Trixie update, fix race conditions

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.16 as postfix_exporter
+FROM golang:1.16 AS postfix_exporter
 
 ENV \
   POSTFIX_EXPORTER_VERSION=0.3.0 \
@@ -16,8 +16,8 @@ RUN set -x \
 
 # Postfix SMTP Relay
 
-# Debian Bookworm
-FROM debian:12
+# Debian Trixie
+FROM debian:13
 
 EXPOSE 25 587 2525
 
@@ -33,7 +33,7 @@ RUN set -x \
 RUN set -x \
   && export DEBIAN_FRONTEND=noninteractive \
   && apt-get update \
-  && apt-get install -y --no-install-recommends postfix mailutils busybox-syslogd opendkim opendkim-tools libsasl2-modules sasl2-bin curl ca-certificates procps s6 inotify-tools \
+  && apt-get install -y --no-install-recommends postfix mailutils busybox-syslogd opendkim opendkim-tools libsasl2-modules sasl2-bin curl ssl-cert ca-certificates procps s6 inotify-tools \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* \
   ;
@@ -45,7 +45,6 @@ RUN set -x \
   && postconf -Me submission/inet="submission inet n - y - - smtpd" \
   && postconf -Me 2525/inet="2525 inet n - y - - smtpd" \
   && cp --remove-destination /usr/share/postfix/makedefs.out /etc/postfix/makedefs.out \
-  && cp -a /var/spool/postfix /var/spool/postfix.cache \
   && rm -f /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem \
   && sed -i -E '/^smtpd_tls_cert_file|^smtpd_tls_key_file/d' /etc/postfix/main.cf \
   && rm -f /etc/opendkim.conf \

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 - 2022 Volt Grid Pty Ltd
+Copyright (c) 2015 - 2025 Volt Grid Pty Ltd
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

entry.sh

@@ -3,6 +3,8 @@
 set -e
 [ "${DEBUG:-false}" == 'true' ] && set -x
 
+echo "smtp >> Starting..."
+
 # Defaults
 if [ -z "$MAILNAME" ]; then
     echo "smtp >> Error: MAILNAME not specified"

s6/config-reloader/run

@@ -4,19 +4,26 @@
 
 : "${CONFIG_RELOADER_ENABLED:=false}"
 
+watch_files=(
+  "${TLS_CRT:-/etc/ssl/certs/ssl-cert-snakeoil.pem}"
+  "${TLS_KEY:-/etc/ssl/private/ssl-cert-snakeoil.key}"
+  "${CLIENT_TLS_KEY:-/etc/ssl/certs/ssl-cert-snakeoil.pem}"
+  "${CLIENT_TLS_CRT:-/etc/ssl/private/ssl-cert-snakeoil.key}"
+)
+
 if [[ "${CONFIG_RELOADER_ENABLED}" != "true" ]]; then
   echo "config-reloader >> Config reloader is not being started"
   s6-svc -d "$(pwd)"
   exit
+else
+  for file in "${watch_files[@]}"; do
+    while [ ! -f "$file" ]; do
+      echo "config-reloader >> Waiting for file to be created: $file"
+      sleep 1
+    done
+  done
 fi
 
-watch_files=( 
-  "${TLS_CRT:-/etc/ssl/certs/ssl-cert-snakeoil.pem}" 
-  "${TLS_KEY:-/etc/ssl/private/ssl-cert-snakeoil.key}" 
-  "${CLIENT_TLS_KEY:-/etc/ssl/certs/ssl-cert-snakeoil.pem}" 
-  "${CLIENT_TLS_CRT:-/etc/ssl/private/ssl-cert-snakeoil.key}" 
-)
-
 # Start infinite loop
 while true; do
   postfix reload

s6/postfix/run

@@ -29,17 +29,8 @@ unset LANG
 
 cd /etc/postfix
 
-# Copy default spool from cache
-# Note: this test may get confused if a volume is mounted that already contains unrelated directories (eg lost+found)
-if [ ! "$(ls -A /var/spool/postfix)" ]; then
-  echo "postfix >> Copying postfix spool directory from postfix.cache (from the image)"
-  cp -a /var/spool/postfix.cache/* /var/spool/postfix/
-else
-  echo "postfix >> Fixing/resetting spool directory permissions"
-  chgrp -R postdrop /var/spool/postfix/public
-  chgrp -R postdrop /var/spool/postfix/maildrop
-  postfix set-permissions
-fi
+echo "postfix >> Fixing/resetting spool directory permissions"
+postfix set-permissions
 
 # DKIM
 if [ "${USE_DKIM}" == "yes" ]; then
@@ -51,24 +42,19 @@ if [ "${USE_DKIM}" == "yes" ]; then
     postconf -e non_smtpd_milters="inet:localhost:8891"
 fi
 
-echo "postfix >> Setting smtpd_use_tls to ${USE_TLS}"
-postconf -e smtpd_use_tls="${USE_TLS}"
-
 if [ "${USE_TLS}" == "yes" ]; then
     if [ "${TLS_KEY}" == "/etc/ssl/private/ssl-cert-snakeoil.key" ] || [ "${CLIENT_TLS_KEY}" == "/etc/ssl/private/ssl-cert-snakeoil.key" ]; then
         echo "postfix >> Generating snakeoil SSL cert"
         dpkg-reconfigure -f noninteractive ssl-cert
     fi
     echo "postfix >> Setting smtp_tls parameters"
-    # setting smtpd_tls_security_level implies smtp_use_tls="yes"
     postconf -e smtp_tls_security_level="${CLIENT_TLS_SECURITY_LEVEL}"
     postconf -e smtp_tls_key_file="${CLIENT_TLS_KEY}"
     postconf -e smtp_tls_cert_file="${CLIENT_TLS_CRT}"
     postconf -e smtp_tls_CAfile="${CLIENT_TLS_CA}"
     postconf -e smtp_tls_CApath="/etc/ssl/certs"
     postconf -e smtp_tls_loglevel="1"
     echo "postfix >> Setting smtpd_tls parameters"
-    # setting smtpd_tls_security_level implies smtpd_use_tls="yes"
     postconf -e smtpd_tls_security_level="${TLS_SECURITY_LEVEL}"
     postconf -e smtpd_tls_key_file="${TLS_KEY}"
     postconf -e smtpd_tls_cert_file="${TLS_CRT}"
@@ -244,9 +230,6 @@ fi
 # Cleanup stale pids incase we hadn't exited cleanly
 rm -f /var/spool/postfix/pid/*
 
-# configure instance (populate etc)
-/usr/lib/postfix/configure-instance.sh
-
 # check postfix is happy (also will fix some things)
 echo "postfix >> Checking Postfix Configuration"
 postfix check

s6/postfix_exporter/run

@@ -14,6 +14,10 @@ if [[ "${POSTFIX_EXPORTER_ENABLED}" == "true" ]] && [[ "${LOGOUTPUT}" != "/dev/s
 elif [[ "${POSTFIX_EXPORTER_ENABLED}" == "true" ]]; then
   s6-svwait -u /etc/s6/postfix/log
   echo "postfix_exporter >> Starting postfix_exporter"
+  while [ ! -f /var/log/s6-maillog/current ]; do
+    echo "postfix_exporter >> waiting for /var/log/s6-maillog/current to be created"
+    sleep 1
+  done
   exec s6-setuidgid postfix postfix_exporter --postfix.logfile_path=/var/log/s6-maillog/current
 fi