Loading ...
Sorry, an error occurred while loading the content.

misunderstanding INSTALL "vs" compile-time config ?

Expand Messages
  • ixloran@...
    Hi, I m finally taking the plunge and moving from distro-pacakged Postfix to building from source. I m reading INSTALL.html 4.4 - Overriding built-in parameter
    Message 1 of 20 , Apr 6, 2013
    • 0 Attachment
      Hi,

      I'm finally taking the plunge and moving from distro-pacakged Postfix to
      building from source.

      I'm reading INSTALL.html

      4.4 - Overriding built-in parameter default settings

      All Postfix configuration parameters can be changed by editing a Postfix
      configuration file, except for one: the parameter that specifies the
      location of Postfix configuration files. In order to build Postfix with
      a configuration directory other than /etc/postfix, use:

      $ make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
      $ make


      and set the available params to be in my /usr/local/ tree, in export
      CCARGS=

      -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" \
      -DDEF_DATA_DIR=\"/var/lib/postfix\" \
      -DDEF_QUEUE_DIR=\"/var/spool/postfix\" \
      -DDEF_SENDMAIL_PATH=\"/usr/local/sbin/sendmail\" \
      -DDEF_NEWALIAS_PATH=\"/usr/local/bin/newaliases\" \
      -DDEF_MAILQ_PATH=\"/usr/local/bin/mailq\" \
      -DDEF_COMMAND_DIR=\"/usr/local/sbin\" \
      -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" \
      -DDEF_MANPAGE_DIR=\"/usr/local/man\" \
      -DDEF_README_DIR=\"/usr/local/share/doc/packages/postfix-doc/README_FILES\"
      \
      -DDEF_HTML_DIR=\"/usr/local/share/doc/packages/postfix-doc/html\"
      \

      The config & build works OK.

      Since I'm installing this for the first time:

      "The non-interactive version ("make upgrade") needs the
      /etc/postfix/main.cf file from a previous installation. If the file does
      not exist, use interactive installation ("make install") instead."

      I do the

      make install

      step. The 1st question it asks is "install_root=/" ?, then other paths.

      I guess I'm misunderstanding this process. What's the purpose of
      telling all the compile-time defaults if I have to re-enter everything
      when I install?

      Since I can't run the non-interactive version, how can I "automate" the
      install process so that it puts stuff where I told it to @ compile time?

      Thanks!
    • Viktor Dukhovni
      ... It works just fine without one. If you don t want to build a package, but want non-interactive installation, that s what make upgrade does. I am
      Message 2 of 20 , Apr 6, 2013
      • 0 Attachment
        On Sat, Apr 06, 2013 at 09:25:28AM -0700, ixloran@... wrote:

        > "The non-interactive version ("make upgrade") needs the
        > /etc/postfix/main.cf file from a previous installation.

        It works just fine without one. If you don't want to build a package,
        but want non-interactive installation, that's what "make upgrade" does.

        I am attaching a patch for "MacOSX", where a bare-metal "make
        upgrade" with no main.cf fails, because Apple defines "postfix" as
        a nickname for "_postfix" and "postdrop" as a nickname for "_postdrop",
        so with default compile-time settings the Postfix installer aborts
        because its uid appears to be shared.

        --
        Viktor.

        --- a/makedefs
        +++ b/makedefs
        @@ -461,6 +461,10 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix543
        # Use the native compiler by default
        : ${CC=cc}
        CCARGS="$CCARGS \$(WARN)"
        + # Is the "postfix" user a built-in nickame for "_postfix"
        + case $(id -nu postfix 2>/dev/null) in
        + _postfix) CCARGS="$CCARGS -D_PREPEND_OWNER_SGID";;
        + esac
        # Darwin > 1.3 uses awk and flat_namespace
        case $RELEASE in
        1.[0-3]) AWK=gawk;;
        --- a/proto/INSTALL.html
        +++ b/proto/INSTALL.html
        @@ -337,6 +337,12 @@ default</th> </tr>
        <tr> <td>DEF_SENDMAIL_PATH</td> <td>sendmail_path</td>
        <td>/usr/sbin/sendmail</td> </tr>

        +<tr> <td>DEF_MAIL_OWNER</td> <td>mail_owner</td>
        +<td>postfix</td> </tr>
        +
        +<tr> <td>DEF_SGID_GROUP</td> <td>setgid_group</td>
        +<td>postdrop</td> </tr>
        +
        </table>

        </blockquote>
        --- a/src/global/mail_params.h
        +++ b/src/global/mail_params.h
        @@ -61,13 +61,17 @@ extern char *var_empty_addr;
        * the rights to be used when running external commands.
        */
        #define VAR_MAIL_OWNER "mail_owner"
        +#ifndef DEF_MAIL_OWNER
        #define DEF_MAIL_OWNER "postfix"
        +#endif
        extern char *var_mail_owner;
        extern uid_t var_owner_uid;
        extern gid_t var_owner_gid;

        #define VAR_SGID_GROUP "setgid_group"
        +#ifndef DEF_SGID_GROUP
        #define DEF_SGID_GROUP "postdrop"
        +#endif
        extern char *var_sgid_group;
        extern gid_t var_sgid_gid;

        --- a/src/util/sys_defs.h
        +++ b/src/util/sys_defs.h
        @@ -260,6 +260,14 @@
        #ifndef NO_POSIX_GETPW_R
        # define HAVE_POSIX_GETPW_R
        #endif
        +#ifdef _PREPEND_OWNER_SGID
        +#ifndef DEF_MAIL_OWNER
        +#define DEF_MAIL_OWNER "_postfix"
        +#endif
        +#ifndef DEF_SGID_GROUP
        +#define DEF_SGID_GROUP "_postdrop"
        +#endif
        +#endif

        #endif
      • ixloran@...
        Hi ... I m building on Linux. Do I need to apply that patch to my source, even though it s for MacOSX? What I get now is: make upgrade ... make: Nothing to
        Message 3 of 20 , Apr 6, 2013
        • 0 Attachment
          Hi

          On Sat, Apr 6, 2013, at 10:39 AM, Viktor Dukhovni wrote:
          > On Sat, Apr 06, 2013 at 09:25:28AM -0700, ixloran@... wrote:
          >
          > > "The non-interactive version ("make upgrade") needs the
          > > /etc/postfix/main.cf file from a previous installation.
          >
          > It works just fine without one. If you don't want to build a package,
          > but want non-interactive installation, that's what "make upgrade" does.
          >
          > I am attaching a patch for "MacOSX", where a bare-metal "make
          > upgrade" with no main.cf fails, because Apple defines "postfix" as
          > a nickname for "_postfix" and "postdrop" as a nickname for "_postdrop",
          > so with default compile-time settings the Postfix installer aborts
          > because its uid appears to be shared.

          I'm building on Linux. Do I need to apply that patch to my source, even
          though it's for MacOSX?

          What I get now is:

          make upgrade
          ...
          make: Nothing to be done for `update'.
          /bin/sh postfix-install -non-interactive
          postfix-install: Error: "postdrop" needs an entry in the group
          file.
          Remember, "postdrop" needs a dedicated group id.
          make: *** [upgrade] Error 1


          Since the distro already installed its version of postfix -- both
          version and config are not what I want/need, so that's why I'm building
          my own -- there exist users/groups for postfix

          grep post /etc/group
          mail:x:12:postfix
          maildrop:!:59:postfix
          postfix:!:51:

          grep post /etc/passwd
          postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false

          Is it the patch I need here, or do I still need to create a user/group
          above & beyond what the distro had previously installed?

          I THINK it's the latter, but don't want to start mucking around without
          understanding this.

          Thanks!
        • Viktor Dukhovni
          ... Oddly enough perhaps yes, since though the patch is mostly for MacOSX, it provides additional compile-time tuning on other platforms. ... Your system does
          Message 4 of 20 , Apr 6, 2013
          • 0 Attachment
            On Sat, Apr 06, 2013 at 10:53:54AM -0700, ixloran@... wrote:

            > > I am attaching a patch for "MacOSX", where a bare-metal "make
            > > upgrade" with no main.cf fails, because Apple defines "postfix" as
            > > a nickname for "_postfix" and "postdrop" as a nickname for "_postdrop",
            > > so with default compile-time settings the Postfix installer aborts
            > > because its uid appears to be shared.
            >
            > I'm building on Linux. Do I need to apply that patch to my source, even
            > though it's for MacOSX?

            Oddly enough perhaps yes, since though the patch is mostly for
            MacOSX, it provides additional compile-time tuning on other platforms.

            > What I get now is:
            >
            > make upgrade
            > ...
            > make: Nothing to be done for `update'.
            > /bin/sh postfix-install -non-interactive
            > postfix-install: Error: "postdrop" needs an entry in the group
            > file.
            > Remember, "postdrop" needs a dedicated group id.
            > make: *** [upgrade] Error 1

            Your system does not have a "postdrop" group.

            > Since the distro already installed its version of postfix -- both
            > version and config are not what I want/need, so that's why I'm building
            > my own -- there exist users/groups for postfix
            >
            > grep post /etc/group
            > mail:x:12:postfix
            > maildrop:!:59:postfix
            > postfix:!:51:

            Well, "maildrop" is not "postdrop".

            > Is it the patch I need here, or do I still need to create a user/group
            > above & beyond what the distro had previously installed?

            You can either create a "postdrop" group, or with the patch re-use the
            existing "maildrop" group, which makes it easier to transition between
            the system and your custom Postfix, since file permissions will be the
            same. I recommend the latter:

            CCARGS='... -DDEF_SGID_GROUP=\"maildrop\"'

            --
            Viktor.
          • Reindl Harald
            ... and why do you not build a package based on your distros one? you can be pretty sure that Fedora 17 does not have Postfix 2.10 nor have pflogsumm in the
            Message 5 of 20 , Apr 6, 2013
            • 0 Attachment
              Am 06.04.2013 19:53, schrieb ixloran@...:
              > make upgrade
              > ...
              > make: Nothing to be done for `update'.
              > /bin/sh postfix-install -non-interactive
              > postfix-install: Error: "postdrop" needs an entry in the group
              > file.
              > Remember, "postdrop" needs a dedicated group id.
              > make: *** [upgrade] Error 1
              >
              >
              > Since the distro already installed its version of postfix -- both
              > version and config are not what I want/need, so that's why I'm building
              > my own -- there exist users/groups for postfix

              and why do you not build a package based on your distros one?

              you can be pretty sure that Fedora 17 does not have Postfix 2.10
              nor have pflogsumm in the same packages nor avoid "alternatives"
              or build with mysql and without postgresql-deps

              [builduser@buildserver:~]$ cat /rpmbuild/SPECS/postfix.spec
              %define postfix_uid 89
              %define postfix_user postfix
              %define postfix_gid 89
              %define postfix_group postfix
              %define maildrop_group postdrop
              %define maildrop_gid 90
              %define postfix_config_dir %{_sysconfdir}/postfix
              %define postfix_daemon_dir %{_libexecdir}/postfix
              %define postfix_command_dir %{_sbindir}
              %define postfix_queue_dir %{_var}/spool/postfix
              %define postfix_data_dir %{_var}/lib/postfix
              %define postfix_doc_dir %{_docdir}/%{name}-%{version}
              %define postfix_sample_dir %{postfix_doc_dir}/samples
              %define postfix_readme_dir %{postfix_doc_dir}/README_FILES
              %define pflogsumm_ver 1.1.5

