Re: posttls-finger: can't be able to find private/tlsmgr (disablling TLS) when building with -Bsymbolic-functions

Mon, 06 Sep 2021 10:40:42 -0700 

On Mon, Sep 06, 2021 at 06:39:32PM +0200, Miriam Espana Acebal wrote:

> recently we were working on this bug:
> https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1885403.
> [...]
> posttls-finger: warning: connect to private/tlsmgr: No such file or directory
> posttls-finger: warning: connect to private/tlsmgr: No such file or directory

The upstream posttls-finger(8) works correctly on most systems.  It
avoids unwanted interactions with tlsmgr(8) by overriding:

    $ nm src/posttls-finger/tlsmgrmem.o  | grep -w T | grep tls_mgr_
    0000000000000280 T _tls_mgr_delete
    0000000000000110 T _tls_mgr_lookup
    00000000000000b0 T _tls_mgr_policy
    00000000000000a0 T _tls_mgr_seed
    00000000000001c0 T _tls_mgr_update

> For summarizing, when running posttls-finger, it attempts to connect
> through private/tlsmgr, and unless the program is being run from
> /var/spool/postfix, this fails and posttls-finger disables TLS in the
> subsequent connection that it makes to the specified SMTP server:

This suggests that the functions in tlsmgmrmem.o, which is explicitly
linked into posttls-finger ahead of the TLS library (FreeBSD build):

    cc -fPIC -I. -I../../include -DUSE_TLS ... -c tlsmgrmem.c
    cc -fPIC -I. -I../../include -DUSE_TLS ... 
-Wl,-rpath,/usr/local/lib/postfix -o posttls-finger posttls-finger.o 
tlsmgrmem.o ../../lib/libpostfix-tls.so  ../../lib/libpostfix-dns.so  
../../lib/libpostfix-global.so  ../../lib/libpostfix-util.so -pie 
-L/usr/local/lib -lsasl2 -lpam -lcrypt -Wl,-rpath,/usr/local/lib 
-fstack-protector-strong -lssl -lcrypto -L/usr/local/lib/db5 -ldb-5.3 
-L/usr/local/lib -licui18n -licuuc -licudata

are on your system failing to preƫmpt the corresponding functions in
libpostfix-tls.  This is a platform toolchain issue, not a Postfix
issue.

> After some researching (that you can see in the link above), we discover
> that if we remove the -BSymbolic-functions from LDFLAGS when building, the
> problem goes away.

The upstream Postfix Makefiles do not use:

    -Bsymbolic-functions
      When creating a shared library, bind references to global function
      symbols to the definition within the shared library, if any.

      This option is only meaningful on ELF platforms which support
      shared libraries.

use of this compiler option is not compatible with posttls-finger.

> Software Engineer, Ubuntu Sever Team
> Canonical Ltd.

Ubuntu should not use -Bsymbolic or -Bsymbolic-functions when building
Postfix shared libraries.

-- 
    Viktor.

Reply via email to