1 |
commit: db3f841d797fc4d27befc756e1acf30dbb00035d |
2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Mar 31 21:11:47 2019 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Mar 31 21:12:22 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db3f841d |
7 |
|
8 |
mail-filter/opendkim: add "UMask 0117" to the config by default. |
9 |
|
10 |
Ralph and I have been discussing the best way to handle a local UNIX |
11 |
socket. One thing that we both agree on is that, regardless of the |
12 |
other details, the daemon should be running with a UMask of 0117 to |
13 |
create the socket group-writable but otherwise private. And since the |
14 |
opendkim(8) man page says that the UMask is used only for the socket, |
15 |
there's no reason we shouldn't add it to the default configuration. In |
16 |
other words, it doesn't hurt anything if you're *not* using a local |
17 |
socket. This is one fewer thing that we need to document. |
18 |
|
19 |
Bug: https://bugs.gentoo.org/575666 |
20 |
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org> |
21 |
Package-Manager: Portage-2.3.62, Repoman-2.3.11 |
22 |
|
23 |
mail-filter/opendkim/opendkim-2.10.3-r9.ebuild | 8 +++++++- |
24 |
1 file changed, 7 insertions(+), 1 deletion(-) |
25 |
|
26 |
diff --git a/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild |
27 |
index 841184ed46b..9a9ff14612a 100644 |
28 |
--- a/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild |
29 |
+++ b/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild |
30 |
@@ -140,7 +140,13 @@ src_install() { |
31 |
echo "# For use with unbound" >> "${T}/opendkim.conf" || die |
32 |
echo "#TrustAnchorFile /etc/dnssec/root-anchors.txt" \ |
33 |
>> "${T}/opendkim.conf" || die |
34 |
- echo UserID opendkim >> "${T}/opendkim.conf" || die |
35 |
+ echo "UserID opendkim" >> "${T}/opendkim.conf" || die |
36 |
+ |
37 |
+ # The UMask is really only used for the PID file (root:root) and the |
38 |
+ # local UNIX socket, if you're using one. It should be 0117 for the |
39 |
+ # socket, so we might as well set that unconditionally here. |
40 |
+ echo "UMask 0117" >> "${T}/opendkim.conf" || die |
41 |
+ |
42 |
insinto /etc/opendkim |
43 |
doins "${T}/opendkim.conf" |
44 |
} |