Your message dated Thu, 28 Aug 2025 22:17:10 +0000
with message-id <[email protected]>
and subject line Bug#1100100: fixed in postfix 3.10.4-1~deb13u1
has caused the Debian Bug report #1100100,
regarding postfix: configure-instance's cp call fails on overlayfs over nfs4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1100100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100100
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: postfix
Version: 3.10.1-1
Severity: important
Hi,
I'm facing an issue on a ephemeral machine booted into a read-only nfs4
root with an overlayfs to make / writable. postfix doesn't start, since
the copy command in configure-instance:91 fails. It copies the data, but
overlayfs has an long-standing issue with nfs4_acls [1], which cp -p will
try to copy but fail. The files are thus copied over and on the next
start of postfix, the service will start without any issues (complaing
again about the same problem for copying the libraries in Line 109, which
is ignored though by the trailing || : in this line.
Is there a specific reason to copy these files with -p? From what I can
tell, they're all word-readable and owned by root:root, so maybe
preserving timestamps (if that is intended) would be enough? From the
commit introducing -p [2], It seems like this was done to have more
readable code.
That would solve this issue for this specific scenario without
interfering with other installations as far as I can tell.
I acknowledge that this should ideally be fixed in overlayfs for a
general solution, but in hope of getting a faster solution, I wanted to
ask if you'd consider changing the cp options.
Best,
Cornelius Hoffmann
[1]
https://lore.kernel.org/linux-fsdevel/cajfpeguwutrwrgmnmimnp-fxzwqmccqmb24iwpu0w_j0_ro...@mail.gmail.com/
[2]
https://salsa.debian.org/postfix-team/postfix-dev/-/commit/ca82392182402ab7de571346d27345e6644952d2
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (99, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.17-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages postfix depends on:
ii adduser 3.137
ii debconf [debconf-2.0] 1.5.89
ii init-system-helpers 1.68
ii libc6 2.40-7
ii libdb5.3t64 5.3.28+dfsg2-9
ii libicu72 72.1-6
ii libnsl2 1.3.0-3+b3
ii libsasl2-2 2.1.28+dfsg1-9
ii libssl3t64 3.4.1-1
ii libtlsrpt0 0.5.0rc1-2
ii netbase 6.4
Versions of packages postfix recommends:
ii ca-certificates 20241223
ii python3 3.13.2-1
pn ssl-cert <none>
Versions of packages postfix suggests:
ii emacs-nox [mail-reader] 1:30.1+1-4
pn libsasl2-modules | dovecot-common <none>
pn postfix-cdb <none>
pn postfix-doc <none>
pn postfix-ldap <none>
pn postfix-lmdb <none>
pn postfix-mongodb <none>
pn postfix-mta-sts-resolver <none>
pn postfix-mysql <none>
pn postfix-pcre <none>
pn postfix-pgsql <none>
pn postfix-sqlite <none>
pn procmail <none>
pn sasl2-bin | dovecot-common <none>
ii systemd-resolved [resolvconf] 257.3-1
pn ufw <none>
-- debconf information:
postfix/main_mailer_type: No configuration
postfix/bad_recipient_delimiter:
postfix/rfc1035_violation: false
postfix/protocols:
postfix/mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
postfix/mailbox_limit: 0
postfix/recipient_delim: +
postfix/relayhost:
postfix/destinations:
postfix/root_address:
postfix/procmail:
postfix/not_configured:
postfix/mailname: /etc/mailname
--- End Message ---
--- Begin Message ---
Source: postfix
Source-Version: 3.10.4-1~deb13u1
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
postfix, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated postfix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 Aug 2025 09:51:46 +0300
Source: postfix
Architecture: source
Version: 3.10.4-1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Postfix Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 1100100 1110704
Changes:
postfix (3.10.4-1~deb13u1) trixie; urgency=medium
.
* New upstream stable/bugfix version 3.10.4, with a handful of fixes.
From the upstream release notes:
- Fixes for postscreen(8):
* Bugfix (defect introduced: Postfix 2.2, date 20050203): after
detecting a lookup table change, and after starting a new
postscreen process, the old postscreen process logged an ENOTSOCK
error while attempting to accept a connection on a socket that
it was no longer listening on. This error was introduced first
in the multi_server skeleton code, and was five years later
duplicated in the event_server skeleton that was created for
postscreen. Problem reported by Florian Piekert.
* Bugfix (defect introduced: Postfix 2.8, date 20101230):
after detecting a cache table change and before starting a new
postscreen process, the old postscreen process did not close the
postscreen_cache_map, and therefore kept an exclusive lock that
could prevent a new postscreen process from starting. Problem
reported by Florian Piekert.
- Fixes for tlsproxy(8):
* Bugfix (defect introduced: Postfix 3.7): incorrect backwards
compatible support for the legacy configuration parameters
tlsproxy_client_level and tlsproxy_client_policy. This
disabled the tlsproxy TLS client role when a legacy parameter
was set (instead of the newer tlsproxy_client_security_level
or tlsproxy_client_policy_maps). Reported by John Doe,
diagnosed by Viktor Dukhovni.
* Bugfix (defect introduced: Postfix 3.4): with the TLS client role
disabled by configuration, the tlsproxy daemon dereferenced a
null pointer while handling a tlsproxy client request. Reported by
John Doe.
- Reducing process churn: Postfix daemons no longer automatically
restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file
modification time change, when they opened that table for writing.
