** Description changed: == Begin SRU Template == [Impact] - * It is possible for the postfix to fail to start whenever there are + * It is possible for the postfix to fail to start whenever there are broken symlinks in directories it scans, like certificates when the ca- certificates package is upgraded. [Test Case] - * lxc launch ubuntu-daily:xenial xenial - * lxc exec xenial bash - * sudo apt install postfix -y - * Edit /etc/postfix/main.cf and add the following line - smtp_tls_CApath=/usr/share/ca-certificates - * ln -s fakefile /usr/share/ca-certificates/foobar.pem - * /etc/init.d/postfix stop - * /etc/init.d/postfix start - * Failure message " * failure copying certificates" should print + * lxc launch ubuntu-daily:xenial xenial + * lxc exec xenial bash + * sudo apt install postfix -y + * Edit /etc/postfix/main.cf and add the following line + smtp_tls_CApath=/usr/share/ca-certificates + * ln -s fakefile /usr/share/ca-certificates/foobar.pem + * /etc/init.d/postfix stop + * /etc/init.d/postfix start + * If broken, the failure message " * failure copying certificates" should print; Postfix will fail to start as a result of the bad symlink. [Regression Potential] * Users currently experiencing this issue would be expecting an SRU fix to come from us as the application is broken. * The only work around it would require editing the init script with the workaround as described in this bug or by removing the bad symlinks. In either case, these things should be fixed. [Other Info] Postfix frequently fails to start after security updates to the ca- certificates package because upgrading the latter sometimes leaves dangling symlinks behind. If that happens, the /etc/init.d/postfix script aborts. # handle files in subdirectories (cd "$ca_path" && find . -name '*.pem' -print0 | cpio -0pdL --quiet "$dest_dir") 2>/dev/null || (log_failure_msg failure copying certificates; exit 1) The usual fix on a high level is "dpkg-reconfigure --priority=high ca- certificates"; however, I would propose to change the find command as follows: # handle files in subdirectories (cd "$ca_path" && find . -name '*.pem' -not -xtype l -print0 | cpio -0pdL --quiet "$dest_dir") 2>/dev/null || (log_failure_msg failure copying certificates; exit 1) This would then skip printing broken symbolic links, and prevent cpio from choking on them. ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: postfix 2.9.6-1~12.04.1 ProcVersionSignature: Ubuntu 3.11.0-19.33~precise1-generic 3.11.10.5 Uname: Linux 3.11.0-19-generic i686 NonfreeKernelModules: nvidia ApportVersion: 2.0.1-0ubuntu17.6 Architecture: i386 Date: Wed Apr 9 20:20:17 2014 EcryptfsInUse: Yes MarkForUpload: True ProcEnviron: LANGUAGE=de_DE:de:en_GB:en TERM=xterm PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: postfix UpgradeStatus: Upgraded to precise on 2012-11-01 (523 days ago)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305232 Title: Postfix fails to start, "failure to copy certificates" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1305232/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs