Fork the postfix cookbook to work around a bug

I ran into the issue described in https://github.com/sous-chefs/postfix/issues/148 and couldn't figure out a way to work around it without forking it.
2025-09-09 14:54:06 +02:00 · 2025-09-09 14:54:06 +02:00 · 9712697569
commit 9712697569
parent d32f276b42
13 changed files with 97 additions and 32 deletions
--- a/4
+++ b/4
@ -13,6 +13,9 @@ cookbook 'ipfs',
 cookbook 'mediawiki',
  git: 'https://github.com/67P/mediawiki-cookbook.git',
  ref: 'nginx'
 cookbook 'postfix',
  git: 'https://gitea.kosmos.org/kosmos/postfix-cookbook.git',
  ref: 'bugfix/sasl_attributes'
 cookbook 'apache2',                '= 3.3.0'
 cookbook 'apt',                    '~> 7.3.0'
@ -32,7 +35,6 @@ cookbook 'ntp',                    '= 3.4.0'
 cookbook 'ohai',                   '~> 5.2.5'
 cookbook 'openssl',                '~> 8.5.5'
 cookbook 'php',                    '~> 8.0.0'
 cookbook 'postfix',                '~> 6.0.26'
 cookbook 'timezone_iii',           '= 1.0.4'
 cookbook 'ulimit',                 '~> 1.0.0'
 cookbook 'users',                  '~> 5.3.1'
--- a/Berksfile.lock
+++ b/Berksfile.lock
@ -28,7 +28,10 @@ DEPENDENCIES
  ohai (~> 5.2.5)
  openssl (~> 8.5.5)
  php (~> 8.0.0)
-  postfix (~> 6.0.26)
+  postfix
    git: https://gitea.kosmos.org/kosmos/postfix-cookbook.git
    revision: dd6598572a775ae73f17527260ec8097b52d385b
    ref: bugfix/
  redisio (~> 6.4.1)
  ruby_build (~> 2.5.0)
  timezone_iii (= 1.0.4)
@ -90,7 +93,7 @@ GRAPH
  openssl (8.5.5)
  php (8.0.1)
    yum-epel (>= 0.0.0)
-  postfix (6.0.26)
+  postfix (6.4.1)
  redisio (6.4.1)
    selinux (>= 0.0.0)
  ruby_build (2.5.0)
--- a/cookbooks/postfix/.markdownlint-cli2.yaml
+++ b/cookbooks/postfix/.markdownlint-cli2.yaml
@ -3,3 +3,5 @@ config:
  line-length: false # MD013
  no-duplicate-heading: false # MD024
  reference-links-images: false # MD052
 ignores:
  - .github/copilot-instructions.md
--- a/cookbooks/postfix/.vscode/extensions.json
+++ b/cookbooks/postfix/.vscode/extensions.json
@ -0,0 +1,8 @@
 {
  "recommendations": [
    "chef-software.chef",
    "Shopify.ruby-lsp",
    "editorconfig.editorconfig",
    "DavidAnson.vscode-markdownlint"
  ]
 }
--- a/cookbooks/postfix/CHANGELOG.md
+++ b/cookbooks/postfix/CHANGELOG.md
@ -2,9 +2,48 @@
 This file is used to list changes made in each version of the postfix cookbook.
