postfix upgrade-configuration messes up main.cf

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

postfix upgrade-configuration messes up main.cf

Mario Theodoridis
Hello everyone,

i'm having a problem upgrading to Centos-6.8 from an older 6.x version.
The problem is created when the rpm post script runs the below command:

# upgrade configuration files if necessary
/usr/sbin/postfix set-permissions upgrade-configuration \
         config_directory=/etc/postfix \
         daemon_directory=/usr/libexec/postfix \
         command_directory=/usr/sbin \
         mail_owner=postfix \
         setgid_group=postdrop \
         manpage_directory=/usr/share/man \
         sample_directory=/usr/share/doc/postfix-2.6.6/samples \
         readme_directory=/usr/share/doc/postfix-2.6.6/README_FILES &>
/dev/null


Before upgrading a postmulti list looks like this

$ postmulti -l
-               -               y         /etc/postfix
postfix-milter-1 -               y         /etc/postfix-milter-1
postfix-split-1 -               y         /etc/postfix-split-1

After running the above command i get

$ postmulti -l
postmulti: fatal: instance /etc/postfix-split-1,
queue_directory=/var/spool/postfix-split-1 conflicts with instance
/etc/postfix, queue_directory=/var/spool/postfix-split-1

My main.cf is changed in the following way

--- /etc/postfix/main.cf.bak    2017-03-08 13:45:05.088428555 +0100
+++ /etc/postfix/main.cf        2017-03-08 14:32:21.453525361 +0100
@@ -28,7 +28,7 @@
  # See the files in examples/chroot-setup for setting up Postfix chroot
  # environments on different UNIX systems.
  #
-queue_directory = /var/spool/postfix
+queue_directory = /var/spool/postfix-split-1

  # The command_directory parameter specifies the location of all
  # postXXX commands.
@@ -45,7 +45,7 @@
  # data files (caches, random numbers). This directory must be owned
  # by the mail_owner account (see below).
  #
-data_directory = /var/lib/postfix
+data_directory = /var/lib/postfix-split-1

  # QUEUE AND PROCESS OWNERSHIP
  #
@@ -664,16 +664,16 @@

  # manpage_directory: The location of the Postfix on-line manual pages.
  #
-manpage_directory = /usr/share/man
+manpage_directory = /usr/local/man

  # sample_directory: The location of the Postfix sample configuration
files.
  # This parameter is obsolete as of Postfix 2.1.
  #
-sample_directory = /usr/share/doc/postfix-2.6.6/samples
+sample_directory = /etc/postfix

  # readme_directory: The location of the Postfix README files.
  #
-readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
+readme_directory = no
  multi_instance_wrapper = ${command_directory}/postmulti -p --
  multi_instance_enable = yes
  multi_instance_directories = /etc/postfix-milter-1 /etc/postfix-split-1

The queue_directory and data_directory are now those of the
/etc/postfix-split-1 instance.

So i wonder, is this a bug in
  postfix upgrade-configuration
or should that not be run in a postmulti scenario, which would make it a
rpm packaging bug.
Or is it option #3, i screwed something up.

Clue sticks would be appreciated ;)


--
Mit Freundlichen Grüßen / Regards

Mario Theodoridis

regify GmbH
Römerstrasse 39 | D-78183 Hüfingen
Amtsgericht Freiburg HRB 709343
Telefon: +49 771 8978 4238
Reply | Threaded
Open this post in threaded view
|

Re: postfix upgrade-configuration messes up main.cf

Wietse Venema
Mario Theodoridis:
> Hello everyone,
>
> i'm having a problem upgrading to Centos-6.8 from an older 6.x version.
> The problem is created when the rpm post script runs the below command:

File a bug with CentOS. Some distros make improvements that screw
up Postfix multi-instance support.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: postfix upgrade-configuration messes up main.cf

Mario Theodoridis
On 08/03/17 16:48, Wietse Venema wrote:

> Mario Theodoridis:
>> Hello everyone,
>>
>> i'm having a problem upgrading to Centos-6.8 from an older 6.x version.
>> The problem is created when the rpm post script runs the below command:
>
> File a bug with CentOS. Some distros make improvements that screw
> up Postfix multi-instance support.
>
> Wietse
>

Thanks Wietse.

Just so i know what to file.
Is running this command with multi instances wrong,
or did they break the command itself?

I don't really see this answered in the postfix or postmulti man pages.


