Skip to content

Update postfixadmin 3.3.4, update alpine:3.13 and php8 #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SaraSmiseth merged 13 commits into from
Jan 24, 2021
Merged

Update postfixadmin 3.3.4, update alpine:3.13 and php8 #9

SaraSmiseth merged 13 commits into from
Jan 24, 2021

Conversation

@SaraSmiseth
Copy link
Member

@SaraSmiseth SaraSmiseth commented Jan 13, 2021
edited
Loading

I have pushed a image build with these changes to my docker hub.

This is what I did so far.

I got the following error after using this updated image:

ERROR: The PostfixAdmin database layout is outdated (you have r1840, but r1843 is expected). Please run setup.php to upgrade the database.

To update I executed the following command.

docker exec -ti docker_postfixadmin_1 php postfixadmin/public/upgrade.php

Now the login page loads fine. But after logging in I get this error:

postfixadmin_1  | [Wed Jan 13 15:37:04 2021] Failed to read password from /usr/bin/doveadm pw ... stderr: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 16: ssl_key: Can't open file /etc/ssl/dovecot/server.key: Permission denied
postfixadmin_1  | , password:  
postfixadmin_1  | [Wed Jan 13 15:37:04 2021] PHP Fatal error:  Uncaught Exception: /usr/bin/doveadm pw failed, see error log for details in /postfixadmin/functions.inc.php:1056
postfixadmin_1  | Stack trace:
postfixadmin_1  | #0 /postfixadmin/functions.inc.php(1271): _pacrypt_dovecot('xnrM6g6gfVp8Aox...', '{SHA512-CRYPT}$...')
postfixadmin_1  | #1 /postfixadmin/model/Login.php(32): pacrypt('xnrM6g6gfVp8Aox...', '{SHA512-CRYPT}$...')
postfixadmin_1  | #2 /postfixadmin/public/login.php(63): Login->login('postfixadmin@m0...', 'xnrM6g6gfVp8Aox...')
postfixadmin_1  | #3 {main}
postfixadmin_1  |   thrown in /postfixadmin/functions.inc.php on line 1056
postfixadmin_1  | [Wed Jan 13 15:37:04 2021] 172.18.0.2:53756 [500]: /login.php - Uncaught Exception: /usr/bin/doveadm pw failed, see error log for details in /postfixadmin/functions.inc.php:1056
postfixadmin_1  | Stack trace:
postfixadmin_1  | #0 /postfixadmin/functions.inc.php(1271): _pacrypt_dovecot('xnrM6g6gfVp8Aox...', '{SHA512-CRYPT}$...')
postfixadmin_1  | #1 /postfixadmin/model/Login.php(32): pacrypt('xnrM6g6gfVp8Aox...', '{SHA512-CRYPT}$...')
postfixadmin_1  | #2 /postfixadmin/public/login.php(63): Login->login('postfixadmin@m0...', 'xnrM6g6gfVp8Aox...')
postfixadmin_1  | #3 {main}
postfixadmin_1  |   thrown in /postfixadmin/functions.inc.php on line 1056

It seems like the problem is caused by a newer dovecot version which was released in the meantime. This new version (/usr/bin/doveadm pw) tries to read /etc/ssl/dovecot/server.key but it has no permissions to do so.

/usr/bin/doveadm pw is used for the hashing of the password

Workaround, but not really the real fix is this:

docker exec -ti docker_postfixadmin_1 chmod 777 /etc/ssl/dovecot/server.key

After running this I was able to login.

@SaraSmiseth
Copy link
Member Author

SaraSmiseth commented Jan 15, 2021

I Updated postfixadmin to 3.3.3, updated the base image to alpine:3.13 and php to 8.

As a temporary workaround I changed server.key's permission in the Dockerfile with chmod 644 /etc/ssl/dovecot/server.key. This should be fine. server.key is not used and a selfsigned example certificate that gets created when dovecot is installed. dovecot is only installed and used in this image to generate the hash for logging in. See also postfixadmin/postfixadmin#398.

@SaraSmiseth SaraSmiseth changed the title Update postfixadmin 3.3.2 Update postfixadmin 3.3.3, update alpine:3.13 and php8 Jan 15, 2021
@SaraSmiseth SaraSmiseth marked this pull request as ready for review January 15, 2021 07:37
@sknight80
Copy link
Collaborator

sknight80 commented Jan 15, 2021

@SaraSmiseth, do you think we could add the upgrade step to the startup script? So our user should not perform the additional upgrade process. What do you think?

@AndrewSav
Copy link
Collaborator

AndrewSav commented Jan 15, 2021
edited
Loading

@SaraSmiseth you said, temporary, what is a more permanent solution? If the key is not used, may be it can be just simply deleted?

@SaraSmiseth
Copy link
Member Author

SaraSmiseth commented Jan 16, 2021

@SaraSmiseth, do you think we could add the upgrade step to the startup script? So our user should not perform the additional upgrade process. What do you think?

Great idea. I'll test that and report back.

@SaraSmiseth you said, temporary, what is a more permanent solution? If the key is not used, may be it can be just simply deleted?

I hope that dovecot fixes that problem and we can simply remove the new line for changing the permissions. doveadm pw would still try to read the key if we delete it. Maybe changing the dovecot config would work.

@SaraSmiseth SaraSmiseth changed the title Update postfixadmin 3.3.3, update alpine:3.13 and php8 Update postfixadmin 3.3.4, update alpine:3.13 and php8 Jan 20, 2021
@SaraSmiseth
Copy link
Member Author

SaraSmiseth commented Jan 20, 2021

  • upgrade.php will be run on startup
  • Updated postfixadmin to 3.3.4.
  • Update HASH length check. The HASH generated by setup.php is now 60 characters long.

sknight80
sknight80 reviewed Jan 20, 2021
View reviewed changes
bin/setup
# 32 1 40
# Exemple : ffdeb741c58db80d060ddb170af4623a:54e0ac9a55d69c5e53d214c7ad7f1e3df40a3caa
while [ ${#HASH} -ne 73 ]; do
while [ ${#HASH} -ne 60 ]; do
Copy link
Collaborator

@sknight80 sknight80 Jan 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm okay with the changes here, but do we need to update the example above?

Copy link
Member Author

@SaraSmiseth SaraSmiseth Jan 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment updated

sknight80
sknight80 approved these changes Jan 21, 2021
View reviewed changes
Copy link
Collaborator

@sknight80 sknight80 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Besides my comment, I am okay with the PR.

sknight80
sknight80 approved these changes Jan 21, 2021
View reviewed changes
Copy link
Collaborator

@sknight80 sknight80 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@AndrewSav
Copy link
Collaborator

AndrewSav commented Jan 21, 2021

Sorry, guys, flat out.

@SaraSmiseth SaraSmiseth merged commit ec0f9e7 into mailserver2:master Jan 24, 2021
@SaraSmiseth SaraSmiseth deleted the update_postfixadmin branch January 24, 2021 07:03
@SaraSmiseth SaraSmiseth mentioned this pull request Jan 24, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sknight80 sknight80 sknight80 approved these changes

@AndrewSav AndrewSav Awaiting requested review from AndrewSav

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SaraSmiseth @sknight80 @AndrewSav