fix_instances_symlinked_certs.sh

#!/bin/bash

# assuming all of the instances start with "postf" e.g. "postfix-2" or "postfix-test"

mapfile -t strace_array < <( strace curl https://www.google.com |&grep 'open.*ssl' )

if [ ${#strace_array[@]} -eq 0 ]; then
    echo "strace is not installed, install it with apt-get install strace or apt install strace"
else
    expected_cert_path=`echo ${strace_array[-1]} | cut -d'"' -f 2`
    if [ ${expected_cert_path} !== '/etc/ssl/certs/ca-certificates.crt' ]; then
      nonstandard = true
      real_cert_file=`readlink -f "${expected_cert_path}"`
      export VAR="${real_cert_file}"
      real_cert_path=`echo "$(dirname "${VAR}")"`
      export VAR2="${real_cert_path}"
      real_cert_parent_path=`echo "$(dirname "${VAR2}")"`
    fi
fi

mapfile -t instance_array < <( find /etc* -maxdepth 1 -type d -name "postf*" -printf "%f\n" )

for instance in "${instance_array[@]}"
do
   echo "copying resolv.conf for ${instance}"
   cp /etc/resolv.conf "/var/spool/${instance}/etc/resolv.conf"
   echo "updating ssl certs for ${instance}"
   mkdir -p "/var/spool/${instance}/etc/ssl/certs"
   cp /etc/ssl/certs/ca-certificates.crt "/var/spool/${instance}/etc/ssl/certs/ca-certificates.crt"
   if [[ ${instance} != postfix ]]; then
     echo "updating required libraries for ${instance}"
     mkdir -p "/var/spool/${instance}/lib"
     cp /var/spool/postfix/lib/x86_64-linux-gnu "/var/spool/${instance}/lib" -r
   fi
   echo "updating postfix token ownership for ${instance}"
   chown -R postfix:postfix /var/spool/${instance}/etc/tokens
   if [ nonstandard === true]; then
     echo "updating nonstandard cert files for ${instance}"
     mkdir -p "/var/spool/${instance}${real_cert_path}"
     cp ${real_cert_path} "/var/spool/${instance}${real_cert_parent_path}" -r
   fi
done