From 7f3e5a22e18e091e2eeabaa47a18a854788e7db8 Mon Sep 17 00:00:00 2001 From: Erik Wramner Date: Thu, 1 Aug 2019 09:58:22 +0200 Subject: [PATCH] Create checksums in start script, avoid race condition --- target/check-for-changes.sh | 26 ++++++++++++++------------ target/start-mailserver.sh | 26 ++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 12 deletions(-) diff --git a/target/check-for-changes.sh b/target/check-for-changes.sh index 2fbd9683..5a5ab494 100755 --- a/target/check-for-changes.sh +++ b/target/check-for-changes.sh @@ -2,15 +2,8 @@ # create date for log output log_date=$(date +"%Y-%m-%d %H:%M:%S ") -# Prevent a start too early -sleep 5 echo "${log_date} Start check-for-changes script." -# create checksum file outside mounted directory -# the checksum file should be reused on subsequent runs, -# but only by this container, not by others -CHKSUM_FILE=/tmp/docker-mailserver-config-chksum - # change directory cd /tmp/docker-mailserver @@ -18,7 +11,14 @@ cd /tmp/docker-mailserver if [ ! -f postfix-accounts.cf ]; then echo "${log_date} postfix-accounts.cf is missing! This should not run! Exit!" exit -fi +fi + +# Verify checksum file exists; must be prepared by start-mailserver.sh +CHKSUM_FILE=/tmp/docker-mailserver-config-chksum +if [ ! -f $CHKSUM_FILE ]; then + echo "${log_date} ${CHKSUM_FILE} is missing! Start script failed? Exit!" + exit +fi # Determine postmaster address, duplicated from start-mailserver.sh # This script previously didn't work when POSTMASTER_ADDRESS was empty @@ -30,15 +30,15 @@ fi PM_ADDRESS="${POSTMASTER_ADDRESS:=postmaster@${DOMAINNAME}}" echo "${log_date} Using postmaster address ${PM_ADDRESS}" -# create an array of files to monitor (perhaps simple *.cf would be ok here) +# Create an array of files to monitor, must be the same as in start-mailserver.sh declare -a cf_files=() for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf; do [ -f "$file" ] && cf_files+=("$file") done -# Update / generate after start -echo "${log_date} Makeing new checksum file." -sha512sum ${cf_files[@]/#/--tag } >$CHKSUM_FILE +# Wait to make sure server is up before we start +# Plus the files have just been generated, no hurry to process changes +sleep 20 # Run forever while true; do @@ -54,6 +54,8 @@ if [[ $chksum == *"FAIL"* ]]; then # Bug alert! This overwrites the alias set by start-mailserver.sh # Take care that changes in one script are propagated to the other + # Also note that changes are performed in place and are not atomic + # We should fix that and write to temporary files, stop, swap and start #regen postix aliases. echo "root: ${PM_ADDRESS}" > /etc/aliases diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 2ccc6566..e715b28b 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -49,6 +49,7 @@ DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}" ########################################################################## HOSTNAME="$(hostname -f)" DOMAINNAME="$(hostname -d)" +CHKSUM_FILE=/tmp/docker-mailserver-config-chksum ########################################################################## # << GLOBAL VARS ########################################################################## @@ -88,6 +89,7 @@ function register_functions() { ################### >> setup funcs _register_setup_function "_setup_default_vars" + _register_setup_function "_setup_chksum_file" if [ "$ENABLE_ELK_FORWARDER" = 1 ]; then _register_setup_function "_setup_elk_forwarder" @@ -439,6 +441,30 @@ function _setup_default_vars() { done } +function _setup_chksum_file() { + notify 'task' "Setting up configuration checksum file" + + + if [ -d /tmp/docker-mailserver ]; then + pushd /tmp/docker-mailserver + + declare -a cf_files=() + for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf; do + [ -f "$file" ] && cf_files+=("$file") + done + + notify 'inf' "Creating $CHKSUM_FILE" + sha512sum ${cf_files[@]/#/--tag } >$CHKSUM_FILE + + popd + else + # We could just skip the file, but perhaps config can be added later? + # If so it must be processed by the check for changes script + notify 'inf' "Creating empty $CHKSUM_FILE (no config)" + touch $CHKSUM_FILE + fi +} + function _setup_mailname() { notify 'task' 'Setting up Mailname'