--
Mit Freundlichen Grüßen / Regards

Mario Theodoridis

regify GmbH
Römerstrasse 39 | D-78183 Hüfingen
Amtsgericht Freiburg HRB 709343
Telefon: +49 771 8978 4238
Reply | Threaded
Open this post in threaded view
|

Re: postfix upgrade-configuration messes up main.cf

Viktor Dukhovni
In reply to this post by Mario Theodoridis

> On Mar 8, 2017, at 9:03 AM, Mario Theodoridis <[hidden email]> wrote:
>
> /usr/sbin/postfix set-permissions upgrade-configuration \
>        config_directory=/etc/postfix \
>        daemon_directory=/usr/libexec/postfix \
>        command_directory=/usr/sbin \
>        mail_owner=postfix \
>        setgid_group=postdrop \
>        manpage_directory=/usr/share/man \
>        sample_directory=/usr/share/doc/postfix-2.6.6/samples \
>        readme_directory=/usr/share/doc/postfix-2.6.6/README_FILES &> /dev/null

The problem is with the explicit "config_directory=/etc/postfix" setting.
This is used in combination with each instance, which results in the
default instance's files being edited instead of the files for the
instance in question.

I can reproduce the problem outcome you reported with Postfix 3.1.4
on FreeBSD.

        # postmulti -e init
        # postmulti -e create -I postfix-foo
        # postfix set-permissions upgrade-configuration "config_directory=/usr/local/etc/postfix"
        # postmulti -l
        postmulti: fatal: instance /usr/local/etc/postfix-foo, queue_directory=/var/spool/postfix-foo conflicts with instance /usr/local/etc/postfix, queue_directory=/var/spool/postfix-foo

This particular command does exactly what it is told, but probably
Postfix should have special logic to handle "config_directory" in
this and similar cases.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: postfix upgrade-configuration messes up main.cf (candidate patch)

Viktor Dukhovni
On Wed, Mar 08, 2017 at 11:10:45AM -0500, Viktor Dukhovni wrote:

> > On Mar 8, 2017, at 9:03 AM, Mario Theodoridis <[hidden email]> wrote:
> >
> > /usr/sbin/postfix set-permissions upgrade-configuration \
> >        config_directory=/etc/postfix \
> >        daemon_directory=/usr/libexec/postfix \
> >        command_directory=/usr/sbin \
> >        mail_owner=postfix \
> >        setgid_group=postdrop \
> >        manpage_directory=/usr/share/man \
> >        sample_directory=/usr/share/doc/postfix-2.6.6/samples \
> >        readme_directory=/usr/share/doc/postfix-2.6.6/README_FILES &> /dev/null
>
> The problem is with the explicit "config_directory=/etc/postfix" setting.
> This is used in combination with each instance, which results in the
> default instance's files being edited instead of the files for the
> instance in question.
>
> I can reproduce the problem outcome you reported with Postfix 3.1.4
> on FreeBSD.
>
> # postmulti -e init
> # postmulti -e create -I postfix-foo
> # postfix set-permissions upgrade-configuration "config_directory=/usr/local/etc/postfix"
> # postmulti -l
> postmulti: fatal: instance /usr/local/etc/postfix-foo, queue_directory=/var/spool/postfix-foo conflicts with instance /usr/local/etc/postfix, queue_directory=/var/spool/postfix-foo
>
> This particular command does exactly what it is told, but probably
> Postfix should have special logic to handle "config_directory" in
> this and similar cases.

The patch below will make "post-install" abort when "name=value"
overrides attempt to modify config_directory, data_directory or
queue_directory.  An alternative may be to issue a warning and
ignore the override.

diff --git a/conf/post-install b/conf/post-install
index 904cefa..75d3aef 100644
--- a/conf/post-install
+++ b/conf/post-install
@@ -231,12 +231,27 @@ USAGE="Usage: $0 [name=value] command
 create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
 obsolete=; keep_list=;
 
+checked_override() {
+    param_nameval=$1
+    IFS="="; set -- $1; IFS="$BACKUP_IFS"
+    case $1 in
+    config_directory|data_directory|queue_directory)
+        eval "param_val=\$$1"
+        if [ -n "$param_val" ] && [ "X$2" != "X$param_val" -o $# -ne 2 ]; then
+             echo "$0: Cannot override instance parameter '$1'"
+             exit 1
+        fi
+        ;;
+    esac
+    IFS= eval $param_nameval; IFS="$BACKUP_IFS"
+}
+
 for arg
 do
     case $arg in
  *[" "]*) echo $0: "Error: argument contains whitespace: '$arg'"
      exit 1;;
-                *=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
+                *=*) checked_override "$arg";;
      create-missing) create=1;;
   set-perm*) create=1; set_perms=1;;
       upgrade-perm*) create=1; upgrade_perms=1;;

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: postfix upgrade-configuration messes up main.cf (candidate patch)

Mario Theodoridis
On 08/03/17 19:08, Viktor Dukhovni wrote:

