tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed mail server certificate check from sendmail::client.

Browse source
This commit is contained in:
Timo Mkinen 2013-04-20 23:23:23 +03:00
parent d62b93ddfe
commit 04990fc910
2 changed files with 26 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
sendmail/manifests/init.pp
View file

@ -10,6 +10,7 @@ class sendmail::common {
package { "sendmail": package { "sendmail":
ensure => installed, ensure => installed,
name => [ "sendmail", "sendmail-cf", ], name => [ "sendmail", "sendmail-cf", ],
before => File["/etc/mail/certs"],
} }
service { "sendmail": service { "sendmail":
ensure => running, ensure => running,
@ -29,13 +30,36 @@ class sendmail::common {
notify => Service["sendmail"], notify => Service["sendmail"],
} }
$ostype = "linux" $ostype = "linux"
$cabundle = "/etc/pki/tls/certs/ca-bundle.crt"
} }
"ubuntu","debian": { "ubuntu","debian": {
$ostype = "linux" $ostype = "linux"
$cabundle = "/etc/ssl/certs/ca-certificates.crt"
} }
"openbsd": { "openbsd": {
$ostype = "openbsd" $ostype = "openbsd"
$cabundle = "/etc/ssl/cert.pem"
} }
default: {
fail("sendmail module not supported on ${::operatingsystem}")
}
}
file { "/etc/mail/certs":
ensure => directory,
mode => "0755",
owner => "root",
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
}
exec { "populate-etc-mail-certs":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "csplit -k ${cabundle} '/BEGIN/' '{1000}' ; sh -c 'for i in x* ; do name=`openssl x509 -hash -noout -in \$i`.0 ; openssl x509 -hash -in \$i -out \$name ; done' && rm -f x* .0",
cwd => "/etc/mail/certs",
onlyif => "find /etc/mail/certs ! -newer ${cabundle} | egrep '.*' || [ -z \"`ls /etc/mail/certs`\" ]",
require => File["/etc/mail/certs"],
} }
} }
@ -240,22 +264,6 @@ class sendmail::server inherits sendmail::common {
notify => Service["sendmail"], notify => Service["sendmail"],
} }
file { "/etc/mail/certs":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
require => Package["sendmail"],
}
exec { "populate-etc-mail-certs":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "csplit /etc/pki/tls/certs/ca-bundle.crt '/BEGIN/' '{*}' ; sh -c 'for i in x* ; do name=`openssl x509 -hash -noout -in \$i`.0 ; openssl x509 -hash -in \$i -out \$name ; done' && rm -f x* .0",
cwd => "/etc/mail/certs",
onlyif => "find /etc/mail/certs ! -newer /etc/pki/tls/certs/ca-bundle.crt | egrep '.*' || [ -z \"`ls /etc/mail/certs`\" ]",
require => File["/etc/mail/certs"],
before => Service["sendmail"],
}
file { "/etc/aliases": file { "/etc/aliases":
ensure => present, ensure => present,
name => $::operatingsystem ? { name => $::operatingsystem ? {

2
sendmail/templates/submit.mc.erb
View file

@ -35,4 +35,6 @@ define(`confDOMAIN_NAME', `<%= mail_domain %>')dnl
<% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%> <% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%>
define(`confPID_FILE', `/var/run/sm-client.pid')dnl define(`confPID_FILE', `/var/run/sm-client.pid')dnl
<% end -%> <% end -%>
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `<%= scope.lookupvar('sendmail::common::cabundle') %>')dnl
FEATURE(`use_ct_file')dnl FEATURE(`use_ct_file')dnl