diff options
| -rw-r--r-- | testing/opendmarc/APKBUILD | 19 | ||||
| -rw-r--r-- | testing/opendmarc/config-defaults.patch | 175 | ||||
| -rw-r--r-- | testing/opendmarc/opendmarc.initd | 32 | ||||
| -rw-r--r-- | testing/opendmarc/opendmarc.pre-install | 5 |
4 files changed, 228 insertions, 3 deletions
diff --git a/testing/opendmarc/APKBUILD b/testing/opendmarc/APKBUILD index c5aacd1d10..064f9d64bb 100644 --- a/testing/opendmarc/APKBUILD +++ b/testing/opendmarc/APKBUILD @@ -8,12 +8,16 @@ url="http://www.trusteddomain.org/opendmarc/" arch="all" license="BSD-3-Clause Sendmail" makedepends="libmilter-dev libspf2-dev" -subpackages="$pkgname-doc $pkgname-dev $pkgname-libs" +pkgusers="$pkgname" +install="$pkgname.pre-install" +subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-openrc" source="https://downloads.sourceforge.net/project/$pkgname/$pkgname-$pkgver.tar.gz netdb_defines.patch fix-153-duplicate-dkim-auth_result-sections.patch fix-193-sql-strict-mode-compatibility.patch dmarcfail-fix-shebang.patch + config-defaults.patch + $pkgname.initd " builddir="$srcdir/$pkgname-$pkgver" @@ -49,12 +53,21 @@ package() { make DESTDIR="$pkgdir" install + cd "$pkgdir" + + install -m 644 -D "$builddir"/opendmarc/opendmarc.conf.sample \ + ./etc/$pkgname/opendmarc.conf + install -m 755 -D "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname + install -m 750 -o $pkgusers -g mail -d ./var/spool/$pkgname + # Not needed, standard SPDX licenses. - rm -Rf "$pkgdir"/usr/share/doc/$pkgname/LICENSE* + rm -Rf ./usr/share/doc/$pkgname/LICENSE* } sha512sums="6045fb7d2be8f0ffdeca07324857d92908a41c6792749017c2fcc1058f05f55317b1919c67c780827dd7094ec8fff2e1fa4aeb5bab7ff7461537957af2652748 opendmarc-1.3.2.tar.gz a6808ac27264c84a8f7210ccc67f03028bc3644542c4def30824e6342a3fb207615c7b4b21f38084523df0b4dd777fbb6e9d3802bb50b41d3c5b0ce29ebfeff7 netdb_defines.patch 90036e48151d054e43e68f739c4a9cb029b5a698910a566a59148673f9a3329ba7550038fba73538309bf7c43374615819f0351623f273c1ef139129fb2bc5fc fix-153-duplicate-dkim-auth_result-sections.patch b9b7ce647f58e28f28862aa70b43c23579c453ecf839fde57524826193b099c4865e1da0b97eb7bcccf169c9343fd8f1187de4bbad37e1920561c790ac0ca7c2 fix-193-sql-strict-mode-compatibility.patch -a8585104490d42ecb2acce40df2e36fc5ed6155fecb16a9de5606703b1b3f5fc7f84f2933350fa3ff8f7da133bc251f30dc33b9c1310bc64e801179de68df026 dmarcfail-fix-shebang.patch" +a8585104490d42ecb2acce40df2e36fc5ed6155fecb16a9de5606703b1b3f5fc7f84f2933350fa3ff8f7da133bc251f30dc33b9c1310bc64e801179de68df026 dmarcfail-fix-shebang.patch +ea19017a1e2cab4fe388bca45f44f2f3d71c3212e7f5b312e13e0b7af7cd4180bf5ec1e441e65f0ac33e8d98241b4d980a56fe8afc16a443d304cfab06d2bd95 config-defaults.patch +db4a9c79bbf4c54ae70a61d1501b1fb044b2242b43b82b34365b1c1e45429290f3aa89a78711e9fae5518753ddb3e15de2ef68118dae275ed6a6d6be9b2c03ec opendmarc.initd" diff --git a/testing/opendmarc/config-defaults.patch b/testing/opendmarc/config-defaults.patch new file mode 100644 index 0000000000..65aa823e30 --- /dev/null +++ b/testing/opendmarc/config-defaults.patch @@ -0,0 +1,175 @@ +Change defaults based on Fedora and openSUSE packages. + +Also remove options for supervisor and options that need root privileges +(we use OpenRC for process supervising and dropping privileges). + +--- a/opendmarc/opendmarc.conf.sample ++++ b/opendmarc/opendmarc.conf.sample +@@ -24,7 +24,7 @@ + ## provided, the name of the host running the filter (as returned by the + ## gethostname(3) function) will be used. + # +-# AuthservID name ++AuthservID HOSTNAME + + ## AuthservIDWithJobID { true | false } + ## default "false" +@@ -35,46 +35,6 @@ + # + # AuthservIDWithJobID false + +-## AutoRestart { true | false } +-## default "false" +-## +-## Automatically re-start on failures. Use with caution; if the filter fails +-## instantly after it starts, this can cause a tight fork(2) loop. +-# +-# AutoRestart false +- +-## AutoRestartCount n +-## default 0 +-## +-## Sets the maximum automatic restart count. After this number of automatic +-## restarts, the filter will give up and terminate. A value of 0 implies no +-## limit. +-# +-# AutoRestartCount 0 +- +-## AutoRestartRate n/t[u] +-## default (no limit) +-## +-## Sets the maximum automatic restart rate. If the filter begins restarting +-## faster than the rate defined here, it will give up and terminate. This +-## is a string of the form n/t[u] where n is an integer limiting the count +-## of restarts in the given interval and t[u] defines the time interval +-## through which the rate is calculated; t is an integer and u defines the +-## units thus represented ("s" or "S" for seconds, the default; "m" or "M" +-## for minutes; "h" or "H" for hours; "d" or "D" for days). For example, a +-## value of "10/1h" limits the restarts to 10 in one hour. There is no +-## default, meaning restart rate is not limited. +-# +-# AutoRestartRate n/t[u] +- +-## Background { true | false } +-## default "true" +-## +-## Causes opendmarc to fork and exits immediately, leaving the service +-## running in the background. +-# +-# Background true +- + ## BaseDirectory (string) + ## default (none) + ## +@@ -84,18 +44,8 @@ + ## directory. It's also useful for arranging that any crash dumps will be + ## saved to a specific location. + # +-# BaseDirectory /var/run/opendmarc ++BaseDirectory /run/opendmarc + +-## ChangeRootDirectory (string) +-## default (none) +-## +-## Requests that the operating system change the effective root directory of +-## the process to the one specified here prior to beginning execution. +-## chroot(2) requires superuser access. A warning will be generated if +-## UserID is not also set. +-# +-# ChangeRootDirectory /var/chroot/opendmarc +- + ## CopyFailuresTo (string) + ## default (none) + ## +@@ -175,7 +125,7 @@ + ## rather periodically imported into a relational database from which the + ## aggregate reports can be extracted by a tool such as opendmarc-import(8). + # +-# HistoryFile /var/run/opendmarc.dat ++# HistoryFile /var/spool/opendmarc/opendmarc.dat + + ## IgnoreAuthenticatedClients { true | false } + ## default "false" +@@ -193,7 +143,7 @@ + ## connections are to be ignored by the filter. If not specified, defaults + ## to "127.0.0.1" only. + # +-# IgnoreHosts /usr/local/etc/opendmarc/ignore.hosts ++# IgnoreHosts /etc/opendmarc/ignore.hosts + + ## IgnoreMailFrom domain[,...] + ## default (none) +@@ -212,14 +162,6 @@ + # + # MilterDebug 0 + +-## PidFile path +-## default (none) +-## +-## Specifies the path to a file that should be created at process start +-## containing the process ID. +-# +-# PidFile /var/run/opendmarc.pid +- + ## PublicSuffixList path + ## default (none) + ## +@@ -284,7 +226,7 @@ + ## either in the configuration file or on the command line. If an IP + ## address is used, it must be enclosed in square brackets. + # +-# Socket inet:8893@localhost ++Socket inet:8893@localhost + + ## SoftwareHeader { true | false } + ## default "false" +@@ -294,7 +236,7 @@ + ## delivery. The product's name, version, and the job ID are included in + ## the header field's contents. + # +-# SoftwareHeader false ++SoftwareHeader true + + ## SPFIgnoreResults { true | false } + ## default "false" +@@ -303,7 +245,7 @@ + ## message. This is useful if you want the filter to perfrom SPF checks + ## itself, or because you don't trust the arriving header. + # +-# SPFIgnoreResults false ++SPFIgnoreResults true + + ## SPFSelfValidate { true | false } + ## default false +@@ -316,14 +258,14 @@ + ## is also set, it never looks for SPF results in headers and + ## always performs the SPF check itself when this is set. + # +-# SPFSelfValidate false ++SPFSelfValidate true + + ## Syslog { true | false } + ## default "false" + ## + ## Log via calls to syslog(3) any interesting activity. + # +-# Syslog false ++Syslog true + + ## SyslogFacility facility-name + ## default "mail" +@@ -354,13 +296,4 @@ + ## specific file mode on creation regardless of the process umask. See + ## umask(2) for more information. + # +-# UMask 077 +- +-## UserID user[:group] +-## default (none) +-## +-## Attempts to become the specified userid before starting operations. +-## The process will be assigned all of the groups and primary group ID of +-## the named userid unless an alternate group is specified. +-# +-# UserID opendmarc ++UMask 007 diff --git a/testing/opendmarc/opendmarc.initd b/testing/opendmarc/opendmarc.initd new file mode 100644 index 0000000000..e67caebd8c --- /dev/null +++ b/testing/opendmarc/opendmarc.initd @@ -0,0 +1,32 @@ +#!/sbin/openrc-run +supervisor=supervise-daemon + +extra_commands="checkconfig" + +description="Domain-based Message Authentication, Reporting & Conformance (DMARC) Milter" +description_checkconfig="Check configuration file" + +: ${cfgfile:="/etc/opendmarc/$RC_SVCNAME.conf"} +: ${command_user:="opendmarc:mail"} + +command="/usr/sbin/opendmarc" +command_args="-f -c $cfgfile ${command_args:-}" +pidfile="/run/opendmarc/$RC_SVCNAME.pid" + +required_files="$cfgfile" + +depends() { + use dns logger net + before mta +} + +start_pre() { + checkpath -d -m 750 -o "$command_user" "${pidfile%/*}" || return 1 + $command -c "$cfgfile" -n +} + +checkconfig() { + ebegin "Checking $name configuration" + $command -c "$cfgfile" -n + eend $? +} diff --git a/testing/opendmarc/opendmarc.pre-install b/testing/opendmarc/opendmarc.pre-install new file mode 100644 index 0000000000..5345378ba5 --- /dev/null +++ b/testing/opendmarc/opendmarc.pre-install @@ -0,0 +1,5 @@ +#!/bin/sh + +adduser -S -D -H -h /run/opendmarc -s /sbin/nologin -G mail -g opendmarc opendmarc 2>/dev/null + +exit 0 |