Sme11BuildQueue
This page lists all the packages that SME Server needs to build for SME 11. The starting point is the smeos directory from SME 10. For each package it should be checked if it is still needed, or can we use an upstream package if one is available. see bug https://bugs.koozali.org/show_bug.cgi?id=12424
Package Build Steps
things have changed between SME10 and SME11. we moved from cvs to git. We also need to change the name of a few old e-smith rpm to smeserver for better consistency, but without forgetting from where we are coming. git is available here : https://src.koozali.org
TODO; write how to checkout and start a build
TODO ; reference on how to configure a build environement.
Required dependencies
created from the work on SME10, and updated.
you can use http://pkgs.org to fill the blank, reference where the rpm can be found (EPEL8,ROCKY8,REMI8,OPENFUSION8,RPMFUSION8,smedev,smetest) and the status (Build OK, NEED COPY,NOTABUG,WONTFIX,FIXED).
fill bug before building a new package : https://bugs.contribs.org/enter_bug.cgi?product=SME%20Server%2011.X&component=build
Package Requiring | Required Package | Possible sources | status | Reference |
---|---|---|---|---|
dar | par2cmdline | epel | par2cmdline-0.8.0-3.el8.x86_64.rpm | |
smeserver-apache | mod_authnz_external | epel | mod_authnz_external-3.3.3-3.el8.x86_64.rpm | |
smeserver-base | pv | epel | pv-1.6.6-7.el8.x86_64.rpm | |
smeserver-email | perl(Net::Server::Fork) | Rocky Linux AppStream | perl-Net-Server-2.009-3.el8.noarch.rpm | |
smeserver-email | perl(Net::Server) >= 0.85 | Rocky Linux AppStream | perl-Net-Server-2.009-3.el8.noarch.rpm | |
smeserver-grub | grub2 | Rocky Linux BaseOS | grub2-pc-2.02-150.el8.rocky.0.1.x86_64.rpm | |
smeserver-horde | php-pear(HTTP) | none | ||
smeserver-horde | php-pear(Date) | epel / remi | php-pear-Date-1.4.7-22.el8.noarch.rpm
php-pear-Date-1.4.7-20.el8.remi.noarch.rpm | |
smeserver-horde | php-pear(Services_Weather) | none | ||
smeserver-horde | php-pear(File) | none | ||
smeserver-horde | php-pear(Log) | remi | php-pear-Log-1.14.1-1.el8.remi.noarch.rpm | |
smeserver-horde | php-pear(HTTP_Request) | epel / remi | php-pear-HTTP-Request-1.4.4-18.el8.noarch.rpm
php-pear-HTTP-Request-1.4.4-16.el8.remi.noarch.rpm | |
smeserver-ldap | libdb4-utils | raven third party...
https://pkgs.dyn.su/el8/base/SRPMS/libdb4-4.8.30-30.el8.src.rpm | ||
smeserver-devtools | perl-Pod-Tests | epel | perl-Pod-Tests-1.20-6.el8.noarch.rpm | |
smeserver-lib | perl(Authen::PAM) | epel | perl-Authen-PAM-0.16-37.el8.x86_64.rpm | |
smeserver-lib
perl-Mojolicious |
perl(Taint::Util) | epel | perl-Taint-Util-0.08-22.el8.x86_64.rpm | |
smeserver-mysql | mariadb-server | Rocky Linux AppStream / mariadb | mariadb-server-10.5.22-1.module | |
smeserver-nutUPS | nut | epel | nut-2.8.0-3.el8.x86_64.rpm | |
smeserver-nutUPS | nut-client | epel | ||
smeserver-proftpd | proftpd | epel | proftpd-1.3.6e-6.el8.x86_64.rpm | |
smeserver-radiusd | radiusclient-ng >= 0.5.6 | none, should migrate to freeradius-client . radius | ||
mbuffer | libmhash.so.2()(64bit) | epel | mhash-devel-0.9.9.9-20.el8.x86_64.rpm | |
smeserver-lib | perl(Text::Template) | Rocky Linux AppStream | perl-Text-Template-1.51-1.el8.noarch.rpm (also module 1.58 and 1.47) | |
qpsmtpd | perl(Net::IP) | epel | perl-Net-IP-1.26-20.el8.noarch.rpm | |
smeserver-qpsmtpd | perl-MIME-tools | epel | perl-MIME-tools-5.509-9.el8.noarch.rpm | |
smeserver-qpsmtpd | perl-File-MMagic | Rocky Linux Devel | perl-File-MMagic-1.30-16.el8.noarch.rpm | |
smeserver-qpsmtpd | perl-Convert-TNEF | epel | perl-Convert-TNEF-0.18-17.el8.noarch.rpm | |
smeserver-spamassassin | perl-razor-agents | epel | add dep back to spec | perl-Razor-Agent-2.86-1.el8.x86_64.rpm |
smeserver-spamassassin | pyzor | epel | pyzor-1.0.0-28.20200530gitf46159b.el8.noarch.rpm | |
smeserver-horde | php-pear-Log | remi | php-pear-Log-1.14.1-1.el8.remi.noarch.rpm | |
smeserver-horde | php-pecl-geoip | remi-modular | wait | is required by remi for php-horde-imp, php-horde-kronolith, php-horde-nag, php-horde-turba : available by modular only |
smeserver-horde | php-imap | remi-modular | wait | is required by remi for php-horde-ingo, php-horde-mnemo : available by modular only |
smeserver-horde | php-channel-horde
php-channel(pear.horde.org) |
remi | wait | remi php-channel-horde |
smeserver-horde | php-horde-Horde-Role | remi | wait | remi php-horde-Horde-Role |
RPM's from smeos directory
before attempting to buidl check if they are available and put them rather in the table above with source to copy from, with at least the version number we had on SME10.
