/[packages]/cauldron/opendkim/current/SPECS/opendkim.spec
ViewVC logotype

Contents of /cauldron/opendkim/current/SPECS/opendkim.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1999982 - (show annotations) (download)
Sat Oct 21 16:31:36 2023 UTC (5 months, 3 weeks ago) by rapsys
File size: 10341 byte(s)
Separate external and internal hosts config files
1 %define major 11
2 %define libname %mklibname opendkim %{major}
3 %define develname %mklibname opendkim -d
4 %define bigname OpenDKIM
5 %define bigversion 2.11.0-Beta2
6 %define postfixdir %{_var}/spool/postfix
7
8 Name: opendkim
9 Version: 2.11.0
10 Release: %mkrel 0.beta2.2
11 Summary: DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
12 Group: System/Servers
13 License: BSD and Sendmail
14 URL: http://www.opendkim.org
15 Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/refs/tags/%{bigversion}.tar.gz
16 Patch0: opendkim-2.10.3-fix-pidfile-path.patch
17 Patch1: opendkim-2.10.3-change-default-crypto-settings.patch
18 BuildRequires: sendmail-devel
19 BuildRequires: db-devel
20 BuildRequires: pkgconfig(openssl)
21 BuildRequires: pkgconfig(libbsd)
22 BuildRequires: pkgconfig(libmemcached)
23 BuildRequires: pkgconfig(opendbx)
24
25 %description
26 OpenDKIM allows signing and/or verification of email through an open source
27 library that implements the DKIM service, plus a milter-based filter
28 application that can plug in to any milter-aware MTA, including sendmail,
29 Postfix, or any other MTA that supports the milter protocol.
30
31 %package -n %{libname}
32 Summary: An open source DKIM library
33 Group: System/Servers
34
35 %description -n %{libname}
36 This package contains the library files required for running services built
37 using libopendkim.
38
39 %package -n %{develname}
40 Summary: Development files for lib%{name}
41 Group: Development/Other
42
43 %description -n %{develname}
44 This package contains the static libraries, headers, and other support files
45 required for developing applications against libopendkim.
46
47 %prep
48 %setup -q -D -n %{bigname}-%{bigversion}
49 %autopatch -p1
50
51 %build
52 autoreconf -f -i
53 # Always use system libtool instead of pacakge-provided one to
54 # properly handle 32 versus 64 bit detection and settings
55 #define LIBTOOL LIBTOOL=`which libtool`
56
57 %configure --with-libmemcached --with-db --with-odbx --enable-query_cache
58
59 # Remove rpath
60 %{__sed} -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
61 %{__sed} -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
62 %make_build
63
64 %install
65 %make_install
66 install -d %{buildroot}%{_sysconfdir}
67 install -m 0755 contrib/init/redhat/%{name}-default-keygen %{buildroot}%{_sbindir}/%{name}-default-keygen
68
69 install -d -m 0755 %{buildroot}%{_unitdir}
70 install -m 0644 contrib/systemd/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
71 perl -pi -e 's|^(ExecReload=)|ExecStartPost=+%{_bindir}/systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf\n$1|' %{buildroot}%{_unitdir}/%{name}.service
72
73 install -m 0644 opendkim/%{name}.conf.sample %{buildroot}%{_sysconfdir}/%{name}.conf
74 perl -pi -e 's|^# (Canonicalization)(\t+)simple/simple|$1$2relaxed/relaxed|;
75 s|^# (PidFile\t+)filename|$1%{_rundir}/%{name}/%{name}.pid|;
76 s|^(KeyFile)(\t+)/var/db/dkim/example.private|$1$2%{_sysconfdir}/%{name}/keys/default.private|;
77 s|^(Selector)(\t+)my-selector-name|$1$2default|;
78 s|^(Socket)(\t+)inet:port\@localhost|# $1$2inet:8891\@localhost\n$1$2local:%{postfixdir}%{_rundir}/%{name}/%{name}.sock|;
79 s|^# (OverSignHeaders\t+)(header1,header2,...)|# $1$2\n$1\tFrom|;
80 s|^(# KeyTable\t+)dataset|$1%{_sysconfdir}/%{name}/key_table.conf|;
81 s|^(# SigningTable\t+)filename|$1refile:%{_sysconfdir}/%{name}/signing_table.conf|;
82 s|^(# ExternalIgnoreList\t+)filename|$1refile:%{_sysconfdir}/%{name}/external_hosts.conf|;
83 s|^# (InternalHosts\t+)dataset|$1refile:%{_sysconfdir}/%{name}/internal_hosts.conf|;
84 s|^(Syslog\t+Yes)|# $1|;
85 ' %{buildroot}%{_sysconfdir}/%{name}.conf
86
87 install -d %{buildroot}%{_sysconfdir}/%{name}
88
89 %{__cat} > %{buildroot}%{_sysconfdir}/%{name}/external_hosts.conf << 'EOF'
90 # %{bigname} EXTERNAL HOSTS
91 # To use this file, uncomment the #ExternalIgnoreList option in
92 # %{_sysconfdir}/%{name}.conf then restart opendkim. Additional hosts
93 # may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
94 #host.example.com
95 #192.168.1.0/24
96 EOF
97
98 %{__cat} > %{buildroot}%{_sysconfdir}/%{name}/internal_hosts.conf << 'EOF'
99 # %{bigname} INTERNAL HOSTS
100 # To use this file, uncomment the #InternalHosts option in
101 # %{_sysconfdir}/%{name}.conf then restart opendkim. Additional hosts
102 # may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
103 # The localhost IP (127.0.0.1) should always be the first entry in this file.
