On Tue, May 19, 2020 at 01:44:30AM -0400, Rich Felker wrote:
> > This sounds reasonable. Will there be a way for Postfix to detect the
> > new library version, so that we don't disable DANE for musl-libc
> > versions that do set the AD bit?
>
> I'm really disappointed with the detection, which made things much
> worse by producing postfix builds that won't do DANE even after
> libc.so is upgraded. It should have just worked after upgrade.
We have no choice, we can't ship code that silently fails to honour its
configuration. I'm not worried about DANE "working", I'm worried about
DANE *not* working, and the user being none-the-wiser.
When remote TLSA RRs are published, and DANE is enabled in Postfix, the
mail must be delivered securely, or the delivery attempt MUST fail.
> The test is also somewhat broken in that it gets the wrong result if
> /bin/sh is static-linked, or if you have postfix built against musl on
> a system where /bin/sh is glibc-based, etc. and I don't even know what
> happens if you're cross-compiling or if that's even supported at all.
A better test would be appreciated. Glibc has GLIBC_PREREQ macros,
we haven't found anything similar for MUSL.
> There's not really a "test for versions that do set" by version; I
> would expect once the patch is upstream and tested, distros like
> Alpine would just apply it to their existing musl package rather than
> waiting to upgrade to get it. The only real test is a runtime one,
> calling res_mkquery and observing that it's set.
Sorry, no such test is possible. There is no reliable canary domain to
query, and DANE should in any case also work in domains disconnected
from the Internet, with locally configured trust-anchors.
> BTW I saw in git master you added an additional musl test of the same
> form for the res_n* APIs. A simpler way to detect them is just with
> __RES macro in resolv.h, which indicates the supported API version.
> AIUI it's provided by all known implementations, though I haven't
> actually checked that.
Robust detection of MUSL features at build time would be much
appreciated. Precludes any tests that depend on live DNS queries.
The tests need to *statically* test the features of the platform's
C library.
--
Viktor.