if you need to build check if a newer version is available. Sometime we might need to stick to an old version so document here when uping version in reference.
koji build dist-sme11-os git+https://src.koozali.org/smeserver/PACKAGE.git?#GITTAG
where PACKAGE is listed under, and GITTAG should be found in https://src.koozali.org
Packages in git, but we will use upstream
Package | Builder | status | Reference |
---|---|---|---|
dar | X | epel: dar-2.7.6-2.el8.x86_64.rpm | |
geoipupdate | X | Rocky Linux AppStream : geoipupdate-2.5.0-3.el8.x86_64.rpm
unless we see we have a local patch to use older app | |
maildrop-2.8.4 | X | epel maildrop-3.0.8-1.el8.x86_64.rpm | |
mbuffer | X | epel mbuffer-20190725-1.el8.x86_64.rpm | |
mod_perl | X | epel mod_perl-2.0.12-1.el8.x86_64.rpm | |
oidentd >= 2.0.6 | X | epel oidentd-2.5.0-1.el8.x86_64.rpm | |
perl-Crypt-Cracklib | X | epel perl-Crypt-Cracklib-1.7-24.el8.x86_64.rpm | |
perl-Data-Validate-Domain | X | epel perl-Data-Validate-Domain-0.15-7.el8.noarch.rpm
openfusion perl-Data-Validate-Domain-0.14-1.of.el8.noarch.rpm | |
perl-IO-Socket-SSL | X | Rocky Linux AppStream perl-IO-Socket-SSL-2.066-4.module | |
perl-Mail-RFC822-Address | X | epel perl-Mail-RFC822-Address-0.3-36.el8.noarch.rpm | |
perl-Net-IMAP-Simple-1.1916 | X | openfusion perl-Net-IMAP-Simple-1.2212-1.of.el8.noarch.rpm | |
https://src.koozali.org/smeserver/perl-Mojolicious | X | epel 8 perl-Mojolicious-8.42-1.el8.noarch.rpm | |
perl-RPM2 | X | epel perl-RPM2-1.4-10.el8.x86_64.rpm | |
ppp | X | Rocky Linux BaseOS ppp-2.4.7-26.el8_1.x86_64.rpm |
Packages to obsolete from git / not to build
Package | Builder | status | Reference |
---|---|---|---|
cvm | to drop! | ||
pam_abl | need git | https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/source/tree/Packages/p/pam_abl-0.6.0-25.fc40.src.rpm https://github.com/deksai/pam_abl https://github.com/deksai/pam_abl/archive/refs/tags/v0.9.0.tar.gz
not installed on SME10 | |
rssh | to drop | unmaintianed and unsecure http://www.pizzashack.org/rssh/
need to import - EL7: https://rhel.pkgs.org/7/epel-x86_64/rssh-2.3.4-16.el7.x86_64.rpm.html | |
smeserver-cvm-unix-local | to drop! | ||
smeserver-dynamicdns-dyndns | to drop? | ||
smeserver-dynamicdns-dyndns.org | to drop? | ||
smeserver-dynamicdns-tzo | to drop? | ||
smeserver-dynamicdns-yi | to drop? | ||
whiptail | usage drop, references needs to be removed | ||
wv-1.2.7 | cc1: some warnings being treated as errors
make[2]: warning: 'password' may be used uninitialized in this function [-Wmaybe-uninitialized] => not installed on SME10 ; was needed by e-smith-horde, but not anymore new version and last version (2009) https://sourceforge.net/projects/wvware/files/wv2-0.4.2.tar.bz2/download |
Bare install test
- Install server environment group from minimal iso for rocky 8
https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-8-latest-x86_64-minimal.iso
Configure network access during installation with option to restore. Configure only root user.
