Upt: Add postfix-pcre, add additional checks for sanity and mount /tmp to emptydir

build-scripts/postfix-install.sh

@@ -8,7 +8,7 @@ fi
 do_alpine() {
     apk update
     apk add --upgrade cyrus-sasl cyrus-sasl-static cyrus-sasl-digestmd5 cyrus-sasl-crammd5 cyrus-sasl-login cyrus-sasl-ntlm libsasl
-    apk add postfix
+    apk add postfix postfix-pcre
     apk add opendkim
     apk add --upgrade ca-certificates tzdata supervisor rsyslog musl musl-utils bash opendkim-utils libcurl jsoncpp lmdb logrotate netcat-openbsd
 }
@@ -23,7 +23,7 @@ do_ubuntu() {
     echo "Europe/Berlin" > /etc/timezone
     apt-get update -y -q
     apt-get install -y libsasl2-modules sasl2-bin
-    apt-get install -y postfix
+    apt-get install -y postfix postfix-pcre
     apt-get install -y opendkim
     apt-get install -y ca-certificates tzdata supervisor rsyslog bash opendkim-tools curl libcurl4 libjsoncpp25 sasl2-bin postfix-lmdb procps logrotate cron net-tools ${RELEASE_SPECIFIC_PACKAGES}
     apt-get clean

helm/mail/templates/statefulset.yaml

@@ -153,6 +153,9 @@ spec:
             - "--postfix.showq_path"
             - {{ print "/var/spool/postfix/public/showq" | quote }}
           volumeMounts:
+            - name: tmp
+              mountPath: /tmp
+              name: tmp
             - name: {{ $fullName | quote }}
               mountPath: /var/spool/postfix
               subPath: spool
@@ -184,7 +187,9 @@ spec:
       dnsConfig: {{- toYaml (omit .Values.dns "policy") | nindent 8 }}
       {{- end }}
       volumes:
-            {{- if .Values.certs.create }}
+        - name: tmp
+          emptyDir: {}
+        {{- if .Values.certs.create }}
         - name: certs-init
           configMap:
             name: {{ $fullName }}

scripts/common-run.sh

@@ -14,7 +14,7 @@ announce_startup() (
 
 setup_timezone() {
 	if [[ ! -z "$TZ" ]]; then
-		TZ_FILE="/usr/share/zoneinfo/$TZ"
+		TZ_FILE="$(zone_info_dir)/$TZ"
 		if [ -f "$TZ_FILE" ]; then
 			notice "Setting container timezone to: ${emphasis}$TZ${reset}"
 			ln -snf "$TZ_FILE" /etc/localtime
@@ -27,6 +27,17 @@ setup_timezone() {
 	fi
 }
 
+check_environment_sane() (
+	if touch /tmp/test; then
+		debug "/tmp writable."
+		rm /tmp/test
+	else
+		error "Could not write to /tmp. Please mount it to an empty dir if the image is read-only."
+		exit
+	fi
+
+)
+
 rsyslog_log_format() {
 	local log_format="${LOG_FORMAT}"
 	if [[ -z "${log_format}" ]]; then
@@ -127,15 +138,22 @@ postfix_enable_chroot() {
 	if [[ -z "${POSTFIXD_ETC}" ]]; then
 		POSTFIXD_ETC="${POSTFIXD_DIR}/etc"
 	fi
+
+	local zoneinfo="$(zone_info_dir)"
 	if [[ -z "${POSTFIX_ZIF}" ]]; then
-		POSTFIXD_ZIF="${POSTFIXD_DIR}/usr/lib/zoneinfo"
+		POSTFIXD_ZIF="${POSTFIXD_DIR}${zoneinfo}"
 	fi
 	(
 		umask 022
-		[[ -d "$POSTFIXD_DIR" ]]    && mkdir -pv                  $POSTFIXD_DIR  || true
+		[[ ! -d "$POSTFIXD_ZIF" ]]  && mkdir -pv                  $POSTFIXD_ZIF  || true
-		[[ -d "$POSTFIXD_ETC" ]]    && mkdir -pv                  $POSTFIXD_ETC  || true
+		[[ ! -d "$POSTFIXD_DIR" ]]  && mkdir -pv                  $POSTFIXD_DIR  || true
-		[[ -d "$POSTFIXD_ZIF" ]]    && mkdir -pv                  $POSTFIXD_ZIF  || true
+		[[ ! -d "$POSTFIXD_ETC" ]]  && mkdir -pv                  $POSTFIXD_ETC  || true
-		[[ -e /etc/localtime ]]     && ln -fsv /etc/localtime     $POSTFIXD_ZIF/ || true
+		if [[ -h /etc/localtime ]]; then
+			# Assume it links to ZoneInfo or something that is accessible from chroot
+			echo "Copying ${zoneinfo} -> ${POSTFIXD_ZIF}"
+			cp -fPpr ${zoneinfo}/* ${POSTFIXD_ZIF}/
+			cp -fPpv /etc/localtime "$POSTFIXD_ETC/"
+		fi
 		[[ -e /etc/localtime ]]     && cp -fpv /etc/localtime     $POSTFIXD_ETC  || true
 		[[ -e /etc/nsswitch.conf ]] && cp -fpv /etc/nsswitch.conf $POSTFIXD_ETC  || true
 		[[ -e /etc/resolv.conf ]]   && cp -fpv /etc/resolv.conf   $POSTFIXD_ETC  || true

scripts/common.sh

@@ -219,4 +219,12 @@ file_env() {
 	unset "$fileVar"
 }
 
+# Return the directory where zone info is stored. Will return empy string if zoneinfo not found
+zone_info_dir() {
+	[[ -d /usr/share/zoneinfo ]] && printf "/usr/share/zoneinfo" && return
+	[[ -d /var/db/timezone/zoneinfo ]] && printf "/var/db/timezone/zoneinfo" && return
+	[[ -d /usr/lib/zoneinfo ]] && printf "/usr/lib/zoneinfo" && return
+	return
+}
+
 export reset green yellow orange orange_emphasis lightblue red gray emphasis underline

scripts/run.sh

@@ -7,6 +7,7 @@ chmod +x /scripts/*.sh
 
 announce_startup                        # Print startup banner
 setup_timezone                          # Check if we need to configure the container timezone
+check_environment_sane                  # Check if the the environment is sane
 rsyslog_log_format                      # Setup rsyslog output format
 anon_email_log                          # Setup email anonymizer
 setup_conf                              # Copy over files from /etc/postfix.template to /etc/postfix, if the user mounted the folder manually