[gentoo-user] Postfix config and update

2 views
Skip to first unread message

Wols Lists

unread,
Nov 27, 2022, 5:40:04 AM11/27/22
to
I've just had emerge telling me it wants to trash my postfix config :-)

I'm not sure whether my setup is actually using it, I use dovecot to
deliver my mail, but is there any way I can stop random updates trying
to trash my local changes? I'm rubbish at merging updates, and last time
I tried I think the result was a complete mess.

And I said I use dovecot to deliver mail - that takes a leaf out of the
systemd book and has a master config file pointing to a local config
file. Any updates to dovecot don't touch the local file, and don't touch
my local settings.

Can I do anything similar for postfix?

Cheers,
Wol

John Blinka

unread,
Nov 27, 2022, 8:30:04 AM11/27/22
to
I’m not a systemd user, so I don’t know precisely what systemd does. But my /etc/postfix/main.cf is a soft link to “main.cf.works”, which was an unoriginal name for an experimental config file that worked (as opposed to a series of trial configs that didn’t). The original main.cf is renamed main.cf.orig to keep it around as an unadulterated reference. Works for me and doesn’t get clobbered in updates.

If I change any config file I usually rename it with a .orig suffix, alter a copy of the original, and point to the altered copy with a soft link. The soft link has the standard config file name. The altered copy has a name different from anything expected by the installation. The soft link allows me to try a bunch of different configs as I’m tuning the application.

Haven’t lost any custom configurations doing this, it makes my own modifications abundantly clear, and it keeps an original around for when I make a mess of my customizations. A quick diff between the .orig file and any ._cfg files after an update shows me what’s changed in the update.

There are portage file merging tools for config updates, but I don’t use them often enough to use them properly. So I’ve reverted to this simple minded system. And backups!

HTH

John

Wol

unread,
Nov 27, 2022, 9:50:03 AM11/27/22
to
On 27/11/2022 13:21, John Blinka wrote:
> I’m not a systemd user, so I don’t know precisely what systemd does. But
> my /etc/postfix/main.cf <http://main.cf> is a soft link to
> “main.cf.works”, which was an unoriginal name for an experimental config
> file that worked (as opposed to a series of trial configs that didn’t).
> The original main.cf <http://main.cf> is renamed main.cf.orig to keep it
> around as an unadulterated reference. Works for me and doesn’t get
> clobbered in updates.

Systemd stores its *distro*supplied* config files in /usr.

It stores its user-supplied config files in /etc.

So when your distro updates systemd, it doesn't go anywhere near your
local changes.

Dovecot doesn't do it quite the same way, the default distro config
loads a "config.local" file if it exists. So when your distro updates
the master config, your local config is untouched.

Postfix afaik just has one humungous config file, so when your distro
updates the config, all your local changes are trashed :-(

I don't want to faff about with special copies, backups, origs etc.
Everything should "just work (tm)".

Cheers,
Wol

Mike Civil

unread,
Nov 27, 2022, 11:00:06 AM11/27/22
to
On 27/11/2022 14:50, Wol wrote:
> Postfix afaik just has one humungous config file, so when your distro
> updates the config, all your local changes are trashed :-(
>
> I don't want to faff about with special copies, backups, origs etc.
> Everything should "just work (tm)".

Except that portage doesn't overwrite stuff under /etc by default. It
saves the new config file and then tells you there's an update so you
can use etc-update or dispatch-conf to check/merge/abort the changes.
After all the new version of software may need a change to the old
config file.

If you've files that you want protected that aren't under /etc then add
the path to the CONFIG_PROTECT variable:-

https://wiki.gentoo.org/wiki/CONFIG_PROTECT/en

Wol

unread,
Nov 27, 2022, 5:20:04 PM11/27/22
to
On 27/11/2022 15:49, Mike Civil wrote:
> On 27/11/2022 14:50, Wol wrote:
>> Postfix afaik just has one humungous config file, so when your distro
>> updates the config, all your local changes are trashed :-(
>>
>> I don't want to faff about with special copies, backups, origs etc.
>> Everything should "just work (tm)".
>
> Except that portage doesn't overwrite stuff under /etc by default. It
> saves the new config file and then tells you there's an update so you
> can use etc-update or dispatch-conf to check/merge/abort the changes.
> After all the new version of software may need a change to the old
> config file.
>
It's not portage I'm worried about, it's me!

