mail-filter/opendkim: add "UMask 0117" to the config by default.

Ralph and I have been discussing the best way to handle a local UNIX
socket. One thing that we both agree on is that, regardless of the
other details, the daemon should be running with a UMask of 0117 to
create the socket group-writable but otherwise private. And since the
opendkim(8) man page says that the UMask is used only for the socket,
there's no reason we shouldn't add it to the default configuration. In
other words, it doesn't hurt anything if you're *not* using a local
socket. This is one fewer thing that we need to document.

Bug: https://bugs.gentoo.org/575666
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11

diff --git a/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild
index 841184ed46b99086081097e852a3ea75d7813906..9a9ff14612ae0c20e6752fc5859478d9c905de84 100644 (file)
--- a/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild
+++ b/mail-filter/opendkim/opendkim-2.10.3-r9.ebuild
@@ -140,7 +140,13 @@ src_install() {
        echo "# For use with unbound" >> "${T}/opendkim.conf" || die
        echo "#TrustAnchorFile /etc/dnssec/root-anchors.txt" \
                 >> "${T}/opendkim.conf" || die
-       echo UserID opendkim >> "${T}/opendkim.conf" || die
+       echo "UserID opendkim" >> "${T}/opendkim.conf" || die
+
+       # The UMask is really only used for the PID file (root:root) and the
+       # local UNIX socket, if you're using one. It should be 0117 for the
+       # socket, so we might as well set that unconditionally here.
+       echo "UMask 0117" >> "${T}/opendkim.conf" || die
+
        insinto /etc/opendkim
        doins "${T}/opendkim.conf"
 }