTable refile:%{_sysconfdir}/%{name}/SigningTable - -## Identifies a set of "external" hosts that may send mail through the server as one -## of the signing domains without credentials as such. -# ExternalIgnoreList refile:%{_sysconfdir}/%{name}/TrustedHosts - -## Identifies a set "internal" hosts whose mail should be signed rather than verified. -# InternalHosts refile:%{_sysconfdir}/%{name}/TrustedHosts - -## Contains a list of IP addresses, CIDR blocks, hostnames or domain names -## whose mail should be neither signed nor verified by this filter. See man -## page for file format. -# PeerList X.X.X.X - -## Always oversign From (sign using actual From and a null From to prevent -## malicious signatures header fields (From and/or others) between the signer -## and the verifier. From is oversigned by default in the Fedora package -## because it is often the identity key used by reputation systems and thus -## somewhat security sensitive. -OversignHeaders From -## Instructs the DKIM library to maintain its own local cache of keys and -## policies retrieved from DNS, rather than relying on the nameserver for -## caching service. Useful if the nameserver being used by the filter is -## not local. -# QueryCache yes -EOF +install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}.conf -%{__cat} > %{buildroot}%{_sysconfdir}/sysconfig/%{name} << 'EOF' -# Set the necessary startup options -OPTIONS="-x %{_sysconfdir}/%{name}.conf -P %{_localstatedir}/run/%{name}/%{name}.pid" - -# Set the default DKIM selector -DKIM_SELECTOR=default - -# Set the default DKIM key location -DKIM_KEYDIR=%{_sysconfdir}/%{name}/keys -EOF +install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name} mkdir -p %{buildroot}%{_sysconfdir}/%{name} -cat > %{buildroot}%{_sysconfdir}/%{name}/SigningTable << 'EOF' -# %{bigname} SIGNING TABLE -# This table controls how to apply one or more signatures to outgoing messages based -# on the address found in the From: header field. In simple terms, this tells -# %{upname} "how" to apply your keys. - -# To use this file, uncomment the SigningTable option in %{_sysconfdir}/%{name}.conf, -# then uncomment one of the usage examples below and replace example.com with your -# domain name, then restart %{upname}. - -# WILDCARD EXAMPLE -# Enables signing for any address on the listed domain(s), but will work only if -# "refile:%{_sysconfdir}/%{name}/SigningTable" is included in %{_sysconfdir}/%{name}.conf. -# Create additional lines for additional domains. - -#*@example.com default._domainkey.example.com - -# NON-WILDCARD EXAMPLE -# If "file:" (instead of "refile:") is specified in %{_sysconfdir}/%{name}.conf, then -# wildcards will not work. Instead, full user@host is checked first, then simply host, -# then user@.domain (with all superdomains checked in sequence, so "foo.example.com" -# would first check "user@foo.example.com", then "user@.example.com", then "user@.com"), -# then .domain, then user@*, and finally *. See the %{name}.conf(5) man page under -# "SigningTable" for more details. - -#example.com default._domainkey.example.com -EOF - -cat > %{buildroot}%{_sysconfdir}/%{name}/KeyTable << 'EOF' -# %{bigname} KEY TABLE -# To use this file, uncomment the #KeyTable option in %{_sysconfdir}/%{name}.conf, -# then uncomment the following line and replace example.com with your domain -# name, then restart %{upname}. Additional keys may be added on separate lines. - -#default._domainkey.example.com example.com:default:%{_sysconfdir}/%{name}/keys/default.private -EOF - -cat > %{buildroot}%{_sysconfdir}/%{name}/TrustedHosts << 'EOF' -# %{bigname} TRUSTED HOSTS -# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts -# option in %{_sysconfdir}/%{name}.conf then restart %{upname}. Additional hosts -# may be added on separate lines (IP addresses, hostnames, or CIDR ranges). -# The localhost IP (127.0.0.1) should always be the first entry in this file. -127.0.0.1 -::1 -#host.example.com -#192.168.1.0/24 -EOF - -cat > README.fedora << 'EOF' -##################################### -#FEDORA-SPECIFIC README FOR %{bigname}# -##################################### -Last updated: Apr 30, 2015 by Steve Jenkins (steve@stevejenkins.com) - -Generating keys for %{upname} -============================ -After installing the %{name} package, you MUST generate a pair of keys (public and private) before -attempting to start the %{name} service. - -A valid private key must exist in the location expected by %{_sysconfdir}/%{name}.conf before the service will start. - -A matching public key must be included in your domain's DNS records before remote systems can validate -your outgoing mail's DKIM signature. - - -Generating Keys Automatically -============================= -To automatically create a pair of default keys for the local domain, do: - -% sudo %{_sbindir}/%{name}-default-keygen - -The default keygen script will attempt to fetch the