services/dkim-key: do not overwrite existing keys

Also do not suggest publishing the private key.
2023-05-11 19:34:14 +02:00 · 2023-05-11 19:34:14 +02:00 · c7c0bdb7cb
commit c7c0bdb7cb
parent 08003dc2aa
1 changed files with 8 additions and 8 deletions
--- a/services/dkim-key.scm
+++ b/services/dkim-key.scm
@ -23,19 +23,19 @@
      (mkdir-p #$directory)

      (let ((key-file (string-append #$directory "/" #$domain ".key"))
-            (private (string-append #$domain "-" #$selector ".key")))
-        (unless (file-exists? private)
-          (with-directory-excursion #$directory
-            (let ((openssl #$(file-append openssl "/bin/openssl"))
+            (private (string-append #$domain "-" #$selector ".key"))
            (public (string-append #$domain "-" #$selector ".pub")))
+        (with-directory-excursion #$directory
+          (unless (file-exists? private)
+            (let ((openssl #$(file-append openssl "/bin/openssl")))
              (system* openssl "genrsa" "-out" private (number->string #$key-length))
              (chown private (passwd:uid (getpwnam "smtpd")) -1)
              (system* openssl "rsa" "-in" private "-pubout" "-out" public)
              (system* "sed" "-i"
                       "1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\\n//g;b nl;"
-                       public))
-            (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a~%"
-                             #$selector #$domain key-file))))
+                       public)))
+          (display (format #f "Create a TXT record at ~a._domainkey.~a with the contents of ~a/~a~%"
+                           #$selector #$domain #$directory public)))
        (unless (equal? (false-if-exception (readlink current)) key-file)
          (delete-file key-file)
          (symlink private key-file))))))