Your message dated Thu, 19 Dec 2024 09:36:11 +0000
with message-id <[email protected]>
and subject line Bug#1003982: fixed in postfix 3.9.1-7
has caused the Debian Bug report #1003982,
regarding [chroot,sasl] postfix: /etc/ssl/certs/ca-certificates.crt not copied
to chroot
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1003982: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003982
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: postfix
Version: 3.5.6-1+b1
Severity: normal
Dear Maintainer,
After a dist-upgrade from Buster to Bullseye, the configure-instance.sh
of Postfix
3.5 no longer copy /etc/ssl/certs/ca-certificates.crt to the chroot. The
previous
script from 3.4 used to copy it.
In the script, the files to copy are selected based on their .pem
extension:
find . -name '*.pem' -not -xtype l -print0
which is why this file is excluded.
I understand that several workarounds exist (such as using CApath
instead of CAfile)
and that Bookworm now has a way to copy extra files into the chroot
(#948321),
however it is a change that I did not see in the CHANGELOG from Buster
and may be
of interest for other, especially because ca-certificates.crt is a
standard source
of trust on Debian and not a custom file created by the system admin.
Would it be possible to copy the ca-certificates.crt file in addition to
the *.pem?
(In my specific case, ca-certificates.crt was used by tls_ca_cert_file
in a
ldap-based virtual map similar to #948321, I changed the value to a
specific .pem).
Thanks,
Thomas
-- System Information:
Debian Release: 11.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-10-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages postfix depends on:
ii adduser 3.118
ii cpio 2.13+dfsg-4
ii debconf [debconf-2.0] 1.5.77
ii dpkg 1.20.9
ii e2fsprogs 1.46.2-2
ii libc6 2.31-13+deb11u2
ii libdb5.3 5.3.28+dfsg1-0.8
ii libicu67 67.1-7
ii libnsl2 1.3.0-2
ii libsasl2-2 2.1.27+dfsg-2.1
ii libssl1.1 1.1.1k-1+deb11u1
ii lsb-base 11.1.0
ii netbase 6.3
ii ssl-cert 1.1.0+nmu1
Versions of packages postfix recommends:
ii ca-certificates 20210119
ii python3 3.9.2-3
Versions of packages postfix suggests:
ii bsd-mailx [mail-reader] 8.1.2-0.20180807cvs-2
ii libsasl2-modules 2.1.27+dfsg-2.1
pn postfix-cdb <none>
pn postfix-doc <none>
ii postfix-ldap 3.5.6-1+b1
pn postfix-lmdb <none>
pn postfix-mysql <none>
ii postfix-pcre 3.5.6-1+b1
pn postfix-pgsql <none>
pn postfix-sqlite <none>
pn procmail <none>
pn resolvconf <none>
pn ufw <none>
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: postfix
Source-Version: 3.9.1-7
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
postfix, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated postfix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 19 Dec 2024 12:13:23 +0300
Source: postfix
Architecture: source
Version: 3.9.1-7
Distribution: unstable
Urgency: medium
Maintainer: Debian Postfix Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 429742 928187 1003982 1088862
Changes:
postfix (3.9.1-7) unstable; urgency=medium
.
* the "let's break the toys" release part 1:
* completelty redesign postfix multi-instance systemd setup;
regular postfix service is back (and journalctl -u postfix etc);
postfix@- is gone. Pleas see the NEWS file for more details
(Closes: #1088862, #928187)
* `postfix start' now starts systemd postfix service and updates chroot
* do not ship /etc/postfix/makedefs.out symlink (to /usr/share/postfix/)
* do not include doc directories in postfix maps packages anymore, link to
the main package doc dir instead
* more cleanups for chroot setup and packaging
.
