Re: openSUSE chroot setup for TLS workaround
- On Fri, Jul 23, Matthias Andree wrote:
> Greetings,Although I am reading this, I am sorry to say, that this is no longer my
> I haven't checked if it's a flaw in my configuration, but anyways,
> for the records:
> openSUSE 11.3 does not seem to automatically set up the TLS certs
> for the chroot if you have smtp_tls_CApath set, but not
> smtpd_tls_CApath (note the d in smtp vs. smtpd).
> I needed to do this to get my SMTP client work again:
> sudo c_rehash /etc/ssl/certs/ # just to be on the safe side
> sudo rsync -av /etc/ssl/certs/ /var/spool/postfix/etc/ssl/certs
> --del --copy-unsafe-links -H
> Note that smtpd_tls_CApath would call rsync -avH, which would copy
> symlinks verbatim into the chroot, which get broken along the way
> because there is no /usr/share/ca-certificates inside the Postfix
> chroot (this is a fault in SuSEconfig.postfix).
> Note that SUSE /etc/ssl/certs .pem files are actually symlinks to
> /usr/share/ca-certificates/mozilla/... managed by
> update-ca-certificates, hence the copy-unsafe-links.
> I don't currently have time to do a formal bug report against
> SuSEconfig.postfix, and I'm unsure if they or I care enough. Perhaps
> Carsten Höger reads this?
business. I suggest to open a bug at https://bugzilla.novell.com
With best regards,