diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:18:57 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:18:57 +0000 |
commit | a9cdccbffffdd2e58b5cc69683682517e892ea40 (patch) | |
tree | 5890cdcebde1069c9b7419d92476e52cc5525d6f /debian/configure-instance.sh | |
parent | Adding upstream version 3.7.10. (diff) | |
download | postfix-debian.tar.xz postfix-debian.zip |
Adding debian version 3.7.10-0+deb12u1.debian/3.7.10-0+deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | debian/configure-instance.sh | 148 |
1 files changed, 148 insertions, 0 deletions
diff --git a/debian/configure-instance.sh b/debian/configure-instance.sh new file mode 100644 index 0000000..6a297d1 --- /dev/null +++ b/debian/configure-instance.sh @@ -0,0 +1,148 @@ +#! /bin/sh -e + +# This helper script is used by the postfix init scripts, +# upstart jobs, systemd services, openrc scripts, etc. in +# prepping the instance of postfix to be started. + +# It was originally part of the postfix init script, which +# was written by LaMont Jones <lamont@debian.org>, and based +# off of the sendmail init script. + +chroot_extra_files= +chroot_extra_CAdir= + +INSTANCE="$1" + +SYNC_CHROOT="y" + +if test -r /etc/default/postfix; then + . /etc/default/postfix +fi + +# Sigh. Because reasons, files is relative, CAdir not +[ "$chroot_extra_CAdir" != '' ] && [ ! "${chroot_extra_CAdir%${chroot_extra_CAdir#?}}"x = '/x' ] && chroot_extra_CAdir=/$chroot_extra_CAdir +if [ "$chroot_extra_files" != '' ]; then + files='' + for file in $chroot_extra_files + do + [ "${file%${file#?}}"x = '/x' ] && file=${file#?} + files="$files $file" + done + chroot_extra_files=$files +fi + +if [ "X$INSTANCE" = X ] || [ "X$INSTANCE" = "X-" ]; then + POSTCONF="postconf -o inet_interfaces=" +else + POSTCONF="postmulti -i $INSTANCE -x postconf -o inet_interfaces=" +fi + +# if you set myorigin to 'ubuntu.com' or 'debian.org', it's wrong, and annoys the admins of +# those domains. See also sender_canonical_maps. + +MYORIGIN=$($POSTCONF -hx myorigin | tr 'A-Z' 'a-z') +if [ "X${MYORIGIN#/}" != "X${MYORIGIN}" ]; then + MYORIGIN=$(tr 'A-Z' 'a-z' < $MYORIGIN) +fi +if [ "X$MYORIGIN" = Xubuntu.com ] || [ "X$MYORIGIN" = Xdebian.org ]; then + echo "Invalid \$myorigin ($MYORIGIN), refusing to start" + exit 1 +fi + +config_dir=$($POSTCONF -hx config_directory) +MAJOR_VER=$($POSTCONF -hx mail_version|cut -d. -f1) +COMPAT=$($POSTCONF -xh compatibility_level|cut -d. -f1) +[ $MAJOR_VER -ge 3 ] && [ $COMPAT -ge 1 ] && CHROOT_TEST="[yY]" || CHROOT_TEST="[-yY]" +# see if anything is running chrooted. +NEED_CHROOT=$(awk '/^[0-9a-z]/ && ($5 ~ "'"$CHROOT_TEST"'") { print "y"; exit}' ${config_dir}/master.cf) + +# Functions for chroot setup + +copyCAdir() { + # Copy/update CA directory in chroot + ca_path=$1 + case "$ca_path" in + '') :;; # no ca_path + $queue_dir/*) :;; # skip stuff already in chroot + *) + if test -d "$ca_path"; then + dest_dir="$queue_dir/${ca_path#/}" + # strip any/all trailing / + while [ "${dest_dir%/}" != "${dest_dir}" ]; do + dest_dir="${dest_dir%/}" + done + new=0 + if test -d "$dest_dir"; then + # write to a new directory ... + dest_dir="${dest_dir}.NEW" + new=1 + fi + mkdir --parent ${dest_dir} + # handle files in subdirectories + (cd "$ca_path" && find . -name '*.pem' -not -xtype l -print0 | cpio -0pdL --quiet "$dest_dir") 2>/dev/null || + (echo failure copying certificates; exit 1) + openssl rehash "$dest_dir" >/dev/null 2>&1 + if [ "$new" = 1 ]; then + # and replace the old directory + rm -rf "${dest_dir%.NEW}" + mv "$dest_dir" "${dest_dir%.NEW}" + fi + fi + ;; + esac +} + +if [ -n "$NEED_CHROOT" ] && [ -n "$SYNC_CHROOT" ]; then + # Make sure that the chroot environment is set up correctly. + umask 022 + queue_dir=$($POSTCONF -hx queue_directory) + cd "$queue_dir" + + # Set the smtp CA path to be copied, if specified + sca_path=$($POSTCONF -hx smtp_tls_CApath) + + # Set the smtpd CA path to be copied, if specified + dca_path=$($POSTCONF -hx smtpd_tls_CApath) + + # Copy or update each defined CA directory + for CA in $sca_path $dca_path $chroot_extra_CAdir + do + copyCAdir $CA + done + + # if we're using unix:passwd.byname, then we need to add etc/passwd. + local_maps=$($POSTCONF -hx local_recipient_maps) + if [ "X$local_maps" != "X${local_maps#*unix:passwd.byname}" ]; then + if [ "X$local_maps" = "X${local_maps#*proxy:unix:passwd.byname}" ]; then + sed 's/^\([^:]*\):[^:]*/\1:x/' /etc/passwd > etc/passwd + chmod a+r etc/passwd + fi + fi + + FILES="etc/localtime etc/services etc/resolv.conf etc/hosts \ + etc/host.conf etc/nsswitch.conf etc/nss_mdns.config \ + $chroot_extra_files" + for file in $FILES; do + [ -d ${file%/*} ] || mkdir -p ${file%/*} + if [ -f /${file} ]; then rm -f ${file} && cp /${file} ${file}; fi + if [ -f ${file} ]; then chmod a+rX ${file}; fi + done + # ldaps needs this. debian bug 572841 + (echo /dev/random; echo /dev/urandom) | cpio -pdL --quiet . 2>/dev/null || true + rm -f usr/lib/zoneinfo/localtime + mkdir -p usr/lib/zoneinfo + ln -sf /etc/localtime usr/lib/zoneinfo/localtime + + LIBLIST=$(for name in gcc_s nss resolv; do + for f in /lib/*/lib${name}*.so* /lib/lib${name}*.so*; do + if [ -f "$f" ]; then echo ${f#/}; fi; + done; + done) + + if [ -n "$LIBLIST" ]; then + for f in $LIBLIST; do + rm -f "$f" + done + tar cf - -C / $LIBLIST 2>/dev/null |tar xf - + fi +fi |