On 01/05/2023 18:14, Scott Kitterman wrote: > On Monday, May 1, 2023 11:06:07 AM EDT Einhard Leichtfuß wrote: >> Package: postfix >> Version: 3.5.18-0+deb11u1 >> Severity: serious >> >> Upon upgrade of postfix (due to `apt dist-upgrade`), the `master.cf` >> [and `main.cf`] configuration files were modified by the postinst >> script, despite existing local changes. >> >> If I understand correctly, this violates Debian Policy 10.7.3 [0]: >> "local changes must be preserved during a package upgrade". This is why >> I chose Severity "serious". >> >> I would instead expect a handling similar to that of changed conffiles >> (i.e., one is given an option to or is suggested to apply certain >> modifications). >> >> In `master.cf`, the following lines were appended: >>> proxymap unix - - n - - proxymap >>> verify unix - - y - 1 verify >>> relay unix - - n - - smtp -o >>> smtp_fallback_relay= # -o smtp_helo_timeout=5 -o >>> smtp_connect_timeout=5 >> >> See the `fix_master()` function in the postinst script. >> >> (sidenote: The first two entries are the same as in >> `/usr/share/postfix/master.cf.dist`, the last one is different.) >> >> In `main.cf`, the following lines were appended: >>> readme_directory = /usr/share/doc/postfix >>> html_directory = /usr/share/doc/postfix/html >> >> If I understand the postinst script correctly, this modification of >> `main.cf` should only have happened upon first installation, which this >> was not. I was unable to reproduce this. So maybe this modification >> was indeed done earlier. >> >> However, even upon initial installation (with pre-existing >> configuration), this should, in my opinion, not happen. >> >> The changes were accompanied by the following message: >>> Setting up postfix (3.5.18-0+deb11u1) ... >>> >>> In master.cf: >>> adding missing entry for proxymap service >>> adding missing entry for verify service >>> adding missing entry for relay service >>> >>> Postfix (main.cf) configuration was untouched. If you need to make >>> changes, edit /etc/postfix/main.cf (and others) as needed. To view >>> Postfix configuration values, see postconf(1). >>> >>> After modifying main.cf, be sure to run 'systemctl reload postfix'. >> >> The message that `main.cf` was untouched is displayed regardless of >> whether the above noted modifications of `main.cf` are made. >> >> >> I noticed that many actions in the postinst script are only run if >> `[ "$mailer" != "No configuration" ]`. I am unsure whether this case >> would warrant the above mentioned modifications. If so, maybe this >> condition should be added to these modifications. >> >> >> [0] https://www.debian.org/doc/debian-policy/ch-files.html#behavior > > fix_master() was added in 2017 to upgrade pre-postfix 3.0 master.cf files to > support postfix 3.0 and hasn't been touched since then. > > What version of Debian were you upgrading from?
That should be the previous minor version of Debian 11 (i.e., 11.6). postfix was upgraded from version 3.5.17-0+deb11u1. I did not notice this with earlier versions because this is the first upgrade of postfix on this installation (it is quite new). > Also, note that the message about is about main.cf not being modified. These > changes are in master.cf, so I don't understand the concern with the message? The second modification (readme_directory, html_directory) was to `main.cf`. While this modification should only happen for initial installations (with pre-existing configuration), the message is displayed even then. Steps to reproduce (assuming postfix is not installed): $ apt install postfix-doc $ echo > /etc/postfix/main.cf $ apt install postfix Einhard Leichtfuß
