[GF-Users] Postfix-tlspol 1.8.27
Peter
peter at pajamian.dhs.org
Mon Mar 16 19:16:25 MST 2026
The build is taking absolutely ages for el9 and 10. I'll let it run a
while longer but may have to chase it down later on and retry, I'll keep
you informed.
Peter
On 17/03/2026 06:34, Michael Webb wrote:
> Peter
>
> Thanks, yes it builds fine with %setup so will start using that going forward. Agree, no need to specify defaults.
>
> The %setup a0 was generated by the go2rpm package which is what I used as my starting point as I was so green. At the time it took a week just to fix everything that was broken, and did not want to break it again, so I left everything alone that seemed to be working.
>
> "%setup -q" implies "quiet extraction" that I saw from other examples, but agree cannot see any obvious difference in the build outputs, and perhaps it is better to be able to be able watch everything if it is not affecting build time.
>
> Mike
>
> -----Original Message-----
> From: users-bounces at lists.ghettoforge.net <users-bounces at lists.ghettoforge.net> On Behalf Of Peter
> Sent: Sunday, March 15, 2026 11:26 PM
> To: users at lists.ghettoforge.net
> Subject: Re: [GF-Users] Postfix-tlspol 1.8.27
>
> On 14/03/2026 12:03, Michael Webb wrote:
>> Hi Peter
>>
>> When convenient, please could you build updated rpms for Postfix-tlspol?
>
> Sure.
>
>> Postfix-tlspol has been updated a few times but I have held off asking
>> until now as the previous updates were to fix issues that did not
>> affect EL8/9/10. The most recent will update Golang to v1.26.1 for
>> security fixes see
>> https://github.com/Zuplu/postfix-tlspol/releases/tag/v1.8.27
>> <https://github.com/Zuplu/postfix-tlspol/releases/tag/v1.8.27>
>
> The fixes referenced are to fix vulnerabilities in 1.26.0 which are also fixed in version 1.25.7 so it is not necessary to change the golang version that we are using, and tbh I would rather not because it adds additional builddeps that would need to be downloaded for the build and violates my policy of not requiring external dependencies.
>
>> To force the build to use Golang 1.26.1 or later, we need to ensure
>> that line 44 in the SPEC file is set to “export GOTOOLCHAIN=auto” and
>> related lines commented and uncommented as indicated, but I think we
>> started doing it this way a few versions ago already. (When I tried
>> “local” the build seemed to still be using go1.25.7.)
>
> Just to expand on the above when checking CVEs I was able to find one listed vulnerability in 1.26.0 that is listed to also be fixed in 1.25.7 as well as seven vulnerabilities for 1.25.5 that are all fixed by 1.25.7. I don't think setting this to auto is necessary for the build.
> It is currently set to local.
>
>> No other changes are necessary, but FYI, I have also changed line 39
>> in my SPEC file because I felt that to specify the folder name was
>> more intuitive and easier to troubleshoot if the build fails:
>>
>> From: %setup a0
>>
>> To: %setup -q -n %{archivename}
>
> -n %{archivename} (actually %{name}-%{version} which is the same thing) is pretty much the default for -n so it's not necessary to specify it.
> I'm happy to add -q and I honestly don't know what the a0 did, I think it's just ignored and is not valid syntax for %setup, so I'll make it:
>
> %setup -q
>
>
> Peter
>
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users
More information about the users
mailing list