bugfix: change Rspamd DKIM default config location #3597
Conversation
Instead of using `etc/rspamd/override.d/dkim_signing.conf`, we will now be using `/tmp/docker-mailserver/rspamd/override.d/dkim_signing.conf`. The new location is persisted (and linked again during startup) and hence better suited.
georglauterbach
added
area/scripts
service/security/rspamd
kind/bug/fix
georglauterbach
changed the title
|
The test |
|
Just FYI: the reason this PR fixes the mentioned race-condition is because the keys are now directly created in the persisted directory (which is linked to I will add a commit in a second that provides
|
This comment was marked as outdated.
This comment was marked as outdated.
There was a problem hiding this comment.
Approving since rspamd integration is your domain and we often have conflicting opinions on how you approach that 😝
I raised some questions / concerns, but no major issues 👍
I'm still in favor of a unified DKIM generator personally, only difference then for rspamd support really is the additional .conf file, similar to how opendkim has its own configs.
Beyond that we've got two similar generator commands to maintain, and with the rspamd bug reports lately I'm not confident in fallback services being dropped any time soon.
| @@ -70,7 +70,7 @@ function __rspamd__run_early_setup_and_checks() { | |||
| readonly RSPAMD_OVERRIDE_D='/etc/rspamd/override.d' | |||
| readonly RSPAMD_DMS_D='/tmp/docker-mailserver/rspamd' | |||
|
|
|||
| local RSPAMD_DMS_OVERRIDE_D="${RSPAMD_DMS_D}/override.d/" | |||
| local RSPAMD_DMS_OVERRIDE_D="${RSPAMD_DMS_D}/override.d" | |||
There was a problem hiding this comment.
Ok so here we have runtime setup referencing the config volume for rspamd, then later it symlinks the location instead of a copy?
If this is just config files, shouldn't that copy to an internal location instead? That way runtime isn't reliant on the config volume location which is more straight-forward?
Only benefit that comes to mind is avoiding check-for-changes.sh monitoring the config volume for rspamd config to sync over via copy? If those changes would require a reload of rspamd, you'd not have any benefit beyond being more implicit here by avoiding support via check-for-changes.sh?
There was a problem hiding this comment.
I am not sure why I didn't actually initially constructed it like that. I will merge this PR and provide a follow-up because then it is easier to track the changes later! Thank you for making me aware of the obvious (again) ❤️
This was unnecessary, as explained in #3597 (comment)
This was unnecessary, as explained in #3597 (comment)
This was unnecessary, as explained in #3597 (comment)
* outsource Rspamd ENVs into explicit helper This will allow us to uniformly source the helper and get the values from everywhere consistently. This is more than desirable since we will be using these values not only for the Rspamd setup, but also for DKIM management and during change-detection. * integrate Rspamd into changedetection We outsource one more function to reside in the helper script for Rspamd so that we can call this function from the Rspamd setup and from the changedetection functionality too. * realize deprecation of old commands file for Rspamd THIS IS A BREAKING CHANGE! This change realizes the log message: "Using old file location now (deprecated) - this will prevent startup in v13.0.0" Startup will now fail. * added '--force' option to Rspamd DKIM script * use new helper to get ENVs for Rspamd in DKIM script * remove the need for linking directories This was unnecessary, as explained in #3597 (comment) * Apply suggestions from code review review by @polarathene * apply more review feedback from @polarathene - <#3599 (comment)> - <#3599 (comment)> * update documentation --------- Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
* outsource Rspamd ENVs into explicit helper This will allow us to uniformly source the helper and get the values from everywhere consistently. This is more than desirable since we will be using these values not only for the Rspamd setup, but also for DKIM management and during change-detection. * integrate Rspamd into changedetection We outsource one more function to reside in the helper script for Rspamd so that we can call this function from the Rspamd setup and from the changedetection functionality too. * realize deprecation of old commands file for Rspamd THIS IS A BREAKING CHANGE! This change realizes the log message: "Using old file location now (deprecated) - this will prevent startup in v13.0.0" Startup will now fail. * added '--force' option to Rspamd DKIM script * use new helper to get ENVs for Rspamd in DKIM script * remove the need for linking directories This was unnecessary, as explained in docker-mailserver#3597 (comment) * Apply suggestions from code review review by @polarathene * apply more review feedback from @polarathene - <docker-mailserver#3599 (comment)> - <docker-mailserver#3599 (comment)> * update documentation --------- Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Description
Instead of using
/etc/rspamd/override.d/dkim_signing.conf, we will now be using/tmp/docker-mailserver/rspamd/override.d/dkim_signing.conf. The new location is persisted (and linked again during startup) and hence better suited.Fixes #3593
Type of change
Checklist:
docs/)