general: update base image to Debian 12 ("Bookworm") (#3403)

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
This commit is contained in:
Georg Lauterbach 2024-01-24 17:05:55 +01:00 committed by GitHub
parent 0c7e49e654
commit 00018e7e2b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
18 changed files with 145 additions and 148 deletions

View file

@ -25,9 +25,9 @@ function teardown_file() { _default_teardown ; }
assert_line 'received = false'
assert_line 'delivered_to = false'
_run_in_container stat /usr/local/bin/debug-getmail
_run_in_container_bash '[[ -f /usr/local/bin/debug-getmail ]]'
assert_success
_run_in_container stat /usr/local/bin/getmail-cron
_run_in_container_bash '[[ -f /usr/local/bin/getmail-cron ]]'
assert_success
}

View file

@ -51,10 +51,8 @@ function teardown_file() {
export CONTAINER_NAME=${CONTAINER1_NAME}
# give Amavis just a bit of time to print out its full debug log
run _repeat_in_container_until_success_or_timeout 5 "${CONTAINER_NAME}" grep 'ANTI-SPAM-SA' /var/log/mail/mail.log
run _repeat_in_container_until_success_or_timeout 20 "${CONTAINER_NAME}" grep 'SpamControl: init_pre_fork on SpamAssassin done' /var/log/mail/mail.log
assert_success
assert_output --partial 'loaded'
refute_output --partial 'NOT loaded'
}
@test '(Amavis enabled) SA ENV should update Amavis config' {

View file

@ -30,8 +30,12 @@ function teardown_file() { _default_teardown ; }
}
@test "SA - Amavis integration should not be active" {
_run_in_container_bash "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
# Wait until Amavis has finished initializing:
run _repeat_in_container_until_success_or_timeout 20 "${CONTAINER_NAME}" grep 'Deleting db files in /var/lib/amavis/db' /var/log/mail/mail.log
assert_success
# Amavis module for SA should not be loaded (`SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin`):
_run_in_container grep 'scanner SpamAssassin' /var/log/mail/mail.log
assert_failure
}
@test "SA - should not have been called" {

View file

@ -59,7 +59,7 @@ function teardown_file() { _default_teardown ; }
_should_have_log_entry \
'action=greylist' \
'reason=new' \
'client_address=127.0.0.1/32, sender=user@external.tld, recipient=user1@localhost.localdomain'
'client_address=127.0.0.1, sender=user@external.tld, recipient=user1@localhost.localdomain'
}
# NOTE: This test case depends on the previous one
@ -73,7 +73,7 @@ function teardown_file() { _default_teardown ; }
_should_have_log_entry \
'action=pass' \
'reason=triplet found' \
'client_address=127.0.0.1/32, sender=user@external.tld, recipient=user1@localhost.localdomain'
'client_address=127.0.0.1, sender=user@external.tld, recipient=user1@localhost.localdomain'
}
# NOTE: These two whitelist tests use `files/nc/` instead of `files/emails`.
@ -91,7 +91,7 @@ function teardown_file() { _default_teardown ; }
_should_have_log_entry \
'action=pass' \
'reason=client whitelist' \
'client_address=127.0.0.1/32, sender=test@whitelist.tld, recipient=user1@localhost.localdomain'
'client_address=127.0.0.1, sender=test@whitelist.tld, recipient=user1@localhost.localdomain'
}
@test "should whitelist recipient 'user2@otherdomain.tld'" {
@ -100,7 +100,7 @@ function teardown_file() { _default_teardown ; }
_should_have_log_entry \
'action=pass' \
'reason=recipient whitelist' \
'client_address=127.0.0.1/32, sender=test@nonwhitelist.tld, recipient=user2@otherdomain.tld'
'client_address=127.0.0.1, sender=test@nonwhitelist.tld, recipient=user2@otherdomain.tld'
}
function _should_have_log_entry() {

View file

@ -222,7 +222,7 @@ function __check_rsa_keys() {
# Check the private key matches the specification
_run_in_container_bash "openssl rsa -in '${BASE_FILE_NAME}.private.txt' -noout -text"
assert_success
assert_line --index 0 "RSA Private-Key: (${KEYSIZE} bit, 2 primes)"
assert_line --index 0 "Private-Key: (${KEYSIZE} bit, 2 primes)"
# Check the public key matches the specification
#
@ -232,7 +232,7 @@ function __check_rsa_keys() {
PUBKEY=$(_exec_in_container_bash "grep -o 'p=.*' ${BASE_FILE_NAME}.public.dns.txt")
_run_in_container_bash "openssl enc -base64 -d <<< ${PUBKEY#p=} | openssl pkey -inform DER -pubin -noout -text"
assert_success
assert_line --index 0 "RSA Public-Key: (${KEYSIZE} bit)"
assert_line --index 0 "Public-Key: (${KEYSIZE} bit)"
}
# Verify that all DKIM key files are present.

View file

@ -13,7 +13,7 @@ function teardown() { _default_teardown ; }
# opendmarc (/usr/sbin/opendmarc)
# postfix (/usr/lib/postfix/sbin/master) - Postfix main process (two ancestors, launched via pidproxy python3 script)
#
# amavisd-new (usr/sbin/amavisd-new)
# amavisd (usr/sbin/amavisd)
# clamd (/usr/sbin/clamd)
# dovecot (/usr/sbin/dovecot)
# fetchmail (/usr/bin/fetchmail)
@ -37,7 +37,7 @@ CORE_PROCESS_LIST=(
# These processes can be toggled via ENV:
# NOTE: clamd handled in separate test case
ENV_PROCESS_LIST=(
amavisd-new
amavisd
dovecot
fail2ban-server
fetchmail

View file

@ -59,6 +59,10 @@ function teardown_file() {
}
@test "should authenticate with XOAUTH2" {
# curl packaged in Debian 12 (and the latest release as of Jan 2024) broke XOAUTH2 support
# https://github.com/docker-mailserver/docker-mailserver/pull/3403#issuecomment-1907100624
skip 'unable to test XOAUTH mechanism due to bug since curl 7.80'
__should_login_successfully_with 'XOAUTH2'
}

View file

@ -226,7 +226,7 @@ function __should_have_expected_files() {
# DKIM private key for signing, parse it to verify private key size is correct:
_run_in_container_bash "openssl rsa -in '${TARGET_DIR}/mail.private' -noout -text"
assert_success
assert_line --index 0 "RSA Private-Key: (${EXPECTED_KEYSIZE} bit, 2 primes)"
assert_line --index 0 "Private-Key: (${EXPECTED_KEYSIZE} bit, 2 primes)"
# DKIM record, extract public key (base64 encoded, potentially multi-line)
# - tail to exclude first line,
@ -240,7 +240,7 @@ function __should_have_expected_files() {
) | openssl enc -base64 -d | openssl pkey -inform DER -pubin -noout -text
"
assert_success
assert_line --index 0 "RSA Public-Key: (${EXPECTED_KEYSIZE} bit)"
assert_line --index 0 "Public-Key: (${EXPECTED_KEYSIZE} bit)"
# Contents is for expected DKIM_DOMAIN and selector (mail):
_run_in_container cat "${TARGET_DIR}/mail.txt"