** Description changed: + [Impact] + + /etc/resolv.cinf search domain with a leading dot cause postfix.postinst + to fail because it constructs a 'myhostname' with a duplicate dot. + + The glibc resolver tolerates such domains and strips the leading dot + from the search domain [1]. This change makes postfix.postinst do the + same. + + This same fix has been proposed for inclusion in Debian [2]. + + [1] https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/res_query.c;h=ebbe5a6a4ed86abe3fccd4a134bfcf6f613c9bbb;hb=HEAD#l411 + [2] https://salsa.debian.org/postfix-team/postfix-dev/-/merge_requests/12 + + [Test Plan] + + 1. Start an LXD container + 2. Edit /etc/resolv.conf and add search line like one of these: + + search . + search .foo.bar + domain .foo.bar + + 3. Install postfix from the archive, accept all the debconf defaults, + and verify that postinst fails with a broken domain name. + 4. Purge postfix and install the version to test (e.g. from -proposed). + 5. Verify that the installation succeeds. + 6. Verify that `myhostname` in /etc/postfix/main.cf is sane. + + [Regression Potential] + + There is no reasonable case where a user could rely on a "broken" setup, + as its result is a postinst failure (= install failure) and an invalid + "myhostname" in main.cf. + + The regression potential is negligible, + + [Development Fix] + + This is fixed already in the current devel release (Impish). This SRU + backports the very same fix to the stable releases. + + [Original Description] + I tried to install postfix (3.4.13-0ubuntu1) within a Dockerfile (Ubuntu 20.04.01 LTS) and it failed because there is an error in the dpkg info file. I'm attaching the log of the 2nd time "apt install -y postfix" is executed, as it is way shorter and still shows the error message. ``` root@cc1a572af0dc:/etc# apt install -y postfix Reading package lists... Done Building dependency tree Reading state information... Done postfix is already the newest version (3.4.13-0ubuntu1). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Setting up postfix (3.4.13-0ubuntu1) ... Postfix (main.cf) configuration was untouched. If you need to make changes, edit /etc/postfix/main.cf (and others) as needed. To view Postfix configuration values, see postconf(1). After modifying main.cf, be sure to run 'systemctl reload postfix'. Running newaliases newaliases: warning: valid_hostname: misplaced delimiter: cc1a572af0dc.. newaliases: fatal: file /etc/postfix/main.cf: parameter myhostname: bad parameter value: cc1a572af0dc.. dpkg: error processing package postfix (--configure): installed postfix package post-installation script subprocess returned error exit status 75 Processing triggers for libc-bin (2.31-0ubuntu9.1) ... Errors were encountered while processing: postfix E: Sub-process /usr/bin/dpkg returned an error code (1) ``` I then looked into the /etc/postfix/main.cf file and tried to manually change the hostname, but it automatically gets overwritten by dpkg when apt install is ran. After that I was able to track the issue into the script "/var/lib/dpkg/info/postfix.postinst" more exactly the sed command in line 52. It reads the content of the search parameter from /etc/resolv.conf, and concatenates it with a "." as delimiter with the hostname, but it doesn't honor the special case of "search ." and therefore constructs an incorrect myhostname parameter for postfix of "cc1a572af0dc..". I'd propose to remove this resolve.conf lookup entirely so that the package installation doesn't fail within docker containers... It is a bad practice in my opinion to overwrite existing config files upon package installation. Also I'd suggest not executing postfix after the configuration is written, so that in case of unforeseen circumstances (like this one) a user can just simply run a sed against the config file after installing the package. And the Dockerfile for reference: ``` FROM ubuntu:latest ENV DEBIAN_FRONTEND=noninteractive #ENV DEBIAN_PRIORITY=low RUN apt update \ && echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections \ && echo "postfix postfix/mailname string mysubdomain.mydomain.com" | debconf-set-selections \ && apt install -y postfix ```
** Description changed: [Impact] /etc/resolv.cinf search domain with a leading dot cause postfix.postinst to fail because it constructs a 