> On 09/06/2021 08:57 Tony Hain <t...@tndh.net> wrote: > <snip/>
> I have the dovecot-sysreport, but I am not encouraged about sending it when > stdout presented: > # dovecot-sysreport > Gathering configurations ... > grep: The -P option is not supportedgrep: > The -P option is not supported > grep: The -P option is not supported > Gathering system informations ... > Creating archive ... > All done! Please report file dovecot-sysreport-TNDH-mail-1623209001.tar.gz > Removing temp files at /tmp/tmp.kphlba44 ... > # > > While dovecot -n stdout presented the line: > ssl_key = # hidden, use -P to show it > > expecting people to put sensitive configuration on a public mail list > without knowing what the tool is including is a challenge, but when the tool > is errantly using the command line option that is also used for exposing the > private data by a related tool, it is even less likely that I want to do > that. While the dovecot -n option did hide passwords, it did not hide the > username associated with that. I will put dovecot -n (redacted) here, but > until I have time to see exactly what the sysreport included, I am not > releasing that. > To alleviate your concerns: from `man grep` -P, --perl-regexp Interpret PATTERNS as Perl-compatible regular expressions (PCREs). This option is experimental when combined with the -z (--null-data) option, and grep -P may warn of unimplemented features. dovecot-sysreport is a shell script, so you can easily verify that it is not attempting to call `doveconf -nP`, but instead, is trying to pass it to grep. Aki