* packaging changes:
* maintscript: remove package names (defaults to $DPKG_MAINTSCRIPT_PACKAGE)
* d/.gitignore: ignore debian/files
* control: remove lsb-release build dep (forgotten after ${DEB_VENDOR} change
* postinst: postconf -hx not -h (to expand names)
* preinst: debconf is not used anymore
* rules: only install listed examples from conf/, not everything
* rules: use ${package} (in form of $mapbase) in foo-MAP generation script
too (another place previously forgotten)
* rules: move generated main.cf.debian & main.cf.dist from conf/ to meta/ -
avoids cleaning them up
* rules: keep original meta/postfix-files, create debian-specific in debian/
* rules: make install-map a macro (readability)
* rules: make doc dir for dynamic maps to be symlinks to main postfix package
* rules: fixup manpage naming (8postfix) at install time
* 41_rmail.diff: do not uncomment master.cf entry for uucp in 2024
* collapse various dynamic map README files into main README.Debian
* postinst &Co: perform (re)start in dpkg trigger
* postinst,main.cf.in: fix clarify cyrus_sasl_config_path setting
* d/main.cf.in: compatibility=3.9 for new install
* d/main.cf.in: reword myorigin comment
* d/postfix_groups.pl: drop, postfix can expand LDAP groups for a long time
* make main.cf.proto & master.cf.proto to be regular conffiles
* prerm: remove more dirs; rewrite
* postinst: remove very old (<<2.5) sasl-smtp[d]->smtp[d] rename
* postinst: drop permission fix from 2008 (2.5.0) for /var/lib/postfix
* postinst: drop pre-historic update-inetd call disabling smtp
* postinst,postrm: simplify file/dir permissions handling
* postinst: note we should create /etc/aliases on new install
even if no configuration is requested
* rules: it is /etc/network/if-down.d, not ip-down.d (thanks axhn)
* postinst,postrm,etc: stop messing with readme_directory
* suggest to use proxy: map for chrooted config in README.Debian
(Closes: #429742, #1003982)
* README.Debian: review /dev/log situation in chroot
* configure-instance: remove $queue_directory/etc/ssl/certs if chroot
is not in use
* configure-instance: do not copy nss modules from glibc (these are
built-in);
add comments
* configure-instance: assume cleanup service is safe to be in chroot
(no extra setup needed)
* debian-run-configure-instance-from-create-missing.patch: move
configure-instance invocation to post-install script
* switch from [email protected] to postfix.service: breaking change
(#1088862 #928187)
* debian-re-run-startup-through-systemd.patch: redirect `postfix start'
to systemd
* postinst: detect if multi-instance was in use and warn the user
* add NEWS and README about changes wrt multiple instances
* control: remove systemd-dev build dependency
Checksums-Sha1:
49a4b2bb06ba8fb6f4592f806ce88e7766a933a2 3135 postfix_3.9.1-7.dsc
500742085e97c7b7a9e6515ca2a089b2ae28837f 197384 postfix_3.9.1-7.debian.tar.xz
fd093b224285d953a035686bc336e8a5891cff80 8199 postfix_3.9.1-7_source.buildinfo
Checksums-Sha256:
d100471ecb577fd68f5d46d623c2b68c4435ef0e2f58f4314b337d22a81ae89b 3135
postfix_3.9.1-7.dsc
37619e1bc379cdb9a6d97c571fed48ca987e184539c8316c933915cc23ad69d4 197384
postfix_3.9.1-7.debian.tar.xz
b293fe4160a800ed56200fb52c74a63c6975d1f83be826519b9a27cbcab4f572 8199
postfix_3.9.1-7_source.buildinfo
Files:
918c5563a9df2253e013fdb05c8c259d 3135 mail optional postfix_3.9.1-7.dsc
f4ba33e3fa5563d4fabe321f23157c85 197384 mail optional
postfix_3.9.1-7.debian.tar.xz
9bb60ab9e8c576464191626125731936 8199 mail optional
postfix_3.9.1-7_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmdj49QACgkQgqpKJDse
lHh3hw//dtnS9JlYDKkatfDkty8NlHtCgcHvbyeJD8GtsHZrSCvbnA3MXz584cLv
cn2i/wThmRP1BJaM6vFsbY+3PELQvG30FvgXPI130P/0vRU/oZqV+b1tWSJz5scP
AU3Wm2/YO8OjpI0lEEvre3KLdRxe77bbjIEUydcn7bFjWHFVCiyLU9SesL0whAXY
D5BUbeMtTeuHMDB5rgu0YzkbH3+85mh9vyu617xd6Krr1dghq227Ox+YJY6ZA0iU
0vpdP2dpym8t7aHZbBJT7yGuSzbTXwQVMiIHjrnB1N9vCr+exQoNzIUq1YV//jqJ
ozTwWmKrX1Q29y+dBIux4YqOACWYTYfjrGxI/HRzy0EIJBgT5FgqFHgUnAfxMlQS
FEX5exw4XiMrC3j/8CLsFfGM42TvAQkiwMrNvZwBJXhD7vhJbqhfJQIdp6wSlsBN
JKFgulvvz6Vk9xis24byIT3WpOqn5aV3i17g3dRF/Ag1TvucYKeo3pdwba2ssU79
myJgZ0YIuQzKO+ch6q8c4GNMEvcsmnR2OmCU/QujBVHK65MuSVbhKu5hy4c4sXBJ
+4rWyf0JafJBkB6Gw/jxMbNp+kXNjAGQ7K864iQf3zfIspkCcskcRhnq+aIXMZno
KmhxoC9i9JtlCvLh0fUtDx5xkPgzwtNgSDhzKfO9FiomohHnw1U=
=hwv6
-----END PGP SIGNATURE-----
pgp6WGuN5wUdR.pgp
Description: PGP signature
--- End Message ---