 ## Unreleased
 ## 6.4.1 - *2025-09-04*
 ## 6.4.0 - *2025-07-30* ## 6.4.0 - *2025-07-30*
 Standardise files with files in sous-chefs/repo-management
 ## 6.4.0 - *2025-07-30*
 ## 6.3.0 - *2025-07-30*
 - Use LMDB instead of hash on el10
 ## 6.3.0 - *2025-07-30*
 ## 6.2.2 - *2025-01-30*
 ## 6.2.1 - *2025-01-30*
 ## 6.2.0 - *2025-01-30*
 ## 6.2.0
 - Correctly fix aliases quoting logic
 - Convert all serverspec tests to inspec
 - Add Github actions
 - Update platforms to test
 ## 6.0.29 - *2024-11-18*
 - Standardise files with files in sous-chefs/repo-management
 ## 6.0.28 - *2024-07-15*
 - Standardise files with files in sous-chefs/repo-management
 ## 6.0.27 - *2024-05-06*
 ## 6.0.26 - *2023-10-03*
- add installation of postfix addon packages for RHEL 8
+- Add installation of postfix addon packages for RHEL 8
 ## 6.0.25 - *2023-10-03*
--- a/cookbooks/postfix/attributes/default.rb
+++ b/cookbooks/postfix/attributes/default.rb
@ -13,9 +13,10 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+default['postfix']['packages'] = value_for_platform(
-default['postfix']['packages'] = %w(postfix)
+  amazon: { '>= 2023' => %w(postfix postfix-lmdb) },
-
+  default: %w(postfix)
 )
 # Generic cookbook attributes
 default['postfix']['mail_type'] = 'client'
 default['postfix']['relayhost_role'] = 'relayhost'
@ -37,11 +38,19 @@ default['postfix']['master_template_source'] = 'postfix'
 default['postfix']['sender_canonical_map_entries'] = {}
 default['postfix']['smtp_generic_map_entries'] = {}
 default['postfix']['recipient_canonical_map_entries'] = {}
-default['postfix']['access_db_type'] = 'hash'
+
-default['postfix']['aliases_db_type'] = 'hash'
+default['postfix']['db_type'] = value_for_platform(
-default['postfix']['transport_db_type'] = 'hash'
+  %w(centos redhat almalinux rocky oracle) => { '>= 10' => 'lmdb' },
-default['postfix']['virtual_alias_db_type'] = 'hash'
+  amazon: { '>= 2023' => 'lmdb' },
-default['postfix']['virtual_alias_domains_db_type'] = 'hash'
+  %w(opensuseleap suse) => { '>= 15' => 'lmdb' },
  default: 'hash'
 )
 default['postfix']['access_db_type'] = lazy { node['postfix']['db_type'] }
 default['postfix']['aliases_db_type'] = lazy { node['postfix']['db_type'] }
 default['postfix']['transport_db_type'] = lazy { node['postfix']['db_type'] }
 default['postfix']['virtual_alias_db_type'] = lazy { node['postfix']['db_type'] }
 default['postfix']['virtual_alias_domains_db_type'] = lazy { node['postfix']['db_type'] }
 case node['platform']
 when 'smartos'
@ -96,6 +105,9 @@ default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
 default['postfix']['main']['mailbox_size_limit'] = 0
 default['postfix']['main']['mynetworks'] = nil
 default['postfix']['main']['inet_interfaces'] = 'loopback-only'
 default['postfix']['main']['default_database_type'] = lazy { node['postfix']['db_type'] }
 default['postfix']['main']['alias_database'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" }
 default['postfix']['main']['alias_maps'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" }
 # Conditional attributes, also reference _attributes recipe
 case node['platform_family']
@ -407,4 +419,4 @@ default['postfix']['aliases'] = if platform?('freebsd')
                                  {}
                                end
-default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
+default['postfix']['main']['smtpd_relay_restrictions'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] }
--- a/cookbooks/postfix/metadata.json
+++ b/cookbooks/postfix/metadata.json
@ -26,7 +26,7 @@
  "recipes": {
  },
-  "version": "6.0.26",
+  "version": "6.4.1",
  "source_url": "https://github.com/sous-chefs/postfix",
  "issues_url": "https://github.com/sous-chefs/postfix/issues",
  "privacy": false,
--- a/cookbooks/postfix/metadata.rb
+++ b/cookbooks/postfix/metadata.rb
@ -3,7 +3,7 @@ maintainer        'Sous Chefs'
 maintainer_email  'help@sous-chefs.org'
 license           'Apache-2.0'
 description       'Installs and configures postfix for client or outbound relayhost, or to do SASL auth'
-version           '6.0.26'
+version           '6.4.1'
 source_url        'https://github.com/sous-chefs/postfix'
 issues_url        'https://github.com/sous-chefs/postfix/issues'
 chef_version      '>= 12.15'
--- a/cookbooks/postfix/recipes/_attributes.rb
+++ b/cookbooks/postfix/recipes/_attributes.rb
@ -29,24 +29,22 @@ end
 if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
  node.default_unless['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
-  node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}"
+  node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['sasl_password_file']}"
  node.default_unless['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
  node.default_unless['postfix']['sasl']['smtp_sasl_user_name'] = ''
  node.default_unless['postfix']['sasl']['smtp_sasl_passwd']    = ''
  node.default_unless['postfix']['main']['relayhost'] = ''
 end
-node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
+node.default_unless['postfix']['main']['alias_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
-node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
+node.default_unless['postfix']['main']['transport_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
-node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
+node.default_unless['postfix']['main']['access_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
 node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] if node['postfix']['use_virtual_aliases']
 node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] if node['postfix']['use_virtual_aliases_domains']
-node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
+node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
 node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 if node['postfix']['master']['maildrop']['active']
--- a/cookbooks/postfix/recipes/_common.rb
+++ b/cookbooks/postfix/recipes/_common.rb
@ -155,7 +155,7 @@ unless node['postfix']['sender_canonical_map_entries'].empty?