              Name: postfix
              Summary: Postfix Mail Transport Agent
              Version: 2.10.0
              Release: 17%{?dist}
              Epoch: 2
              Group: System Environment/Daemons
              URL: http://www.postfix.org
              License: IBM
              Requires: shadow-utils, systemd-units
              Requires(post): shadow-utils, systemd-units
              Requires(pre): shadow-utils, systemd-units
              Requires(preun): shadow-utils, systemd-units
              Requires(postun): shadow-utils, systemd-units
              Provides: MTA smtpd smtpdaemon server(smtp)
              Source0: ftp://ftp.porcupine.org/mirrors/postfix-release/official/%{name}-%{version}.tar.gz
              Source53: http://jimsun.linxnet.com/downloads/pflogsumm-%{pflogsumm_ver}.tar.gz
              Source101: postfix-pam.conf
              Source500: postfix.service
              BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
              BuildRequires: db4-devel, pkgconfig, zlib-devel, mysql-devel, cyrus-sasl-devel, pcre-devel, openssl-devel,
              systemd-units
              Obsoletes: postfix-perl-scripts

              Provides: postfix-perl-scripts
              Provides: postfix-pflogsumm = %{epoch}:%{version}-%{release}

              %description
              Postfix is a Mail Transport Agent, supporting SMTP AUTH and TLS

              %package manpages
              Summary: Postfix manuals
              Group: Applications/System
              %description manpages

              %prep
              %setup -q -n %{name}-%{version}

              gzip -dc %{SOURCE53} | tar xf -
              pushd pflogsumm-%{pflogsumm_ver}
              popd

              for f in README_FILES/TLS_{LEGACY_,}README TLS_ACKNOWLEDGEMENTS; do
              iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
              touch -r ${f}{,_} && mv -f ${f}{_,}
              done

              %build
              CCARGS=-fPIC
              AUXLIBS=

              CCARGS="${CCARGS} -DHAS_PCRE -I%{_includedir}/pcre"
              AUXLIBS="${AUXLIBS} -lpcre"

              CCARGS="${CCARGS} -DHAS_MYSQL -I%{_includedir}/mysql"
              AUXLIBS="${AUXLIBS} -L%{_libdir}/mysql -lmysqlclient -lm"

              CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I%{_includedir}/sasl"
              AUXLIBS="${AUXLIBS} -L%{_libdir}/sasl2 -lsasl2"

              CCARGS="${CCARGS} -DUSE_TLS -I/usr/include/openssl"
              AUXLIBS="${AUXLIBS} -lssl -lcrypto"

              CCARGS="${CCARGS} -DDEF_CONFIG_DIR=\\\"%{postfix_config_dir}\\\""
              CCARGS="${CCARGS} $(getconf LFS_CFLAGS)"

              AUXLIBS="${AUXLIBS} -pie -Wl,-z,relro"

              %{__make} %{?_smp_mflags} -f Makefile.init makefiles CCARGS="${CCARGS}" AUXLIBS="${AUXLIBS}" DEBUG=""
              OPT="$RPM_OPT_FLAGS -Wno-comment"
              %{__make} %{?_smp_mflags} CCARGS="${CCARGS}" AUXLIBS="${AUXLIBS}" DEBUG="" OPT="$RPM_OPT_FLAGS -Wno-comment"

              %install
              rm -rf $RPM_BUILD_ROOT
              mkdir -p $RPM_BUILD_ROOT
              sh postfix-install -non-interactive install_root=$RPM_BUILD_ROOT config_directory=%{postfix_config_dir}
              daemon_directory=%{postfix_daemon_dir} command_directory=%{postfix_command_dir}
              queue_directory=%{postfix_queue_dir} data_directory=%{postfix_data_dir}
              sendmail_path=%{postfix_command_dir}/sendmail newaliases_path=%{_bindir}/newaliases mailq_path=%{_bindir}/mailq
              mail_owner=%{postfix_user} setgid_group=%{maildrop_group} manpage_directory=%{_mandir}
              sample_directory=%{postfix_sample_dir} readme_directory=%{postfix_readme_dir} || exit 1
              install -c auxiliary/rmail/rmail $RPM_BUILD_ROOT%{_bindir}/rmail

              for i in active bounce corrupt defer deferred flush incoming private saved maildrop public pid saved trace; do
              mkdir -p $RPM_BUILD_ROOT%{postfix_queue_dir}/$i
              done

              cat $RPM_BUILD_ROOT%{postfix_daemon_dir}/postfix-files

              mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
              install -m 644 %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/smtp.postfix

              mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}
              mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}/examples{,/chroot-setup}
              cp -pr examples/{qmail-local,smtpd-policy} $RPM_BUILD_ROOT%{postfix_doc_dir}/examples
              cp -p examples/chroot-setup/LINUX2 $RPM_BUILD_ROOT%{postfix_doc_dir}/examples/chroot-setup

              mv $RPM_BUILD_ROOT/etc/postfix/bounce.cf.default $RPM_BUILD_ROOT%{postfix_doc_dir}
              mv $RPM_BUILD_ROOT/etc/postfix/main.cf.default $RPM_BUILD_ROOT%{postfix_doc_dir}
              mv $RPM_BUILD_ROOT/etc/postfix/makedefs.out $RPM_BUILD_ROOT%{postfix_doc_dir}
              rm -f $RPM_BUILD_ROOT%{postfix_config_dir}/{TLS_,}LICENSE

              find $RPM_BUILD_ROOT%{postfix_doc_dir} -type f | xargs chmod 644
              find $RPM_BUILD_ROOT%{postfix_doc_dir} -type d | xargs chmod 755

              install -c -m 644 pflogsumm-%{pflogsumm_ver}/pflogsumm-faq.txt $RPM_BUILD_ROOT%{postfix_doc_dir}/pflogsumm-faq.txt
              install -c -m 644 pflogsumm-%{pflogsumm_ver}/pflogsumm.1 $RPM_BUILD_ROOT%{_mandir}/man1/pflogsumm.1
              install -c pflogsumm-%{pflogsumm_ver}/pflogsumm.pl $RPM_BUILD_ROOT%{postfix_command_dir}/pflogsumm

              mantools/srctoman - auxiliary/qshape/qshape.pl > qshape.1
              install -c qshape.1 $RPM_BUILD_ROOT%{_mandir}/man1/qshape.1
              install -c auxiliary/qshape/qshape.pl $RPM_BUILD_ROOT%{postfix_command_dir}/qshape

              mkdir -p $RPM_BUILD_ROOT/%{_unitdir}/
              install -m 0644 %{SOURCE500} $RPM_BUILD_ROOT/%{_unitdir}/

              rm -f $RPM_BUILD_ROOT%{postfix_config_dir}/aliases
              rm -f $RPM_BUILD_ROOT%{_sysconfdir}/postfix/main.cf
              rm -f $RPM_BUILD_ROOT%{_sysconfdir}/postfix/master.cf
              rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/smtp