- If needed reconfigure network using nm
I set the network details in the setup screen but the device was not up on boot.
My main device was ens18 - YMMV
cd /etc/sysconfig/network-scripts/ifcfg-ens18
Set these (I found that you need at least start on boot):
nmcli con mod ens18 connection.autoconnect yes # start on boot nmcli connection modify ens18 ipv4.routes "0.0.0.0/0 62.210.0.1" # My default route nmcli con mod ens18 ipv4.ignore-auto-dns yes # Use static DNS nmcli con mod ens18 ipv4.dns '8.8.8.8,8.8.4.4' # I found opendns was blocked on my server nmcli con mod ens18 ipv6.method ignore # Forget Ipv6 for now nmcli con up ens18
Check:
cat /etc/sysconfig/network-scripts/ifcfg-ens18
cat /etc/resolv.conf
Or reboot.
- SSH
SSH is present and is enabled by default at this stage. To check issue:
systemctl status sshd
You may have a slow login to ssh, if needed :
vi /etc/ssh/sshd_config
You have to restart the ssh service. You might also want to wget your public keys in /root/.ssh/authorized_keys
systemctl restart sshd
- Disable SELinux
SELinux uses policies that conflict with some of the SME Server services ports like https. One can adjust the allowed ports, or remove the SELinux policies and disable SELinux by the following commands:
setenforce 0 sed -i -e 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config dnf remove selinux-policy-targeted
- disable cockpit notice
rm -f /etc/issue.d/cockpit.issue /etc/motd.d/cockpit
- Install epel repo
dnf install epel-release
- Install remi 8 repos
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
- Install openfusion 8
dnf install http://repo.openfusion.net/centos8-x86_64/openfusion-release-0.8-2.of.el8.noarch.rpm
- Update packages
dnf update
- Add some utilities
dnf install wget
- Install SME11 repo
vim /etc/yum.repos.d/smeserver11.repo
and paste
[smeos] enabled=1 mirrorlist=http://mirrorlist.koozali.org/mirrorlist/smeos-11 name=SME Server - os gpgcheck=1 enablegroups=1 [smeupdates-testing] enabled=0 mirrorlist=http://mirrorlist.koozali.org/mirrorlist/smeupdates-testing-11 name=SME Server - update testing gpgcheck=1 enablegroups=1 [smetest] enabled=0 mirrorlist=http://mirrorlist.koozali.org/mirrorlist/smetest-11 name=SME Server - dev gpgcheck=1 enablegroups=1 [koji-sme11] enabled=0 name=koji-sme11 baseurl=http://koji.koozali.org/kojifiles/repos-dist/dist-sme11-os/latest/x86_64/ #http://koji.koozali.org/kojifiles/repos/dist-sme11-build/latest/x86_64/ gpgcheck=1 enablegroups=1
- install SME10 and 11 keys
wget https://src.koozali.org/staging/sme-release/raw/branch/master/RPM-GPG-KEY-sme11 rpm --import RPM-GPG-KEY-sme11
- install Remi el8 key
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
then
dnf --enablerepo=* clean all
Install SME11 packages. You will need to enable some repo first before installing @smeserver:
dnf module switch-to php:remi-8.3 -y dnf module switch-to mariadb:10.5 -y dnf module switch-to python36:3.6 -y dnf module install php:remi-8.3 dnf install @smeserver
et voilà, you have a non functional SME 11 over Rocky 8 minimal.
## This is safer to be done directly on tty, not via ssh:
- Get rid of Network-Manager NOW!