> On Wed, Mar 08, 2017 at 11:10:45AM -0500, Viktor Dukhovni wrote:
>
>>> On Mar 8, 2017, at 9:03 AM, Mario Theodoridis <[hidden email]> wrote:
>>>
>>> /usr/sbin/postfix set-permissions upgrade-configuration \
>>>        config_directory=/etc/postfix \
>>>        daemon_directory=/usr/libexec/postfix \
>>>        command_directory=/usr/sbin \
>>>        mail_owner=postfix \
>>>        setgid_group=postdrop \
>>>        manpage_directory=/usr/share/man \
>>>        sample_directory=/usr/share/doc/postfix-2.6.6/samples \
>>>        readme_directory=/usr/share/doc/postfix-2.6.6/README_FILES &> /dev/null
>>
>> The problem is with the explicit "config_directory=/etc/postfix" setting.
>> This is used in combination with each instance, which results in the
>> default instance's files being edited instead of the files for the
>> instance in question.
>>
>> I can reproduce the problem outcome you reported with Postfix 3.1.4
>> on FreeBSD.
>>
>> # postmulti -e init
>> # postmulti -e create -I postfix-foo
>> # postfix set-permissions upgrade-configuration "config_directory=/usr/local/etc/postfix"
>> # postmulti -l
>> postmulti: fatal: instance /usr/local/etc/postfix-foo, queue_directory=/var/spool/postfix-foo conflicts with instance /usr/local/etc/postfix, queue_directory=/var/spool/postfix-foo
>>
>> This particular command does exactly what it is told, but probably
>> Postfix should have special logic to handle "config_directory" in
>> this and similar cases.

Awesome, that's what i was looking for.

> The patch below will make "post-install" abort when "name=value"
> overrides attempt to modify config_directory, data_directory or
> queue_directory.  An alternative may be to issue a warning and
> ignore the override.
>
> diff --git a/conf/post-install b/conf/post-install
> index 904cefa..75d3aef 100644
> --- a/conf/post-install
> +++ b/conf/post-install
> @@ -231,12 +231,27 @@ USAGE="Usage: $0 [name=value] command
>  create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
>  obsolete=; keep_list=;
>
> +checked_override() {
> +    param_nameval=$1
> +    IFS="="; set -- $1; IFS="$BACKUP_IFS"
> +    case $1 in
> +    config_directory|data_directory|queue_directory)
> +        eval "param_val=\$$1"
> +        if [ -n "$param_val" ] && [ "X$2" != "X$param_val" -o $# -ne 2 ]; then
> +             echo "$0: Cannot override instance parameter '$1'"
> +             exit 1
> +        fi
> +        ;;
> +    esac
> +    IFS= eval $param_nameval; IFS="$BACKUP_IFS"
> +}
> +
>  for arg
>  do
>      case $arg in
>   *[" "]*) echo $0: "Error: argument contains whitespace: '$arg'"
>       exit 1;;
> -                *=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
> +                *=*) checked_override "$arg";;
>       create-missing) create=1;;
>    set-perm*) create=1; set_perms=1;;
>        upgrade-perm*) create=1; upgrade_perms=1;;
>

I can think of several other candidates that shouldn't be mucked with.
Here are examples of just my use case:

multi_instance_name = postfix-milter-1
smtpd_banner = $myhostname ESMTP $mail_name (milter)
inet_interfaces = 192.168.0.1
mynetworks_style = subnet
mynetworks = 192.168.0.0/24
mydestination =
message_size_limit = 20000000
non_smtpd_milters = unix:/tmp/rfmilter-1
smtpd_milters = unix:/tmp/rfmilter-1
multi_instance_enable = yes
relayhost =
myhostname = mail.company.com

Maybe a white list would be more appropriate?


--
Mit Freundlichen Grüßen / Regards

Mario Theodoridis

regify GmbH
Römerstrasse 39 | D-78183 Hüfingen
Amtsgericht Freiburg HRB 709343
Telefon: +49 771 8978 4238
Reply | Threaded
Open this post in threaded view
|

Re: postfix upgrade-configuration messes up main.cf

Mario Theodoridis
In reply to this post by Wietse Venema
On 08/03/17 16:48, Wietse Venema wrote:

> Mario Theodoridis:
>> Hello everyone,
>>
>> i'm having a problem upgrading to Centos-6.8 from an older 6.x version.
>> The problem is created when the rpm post script runs the below command:
>
> File a bug with CentOS. Some distros make improvements that screw
> up Postfix multi-instance support.
>
> Wietse

FYI

https://bugzilla.redhat.com/show_bug.cgi?id=1430725


--
Mit Freundlichen Grüßen / Regards

Mario Theodoridis

regify GmbH
Römerstrasse 39 | D-78183 Hüfingen
Amtsgericht Freiburg HRB 709343
Telefon: +49 771 8978 4238