--- dk-milter-1.0.0.dfsg.orig/debian/dk-filter.examples +++ dk-milter-1.0.0.dfsg/debian/dk-filter.examples @@ -0,0 +1 @@ +dk-filter/gentxt.csh --- dk-milter-1.0.0.dfsg.orig/debian/dk-filter.postrm +++ dk-milter-1.0.0.dfsg/debian/dk-filter.postrm @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +if [ "$1" = "purge" ]; then + if [ -x /usr/sbin/deluser ] && id -u dk-filter >/dev/null 2>&1; then + deluser --quiet dk-filter + fi +fi + +#DEBHELPER# + +exit 0 --- dk-milter-1.0.0.dfsg.orig/debian/changelog +++ dk-milter-1.0.0.dfsg/debian/changelog @@ -0,0 +1,74 @@ +dk-milter (1.0.0.dfsg-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Add missing assertion failure change for case of missing key + Closes: #481072, LP: #520612 + - Patch from 'guyver.nkama' via Launchpad + * Really create $RUNDIR in init script if it doesn't exist (change from + Ubuntu) + * Add $remote_fs to Required-Start and Required-Stop in + debian/dk-filter.init + + -- Scott Kitterman Fri, 23 Mar 2012 00:51:38 -0400 + +dk-milter (1.0.0.dfsg-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Patch from Ilya Barygin , fix FTBFS, missing -lresolv in + the libs, added in site.config.m4. Closes: #629661 + + -- Konstantinos Margaritis Wed, 01 Feb 2012 00:04:44 +0000 + +dk-milter (1.0.0.dfsg-1) unstable; urgency=low + + * New upstream version. + * Removed FFR_MULTIPLE_KEYS as it is now activated by default. + + -- Mike Markley Mon, 17 Mar 2008 00:07:10 -0700 + +dk-milter (0.6.0.dfsg-2) unstable; urgency=low + + * Install RELEASE_NOTES as upstream changelog + * Create $RUNDIR in init script if it doesn't exist + * Since the filter can be used with more MTAs than just Sendmail, + the short description has been reworded. + * Fixes for socket permissions + - Create dk-filter group and assign as primary GID of same user + in postinst + - Set umask in init script to force group writable socket + - Make rundir setgid + - Added a doc note for Postfix users who need write permissions + to the socket + * Attempt to identify & clean up after stale socket files that + can be left behind after an unclean exit + + -- Mike Markley Sat, 25 Aug 2007 19:04:34 -0700 + +dk-milter (0.6.0.dfsg-1) unstable; urgency=low + + * New upstream version + * Includes patch for issue signing/verifying mails larger than 64k + * Added SOCKET option to init script + + -- Mike Markley Tue, 05 Jun 2007 12:24:15 -0700 + +dk-milter (0.5.0.dfsg-2) unstable; urgency=low + + * Add -L/usr/lib/libmilter to confLIBDIRS to support libmilter0 -> + libmilter1 transition. Also fixes FTBFS and Closes: #423759. + + -- Mike Markley Sat, 19 May 2007 19:03:41 -0700 + +dk-milter (0.5.0.dfsg-1) unstable; urgency=low + + * Reversioned source package with .dfsg since we've repackaged it with + documents removed + + -- Mike Markley Sat, 05 May 2007 18:54:28 -0700 + +dk-milter (0.5.0-1) unstable; urgency=low + + * New upstream version + * Initial upload to Debian archive + + -- Mike Markley Sat, 21 Apr 2007 20:10:28 -0700 --- dk-milter-1.0.0.dfsg.orig/debian/dirs +++ dk-milter-1.0.0.dfsg/debian/dirs @@ -0,0 +1,4 @@ +usr/bin +usr/lib +usr/share/man/man8 +var/run/dk-filter --- dk-milter-1.0.0.dfsg.orig/debian/dk-filter.default +++ dk-milter-1.0.0.dfsg/debian/dk-filter.default @@ -0,0 +1,12 @@ +# Sane defaults: log to syslog +DAEMON_OPTS="-l" +# Sign for example.com with key in /etc/mail/domainkey.key using +# selector '2007' (e.g. 2007._domainkey.example.com) +#DAEMON_OPTS="$DAEMON_OPTS -d example.com -s /etc/mail/domainkey.key -S 2007" +# See dk-filter(8) for a complete list of options +# +# Uncomment to specify an alternate socket +#SOCKET="/var/run/dk-filter/dk-filter.sock" # default +#SOCKET="inet:54321" # listen on all interfaces on port 54321 +#SOCKET="inet:12345@localhost" # listen on loopback on port 12345 +#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345 --- dk-milter-1.0.0.dfsg.orig/debian/dk-filter.postinst +++ dk-milter-1.0.0.dfsg/debian/dk-filter.postinst @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ]; then + if ! id -u dk-filter >/dev/null 2>&1; then + adduser --quiet --system --group --home /var/run/dk-filter dk-filter + elif [ -n "$2" ] && dpkg --compare-versions "$2" lt "0.6.0.dfsg-2"; then + # Versions < 0.6.0.dfsg-2 shipped without the dk-filter group + addgroup --quiet --system dk-filter + usermod -g dk-filter dk-filter + fi + + # Set ownership if the admin has not overriden it. + if ! dpkg-statoverride --list /var/run/dk-filter >/dev/null; then + chown dk-filter:dk-filter /var/run/dk-filter + chmod g+s /var/run/dk-filter + fi +fi + +#DEBHELPER# + +exit 0 --- dk-milter-1.0.0.dfsg.orig/debian/rules +++ dk-milter-1.0.0.dfsg/debian/rules @@ -0,0 +1,63 @@ +#!