[GF-Users] Postfix-tlspol 1.8.27 - aarch64

Peter peter at pajamian.dhs.org
Thu Mar 19 01:24:03 MST 2026 

I think building with qemu emulation that should be automatically 
detected but I'll try it as my next step, right now I'm just trying 
updating my system and rebooting.


Peter


On 19/03/2026 20:58, Michael Webb wrote:
> Hi Peter
> 
> Hope this helps.
> 
> # To get this to work for aarch64 on Rocky 10, I added the following lines after "export CGO_ENABLED=0" in the spec file (got some help from the google AI)
> 
> %ifarch aarch64
> export GOARCH=arm64
> %endif
> %ifarch x86_64
> export GOARCH=amd64
> %endif
> 
> I was able to build for aarch64 on el8, 9 & 10 but I have no way to test the rpms. I posted the files at the link below FYI:
> 
>> https://www.integrilog.com/adhj5jkuuk2sfsf0/postfix-tlspol/Custom%201.8.27/0/
> 
> # After installing podman and qemu-user-static as follows, I was able to build but it took around 12min for each (uses a lot of processor power for about 5min when compiling).
> 
> dnf install podman
> mount -t binfmt_misc none /proc/sys/fs/binfmt_misc
> podman run --rm --privileged \
>    --security-opt label=type:spc_t \
>    docker.io/multiarch/qemu-user-static --reset -p yes
> 
> # Can test if qemu valid with
> ls /proc/sys/fs/binfmt_misc/qemu-aarch64
> 
> # build with (The src.rpms outside the mock folders seem to be generic/common so I'll start excluding the platform from the filename)
> mock -r rocky-8-aarch64 --rebuild /root/rpmbuild/SRPMS/postfix-tlspol-1.8.27-0.el10.src.rpm --enable-network --no-cleanup
> mock -r rocky-9-aarch64 --rebuild /root/rpmbuild/SRPMS/postfix-tlspol-1.8.27-0.el10.src.rpm --enable-network --no-cleanup
> mock -r rocky-10-aarch64 --rebuild /root/rpmbuild/SRPMS/postfix-tlspol-1.8.27-0.el10.src.rpm --enable-network --no-cleanup
> 
> Mike
> 
> 
> -----Original Message-----
> From: Michael Webb
> Sent: Thursday, March 19, 2026 12:27 AM
> To: 'GhettoForge Users mailing list' <users at lists.ghettoforge.net>
> Subject: RE: [GF-Users] Postfix-tlspol 1.8.27
> 
> Can you post your spec file as a starting point?
> 
> -----Original Message-----
> From: Michael Webb
> Sent: Thursday, March 19, 2026 12:25 AM
> To: 'GhettoForge Users mailing list' <users at lists.ghettoforge.net>
> Subject: RE: [GF-Users] Postfix-tlspol 1.8.27
> 
> Completely slipped my notice that you have been building for aarch64 as well. In future I will set up mock to build for aarch64 on my test system and debug the spec file before I ask you to build on yours. I can do for this release too, but it may take me a few weeks to generate something worthwhile.
> 
> I am interested to know how many downloads you typically see for each if you have these statistics?
> 
> -----Original Message-----
> From: users-bounces at lists.ghettoforge.net <users-bounces at lists.ghettoforge.net> On Behalf Of Peter
> Sent: Wednesday, March 18, 2026 11:52 PM
> To: users at lists.ghettoforge.net
> Subject: Re: [GF-Users] Postfix-tlspol 1.8.27
> 
> Yeah, they're stopped on the aarch64 build for some reason.  I will need to see if I can fix that.
> 
> Unfortunately my tooling doesn't allow me to easily release the x86_64 if the aarch64 doesn't build but if I can't figure this out I'll at least get the x86_64 build out.
> 
> 
> Peter
> 
> 
> On 19/03/2026 04:23, Michael Webb wrote:
>> Hi Peter
>>
>> Thanks. No worries. If it helps, the builds each take about 90sec each
>> on a Rocky 10 vm with four cores (Xeon Silver 4214 processors, 4GB
>> memory), using the spec (with line 39 changed to %setup as agreed) and
>> source files at the link below. I seem to remember your spec may have
>> contained some logic mine does not have. I was also able to build for
>> EL8 with the same spec file, but I am not set up to test the rpm. My
>> build commands are
>>
>> wget
>> https://github.com/Zuplu/postfix-tlspol/archive/refs/tags/v1.8.27.tar.
>> gz -O /root/rpmbuild/SOURCES/postfix-tlspol-1.8.27.tar.gz
>> rpmbuild -bs /root/rpmbuild/SPECS/postfix-tlspol-1.8.27-0.spec (for
>> the benefit of others, this is to create the src.rpm file at ../SRPMS/
>> from the tar.gz at ../SOURCES/ - the spec file contains the build
>> macros) mock -r rocky+epel-9-x86_64 --rebuild
>> /root/rpmbuild/SRPMS/postfix-tlspol-1.8.27-0.el10.src.rpm
>> --enable-network --no-cleanup mock -r rocky+epel-10-x86_64 --rebuild
>> /root/rpmbuild/SRPMS/postfix-tlspol-1.8.27-0.el10.src.rpm
>> --enable-network --no-cleanup
>>
>> (for the benefit of others, the rpms built by mock are located as
>> follows)
>> /var/lib/mock/rocky+epel-9-x86_64/root/builddir/build/RPMS/postfix-tls
>> pol-1.8.27-0.el9.x86_64.rpm
