mail-filter/opendkim: new revision to overhaul service scripts.

The OpenRC service script has been largely rewritten in this revision,
to solve a number of problems:

  * The PID file is now stored securely (bug 629914).

  * Different PID files are used for multiple instances (bug 536162).

  * The detection of boolean options in the config file is more robust,
    allowing "1", "0", "yes", "false", et cetera.

  * The socket is now located in a conf.d file, rather than parsed from
    the config file. The service script ensures that the directory
    containing the socket has the correct permissions, and the conf.d
    file comes with a big warning to that effect. Note that the (commented-
    out) example directory IS NOT shared with the PID file.

  * An error is thrown if we can't remove a stale socket.

  * Modern OpenRC service script standards have been adopted.

Some minor changes have been made to the systemd service for
consistency, but none of them have been tested. More work needs to be
done here anyway; for example, we most likely want a tmpfiles.d entry
for the local socket directory if the user configures one. This should
be documented in opendkim.service.conf, and tested by someone who uses
systemd.

Closes: https://bugs.gentoo.org/536162
Bug: https://bugs.gentoo.org/629914
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11

6 files changed, 109 insertions, 67 deletions

diff --git a/mail-filter/opendkim/files/opendkim-r2.service b/mail-filter/opendkim/files/opendkim-r3.service
index 006ff822d7f9..a102c0a69006 100644
--- a/mail-filter/opendkim/files/opendkim-r2.service
+++ b/mail-filter/opendkim/files/opendkim-r3.service
@@ -4,7 +4,7 @@ Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:op
 After=network.target nss-lookup.target syslog.target
 
 [Service]
-ExecStart=/usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf
+ExecStart=/usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf -p $OPENDKIM_SOCKET
 ExecReload=/bin/kill -USR1 $MAINPID
 RuntimeDirectory=opendkim
 RuntimeDirectoryMode=0750
diff --git a/mail-filter/opendkim/files/opendkim.confd b/mail-filter/opendkim/files/opendkim.confd
new file mode 100644
index 000000000000..03bb8d88e2b5
--- /dev/null
+++ b/mail-filter/opendkim/files/opendkim.confd
@@ -0,0 +1,18 @@
+# This overrides the "Socket" line in your opendkim.conf configuration
+# file, and is required (so that we don't have to try to parse the
+# configuration file in an init script). The default below listens
+# on the network.
+#
+# If you would rather use a local (UNIX) socket, try the following:
+#
+# WARNING: The directory containing this socket will have its owner
+#          changed to "opendkim".
+#
+#OPENDKIM_SOCKET="local:/run/opendkim/opendkim.sock"
+#
+# More examples of valid socket syntax can be found in the opendkim(8)
+# man page, under the "-p socketspec" option. However -- contrary to
+# what that man page says -- if you want to use a local socket, the
+# "local:" prefix is not optional here.
+#
+OPENDKIM_SOCKET="inet:8891@localhost"
diff --git a/mail-filter/opendkim/files/opendkim.init.r4 b/mail-filter/opendkim/files/opendkim.init.r4
deleted file mode 100644
index 8c349b85dd31..000000000000
--- a/mail-filter/opendkim/files/opendkim.init.r4
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-CONFFILE=/etc/opendkim/${SVCNAME}.conf
-
-depend() {
-	use dns logger net
-	before mta
-}
-
-check_cfg() {
-
-	PIDFILE=$(sed -ne 's/^[[:space:]]*PidFile[[:space:]]\+//p' "${CONFFILE}")
-	local PIDDIR="${PIDFILE%/*}"
-	if [ ! -d  "${PIDDIR}" ] ; then
-		checkpath -q -d -o opendkim:opendkim -m 0755 "${PIDDIR}" || return 1
-	fi
-	if [ ! -f "${CONFFILE}" ] ; then
-		eerror "Configuration file ${CONFFILE} is missing"
-		return 1
-	fi
-	if [ -z "${PIDFILE}" ] ; then
-		eerror "Configuration file needs PidFile setting - recommend adding 'PidFile /var/run/opendkim/${SVCNAME}.pid' to ${CONFFILE}"
-		return 1
-	fi
-
-	if egrep -q '^[[:space:]]*Background[[:space:]]+no' "${CONFFILE}" ; then
-		eerror "${SVCNAME} service cannot run with Background key set to yes!"
-		return 1
-	fi
-}
-
-start() {
-	check_cfg || return 1
-	
-	# Remove stalled Unix socket if no other process is using it
-	local UNIX_SOCKET=$(sed -ne 's/^[[:space:]]*Socket[[:space:]]\+\(unix\|local\)://p' "${CONFFILE}")
-
-	if [ -S "${UNIX_SOCKET}" ] && ! fuser -s "${UNIX_SOCKET}"; then
-		rm "${UNIX_SOCKET}"
-	fi
-
-	ebegin "Starting OpenDKIM"
-	start-stop-daemon --start --pidfile "${PIDFILE}" \
-		--exec /usr/sbin/opendkim -- -x "${CONFFILE}"
-	eend $?
-}
-
-stop() {
-	check_cfg || return 1
-	ebegin "Stopping OpenDKIM"
-	start-stop-daemon --stop --pidfile "${PIDFILE}"
-	eend $?
-}
diff --git a/mail-filter/opendkim/files/opendkim.init.r5 b/mail-filter/opendkim/files/opendkim.init.r5
new file mode 100644
index 000000000000..ad45f420e3c4
--- /dev/null
+++ b/mail-filter/opendkim/files/opendkim.init.r5
@@ -0,0 +1,73 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+CONFFILE="/etc/opendkim/${RC_SVCNAME}.conf"
+required_files="${CONFFILE}"
+
+command="/usr/sbin/opendkim"
+pidfile="/run/${RC_SVCNAME}.pid"
+command_args="-P ${pidfile} -x ${CONFFILE} -p ${OPENDKIM_SOCKET}"
+
+depend() {
+	use dns logger net
+	before mta
+}
+
+check_cfg() {
+	#
+	# The opendkim.conf man page says,
+	#
+	#   For parameters that are Boolean in nature, only the first byte
+	#   of the value is processed... For negative values, the following
+	#   are accepted: "F", "f", "N", "n", "0".'
+	#
+	if grep --quiet '^[[:space:]]*Background[[:space:]]\+[FfNn0]' \
+			"${CONFFILE}"; then
+		eerror "${RC_SVCNAME} cannot run in the foreground!"
+		return 1
+	fi
+}
+
+start_pre() {
+	# If this isn't a restart, make sure that the user's config isn't
+	# busted before we try to start the daemon (this will produce
+	# better error messages than if we just try to start it blindly).
+	#
+	# If, on the other hand, this *is* a restart, then the stop_pre
+	# action will have ensured that the config is usable and we don't
+	# need to do that again.
+	if [ "${RC_CMD}" != "restart" ]; then
+		check_cfg || return $?
+	fi
+
+	if [ -S "${OPENDKIM_SOCKET}" ] && ! fuser -s "${OPENDKIM_SOCKET}"; then
+		# Remove stalled Unix socket if no other process is
+		# using it
+		if ! rm "${UNIX_SOCKET}"; then
+			eerror "failed to remove stale unix socket ${OPENDKIM_SOCKET}"
+			return 2
+		fi
+	fi
+
+	# This relies on the "local:" prefix being there, but the conf.d
+	# file explicitly states that it's not optional (contrary to what
+	# the opendkim(8) man page says).
+	if [ "${OPENDKIM_SOCKET#local:}" != "${OPENDKIM_SOCKET}" ]; then
+		# The socket begins with "local:"
+		OPENDKIM_SOCKET_PATH="${OPENDKIM_SOCKET#local:}"
+		OPENDKIM_SOCKET_DIR="${OPENDKIM_SOCKET_PATH%/*}"
+
+		# This is dangerous, but there's a big warning about it
+		# in the conf.d file.
+		checkpath --directory --owner opendkim "${OPENDKIM_SOCKET_DIR}"
+	fi
+}
+
+stop_pre() {
+	# If this is a restart, check to make sure the user's config
+	# isn't busted before we stop the running daemon.
+	if [ "${RC_CMD}" = "restart" ]; then
+		check_cfg || return $?
+	fi
+}
diff --git a/mail-filter/opendkim/files/opendkim.service.conf b/mail-filter/opendkim/files/opendkim.service.conf
new file mode 100644
index 000000000000..380ba22ac941
--- /dev/null
+++ b/mail-filter/opendkim/files/opendkim.service.conf
@@ -0,0 +1,2 @@
+[Service]
+Environment="OPENDKIM_SOCKET=inet:8891@localhost"
diff --git a/mail-filter/opendkim/opendkim-2.10.3-r6.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r7.ebuild
index b375078ae110..ec539e9dbc5b 100644
--- a/mail-filter/opendkim/opendkim-2.10.3-r6.ebuild
+++ b/mail-filter/opendkim/opendkim-2.10.3-r7.ebuild
@@ -53,13 +53,15 @@ pkg_setup() {
 src_prepare() {
 	default
 