              %post
              /usr/bin/systemctl --system daemon-reload 2> /dev/null > /dev/null
              %{_sbindir}/postfix set-permissions upgrade-configuration daemon_directory=%{postfix_daemon_dir}
              command_directory=%{postfix_command_dir} mail_owner=%{postfix_user} setgid_group=%{maildrop_group}
              manpage_directory=%{_mandir} sample_directory=%{postfix_sample_dir} readme_directory=%{postfix_readme_dir} &> /dev/null
              %{_bindir}/unlink /etc/alternatives/mta 2> /dev/null
              %{_bindir}/unlink /etc/alternatives/mta-aliasesman 2> /dev/null
              %{_bindir}/unlink /etc/alternatives/mta-mailq 2> /dev/null
              %{_bindir}/unlink /etc/alternatives/mta-mailqman 2> /dev/null
              %{_bindir}/unlink /etc/alternatives/mta-newaliases 2> /dev/null
              %{_bindir}/unlink /etc/alternatives/mta-newaliasesman 2> /dev/null
              %{_bindir}/unlink /etc/alternatives/mta-pam 2> /dev/null
              %{_bindir}/unlink /etc/alternatives/mta-rmail 2> /dev/null
              %{_bindir}/unlink /etc/alternatives/mta-sendmail 2> /dev/null
              %{_bindir}/unlink /etc/alternatives/mta-sendmailman 2> /dev/null
              exit 0

              %pre
              %{_sbindir}/groupadd -g %{maildrop_gid} -r %{maildrop_group} 2> /dev/null
              %{_sbindir}/groupadd -g %{postfix_gid} -r %{postfix_group} 2> /dev/null
              %{_sbindir}/groupadd -g 12 -r mail 2> /dev/null
              %{_sbindir}/useradd -d %{postfix_queue_dir} -s /sbin/nologin -g %{postfix_group} -G mail -M -r -u %{postfix_uid}
              %{postfix_user} 2> /dev/null
              exit 0

              %preun
              if [ "$1" == 0 ]; then
              /usr/bin/systemctl --no-reload disable postfix.service 2> /dev/null > /dev/null
              /usr/bin/systemctl stop postfix.service 2> /dev/null > /dev/null
              fi
              exit 0

              %clean
              rm -rf $RPM_BUILD_ROOT

              %files
              %defattr(-, root, root)
              %attr(0644, root, root) %{_unitdir}/postfix.service
              %dir %attr(0755, root, root) %{postfix_config_dir}
              %dir %attr(0755, root, root) %{postfix_daemon_dir}
              %dir %attr(0755, root, root) %{postfix_queue_dir}
              %dir %attr(0755, root, root) %{postfix_queue_dir}/pid
              %dir %attr(0700, %{postfix_user}, root) %{postfix_data_dir}
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/active
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/bounce
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/corrupt
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/defer
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/deferred
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/flush
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/hold
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/incoming
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/saved
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/trace
              %dir %attr(0730, %{postfix_user}, %{maildrop_group}) %{postfix_queue_dir}/maildrop
              %dir %attr(0710, %{postfix_user}, %{maildrop_group}) %{postfix_queue_dir}/public
              %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/private
              %attr(2755, root, %{maildrop_group}) %{postfix_command_dir}/postdrop
              %attr(2755, root, %{maildrop_group}) %{postfix_command_dir}/postqueue
              %attr(0755, root, root) %{postfix_command_dir}/sendmail
              %attr(0755, root, root) %{postfix_command_dir}/postalias
              %attr(0755, root, root) %{postfix_command_dir}/postcat
              %attr(0755, root, root) %{postfix_command_dir}/postconf
              %attr(0755, root, root) %{postfix_command_dir}/postfix
              %attr(0755, root, root) %{postfix_command_dir}/postkick
              %attr(0755, root, root) %{postfix_command_dir}/postlock
              %attr(0755, root, root) %{postfix_command_dir}/postlog
              %attr(0755, root, root) %{postfix_command_dir}/postmap
              %attr(0755, root, root) %{postfix_command_dir}/postmulti
              %attr(0755, root, root) %{postfix_command_dir}/postsuper
              %attr(0755, root, root) %{postfix_command_dir}/qshape
              %attr(0755, root, root) %{postfix_command_dir}/pflogsumm
              %attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/access
              %attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/canonical
              %attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/generic
              %attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/header_checks
              %attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/relocated
              %attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/transport
              %attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/virtual
              %attr(0755, root, root) %{postfix_daemon_dir}/[^mp]*
              %attr(0644, root, root) %{postfix_daemon_dir}/main.cf
              %attr(0644, root, root) %{postfix_daemon_dir}/master.cf
              %attr(0755, root, root) %{postfix_daemon_dir}/master
              %attr(0755, root, root) %{postfix_daemon_dir}/pickup
              %attr(0755, root, root) %{postfix_daemon_dir}/pipe
              %attr(0755, root, root) %{postfix_daemon_dir}/post-install
              %attr(0644, root, root) %{postfix_daemon_dir}/postfix-files
              %attr(0755, root, root) %{postfix_daemon_dir}/postfix-script
              %attr(0755, root, root) %{postfix_daemon_dir}/postfix-wrapper
              %attr(0755, root, root) %{postfix_daemon_dir}/postmulti-script
              %attr(0755, root, root) %{postfix_daemon_dir}/postscreen
              %attr(0755, root, root) %{postfix_daemon_dir}/proxymap
              %attr(0755, root, root) %{_bindir}/mailq
              %attr(0755, root, root) %{_bindir}/newaliases
              %attr(0755, root, root) %{_bindir}/rmail
              %config(noreplace) %{_sysconfdir}/pam.d/smtp.postfix