local domain name, generate a private and public key for -the domain, then save them in %{_sysconfdir}/%{name}/keys as default.private and default.txt with the proper -ownership and permissions. - -NOTE: The default key generation script MUST be run by a privileged user (or root). Otherwise, the resulting -private key ownership and permissions will not be correct. - - -Generating Keys Manually -======================== -A privileged user (or root) can manually generate a set of keys by doing the following: - -1) Create a directory to store the new keys: - -% sudo mkdir %{_sysconfdir}/%{name}/keys/example.com - -2) Generate keys in that directory for a specific domain name and selector: +install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/SigningTable -% sudo %{_sbindir}/%{name}-genkey -D %{_sysconfdir}/%{name}/keys/example.com/ -d example.com -s default +install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{name}/KeyTable -3) Set the proper ownership for the directory and private key: +install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/%{name}/TrustedHosts -% sudo chown -R root:%{name} %{_sysconfdir}/%{name}/keys/example.com - -4) Set secure permissions for the private key: - -% sudo chmod 640 %{_sysconfdir}/%{name}/keys/example.com/default.private - -5) Set standard permissions for the public key: - -% sudo chmod 644 %{_sysconfdir}/%{name}/keys/example.com/default.txt - - -Updating Key Location(s) in Configuration Files -=============================================== -If you run the %{name}-default-keygen script, the default keys will be saved in %{_sysconfdir}/%{name}/keys as -default.private and default.txt, which is the location expected by the default %{_sysconfdir}/%{name}.conf file. - -If you manually generate your own keys, you must update the key location and name in %{_sysconfdir}/%{name}.conf -before attempting to start the %{name} service. - - -Using %upname with SQL Datasets -================================ -%upname on RedHat-based systems relies on OpenDBX for database access. Depending on which database you use, -you may have to manually install one of the following OpenDBX subpackages (all of which are available via yum): - -- opendbx-firebird -- opendbx-mssql -- opendbx-mysql -- opendbx-postgresql -- opendbx-sqlite -- opendbx-sqlite2 -- opendbx-sybase - -If you have %upname configured to use SQL datasets on a systemd-based server, it might also be necessary to start -the %name service after the database servers by referencing your database unit file(s) in the "After" section of -the %upname unit file. - -For example, if using both MariaDB and PostgreSQL, in %{_unitdir}/%{name}.service change: - -After=network.target nss-lookup.target syslog.target - -to: - -After=network.target nss-lookup.target syslog.target mariadb.service postgresql.service - - -Additional Configuration Help -============================= -For help configuring your MTA (Postfix, Sendmail, etc.) with %{upname}, setting up DNS records with your -public DKIM key, as well as instructions on configuring %{upname} to sign outgoing mail for multiple -domains, follow the how-to at: - -http://wp.me/p1iGgP-ou - -Official documentation for %{upname} is available at http://%{name}.org/ - -%{upname} mailing lists are available at http://lists.%{name}.org/ - -### -EOF +cp %{SOURCE6} ./README.fedora install -p -d %{buildroot}%{_sysconfdir}/tmpfiles.d cat > %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf <<'EOF' @@ -435,40 +119,19 @@ getent passwd %{name} >/dev/null || \ exit 0 %post -%if %systemd %systemd_post %{name}.service -%else -/sbin/chkconfig --add %{name} || : -%endif %preun -%if %systemd %systemd_preun %{name}.service -%else -if [ $1 -eq 0 ]; then - service %{name} stop >/dev/null || : - /sbin/chkconfig --del %{name} || : -fi -exit 0 -%endif %postun -%if %systemd %systemd_postun_with_restart %{name}.service -%else -if [ "$1" -ge "1" ] ; then - /sbin/service %{name} condrestart >/dev/null 2>&1 || : -fi -exit 0 -%endif - -%if %systemd # For the switchover from initscript to service file %triggerun -- %{name} < 2.8.0-1 %systemd_post %{name}.service /sbin/chkconfig --del %{name} >/dev/null 2>&1 || : %systemd_postun_with_restart %{name}.service -%endif + %ldconfig_scriptlets -n libopendkim @@ -494,33 +157,25 @@ exit 0 %dir %attr(0750,%name,%{name}) %{_sysconfdir}/%{name}/keys %attr(0755,root,root) %{_sbindir}/%{name}-default-keygen -%if %systemd %attr(0644,root,root) %{_unitdir}/%{name}.service -%else -%attr(0755,root,root) %{_initrddir}/%{name} -%endif %files -n libopendkim -%if 0%{?_licensedir:1} %license LICENSE LICENSE.Sendmail -%else -%doc LICENSE LICENSE.Sendmail -%endif %doc README %{_libdir}/lib%{name}.so.* %files -n libopendkim-devel -%if 0%{?