-	sed -i -e 's:/var/db/dkim:/etc/opendkim:g' \
-		   -e 's:/var/db/opendkim:/var/lib/opendkim:g' \
-		   -e 's:/etc/mail:/etc/opendkim:g' \
-		   -e 's:mailnull:opendkim:g' \
-		   -e 's:^#[[:space:]]*PidFile.*:PidFile /run/opendkim/opendkim.pid:' \
-		   opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \
-		   stats/opendkim-reportstats{,.in} || die
+	# We delete the "Socket" setting because it's overridden by our
+	# conf.d file.
+	sed -e 's:/var/db/dkim:/etc/opendkim:g' \
+		-e 's:/var/db/opendkim:/var/lib/opendkim:g' \
+		-e 's:/etc/mail:/etc/opendkim:g' \
+		-e 's:mailnull:opendkim:g' \
+		-e '/^[[:space:]]*Socket/d' \
+		-i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \
+		stats/opendkim-reportstats{,.in} || die
 
 	sed -i -e 's:dist_doc_DATA:dist_html_DATA:' libopendkim/docs/Makefile.am \
 		|| die
@@ -120,8 +122,10 @@ src_install() {
 
 	dosbin stats/opendkim-reportstats
 
-	newinitd "${FILESDIR}/opendkim.init.r4" opendkim
-	systemd_newunit "${FILESDIR}/opendkim-r2.service" opendkim.service
+	newinitd "${FILESDIR}/opendkim.init.r5" opendkim
+	newconfd "${FILESDIR}/opendkim.confd" opendkim
+	systemd_newunit "${FILESDIR}/opendkim-r3.service" opendkim.service
+	systemd_install_serviced "${FILESDIR}/${PN}.service.conf" "${PN}.service"
 
 	dodir /etc/opendkim
 	keepdir /var/lib/opendkim
@@ -192,8 +196,8 @@ pkg_config() {
 	# MTA configuration
 	echo
 	einfo "If you are using Postfix, add following lines to your main.cf:"
-	einfo "  smtpd_milters     = unix:/var/run/opendkim/opendkim.sock"
-	einfo "  non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock"
+	einfo "  smtpd_milters     = unix:/run/opendkim/opendkim.sock"
+	einfo "  non_smtpd_milters = unix:/run/opendkim/opendkim.sock"
 	einfo "  and read http://www.postfix.org/MILTER_README.html"
 
 	# DNS configuration