On 8/25/19 11:43 AM, Antoine Jacoutot wrote: > On Sat, Aug 24, 2019 at 09:10:18PM +0200, Martijn van Duren wrote: >> On 8/24/19 12:20 PM, Stuart Henderson wrote: >>> On 2019/08/24 11:52, Antoine Jacoutot wrote: >>>> On Sat, Aug 24, 2019 at 09:42:10AM +0100, Stuart Henderson wrote: >>>>> On 2019/08/24 06:37, Martijn van Duren wrote: >>>>>> $ cat pkg/DESCR >>>>>> filter-dkim is an opensmtpd filter that signs email with a dkim >>>>>> signature. >>>>>> $ >>>>>> >>>>>> Since I'm not too familiar with ports I would like to pay special >>>>>> attention to the Makefile of both the port as well as the source. >>>>>> >>>>>> Also, I currently host the release tarballs at my personal server, which >>>>>> I also use for generic other stuff and might not always be available. >>>>>> If someone from the ports team has a more stable location to host the >>>>>> release tarballs let me know. >>>>>> >>>>>> Furthermore smtpd.conf allows for filters to be run as another user >>>>>> (currently undocumented). I know we're tight for uids, but can we >>>>>> reserve one for this port, so we can protect the dkim signing key from >>>>>> the smtpd users? >>>>> >>>>> Maybe it makes sense to use a shared uid for the other filters, but >>>>> it sounds reasonable to assign a new uid for this one. >> >> Thanks. Diff below reserves one. >> As for Gilles' suggestion to reserve one for all filters in general, I'm >> not convinced that's needed, since user _smtpd in general can't do much >> damage. >>>>> >>>>>> Or could it be possible to share a uid with another >>>>>> port with similar purpose? E.g. dkimproxy? >>>>> >>>>> Definitely prefer not to do that. >>>>> >>>>> Ports UIDs need a more general solution rather than trying to conserve the >>>>> odd 1 or 2 here and there. >> >> It was just an idea to scrape the barrel considering any bit might help. >>>> >>>> Maybe we could also reserve a directory in ports (e.g. >>>> mail/opensmtpd-filter)? >>>> So we can have: >>>> mail/opensmtpd-filter/dkim >>>> mail/opensmtpd-filter/dnsbl >>>> and so on... >>>> >>>> -- >>>> Antoine >>>> >>> >>> Yes please! >>> >> I don't mind doing it that way. > > Make it opensmtpd-filter*s* I guess :-)
No objection one way or the other. So if noone objects I'll make it so. While at it, should we also give a clearer DISTNAME? E.g. opensmtpd-filter-<subname>? Right now it's filter-..., which might not be clear to everyone that it's an smtpd filter. > >> >> Index: infrastructure/db/user.list >> =================================================================== >> RCS file: /cvs/ports/infrastructure/db/user.list,v >> retrieving revision 1.350 >> diff -u -p -r1.350 user.list >> --- infrastructure/db/user.list 2 Aug 2019 21:59:35 -0000 1.350 >> +++ infrastructure/db/user.list 24 Aug 2019 19:08:18 -0000 >> @@ -349,3 +349,4 @@ id user group port options >> 838 _i2pd _i2pd net/i2pd >> 839 _exabgp _exabgp net/exabgp >> 840 _dma _dma mail/dma >> +841 _smtpd_dkim _smtpd_dkim mail/opensmtpd-filter/dkim >
