[GF-Users] Postfix-tlspol 1.8.27

Michael Webb michael.webb at integrilog.com
Wed Mar 18 23:26:56 MST 2026 

Can you post your spec file as a starting point?

-----Original Message-----
From: Michael Webb 
Sent: Thursday, March 19, 2026 12:25 AM
To: 'GhettoForge Users mailing list' <users at lists.ghettoforge.net>
Subject: RE: [GF-Users] Postfix-tlspol 1.8.27

Completely slipped my notice that you have been building for aarch64 as well. In future I will set up mock to build for aarch64 on my test system and debug the spec file before I ask you to build on yours. I can do for this release too, but it may take me a few weeks to generate something worthwhile.

I am interested to know how many downloads you typically see for each if you have these statistics?

-----Original Message-----
From: users-bounces at lists.ghettoforge.net <users-bounces at lists.ghettoforge.net> On Behalf Of Peter
Sent: Wednesday, March 18, 2026 11:52 PM
To: users at lists.ghettoforge.net
Subject: Re: [GF-Users] Postfix-tlspol 1.8.27

Yeah, they're stopped on the aarch64 build for some reason.  I will need to see if I can fix that.

Unfortunately my tooling doesn't allow me to easily release the x86_64 if the aarch64 doesn't build but if I can't figure this out I'll at least get the x86_64 build out.


Peter


On 19/03/2026 04:23, Michael Webb wrote:
> Hi Peter
> 
> Thanks. No worries. If it helps, the builds each take about 90sec each 
> on a Rocky 10 vm with four cores (Xeon Silver 4214 processors, 4GB 
> memory), using the spec (with line 39 changed to %setup as agreed) and 
> source files at the link below. I seem to remember your spec may have 
> contained some logic mine does not have. I was also able to build for
> EL8 with the same spec file, but I am not set up to test the rpm. My 
> build commands are
> 
> wget
> https://github.com/Zuplu/postfix-tlspol/archive/refs/tags/v1.8.27.tar.
> gz -O /root/rpmbuild/SOURCES/postfix-tlspol-1.8.27.tar.gz
> rpmbuild -bs /root/rpmbuild/SPECS/postfix-tlspol-1.8.27-0.spec (for 
> the benefit of others, this is to create the src.rpm file at ../SRPMS/ 
> from the tar.gz at ../SOURCES/ - the spec file contains the build
> macros) mock -r rocky+epel-9-x86_64 --rebuild 
> /root/rpmbuild/SRPMS/postfix-tlspol-1.8.27-0.el10.src.rpm
> --enable-network --no-cleanup mock -r rocky+epel-10-x86_64 --rebuild 
> /root/rpmbuild/SRPMS/postfix-tlspol-1.8.27-0.el10.src.rpm
> --enable-network --no-cleanup
> 
> (for the benefit of others, the rpms built by mock are located as
> follows)
> /var/lib/mock/rocky+epel-9-x86_64/root/builddir/build/RPMS/postfix-tls
> pol-1.8.27-0.el9.x86_64.rpm
> /var/lib/mock/rocky+epel-10-x86_64/root/builddir/build/RPMS/postfix-tl
> spol-1.8.27-0.el9.x86_64.rpm
> 
> https://www.integrilog.com/adhj5jkuuk2sfsf0/postfix-tlspol/Custom%201.
> 8.27/0/
> 
> Regards
> Mike
> 
> 
> -----Original Message-----
> From: users-bounces at lists.ghettoforge.net
> <users-bounces at lists.ghettoforge.net> On Behalf Of Peter
> Sent: Monday, March 16, 2026 8:16 PM
> To: users at lists.ghettoforge.net
> Subject: Re: [GF-Users] Postfix-tlspol 1.8.27
> 
> The build is taking absolutely ages for el9 and 10.  I'll let it run a while longer but may have to chase it down later on and retry, I'll keep you informed.
> 
> 
> Peter
> 
> 
> On 17/03/2026 06:34, Michael Webb wrote:
>> Peter
>>
>> Thanks, yes it builds fine with %setup so will start using that going forward. Agree, no need to specify defaults.
>>
>> The %setup a0 was generated by the go2rpm package which is what I used as my starting point as I was so green. At the time it took a week just to fix everything that was broken, and did not want to break it again, so I left everything alone that seemed to be working.
>>
>> "%setup -q" implies "quiet extraction" that I saw from other examples, but agree cannot see any obvious difference in the build outputs, and perhaps it is better to be able to be able watch everything if it is not affecting build time.
>>
>> Mike
>>
>> -----Original Message-----
>> From: users-bounces at lists.ghettoforge.net
>> <users-bounces at lists.ghettoforge.net> On Behalf Of Peter
>> Sent: Sunday, March 15, 2026 11:26 PM
>> To: users at lists.ghettoforge.net
>> Subject: Re: [GF-Users] Postfix-tlspol 1.8.27
>>
>> On 14/03/2026 12:03, Michael Webb wrote:
>>> Hi Peter
>>>
>>> When convenient, please could you build updated rpms for Postfix-tlspol?
>>
>> Sure.
>>
>>> Postfix-tlspol has been updated a few times but I have held off 
>>> asking until now as the previous updates were to fix issues that did 
>>> not affect EL8/9/10. The most recent will update Golang to v1.26.1 
>>> for security fixes see
>>> https://github.com/Zuplu/postfix-tlspol/releases/tag/v1.8.27
>>> <https://github.com/Zuplu/postfix-tlspol/releases/tag/v1.8.27>
>>
>> The fixes referenced are to fix vulnerabilities in 1.26.0 which are also fixed in version 1.25.7 so it is not necessary to change the golang version that we are using, and tbh I would rather not because it adds additional builddeps that would need to be downloaded for the build and violates my policy of not requiring external dependencies.
>>
>>> To force the build to use Golang 1.26.1 or later,  we need to ensure 
>>> that line 44 in the SPEC file is set to “export GOTOOLCHAIN=auto”
>>> and related lines commented and uncommented as indicated, but I 
>>> think we started doing it this way a few versions ago already. (When 
>>> I tried “local” the build seemed to still be using go1.25.7.)
>>
>> Just to expand on the above when checking CVEs I was able to find one listed vulnerability in 1.26.0 that is listed to also be fixed in 1.25.7 as well as seven vulnerabilities for 1.25.5 that are all fixed by 1.25.7.  I don't think setting this to auto is necessary for the build.
>> It is currently set to local.
>>
>>> No other changes are necessary, but FYI, I have also changed line 39 
>>> in my SPEC file because I felt that to specify the folder name was 
>>> more intuitive and easier to troubleshoot if the build fails:
>>>
>>> From: %setup a0
>>>
>>> To:  %setup -q -n %{archivename}
>>
>> -n %{archivename} (actually %{name}-%{version} which is the same thing) is pretty much the default for -n so it's not necessary to specify it.
>> I'm happy to add -q and I honestly don't know what the a0 did, I think it's just ignored and is not valid syntax for %setup, so I'll make it:
>>
>> %setup -q
>>
>>
>> Peter
>>
>> _______________________________________________
>> users mailing list
>> users at lists.ghettoforge.net
>> http://lists.ghettoforge.net/mailman/listinfo/users
>> _______________________________________________
>> users mailing list
>> users at lists.ghettoforge.net
>> http://lists.ghettoforge.net/mailman/listinfo/users
> 
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users

_______________________________________________
users mailing list
users at lists.ghettoforge.net
http://lists.ghettoforge.net/mailman/listinfo/users

More information about the users mailing list