On Monday, May 1, 2023 11:06:07 AM EDT Einhard Leichtfuß wrote: > Package: postfix > Version: 3.5.18-0+deb11u1 > Severity: serious > > Upon upgrade of postfix (due to `apt dist-upgrade`), the `master.cf` > [and `main.cf`] configuration files were modified by the postinst > script, despite existing local changes. > > If I understand correctly, this violates Debian Policy 10.7.3 [0]: > "local changes must be preserved during a package upgrade". This is why > I chose Severity "serious". > > I would instead expect a handling similar to that of changed conffiles > (i.e., one is given an option to or is suggested to apply certain > modifications). > > In `master.cf`, the following lines were appended: > > proxymap unix - - n - - proxymap > > verify unix - - y - 1 verify > > relay unix - - n - - smtp -o > > smtp_fallback_relay= # -o smtp_helo_timeout=5 -o > > smtp_connect_timeout=5 > > See the `fix_master()` function in the postinst script. > > (sidenote: The first two entries are the same as in > `/usr/share/postfix/master.cf.dist`, the last one is different.) > > In `main.cf`, the following lines were appended: > > readme_directory = /usr/share/doc/postfix > > html_directory = /usr/share/doc/postfix/html > > If I understand the postinst script correctly, this modification of > `main.cf` should only have happened upon first installation, which this > was not. I was unable to reproduce this. So maybe this modification > was indeed done earlier. > > However, even upon initial installation (with pre-existing > configuration), this should, in my opinion, not happen. > > The changes were accompanied by the following message: > > Setting up postfix (3.5.18-0+deb11u1) ... > > > > In master.cf: > > adding missing entry for proxymap service > > adding missing entry for verify service > > adding missing entry for relay service > > > > Postfix (main.cf) configuration was untouched. If you need to make > > changes, edit /etc/postfix/main.cf (and others) as needed. To view > > Postfix configuration values, see postconf(1). > > > > After modifying main.cf, be sure to run 'systemctl reload postfix'. > > The message that `main.cf` was untouched is displayed regardless of > whether the above noted modifications of `main.cf` are made. > > > I noticed that many actions in the postinst script are only run if > `[ "$mailer" != "No configuration" ]`. I am unsure whether this case > would warrant the above mentioned modifications. If so, maybe this > condition should be added to these modifications. > > > [0] https://www.debian.org/doc/debian-policy/ch-files.html#behavior
fix_master() was added in 2017 to upgrade pre-postfix 3.0 master.cf files to support postfix 3.0 and hasn't been touched since then. What version of Debian were you upgrading from? Also, note that the message about is about main.cf not being modified. These changes are in master.cf, so I don't understand the concern with the message? Scott K
signature.asc
Description: This is a digitally signed message part.
