Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opensmtpd: 6.0.3p1 -> 6.4.0 #48901

Merged
merged 1 commit into from Oct 28, 2018
Merged

opensmtpd: 6.0.3p1 -> 6.4.0 #48901

merged 1 commit into from Oct 28, 2018

Conversation

Ekleog
Copy link
Member

@Ekleog Ekleog commented Oct 23, 2018
edited

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@Ekleog
Copy link
Member Author

Ekleog commented Oct 24, 2018

Note to self: OpenSMTPD will likely drop compatibility with OpenSSL for 6.4.0 release, so will need switch to LibreSSL and removal of the CERT part of the patch.

@Ekleog Ekleog changed the title [WIP] opensmtpd: 6.0.3p1 -> 6.4.0 opensmtpd: 6.0.3p1 -> 6.4.0 Oct 27, 2018
@Ekleog
Copy link
Member Author

Ekleog commented Oct 27, 2018
edited

@rickynils @obadz This PR is now ready, as OpenSMTPD 6.4.0p1 has been released

@GrahamcOfBorg test opensmtpd

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: tests.opensmtpd

Partial log (click to expand)

smtp1: running command: sync
smtp1: exit status 0
test script finished in 39.45s
cleaning up
killing client (pid 597)
killing smtp2 (pid 609)
killing smtp1 (pid 621)
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty
/nix/store/7mykdn5rm7ymhgfmlrrlxvb52bpy02ag-vm-test-run-opensmtpd

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: tests.opensmtpd

Partial log (click to expand)

/nix/store/7mykdn5rm7ymhgfmlrrlxvb52bpy02ag-vm-test-run-opensmtpd

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: tests.opensmtpd

Partial log (click to expand)

/nix/store/7mykdn5rm7ymhgfmlrrlxvb52bpy02ag-vm-test-run-opensmtpd

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: opensmtpd

Partial log (click to expand)

/nix/store/3bv0id3xags47ayczfy1rwc6aq4bfji0-opensmtpd-6.4.0p1

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: opensmtpd

Partial log (click to expand)

/nix/store/7gj4a8m6zm6rg4x149vq73bzijpd8nza-opensmtpd-6.4.0p1

@GrahamcOfBorg
Copy link

Unexpected error: command failed with exit code 1 on aarch64-linux (full log)

Attempted: tests.opensmtpd

Partial log (click to expand)

cannot build derivation '/nix/store/qzw3h16v2226wyc8sshfnqchqvbxzphm-closure-info.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/96ycpgg2f0h8ajcpvl4v4s17xpkikad8-run-nixos-vm.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/a8mqd90x4v1zy1rd2c97wmcm803nwjwm-run-nixos-vm.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/y4vp3xqip36sp3n9ni8h5fxvgg24knq5-run-nixos-vm.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/2lwh1lc791l2a666cgfyibp69p41lnlh-nixos-vm.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/5vkcdvqij0vq0akrkbgiygjnzz2bzdxw-nixos-vm.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/q4mqyq89r7wllq7shylf7s4b9219dhsh-nixos-vm.drv': 2 dependencies couldn't be built
cannot build derivation '/nix/store/rbamj529pi5n12l150nnqg38hb6ls7dk-nixos-test-driver-opensmtpd.drv': 3 dependencies couldn't be built
cannot build derivation '/nix/store/igjajhaymxg52vkjdzna1szpwrhdrwpl-vm-test-run-opensmtpd.drv': 1 dependencies couldn't be built
error: build of '/nix/store/igjajhaymxg52vkjdzna1szpwrhdrwpl-vm-test-run-opensmtpd.drv' failed

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: tests.opensmtpd

Partial log (click to expand)

smtp2: running command: sync
smtp2: exit status 0
test script finished in 56.38s
cleaning up
killing client (pid 631)
killing smtp1 (pid 643)
killing smtp2 (pid 657)
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty
/nix/store/6d6vy9xf3pc3s7zkwznrgs0w968m48hr-vm-test-run-opensmtpd