>> /var/lib/mock/rocky+epel-10-x86_64/root/builddir/build/RPMS/postfix-tl
>> spol-1.8.27-0.el9.x86_64.rpm
>>
>> https://www.integrilog.com/adhj5jkuuk2sfsf0/postfix-tlspol/Custom%201.
>> 8.27/0/
>>
>> Regards
>> Mike
>>
>>
>> -----Original Message-----
>> From: users-bounces at lists.ghettoforge.net
>> <users-bounces at lists.ghettoforge.net> On Behalf Of Peter
>> Sent: Monday, March 16, 2026 8:16 PM
>> To: users at lists.ghettoforge.net
>> Subject: Re: [GF-Users] Postfix-tlspol 1.8.27
>>
>> The build is taking absolutely ages for el9 and 10.  I'll let it run a while longer but may have to chase it down later on and retry, I'll keep you informed.
>>
>>
>> Peter
>>
>>
>> On 17/03/2026 06:34, Michael Webb wrote:
>>> Peter
>>>
>>> Thanks, yes it builds fine with %setup so will start using that going forward. Agree, no need to specify defaults.
>>>
>>> The %setup a0 was generated by the go2rpm package which is what I used as my starting point as I was so green. At the time it took a week just to fix everything that was broken, and did not want to break it again, so I left everything alone that seemed to be working.
>>>
>>> "%setup -q" implies "quiet extraction" that I saw from other examples, but agree cannot see any obvious difference in the build outputs, and perhaps it is better to be able to be able watch everything if it is not affecting build time.
>>>
>>> Mike
>>>
>>> -----Original Message-----
>>> From: users-bounces at lists.ghettoforge.net
>>> <users-bounces at lists.ghettoforge.net> On Behalf Of Peter
>>> Sent: Sunday, March 15, 2026 11:26 PM
>>> To: users at lists.ghettoforge.net
>>> Subject: Re: [GF-Users] Postfix-tlspol 1.8.27
>>>
>>> On 14/03/2026 12:03, Michael Webb wrote:
>>>> Hi Peter
>>>>
>>>> When convenient, please could you build updated rpms for Postfix-tlspol?
>>>
>>> Sure.
>>>
>>>> Postfix-tlspol has been updated a few times but I have held off
>>>> asking until now as the previous updates were to fix issues that did
>>>> not affect EL8/9/10. The most recent will update Golang to v1.26.1
>>>> for security fixes see
>>>> https://github.com/Zuplu/postfix-tlspol/releases/tag/v1.8.27
>>>> <https://github.com/Zuplu/postfix-tlspol/releases/tag/v1.8.27>
>>>
>>> The fixes referenced are to fix vulnerabilities in 1.26.0 which are also fixed in version 1.25.7 so it is not necessary to change the golang version that we are using, and tbh I would rather not because it adds additional builddeps that would need to be downloaded for the build and violates my policy of not requiring external dependencies.
>>>
>>>> To force the build to use Golang 1.26.1 or later,  we need to ensure
>>>> that line 44 in the SPEC file is set to “export GOTOOLCHAIN=auto”
>>>> and related lines commented and uncommented as indicated, but I
>>>> think we started doing it this way a few versions ago already. (When
>>>> I tried “local” the build seemed to still be using go1.25.7.)
>>>
>>> Just to expand on the above when checking CVEs I was able to find one listed vulnerability in 1.26.0 that is listed to also be fixed in 1.25.7 as well as seven vulnerabilities for 1.25.5 that are all fixed by 1.25.7.  I don't think setting this to auto is necessary for the build.
>>> It is currently set to local.
>>>
>>>> No other changes are necessary, but FYI, I have also changed line 39
>>>> in my SPEC file because I felt that to specify the folder name was
>>>> more intuitive and easier to troubleshoot if the build fails:
>>>>
>>>> From: %setup a0
>>>>
>>>> To:  %setup -q -n %{archivename}
>>>
>>> -n %{archivename} (actually %{name}-%{version} which is the same thing) is pretty much the default for -n so it's not necessary to specify it.
>>> I'm happy to add -q and I honestly don't know what the a0 did, I think it's just ignored and is not valid syntax for %setup, so I'll make it:
>>>
>>> %setup -q
>>>
>>>
>>> Peter
>>>
>>> _______________________________________________
>>> users mailing list
>>> users at lists.ghettoforge.net
>>> http://lists.ghettoforge.net/mailman/listinfo/users
>>> _______________________________________________
>>> users mailing list
>>> users at lists.ghettoforge.net
>>> http://lists.ghettoforge.net/mailman/listinfo/users
>>
>> _______________________________________________
>> users mailing list
>> users at lists.ghettoforge.net
>> http://lists.ghettoforge.net/mailman/listinfo/users
>> _______________________________________________
>> users mailing list
>> users at lists.ghettoforge.net
>> http://lists.ghettoforge.net/mailman/listinfo/users
> 
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.net
> http://lists.ghettoforge.net/mailman/listinfo/users

More information about the users mailing list