Public bug reported:
Postfix package doesn't utilize update-ca-certificate's hooks mechanism.
By simply copying certs from /etc/ssl/certs/ca-certificates.crt to
/var/spool/postfix/etc/ssl/certs/ca-certificates.crt, this warning and
potential security issues could be avoided.
Something like this would be a start:
$ cat /etc/ca-certificates/update.d/postfix
#!/bin/bash
if [ -e /var/spool/postfix/etc/ssl/certs/ca-certificates.crt ]; then
echo "Updating postfix chrooted certs"
cp /etc/ssl/certs/ca-certificates.crt
/var/spool/postfix/etc/ssl/certs/ca-certificates.crt
systemctl reload postfix
fi
** Affects: postfix (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915238
Title:
warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and
/etc/ssl/certs/ca-certificates.crt differ
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1915238/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
