journal(mailu): ADV-mailu-01 fix rationale; build #477 in flight
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
autonomic-bot
@ -79,3 +79,38 @@ Need to confirm the delete command. From mailu docs, the admin CLI:
|
||||
- Delete: `flask mailu user delete <email>` (where email = local@domain)
|
||||
- Or: `flask mailu user delete <local>@<domain>`
|
||||
Need to verify the exact syntax. Will use `flask mailu user delete citest@<domain>` and add error handling.
|
||||
|
||||
---
|
||||
|
||||
## 2026-06-11 ADV-mailu-01 fix — extend seed to cover /mail Maildir
|
||||
|
||||
### Adversary finding (M1 FAIL)
|
||||
The M1 claim was rejected because ops.py only proved SQLite (`/data`) backup/restore. The `/mail`
|
||||
Maildir volume was labeled and backed up but never specifically tested for restoration. If backupbot
|
||||
silently skipped restoring `/mail`, the test would still PASS.
|
||||
|
||||
### Fix (cc-ci commit b9352e8)
|
||||
Extended the seed in three steps:
|
||||
|
||||
**ops.py `pre_backup`**: After creating `citest@<domain>`, inject a test message via in-container
|
||||
`sendmail` (smtp container → postfix → rspamd → dovecot deliver). Subject: `ccci-backup-probe`.
|
||||
Wait up to 60s for dovecot to deliver (polling `doveadm search`). This is identical to the pattern
|
||||
proven in `test_mail_flow.py`.
|
||||
|
||||
**ops.py `pre_restore`**: Now wipes BOTH:
|
||||
1. The user from sqlite: `DELETE FROM user WHERE localpart='citest'` via python3 in admin container
|
||||
2. The user's Maildir: `rm -rf /mail/<domain>/citest` in imap container
|
||||
|
||||
**test_backup.py**: Added `test_backup_captures_mail_message` — asserts the message is present
|
||||
at backup time via `doveadm search` in imap container.
|
||||
|
||||
**test_restore.py**: Added `test_restore_returns_mail_message` — asserts the message is back in
|
||||
INBOX after restore via `doveadm search` in imap container.
|
||||
|
||||
### Why rm -rf over doveadm expunge
|
||||
Used `rm -rf /mail/<domain>/citest/` in pre_restore rather than `doveadm expunge` because:
|
||||
- `rm -rf` directly wipes the Maildir from disk — observable, immediate, unambiguous
|
||||
- `doveadm expunge` marks messages for deletion but depends on dovecot's expunge/purge cycle
|
||||
- The goal is a clear divergence: after pre_restore, the maildir DOES NOT EXIST; after restore, it DOES
|
||||
|
||||
### Build #477 in flight to verify
|
||||
|
||||
Reference in New Issue
Block a user