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: tests.opensmtpd

Partial log (click to expand)

cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
strip is /nix/store/p9akxn2sfy4wkhqdqa3li97pc6jaz3r1-binutils-2.30/bin/strip
building '/nix/store/kkxl2w04vgxnidszl9a5w2abyljgilxk-unit-qemu-guest-agent.service.drv'...
building '/nix/store/nxkjac8binsadds4wlfzbdryw38bx85r-unit-dbus.service.drv'...
/nix/store/6d6vy9xf3pc3s7zkwznrgs0w968m48hr-vm-test-run-opensmtpd

@Ekleog Ekleog mentioned this pull request Oct 27, 2018
Merged
9 tasks
@obadz
Copy link
Contributor

obadz commented Oct 27, 2018

Looks solid to me.

Hopefully there are no security fixes in this release as we'd rather not backport to stable given the backward compat loss?

@Ekleog
Copy link
Member Author

Ekleog commented Oct 27, 2018 via email

@obadz obadz merged commit 07db5f1 into NixOS:master Oct 28, 2018
@Ekleog Ekleog deleted the opensmtpd-6.4.0 branch October 28, 2018 13:34
@Ekleog
Copy link
Member Author

Ekleog commented Oct 28, 2018

Thank you! :)

@obadz
Copy link
Contributor

obadz commented Oct 28, 2018

No, thank you!

@Izorkin
Copy link
Contributor

Izorkin commented Nov 5, 2018

This package error worked with pki certificates

pki mail.example.com cert "/etc/ssl/private/mail.example.com.crt"
pki mail.example.com key "/etc/ssl/private/mail.example.com.key"
ca mail.example.com cert "/etc/ssl/certs/ca-bundle.crt"

listen on 0.0.0.0 tls pki mail.example.com ca mail.example.com

action "local" mbox
match from local for local action "local"

error -

smtpd -d -f /etc/smtpd.conf -v

debug: init ssl-tree
info: loading pki information for mail.example.com
debug: init ca-tree
info: loading CA information for mail.example.com
debug: init ssl-tree
info: loading pki keys for mail.example.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
info: OpenSMTPD 6.4.0p1 starting
debug: init ssl-tree
info: loading pki information for mail.example.com
debug: init ca-tree
info: loading CA information for mail.example.com
debug: init ssl-tree
info: loading pki keys for mail.example.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: klondike -> control[1635] fd=4
setup_peer: klondike -> pony express[1637] fd=5
setup_done: ca[1634] done
debug: init ssl-tree
setup_proc: klondike done
info: loading pki information for mail.example.com
debug: init ca-tree
info: loading CA information for mail.example.com
debug: init ssl-tree
info: loading pki keys for mail.example.com
debug: using "fs" queue backend
debug: init ssl-tree
info: loading pki information for mail.example.com
debug: init ca-tree
info: loading CA information for mail.example.com
debug: init ssl-tree
info: loading pki keys for mail.example.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: pony express -> control[1635] fd=4
setup_peer: pony express -> klondike[1634] fd=5
setup_peer: pony express -> lookup[1636] fd=6
setup_peer: pony express -> queue[1638] fd=7
debug: init ssl-tree
info: loading pki information for mail.example.com
debug: init ca-tree
info: loading CA information for mail.example.com
debug: init ssl-tree
info: loading pki keys for mail.example.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: scheduler -> control[1635] fd=4
setup_peer: scheduler -> queue[1638] fd=5
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: control -> klondike[1634] fd=4
setup_peer: control -> lookup[1636] fd=5
setup_peer: control -> pony express[1637] fd=6
setup_peer: control -> queue[1638] fd=7
setup_peer: control -> scheduler[1639] fd=8
setup_done: control[1635] done
setup_proc: control done
debug: init ssl-tree
info: loading pki information for mail.example.com
debug: init ca-tree
info: loading CA information for mail.example.com
debug: init ssl-tree
info: loading pki keys for mail.example.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: queue -> control[1635] fd=4
setup_peer: queue -> pony express[1637] fd=5
setup_peer: queue -> lookup[1636] fd=6
setup_peer: queue -> scheduler[1639] fd=7
debug: init ssl-tree
info: loading pki information for mail.example.com
debug: init ca-tree
info: loading CA information for mail.example.com
debug: init ssl-tree
info: loading pki keys for mail.example.com
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
setup_peer: lookup -> control[1635] fd=4
setup_peer: lookup -> pony express[1637] fd=5
setup_peer: lookup -> queue[1638] fd=6
setup_done: lka[1636] done
setup_proc: lookup done
setup_proc: pony express done
setup_done: pony[1637] done
debug: ca_engine_init: using RSA privsep engine
setup_done: queue[1638] done
setup_done: scheduler[1639] done
smtpd: setup done
debug: parent_send_config_ruleset: reloading
debug: parent_send_config: configuring pony process
debug: parent_send_config: configuring ca process
debug: init private ssl-tree
debug: parent -> ca: pipe closed
smtpd: process ca socket closed
debug: smtp: listen on 0.0.0.0 port 25 flags 0x401 pki "mail.example.com" ca "mail.example.com"
debug: pony: rsae_init
setup_proc: scheduler done
debug: bounce warning after 4h
debug: control -> klondike: pipe closed
debug: control agent exiting
debug: scheduler -> control: pipe closed
debug: scheduler agent exiting
setup_proc: queue done
debug: lka -> parent: pipe closed
debug: lookup agent exiting
debug: queue -> parent: pipe closed
debug: queue agent exiting