- Portability: deleted an <openssl/engine.h> build dependency,
because the feature is being removed from OpenSSL, and Postfix
no longer needs it.
- Cleanup: with "tls_required_enable = yes", the Postfix SMTP client
will no longer maintain TLSRPT statistics for messages that contain
a "TLS-Required: no" header. This can prevent TLSRPT notifications
for TLSRPT notifications.
- Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS
client code logged "Untrusted TLS connection" (wrong) instead of
"Trusted TLS connection" (right), for a new or resumed TLS session,
when a server offered a trusted (valid PKI trust chain) certificate
that did not match the expected server name pattern. Fix by Viktor
Dukhovni.
* d/gbp.conf: debian-branch=debian/trixie
* configure-instance.in: fix typo
* configure-instance.in: limit maxdepth=1 in /etc/ssl/certs dirs
* configure-instance.in: use home-grown file copy procedure to sync chroot
There are a few issues with using cp(1) to update files in chroot, -
a file should be copied even if the source date is *less* than the
target date (eg, if a package has been downgraded), which is not done
by `cp -u` (#1110704), a file should be copied atomically (copy+rename,
not truncate+copy), and care should be taken with extra attributes
(#1100100). Use a simple perl-based script (using just perl-base)
to update files instead, which fixes all this stuff.
(Closes: #1100100, #1110704)
Checksums-Sha1:
c313b8d1e0c28d6f66d4a92f08a729742da2f0dc 3193 postfix_3.10.4-1~deb13u1.dsc
a6c4489bd7d0868ac0374e2b97b83fc9c2c2c2b9 5050100 postfix_3.10.4.orig.tar.gz
fe2532dfd80afa849c4655788c45787827f0c275 220 postfix_3.10.4.orig.tar.gz.asc
aeaca58181b5da49ae277347d1c7039145c1d220 199408
postfix_3.10.4-1~deb13u1.debian.tar.xz
340ebc36d1c1b3f1399ab0447decd3fe9dd58c02 5738
postfix_3.10.4-1~deb13u1_source.buildinfo
Checksums-Sha256:
03510c7dae7331b27669f6918e39129a570f71885b927d67fd10c90b8fcec30c 3193
postfix_3.10.4-1~deb13u1.dsc
cfb66861fe8f964787ddaeab15f3ca3e7ef3de730f97171afc4a5eca338ca444 5050100
postfix_3.10.4.orig.tar.gz
dd85a2d75a87e5e1d4cae8117b05aed56055b0c85e450e500d01e66017c5e302 220
postfix_3.10.4.orig.tar.gz.asc
1b5c780f721a5ae9efd941d29e940ddb75f2ef362bf9f7bdb4773ce15bfb2e2d 199408
postfix_3.10.4-1~deb13u1.debian.tar.xz
2ff6db19687f3df52dc763b03313d5368d1f5f822d2943a818645c24b6e05dce 5738
postfix_3.10.4-1~deb13u1_source.buildinfo
Files:
6bccc564cfd2e802b2c4a1ca009ddeaf 3193 mail optional
postfix_3.10.4-1~deb13u1.dsc
c9f472fe0455eff7a8334479fb0f1154 5050100 mail optional
postfix_3.10.4.orig.tar.gz
bc0e8eb3f4aa659c4819d9f35193894f 220 mail optional
postfix_3.10.4.orig.tar.gz.asc
a52f5e68ef61263185baadb71b51fd80 199408 mail optional
postfix_3.10.4-1~deb13u1.debian.tar.xz
6488c53934e00b75d4d6a072bf38bef3 5738 mail optional
postfix_3.10.4-1~deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmioFJoACgkQgqpKJDse
lHj62A/+IfvR4KeS54aLu/lOV/gd+ikfR7CJXx5h9M35gk1A0VcPLpy5yBWeAIr4
bUviIsY5gD9H+8I6pY2hBsIRibEkBLldYCxh2x2yXID1KnyHLFwGw6eakh0Vo6q5
K2UEHef5nYiN1RZ5nANeoil++DqDQrNXR9H64HH41xh83RAxrwHYdINgSf79GGTt
PZXSoAsr7Z7TB1jD4zot9t9845VVOUAFFBQxp1xOM8z9o9tvj7ntR1XRgKDSeML6
TgFo0hyNl6YJX72g/qTwOmR5Sj4+wCz1doOU90fUiV2R0k/PVU+4vqDkL6J3cX5B
+VuRdxRUKOevQ+XU6UqPK4IeOv4dVBdynogJ9WlBSKlq/E5K1aYSccwiV6LoHZNK
ASuwfqL48FVsY6BYp+YuGiW3x7uJdsAoVLrAKxSZS0/p24h2b0Db2hCTTDLhhKbr
CgtDa25nnML9dX96Lv/Vu8mZVbgpO71bYJU/fqBxCQtOUeL6fjre15f424vAH5Uo
HIS2GNSYa6QVPBLbAfml+TmpvWs8sbdra28+gAN+3oBx/tvm3K6Grsch/tXvo0GU
oD4GD0WFWQ6C56d/fhQipq8bI2SwQj2RlExQKlUE8MVC0U/mbBe4ZB+vQdklhTxV
EOTQg6oKN+tcohuAnwH2eyn1ar8mftZnv7fbmo3c4aRY/dQhbIs=
=2kHb
-----END PGP SIGNATURE-----
pgpfv3RdmPlkP.pgp
Description: PGP signature
--- End Message ---
