From 971269756913a46caed2a948f1827dc48e42859e Mon Sep 17 00:00:00 2001 From: Greg Karekinian Date: Tue, 9 Sep 2025 14:54:06 +0200 Subject: [PATCH] Fork the postfix cookbook to work around a bug I ran into the issue described in https://github.com/sous-chefs/postfix/issues/148 and couldn't figure out a way to work around it without forking it. --- Berksfile | 4 ++- Berksfile.lock | 7 ++-- cookbooks/postfix/.markdownlint-cli2.yaml | 2 ++ cookbooks/postfix/.vscode/extensions.json | 8 +++++ cookbooks/postfix/CHANGELOG.md | 41 ++++++++++++++++++++++- cookbooks/postfix/attributes/default.rb | 30 ++++++++++++----- cookbooks/postfix/metadata.json | 2 +- cookbooks/postfix/metadata.rb | 2 +- cookbooks/postfix/recipes/_attributes.rb | 12 +++---- cookbooks/postfix/recipes/_common.rb | 6 ++-- cookbooks/postfix/recipes/maps.rb | 8 ++--- cookbooks/postfix/renovate.json | 5 +-- cookbooks/postfix/templates/aliases.erb | 2 +- 13 files changed, 97 insertions(+), 32 deletions(-) create mode 100644 cookbooks/postfix/.vscode/extensions.json diff --git a/Berksfile b/Berksfile index e82e5ed..b2dd09a 100644 --- a/Berksfile +++ b/Berksfile @@ -13,6 +13,9 @@ cookbook 'ipfs', cookbook 'mediawiki', git: 'https://github.com/67P/mediawiki-cookbook.git', ref: 'nginx' +cookbook 'postfix', + git: 'https://gitea.kosmos.org/kosmos/postfix-cookbook.git', + ref: 'bugfix/sasl_attributes' cookbook 'apache2', '= 3.3.0' cookbook 'apt', '~> 7.3.0' @@ -32,7 +35,6 @@ cookbook 'ntp', '= 3.4.0' cookbook 'ohai', '~> 5.2.5' cookbook 'openssl', '~> 8.5.5' cookbook 'php', '~> 8.0.0' -cookbook 'postfix', '~> 6.0.26' cookbook 'timezone_iii', '= 1.0.4' cookbook 'ulimit', '~> 1.0.0' cookbook 'users', '~> 5.3.1' diff --git a/Berksfile.lock b/Berksfile.lock index c3bab6f..0bdf0ff 100644 --- a/Berksfile.lock +++ b/Berksfile.lock @@ -28,7 +28,10 @@ DEPENDENCIES ohai (~> 5.2.5) openssl (~> 8.5.5) php (~> 8.0.0) - postfix (~> 6.0.26) + postfix + git: https://gitea.kosmos.org/kosmos/postfix-cookbook.git + revision: dd6598572a775ae73f17527260ec8097b52d385b + ref: bugfix/ redisio (~> 6.4.1) ruby_build (~> 2.5.0) timezone_iii (= 1.0.4) @@ -90,7 +93,7 @@ GRAPH openssl (8.5.5) php (8.0.1) yum-epel (>= 0.0.0) - postfix (6.0.26) + postfix (6.4.1) redisio (6.4.1) selinux (>= 0.0.0) ruby_build (2.5.0) diff --git a/cookbooks/postfix/.markdownlint-cli2.yaml b/cookbooks/postfix/.markdownlint-cli2.yaml index 6fa8e77..0196ac7 100644 --- a/cookbooks/postfix/.markdownlint-cli2.yaml +++ b/cookbooks/postfix/.markdownlint-cli2.yaml @@ -3,3 +3,5 @@ config: line-length: false # MD013 no-duplicate-heading: false # MD024 reference-links-images: false # MD052 +ignores: + - .github/copilot-instructions.md diff --git a/cookbooks/postfix/.vscode/extensions.json b/cookbooks/postfix/.vscode/extensions.json new file mode 100644 index 0000000..cf171a3 --- /dev/null +++ b/cookbooks/postfix/.vscode/extensions.json @@ -0,0 +1,8 @@ +{ + "recommendations": [ + "chef-software.chef", + "Shopify.ruby-lsp", + "editorconfig.editorconfig", + "DavidAnson.vscode-markdownlint" + ] +} diff --git a/cookbooks/postfix/CHANGELOG.md b/cookbooks/postfix/CHANGELOG.md index 1b7f2b2..c76c58e 100644 --- a/cookbooks/postfix/CHANGELOG.md +++ b/cookbooks/postfix/CHANGELOG.md @@ -2,9 +2,48 @@ This file is used to list changes made in each version of the postfix cookbook. +## Unreleased + +## 6.4.1 - *2025-09-04* + +## 6.4.0 - *2025-07-30* ## 6.4.0 - *2025-07-30* + +Standardise files with files in sous-chefs/repo-management + +## 6.4.0 - *2025-07-30* + +## 6.3.0 - *2025-07-30* + +- Use LMDB instead of hash on el10 + +## 6.3.0 - *2025-07-30* + +## 6.2.2 - *2025-01-30* + +## 6.2.1 - *2025-01-30* + +## 6.2.0 - *2025-01-30* + +## 6.2.0 + +- Correctly fix aliases quoting logic +- Convert all serverspec tests to inspec +- Add Github actions +- Update platforms to test + +## 6.0.29 - *2024-11-18* + +- Standardise files with files in sous-chefs/repo-management + +## 6.0.28 - *2024-07-15* + +- Standardise files with files in sous-chefs/repo-management + +## 6.0.27 - *2024-05-06* + ## 6.0.26 - *2023-10-03* -- add installation of postfix addon packages for RHEL 8 +- Add installation of postfix addon packages for RHEL 8 ## 6.0.25 - *2023-10-03* diff --git a/cookbooks/postfix/attributes/default.rb b/cookbooks/postfix/attributes/default.rb index 6ec3d88..4daa8ae 100644 --- a/cookbooks/postfix/attributes/default.rb +++ b/cookbooks/postfix/attributes/default.rb @@ -13,9 +13,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -default['postfix']['packages'] = %w(postfix) - +default['postfix']['packages'] = value_for_platform( + amazon: { '>= 2023' => %w(postfix postfix-lmdb) }, + default: %w(postfix) +) # Generic cookbook attributes default['postfix']['mail_type'] = 'client' default['postfix']['relayhost_role'] = 'relayhost' @@ -37,11 +38,19 @@ default['postfix']['master_template_source'] = 'postfix' default['postfix']['sender_canonical_map_entries'] = {} default['postfix']['smtp_generic_map_entries'] = {} default['postfix']['recipient_canonical_map_entries'] = {} -default['postfix']['access_db_type'] = 'hash' -default['postfix']['aliases_db_type'] = 'hash' -default['postfix']['transport_db_type'] = 'hash' -default['postfix']['virtual_alias_db_type'] = 'hash' -default['postfix']['virtual_alias_domains_db_type'] = 'hash' + +default['postfix']['db_type'] = value_for_platform( + %w(centos redhat almalinux rocky oracle) => { '>= 10' => 'lmdb' }, + amazon: { '>= 2023' => 'lmdb' }, + %w(opensuseleap suse) => { '>= 15' => 'lmdb' }, + default: 'hash' +) + +default['postfix']['access_db_type'] = lazy { node['postfix']['db_type'] } +default['postfix']['aliases_db_type'] = lazy { node['postfix']['db_type'] } +default['postfix']['transport_db_type'] = lazy { node['postfix']['db_type'] } +default['postfix']['virtual_alias_db_type'] = lazy { node['postfix']['db_type'] } +default['postfix']['virtual_alias_domains_db_type'] = lazy { node['postfix']['db_type'] } case node['platform'] when 'smartos' @@ -96,6 +105,9 @@ default['postfix']['main']['smtp_sasl_auth_enable'] = 'no' default['postfix']['main']['mailbox_size_limit'] = 0 default['postfix']['main']['mynetworks'] = nil default['postfix']['main']['inet_interfaces'] = 'loopback-only' +default['postfix']['main']['default_database_type'] = lazy { node['postfix']['db_type'] } +default['postfix']['main']['alias_database'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" } +default['postfix']['main']['alias_maps'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" } # Conditional attributes, also reference _attributes recipe case node['platform_family'] @@ -407,4 +419,4 @@ default['postfix']['aliases'] = if platform?('freebsd') {} end -default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] +default['postfix']['main']['smtpd_relay_restrictions'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] } diff --git a/cookbooks/postfix/metadata.json b/cookbooks/postfix/metadata.json index 1bbe467..f382e3a 100644 --- a/cookbooks/postfix/metadata.json +++ b/cookbooks/postfix/metadata.json @@ -26,7 +26,7 @@ "recipes": { }, - "version": "6.0.26", + "version": "6.4.1", "source_url": "https://github.com/sous-chefs/postfix", "issues_url": "https://github.com/sous-chefs/postfix/issues", "privacy": false, diff --git a/cookbooks/postfix/metadata.rb b/cookbooks/postfix/metadata.rb index 7289daa..5234e20 100644 --- a/cookbooks/postfix/metadata.rb +++ b/cookbooks/postfix/metadata.rb @@ -3,7 +3,7 @@ maintainer 'Sous Chefs' maintainer_email 'help@sous-chefs.org' license 'Apache-2.0' description 'Installs and configures postfix for client or outbound relayhost, or to do SASL auth' -version '6.0.26' +version '6.4.1' source_url 'https://github.com/sous-chefs/postfix' issues_url 'https://github.com/sous-chefs/postfix/issues' chef_version '>= 12.15' diff --git a/cookbooks/postfix/recipes/_attributes.rb b/cookbooks/postfix/recipes/_attributes.rb index 5e7449d..06c828e 100644 --- a/cookbooks/postfix/recipes/_attributes.rb +++ b/cookbooks/postfix/recipes/_attributes.rb @@ -29,24 +29,22 @@ end if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes' node.default_unless['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd" - node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}" + node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['sasl_password_file']}" node.default_unless['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous' - node.default_unless['postfix']['sasl']['smtp_sasl_user_name'] = '' - node.default_unless['postfix']['sasl']['smtp_sasl_passwd'] = '' node.default_unless['postfix']['main']['relayhost'] = '' end -node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps'] +node.default_unless['postfix']['main']['alias_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps'] -node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps'] +node.default_unless['postfix']['main']['transport_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps'] -node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps'] +node.default_unless['postfix']['main']['access_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps'] node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] if node['postfix']['use_virtual_aliases'] node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] if node['postfix']['use_virtual_aliases_domains'] -node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] +node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 if node['postfix']['master']['maildrop']['active'] diff --git a/cookbooks/postfix/recipes/_common.rb b/cookbooks/postfix/recipes/_common.rb index ab3aeab..44221ef 100644 --- a/cookbooks/postfix/recipes/_common.rb +++ b/cookbooks/postfix/recipes/_common.rb @@ -155,7 +155,7 @@ unless node['postfix']['sender_canonical_map_entries'].empty? notifies :reload, 'service[postfix]' end - node.default['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps') + node.default['postfix']['main']['sender_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps') end execute 'update-postfix-smtp_generic' do @@ -172,7 +172,7 @@ unless node['postfix']['smtp_generic_map_entries'].empty? notifies :reload, 'service[postfix]' end - node.default['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps') + node.default['postfix']['main']['smtp_generic_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps') end execute 'update-postfix-recipient_canonical' do @@ -189,7 +189,7 @@ unless node['postfix']['recipient_canonical_map_entries'].empty? notifies :reload, 'service[postfix]' end - node.default['postfix']['main']['recipient_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps') + node.default['postfix']['main']['recipient_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps') end service 'postfix' do diff --git a/cookbooks/postfix/recipes/maps.rb b/cookbooks/postfix/recipes/maps.rb index 35ea9ad..20daafd 100644 --- a/cookbooks/postfix/recipes/maps.rb +++ b/cookbooks/postfix/recipes/maps.rb @@ -18,8 +18,8 @@ node['postfix']['maps'].each do |type, maps| package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type) end - if platform?('redhat') && node['platform_version'].to_i == 8 - package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type) + if platform_family?('rhel') && node['platform_version'].to_i >= 8 + package "postfix-#{type}" if %w(pgsql mysql ldap cdb lmdb).include?(type) end separator = if %w(pgsql mysql ldap memcache sqlite).include?(type) @@ -32,7 +32,7 @@ node['postfix']['maps'].each do |type, maps| command "postmap #{file}" environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios') action :nothing - end if %w(btree cdb dbm hash sdbm).include?(type) + end if %w(btree cdb dbm hash lmdb sdbm).include?(type) template "#{file}-#{type}" do path file source 'maps.erb' @@ -41,7 +41,7 @@ node['postfix']['maps'].each do |type, maps| map: content, separator: separator ) - notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash sdbm).include?(type) + notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash lmdb sdbm).include?(type) notifies :restart, 'service[postfix]' end end diff --git a/cookbooks/postfix/renovate.json b/cookbooks/postfix/renovate.json index 7e7a8ba..a0b29c8 100644 --- a/cookbooks/postfix/renovate.json +++ b/cookbooks/postfix/renovate.json @@ -1,9 +1,10 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:base"], - "packageRules": [{ + "packageRules": [ + { "groupName": "Actions", - "matchUpdateTypes": ["patch", "pin", "digest"], + "matchUpdateTypes": ["minor", "patch", "pin"], "automerge": true, "addLabels": ["Release: Patch", "Skip: Announcements"] }, diff --git a/cookbooks/postfix/templates/aliases.erb b/cookbooks/postfix/templates/aliases.erb index 3093154..b5c2b20 100644 --- a/cookbooks/postfix/templates/aliases.erb +++ b/cookbooks/postfix/templates/aliases.erb @@ -6,5 +6,5 @@ postmaster: root <% node['postfix']['aliases'].each do |name, value| %> -<%= name %>: <%= [value].flatten.map{|x| if (x.include?("@")) then x else %Q("#{x}") end}.join(', ') %> +<%= name.match?(/[\s#:@]/) ? "\"#{name}\"" : name %>: <%= [value].flatten.map{|x| x.include?("|") ? "\"#{x}\"" : x}.join(',') %> <% end unless node['postfix']['aliases'].nil? %>