              %files manpages
              %defattr(-, root, root)
              %{postfix_doc_dir}
              %attr(0644, root, root) %{_mandir}/man1/*
              %attr(0644, root, root) %{_mandir}/man5/*
              %attr(0644, root, root) %{_mandir}/man8/*

              %changelog
              * Fri Feb 1 2013 Reindl Harald <h.reindl@...>
              - remove all the "alternatives" crap - we only use postfix

              * Mon Jan 28 2013 Reindl Harald <h.reindl@...>
              - remove distribution configs from package

              * Thu Jan 24 2013 Reindl Harald <h.reindl@...>
              - combine postfix and pflogsum in one package
              - split out all manpages in a sub-package
            • ixloran@...
              Viktor, Thanks for the answers. I thing I have what I need for now; I ll give it a try in a but. Thanks!
              Message 6 of 20 , Apr 6, 2013
              • 0 Attachment
                Viktor,

                Thanks for the answers. I thing I have what I need for now; I'll give
                it a try in a but.

                Thanks!

                On Sat, Apr 6, 2013, at 10:58 AM, Viktor Dukhovni wrote:
                > On Sat, Apr 06, 2013 at 10:53:54AM -0700, ixloran@... wrote:
                >
                > > > I am attaching a patch for "MacOSX", where a bare-metal "make
                > > > upgrade" with no main.cf fails, because Apple defines "postfix" as
                > > > a nickname for "_postfix" and "postdrop" as a nickname for "_postdrop",
                > > > so with default compile-time settings the Postfix installer aborts
                > > > because its uid appears to be shared.
                > >
                > > I'm building on Linux. Do I need to apply that patch to my source, even
                > > though it's for MacOSX?
                >
                > Oddly enough perhaps yes, since though the patch is mostly for
                > MacOSX, it provides additional compile-time tuning on other platforms.
                >
                > > What I get now is:
                > >
                > > make upgrade
                > > ...
                > > make: Nothing to be done for `update'.
                > > /bin/sh postfix-install -non-interactive
                > > postfix-install: Error: "postdrop" needs an entry in the group
                > > file.
                > > Remember, "postdrop" needs a dedicated group id.
                > > make: *** [upgrade] Error 1
                >
                > Your system does not have a "postdrop" group.
                >
                > > Since the distro already installed its version of postfix -- both
                > > version and config are not what I want/need, so that's why I'm building
                > > my own -- there exist users/groups for postfix
                > >
                > > grep post /etc/group
                > > mail:x:12:postfix
                > > maildrop:!:59:postfix
                > > postfix:!:51:
                >
                > Well, "maildrop" is not "postdrop".
                >
                > > Is it the patch I need here, or do I still need to create a user/group
                > > above & beyond what the distro had previously installed?
                >
                > You can either create a "postdrop" group, or with the patch re-use the
                > existing "maildrop" group, which makes it easier to transition between
                > the system and your custom Postfix, since file permissions will be the
                > same. I recommend the latter:
                >
                > CCARGS='... -DDEF_SGID_GROUP=\"maildrop\"'
                >
                > --
                > Viktor.
              • ixloran@...
                ... Because (1) I m no longer intersted in someone s downstream idea of what version and how I should configure, build & use postfix. (2) I ve had enough of
                Message 7 of 20 , Apr 6, 2013
                • 0 Attachment
                  On Sat, Apr 6, 2013, at 10:59 AM, Reindl Harald wrote:
                  > and why do you not build a package based on your distros one?

                  Because

                  (1) I'm no longer intersted in someone's 'downstream idea' of what
                  version and how I should configure, build & use postfix.
                  (2) I've had enough of being told "go talk to the distro" by the broader
                  Postfix community, and the #irc folks specifically.

                  If I build it cleanly, from upstream, and according to the Postfix docs,
                  and ONLY the Postfix docs, then I can minimize, if not avoid, both
                  problems.
                • Reindl Harald
                  ... what exactly did you not understand in based on ? ... you missed COMPLETLY what i saied ... and what do you believe does my own build? the point is that
                  Message 8 of 20 , Apr 6, 2013
                  • 0 Attachment
                    Am 06.04.2013 20:25, schrieb ixloran@...:
                    > On Sat, Apr 6, 2013, at 10:59 AM, Reindl Harald wrote:
                    >> and why do you not build a package based on your distros one?
                    >
                    > Because
                    >
                    > (1) I'm no longer intersted in someone's 'downstream idea' of what
                    > version and how I should configure, build & use postfix

                    what exactly did you not understand in "based on"?

                    > (2) I've had enough of being told "go talk to the distro" by the broader
                    > Postfix community, and the #irc folks specifically.

                    you missed COMPLETLY what i saied

                    > If I build it cleanly, from upstream, and according to the Postfix docs,
                    > and ONLY the Postfix docs, then I can minimize, if not avoid, both
                    > problems

                    and what do you believe does my own build?

                    the point is that it is a very dirty style to use a system
                    with a apckage manager and blindly make && make install away
                    from package managmement

                    your whole problems with uid/gid would not be present if
                    you would not refuse to learn how this all is done in
                    your distribution and this does NOT mean mangle anything
                    in postfix at all
                  • ixloran@...
                    Huh? ... Well there s ONE thing you said that makes some sense ...
                    Message 9 of 20 , Apr 6, 2013
                    • 0 Attachment
                      Huh?