104 127.0.0.1
105 ::1
106 EOF
107
108 %{__cat} > %{buildroot}%{_sysconfdir}/%{name}/key_table.conf << 'EOF'
109 # %{bigname} KEY TABLE
110 # To use this file, uncomment the #KeyTable option in %{_sysconfdir}/%{name}.conf,
111 # then uncomment the following line and replace example.com with your domain
112 # name, then restart opendkim. Additional keys may be added on separate lines.
113
114 #default._domainkey.example.com example.com:default:%{_sysconfdir}/%{name}/keys/default.private
115 EOF
116
117 %{__cat} > %{buildroot}%{_sysconfdir}/%{name}/signing_table.conf << 'EOF'
118 # %{bigname} SIGNING TABLE
119 # This table controls how to apply one or more signatures to outgoing messages based
120 # on the address found in the From: header field. In simple terms, this tells
121 # opendkim "how" to apply your keys.
122
123 # To use this file, uncomment the SigningTable option in %{_sysconfdir}/%{name}.conf,
124 # then uncomment one of the usage examples below and replace example.com with your
125 # domain name, then restart opendkim.
126
127 # WILDCARD EXAMPLE
128 # Enables signing for any address on the listed domain(s), but will work only if
129 # "refile:%{_sysconfdir}/%{name}/SigningTable" is included in %{_sysconfdir}/%{name}.conf.
130 # Create additional lines for additional domains.
131
132 #*@example.com default._domainkey.example.com
133
134 # NON-WILDCARD EXAMPLE
135 # If "file:" (instead of "refile:") is specified in %{_sysconfdir}/%{name}.conf, then
136 # wildcards will not work. Instead, full user@host is checked first, then simply host,
137 # then user@.domain (with all superdomains checked in sequence, so "foo.example.com"
138 # would first check "user@foo.example.com", then "user@.example.com", then "user@.com"),
139 # then .domain, then user@*, and finally *. See the %{name}.conf(5) man page under
140 # "SigningTable" for more details.
141
142 #example.com default._domainkey.example.com
143 EOF
144
145 cat << 'EOF' | perl -pe 'chomp if eof' > README.urpmi
146 %{bigname} is now installed.
147
148 Configuration keys in %{_sysconfdir}/%{name}.conf:
149 #Change default operating mode set to sign and verify if required
150 Mode sv
151 #KeyTable used to declare domain and key matching pairs
152 KeyTable %{_sysconfdir}/%{name}/key_table.conf
153 #SigningTable used to declare address and domain matching pairs
154 SigningTable refile:%{_sysconfdir}/%{name}/signing_table.conf
155 #Change socket type if required
156 # Socket inet:8891@localhost
157 Socket local:%{postfixdir}%{_rundir}/%{name}/%{name}.sock
158
159 Configure message filter in %{_sysconfdir}/postfix/main.cf:
160 # smtpd_milters = inet:localhost:8891
161 smtpd_milters = unix:%{_rundir}/%{name}/%{name}.sock
162 non_smtpd_milters = $smtpd_milters
163 milter_default_action = accept
164 milter_protocol = 6
165
166 Enable the service with:
167 # systemctl enable %{name}.service
168
169 Start the service with:
170 # systemctl restart %{name}.service
171
172 Generating keys manually:
173 # mkdir -m 0755 %{_sysconfdir}/%{name}/keys/example.com
174 # %{_sbindir}/%{name}-genkey -D %{_sysconfdir}/%{name}/keys/example.com/ -d example.com -s default
175 # chown -R root:%{name} %{_sysconfdir}/%{name}/keys/example.com/default.{private,txt}
176 # chmod 0640 %{_sysconfdir}/%{name}/keys/example.com/default.private
