Updated opendkim to be built from source.

Dockerfile

@@ -1,19 +1,99 @@
-FROM ubuntu:22.04
+# Build and runtime stages for OpenDKIM on Ubuntu 16.04
+FROM ubuntu:16.04 AS builder
 
-WORKDIR /opt/opendkim
+ARG DEBIAN_FRONTEND=noninteractive
+ARG OPENDKIM_VERSION=2.10.3
+ARG OPENDKIM_TARBALL=opendkim-${OPENDKIM_VERSION}.tar.gz
+ARG OPENDKIM_URL=https://downloads.sourceforge.net/project/opendkim/${OPENDKIM_TARBALL}
 
-RUN apt update && \
-  apt upgrade -y && \
-  apt install -y opendkim inetutils-syslogd curl
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    ca-certificates \
+    wget \
+    tar \
+    gzip \
+    make \
+    autoconf \
+    automake \
+    libtool \
+    pkg-config \
+    libssl-dev \
+    libmilter-dev \
+    libbsd-dev \
+    zlib1g-dev \
+ && rm -rf /var/lib/apt/lists/*
 
-RUN curl -SsfL -o /usr/bin/gomplate "https://github.com/hairyhenderson/gomplate/releases/download/v3.11.5/gomplate_linux-amd64-slim" && \
-  chmod 755 /usr/bin/gomplate && \
-  mkdir -p /etc/rsyslog.d/ && \
-  touch /etc/rsyslog.d/stdout.conf && \
-  echo "*.*    /dev/stdout" > /etc/rsyslog.d/stdout.conf
+WORKDIR /build
 
-COPY entrypoint.sh .
-COPY opendkim.conf.tpl .
+RUN wget -O ${OPENDKIM_TARBALL} ${OPENDKIM_URL} \
+ && tar xzf ${OPENDKIM_TARBALL}
 
-EXPOSE 8892/tcp
-CMD ["/bin/bash", "entrypoint.sh"]
+WORKDIR /build/opendkim-${OPENDKIM_VERSION}
+
+# Basic build:
+# - prefix /usr
+# - config in /etc/opendkim
+# - pid file under /run/opendkim
+RUN ./configure \
+    --prefix=/usr \
+    --sysconfdir=/etc \
+    --localstatedir=/var \
+    --disable-shared \
+    --enable-static
+
+RUN make -j"$(nproc)"
+
+# Install into staging root
+RUN make DESTDIR=/opt/opendkim-dist install
+
+# Collect runtime libs actually needed by installed binaries
+RUN mkdir -p /opt/opendkim-libs \
+ && find /opt/opendkim-dist -type f -executable -exec ldd {} \; \
+    | awk '/=> \// {print $3} /^\// {print $1}' \
+    | sort -u \
+    | xargs -r -I '{}' cp -v --parents '{}' /opt/opendkim-libs
+
+# Pack staged install and copied libs as tarballs to avoid BuildKit COPY-to-/ issues
+RUN cd /opt/opendkim-dist \
+ && tar -cf /opt/opendkim-dist.tar .
+
+RUN cd /opt/opendkim-libs \
+ && tar -cf /opt/opendkim-libs.tar .
+
+# Final runtime image
+FROM ubuntu:16.04
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    ssl-cert \
+    inetutils-syslogd \
+ && rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /opt/opendkim-dist.tar /tmp/opendkim-dist.tar
+COPY --from=builder /opt/opendkim-libs.tar /tmp/opendkim-libs.tar
+
+RUN tar -C / -xf /tmp/opendkim-dist.tar \
+ && tar -C / -xf /tmp/opendkim-libs.tar \
+ && rm -f /tmp/opendkim-dist.tar /tmp/opendkim-libs.tar
+
+RUN groupadd -f opendkim \
+ && (id -u opendkim >/dev/null 2>&1 || useradd -r -g opendkim -d /var/lib/opendkim -s /usr/sbin/nologin opendkim)
+
+RUN mkdir -p \
+    /etc/opendkim \
+    /etc/opendkim/keys \
+    /run/opendkim \
+    /var/lib/opendkim \
+ && chown -R opendkim:opendkim /etc/opendkim/keys /run/opendkim /var/lib/opendkim
+
+RUN touch /etc/opendkim/KeyTable /etc/opendkim/SigningTable /etc/opendkim/TrustedHosts \
+ && chown opendkim:opendkim /etc/opendkim/KeyTable /etc/opendkim/SigningTable /etc/opendkim/TrustedHosts
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+EXPOSE 8891
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]