From 81915150b2de3268172a1c35d3f4d0060d4cdee0 Mon Sep 17 00:00:00 2001
From: julienmalik <julienmalik@users.noreply.github.com>
Date: Wed, 15 Feb 2017 13:20:58 +0100
Subject: [PATCH 1/3] [fix] Any address in the range 127.0.0.0/8 is a valid
 loopback address

---
 src/yunohost/certificate.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py
index bd7d02962..181e8aa22 100644
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@@ -860,8 +860,8 @@ def _domain_is_resolved_locally(public_ip, domain):
         logger.debug("Couldn't get domain '%s' ip because: %s" % (domain, e))
         return False
 
-    logger.debug("Domain '%s' ip is %s, except it to be 127.0.0.1 or %s" % (domain, ip, public_ip))
-    return ip in ["127.0.0.1", public_ip]
+    logger.debug("Domain '%s' IP address is resolved to %s, expect it to be %s or in the 127.0.0.0/8 address block" % (domain, public_ip, ip))
+    return ip.startswith("127.") or ip == public_ip
 
 
 def _name_self_CA():

From 1c2de37f6338cdd35f04adecc2b6a4bc0d9b4f87 Mon Sep 17 00:00:00 2001
From: opi <opi@zeropi.net>
Date: Tue, 14 Feb 2017 16:23:49 +0100
Subject: [PATCH 2/3] [fix] Update Rmilter configuration to fix dkim signing.

---
 data/hooks/conf_regen/28-rmilter     |  9 ++++++++-
 data/templates/rmilter/rmilter.conf  | 27 +++++++++++++++++++--------
 data/templates/rmilter/ynh_dkim.conf | 14 ++++++++++++++
 3 files changed, 41 insertions(+), 9 deletions(-)
 create mode 100644 data/templates/rmilter/ynh_dkim.conf

diff --git a/data/hooks/conf_regen/28-rmilter b/data/hooks/conf_regen/28-rmilter
index 011856cd6..f505b6d99 100755
--- a/data/hooks/conf_regen/28-rmilter
+++ b/data/hooks/conf_regen/28-rmilter
@@ -7,8 +7,14 @@ do_pre_regen() {
 
   cd /usr/share/yunohost/templates/rmilter
 
+  # Install main configuration
   install -D -m 644 rmilter.conf \
     "${pending_dir}/etc/rmilter.conf"
+
+  # Install DKIM specific configuration
+  install -D -m 644 ynh_dkim.conf \
+    "${pending_dir}/etc/rmilter.conf.d/ynh_dkim.conf"
+
   # Remove old socket file (we stopped using it, since rspamd 1.3.1)
   # Regen-conf system need an empty file to delete it
   install -D -m 644 /dev/null \
@@ -21,8 +27,9 @@ do_post_regen() {
   # retrieve variables
   domain_list=$(sudo yunohost domain list --output-as plain --quiet)
 
-  # create DKIM directory
+  # create DKIM directory with proper permission
   sudo mkdir -p /etc/dkim
+  sudo chown _rmilter /etc/dkim
 
   # create DKIM key for domains
   for domain in $domain_list; do
diff --git a/data/templates/rmilter/rmilter.conf b/data/templates/rmilter/rmilter.conf
index 829d76418..dcd13e9b7 100644
--- a/data/templates/rmilter/rmilter.conf
+++ b/data/templates/rmilter/rmilter.conf
@@ -1,5 +1,21 @@
 # systemd-specific settings for rmilter
 
+# DKIM signing
+# Defined before including /etc/rmilter.conf.common because rmilter seems to be
+# unable to override dkim{} settings, even if it's already defined in
+# /etc/rmilter.conf.d/ynh_dkim.conf
+dkim {
+    enable = true;
+    domain {
+        key = /etc/dkim;
+        domain = "*";
+        selector = "mail";
+    };
+    header_canon = relaxed;
+    body_canon = relaxed;
+    sign_alg = sha256;
+};
+
 .include /etc/rmilter.conf.common
 
 # pidfile - path to pid file
@@ -7,11 +23,6 @@ pidfile = /run/rmilter/rmilter.pid;
 
 bind_socket = unix:/var/spool/postfix/run/rmilter/rmilter.sock;
 
-# DKIM signing
-dkim {
-    domain {
-        key = /etc/dkim;
-        domain = "*";
-        selector = "mail";
-    };
-};
+# include user's configuration
+.try_include /etc/rmilter.conf.local
+.try_include /etc/rmilter.conf.d/*.conf
diff --git a/data/templates/rmilter/ynh_dkim.conf b/data/templates/rmilter/ynh_dkim.conf
new file mode 100644
index 000000000..1e5598d06
--- /dev/null
+++ b/data/templates/rmilter/ynh_dkim.conf
@@ -0,0 +1,14 @@
+# DKIM signing
+# Note that DKIM signing should be done by rspamd in the near future
+# See https://github.com/vstakhov/rmilter/issues/174
+dkim {
+    enable = true;
+    domain {
+        key = /etc/dkim;
+        domain = "*";
+        selector = "mail";
+    };
+    header_canon = relaxed;
+    body_canon = relaxed;
+    sign_alg = sha256;
+};

From 82060f2082c90f52fb173095d0175331abfde79d Mon Sep 17 00:00:00 2001
From: opi <opi@zeropi.net>
Date: Sat, 18 Feb 2017 15:51:18 +0100
Subject: [PATCH 3/3] Update changelog for 2.5.6 release

---
 debian/changelog | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 42f5eb241..5f182a9de 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+yunohost (2.5.6) stable; urgency=low
+
+  [ julienmalik ]
+  * [fix] Any address in the range 127.0.0.0/8 is a valid loopback address
+
+  [ opi ]
+  * [fix] Update Rmilter configuration to fix dkim signing.
+
+ -- opi <opi@zeropi.net>  Sat, 18 Feb 2017 15:51:13 +0100
+
 yunohost (2.5.5) stable; urgency=low
 
   Hotfix release