Systemd DOES NOT PUT YOUR LOCAL CONFIG IN DANGER.

Dovecot DOES NOT PUT YOUR LOCAL CONFIG IN DANGER (if you do it properly).

EVERY SINGLE POSTFIX UPDATE PUTS YOUR CONFIG IN DANGER.

Of course, if you're Mr Perfect you won't have a problem. Why can't
postfix *protect* me, like systemd or dovecot do?

NB - The Linux Filesystem Hierarchy (such as it is now) says that the
distro should not be writing to /etc ! Default system state belongs in
/usr, live system state belongs in /etc, and if the distro updates /etc
it is basically corrupting system state. Which may or may not be
acceptable - and here it isn't.

Cheers,
Wol

John Blinka

unread,
Nov 27, 2022, 5:30:05 PM11/27/22
to
On Sun, Nov 27, 2022 at 9:42 AM Wol <antl...@youngman.org.uk> wrote:
On 27/11/2022 13:21, John Blinka wrote:

Systemd stores its *distro*supplied* config files in /usr.

It stores its user-supplied config files in /etc.

So when your distro updates systemd, it doesn't go anywhere near your
local changes.

Dovecot doesn't do it quite the same way, the default distro config
loads a "config.local" file if it exists. So when your distro updates
the master config, your local config is untouched.

Postfix afaik just has one humungous config file, so when your distro
updates the config, all your local changes are trashed :-(

If your goal is to update postfix without clobbering your artfully crafted config file, then that’s what portage has been doing for me quite reliably for the past 20-30 years. No effort required to protect anything in /etc from updates. A new humongous postfix config file gets installed in /etc/postfix/._cfg<whatever> and your custom config file remains untouched. It just works (tm). But you know that. I’m thinking I don’t at all understand your issue.



I don't want to faff about with special copies, backups, origs etc.
Everything should "just work (tm)".

Fair enough! Not expecting that my faffing about would appeal to anyone but me. ;)

John

Neil Bothwick

unread,
Nov 28, 2022, 6:20:03 PM11/28/22
to
On Sun, 27 Nov 2022 22:12:21 +0000, Wol wrote:

> >> Postfix afaik just has one humungous config file, so when your
> >> distro updates the config, all your local changes are trashed :-(
> >>
> >> I don't want to faff about with special copies, backups, origs etc.
> >> Everything should "just work (tm)".
> >
> > Except that portage doesn't overwrite stuff under /etc by default. It
> > saves the new config file and then tells you there's an update so you
> > can use etc-update or dispatch-conf to check/merge/abort the changes.
> > After all the new version of software may need a change to the old
> > config file.
> >
> It's not portage I'm worried about, it's me!
>
> Systemd DOES NOT PUT YOUR LOCAL CONFIG IN DANGER.
>
> Dovecot DOES NOT PUT YOUR LOCAL CONFIG IN DANGER (if you do it
> properly).
>
> EVERY SINGLE POSTFIX UPDATE PUTS YOUR CONFIG IN DANGER.

Only if you run your chosen config manager without paying attention, but
Gentoo is particularly good at punishing those who do not pay attention.

> Of course, if you're Mr Perfect you won't have a problem. Why can't
> postfix *protect* me, like systemd or dovecot do?

Many, many programs have and option to include a local config file:
dnsmasq, Xorg, motion and rkhunter are the first to spring to mind right
now. Your problem is not with Gentoo, it does a good job of mitigating
the risk, it is with Postfix. Why not file a bug with them asking for an
"include otherfile.cf" option. Or, even better, and includedir option.


--
Neil Bothwick

Multitasking: Reading in the bathroom.
Reply all
Reply to author
Forward
0 new messages