Your message dated Tue, 04 Jan 2022 21:05:35 +0000 with message-id <[email protected]> and subject line Bug#948321: fixed in postfix 3.6.3-5 has caused the Debian Bug report #948321, regarding postfix: tls_ca_cert_file not copied to chroot to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 948321: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948321 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: postfix Version: 3.4.7-0+deb10u1 Severity: normal Hi, I'm using a ldaps server for canonization. The cleanup deamon works in chroot (default setup) but tls_ca_cert_file (from ldap_table(5) manpage) is not copied into the chroot. Manually copying the file allows the cleanup daemon to contact and use the ldaps server. Note: tls_ca_cert_dir does not seem to be also handled. I'm not sure what should be done: - nothing (let the administrator handle the situation as currently) - add support for tls_ca_cert_file/tls_ca_cert_dir in /usr/lib/postfix/configure-instance.sh (as for smtp_tls_CApath/smtp_tls_CAfile) ok, but you have to handle every situation. And I'm pretty sure that lots of other use of ldaps do not need to copy theses files in chroot (because ldaps wont be used in chroot process) else this bug would have been fixed long before - add support for declarative hook(s) to be handled by /usr/lib/postfix/configure-instance.sh: /etc/postfix/to-chroot.lst can be a file of a list of files/dirs to be copied to chroot (or /etc/postfix/to-chroot.d/ for a directory of such files) But what about allowing or not wildcards? What to do about dynamic files (I think of the "openssl rehash" call for CApath) - add support for script hook(s) to be handled by /usr/lib/postfix/configure-instance.sh: /etc/postfix/build-chroot.d/ can be a directory run through run-parts when a chroot is rebuilt - ... Regards, Vincent -- System Information: Debian Release: bullseye/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, mipsel Kernel: Linux 5.4.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages postfix depends on: ii adduser 3.118 ii cpio 2.13+dfsg-1 ii debconf [debconf-2.0] 1.5.73 ii dpkg 1.19.7 ii e2fsprogs 1.45.4-1 ii libc6 2.29-3 ii libdb5.3 5.3.28+dfsg1-0.6 ii libicu63 63.2-2 ii libsasl2-2 2.1.27+dfsg-1+deb10u1 ii libssl1.1 1.1.1d-2 ii lsb-base 11.1.0 ii netbase 5.8 ii ssl-cert 1.0.39 Versions of packages postfix recommends: ii ca-certificates 20190110 ii python3 3.7.5-3 Versions of packages postfix suggests: ii bsd-mailx [mail-reader] 8.1.2-0.20180807cvs-1+b1 ii dovecot-core [dovecot-common] 1:2.3.7.2-1 ii emacs-gtk [mail-reader] 1:26.3+1-1 ii evolution [mail-reader] 3.34.1-2+b1 ii kmail [mail-reader] 4:19.08.3-1 ii libsasl2-modules 2.1.27+dfsg-1+deb10u1 ii mailutils [mail-reader] 1:3.7-2 ii mutt [mail-reader] 1.13.2-1 pn postfix-cdb <none> ii postfix-doc 3.4.7-2 ii postfix-ldap 3.4.7-2 pn postfix-lmdb <none> pn postfix-mysql <none> pn postfix-pcre <none> pn postfix-pgsql <none> ii postfix-sqlite 3.4.7-2 ii procmail 3.22-26 ii resolvconf 1.81 ii thunderbird [mail-reader] 1:60.9.0-1 pn ufw <none> -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: postfix Source-Version: 3.6.3-5 