From c7c0bdb7cb3dcd0e23eb47edb960b08a665d491b Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Thu, 11 May 2023 19:34:14 +0200 Subject: [PATCH] services/dkim-key: do not overwrite existing keys Also do not suggest publishing the private key. --- services/dkim-key.scm | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/services/dkim-key.scm b/services/dkim-key.scm index 1625b3e..d978f6b 100644 --- a/services/dkim-key.scm +++ b/services/dkim-key.scm @@ -23,19 +23,19 @@ (mkdir-p #$directory) (let ((key-file (string-append #$directory "/" #$domain ".key")) - (private (string-append #$domain "-" #$selector ".key"))) - (unless (file-exists? private) - (with-directory-excursion #$directory - (let ((openssl #$(file-append openssl "/bin/openssl")) - (public (string-append #$domain "-" #$selector ".pub"))) + (private (string-append #$domain "-" #$selector ".key")) + (public (string-append #$domain "-" #$selector ".pub"))) + (with-directory-excursion #$directory + (unless (file-exists? private) + (let ((openssl #$(file-append openssl "/bin/openssl"))) (system* openssl "genrsa" "-out" private (number->string #$key-length)) (chown private (passwd:uid (getpwnam "smtpd")) -1) (system* openssl "rsa" "-in" private "-pubout" "-out" public) (system* "sed" "-i" "1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\\n//g;b nl;" - public)) - (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a~%" - #$selector #$domain key-file)))) + public))) + (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a/~a~%" + #$selector #$domain #$directory public))) (unless (equal? (false-if-exception (readlink current)) key-file) (delete-file key-file) (symlink private key-file))))))