New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
scripts: merge new setup.sh version for 10.2.0 again #2189
Conversation
I added the release checklist to your description. Now as setup.sh is in the container we do not need to update the version in |
|
Within the last two weeks, there was a regression (at least in my setup). With a current master build, I see this on container startup
If I switch back to my master build from 2021-08-29, the error is gone. I noticed this yesterday, but had not time so far to dig deeper. |
@casperklein I see that when I use the latest dovecot. I had to completely switch back to the dovecot we install by default. The
|
Deployed all of this into prod and it looks to be working |
EDIT: Oh nvm. It's unrelated 😅
Is it this file that apparently hasn't been touched since 2016? Can we swap that out for smallstep binary? We already advise this in the generate self-signed cert docs, and have test certs generated in the same way instead of via openssl. Just need to add the binary into the Dockerfile. Looks like Lines 128 to 130 in 2bc3e82
docker-mailserver/target/scripts/startup/setup-stack.sh Lines 179 to 190 in 2bc3e82
Related Dovecot docs. This isn't something that would be used in production (self-signed certs), and looks fine to use smallstep instead of openssl AFAIK. |
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
@casperklein @NorseGaud is this Dovecot thing solved?:) @polarathene I have no objections with swapping |
Yes, I forgot to mention, that I also use the community dovecot version. However, I did a quick version check yesterday, both of my images got |
Ok, I got it. The "good" news is, the problem only occurs, when using the Dovecot community repo (what DMS did in the past, but not nowadays). So our default builds are not affected - sorry for the noise. In #2158, three "obsolete" lines where removed from Lines 117 to 120 in ed6421c
It's true, using the default DMS Makes it sense to re-add these lines? Contra: These lines are not needed for our default build. Pro: It's pretty easy for everyone, to add the dovecot community repo to the Dockerfile in order to use it (just two lines of copy/paste from https://repo.dovecot.org/#debian). With the removal of the "obsolete" lines, which fix IMO: Re-adding these three lines won't hurt and makes it easy to use the dovecot repo. |
What is the steps to replace Dovecot with the community version? If it modifies the Dockerfile or extends it, would it not make sense to just have this covered in the docs so that it's copy/paste and a common resource? I don't know what the benefits are beyond perhaps using a newer release, but we could make that easier to inform users what's required vs them each figuring it out and maintaining a small modification individually. That said, all this compatibility concern seems to be is the
This seems... redundant as the Docker image should already supply it, and after 1 year this file will become an expired cert ( Additionally, I would say this whole thing is rather pointless. I would have to verify that nothing is trying to use Dovecot earlier in the flow and failing on the lack of that docker-mailserver/target/scripts/startup/setup-stack.sh Lines 1059 to 1074 in 2bc3e82
We could have self-signed cert generation there or just disable SSL in Dovecot as the cases seem to imply is meant to happen.. Seeing as we're meant to be priding ourselves in secure and easy configurations by default, failing early on I think we can have the I think the other cases have conditional checks for being valid to continue, but none output an error message if those conditions aren't met? Do I add error handling with the I don't think we should do any |
I agree and would like to see this in the docs too :)
SGTM
SGTM too
I agree again, we should remove |
I would need advice on how to invoke init failure to exit (assuming we have a way to do that).
👍
I don't think it'll cause any breakage. I'll take care of it after resolving the bullseye TLS test failure. |
I think you can use this: docker-mailserver/target/scripts/start-mailserver.sh Lines 220 to 224 in 2bc3e82
|
@polarathene Good points. I fully agree.
Nothing more. Per design you get faster security updates + new/updated features(?) (still same major version, so no breaking changes) |
Is this aimed for the 10.2 or a later release? |
I'm presently waiting on a test run for the bullseye TLS test fix to pass, then open a PR and call it a night :) I'll put together the |
I'm fine with this going into |
Marked as draft, until all remaining PRs are merged. After that, we start the "feature freeze" again. |
This PR shall be merged to get the new |
Documentation preview for this PR is ready! 🎉 Built with commit: 5cd55dd |
@@ -247,7 +145,8 @@ function _docker_container | |||
then | |||
${CRI} exec "${USE_TTY}" "${CONTAINER_NAME}" "${@:+$@}" | |||
else | |||
# If no container yet, run a temporary one: https://github.com/docker-mailserver/docker-mailserver/pull/1874#issuecomment-809781531 | |||
# if no container is running, run a temporary one: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was that by accident (putting the URL in a separate line prefixed by two spaces)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes:)
Sorry I'm late, I've been traveling and haven't had any time to review things. |
Description
This PR marks the feature freeze phase forv10.2.0
release. The current:edge
image will be tested for roughly one week and if no bugs get reportedv10.2.0
will be released. During this testing period, only PRs that do not change functionaility will be merged.I have prepared a draft for the release which I will release after this PR will have been merged on September 20th 2021. I have also moved all other open PRs into the newv10.3.0
milestone. If you think your PR should be released in,move the PR back and add the notice in the release notes.v10.2.0
If you want to support us give the latest :edge image a try and report any issues you might (hopefully not) encounter back to this PR.This PR shall be merged to get the new
setup.sh
functionality again. Merging this PR is convenient and does not introduce needless rebasing and merge conflicts.Type of change
Checklist:
docs/
)