_licensedir:1} %license LICENSE LICENSE.Sendmail -%else -%doc LICENSE LICENSE.Sendmail -%endif %doc lib%{name}/docs/*.html %{_includedir}/%{name} %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %changelog +* Mon Jun 22 2020 Tomas Korbar - 2.11.0-0.12 +- Rebase to 2.11.0-beta2 version +- Clean specfile and move configuration to their own files + * Fri Apr 24 2020 Tomas Korbar - 2.11.0-0.11 - Rebuilt with lua support - Credit: Breno Brand Fernandes brandfbb@gmail.com diff --git a/opendkim.sysconfig b/opendkim.sysconfig new file mode 100644 index 0000000..0d51cce --- /dev/null +++ b/opendkim.sysconfig @@ -0,0 +1,8 @@ +# Set the necessary startup options +OPTIONS="-x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid" + +# Set the default DKIM selector +DKIM_SELECTOR=default + +# Set the default DKIM key location +DKIM_KEYDIR=/etc/opendkim/keys diff --git a/opendkim.ticket35+37.patch b/opendkim.ticket35+37.patch deleted file mode 100644 index 68115a1..0000000 --- a/opendkim.ticket35+37.patch +++ /dev/null @@ -1,173 +0,0 @@ -diff -Naur -x opendkim-2.11.0.orig/configure opendkim-2.11.0/configure ---- opendkim-2.11.0.orig/configure 2015-10-07 16:17:48.000000000 -0700 -+++ opendkim-2.11.0/configure 2016-12-20 18:47:51.662158143 -0800 -@@ -14700,13 +14700,13 @@ - - for d in $strldirs - do -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strl.h in $d/strl" >&5 --$as_echo_n "checking for strl.h in $d/strl... " >&6; } -- if test -f $d/strl/strl.h -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strl.h in $d" >&5 -+$as_echo_n "checking for strl.h in $d... " >&6; } -+ if test -f $d/strl.h - then - unset ac_cv_header_strl_h - saved_CPPFLAGS="$CPPFLAGS" -- CPPFLAGS="$CPPFLAGS -I$d/strl" -+ CPPFLAGS="$CPPFLAGS -I$d" - for ac_header in strl.h - do : - ac_fn_c_check_header_mongrel "$LINENO" "strl.h" "ac_cv_header_strl_h" "$ac_includes_default" -@@ -14724,7 +14724,7 @@ - - if test x"$strl_h_found" = x"yes" - then -- CPPFLAGS="$CPPFLAGS -I$d/strl" -+ CPPFLAGS="$CPPFLAGS -I$d" - break - fi - done -@@ -16795,77 +16795,39 @@ - fi - - -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing SSL_library_init" >&5 --$as_echo_n "checking for library containing SSL_library_init... " >&6; } --if ${ac_cv_search_SSL_library_init+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- ac_func_search_save_LIBS=$LIBS --cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ - --/* Override any GCC internal prototype to avoid an error. -- Use char because int might match the return type of a GCC -- builtin and then its argument prototype would still apply. */ --#ifdef __cplusplus --extern "C" --#endif --char SSL_library_init (); -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include - int - main () - { --return SSL_library_init (); -+SSL_library_init(); - ; - return 0; - } - _ACEOF --for ac_lib in '' ssl; do -- if test -z "$ac_lib"; then -- ac_res="none required" -- else -- ac_res=-l$ac_lib -- LIBS="-l$ac_lib $ac_func_search_save_LIBS" -- fi -- if ac_fn_c_try_link "$LINENO"; then : -- ac_cv_search_SSL_library_init=$ac_res --fi --rm -f core conftest.err conftest.$ac_objext \ -- conftest$ac_exeext -- if ${ac_cv_search_SSL_library_init+:} false; then : -- break --fi --done --if ${ac_cv_search_SSL_library_init+:} false; then : -- -+if ac_fn_c_try_link "$LINENO"; then : -+ od_have_ossl="yes"; - else -- ac_cv_search_SSL_library_init=no -+ od_have_ossl="no"; - fi --rm conftest.$ac_ext --LIBS=$ac_func_search_save_LIBS --fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_SSL_library_init" >&5 --$as_echo "$ac_cv_search_SSL_library_init" >&6; } --ac_res=$ac_cv_search_SSL_library_init --if test "$ac_res" != no; then : -- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" -- --else -- -- if test x"$enable_shared" = x"yes" -- then -- as_fn_error $? "Cannot build shared opendkim -- against static openssl libraries. -- Configure with --disable-shared -- to get this working or obtain a -- shared libssl library for -- opendkim to use." "$LINENO" 5 -- fi -+rm -f core conftest.err conftest.$ac_objext \ -+ conftest$ac_exeext conftest.$ac_ext -+ if test x"$od_have_ossl" = x"no" -+ then -+ if test x"$enable_shared" = x"yes" -+ then -+ as_fn_error $? "Cannot build shared opendkim -+ against static openssl libraries. -+ Configure with --disable-shared -+ to get this working or obtain a -+ shared libssl library for -+ opendkim to use." "$LINENO" 5 -+ fi - -- # avoid caching issue - last result of SSL_library_init -- # shouldn't be cached for this next check -- unset ac_cv_search_SSL_library_init -- LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl" -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing SSL_library_init" >&5 -+ LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl" -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing SSL_library_init" >&5 - $as_echo_n "checking for library containing SSL_library_init... " >&6; } - if ${ac_cv_search_SSL_library_init+:} false; then : - $as_echo_n "(cached) " >&6 -@@ -16923,10 +16885,7 @@ - as_fn_error $? "libssl not found" "$LINENO" 5 - fi - -- -- --fi -- -+ fi - - ac_fn_c_check_decl "$LINENO" "SHA256_DIGEST_LENGTH" "ac_cv_have_decl_SHA256_DIGEST_LENGTH" " - #include -diff -Naur -x opendkim-2.11.0.orig/opendkim/opendkim-crypto.c opendkim-2.11.0/opendkim/opendkim-crypto.c ---- opendkim-2.11.0.orig/opendkim/opendkim-crypto.c 2013-02-25 13:02:41.000000000 -0800 -+++ opendkim-2.11.0/opendkim/opendkim-crypto.c 2016-12-20 18:47:03.477027225 -0800 -@@ -222,7 +222,11 @@ - { - assert(pthread_setspecific(id_key, ptr) == 0); - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+ OPENSSL_thread_stop(); -+#else - ERR_remove_state(0); -+#endif - - free(ptr); - -@@ -392,11 +396,15 @@ - { - if (crypto_init_done) - { -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+ OPENSSL_thread_stop(); -+#else - CRYPTO_cleanup_all_ex_data(); - CONF_modules_free(); - EVP_cleanup(); - ERR_free_strings(); - ERR_remove_state(0); -+#endif - - if (nmutexes > 0) - { diff --git a/sources b/sources index 58e6a1b..4010628 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (opendkim-2.11.0.Alpha0.tar.gz) = d370fa0ab5f335338f86ce5afb0b8c13cce80c4ac5da18d0f6af6e5227e909adacd0d0e7766c0cb6ecc30803a27cd469a9e22a8b7b37f4dee47d632dbce5f832 +SHA512 (opendkim-2.11.0-0.12.fc33.src.rpm) = 4c667fdc949e7130e5735a16d2db2517cd4225e2faff4ea1541e2d7e2eff6445e91161622a7a36e4517eeb180e0c9ea66dc2b57b17bc74423e7a2b8ab78cfa1c -- cgit From 2597d642b9e0e1fedb1c5bb086be8eea277bc5d9 Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Mon, 22 Jun 2020 13:06:53 +0200 Subject: Fix sources file --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 9004201..d3f55ad 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ /opendkim.ticket226.patch /opendkim-2.11.0.Alpha0.tar.gz /opendkim-2.11.0-0.12.fc33.src.rpm +/2.11.0-Beta2.tar.gz diff --git a/sources b/sources index 4010628..0403610 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (opendkim-2.11.0-0.12.fc33.src.rpm) = 4c667fdc949e7130e5735a16d2db2517cd4225e2faff4ea1541e2d7e2eff6445e91161622a7a36e4517eeb180e0c9ea66dc2b57b17bc74423e7a2b8ab78cfa1c +SHA512 (2.11.0-Beta2.tar.gz) = 6574755db70b4959a9d6f9f854a889f3905057b8563690571a3a13b6215658b9c5ea365fa34316208c71561eefd9bdcacbccea420557d5a76a7744e98f095980 -- cgit From fd5d1e89f1d72705dddca4ac9647ecad897daaca Mon Sep 17 00:00:00 2001 From: Matt Domsch Date: Tue, 23 Jun 2020 09:36:34 -0500 Subject: Add support for lua 5.3 again, s:/var/run:/run: This restores the lua 5.3 patch, and replaces instances of /var/run (%{_localstatedir/run) with /run (%{_rundir}) everywhere. --- 0001-support-for-lua-5.3.patch | 271 +++++++++++++++++++++++++++++++++++++++++ opendkim.conf | 2 +- opendkim.spec | 13 +- opendkim.sysconfig | 2 +- 4 files changed, 280 insertions(+), 8 deletions(-) create mode 100644 0001-support-for-lua-5.3.patch diff --git a/0001-support-for-lua-5.3.patch b/0001-support-for-lua-5.3.patch new file mode 100644 index 0000000..234bcb3 --- /dev/null +++ b/0001-support-for-lua-5.3.patch @@ -0,0 +1,271 @@ +From b15794f391547a983c64afed029a883fed3c3c1c Mon Sep 17 00:00:00 2001 +From: Matt Domsch +Date: Sat, 25 Apr 2020 23:04:38 -0500 +Subject: [PATCH] support for lua 5.3 + +--- + miltertest/miltertest.c | 14 +++---- + opendkim/opendkim-lua.c | 82 +++++++++++++++++++++++++---------------- + 2 files changed, 58 insertions(+), 38 deletions(-) + +diff --git a/miltertest/miltertest.c b/miltertest/miltertest.c +index 04e50c04..37dc601d 100644 +--- a/miltertest/miltertest.c ++++ b/miltertest/miltertest.c +@@ -4009,12 +4009,12 @@ main(int argc, char **argv) + } + + /* register functions */ +-#if LUA_VERSION_NUM == 502 +- luaL_newlib(l, mt_library); ++#if LUA_VERSION_NUM >= 502 ++ luaL_newlib(l, mt_library); + lua_setglobal(l, "mt"); +-#else /* LUA_VERSION_NUM == 502 */ ++#else /* LUA_VERSION_NUM >= 502 */ + luaL_register(l, "mt", mt_library); +-#endif /* LUA_VERSION_NUM == 502 */ ++#endif /* LUA_VERSION_NUM >= 502 */ + lua_pop(l, 1); + + /* register constants */ +@@ -4163,13 +4163,13 @@ main(int argc, char **argv) + lua_setglobal(l, "SMFIF_SETSYMLIST"); + #endif /* SMFIF_SETSYMLIST */ + +-#if LUA_VERSION_NUM == 502 ++#if LUA_VERSION_NUM >= 502 + switch (lua_load(l, mt_lua_reader, (void *) &io, + script == NULL ? "(stdin)" : script, NULL)) +-#else /* LUA_VERSION_NUM == 502 */ ++#else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, mt_lua_reader, (void *) &io, + script == NULL ? "(stdin)" : script)) +-#endif /* LUA_VERSION_NUM == 502 */ ++#endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +diff --git a/opendkim/opendkim-lua.c b/opendkim/opendkim-lua.c +index 4720862c..3786aa4b 100644 +--- a/opendkim/opendkim-lua.c ++++ b/opendkim/opendkim-lua.c +@@ -285,11 +285,11 @@ dkimf_lua_alloc(void *ud, void *ptr, size_t osize, size_t nsize) + free(ptr); + return NULL; + } +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + else if (nsize != 0 && ptr == NULL) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + else if (nsize != 0 && osize == 0) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + return malloc(nsize); + } +@@ -485,12 +485,12 @@ dkimf_lua_setup_hook(void *ctx, const char *script, size_t scriptlen, + ** Register functions. + */ + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + luaL_newlib(l, dkimf_lua_lib_setup); + lua_setglobal(l, "odkim"); +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + luaL_register(l, "odkim", dkimf_lua_lib_setup); +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + lua_pop(l, 1); + + /* +@@ -532,11 +532,11 @@ dkimf_lua_setup_hook(void *ctx, const char *script, size_t scriptlen, + /* import other globals */ + dkimf_import_globals(ctx, l); + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +@@ -564,8 +564,12 @@ dkimf_lua_setup_hook(void *ctx, const char *script, size_t scriptlen, + io.lua_io_len = 0; + io.lua_io_alloc = 0; + ++#if LUA_VERSION_NUM >= 503 ++ if (lua_dump(l, dkimf_lua_writer, &io, 0) == 0) ++#else + if (lua_dump(l, dkimf_lua_writer, &io) == 0) +- { ++#endif ++ { + *keep = (void *) io.lua_io_script; + *funclen = io.lua_io_len; + } +@@ -640,12 +644,12 @@ dkimf_lua_screen_hook(void *ctx, const char *script, size_t scriptlen, + ** Register functions. + */ + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + luaL_newlib(l, dkimf_lua_lib_screen); + lua_setglobal(l, "odkim"); +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + luaL_register(l, "odkim", dkimf_lua_lib_screen); +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + lua_pop(l, 1); + + /* +@@ -677,11 +681,11 @@ dkimf_lua_screen_hook(void *ctx, const char *script, size_t scriptlen, + /* import other globals */ + dkimf_import_globals(ctx, l); + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +@@ -709,7 +713,11 @@ dkimf_lua_screen_hook(void *ctx, const char *script, size_t scriptlen, + io.lua_io_len = 0; + io.lua_io_alloc = 0; + ++#if LUA_VERSION_NUM >= 503 ++ if (lua_dump(l, dkimf_lua_writer, &io, 0) == 0) ++#else + if (lua_dump(l, dkimf_lua_writer, &io) == 0) ++#endif + { + *keep = (void *) io.lua_io_script; + *funclen = io.lua_io_len; +@@ -785,12 +793,12 @@ dkimf_lua_stats_hook(void *ctx, const char *script, size_t scriptlen, + ** Register functions. + */ + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + luaL_newlib(l, dkimf_lua_lib_stats); + lua_setglobal(l, "odkim"); +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + luaL_register(l, "odkim", dkimf_lua_lib_stats); +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + lua_pop(l, 1); + + /* +@@ -914,11 +922,11 @@ dkimf_lua_stats_hook(void *ctx, const char *script, size_t scriptlen, + /* import other globals */ + dkimf_import_globals(ctx, l); + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +@@ -946,7 +954,11 @@ dkimf_lua_stats_hook(void *ctx, const char *script, size_t scriptlen, + io.lua_io_len = 0; + io.lua_io_alloc = 0; + ++#if LUA_VERSION_NUM >= 503 ++ if (lua_dump(l, dkimf_lua_writer, &io, 0) == 0) ++#else + if (lua_dump(l, dkimf_lua_writer, &io) == 0) ++#endif + { + *keep = (void *) io.lua_io_script; + *funclen = io.lua_io_len; +@@ -1022,12 +1034,12 @@ dkimf_lua_final_hook(void *ctx, const char *script, size_t scriptlen, + ** Register functions. + */ + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + luaL_newlib(l, dkimf_lua_lib_final); + lua_setglobal(l, "odkim"); +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + luaL_register(l, "odkim", dkimf_lua_lib_final); +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + lua_pop(l, 1); + + /* +@@ -1151,11 +1163,11 @@ dkimf_lua_final_hook(void *ctx, const char *script, size_t scriptlen, + /* import other globals */ + dkimf_import_globals(ctx, l); + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +@@ -1183,7 +1195,11 @@ dkimf_lua_final_hook(void *ctx, const char *script, size_t scriptlen, + io.lua_io_len = 0; + io.lua_io_alloc = 0; + ++#if LUA_VERSION_NUM >= 503 ++ if (lua_dump(l, dkimf_lua_writer, &io, 0) == 0) ++#else + if (lua_dump(l, dkimf_lua_writer, &io) == 0) ++#endif + { + *keep = (void *) io.lua_io_script; + *funclen = io.lua_io_len; +@@ -1252,11 +1268,11 @@ dkimf_lua_db_hook(const char *script, size_t scriptlen, const char *query, + lua_pushstring(l, query); + lua_setglobal(l, "query"); + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + switch (lua_load(l, dkimf_lua_reader, (void *) &io, script, NULL)) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, dkimf_lua_reader, (void *) &io, script)) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +@@ -1284,7 +1300,11 @@ dkimf_lua_db_hook(const char *script, size_t scriptlen, const char *query, + io.lua_io_len = 0; + io.lua_io_alloc = 0; + ++#if LUA_VERSION_NUM >= 503 ++ if (lua_dump(l, dkimf_lua_writer, &io, 0) == 0) ++#else + if (lua_dump(l, dkimf_lua_writer, &io) == 0) ++#endif + { + *keep = (void *) io.lua_io_script; + *funclen = io.lua_io_len; +-- +2.25.4 + diff --git a/opendkim.conf b/opendkim.conf index