Thanks to Scott this is Fixed in version postfix/3.6.3-5
And since the package is in sync this is in Jammy now:
postfix | 3.6.3-5ubuntu2 | jammy | source, amd64, arm64, armhf,
ppc64el, riscv64, s390x
** Changed in: postfix (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1915238
Title:
warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and
/etc/ssl/certs/ca-certificates.crt differ
Status in ca-certificates package in Ubuntu:
Invalid
Status in postfix package in Ubuntu:
Fix Released
Status in postfix package in Debian:
Fix Released
Bug description:
Postfix package doesn't utilize update-ca-certificate's hooks
mechanism. By simply copying certs from /etc/ssl/certs/ca-
certificates.crt to /var/spool/postfix/etc/ssl/certs/ca-
certificates.crt, this warning and potential security issues could be
avoided.
Something like this would be a start:
$ cat /etc/ca-certificates/update.d/postfix
#!/bin/bash
if [ -e /var/spool/postfix/etc/ssl/certs/ca-certificates.crt ]; then
echo "Updating postfix chrooted certs"
cp /etc/ssl/certs/ca-certificates.crt
/var/spool/postfix/etc/ssl/certs/ca-certificates.crt
systemctl reload postfix
fi
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1915238/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
