Upt: Add postfix-pcre, add additional checks for sanity and mount /tmp to emptydir

2024-09-20 06:46:10 +08:00 · 2024-02-25 09:12:02 +01:00 · 2024-02-25 09:12:02 +01:00 · 025cb58d0e
parent 5ea8c32ffa
commit 025cb58d0e
5 changed files with 41 additions and 9 deletions
--- a/build-scripts/postfix-install.sh
+++ b/build-scripts/postfix-install.sh
@ -8,7 +8,7 @@ fi
 do_alpine() {
    apk update
    apk add --upgrade cyrus-sasl cyrus-sasl-static cyrus-sasl-digestmd5 cyrus-sasl-crammd5 cyrus-sasl-login cyrus-sasl-ntlm libsasl
-    apk add postfix
+    apk add postfix postfix-pcre
    apk add opendkim
    apk add --upgrade ca-certificates tzdata supervisor rsyslog musl musl-utils bash opendkim-utils libcurl jsoncpp lmdb logrotate netcat-openbsd
 }
@ -23,7 +23,7 @@ do_ubuntu() {
    echo "Europe/Berlin" > /etc/timezone
    apt-get update -y -q
    apt-get install -y libsasl2-modules sasl2-bin
-    apt-get install -y postfix
+    apt-get install -y postfix postfix-pcre
    apt-get install -y opendkim
    apt-get install -y ca-certificates tzdata supervisor rsyslog bash opendkim-tools curl libcurl4 libjsoncpp25 sasl2-bin postfix-lmdb procps logrotate cron net-tools ${RELEASE_SPECIFIC_PACKAGES}
    apt-get clean
--- a/helm/mail/templates/statefulset.yaml
+++ b/helm/mail/templates/statefulset.yaml
@ -153,6 +153,9 @@ spec:
            - "--postfix.showq_path"
            - {{ print "/var/spool/postfix/public/showq" | quote }}
          volumeMounts:
+            - name: tmp
+              mountPath: /tmp
+              name: tmp
            - name: {{ $fullName | quote }}
              mountPath: /var/spool/postfix
              subPath: spool
@ -184,7 +187,9 @@ spec:
      dnsConfig: {{- toYaml (omit .Values.dns "policy") | nindent 8 }}
      {{- end }}
      volumes:
-            {{- if .Values.certs.create }}
+        - name: tmp
+          emptyDir: {}
+        {{- if .Values.certs.create }}
        - name: certs-init
          configMap:
            name: {{ $fullName }}
--- a/scripts/common-run.sh
+++ b/scripts/common-run.sh
@ -14,7 +14,7 @@ announce_startup() (

 setup_timezone() {
 	if [[ ! -z "$TZ" ]]; then
-		TZ_FILE="/usr/share/zoneinfo/$TZ"
+		TZ_FILE="$(zone_info_dir)/$TZ"
 		if [ -f "$TZ_FILE" ]; then
 			notice "Setting container timezone to: ${emphasis}$TZ${reset}"
 			ln -snf "$TZ_FILE" /etc/localtime
@ -27,6 +27,17 @@ setup_timezone() {
 	fi
 }

+check_environment_sane() (
+	if touch /tmp/test; then
+		debug "/tmp writable."
+		rm /tmp/test
+	else
+		error "Could not write to /tmp. Please mount it to an empty dir if the image is read-only."
+		exit
+	fi
+
+)
+
 rsyslog_log_format() {
 	local log_format="${LOG_FORMAT}"
 	if [[ -z "${log_format}" ]]; then
@ -127,15 +138,22 @@ postfix_enable_chroot() {
 	if [[ -z "${POSTFIXD_ETC}" ]]; then
 		POSTFIXD_ETC="${POSTFIXD_DIR}/etc"
 	fi
+
+	local zoneinfo="$(zone_info_dir)"
 	if [[ -z "${POSTFIX_ZIF}" ]]; then
-		POSTFIXD_ZIF="${POSTFIXD_DIR}/usr/lib/zoneinfo"
+		POSTFIXD_ZIF="${POSTFIXD_DIR}${zoneinfo}"
 	fi
 	(
 		umask 022
-		[[ -d "$POSTFIXD_DIR" ]]    && mkdir -pv                  $POSTFIXD_DIR  || true
-		[[ -d "$POSTFIXD_ETC" ]]    && mkdir -pv                  $POSTFIXD_ETC  || true
-		[[ -d "$POSTFIXD_ZIF" ]]    && mkdir -pv                  $POSTFIXD_ZIF  || true
-		[[ -e /etc/localtime ]]     && ln -fsv /etc/localtime     $POSTFIXD_ZIF/ || true
+		[[ ! -d "$POSTFIXD_ZIF" ]]  && mkdir -pv                  $POSTFIXD_ZIF  || true
+		[[ ! -d "$POSTFIXD_DIR" ]]  && mkdir -pv                  $POSTFIXD_DIR  || true
+		[[ ! -d "$POSTFIXD_ETC" ]]  && mkdir -pv                  $POSTFIXD_ETC  || true
+		if [[ -h /etc/localtime ]]; then
+			# Assume it links to ZoneInfo or something that is accessible from chroot
+			echo "Copying ${zoneinfo} -> ${POSTFIXD_ZIF}"
+			cp -fPpr ${zoneinfo}/* ${POSTFIXD_ZIF}/
+			cp -fPpv /etc/localtime "$POSTFIXD_ETC/"
+		fi
 		[[ -e /etc/localtime ]]     && cp -fpv /etc/localtime     $POSTFIXD_ETC  || true
 		[[ -e /etc/nsswitch.conf ]] && cp -fpv /etc/nsswitch.conf $POSTFIXD_ETC  || true
 		[[ -e /etc/resolv.conf ]]   && cp -fpv /etc/resolv.conf   $POSTFIXD_ETC  || true
--- a/scripts/common.sh
+++ b/scripts/common.sh
@ -219,4 +219,12 @@ file_env() {
 	unset "$fileVar"
 }

+# Return the directory where zone info is stored. Will return empy string if zoneinfo not found
+zone_info_dir() {
+	[[ -d /usr/share/zoneinfo ]] && printf "/usr/share/zoneinfo" && return
+	[[ -d /var/db/timezone/zoneinfo ]] && printf "/var/db/timezone/zoneinfo" && return
+	[[ -d /usr/lib/zoneinfo ]] && printf "/usr/lib/zoneinfo" && return
+	return
+}
+
 export reset green yellow orange orange_emphasis lightblue red gray emphasis underline
--- a/scripts/run.sh
+++ b/scripts/run.sh
@ -7,6 +7,7 @@ chmod +x /scripts/*.sh

 announce_startup                        # Print startup banner
 setup_timezone                          # Check if we need to configure the container timezone
+check_environment_sane                  # Check if the the environment is sane
 rsyslog_log_format                      # Setup rsyslog output format
 anon_email_log                          # Setup email anonymizer
 setup_conf                              # Copy over files from /etc/postfix.template to /etc/postfix, if the user mounted the folder manually