/usr/bin/make -f + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +OBJDIR = obj.$(shell uname -s).$(shell uname -r).$(shell uname -m) + +configure: + +build: build-stamp + +build-stamp: $(CURDIR)/debian/site.config.m4 + dh_testdir + ./Build -f $(CURDIR)/debian/site.config.m4 + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + rm -rf $(OBJDIR) + dh_clean + +allclean: clean + rm -rf obj.* + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs -a -i + + ./Build install DESTDIR=$(CURDIR)/debian/dk-filter + -rmdir $(CURDIR)/debian/dk-filter/usr/lib + +binary-indep: build install + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs -a RELEASE_NOTES + dh_installdocs + dh_installexamples + dh_installinit + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- dk-milter-1.0.0.dfsg.orig/debian/docs +++ dk-milter-1.0.0.dfsg/debian/docs @@ -0,0 +1,3 @@ +FEATURES +KNOWNBUGS +README --- dk-milter-1.0.0.dfsg.orig/debian/copyright +++ dk-milter-1.0.0.dfsg/debian/copyright @@ -0,0 +1,85 @@ +This package was debianized by Mike Markley on +Tue, 27 Feb 2007 02:22:32 -0800. + +It was downloaded from http://sourceforge.net/projects/dk-milter + +Copyright Holder: Sendmail Inc. + +License: + SENDMAIL OPEN SOURCE LICENSE + +The following license terms and conditions apply to this open source +software ("Software"), unless a different license is obtained directly +from Sendmail, Inc. ("Sendmail") located at 6425 Christie Ave, Fourth +Floor, Emeryville, CA 94608, USA. + +Use, modification and redistribution (including distribution of any +modified or derived work) of the Software in source and binary forms is +permitted only if each of the following conditions of 1-6 are met: + +1. Redistributions of the Software qualify as "freeware" or "open + source software" under one of the following terms: + + (a) Redistributions are made at no charge beyond the reasonable + cost of materials and delivery; or + + (b) Redistributions are accompanied by a copy of the modified + Source Code (on an acceptable machine-readable medium) or by an + irrevocable offer to provide a copy of the modified Source Code + (on an acceptable machine-readable medium) for up to three years + at the cost of materials and delivery. Such redistributions must + allow further use, modification, and redistribution of the Source + Code under substantially the same terms as this license. For + the purposes of redistribution "Source Code" means the complete + human-readable, compilable, linkable, and operational source + code of the redistributed module(s) including all modifications. + +2. Redistributions of the Software Source Code must retain the + copyright notices as they appear in each Source Code file, these + license terms and conditions, and the disclaimer/limitation of + liability set forth in paragraph 6 below. Redistributions of the + Software Source Code must also comply with the copyright notices + and/or license terms and conditions imposed by contributors on + embedded code. The contributors' license terms and conditions + and/or copyright notices are contained in the Source Code + distribution. + +3. Redistributions of the Software in binary form must reproduce the + Copyright Notice described below, these license terms and conditions, + and the disclaimer/limitation of liability set forth in paragraph + 6 below, in the documentation and/or other materials provided with + the binary distribution. For the purposes of binary distribution, + "Copyright Notice" refers to the following language: "Copyright (c) + 1998-2004 Sendmail, Inc. All rights reserved." + +4. Neither