Fall back to 1024 for the DKIM key size because nsupdate is stupid

2024-09-03 20:06:10 +02:00 · 2017-08-27 19:16:25 +02:00 · 2017-08-27 19:16:25 +02:00 · e45478ff49
commit e45478ff49
parent 7979d3ae3b
3 changed files with 9 additions and 9 deletions
--- a/data/hooks/conf_regen/31-rspamd
+++ b/data/hooks/conf_regen/31-rspamd
@ -30,8 +30,10 @@ do_post_regen() {
  for domain in $domain_list; do
    domain_key="/etc/dkim/${domain}.mail.key"
    [ ! -f "$domain_key" ] && {
+      # We use a 1024 bit size because nsupdate doesn't seem to be able to
+      # handle 2048...
      sudo opendkim-genkey --domain="$domain" \
-          --selector=mail --directory=/etc/dkim
+          --selector=mail --directory=/etc/dkim -b 1024
      sudo mv /etc/dkim/mail.private "$domain_key"
      sudo mv /etc/dkim/mail.txt "/etc/dkim/${domain}.mail.txt"
    }
--- a/src/yunohost/domain.py
+++ b/src/yunohost/domain.py
@ -421,14 +421,13 @@ def _get_DKIM(domain):
    # -----
    #
    # mail._domainkey IN      TXT     ( "v=DKIM1; k=rsa; "
-    #           "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCYhnvJ+JgF9tfVbUVy6L20b2IVHygZD1GjY6k+/je+3y3C9BzPAlEitL4s2vkQpPfAevw8P6uE7s1usCa/tnTzmq4r6Q/9YRf+Wx5e79XuIY5/ZKJw1YKkDWRlGzpenu8i+6kssaPqPmtmQaYuoOwTlcpXcN9qKNIodDsaWOxBwIDAQAB" )
+    #           "p=<theDKIMpublicKey>" )
    #
    # New
    # ------
+    #
    # mail._domainkey IN  TXT ( "v=DKIM1; h=sha256; k=rsa; "
-    #             "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWIw/R6QIL7nbJr+yX4cS8TfFx1POMvnzbsDWAFG5U4aPqLwCkJNqrum1hG9rzCb43pGkNy5JNAh0tTZpxq+S1kBAu+DAOSHgbYVg2Tr6zTm9YNL1n/thjKB9U/dyaCzWnxlMFJYkXNlDICtSSf47ZWqcrurkAOfmtmGYQivoz8ipXMvou4t22W9DbZR+XpPbtc3RkCKK32E8O"
-    #                 "02OT9PHbsBCOakb+W1vkocVZpZo78eu5Q2phOntE9Vl2MXtd54+TEdWv6zPcGrHrF9aazEuGcNQwSUgJaHlEceT2u8X+sliwIr0on3Om2NMaTDkPgZzg2poQIDPkyxDQire7jGBwIDAQAB"
-    #                 )
+    #           "p=<theDKIMpublicKey>" )

    is_legacy_format = " h=sha256; " not in dkim_content

@ -446,8 +445,7 @@ def _get_DKIM(domain):
             '[^"]*"v=(?P<v>[^";]+);'
             '[\s"]*h=(?P<h>[^";]+);'
             '[\s"]*k=(?P<k>[^";]+);'
-             '[\s"]*p=(?P<p>[^";]+)'
-             '[\s"]*(?P<p2>[^";]+)'), dkim_content, re.M | re.S
+             '[\s"]*p=(?P<p>[^";]+)'), dkim_content, re.M | re.S
        )

    if not dkim:
@ -466,6 +464,5 @@ def _get_DKIM(domain):
            '"v={v}; h={h}; k={k}; p={p}"'.format(v=dkim.group('v'),
                                                  h=dkim.group('h'),
                                                  k=dkim.group('k'),
-                                                  p=dkim.group('p')
-                                                   +dkim.group('p2'))
+                                                  p=dkim.group('p'))
        )
--- a/src/yunohost/dyndns.py
+++ b/src/yunohost/dyndns.py
@ -236,6 +236,7 @@ def dyndns_update(dyn_host="dyndns.yunohost.org", domain=None, key=None,
            # should be muc.the.domain.tld. or the.domain.tld
            if record["value"] == "@":
                record["value"] = domain
+            record["value"] = record["value"].replace(";","\;")

            action = "update add {name}.{domain}. {ttl} {type} {value}".format(domain=domain, **record)
            action = action.replace(" @.", " ")