Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 360309

Summary: mail-mta/courier should not create certificates by default
Product: Gentoo Linux Reporter: Matus UHLAR - fantomas <uhlar>
Component: Current packagesAssignee: Hanno Böck <hanno>
Status: CONFIRMED ---    
Severity: normal CC: net-mail+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Matus UHLAR - fantomas 2011-03-24 16:23:14 UTC 
courier startup script uselessly creates SSL cert. files in their default paths, even when when they are not needed:
- when the daemon is not configured to be run
- when their paths were redefined and they exist there

Reproducible: Always

Actual Results:  
when starting courier, certificates for pop3d, imapd and esmtpd are created in their default paths, no matter if the daemons are to be run and if admin changed the paths.

Expected Results:  
- only create each cert file when the daemon is wanted to be run
- check the correct path of TLS_CERTFILE if it's defined, not the default.

I am not sure if it's the responsibility of startup script to create cert files.

However, there are more issues:
- the SSL cert file can be needed even when ssl'ed version of daemon is not to be run (we have STARTTLS for all those services)
- courier's mk*cert files only create them in default paths (they don't read daemon configs)

Thus, when paths are changed, cert files should not be created at all.
By changing path to certificates the admin takes responsibility for having certificates installed.
Comment 1 Matus UHLAR - fantomas 2011-03-25 10:00:32 UTC 
each of those scripta contain following sentence:

Normally this script would get called by an automatic
package installation routine.

maybe creating those certificates should be moved to pkg_config() in ebuild?
Comment 2 Matus UHLAR - fantomas 2011-03-25 10:26:51 UTC 
the startup scripts also calls makealiases, makesmtpaccess and makesmtpaccess-msa.

While aliases path is hardcoded in courier and predefined, both smtpaccess and smtpaccess-msa can be predefined and even undefined, which makes the makesmtpaccess* scripts to fail, and thus the init script will fail.

While this is apparently bug of the script, I also doubt that the startup script should take care of this, instead of the admin.