                      On Sat, Apr 6, 2013, at 11:38 AM, Reindl Harald wrote:
                      > you missed COMPLETLY what i saied

                      Well there's ONE thing you said that makes some sense ...
                    • ixloran@...
                      Hi Viktor, ... works great! patch -p1
                      Message 10 of 20 , Apr 6, 2013
                      • 0 Attachment
                        Hi Viktor,

                        On Sat, Apr 6, 2013, at 10:58 AM, Viktor Dukhovni wrote:
                        > You can either create a "postdrop" group, or with the patch re-use the
                        > existing "maildrop" group, which makes it easier to transition between
                        > the system and your custom Postfix, since file permissions will be the
                        > same. I recommend the latter:
                        >
                        > CCARGS='... -DDEF_SGID_GROUP=\"maildrop\"'

                        works great!

                        patch -p1 < /usr/local/src/postfix.patch
                        make tidy
                        export CCARGS=' ... -DDEF_SGID_GROUP=\"maildrop\"'
                        make -f Makefile.init makefiles
                        make

                        then wrapping it all up with a 'non-interactive' `make upgrade`

                        checkinstall -R --fstrans=no --nodoc --pkgname="postfix-local"
                        --pkgversion="2.10.0" make upgrade
                        rpm -qlp postfix-local-2.10.0-1.x86_64.rpm

                        looks exactly like I compile-time configured it:

                        http://pastebin.com/XJBa5QJn

                        Will your patch be added to main source tree at any time, or is it
                        something I'll need to tweak/modify & apply when I upgrade?

                        thanks!
                      • Viktor Dukhovni
                        ... No need to hammer your point in. There s more than one way to skin this cat. The OP will use whatever is most comfortable for him. Yes, there are
                        Message 11 of 20 , Apr 6, 2013
                        • 0 Attachment
                          On Sat, Apr 06, 2013 at 08:38:41PM +0200, Reindl Harald wrote:

                          > > (1) I'm no longer intersted in someone's 'downstream idea' of what
                          > > version and how I should configure, build & use postfix
                          >
                          > what exactly did you not understand in "based on"?

                          No need to hammer your point in. There's more than one way to skin
                          this cat. The OP will use whatever is most comfortable for him.
                          Yes, there are benefits in deploying software as a "package", but
                          also drawbacks (the package manager may replace it with an upgrade,
                          ...) that one needs to learn how to work around.

                          Since the OP is installing into /usr/local, a non-packaged version
                          is fine. I would go further and install into:

                          /usr/local/postfix/${version}/{etc,sbin,libexec,man,html}/

                          with "sendmail", "mailq" and "newaliases" in

                          /usr/local/postfix/${version}/sbin/

                          and symlinks from /usr/sbin, /usr/bin to the right version. This
                          makes it easy to switch between versions and delete stale files.
                          For example to build with TLS support:

                          #! /bin/sh
                          DEST=/usr/local/postfix/2.10.0
                          CCARGS='-DUSE_TLS' # + other features
                          AUXLIBS="-lssl -lcrypto" # + other libraries
                          while read -r name val
                          do
                          CCARGS="$CCARGS $(printf -- '-D%s=\\"%s\\"' $name $val)"
                          done <<EOF
                          DEF_COMMAND_DIR $DEST/sbin
                          DEF_CONFIG_DIR $DEST/etc
                          DEF_DAEMON_DIR $DEST/libexec
                          DEF_MAILQ_PATH $DEST/sbin/mailq
                          DEF_HTML_DIR $DEST/html
                          DEF_MANPAGE_DIR $DEST/man
                          DEF_NEWALIAS_PATH $DEST/sbin/newaliases
                          DEF_README_DIR $DEST/readme
                          DEF_SENDMAIL_PATH $DEST/sbin/sendmail
                          DEF_SGID_GROUP maildrop
                          EOF
                          make -f Makefile.init "CCARGS=$CCARGS" "AUXLIBS=$AUXLIBS" makefiles
                          make

                          --
                          Viktor.
                        • Viktor Dukhovni
                          ... My best guess is that Wietse will likely adopt something functionally equivalent wrt the compile-time override for DEF_MAIL_OWNER and DEF_SGID_GROUP. There
                          Message 12 of 20 , Apr 6, 2013
                          • 0 Attachment
                            On Sat, Apr 06, 2013 at 12:17:53PM -0700, ixloran@... wrote:

                            > Will your patch be added to main source tree at any time, or is it
                            > something I'll need to tweak/modify & apply when I upgrade?

                            My best guess is that Wietse will likely adopt something functionally
                            equivalent wrt the compile-time override for DEF_MAIL_OWNER and
                            DEF_SGID_GROUP.

                            There are various ways to handle the internals and apply the right
                            defaults to MacOSX, so the implementation details may be slightly
                            different, but this won't change the behaviour you see.

                            --
                            Viktor.
                          • ixloran@...
                            ... Thanks. I ll keep an eye on the Changelogs.
                            Message 13 of 20 , Apr 6, 2013
                            • 0 Attachment
                              On Sat, Apr 6, 2013, at 12:27 PM, Viktor Dukhovni wrote:
                              > > Will your patch be added to main source tree at any time, or is it
                              > > something I'll need to tweak/modify & apply when I upgrade?
                              >
                              > My best guess is that Wietse will likely adopt something functionally
                              > equivalent wrt the compile-time override for DEF_MAIL_OWNER and
                              > DEF_SGID_GROUP.
                              >
                              > There are various ways to handle the internals and apply the right
                              > defaults to MacOSX, so the implementation details may be slightly
                              > different, but this won't change the behaviour you see.

