From 685642e8bfdaff16a4f02bd40b5d2aef15b68d94 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Sat, 13 Feb 2016 23:48:48 -0800
Subject: get dkim working, closes #5924

---
 puppet/modules/opendkim/manifests/init.pp             | 13 +++++++------
 puppet/modules/opendkim/templates/opendkim.conf       |  3 ++-
 puppet/modules/site_config/manifests/x509/dkim/key.pp | 13 -------------
 3 files changed, 9 insertions(+), 20 deletions(-)
 delete mode 100644 puppet/modules/site_config/manifests/x509/dkim/key.pp

(limited to 'puppet/modules')

diff --git a/puppet/modules/opendkim/manifests/init.pp b/puppet/modules/opendkim/manifests/init.pp
index 9e67569e..e2e766e7 100644
--- a/puppet/modules/opendkim/manifests/init.pp
+++ b/puppet/modules/opendkim/manifests/init.pp
@@ -1,13 +1,15 @@
-# configure opendkim service (#5924)
+#
+# I am not sure about what issues might arise with DKIM key sizes
+# larger than 2048. It might or might not be supported. See:
+# http://dkim.org/specs/rfc4871-dkimbase.html#rfc.section.3.3.3
+#
 class opendkim {
 
   $domain_hash = hiera('domain')
   $domain      = $domain_hash['full_suffix']
   $dkim        = hiera('dkim')
-  $selector    = $dkim['dkim_selector']
-
-  include site_config::x509::dkim::key
-  $dkim_key    = "${x509::variables::keys}/dkim.key"
+  $selector    = $dkim['selector']
+  $dkim_key    = $dkim['private_key']
 
   ensure_packages(['opendkim', 'libopendkim7', 'libvbr2'])
 
@@ -23,7 +25,6 @@ class opendkim {
     enable     => true,
     hasstatus  => true,
     hasrestart => true,
-    require    => Class['Site_config::X509::Dkim::Key'],
     subscribe  => File[$dkim_key];
   }
 
diff --git a/puppet/modules/opendkim/templates/opendkim.conf b/puppet/modules/opendkim/templates/opendkim.conf
index 46ddb7a8..5a948229 100644
--- a/puppet/modules/opendkim/templates/opendkim.conf
+++ b/puppet/modules/opendkim/templates/opendkim.conf
@@ -18,7 +18,6 @@ SubDomains              yes
 # can we generate a larger key and get it in dns?
 KeyFile                 <%= @dkim_key %>
 
-# what selector do we use?
 Selector                <%= @selector %>
 
 # Commonly-used options; the commented-out versions show the defaults.
@@ -26,6 +25,8 @@ Canonicalization        relaxed
 #Mode                   sv
 #ADSPDiscard            no
 
+SignatureAlgorithm      rsa-sha256
+
 # Always oversign From (sign using actual From and a null From to prevent
 # malicious signatures header fields (From and/or others) between the signer
 # and the verifier.  From is oversigned by default in the Debian pacakge
diff --git a/puppet/modules/site_config/manifests/x509/dkim/key.pp b/puppet/modules/site_config/manifests/x509/dkim/key.pp
deleted file mode 100644
index c63a7e94..00000000
--- a/puppet/modules/site_config/manifests/x509/dkim/key.pp
+++ /dev/null
@@ -1,13 +0,0 @@
-class site_config::x509::dkim::key {
-
-  ##
-  ## This is for the DKIM key that is used exclusively for DKIM
-  ## signing
-
-  $x509 = hiera('x509')
-  $key  = $x509['dkim_key']
-
-  x509::key { 'dkim':
-    content => $key
-  }
-}
-- 
cgit v1.2.3