On Sat, Aug 24, 2019 at 09:10:18PM +0200, Martijn van Duren wrote: > On 8/24/19 12:20 PM, Stuart Henderson wrote: > > On 2019/08/24 11:52, Antoine Jacoutot wrote: > >> On Sat, Aug 24, 2019 at 09:42:10AM +0100, Stuart Henderson wrote: > >>> On 2019/08/24 06:37, Martijn van Duren wrote: > >>>> $ cat pkg/DESCR > >>>> filter-dkim is an opensmtpd filter that signs email with a dkim > >>>> signature. > >>>> $ > >>>> > >>>> Since I'm not too familiar with ports I would like to pay special > >>>> attention to the Makefile of both the port as well as the source. > >>>> > >>>> Also, I currently host the release tarballs at my personal server, which > >>>> I also use for generic other stuff and might not always be available. > >>>> If someone from the ports team has a more stable location to host the > >>>> release tarballs let me know. > >>>> > >>>> Furthermore smtpd.conf allows for filters to be run as another user > >>>> (currently undocumented). I know we're tight for uids, but can we > >>>> reserve one for this port, so we can protect the dkim signing key from > >>>> the smtpd users? > >>> > >>> Maybe it makes sense to use a shared uid for the other filters, but > >>> it sounds reasonable to assign a new uid for this one. > > Thanks. Diff below reserves one. > As for Gilles' suggestion to reserve one for all filters in general, I'm > not convinced that's needed, since user _smtpd in general can't do much > damage. > >>> > >>>> Or could it be possible to share a uid with another > >>>> port with similar purpose? E.g. dkimproxy? > >>> > >>> Definitely prefer not to do that. > >>> > >>> Ports UIDs need a more general solution rather than trying to conserve the > >>> odd 1 or 2 here and there. > > It was just an idea to scrape the barrel considering any bit might help. > >> > >> Maybe we could also reserve a directory in ports (e.g. > >> mail/opensmtpd-filter)? > >> So we can have: > >> mail/opensmtpd-filter/dkim > >> mail/opensmtpd-filter/dnsbl > >> and so on... > >> > >> -- > >> Antoine > >> > > > > Yes please! > > > I don't mind doing it that way.
Make it opensmtpd-filter*s* I guess :-) > > Index: infrastructure/db/user.list > =================================================================== > RCS file: /cvs/ports/infrastructure/db/user.list,v > retrieving revision 1.350 > diff -u -p -r1.350 user.list > --- infrastructure/db/user.list 2 Aug 2019 21:59:35 -0000 1.350 > +++ infrastructure/db/user.list 24 Aug 2019 19:08:18 -0000 > @@ -349,3 +349,4 @@ id user group port options > 838 _i2pd _i2pd net/i2pd > 839 _exabgp _exabgp net/exabgp > 840 _dma _dma mail/dma > +841 _smtpd_dkim _smtpd_dkim mail/opensmtpd-filter/dkim -- Antoine
