Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 360309 - mail-mta/courier should not create certificates by default
Summary: mail-mta/courier should not create certificates by default
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Hanno Böck
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-24 16:23 UTC by Matus UHLAR - fantomas
Modified: 2011-03-25 10:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matus UHLAR - fantomas 2011-03-24 16:23:14 UTC
courier startup script uselessly creates SSL cert. files in their default paths, even when when they are not needed:
- when the daemon is not configured to be run
- when their paths were redefined and they exist there

Reproducible: Always

Actual Results:  
when starting courier, certificates for pop3d, imapd and esmtpd are created in their default paths, no matter if the daemons are to be run and if admin changed the paths.

Expected Results:  
- only create each cert file when the daemon is wanted to be run
- check the correct path of TLS_CERTFILE if it's defined, not the default.

I am not sure if it's the responsibility of startup script to create cert files.

However, there are more issues:
- the SSL cert file can be needed even when ssl'ed version of daemon is not to be run (we have STARTTLS for all those services)
- courier's mk*cert files only create them in default paths (they don't read daemon configs)

Thus, when paths are changed, cert files should not be created at all.
By changing path to certificates the admin takes responsibility for having certificates installed.
Comment 1 Matus UHLAR - fantomas 2011-03-25 10:00:32 UTC
each of those scripta contain following sentence:

Normally this script would get called by an automatic
package installation routine.

maybe creating those certificates should be moved to pkg_config() in ebuild?
Comment 2 Matus UHLAR - fantomas 2011-03-25 10:26:51 UTC
the startup scripts also calls makealiases, makesmtpaccess and makesmtpaccess-msa.

While aliases path is hardcoded in courier and predefined, both smtpaccess and smtpaccess-msa can be predefined and even undefined, which makes the makesmtpaccess* scripts to fail, and thus the init script will fail.

While this is apparently bug of the script, I also doubt that the startup script should take care of this, instead of the admin.