Done: Scott Kitterman <[email protected]> We believe that the bug you reported is fixed in the latest version of postfix, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Scott Kitterman <[email protected]> (supplier of updated postfix package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 04 Jan 2022 15:20:02 -0500 Source: postfix Architecture: source Version: 3.6.3-5 Distribution: unstable Urgency: medium Maintainer: LaMont Jones <[email protected]> Changed-By: Scott Kitterman <[email protected]> Closes: 941457 948321 959864 964762 991609 999694 Changes: postfix (3.6.3-5) unstable; urgency=medium . [Wietse Venema] . * Fix duplicate bounce_notice_recipient entries in postconf output. Closes: #999694 . [Scott Kitterman] . * Remove left-over ca-certificates.crt file from postfix chroot. Closes: #991609 * Align sysv init script start/stop/reload more to default init and drop d/p/09_quiet_startup.diff, no longer needed. * Add support for chroot_extra_files and chroot_extra_CAdir variables sourced from /etc/default/postfix to enable users to specify additional files needed in the chroot. Closes: #948321 * Add information about keeping resolv.conf up to date in the chroot with the resolvconf package. Closes: #964762 * Add collate.pl script as postfix-collate. Closes: #941457 . [Christian Göttsche] . * Drop unreproducible build paths from makedefs.out. * Enable Link Time Optimiation (LTO). . [Sergio Gelato] . * Correct if-up.d to not error out if postfix can't send mail yet. Closes: #959864 Checksums-Sha1: fd6fa1d893cc845cd7ede62a22fdf60f3cdde089 2985 postfix_3.6.3-5.dsc f21fd4836b850430c964fcd60239eaa0cbe5f0e7 206312 postfix_3.6.3-5.debian.tar.xz 3b9b9467ec6b06544b66904fd6cb4a68a4ff058d 7727 postfix_3.6.3-5_source.buildinfo Checksums-Sha256: 47479e89bc4de4f7d344baa23fbe16d04d765645254af7054d7e93205232772b 2985 postfix_3.6.3-5.dsc d4078ae00df124d906738dba01426c47feda211fee28414914cde0814bdf882b 206312 postfix_3.6.3-5.debian.tar.xz c5aafe48f221f6058238026f8190ddc065cd3639fa8d7b18acf176017e6c613e 7727 postfix_3.6.3-5_source.buildinfo Files: ba3ab6eaf61f458e5a4129987fc05e17 2985 mail optional postfix_3.6.3-5.dsc fae94c1ca5cd4d3b5f58d139fbee4cc7 206312 mail optional postfix_3.6.3-5.debian.tar.xz 040151e376f5e1c579182b7898101d40 7727 mail optional postfix_3.6.3-5_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmHUrCMACgkQeNfe+5rV mvH6Bg/+Pj3E54lxG5UwWt0pa5ilg/ofFAEmjIo87dFhX/RjmzyaRzpoRVUGabXg dzvSlEEzqRSFUmQ++k63VaHZtb1260V/WXSGRRm7pbqKmCauQtACd2ZMhn9rh8Pp 3kmhOUADJqUnCzmw0m4PRTj6FyPQc57rhyeNyrJjee4syEdYq1YyI6ZydzpswAr/ xpguSY/gLQ93CHp59/WMZcTh21/tyi6Tvmcw/VvZOP93YKA6Sg+5NHuhsUfkaxP/ UpB07zOrd0tqF8s9eNLxlPq/S3eycxXB9hTcgCoskI+KNiKjx6Iou4lp28Co+Xb3 4fWB3KxFVTB8ktywYzPrEZXS6FR8P7A5G+JKVl3RTo6h/hKOHb45AbHQby34vsiQ DXZ1jJ9I8lmhbgJe/6/laIfPYJSh6+OG57FQue6olpf66o/v+6VaGlNETzmb/N3/ /lIt2wjm43wXLOWVCZtJ0Hv9gmLdEsRGpQG+GY0O4pRH5ir8+vD7bYDzo7Y/pzmi QebfuNZbAkfO7jRDjogwg/wQ1HKAo85J5QXa1u+ZudcDjDxOJEyURdS7GPUpR7Ks M9w4leTUwJNiGPA3XZNjr4X0e6D0eTsY5uo6/DPzrQ35OvHfVFJGCb7FfC9fcj02 IVxDIg5RQej8ZUFGTnCwIjZpZ3UYeoUKkG2BZuREhxZHNoxlSJA= =jPEY -----END PGP SIGNATURE-----
--- End Message ---
