14.12.2024 21:51, Michael Tokarev wrote:
On Tue, 12 Apr 2022 00:55:22 -0700 Daniel Kahn Gillmor <d...@debian.org> wrote:
For example, I'm preparing the sasl-xoauth2 module for debian (see
https://bugs.debian.org/1006888) and the upstream developer for that
package (Tarick Bedeir, in Cc here) has some hooks in his upstream .deb
packaging (that targets ubuntu), which trying to copy
/etc/ssl/certs/ca-certificates.crt into the chroot whenever
ca-certificates is updated:
Please. Stop. Doing. This. Nonsense.
Just use proxy:ldap: map in postfix, or un-chroot the service in question.
There are 2 compelling issues here, it seems. One is for things like
ldap, which is easy to do because of this proxy: way. And another is
sasl, which is different. I'm looking at the sasl part now.
Copying stuff into postfix chroot has been a bad practice for years.
This is an endless headache, you wont win, and this is absolutely
unnecessary. Just use the tools especially designed for this.
/mjt
