Thanks to Scott this is Fixed in version postfix/3.6.3-5
And since the package is in sync this is in Jammy now:
postfix | 3.6.3-5ubuntu2| jammy | source, amd64, arm64, armhf,
ppc64el, riscv64, s390x
** Changed in: postfix (Ubuntu)
Status: Triaged => Fix Released
--
You
** Changed in: postfix (Debian)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915238
Title:
warning:
Thank you Scott!
As reference, that mentioned change is [1] and not yet part of a Debian
upload to sync/merge.
[1]: https://salsa.debian.org/postfix-team/postfix-
dev/-/commit/01fb7f1b307fb9bbc025d90dd404c9bff89f76ff
** Tags added: server-todo
--
You received this bug notification because you
** Changed in: postfix (Debian)
Status: Incomplete => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915238
Title:
warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt
Not a ca-certificates issue.
** Changed in: ca-certificates (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915238
Title:
warning:
This is an unneeded leftover and the file in the chroot
(/var/spool/postfix) can be deleted.
When using smtp*_tls_CAfile, the smtp or smtpd daemon copies from
/etc/ssl/certs before entering the chroot (CApath is different), so it
doesn't need to be there. We stopped copying the file into the
** Changed in: postfix (Debian)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915238
Title:
warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and
So I looked into this a bit more and based on
http://www.postfix.org/postconf.5.html#smtp_tls_CAfile is doesn't appear
to me that the ca-certificates.crt file needs to be in the chroot at
all. What happens if you just delete the chroot copy? Looking in the
git history, I can see we used to
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ca-certificates (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915238
I'm open to putting a fix in Debian. I haven't come up with a solution
that I'm happy with and don't currently have a lot of time to work on
this.
I think Paride Legovini's "wall-of-text" post is on the right track, but
I would really prefer to avoid asking a question about this.
Anything in
This bug is in our backlog, we still did not have time to tackle it.
Paride made a great analysis above, and I believe we should try to talk
to the Debian maintainer to see if they agree with the proposed solution
and land the fix there.
--
You received this bug notification because you are a
Any news?
Note that under Debian, even a reboot will not update the file. So I
currently have:
-rw-r--r-- 1 195453 2021-10-19 01:46:43 /etc/ssl/certs/ca-certificates.crt
-rw-r--r-- 1 200061 2019-09-20 11:53:51
/var/spool/postfix/etc/ssl/certs/ca-certificates.crt
--
You received this bug
** Changed in: postfix (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915238
Title:
warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and
Fixing this properly is not straightforward.
* I'm -1 for calling configure-instance.sh when ca-certificates is
updated as that script is not meant do be run while postfix is running.
We can't be sure that changing the postfix environment without
restarting it won't have unexpected consequences.
** Also affects: ca-certificates (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915238
Title:
warning:
** Bug watch added: Debian Bug tracker #991609
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991609
** Also affects: postfix (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991609
Importance: Unknown
Status: Unknown
--
You received this bug notification
** Changed in: postfix (Ubuntu)
Assignee: (unassigned) => Paride Legovini (paride)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915238
Title:
warning:
Thanks for the detailed analysis Paride and Ante. While a service
restart is indeed required to refresh the chroot dir of the main/default
instance, it feels a bit intrusive and could be avoided by directly
calling "/usr/lib/postfix/configure-instance.sh" via a hook in /etc/ca-
A reload is not enough to trigger a configure-instance.sh run, a full
restart is needed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915238
Title:
warning:
Hi Ante and thanks for this bug report. According to what I see in the scripts
the certs gets copied over: it happens via /lib/systemd/system/postfix@.service
which has this
ExecStartPre directive:
ExecStartPre=/usr/lib/postfix/configure-instance.sh %i
and configure-instance.sh copies the
20 matches
Mail list logo