Re: postfix upgrade-configuration messes up main.cf (candidate patch)

[Mario Theodoridis]

On 08/03/17 19:08, Viktor Dukhovni wrote:

On Wed, Mar 08, 2017 at 11:10:45AM -0500, Viktor Dukhovni wrote:

On Mar 8, 2017, at 9:03 AM, Mario Theodoridis <mario.theodori...@regify.com> 
wrote:

/usr/sbin/postfix set-permissions upgrade-configuration \
       config_directory=/etc/postfix \
       daemon_directory=/usr/libexec/postfix \
       command_directory=/usr/sbin \
       mail_owner=postfix \
       setgid_group=postdrop \
       manpage_directory=/usr/share/man \
       sample_directory=/usr/share/doc/postfix-2.6.6/samples \
       readme_directory=/usr/share/doc/postfix-2.6.6/README_FILES &> /dev/null

The problem is with the explicit "config_directory=/etc/postfix" setting.
This is used in combination with each instance, which results in the
default instance's files being edited instead of the files for the
instance in question.

I can reproduce the problem outcome you reported with Postfix 3.1.4
on FreeBSD.

        # postmulti -e init
        # postmulti -e create -I postfix-foo
        # postfix set-permissions upgrade-configuration 
"config_directory=/usr/local/etc/postfix"
        # postmulti -l
        postmulti: fatal: instance /usr/local/etc/postfix-foo, 
queue_directory=/var/spool/postfix-foo conflicts with instance 
/usr/local/etc/postfix, queue_directory=/var/spool/postfix-foo

This particular command does exactly what it is told, but probably
Postfix should have special logic to handle "config_directory" in
this and similar cases.

Awesome, that's what i was looking for.

The patch below will make "post-install" abort when "name=value"
overrides attempt to modify config_directory, data_directory or
queue_directory.  An alternative may be to issue a warning and
ignore the override.

diff --git a/conf/post-install b/conf/post-install
index 904cefa..75d3aef 100644
--- a/conf/post-install
+++ b/conf/post-install
@@ -231,12 +231,27 @@ USAGE="Usage: $0 [name=value] command
 create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
 obsolete=; keep_list=;

+checked_override() {
+    param_nameval=$1
+    IFS="="; set -- $1; IFS="$BACKUP_IFS"
+    case $1 in
+    config_directory|data_directory|queue_directory)
+        eval "param_val=\$$1"
+        if [ -n "$param_val" ] && [ "X$2" != "X$param_val" -o $# -ne 2 ]; then
+             echo "$0: Cannot override instance parameter '$1'"
+             exit 1
+        fi
+        ;;
+    esac
+    IFS= eval $param_nameval; IFS="$BACKUP_IFS"
+}
+
 for arg
 do
     case $arg in
        *["        "]*) echo $0: "Error: argument contains whitespace: '$arg'"
                     exit 1;;
-                *=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
+                *=*) checked_override "$arg";;
      create-missing) create=1;;
          set-perm*) create=1; set_perms=1;;
       upgrade-perm*) create=1; upgrade_perms=1;;

I can think of several other candidates that shouldn't be mucked with.
Here are examples of just my use case:

multi_instance_name = postfix-milter-1
smtpd_banner = $myhostname ESMTP $mail_name (milter)
inet_interfaces = 192.168.0.1
mynetworks_style = subnet
mynetworks = 192.168.0.0/24
mydestination =
message_size_limit = 20000000
non_smtpd_milters = unix:/tmp/rfmilter-1
smtpd_milters = unix:/tmp/rfmilter-1
multi_instance_enable = yes
relayhost =
myhostname = mail.company.com

Maybe a white list would be more appropriate?


--
Mit Freundlichen Grüßen / Regards

Mario Theodoridis

regify GmbH
Römerstrasse 39 | D-78183 Hüfingen
Amtsgericht Freiburg HRB 709343
Telefon: +49 771 8978 4238