Postfix fails to start, "failure to copy certificates"

Key is adding "-not -xtype l" which weeds out stuff that is a symbolic link when dereferenced. This is only true for broken (dangling) symbolic links.

Status changed to 'Confirmed' because the bug affects multiple users.

I will get this added to the package.

Bug persists in 14.04 LTS.

Bug persists in 16.04 LTS

I've pushed the fix to git for the Debian postfix package. This will be in the next Debian upload that will get sync'ed into the Ubuntu development release. Someone who is involved in Ubuntu will need to work on a stable update after that happens if you want the fix in an earlier release.

Thanks Scott. Marking bitesize as this sounds like a straightforward cherry-pick for SRUs.

This bug was fixed in the package postfix - 3.1.4-2

---------------
postfix (3.1.4-2) unstable; urgency=medium

  * Update postfix Suggestions.
  * Update postfix-sqlite postinst/prerm to reflect that addmap is idempotent.
  * Restore so.1.0.1 symlinks for map libraries and change how new entries are
    added. Closes: #850400
  * Be more aggressive in retiring usage of lmtp binary. Closes: #850430
    LP: #1654453
  * Check symlinks separately in postfix-script, to allow library symlinks.
    This will go away once the symlinks are dropped again.

 -- LaMont Jones <email address hidden> Fri, 06 Jan 2017 08:41:36 -0700

Still hasn't made it in Xenial after 4 months...

Sorry, this issue having affected only four users in three years, we need to prioritise other bugs. If you'd like to drive the fix yourself, please see https://wiki.ubuntu.com/StableReleaseUpdates#Procedure

Although the xenial SRU isn't ready yet, I'll accept this into trusty but they should be release together to prevent regressions when updating from 14.04 to 16.04.

Hello Matthias, or anyone else affected,

Accepted postfix into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/postfix/2.11.0-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-trusty to verification-done-trusty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-trusty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Multiple notes on this for the SRU Team:
1. the trusty fix was accepted by Brian about a month ago, but back then it failed to build.
   Reason: it had issues on the new kernel in the build env.
   Currently 2.11.0-1ubuntu1.2 [1] is in proposed for that which looks good.
   IMHO that could have needed a -v2.11.0-1ubuntu1 but it is too late for that.
   I expect some SRU tools miss this bug, for the -v being missing.

2. The Xenial SRU pipe is finally cleared of [2], so we now are able to correctly sponsor the Xenial fix for this.

Thereby ready for SRU review and acceptance on x-unapproved as well now.

@Josh it would be great if you could help to track migration of these - ok?

[1]: https://launchpad.net/ubuntu/+source/postfix/2.11.0-1ubuntu1.2
[2]: https://launchpad.net/ubuntu/+source/postfix/3.1.0-3ubuntu0.1

Hello Matthias, or anyone else affected,

Accepted postfix into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/postfix/3.1.0-3ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Using Trusty I was able to install version 2.11.0-1ubuntu1.2 from proposed and complete the verification steps in the test case. I can confirm that postfix started as expected with the new version, but failed to start with the current version in the archive.

My log from Trusty attached

Using Xenial I was able to install version 3.1.0-3ubuntu0.2 from proposed and complete the verification steps in the test case. I can confirm that postfix started as expected with the new version, but failed to start with the current version in the archive.

My log from Xenial is attached

Marking verification-done-trusty and verification-done-xenial

There were some autopkg test failures [1][2][3] that were all due to getting bionic setup in a debootstrap. Until there is an update to debootstrap to include bionic these will continue to fail.

[1]https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/amd64/s/sbuild/20171025_145221_d9500@/log.gz
[2] https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/i386/s/sbuild/20171025_145217_d9500@/log.gz
[3] https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/ppc64el/s/sbuild/20171025_144838_d9500@/log.gz

This bug was fixed in the package postfix - 2.11.0-1ubuntu1.2

---------------
postfix (2.11.0-1ubuntu1.2) trusty; urgency=medium

  * makedefs, src/util/sys_defs.h: Fix FTBFS with prior upload.
    - Source assumes only Linux 3.x kernels exist, but HWE in trusty is
      at 4.4.

 -- Nishanth Aravamudan <email address hidden> Fri, 18 Aug 2017 18:13:13 -0700

This bug was fixed in the package postfix - 3.1.0-3ubuntu0.2

---------------
postfix (3.1.0-3ubuntu0.2) xenial; urgency=medium

  * Ignore broken symbolic links during ca_cert check (Closes LP: #1305232)

 -- Joshua Powers <email address hidden> Thu, 17 Aug 2017 08:56:11 -0700

The verification of the Stable Release Update for postfix has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.