ed2c3de..5933b4e 100644 --- a/opendkim.conf +++ b/opendkim.conf @@ -31,7 +31,7 @@ ## CONFIGURATION OPTIONS ## Specifies the path to the process ID file. -PidFile /var/run/opendkim/opendkim.pid +PidFile /run/opendkim/opendkim.pid ## Selects operating modes. Valid modes are s (sign) and v (verify). Default is v. ## Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing diff --git a/opendkim.spec b/opendkim.spec index 17c7da5..ab51789 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -17,7 +17,8 @@ Source4: KeyTable Source5: TrustedHosts Source6: README.fedora -Patch0: opendkim.lua_load_dump.patch +# https://github.com/trusteddomainproject/OpenDKIM/pull/70 +Patch0: 0001-support-for-lua-5.3.patch # Required for all versions Requires: lib%{name}%{?_isa} = %{version}-%{release} @@ -93,7 +94,7 @@ cp %{SOURCE6} ./README.fedora install -p -d %{buildroot}%{_sysconfdir}/tmpfiles.d cat > %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf <<'EOF' -D %{_localstatedir}/run/%{name} 0700 %{name} %{name} - +D %{_rundir}/%{name} 0700 %{name} %{name} - EOF rm -r %{buildroot}%{_prefix}/share/doc/%{name} @@ -101,7 +102,7 @@ rm %{buildroot}%{_libdir}/*.a rm %{buildroot}%{_libdir}/*.la mkdir -p %{buildroot}%{_localstatedir}/spool/%{name} -mkdir -p %{buildroot}%{_localstatedir}/run/%{name} +mkdir -p %{buildroot}%{_rundir}/%{name} mkdir -p %{buildroot}%{_sysconfdir}/%{name} mkdir %{buildroot}%{_sysconfdir}/%{name}/keys @@ -114,7 +115,7 @@ chmod 0644 contrib/convert/convert_keylist.sh %pre getent group %{name} >/dev/null || groupadd -r %{name} getent passwd %{name} >/dev/null || \ - useradd -r -g %{name} -G mail -d %{_localstatedir}/run/%{name} -s /sbin/nologin \ + useradd -r -g %{name} -G mail -d %{_rundir}/%{name} -s /sbin/nologin \ -c "%{upname} Milter" %{name} exit 0 @@ -152,7 +153,7 @@ exit 0 %{_sbindir}/* %{_mandir}/*/* %dir %attr(-,%{name},%{name}) %{_localstatedir}/spool/%{name} -%dir %attr(0775,%{name},%{name}) %{_localstatedir}/run/%{name} +%dir %attr(0775,%{name},%{name}) %{_rundir}/%{name} %dir %attr(-,root,%{name}) %{_sysconfdir}/%{name} %dir %attr(0750,%name,%{name}) %{_sysconfdir}/%{name}/keys %attr(0755,root,root) %{_sbindir}/%{name}-default-keygen @@ -290,7 +291,7 @@ exit 0 - Remove global _pkgdocdir variable - Use defaultdocdir variable in default config file - Setting permissions special mode bit explicitly in all cases for consistency -- Change /var/run/opendkim permissions to group writable for Bug #1120080 +- Change /run/opendkim permissions to group writable for Bug #1120080 * Wed Mar 25 2015 Steve Jenkins - 2.10.1-5 - Combined systemd and SysV spec files using conditionals diff --git a/opendkim.sysconfig b/opendkim.sysconfig index 0d51cce..3202bf6 100644 --- a/opendkim.sysconfig +++ b/opendkim.sysconfig @@ -1,5 +1,5 @@ # Set the necessary startup options -OPTIONS="-x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid" +OPTIONS="-x /etc/opendkim.conf -P /run/opendkim/opendkim.pid" # Set the default DKIM selector DKIM_SELECTOR=default -- cgit From 2d52d97ded798652ecfffb2621fa26850e836661 Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Wed, 24 Jun 2020 07:47:40 +0200 Subject: Rebuild with updated specfile and patch --- opendkim.lua_load_dump.patch | 107 ------------------------------------------- opendkim.spec | 9 +++- 2 files changed, 7 insertions(+), 109 deletions(-) delete mode 100644 opendkim.lua_load_dump.patch diff --git a/opendkim.lua_load_dump.patch b/opendkim.lua_load_dump.patch deleted file mode 100644 index d5ba92d..0000000 --- a/opendkim.lua_load_dump.patch +++ /dev/null @@ -1,107 +0,0 @@ -diff --git a/miltertest/miltertest.c b/miltertest/miltertest.c -index 04e50c0..c96d9e3 100644 ---- a/miltertest/miltertest.c -+++ b/miltertest/miltertest.c -@@ -4168,7 +4168,7 @@ main(int argc, char **argv) - script == NULL ? "(stdin)" : script, NULL)) - #else /* LUA_VERSION_NUM == 502 */ - switch (lua_load(l, mt_lua_reader, (void *) &io, -- script == NULL ? "(stdin)" : script)) -+ script == NULL ? "(stdin)" : script, NULL)) - #endif /* LUA_VERSION_NUM == 502 */ - { - case 0: -diff --git a/opendkim/opendkim-lua.c b/opendkim/opendkim-lua.c -index 4720862..e265ba9 100644 ---- a/opendkim/opendkim-lua.c -+++ b/opendkim/opendkim-lua.c -@@ -535,7 +535,7 @@ dkimf_lua_setup_hook(void *ctx, const char *script, size_t scriptlen, - # if LUA_VERSION_NUM == 502 - switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) - # else /* LUA_VERSION_NUM == 502 */ -- switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) -+ switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) - # endif /* LUA_VERSION_NUM == 502 */ - { - case 0: -@@ -564,7 +564,7 @@ dkimf_lua_setup_hook(void *ctx, const char *script, size_t scriptlen, - io.lua_io_len = 0; - io.lua_io_alloc = 0; - -- if (lua_dump(l, dkimf_lua_writer, &io) == 0) -+ if (lua_dump(l, dkimf_lua_writer, &io, NULL) == 0) - { - *keep = (void *) io.lua_io_script; - *funclen = io.lua_io_len; -@@ -680,7 +680,7 @@ dkimf_lua_screen_hook(void *ctx, const char *script, size_t scriptlen, - # if LUA_VERSION_NUM == 502 - switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) - # else /* LUA_VERSION_NUM == 502 */ -- switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) -+ switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) - # endif /* LUA_VERSION_NUM == 502 */ - { - case 0: -@@ -709,7 +709,7 @@ dkimf_lua_screen_hook(void *ctx, const char *script, size_t scriptlen, - io.lua_io_len = 0; - io.lua_io_alloc = 0; - -- if (lua_dump(l, dkimf_lua_writer, &io) == 0) -+ if (lua_dump(l, dkimf_lua_writer, &io, NULL) == 0) - { - *keep = (void *) io.lua_io_script; - *funclen = io.lua_io_len; -@@ -917,7 +917,7 @@ dkimf_lua_stats_hook(void *ctx, const char *script, size_t scriptlen, - # if LUA_VERSION_NUM == 502 - switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) - # else /* LUA_VERSION_NUM == 502 */ -- switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) -+ switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) - # endif /* LUA_VERSION_NUM == 502 */ - { - case 0: -@@ -946,7 +946,7 @@ dkimf_lua_stats_hook(void *ctx, const char *script, size_t scriptlen, - io.lua_io_len = 0; - io.lua_io_alloc = 0; - -- if (lua_dump(l, dkimf_lua_writer, &io) == 0) -+ if (lua_dump(l, dkimf_lua_writer, &io, NULL) == 0) - { - *keep = (void *) io.lua_io_script; - *funclen = io.lua_io_len; -@@ -1154,7 +1154,7 @@ dkimf_lua_final_hook(void *ctx, const char *script, size_t scriptlen, - # if LUA_VERSION_NUM == 502 - switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) - # else /* LUA_VERSION_NUM == 502 */ -- switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) -+ switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) - # endif /* LUA_VERSION_NUM == 502 */ - { - case 0: -@@ -1183,7 +1183,7 @@ dkimf_lua_final_hook(void *ctx, const char *script, size_t scriptlen, - io.lua_io_len = 0; - io.lua_io_alloc = 0; - -- if (lua_dump(l, dkimf_lua_writer, &io) == 0) -+ if (lua_dump(l, dkimf_lua_writer, &io, NULL) == 0) - { - *keep = (void *) io.lua_io_script; - *funclen = io.lua_io_len; -@@ -1255,7 +1255,7 @@ dkimf_lua_db_hook(const char *script, size_t scriptlen, const char *query, - # if LUA_VERSION_NUM == 502 - switch (lua_load(l, dkimf_lua_reader, (void *) &io, script, NULL)) - # else /* LUA_VERSION_NUM == 502 */ -- switch (lua_load(l, dkimf_lua_reader, (void *) &io, script)) -+ switch (lua_load(l, dkimf_lua_reader, (void *) &io, script, NULL)) - # endif /* LUA_VERSION_NUM == 502 */ - { - case 0: -@@ -1284,7 +1284,7 @@ dkimf_lua_db_hook(const char *script, size_t scriptlen, const char *query, - io.lua_io_len = 0; - io.lua_io_alloc = 0; - -- if (lua_dump(l, dkimf_lua_writer, &io) == 0) -+ if (lua_dump(l, dkimf_lua_writer, &io, NULL) == 0) - { - *keep = (void *) io.lua_io_script; - *funclen = io.lua_io_len; diff --git a/opendkim.spec b/opendkim.spec index ab51789..4e19f1f 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -6,7 +6,7 @@ Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail Name: opendkim Version: 2.11.0 -Release: 0.12%{?dist} +Release: 0.13%{?dist} License: BSD and Sendmail URL: http://%{name}.org/ Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/%{full_version}.tar.gz @@ -173,6 +173,11 @@ exit 0 %{_libdir}/pkgconfig/*.pc %changelog +* Wed Jun 24 2020 Tomas Korbar - 2.11.0-0.13 +- Change /run/opendkim permissions to group writable +- Improve the patch which adds support for lua +- Credit: mdomsch + * Mon Jun 22 2020 Tomas Korbar - 2.11.0-0.12 - Rebase to 2.11.0-beta2 version - Clean specfile and move configuration to their own files @@ -291,7 +296,7 @@ exit 0 - Remove global _pkgdocdir variable - Use defaultdocdir variable in default config file - Setting permissions special mode bit explicitly in all cases for consistency -- Change /run/opendkim permissions to group writable for Bug #1120080 +- Change /var/run/opendkim permissions to group writable for Bug #1120080 * Wed Mar 25 2015 Steve Jenkins - 2.10.1-5 - Combined systemd and SysV spec files using conditionals -- cgit From 30de10fff8fdd0d79148bf5b79f7cc17984a9007 Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Wed, 24 Jun 2020 09:23:37 +0200 Subject: Change ownership of the keys directory to root Resolves: rhbz#1711713 --- opendkim.