Archive for April, 2010

adjust to matched your jre install:

mkdir -p ~/.mozilla/plugins
cd ~/.mozilla/plugins
ln -s /usr/java
ln -s /usr/java/jre1.6.0_18/lib/amd64/libnpjp2.so

and then restart firefox.

DKIM is used to ensure that mail that says it comes from my domains actually does. You do this by adding an entry to your DNS server (with your public key in it), and then outgoing email is signed (with your private key) using a mail filter (aka milter). I’m using CentOS 5.4 64bit and sendmail.

First a few dependencies:

sudo yum install openssl openssl-devel sendmail sendmail-cf sendmail-devel

Step 1. Install the DKIM milter

Download dkim-milter from sourceforge http://sourceforge.net/projects/dkim-milter/

mkdir ~/dkim
cd ~/dkim
wget http://downloads.sourceforge.net/project/dkim-milter/DKIM%20Milter/2.8.3/dkim-milter-2.8.3.tar.gz?use_mirror=transact
tar xf dkim-milter-2.8.3.tar.gz
cd dkim-milter-2.8.3
cp site.config.m4.dist devtools/Site/site.config.m4
sh Build
sudo sh Build install

Step 2. Generate the private key

cd ~/dkim
openssl genrsa -out rsa.private 1024
openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
mkdir /var/db/dkim
mv rsa.private /var/db/dkim/mail.key.pem

Step 3. Create the DNS entry.

3a. Add the entry for the public key

I’m using tinydns (actually VDNS but same thing).
You need a TXT entry for the domain mail._domainkey.example.com that looks something like:

k=rsa; p=MIGfMA0…AQAB

I used a tool at: http://www.anders.com/projects/sysadmin/djbdnsRecordBuilder/

to make my entry (for tinydns)

:mail._domainkey.example.com:16:\341k=rsa;\040p=AMIGfMA0GCS...AQABS:86400

(where p= is your public key (rsa.public), and the “mail” in mail._domainkey… matches the mail in mail.key.pem in the instructions in Step 2)

In bind it would look something like this:
mail._domainkey.example.com. IN TXT “k=rsa; p=AMIGfMA0GCS…AQABS”

Step 3b. Set up the signing practice (ADSP)

Add a TXT record to the domain _adsp._domainkey.example.com, to indicate how the emails will be sent. There are three options. dkim={unknown|all|discardable}

unknown Means that the email from this domain might be signed. (could be some/all or none of the emails). This is useful if you send email from home via your ISP.

all Means that all email will be signed.

discardable Means all email will be signed, and if the email is received without it, the recipient should discard it.

I’m going for dkim=all, so my DNS entry is:

'_adsp._domainkey.example.com:dkim=all:86400

Step 4. Setup the mail filter (milter)

sudo adduser -r dkim -s /bin/false
echo > /etc/dkim.conf '
Canonicalization simple
Domain example.com
KeyFile /var/db/dkim/mail.key.pem
MTA MSA
Selector mail
SignatureAlgorithm rsa-sha256
Socket inet:8891@localhost
Syslog Yes
Userid dkim
'

#start the filter:
/usr/sbin/dkim-filter -x /etc/dkim.conf
#add the above line to /etc/rc.d/rc.local
echo '/usr/sbin/dkim-filter -x /etc/dkim.conf' >> /etc/rc.d/rc.local

edit /etc/mail/sendmail.mc and add the following line:

INPUT_MAIL_FILTER(`dkim-filter', `S=inet:8891@localhost')

And then rebuild/restart sendmail

cd /etc/mail
make
/etc/rc.d/init.d/sendmail restart

Step 5. Testing

Send an email to your gmail account, and then view the headers, google will tell you if you got it right, or check out the link at elandsys.com, they have an autoresponder.

Links:

As you know, I’m tortured by the pseudo requirement to layout your projects a certain way with svn. Some more thought (and chats with my svn friends) have led me to think that the tool doesn’t really force you to lay things out a certain way, since you could (and should I guess) checkout your projects at a lower level than the top.

eg
ft/
ft/cgi
ft/www

in svn would be

ft.repo/trunk/ft/
ft.repo/trunk/ft/cgi
ft.repo/trunk/ft/www

So you make the project called ft.repo, and make the svn directories under that of trunk, tags and branches. Then ft is my top level directory, and so I check it out with

svn checkout svn://…/ft.repo/trunk/ft ft

and this way my directories are arranged the way I want in my workspace, and tagging will not clutter up my workspace.

But I’m still not overly happy with this, and couldn’t be bothered moving my stuff around, so I decided to write a small shell script that associates the current revision with a tag that is saved into the file .tags in current directory (and committed). It doesn’t let you tag files, but certainly sub-directories are fine. I also merged in the svnignore program from a previous post. Suggestions for improvement are welcome, as this is the first version :)

This works by writing version=tag to the file .tags in the current directory.
It is not a "real tag"

Usage:
svn tag “version-1.0″
This will write a “tag” to the current directory as version-1.0

svn listtags
This will list the “tags” for the current directory.

Put this in your path ahead of the real svn (or rename this file)
File: $HOME/bin/svn

#!/bin/sh
# @author Cameron Gregory. http://www.bloke.com/

SVN=/usr/bin/svn
if [ "$1" == "ignore" ]; then
        shift;
        #Usage svn ingore [file|dir|pattern]+
        echo "Intercept ignore"

        if [ $# -eq 0 ]; then
                svn propget svn:ignore .
                exit 0;
        fi
        FILE="/tmp/svnignore.$$"
        $SVN propget svn:ignore . > $FILE
        i=0;
        while [ $i -lt $# ]; do
                echo "$1" >> $FILE
                shift
        done
        sort -u $FILE | grep -v "^$" > $FILE.2
        $SVN propset svn:ignore -F $FILE.2 .
        $SVN propget svn:ignore .
        /bin/rm -f $FILE $FILE.2
        exit 0;
fi
if [ "$1" == "tag" ]; then
        shift;
        echo "Intercept tag"

        TAG="$1"
        $SVN update .
        VER=`svnversion .`
        echo "$VER=$TAG" >> .tags
        $SVN add .tags  2> /dev/null
        $SVN commit .tags -m "saving tag: $TAG"
        tail -5 .tags
        exit 0;
fi
if [ "$1" == "listtags" ]; then
        echo "Intercept listtags"
        if [ -f .tags ]; then
                cat .tags
        else
                echo no tags
        fi
        exit 0;
fi

$SVN $*
exit $?

So if you want to checkout with a tag, then lookup the revision
and checkout using that. Hmm .. perhaps a little grep in the .tags file would be useful. Next time :)