                              Thanks. I'll keep an eye on the Changelogs.
                            • Reindl Harald
                              ... that s right but I m no longer intersted in someone s downstream idea in context of build your OWN package is in fact the wrong answer
                              Message 14 of 20 , Apr 6, 2013
                              • 0 Attachment
                                Am 06.04.2013 21:22, schrieb Viktor Dukhovni:
                                > On Sat, Apr 06, 2013 at 08:38:41PM +0200, Reindl Harald wrote:
                                >
                                >>> (1) I'm no longer intersted in someone's 'downstream idea' of what
                                >>> version and how I should configure, build & use postfix
                                >>
                                >> what exactly did you not understand in "based on"?
                                >
                                > No need to hammer your point in. There's more than one way to skin
                                > this cat. The OP will use whatever is most comfortable for him

                                that's right

                                but "I'm no longer intersted in someone's downstream idea" in
                                context of "build your OWN package" is in fact the wrong answer
                              • Reindl Harald
                                ... adn exatcly that DOES NOT WORK because the package manager ignores the stuff in /usr/local and you hardly can remove MTA dependencies at all which means
                                Message 15 of 20 , Apr 6, 2013
                                • 0 Attachment
                                  Am 06.04.2013 21:22, schrieb Viktor Dukhovni:
                                  > Since the OP is installing into /usr/local, a non-packaged version
                                  > is fine. I would go further and install into:
                                  >
                                  > /usr/local/postfix/${version}/{etc,sbin,libexec,man,html}/
                                  >
                                  > with "sendmail", "mailq" and "newaliases" in
                                  >
                                  > /usr/local/postfix/${version}/sbin/
                                  >
                                  > and symlinks from /usr/sbin, /usr/bin to the right version. This
                                  > makes it easy to switch between versions and delete stale files.
                                  > For example to build with TLS support

                                  adn exatcly that DOES NOT WORK because the package manager ignores
                                  the stuff in /usr/local and you hardly can remove MTA dependencies
                                  at all which means every OS update may randomly overwrite your
                                  /usr/sbin/sendmail symlink

                                  been there, done that, stopped to mangle this way by learning
                                • Wietse Venema
                                  ... No override is needed. You can trivially set these at installation time: # make install mail_owner=foo setgid_group=bar ... # make upgrade mail_owner=foo
                                  Message 16 of 20 , Apr 6, 2013
                                  • 0 Attachment
                                    Viktor Dukhovni:
                                    > On Sat, Apr 06, 2013 at 12:17:53PM -0700, ixloran@... wrote:
                                    >
                                    > > Will your patch be added to main source tree at any time, or is it
                                    > > something I'll need to tweak/modify & apply when I upgrade?
                                    >
                                    > My best guess is that Wietse will likely adopt something functionally
                                    > equivalent wrt the compile-time override for DEF_MAIL_OWNER and
                                    > DEF_SGID_GROUP.

                                    No override is needed.

                                    You can trivially set these at installation time:

                                    # make install mail_owner=foo setgid_group=bar ...
                                    # make upgrade mail_owner=foo setgid_group=bar ...

                                    You can even change mail_owner or setgid_group after Postfix
                                    is already installed:

                                    # postfix set-permissions mail_owner=foo setgid_group=bar ...

                                    This *is* documented.

                                    Wietse
                                  • Wietse Venema
                                    ... Also (since this thread mentioned installable packages): make package mail_owner=foo setgid_group=bar ... All the above work even without pre-existing
                                    Message 17 of 20 , Apr 6, 2013
                                    • 0 Attachment
                                      Wietse Venema:
                                      > Viktor Dukhovni:
                                      > > On Sat, Apr 06, 2013 at 12:17:53PM -0700, ixloran@... wrote:
                                      > >
                                      > > > Will your patch be added to main source tree at any time, or is it
                                      > > > something I'll need to tweak/modify & apply when I upgrade?
                                      > >
                                      > > My best guess is that Wietse will likely adopt something functionally
                                      > > equivalent wrt the compile-time override for DEF_MAIL_OWNER and
                                      > > DEF_SGID_GROUP.
                                      >
                                      > No override is needed.
                                      >
                                      > You can trivially set these at installation time:
                                      >
                                      > # make install mail_owner=foo setgid_group=bar ...
                                      > # make upgrade mail_owner=foo setgid_group=bar ...

                                      Also (since this thread mentioned installable packages):

                                      make package mail_owner=foo setgid_group=bar ...

                                      All the above work even without pre-existing main.cf file.

                                      > You can even change mail_owner or setgid_group after Postfix
                                      > is already installed:
                                      >
                                      > # postfix set-permissions mail_owner=foo setgid_group=bar ...
                                      >
                                      > This *is* documented.

                                      This, of course does require a pre-existing main.cf file.

                                      The only build-time parameter override that's needed is for
                                      config_directory. All other parameters can be specified at
                                      /upgrade/package time. They are configurable for a reason.

                                      Wietse
                                    • Viktor Dukhovni
                                      ... Yes, this is an option. It applies to all parameters other than config_directory , and yet we have compile-time overrides for most installation parameters
                                      Message 18 of 20 , Apr 6, 2013
                                      • 0 Attachment
                                        On Sat, Apr 06, 2013 at 04:30:59PM -0400, Wietse Venema wrote:

                                        > > My best guess is that Wietse will likely adopt something functionally
                                        > > equivalent wrt the compile-time override for DEF_MAIL_OWNER and
                                        > > DEF_SGID_GROUP.
                                        >
                                        > No override is needed.
                                        >
                                        > You can trivially set these at installation time:
                                        >
                                        > # make install mail_owner=foo setgid_group=bar ...
                                        > # make upgrade mail_owner=foo setgid_group=bar ...

                                        Yes, this is an option.

