Sorry for disregarding almost all your proposals (but thanks for
them), but I think I found the culprit. It is not syncfiles.pl,
but rather the calling configure-instance.sh, where we have:
find . -mindepth 1 -maxdepth 1 \( \
\( \( -name '[0-9a-f]*[0-9a-f].[0-9]' -o -name ca-certificates.crt \)
-type f -print \) \
-o -delete \
\) | while read file; do
# ..and remove files which don't exist in source anymore
[ -f "$caddr/$file" ] || rm -f "$file"
# TYPO-ALERT: ^^^^^^ shouldn't this be $cad*i*r?!
done
Since unset "$caddr" expands to the empty string, the "-f" test
always fails and all certificates get removed in the destination
prior to syncfiles.pl being called.
(And yes, I can observe the copying also during a restart of
postfix in the running system. Which made me dig deeper ...)
WDYT?
