mail-filter/opendkim: add "UMask 0117" to the config by default.

Ralph and I have been discussing the best way to handle a local UNIX
socket. One thing that we both agree on is that, regardless of the
other details, the daemon should be running with a UMask of 0117 to
create the socket group-writable but otherwise private. And since the
opendkim(8) man page says that the UMask is used only for the socket,
there's no reason we shouldn't add it to the default configuration. In
other words, it doesn't hurt anything if you're *not* using a local
socket. This is one fewer thing that we need to document.

Bug: https://bugs.gentoo.org/575666
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11

1 files changed, 7 insertions, 1 deletions

diff --git a/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild
index 841184ed46b9..9a9ff14612ae 100644
--- a/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild
+++ b/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild
@@ -140,7 +140,13 @@ src_install() {
 	echo "# For use with unbound" >> "${T}/opendkim.conf" || die
 	echo "#TrustAnchorFile /etc/dnssec/root-anchors.txt" \
 		 >> "${T}/opendkim.conf" || die
-	echo UserID opendkim >> "${T}/opendkim.conf" || die
+	echo "UserID opendkim" >> "${T}/opendkim.conf" || die
+
+	# The UMask is really only used for the PID file (root:root) and the
+	# local UNIX socket, if you're using one. It should be 0117 for the
+	# socket, so we might as well set that unconditionally here.
+	echo "UMask 0117" >> "${T}/opendkim.conf" || die
+
 	insinto /etc/opendkim
 	doins "${T}/opendkim.conf"
 }