Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Thanks to me not understanding some things about systemd service files and how they interacted with opendkim (and incomplete testing on my part), the package, as released for stretch, is pretty non-functional. The attached fixes things. Thanks, Scott K
diff -Nru opendkim-2.11.0~alpha/debian/changelog opendkim-2.11.0~alpha/debian/changelog --- opendkim-2.11.0~alpha/debian/changelog 2017-05-22 18:10:16.000000000 -0400 +++ opendkim-2.11.0~alpha/debian/changelog 2017-09-03 20:38:52.000000000 -0400 @@ -1,3 +1,14 @@ +opendkim (2.11.0~alpha-10+deb9u1) stretch; urgency=medium + + * Update opendkim service file so that /etc/opendkim.conf is used (Closes: + #864162) + * Start as root and drop privileges in opendkim so proper key file + ownership works correctly + * Add new options to /etc/opendkim.conf to match the above service file + changes + + -- Scott Kitterman <sc...@kitterman.com> Sun, 03 Sep 2017 20:22:45 -0400 + opendkim (2.11.0~alpha-10) unstable; urgency=medium * Do not remove /etc/default/opendkim on upgrade since it is a conffile diff -Nru opendkim-2.11.0~alpha/debian/opendkim.conf opendkim-2.11.0~alpha/debian/opendkim.conf --- opendkim-2.11.0~alpha/debian/opendkim.conf 2017-01-21 00:58:41.000000000 -0500 +++ opendkim-2.11.0~alpha/debian/opendkim.conf 2017-09-03 20:17:50.000000000 -0400 @@ -19,6 +19,29 @@ #Mode sv #SubDomains no +# Socket smtp://localhost +# +# ## Socket socketspec +# ## +# ## Names the socket where this filter should listen for milter connections +# ## from the MTA. Required. Should be in one of these forms: +# ## +# ## inet:port@address to listen on a specific interface +# ## inet:port to listen on all interfaces +# ## local:/path/to/socket to listen on a UNIX domain socket +# +#Socket inet:8892@localhost +Socket local:/var/run/opendkim/opendkim.sock + +## PidFile filename +### default (none) +### +### Name of the file where the filter should write its pid before beginning +### normal operations. +# +PidFile /var/run/opendkim/opendkim.pid + + # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge @@ -47,3 +70,11 @@ ## at http://unbound.net for the expected format of this file. TrustAnchorFile /usr/share/dns/root.key + +## Userid userid +### default (none) +### +### Change to user "userid" before starting normal operation? May include +### a group ID as well, separated from the userid by a colon. +# +UserID opendkim diff -Nru opendkim-2.11.0~alpha/debian/opendkim.service opendkim-2.11.0~alpha/debian/opendkim.service --- opendkim-2.11.0~alpha/debian/opendkim.service 2017-01-21 00:45:58.000000000 -0500 +++ opendkim-2.11.0~alpha/debian/opendkim.service 2017-09-03 20:17:50.000000000 -0400 @@ -6,9 +6,8 @@ [Service] Type=forking PIDFile=/var/run/opendkim/opendkim.pid -User=opendkim UMask=0007 -ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock +ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf Restart=on-failure ExecReload=/bin/kill -USR1 $MAINPID
