debian stretch slim #784
debian stretch slim #784
Conversation
- first step correct the testdata, as newer packages are more strict about the mail-structure.
- add missing build-step to make - clean the userdb aswell - use timeout of netcat, as postgrey would not close the connection - there is 2 extra mail-logs -> assert_output 5 - cosmetic: use "" instead of ''
new image: - smaller size - 0 CVEs compared to 11 CVEs in ubuntu 16.04 Image better backport situation - postfix 3.1.6 vs 3.1.0 - fail2ban 0.9.6 vs 0.9.3 ... changes needed because of stretch-slim: - add missing gnupg and iproute2 package - remove non-free rar, unrar-free should do - rsyslog does not add syslog user and has different conf-structure - pyzor command discover was deprecated and is missing in the new stretch package - dovecot does not know SSLv2 anymore. removed because of warnings in log - iptables does not know imap3, IMAP working group chose imap2 in favor of imap3
|
The tests run fine on my machine. Need to look into it, why Travis breaks. They changed the architecture mid-December though. Any hints on that would be great |
|
retrigger travis ci to get a closer look into the build. |
|
this is odd: travis might have some caching (or no-cache) issues. Gonna hunt that last failure down now. |
SSLv2 seems to be a not known protocol anymore - good!
|
One more Travis try |
|
Last two Travis runs exit at different tests. |
make this test more stable. there might be more than only one mail.log (mail.info, mail.warn, ...)
new openssl 1.1.0 needs stronger ciphers, removed some weekers ones. Please, look through the new list of cipher! this needs to be done in another commit for all other SSL/TLS-Endpoints aswell.
let our server pre-empt the cipher list. Did a read through, wwwDOTpostfixDOTorg/FORWARD_SECRECY_READMEDOThtml and wwwDOTpostfixDOTorg/TLS_READMEDOThtml
|
Travis makes me wonder. If I seemingly fix one bug/test, it fails another test, which is executed earlier in the queue and passed all the times before. |
…w and independent but identical container. many other test on the main 'mail' container might interfere here.
|
@mwlczk First of great PR! A very good contribution, myself also tried to change this image to Debian because of better backport support that lacks in Ubuntu sometimes, couldn't agree more. Sometimes travis is busy and due to the amount of containers that are started some tests are not yet ready to be tested and this gives sometimes some mixed test results. This is a improvement that needs to be applied to this project #324. Looking forward to merging this PR but some questions:
|
Dockerfile
Outdated
| @@ -60,7 +62,7 @@ RUN apt-get update -q --fix-missing && \ | |||
| postfix-pcre \ | |||
| postfix-policyd-spf-python \ | |||
| pyzor \ | |||
| rar \ | |||
| # rar \ | |||
There was a problem hiding this comment.
Remove the line if not used
Dockerfile
Outdated
| @@ -177,8 +180,9 @@ RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf && \ | |||
| chown -R clamav:root /var/log/mail/clamav.log && \ | |||
| touch /var/log/mail/freshclam.log && \ | |||
| chown -R clamav:root /var/log/mail/freshclam.log && \ | |||
| sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/rsyslog.d/50-default.conf && \ | |||
| sed -i -r 's|;auth,authpriv.none|;mail.none;mail.error;auth,authpriv.none|g' /etc/rsyslog.d/50-default.conf && \ | |||
| # no separate 50-default.conf | |||
There was a problem hiding this comment.
Remove the line if not used
test/tests.bats
Outdated
| run docker exec mail_with_postgrey /bin/sh -c "nc 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist.txt" | ||
| sleep 8 | ||
| run docker exec mail_with_postgrey /bin/sh -c "nc -w 8 0.0.0.0 10023 < /tmp/docker-mailserver-test/nc_templates/postgrey_whitelist.txt" | ||
| # sleep 8 |
There was a problem hiding this comment.
Remove the line if not used
|
switch to debian:stretch-slim:
first step correct the testdata, as newer packages are more strict
about the mail-structure.
add missing build-step in
makeclean the userdb aswell
use timeout of netcat (nc -w), as postgrey would not close the connection
there is 2 extra mail-log-files (mail.info and mail.warn) -> count only mail.log
cosmetic: use "" instead of ''
new image benefits:
better backport situation:
....
changes in Dockerfile and configfiles needed because of stretch-slim:
add missing gnupg and iproute2 package
remove non-free rar, unrar-free should do
rsyslog does not add syslog user and has different conf-structure
pyzor command discover was deprecated and is missing in the new
stretch package
dovecot does not know SSLv2 anymore. removed because of warnings in
log
iptables does not know imap3, IMAP working group chose imap2 in favor
of imap3
s. following commits aswell