177 # chmod 0644 %{_sysconfdir}/%{name}/keys/example.com/default.txt
178
179 Using opendkim with SQL Datasets:
180 # urpmi opendbx-(firebird|mssql|mysql|postgresql|sqlite|sqlite2|sybase)
181 It will require to configure to start after the database service in %{_unitdir}/%{name}.service:
182 After=network.target nss-lookup.target syslog.target (mysqld|postgresql).service
183
184 Additional configuration help:
185 https://www.stevejenkins.com/blog/2011/08/installing-opendkim-rpm-via-yum-with-postfix-or-sendmail-for-rhel-centos-fedora/
186 http://wp.me/p1iGgP-ou
187 http://opendkim.org
188 http://lists.opendkim.org
189 EOF
190
191 install -p -d %{buildroot}%{_tmpfilesdir}
192 cat > %{buildroot}%{_tmpfilesdir}/%{name}.conf <<'EOF'
193 d %{_rundir}/%{name} 0755 %{name} %{name} -
194 d %{postfixdir}%{_rundir}/%{name} 0755 %{name} %{name} -
195 z %{postfixdir}%{_rundir}/%{name}/%{name}.sock 0664 %{name} postfix -
196 EOF
197
198 rm -rf %{buildroot}%{_prefix}/share/doc/%{name}
199 rm -f %{buildroot}%{_libdir}/*.a
200 rm -f %{buildroot}%{_libdir}/*.la
201
202 install -d %{buildroot}%{_localstatedir}/spool/%{name}
203 install -d %{buildroot}/run/%{name}
204 install -d %{buildroot}%{_sysconfdir}/%{name}
205 install -d -m 755 %{buildroot}%{_sysconfdir}/%{name}/keys
206
207 install -m 755 stats/%{name}-reportstats %{buildroot}%{_prefix}/sbin/%{name}-reportstats
208 sed -i \
209 -e 's|^OPENDKIMSTATSDIR="/var/db/%{name}"|OPENDKIMSTATSDIR="%{_localstatedir}/spool/%{name}"|g' \
210 -e 's|^OPENDKIMDATOWNER="mailnull:mailnull"|OPENDKIMDATOWNER="%{name}:%{name}"|g' \
211 %{buildroot}%{_prefix}/sbin/%{name}-reportstats
212
213 chmod 0644 contrib/convert/convert_keylist.sh
214
215 %pre
216 %_pre_useradd opendkim /run/opendkim /bin/false
217
218 %post
219 %_post_service %{name}
220 %_tmpfilescreate %{name}
221
222 # Generate default key on install
223 if [ "$1" -eq "1" ]; then
224 %{_sbindir}/opendkim-default-keygen > /dev/null 2>&1 || /bin/true
225 fi
226
227 %preun
228 %_preun_service %{name}
229
230 %files
231 %doc LICENSE LICENSE.Sendmail
232 %doc FEATURES KNOWNBUGS RELEASE_NOTES RELEASE_NOTES.Sendmail INSTALL
233 %doc contrib/convert/convert_keylist.sh %{name}/*.sample
234 %doc %{name}/%{name}.conf.simple-verify %{name}/%{name}.conf.simple
235 %doc %{name}/README contrib/lua/*.lua
236 %doc README.urpmi
237 %config(noreplace) %{_sysconfdir}/%{name}.conf
238 %config(noreplace) %{_tmpfilesdir}/%{name}.conf
239 %dir %{_sysconfdir}/%{name}
240 %dir %{_sysconfdir}/%{name}/keys
241 %config(noreplace) %attr(0640,root,opendkim) %{_sysconfdir}/%{name}/external_hosts.conf
242 %config(noreplace) %attr(0640,root,opendkim) %{_sysconfdir}/%{name}/internal_hosts.conf
243 %config(noreplace) %attr(0640,root,opendkim) %{_sysconfdir}/%{name}/key_table.conf
244 %config(noreplace) %attr(0640,root,opendkim) %{_sysconfdir}/%{name}/signing_table.conf
245 %{_sbindir}/*
246 %{_mandir}/*/*
247 %dir %attr(-,opendkim,opendkim) %{_localstatedir}/spool/%{name}
248 %{_unitdir}/%{name}.service
249
250 %files -n %{libname}
251 %doc LICENSE LICENSE.Sendmail
252 %doc README
253 %{_libdir}/lib%{name}.so.*
254
255 %files -n %{develname}
256 %doc LICENSE LICENSE.Sendmail
257 %doc lib%{name}/docs/*.html
258 %{_includedir}/%{name}
259 %{_libdir}/*.so
260 %{_libdir}/pkgconfig/*.pc

  ViewVC Help
Powered by ViewVC 1.1.30