On 2025-11-11 16:15:25, Eray Aslan wrote: > On Mon, Nov 10, 2025 at 06:50:54PM +0200, Joonas Niilola wrote: > > the following packages are up for grabs: > [...] > > dev-python/dkimpy > > I'll take it. I'll also add dev-python/dkimpy-milter and > dev-python/pymilter to the tree so that we have a simple email > signer/verifier
>From my TODO list (the same issue is present in spf-engine, which I maintain, but we don't install the milter yet): The dkimpy-milter daemon is intended to start as root and drop privileges to a user/group specified in the config file. It does this AFTER creating a PID file, but for some reason it chowns the PID file (as root) to the user/group that it intends to drop privileges to. When you eventually stop the daemon, OpenRC trusts the PID in the file, and that allows the unprivileged user to e.g. reboot the machine by writing "1" in there. I mentioned this upstream, and launching as root was a design decision to support reading secret keys before dropping privileges, so the usual workaround of running PID-less in the foreground as the unprivileged user (a la systemd) is not feasible. But you should be able to patch out the problematic chown() calls and confirm that everything still works fine under our two init systems.