@Ekleog @obadz

@Ekleog
Copy link
Member Author

Ekleog commented Nov 5, 2018

@Izorkin A few questions:

  • Do you have this problem without PKI?
  • Do I guess correctly that the server just exits after this log?
  • Does it have a particular exit status, or is it returning 0? (echo $?)
  • Could you add timing information, eg. with haskellPackages.timestamper? (disclaimer: never tried it) This “bounce warning after 4h” makes me wonder if it's all happening at startup or some time after
  • Are you sure your network is up before OpenSMTPD starts running and available to it? I seem to remember having seen errors like this (ie. server exiting with no readable error) with 6.0.3p1 when my configuration had a race condition and sometimes OpenSMTPD started before the network (I was listening on a VPN interface), leading to a similar exit-without-error. Maybe some optimization done on OpenSMTPD is triggering a similar race condition in your code, or OpenSMTPD is for some reason unable to open its listening socket?

@Izorkin
Copy link
Contributor

Izorkin commented Nov 5, 2018

I run manually with the configuration in /etc/smtpd.conf. If I delete lines with pki - opensmtp worked.

@Izorkin
Copy link
Contributor

Izorkin commented Nov 5, 2018

Porcess exit with status 1 and message - smtpd: process ca socket closed

@Ekleog
Copy link
Member Author

Ekleog commented Nov 5, 2018

@Izorkin In addition to the timestamping and checks about network availability, can you check your journalctl to see if there is a segfault being logged, and if so paste it here?

@Izorkin
Copy link
Contributor

Izorkin commented Nov 5, 2018

journalctl:

ноя 05 15:22:57 NixOS-MTA systemd[1]: Starting opensmtpd.service...
ноя 05 15:22:57 NixOS-MTA systemd[1]: Started opensmtpd.service.
ноя 05 15:22:57 NixOS-MTA smtpd[5451]: info: OpenSMTPD 6.4.0p1 starting
ноя 05 15:22:57 NixOS-MTA smtpd[5451]: smtpd: process ca socket closed
ноя 05 15:22:57 NixOS-MTA systemd[1]: opensmtpd.service: Main process exited, code=exited, status=1/FAILURE
ноя 05 15:22:57 NixOS-MTA systemd[1]: opensmtpd.service: Failed with result 'exit-code'.

This was referenced Nov 5, 2018
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: nixos 8.has: changelog 8.has: documentation 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Ekleog @GrahamcOfBorg @obadz @Izorkin