    notifies :reload, 'service[postfix]'
  end
-  node.default['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
+  node.default['postfix']['main']['sender_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
 end
 execute 'update-postfix-smtp_generic' do
@ -172,7 +172,7 @@ unless node['postfix']['smtp_generic_map_entries'].empty?
    notifies :reload, 'service[postfix]'
  end
-  node.default['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
+  node.default['postfix']['main']['smtp_generic_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
 end
 execute 'update-postfix-recipient_canonical' do
@ -189,7 +189,7 @@ unless node['postfix']['recipient_canonical_map_entries'].empty?
    notifies :reload, 'service[postfix]'
  end
-  node.default['postfix']['main']['recipient_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
+  node.default['postfix']['main']['recipient_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
 end
 service 'postfix' do
--- a/cookbooks/postfix/recipes/maps.rb
+++ b/cookbooks/postfix/recipes/maps.rb
@ -18,8 +18,8 @@ node['postfix']['maps'].each do |type, maps|
    package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
  end
-  if platform?('redhat') && node['platform_version'].to_i == 8
+  if platform_family?('rhel') && node['platform_version'].to_i >= 8
-    package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
+    package "postfix-#{type}" if %w(pgsql mysql ldap cdb lmdb).include?(type)
  end
  separator = if %w(pgsql mysql ldap memcache sqlite).include?(type)
@ -32,7 +32,7 @@ node['postfix']['maps'].each do |type, maps|
      command "postmap #{file}"
      environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
      action :nothing
-    end if %w(btree cdb dbm hash sdbm).include?(type)
+    end if %w(btree cdb dbm hash lmdb sdbm).include?(type)
    template "#{file}-#{type}" do
      path file
      source 'maps.erb'
@ -41,7 +41,7 @@ node['postfix']['maps'].each do |type, maps|
        map: content,
        separator: separator
      )
-      notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash sdbm).include?(type)
+      notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash lmdb sdbm).include?(type)
      notifies :restart, 'service[postfix]'
    end
  end
--- a/cookbooks/postfix/renovate.json
+++ b/cookbooks/postfix/renovate.json
@ -1,9 +1,10 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:base"],
-  "packageRules": [{
+  "packageRules": [
    {
      "groupName": "Actions",
-      "matchUpdateTypes": ["patch", "pin", "digest"],
+      "matchUpdateTypes": ["minor", "patch", "pin"],
      "automerge": true,
      "addLabels": ["Release: Patch", "Skip: Announcements"]
    },
--- a/cookbooks/postfix/templates/aliases.erb
+++ b/cookbooks/postfix/templates/aliases.erb
@ -6,5 +6,5 @@
 postmaster:    root
 <% node['postfix']['aliases'].each do |name, value| %>
-<%= name %>: <%= [value].flatten.map{|x| if (x.include?("@")) then x else %Q("#{x}") end}.join(', ') %>
+<%= name.match?(/[\s#:@]/) ? "\"#{name}\"" : name %>: <%= [value].flatten.map{|x| x.include?("|") ? "\"#{x}\"" : x}.join(',') %>
 <% end unless node['postfix']['aliases'].nil? %>