'myhostname' with a duplicate dot. The glibc resolver tolerates such domains and strips the leading dot from the search domain [1]. This change makes postfix.postinst do the same. This same fix has been proposed for inclusion in Debian [2]. [1] https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/res_query.c;h=ebbe5a6a4ed86abe3fccd4a134bfcf6f613c9bbb;hb=HEAD#l411 [2] https://salsa.debian.org/postfix-team/postfix-dev/-/merge_requests/12 [Test Plan] 1. Start an LXD container 2. Edit /etc/resolv.conf and add search line like one of these: - search . - search .foo.bar - domain .foo.bar + search . + search .foo.bar + domain .foo.bar 3. Install postfix from the archive, accept all the debconf defaults, - and verify that postinst fails with a broken domain name. + and verify that postinst fails with a broken domain name. 4. Purge postfix and install the version to test (e.g. from -proposed). 5. Verify that the installation succeeds. 6. Verify that `myhostname` in /etc/postfix/main.cf is sane. [Regression Potential] There is no reasonable case where a user could rely on a "broken" setup, as its result is a postinst failure (= install failure) and an invalid "myhostname" in main.cf. - The regression potential is negligible, + The regression potential is negligible. [Development Fix] This is fixed already in the current devel release (Impish). This SRU backports the very same fix to the stable releases. [Original Description] I tried to install postfix (3.4.13-0ubuntu1) within a Dockerfile (Ubuntu 20.04.01 LTS) and it failed because there is an error in the dpkg info file. I'm attaching the log of the 2nd time "apt install -y postfix" is executed, as it is way shorter and still shows the error message. ``` root@cc1a572af0dc:/etc# apt install -y postfix Reading package lists... Done Building dependency tree Reading state information... Done postfix is already the newest version (3.4.13-0ubuntu1). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Setting up postfix (3.4.13-0ubuntu1) ... Postfix (main.cf) configuration was untouched. If you need to make changes, edit /etc/postfix/main.cf (and others) as needed. To view Postfix configuration values, see postconf(1). After modifying main.cf, be sure to run 'systemctl reload postfix'. Running newaliases newaliases: warning: valid_hostname: misplaced delimiter: cc1a572af0dc.. newaliases: fatal: file /etc/postfix/main.cf: parameter myhostname: bad parameter value: cc1a572af0dc.. dpkg: error processing package postfix (--configure): installed postfix package post-installation script subprocess returned error exit status 75 Processing triggers for libc-bin (2.31-0ubuntu9.1) ... Errors were encountered while processing: postfix E: Sub-process /usr/bin/dpkg returned an error code (1) ``` I then looked into the /etc/postfix/main.cf file and tried to manually change the hostname, but it automatically gets overwritten by dpkg when apt install is ran. After that I was able to track the issue into the script "/var/lib/dpkg/info/postfix.postinst" more exactly the sed command in line 52. It reads the content of the search parameter from /etc/resolv.conf, and concatenates it with a "." as delimiter with the hostname, but it doesn't honor the special case of "search ." and therefore constructs an incorrect myhostname parameter for postfix of "cc1a572af0dc..". I'd propose to remove this resolve.conf lookup entirely so that the package installation doesn't fail within docker containers... It is a bad practice in my opinion to overwrite existing config files upon package installation. Also I'd suggest not executing postfix after the configuration is written, so that in case of unforeseen circumstances (like this one) a user can just simply run a sed against the config file after installing the package. And the Dockerfile for reference: ``` FROM ubuntu:latest ENV DEBIAN_FRONTEND=noninteractive #ENV DEBIAN_PRIORITY=low RUN apt update \ && echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections \ && echo "postfix postfix/mailname string mysubdomain.mydomain.com" | debconf-set-selections \ && apt install -y postfix ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1906970 Title: [SRU] dpkg hook hostname error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1906970/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
