Provide complete refactoring of openDKIM script (#1812)

* provide complete refactoring of openDKIM usage and tests * fix leftover linting errors * correct defualt key size and README usage * provide independent order for arguments * added `config` and adjusted usage information * fixing shift in setup.sh * adjust usage information to use new style and rename script * use updated argument keysize instead of size
2025-08-05 02:27:15 +02:00 · 2021-02-18 10:29:34 +01:00 · 2021-02-18 10:29:34 +01:00 · 1005bb3b09
commit 1005bb3b09
parent 432f96b3a6
8 changed files with 636 additions and 468 deletions
--- a/target/bin/generate-dkim-config
+++ b/target/bin/generate-dkim-config
@ -1,96 +0,0 @@
-#! /bin/bash
-
-touch /tmp/vhost.tmp
-
-# if no keysize is provided, default to 4096
-KEYSIZE=${1:-4096}
-# optional domain names
-DOMAINS=${2:-}
-
-if [[ -z ${DOMAINS} ]]
-then
-  # getting domains FROM mail accounts
-  if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]]
-  then
-    # shellcheck disable=SC2034
-    while IFS=$'|' read -r LOGIN PASS
-    do
-      DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2)
-      echo "${DOMAIN}" >>/tmp/vhost.tmp
-    done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true)
-  fi
-
-  # getting domains FROM mail aliases
-  if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]]
-  then
-    # shellcheck disable=SC2034
-    while read -r FROM TO
-    do
-      UNAME=$(echo "${FROM}" | cut -d @ -f1)
-      DOMAIN=$(echo "${FROM}" | cut -d @ -f2)
-
-      [[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.tmp
-    done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
-  fi
-else
-  tr ',' '\n' <<< "${DOMAINS}" > /tmp/vhost.tmp
-fi
-
-# keeping unique entries
-if [[ -f /tmp/vhost.tmp ]]
-then
-  sort < /tmp/vhost.tmp | uniq >/tmp/vhost && rm /tmp/vhost.tmp
-fi
-
-# exit if no entries found
-if [[ ! -f /tmp/vhost ]]
-then
-  echo "No entries found, no keys to make"
-  exit 0
-fi
-
-while read -r DOMAINNAME
-do
-  mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
-
-  if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]]
-  then
-    echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private"
-
-    opendkim-genkey --bits="${KEYSIZE}" --subdomains --DOMAIN="${DOMAINNAME}" --selector=mail -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
-  fi
-
-  # write to KeyTable if necessary
-  KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private"
-  if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
-  then
-    echo "Creating DKIM KeyTable"
-    echo "${KEYTABLEENTRY}" > /tmp/docker-mailserver/opendkim/KeyTable
-  else
-    if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable"
-    then
-        echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable
-    fi
-  fi
-
-  # write to SigningTable if necessary
-  SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}"
-  if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
-  then
-    echo "Creating DKIM SigningTable"
-    echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
-  else
-    if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable
-    then
-      echo "${SIGNINGTABLEENTRY}" >> /tmp/docker-mailserver/opendkim/SigningTable
-    fi
-  fi
-done < <(grep -vE '^(\s*$|#)' /tmp/vhost)
-
-# creates TrustedHosts if missing
-if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]]
-then
-  echo "Creating DKIM TrustedHosts"
-  echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts
-  echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts
-fi
--- a/target/bin/open-dkim
+++ b/target/bin/open-dkim
@ -0,0 +1,194 @@
+#! /bin/bash
+
+KEYSIZE=4096
+SELECTOR=mail
+DOMAINS=
+
+function __usage
+{
+    echo -e "\e[35mOPEN-DKIM\e[31m(\e[93m8\e[31m)
+
+\e[38;5;214mNAME\e[39m
+    open-dkim - configure DomainKeys Identified Mail (DKIM)
+
+\e[38;5;214mSYNOPSIS\e[39m
+    ./setup.sh config dkim [ OPTIONS\e[31m...\e[39m ]
+
+\e[38;5;214mDESCRIPTION\e[39m
+    Configures DKIM keys. OPTIONS can be used to configure a more complex setup.
+    LDAP setups require these options.
+
+\e[38;5;214mOPTIONS\e[39m
+    \e[94mGeneric Program Information\e[39m
+        help       Print the usage information.
+
+    \e[94mConfiguration adjustments\e[39m
+        keysize    Set the size of the keys to be generated. Possible are 1024, 2024 and 4096 (default).
+        selector   Set a manual selector (default is 'mail') for the key. (\e[96mATTENTION\e[39m: NOT IMPLEMENTED YET!)
+        domains    Provide the domains for which keys are to be generated.
