On 8/24/19 12:20 PM, Stuart Henderson wrote: > On 2019/08/24 11:52, Antoine Jacoutot wrote: >> On Sat, Aug 24, 2019 at 09:42:10AM +0100, Stuart Henderson wrote: >>> On 2019/08/24 06:37, Martijn van Duren wrote: >>>> $ cat pkg/DESCR >>>> filter-dkim is an opensmtpd filter that signs email with a dkim signature. >>>> $ >>>> >>>> Since I'm not too familiar with ports I would like to pay special >>>> attention to the Makefile of both the port as well as the source. >>>> >>>> Also, I currently host the release tarballs at my personal server, which >>>> I also use for generic other stuff and might not always be available. >>>> If someone from the ports team has a more stable location to host the >>>> release tarballs let me know. >>>> >>>> Furthermore smtpd.conf allows for filters to be run as another user >>>> (currently undocumented). I know we're tight for uids, but can we >>>> reserve one for this port, so we can protect the dkim signing key from >>>> the smtpd users? >>> >>> Maybe it makes sense to use a shared uid for the other filters, but >>> it sounds reasonable to assign a new uid for this one.
Thanks. Diff below reserves one. As for Gilles' suggestion to reserve one for all filters in general, I'm not convinced that's needed, since user _smtpd in general can't do much damage. >>> >>>> Or could it be possible to share a uid with another >>>> port with similar purpose? E.g. dkimproxy? >>> >>> Definitely prefer not to do that. >>> >>> Ports UIDs need a more general solution rather than trying to conserve the >>> odd 1 or 2 here and there. It was just an idea to scrape the barrel considering any bit might help. >> >> Maybe we could also reserve a directory in ports (e.g. >> mail/opensmtpd-filter)? >> So we can have: >> mail/opensmtpd-filter/dkim >> mail/opensmtpd-filter/dnsbl >> and so on... >> >> -- >> Antoine >> > > Yes please! > I don't mind doing it that way. Index: infrastructure/db/user.list =================================================================== RCS file: /cvs/ports/infrastructure/db/user.list,v retrieving revision 1.350 diff -u -p -r1.350 user.list --- infrastructure/db/user.list 2 Aug 2019 21:59:35 -0000 1.350 +++ infrastructure/db/user.list 24 Aug 2019 19:08:18 -0000 @@ -349,3 +349,4 @@ id user group port options 838 _i2pd _i2pd net/i2pd 839 _exabgp _exabgp net/exabgp 840 _dma _dma mail/dma +841 _smtpd_dkim _smtpd_dkim mail/opensmtpd-filter/dkim
