Postfix fails to start, "failure to copy certificates"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postfix (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Joshua Powers | ||
Xenial |
Fix Released
|
Medium
|
Joshua Powers |
Bug Description
== Begin SRU Template ==
[Impact]
* It is possible for the postfix to fail to start whenever there are broken symlinks in directories it scans, like certificates when the ca-certificates package is upgraded.
[Test Case]
* lxc launch ubuntu-daily:xenial xenial
* lxc exec xenial bash
* sudo apt install postfix -y
* Edit /etc/postfix/
smtp_
* ln -s fakefile /usr/share/
* /etc/init.d/postfix stop
* /etc/init.d/postfix start
* If broken, the failure message " * failure copying certificates" should print;
Postfix will fail to start as a result of the bad symlink.
[Regression Potential]
* Users currently experiencing this issue would be expecting an SRU fix to come from us as the application is broken.
* The only work around it would require editing the init script with the workaround as described in this bug or by removing the bad symlinks. In either case, these things should be fixed.
[Other Info]
Postfix frequently fails to start after security updates to the ca-certificates package because upgrading the latter sometimes leaves dangling symlinks behind. If that happens, the /etc/init.d/postfix script aborts.
The usual fix on a high level is "dpkg-reconfigure --priority=high ca-certificates"; however, I would propose to change the find command as follows:
This would then skip printing broken symbolic links, and prevent cpio from choking on them.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: postfix 2.9.6-1~12.04.1
ProcVersionSign
Uname: Linux 3.11.0-19-generic i686
NonfreeKernelMo
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: i386
Date: Wed Apr 9 20:20:17 2014
EcryptfsInUse: Yes
MarkForUpload: True
ProcEnviron:
LANGUAGE=
TERM=xterm
PATH=(custom, no user)
LANG=de_DE.utf8
SHELL=/bin/bash
SourcePackage: postfix
UpgradeStatus: Upgraded to precise on 2012-11-01 (523 days ago)
Changed in postfix (Ubuntu Xenial): | |
assignee: | nobody → Joshua Powers (powersj) |
Changed in postfix (Ubuntu Trusty): | |
assignee: | nobody → Joshua Powers (powersj) |
description: | updated |
description: | updated |
Changed in postfix (Ubuntu Trusty): | |
importance: | Undecided → Medium |
Changed in postfix (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Key is adding "-not -xtype l" which weeds out stuff that is a symbolic link when dereferenced. This is only true for broken (dangling) symbolic links.