+
+\e[38;5;214mEXAMPLES\e[39m
+    \e[37m./setup.sh config dkim size 2048\e[39m
+        Creates keys of length 2048 bit in a default setup where domains are obtained from
+        your accounts.
+
+    \e[37m./setup.sh config dkim size 2048 selector 2021-dkim\e[39m
+        Creates keys of length 2048 bit in a default setup where domains are obtained from
+        your accounts. The DKIM selector used is '2021-dkim'.
+
+    \e[37m./setup.sh config dkim size 2048 selector 2021-dkim domain 'whoami.com,whoareyou.org'\e[39m
+        Appropriate for an LDAP setup. Creates keys of length 2048 bit in a default setup
+        where domains are obtained from your accounts. The DKIM selector used is '2021-dkim'.
+        The domains for which DKIM keys are generated are 'whoami.com' and 'whoareyou.org'.
+
+\e[38;5;214mEXIT STATUS\e[39m
+    Exit status is 0 if command was successful. If wrong arguments are provided or arguments contain
+    errors, the script will exit early with exit status 2.
+"
+}
+
+if [[ ${1:-} == 'help' ]]
+then
+  __usage
+  exit 0
+fi
+
+while [[ ${#} -gt 0 ]]
+do
+  case ${1} in
+    keysize )
+      if [[ -n ${2+'set'} ]]
+      then
+        KEYSIZE="${2}"
+        shift
+        shift
+      else
+        echo "No keysize provided after 'size' argument. Aborting." >&2
+        exit 2
+      fi
+      ;;
+
+    selector )
+      if [[ -n ${2+'set'} ]]
+      then
+        # shellcheck disable=SC2034
+        SELECTOR="${2}"
+        shift
+        shift
+      else
+        echo "No selector provided after 'selector' argument. Aborting." >&2
+        exit 2
+      fi
+      ;;
+
+    domain )
+      if [[ -n ${2+'set'} ]]
+      then
+        DOMAINS="${2}"
+        break
+        break
+      else
+        echo "No domain(s) provided after 'domain' argument. Aborting." >&2
+        exit 2
+      fi
+      ;;
+
+    * )
+      __usage
+      echo -e "\nUnknown options ${1} ${2:-}. Aborting." >&2
+      exit 2
+      ;;
+
+  esac
+done
+
+touch /tmp/vhost.dkim.tmp
+
+if [[ -z ${DOMAINS} ]]
+then
+  # getting domains FROM mail accounts
+  if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]]
+  then
+    # shellcheck disable=SC2034
+    while IFS=$'|' read -r LOGIN PASS
+    do
+      DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2)
+      echo "${DOMAIN}" >>/tmp/vhost.dkim.tmp
+    done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true)
+  fi
+
+  # getting domains FROM mail aliases
+  if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]]
+  then
+    # shellcheck disable=SC2034
+    while read -r FROM TO
+    do
+      UNAME=$(echo "${FROM}" | cut -d @ -f1)
+      DOMAIN=$(echo "${FROM}" | cut -d @ -f2)
+
+      [[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.dkim.tmp
+    done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
+  fi
+else
+  tr ',' '\n' <<< "${DOMAINS}" > /tmp/vhost.dkim.tmp
+fi
+
+sort < /tmp/vhost.dkim.tmp | uniq >/tmp/vhost
+rm /tmp/vhost.dkim.tmp
+
+if [[ ! -s /tmp/vhost ]]
+then
+  echo "No entries found, no keys to make."
+  exit 0
+fi
+
+while read -r DOMAINNAME
+do
+  mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
+
+  if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]]
+  then
+    echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private"
+
+    opendkim-genkey \
+      --bits="${KEYSIZE}" \
+      --subdomains \
+      --DOMAIN="${DOMAINNAME}" \
+      --selector=mail \
+      -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
+  fi
+
+  # write to KeyTable if necessary
+  KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private"
+  if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
+  then
+    echo "Creating DKIM KeyTable"
+    echo "${KEYTABLEENTRY}" >/tmp/docker-mailserver/opendkim/KeyTable
+  else
+    if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable"
+    then
+      echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable
+    fi
+  fi
+
+  # write to SigningTable if necessary
+  SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}"
+  if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
+  then
+    echo "Creating DKIM SigningTable"
+    echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
+  else
+    if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable
+    then
+      echo "${SIGNINGTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/SigningTable
+    fi
+  fi
+done < <(grep -vE '^(\s*$|#)' /tmp/vhost)
+
+# create TrustedHosts if missing
+if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]]
+then
+  echo "Creating DKIM TrustedHosts"
+  echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts
+  echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts
+fi