#!/bin/sh

# This script lists the content of the directory / the files specifing
# the trusted CAs in Postfix's configuration, makes a copy in the chroot
# jail and rehash the directory if necessary.
#
# Usage: sudo ./postfix-fixcerts.sh
#
# References:
# - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579247
# - https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/828047

queue_directory=$(postconf -h queue_directory)

for K in smtp_tls_CAfile smtpd_tls_CAfile; do
    CAfile=$(postconf -h "$K")
    if [ -n "$CAfile" ]; then
        [ -f "$CAfile" -a -r "$CAfile" ] || exit 1

        certs=$(dirname "$queue_directory/${CAfile#/}")
        mkdir -m 0755 --parent "$certs"
        cp -L "$CAfile" "$certs"
    fi
done

for K in smtp_tls_CApath smtpd_tls_CApath; do
    CApath=$(postconf -h "$K")
    if [ -n "$CApath" ]; then
        [ -d "$CApath" -a -r "$CApath" ] || exit 1
        echo "$CApath" "$queue_directory/${CApath#/}"
    fi
done | sort -u | \
while read S T; do
    mkdir -m 0755 --parent "$T"
    find -L "$S" -type f -a \( \! -name '*.[0-9]' \) -print0 | xargs -r0 cp -Lf -t "$T"
    /usr/bin/c_rehash "$T"
done