[GF-Users] Postfix-tlspol 1.8.27

Michael Webb michael.webb at integrilog.com
Wed Mar 18 08:23:27 MST 2026 

Hi Peter

Thanks. No worries. If it helps, the builds each take about 90sec each on a Rocky 10 vm with four cores (Xeon Silver 4214 processors, 4GB memory), using the spec (with line 39 changed to %setup as agreed) and source files at the link below. I seem to remember your spec may have contained some logic mine does not have. I was also able to build for EL8 with the same spec file, but I am not set up to test the rpm. My build commands are

wget https://github.com/Zuplu/postfix-tlspol/archive/refs/tags/v1.8.27.tar.gz -O /root/rpmbuild/SOURCES/postfix-tlspol-1.8.27.tar.gz
rpmbuild -bs /root/rpmbuild/SPECS/postfix-tlspol-1.8.27-0.spec (for the benefit of others, this is to create the src.rpm file at ../SRPMS/ from the tar.gz at ../SOURCES/ - the spec file contains the build macros)
mock -r rocky+epel-9-x86_64 --rebuild /root/rpmbuild/SRPMS/postfix-tlspol-1.8.27-0.el10.src.rpm --enable-network --no-cleanup
mock -r rocky+epel-10-x86_64 --rebuild /root/rpmbuild/SRPMS/postfix-tlspol-1.8.27-0.el10.src.rpm --enable-network --no-cleanup

(for the benefit of others, the rpms built by mock are located as follows)
/var/lib/mock/rocky+epel-9-x86_64/root/builddir/build/RPMS/postfix-tlspol-1.8.27-0.el9.x86_64.rpm
/var/lib/mock/rocky+epel-10-x86_64/root/builddir/build/RPMS/postfix-tlspol-1.8.27-0.el9.x86_64.rpm

https://www.integrilog.com/adhj5jkuuk2sfsf0/postfix-tlspol/Custom%201.8.27/0/

Regards
Mike


-----Original Message-----
From: users-bounces at lists.ghettoforge.net <users-bounces at lists.ghettoforge.net> On Behalf Of Peter
Sent: Monday, March 16, 2026 8:16 PM
To: users at lists.ghettoforge.net
Subject: Re: [GF-Users] Postfix-tlspol 1.8.27

The build is taking absolutely ages for el9 and 10.  I'll let it run a while longer but may have to chase it down later on and retry, I'll keep you informed.


Peter


On 17/03/2026 06:34, Michael Webb wrote:
> Peter
> 
> Thanks, yes it builds fine with %setup so will start using that going forward. Agree, no need to specify defaults.
> 
> The %setup a0 was generated by the go2rpm package which is what I used as my starting point as I was so green. At the time it took a week just to fix everything that was broken, and did not want to break it again, so I left everything alone that seemed to be working.
> 
> "%setup -q" implies "quiet extraction" that I saw from other examples, but agree cannot see any obvious difference in the build outputs, and perhaps it is better to be able to be able watch everything if it is not affecting build time.
> 
> Mike
> 
> -----Original Message-----
> From: users-bounces at lists.ghettoforge.net 
> <users-bounces at lists.ghettoforge.net> On Behalf Of Peter
> Sent: Sunday, March 15, 2026 11:26 PM
> To: users at lists.ghettoforge.net
> Subject: Re: [GF-Users] Postfix-tlspol 1.8.27
> 
> On 14/03/2026 12:03, Michael Webb wrote:
>> Hi Peter
>>
>> When convenient, please could you build updated rpms for Postfix-tlspol?
> 
> Sure.
> 
>> Postfix-tlspol has been updated a few times but I have held off 
>> asking until now as the previous updates were to fix issues that did 
>> not affect EL8/9/10. The most recent will update Golang to v1.26.1 
>> for security fixes see
>> https://github.com/Zuplu/postfix-tlspol/releases/tag/v1.8.27
>> <https://github.com/Zuplu/postfix-tlspol/releases/tag/v1.8.27>
> 
> The fixes referenced are to fix vulnerabilities in 1.26.0 which are also fixed in version 1.25.7 so it is not necessary to change the golang version that we are using, and tbh I would rather not because it adds additional builddeps that would need to be downloaded for the build and violates my policy of not requiring external dependencies.
> 
>> To force the build to use Golang 1.26.1 or later,  we need to ensure 
>> that line 44 in the SPEC file is set to “export GOTOOLCHAIN=auto” and 
>> related lines commented and uncommented as indicated, but I think we 
>> started doing it this way a few versions ago already. (When I tried 
>> “local” the build seemed to still be using go1.25.7.)
> 
> Just to expand on the above when checking CVEs I was able to find one listed vulnerability in 1.26.0 that is listed to also be fixed in 1.25.7 as well as seven vulnerabilities for 1.25.5 that are all fixed by 1.25.7.  I don't think setting this to auto is necessary for the build.
> It is currently set to local.
> 
>> No other changes are necessary, but FYI, I have also changed line 39 
>> in my SPEC file because I felt that to specify the folder name was 
>> more intuitive and easier to troubleshoot if the build fails:
>>
>> From: %setup a0
>>
>> To:  %setup -q -n %{archivename}
> 
> -n %{archivename} (actually %{name}-%{version} which is the same thing) is pretty much the default for -n so it's not necessary to specify it.
> I'm happy to add -q and I honestly don't know what the a0 did, I think it's just ignored and is not valid syntax for %setup, so I'll make it:
> 
> %setup -q
> 
> 
> Peter
> 
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users

_______________________________________________
users mailing list
users at lists.ghettoforge.net
http://lists.ghettoforge.net/mailman/listinfo/users

More information about the users mailing list