                                        It applies to all parameters other than "config_directory", and yet
                                        we have compile-time overrides for most installation parameters to
                                        enable more natural defaults. The "mail_owner" and "setgid_group"
                                        installation parameters are included in the list of parameters
                                        explicitly defined in the target main.cf by "postfix-install". When
                                        I build a test version to run out of /var/tmp/postfix, creat an
                                        empty main.cf file and run "make upgrade" I get:

                                        /var/tmp/postfix/etc/main.cf:
                                        readme_directory = /var/tmp/postfix/readme
                                        sample_directory = /var/tmp/postfix/etc
                                        sendmail_path = /var/tmp/postfix/sbin/sendmail
                                        html_directory = /var/tmp/postfix/html
                                        setgid_group = _postdrop
                                        command_directory = /var/tmp/postfix/sbin
                                        manpage_directory = /var/tmp/postfix/man
                                        daemon_directory = /var/tmp/postfix/libexec
                                        newaliases_path = /var/tmp/postfix/sbin/newaliases
                                        mailq_path = /var/tmp/postfix/sbin/mailq
                                        queue_directory = /var/spool/postfix
                                        mail_owner = _postfix
                                        data_directory = /var/lib/postfix

                                        in which all the installation parameters aside from mail_owner and
                                        setgid_group allow compile-time overrides.

                                        I think it would be more consistent to also allow mail_owner and
                                        setgid_group to have appropriate compile-time defaults for the
                                        target platform whether installing locally, or building packages.

                                        That said, the OP can of course make do with run-time overrides
                                        if that's the only choice.

                                        --
                                        Viktor.
                                      • Viktor Dukhovni
                                        ... This is not a big deal either way. I neglected to mention upthread that when I did install multiple versions of Postfix each rooted in their own tree
                                        Message 19 of 20 , Apr 6, 2013
                                        • 0 Attachment
                                          On Sat, Apr 06, 2013 at 09:01:54PM +0000, Viktor Dukhovni wrote:

                                          > I think it would be more consistent to also allow mail_owner and
                                          > setgid_group to have appropriate compile-time defaults for the
                                          > target platform whether installing locally, or building packages.
                                          >
                                          > That said, the OP can of course make do with run-time overrides
                                          > if that's the only choice.

                                          This is not a big deal either way. I neglected to mention upthread
                                          that when I did install multiple versions of Postfix each rooted
                                          in their own tree (often in AFS) the compile-time config_directory
                                          was in /etc/postfix not the version-specific directory:

                                          -DDEF_CONFIG_DIR=\"/etc/postfix\"

                                          There was however also a version-specific .../etc/ directory in
                                          AFS, which contained stock files created by the package installer
                                          (so I also used command-line overrides:

                                          postfix-install \
                                          config_directory=/some/afs/path/etc \
                                          queue_directory=/some/afs/path/spool \
                                          data_directory=/some/afs/path/data ...

                                          when installing into AFS, since that was not an installation onto
                                          the specific system from which I happened to push content into AFS).

                                          This was not the typical Postfix via O/S packages use-case, rather
                                          Postfix was delivered once into AFS for use by thousands of systems,
                                          and a boot-time shell-script would select the correct version for
                                          a given machine, and build a suitable main.cf/master.cf, ...

                                          --
                                          Viktor.
                                        • Wietse Venema
                                          ... Perhaps some feel that the ./configure approach of customizing settings at build time is more natural than customizing them at or after installation
                                          Message 20 of 20 , Apr 6, 2013
                                          • 0 Attachment
                                            Viktor Dukhovni:
                                            > On Sat, Apr 06, 2013 at 04:30:59PM -0400, Wietse Venema wrote:
                                            >
                                            > > > My best guess is that Wietse will likely adopt something functionally
                                            > > > equivalent wrt the compile-time override for DEF_MAIL_OWNER and
                                            > > > DEF_SGID_GROUP.
                                            > >
                                            > > No override is needed.
                                            > >
                                            > > You can trivially set these at installation time:
                                            > >
                                            > > # make install mail_owner=foo setgid_group=bar ...
                                            > > # make upgrade mail_owner=foo setgid_group=bar ...
                                            >
                                            > Yes, this is an option.
                                            >
                                            > It applies to all parameters other than "config_directory", and yet
                                            > we have compile-time overrides for most installation parameters to
                                            > enable more natural defaults. The "mail_owner" and "setgid_group"
                                            > installation parameters are included in the list of parameters
                                            > explicitly defined in the target main.cf by "postfix-install". When

                                            Perhaps some feel that the ./configure approach of customizing
                                            settings at build time is more "natural" than customizing them
                                            at or after installation time. I am not convinced that the latter
                                            is an inferior approach that one has to "make do" with.

                                            I'm sure that there are more worthy Postfix topics to bitch about.

                                            Wietse

                                            > I build a test version to run out of /var/tmp/postfix, creat an
                                            > empty main.cf file and run "make upgrade" I get:
                                            >
                                            > /var/tmp/postfix/etc/main.cf:
                                            > readme_directory = /var/tmp/postfix/readme
                                            > sample_directory = /var/tmp/postfix/etc
                                            > sendmail_path = /var/tmp/postfix/sbin/sendmail
                                            > html_directory = /var/tmp/postfix/html
                                            > setgid_group = _postdrop
                                            > command_directory = /var/tmp/postfix/sbin
                                            > manpage_directory = /var/tmp/postfix/man
                                            > daemon_directory = /var/tmp/postfix/libexec
                                            > newaliases_path = /var/tmp/postfix/sbin/newaliases
                                            > mailq_path = /var/tmp/postfix/sbin/mailq
                                            > queue_directory = /var/spool/postfix
                                            > mail_owner = _postfix
                                            > data_directory = /var/lib/postfix
                                            >
                                            > in which all the installation parameters aside from mail_owner and
                                            > setgid_group allow compile-time overrides.
                                            >
                                            > I think it would be more consistent to also allow mail_owner and
                                            > setgid_group to have appropriate compile-time defaults for the
                                            > target platform whether installing locally, or building packages.
                                            >
                                            > That said, the OP can of course make do with run-time overrides
                                            > if that's the only choice.
                                            >
                                            > --
                                            > Viktor.
                                            >
                                          Your message has been successfully submitted and would be delivered to recipients shortly.