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/opendkim.spec b/opendkim.spec index 4e19f1f..74f1003 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -6,7 +6,7 @@ Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail Name: opendkim Version: 2.11.0 -Release: 0.13%{?dist} +Release: 0.14%{?dist} License: BSD and Sendmail URL: http://%{name}.org/ Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/%{full_version}.tar.gz @@ -155,7 +155,7 @@ exit 0 %dir %attr(-,%{name},%{name}) %{_localstatedir}/spool/%{name} %dir %attr(0775,%{name},%{name}) %{_rundir}/%{name} %dir %attr(-,root,%{name}) %{_sysconfdir}/%{name} -%dir %attr(0750,%name,%{name}) %{_sysconfdir}/%{name}/keys +%dir %attr(0750,root,%{name}) %{_sysconfdir}/%{name}/keys %attr(0755,root,root) %{_sbindir}/%{name}-default-keygen %attr(0644,root,root) %{_unitdir}/%{name}.service @@ -173,6 +173,9 @@ exit 0 %{_libdir}/pkgconfig/*.pc %changelog +* Wed Jun 24 2020 Tomas Korbar - 2.11.0-0.14 +- Change ownership of the keys directory to root (#1711713) + * Wed Jun 24 2020 Tomas Korbar - 2.11.0-0.13 - Change /run/opendkim permissions to group writable - Improve the patch which adds support for lua -- cgit From fa0768b84a5cdd2318d2ab5a162824bd2941bdf3 Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Wed, 24 Jun 2020 10:16:26 +0200 Subject: Change permissions of /var/run/opendkim directory Resolves: rhbz#1744391 --- opendkim.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/opendkim.spec b/opendkim.spec index 74f1003..8142a4c 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -6,7 +6,7 @@ Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail Name: opendkim Version: 2.11.0 -Release: 0.14%{?dist} +Release: 0.15%{?dist} License: BSD and Sendmail URL: http://%{name}.org/ Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/%{full_version}.tar.gz @@ -94,7 +94,7 @@ cp %{SOURCE6} ./README.fedora install -p -d %{buildroot}%{_sysconfdir}/tmpfiles.d cat > %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf <<'EOF' -D %{_rundir}/%{name} 0700 %{name} %{name} - +D %{_rundir}/%{name} 0750 %{name} %{name} - EOF rm -r %{buildroot}%{_prefix}/share/doc/%{name} @@ -153,7 +153,7 @@ exit 0 %{_sbindir}/* %{_mandir}/*/* %dir %attr(-,%{name},%{name}) %{_localstatedir}/spool/%{name} -%dir %attr(0775,%{name},%{name}) %{_rundir}/%{name} +%dir %attr(0750,%{name},%{name}) %{_rundir}/%{name} %dir %attr(-,root,%{name}) %{_sysconfdir}/%{name} %dir %attr(0750,root,%{name}) %{_sysconfdir}/%{name}/keys %attr(0755,root,root) %{_sbindir}/%{name}-default-keygen @@ -173,6 +173,9 @@ exit 0 %{_libdir}/pkgconfig/*.pc %changelog +* Wed Jun 24 2020 Tomas Korbar - 2.11.0-0.15 +- Change permissions of /var/run/opendkim directory (#1744391) + * Wed Jun 24 2020 Tomas Korbar - 2.11.0-0.14 - Change ownership of the keys directory to root (#1711713) -- cgit From 4e3f5ed233ebd4a6ae4714c5baf3c4faa9fef80d Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Wed, 24 Jun 2020 12:31:00 +0200 Subject: Change location of tmpfiles definiton Resolves: rhbz#1736767 --- opendkim.spec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/opendkim.spec b/opendkim.spec index 8142a4c..65fc660 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -6,7 +6,7 @@ Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail Name: opendkim Version: 2.11.0 -Release: 0.15%{?dist} +Release: 0.16%{?dist} License: BSD and Sendmail URL: http://%{name}.org/ Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/%{full_version}.tar.gz @@ -92,8 +92,8 @@ install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/%{name}/TrustedHosts cp %{SOURCE6} ./README.fedora -install -p -d %{buildroot}%{_sysconfdir}/tmpfiles.d -cat > %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf <<'EOF' +install -p -d %{buildroot}/usr/lib/tmpfiles.d +cat > %{buildroot}/usr/lib/tmpfiles.d/%{name}.conf <<'EOF' D %{_rundir}/%{name} 0750 %{name} %{name} - EOF @@ -144,7 +144,7 @@ exit 0 %doc %{name}/README contrib/lua/*.lua %doc README.fedora %config(noreplace) %{_sysconfdir}/%{name}.conf -%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf +%config(noreplace) /usr/lib/tmpfiles.d/%{name}.conf %config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/SigningTable %config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/KeyTable %config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/TrustedHosts @@ -173,6 +173,9 @@ exit 0 %{_libdir}/pkgconfig/*.pc %changelog +* Wed Jun 24 2020 Tomas Korbar - 2.11.0-0.16 +- Change location of tmpfiles definiton (#1736767) + * Wed Jun 24 2020 Tomas Korbar - 2.11.0-0.15 - Change permissions of /var/run/opendkim directory (#1744391) -- cgit From 6fc72129854bce13b4f36c069f2929ec6753ba04 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jul 2020 12:41:29 +0000 Subject: - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- opendkim.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/opendkim.spec b/opendkim.spec index 65fc660..139737b 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -6,7 +6,7 @@ Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail Name: opendkim Version: 2.11.0 -Release: 0.16%{?dist} +Release: 0.17%{?dist} License: BSD and Sendmail URL: http://%{name}.org/ Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/%{full_version}.tar.gz @@ -173,6 +173,9 @@ exit 0 %{_libdir}/pkgconfig/*.pc %changelog +* Tue Jul 28 2020 Fedora Release Engineering - 2.11.0-0.17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Wed Jun 24 2020 Tomas Korbar - 2.11.0-0.16 - Change location of tmpfiles definiton (#1736767) -- cgit