the name, trademark or logo of Sendmail, Inc. (including + without limitation its subsidiaries or affiliates) or its contributors + may be used to endorse or promote products, or software or services + derived from this Software without specific prior written permission. + The name "sendmail" is a registered trademark and service mark of + Sendmail, Inc. + +5. We reserve the right to cancel this license if you do not comply with + the terms. This license is governed by California law and both of us + agree that for any dispute arising out of or relating to this Software, + that jurisdiction and venue is proper in San Francisco or Alameda + counties. These license terms and conditions reflect the complete + agreement for the license of the Software (which means this supercedes + prior or contemporaneous agreements or representations). If any term + or condition under this license is found to be invalid, the remaining + terms and conditions still apply. + +6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY + SENDMAIL AND ITS CONTRIBUTORS "AS IS" WITHOUT WARRANTY OF ANY KIND + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A + PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. IN NO EVENT SHALL SENDMAIL + OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, + OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + WITHOUT LIMITATION NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +$Revision: 1.1 $ $Date: 2007-02-27 10:35:12 $ --- dk-milter-1.0.0.dfsg.orig/debian/dk-filter.init +++ dk-milter-1.0.0.dfsg/debian/dk-filter.init @@ -0,0 +1,89 @@ +#! /bin/sh +# +### BEGIN INIT INFO +# Provides: dk-filter +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $local_fs $network +# Should-Stop: $local_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start the DomainKeys Milter service +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/bin/dk-filter +NAME=dk-filter +DESC="DomainKeys Filter" +RUNDIR=/var/run/$NAME +USER=dk-filter +GROUP=dk-filter +SOCKET=$RUNDIR/$NAME.sock +PIDFILE=$RUNDIR/$NAME.pid + +# How long to wait for the process to die on stop/restart +stoptimeout=5 + +test -x $DAEMON || exit 0 + +if [ ! -d $RUNDIR ] ; then + mkdir $RUNDIR + chown $USER $RUNDIR +fi + +# Include dk-filter defaults if available +if [ -f /etc/default/dk-filter ] ; then + . /etc/default/dk-filter +fi + +DAEMON_OPTS="-u $USER -P $PIDFILE -p $SOCKET $DAEMON_OPTS" + +start() { + # Create the run directory if it doesn't exist + if [ ! -d $RUNDIR ]; then + install -o $USER -g $GROUP -m 2755 -d $RUNDIR || return 2 + fi + # Clean up stale sockets + if [ -f $PIDFILE -a -e $SOCKET -a -S $SOCKET ]; then + pid=`cat $PIDFILE` + if ! ps -C $DAEMON -s $pid >/dev/null; then + rm $SOCKET $PIDFILE + fi + fi + UMASK=`umask` + # Force group-writable socket + umask 002 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS + # Revert to original umask out of extreme caution + umask $UMASK +} + +stop() { + start-stop-daemon --stop --retry $stoptimeout --exec $DAEMON +} + +case "$1" in + start) + echo -n "Starting $DESC: " + start + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + stop + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + stop + start + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- dk-milter-1.0.0.dfsg.orig/debian/control +++ dk-milter-1.0.0.dfsg/debian/control @@ -0,0 +1,17 @@ +Source: dk-milter +Section: mail +Priority: extra +Maintainer: Mike Markley +Build-Depends: debhelper (>= 4.0.0), m4, libmilter-dev, libssl-dev +Standards-Version: 3.7.2 + +Package: dk-filter +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser +Description: DomainKeys for Sendmail + Implements a Sendmail Mail Filter (Milter) for the DomainKeys + standard. DomainKeys provides a way for senders to confirm their + identity when sending email by adding a cryptographic signature + to the headers of the message. + . + The dk-milter implements both DomainKeys signing and verification. --- dk-milter-1.0.0.dfsg.orig/debian/site.config.m4 +++ dk-milter-1.0.0.dfsg/debian/site.config.m4 @@ -0,0 +1,7 @@ +define(`confCC', `gcc')dnl +define(`confMANROOT',`/usr/share/man/man')dnl +define(`confINSTALL_RAWMAN')dnl +define(`confDONT_INSTALL_CATMAN')dnl +define(`confENVDEF',`-D_FFR_REQUIRED_HEADERS -D_FFR_REPORTINFO')dnl +APPENDDEF(`confLIBDIRS', `-L/usr/lib/libmilter')dnl +APPENDDEF(`confLIBS', `-lresolv ')dnl --- dk-milter-1.0.0.dfsg.orig/debian/README.Debian +++ dk-milter-1.0.0.dfsg/debian/README.Debian @@ -0,0 +1,80 @@ +dk-milter for Debian +---------------------- + +Generating a key and publishing a TXT record +-------------------------------------------- + +The DomainKeys spec requires an RSA key with a length of 512, 768, +1024, 1536, or 2048 bits. 1024 is a good safe starting point. +A simple recipe for generating the private key file and the corres- +ponding public key text follows; alternately, you may use the +gentxt.csh sample script provided in the directory +/usr/share/doc/dk-filter/examples. + +$ openssl genrsa -out key 1024 +$ openssl rsa -in key -pubout -outform pem + +Note that this private key should be installed such that it's readable +only by the filter itself and any other software requiring access to +it. Anyone who is able to access it will be able to sign mail as your +domain. The maintainer's recommendation: Change the key file's ownership +to dk-filter and its permissions to 400 (read-only by owner). + +The public key will go into your DNS TXT record under the name +._domainkey. The TXT record contains a number of tag/value +pairs as described in the DKIM specification. The required p= tag +contains the PEM-formatted (that is, base64-encoded DER) public key, +no header, footer, newlines or spaces. This can be obtained using +a command line like this: + +$ openssl rsa -in key -pubout -outform pem 2>/dev/null | \ +grep -v "^-" | tr -d '\n' + +Other useful but optional flags include k= (the key type, "rsa" by +default) and t= (which can have only the flags "t" indicating testing +mode). Testing mode instructs recipients to treat signed and unsigned +email the same, allowing the generation and verifi- cation of signatures +without any action (yet) being taken. + +For example: example.com wishes to sign all of their mail with DKIM. +They choose the selector "mail" and decide, for now, to indicate that +they are in testing mode", until they've verified their configuration. +They might put the following in their DNS: + +mail._domainkey.example.com TXT "k=rsa; t=y; p=" + +In addition, DomainKeys supports the publication of domain-wide sender +policy at the top-level _domainkey space. Useful tags are t= (with +the same semantics as the key-level t= flag) and o= (which can be "~", +indicating that some mail is signed, or "-", indicating that all mail +is signed). This applices to all messages from the domain, regardless +of selector used. In the above scenario, the following policy might +be published: + +_domainkey.example.com TXT "t=y; o=~" + +Note that this is not an exhaustive list of features or tags; see below +for a link to the DomainKeys specification. + +General package notes +--------------------- + +Upstream source contains the DomainKeys historical RFC 4870. This +has been removed from the Debian source distribution but can be +found at http://ietf.org/rfc/rfc4870. + +Notes for Postfix users +----------------------- + +Postfix users who wish to access the dk-filter service via UNIX socket +(the default) may need to add their postfix user to the dk-filter +group. The socket is writable by that group. + +Users may also need to move the socket into a directory accessible by the +Postfix chroot; this can be accomplished by setting the SOCKET variable +in /etc/default/dk-filter. + +As an alternative, you may opt to connect to the filter over TCP. The +filter can be bound to localhost to prevent other hosts from accessing it. + + -- Mike Markley Tue, 5 Jun 2007 12:40:06 -0700 --- dk-milter-1.0.0.dfsg.orig/debian/compat +++ dk-milter-1.0.0.dfsg/debian/compat @@ -0,0 +1 @@ +4 --- dk-milter-1.0.0.dfsg.orig/libdk/dk.c +++ dk-milter-1.0.0.dfsg/libdk/dk.c @@ -1097,6 +1097,9 @@ if (dk->dk_key != NULL) return DK_STAT_OK; + if (dk->dk_selector == NULL) + return DK_STAT_NOKEY; + ssel = dk_sterilize(dk->dk_selector); if (ssel == NULL) {