warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and /etc/ssl/certs/ca-certificates.crt differ
Bug #1915238 reported by
Ante Karamatić
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ca-certificates (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
postfix (Debian) |
Fix Released
|
Unknown
|
|||
postfix (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Postfix package doesn't utilize update-
Something like this would be a start:
$ cat /etc/ca-
#!/bin/bash
if [ -e /var/spool/
echo "Updating postfix chrooted certs"
cp /etc/ssl/
systemctl reload postfix
fi
Changed in postfix (Ubuntu): | |
assignee: | nobody → Paride Legovini (paride) |
Changed in postfix (Debian): | |
status: | Unknown → New |
Changed in postfix (Debian): | |
status: | New → Incomplete |
Changed in postfix (Debian): | |
status: | Incomplete → Fix Committed |
Changed in postfix (Debian): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Hi Ante and thanks for this bug report. According to what I see in the scripts the certs gets copied over: it happens via /lib/systemd/ system/ postfix@ .service which has this
ExecStartPre directive:
ExecStartPre= /usr/lib/ postfix/ configure- instance. sh %i
and configure- instance. sh copies the certs in the chroot when postfix is (re)started. I tested this on Focal and it works as intended.
However I don't see any mechanism that reloads Postfix after update- ca-certificate is called, so it may make sense to add a reload hook in /etc/ca- certificates/ update. d/.
Would this explain the issue you hit and that made you file this bug report, or do you think there's something going wrong and the certs do not get copied over? Do you agree a reload hook would be the correct fix here?