Description

This is a tracking issue for any concerns related to this upgrade expected later in the year (25H2):

• We should ensure third-party repos are using the new DEB822 .sources format.

  We can continue to add the extra apt package repos as one liners AFAIK, then convert that to the new format via an apt command apt modernize-sources:

  # apt 2.9.24 (released January 2025) is required,
  # so we cannot support this feature until Debian 13 Trixie:
  $ docker run --rm -it debian:12-slim
  $ apt --version
  apt 2.6.1 (amd64)
  
  $ docker run --rm -it debian:trixie
  $ apt --version
  apt 3.0.0 (amd64)

  This change is not absolutely necessary, the existing .list format remains compatible for the time being but is deprecated in favor of DEB822 .sources.

  Ubuntu 24.04+ and Debian 12+ already use the newer format (from /etc/apt/sources.list => /etc/apt/sources.list.d/*.sources), this would be relevant for Dovecot 2.4 + rspamd repos we presently add to /etc/apt/sources.list.d/ as .list format:

  docker-mailserver/target/scripts/build/packages.sh

  Lines 179 to 183 in fc51996

  	_log 'trace' 'Adding third-party package repository (Dovecot)'
  	curl -fsSL https://repo.dovecot.org/DOVECOT-REPO-GPG-2.4 | gpg --dearmor > /usr/share/keyrings/upstream-dovecot.gpg
  	echo \
  	"deb [signed-by=/usr/share/keyrings/upstream-dovecot.gpg] https://repo.dovecot.org/ce-2.4-latest/debian/${VERSION_CODENAME} ${VERSION_CODENAME} main" \
  	> /etc/apt/sources.list.d/upstream-dovecot.list

  docker-mailserver/target/scripts/build/packages.sh

  Lines 206 to 210 in fc51996

  	_log 'trace' 'Adding third-party package repository (Rspamd)'
  	curl -fsSL https://rspamd.com/apt-stable/gpg.key | gpg --dearmor > /usr/share/keyrings/upstream-rspamd.gpg
  	echo \
  	"deb [signed-by=/usr/share/keyrings/upstream-rspamd.gpg] https://rspamd.com/apt-stable/ ${VERSION_CODENAME} main" \
  	> /etc/apt/sources.list.d/upstream-rspamd.list

• Dovecot 2.4.x support does not seem to be required yet:

  $ docker run --rm -it --env DEBIAN_FRONTEND=noninteractive debian:trixie
  # apt-get -qq update && apt-get -qq install dovecot-core
  $ dovecot --version
  2.3.21.1 (d492236fa0)

• Rspamd in Debian 12 is 3.4 which is deemed too old. With Debian 13 it is 3.8.1, almost what we have in DMS v14.

  $ docker run --rm -it --env DEBIAN_FRONTEND=noninteractive debian:trixie
  $ apt-get -qq update && apt-get -qq install rspamd
  $ rspamd --version
  Rspamd daemon version 3.8.1
  
  $ docker run --rm -it mailserver/docker-mailserver:14 bash
  $ rspamd --version
  Rspamd daemon version 3.8.4
  
  $ docker run --rm -it mailserver/docker-mailserver:15 bash
  $ rspamd --version
  Rspamd daemon version 3.11.1

  As Rspamd's repo doesn't allow us to pin the rspamd package version, it does affect the ability to rebuild older DMS releases where breaking changes might be introduced. It might be worth considering a similar feature to what we have with Dovecot? I have not gone over the changes between Rspamd 3.8 and 3.11, or the fixes for the 3.8 series, but presumably that'd be compatible for our usage, even if the upstream Rspamd repo is preferred by default over the local Debian package.

  Doing so may also assist supporting this feature request.