systemctl stop NetworkManager systemctl disable NetworkManager systemctl stop NetworkManager-wait-online.service systemctl disable NetworkManager-wait-online.service systemctl start networking dnf remove NetworkManager* --noautoremove
- some cleanup
dnf remove @headless-management @hardware-support
then you could try, (you might have no network from there), unlink this to avoid root password locking
unlink /etc/e-smith/events/post-install/S10init-passwords /sbin/e-smith/signal-event post-install
if you want to avoid the reboot and configure loop for the moment you can do
passwd admin /usr/bin/systemctl restart rsyslog /sbin/e-smith/db accounts setprop admin PasswordSet yes /sbin/e-smith/db configuration set PasswordSet yes /sbin/e-smith/db configuration setprop bootstrap-console Restore disabled
then try to configure using console
/sbin/e-smith/console
then to be sure to get sshd back
/sbin/e-smith/db configuration setprop sshd status enabled PermitRootLogin yes access public # add PasswordAuthentication yes to enable password login (strongly discouraged) /sbin/e-smith/expand-template /etc/ssh/ssh_config /sbin/e-smith/expand-template /etc/ssh/sshd_config /usr/bin/systemctl restart sshd.service /sbin/e-smith/signal-event remoteaccess-update
then you can
signal-event post-upgrade; signal-event reboot;
## end of the part better on tty than on sshd
## alternative method using ssh terminal
I did this from a ssh terminal without losing access except sshd got set to private:
/sbin/e-smith/db configuration setprop sshd status enabled PermitRootLogin yes access public /sbin/e-smith/expand-template /etc/ssh/ssh_config /sbin/e-smith/expand-template /etc/ssh/sshd_config /usr/bin/systemctl restart sshd.service /sbin/e-smith/signal-event remoteaccess-update passwd admin {Set password to same as root} /sbin/e-smith/db accounts setprop admin PasswordSet yes /sbin/e-smith/db configuration set PasswordSet yes /sbin/e-smith/db configuration setprop bootstrap-console Restore disabled /usr/bin/systemctl restart rsyslog
systemctl stop NetworkManager && systemctl disable NetworkManager && systemctl stop NetworkManager-wait-online.service && systemctl disable NetworkManager-wait-online.service && systemctl start networking && dnf remove NetworkManager* --noautoremove && dnf remove @headless-management @hardware-support
At this point we are still logged in with a ssh terminal but now using Koozali networking with the NetworkManager configs)
unlink /etc/e-smith/events/post-install/S10init-passwords /sbin/e-smith/signal-event post-install
Configure the server.
/sbin/e-smith/console
You might need to reset the ssh property via you console to access public - I think the reconfigure may have set it back to private.
Check before rebooting.
Reboot.
## end of alternative method using ssh terminal
From there, if you are lucky, it worked and you can try to test, report as bug, or even create a patch
At the moment of the update UPS nut and qpsmtpd-postfix-qmail are work on progress.
Optional parts for testing
Koji repos
also you might want to plan ahead and put the koji repo for when you will have deleted the custom template.
vim /etc/yum.smerepos.d/koji.repo
and paste:
[koji-sme11] enabled=1 name=koji-sme11 baseurl=http://koji.koozali.org/kojifiles/repos-dist/dist-sme11-os/latest/x86_64/ #http://koji.koozali.org/kojifiles/repos/dist-sme11-build/latest/x86_64/ gpgcheck=1 enablegroups=1 [koji-contribs11] enabled=0 name=koji-contribs11 baseurl=http://koji.koozali.org/kojifiles/repos-dist/smecontribs11-testing/latest/x86_64/ gpgcheck=0 enablegroups=1
Ye ol e-smith-manager
Also remember that the legacy server manager (SM1) is not installed by the above, so, perhaps:
dnf install e-smith-manager
If you then find you get an SM1 login but the login just clears the fields and does not login, then you can fix this with:
expand-template /etc/e-smith/web/common//cgi-bin/AuthTKT.cfg
debug mode of new smanager
To get better information from Server Manager 2 (this replaces the barfing dinosaur):
mkdir -p /etc/e-smith/templates-custom/usr/share/smanager/conf/srvmngr.conf/
cat <<EOF > /etc/e-smith/templates-custom/usr/share/smanager/conf/srvmngr.conf/30Other
modules_dir => 'lib/SrvMngr/Controller',
webapp => 'smanager',
mode => 'development',
debug => 1,
\}
EOF
expand-template /usr/share/smanager/conf/srvmngr.conf
signal-event smanager-refresh
Notes
we will have horde 6 in remi Horde 6 requires PHP 8.1 or PHP 8.2 versions. Support for PHP 8.3 is in development. https://wiki.horde.org/Doc/Dev/H6/Installation/PHP?referrer=Doc%2FDev%2FH6%2FInstallation
Horde 6 has been tested with MariaDB 10.8 and MariaDB 10.9 - any MariaDB of the 10.x series should work.
* ensure mariadb uses "innodb" as its default engine
* ensure the PHP server can reach the database hostname and port
* use utf8mb4 as default charset.
* create a database schema. This documentation assumes the db name is "horde"
https://wiki.horde.org/Doc/Dev/H6/Installation?version=10
References
- https://dnf.readthedocs.io/en/latest/modularity.htm
- https://docs.fedoraproject.org/en-US/modularity/using-modules/
- https://dnf.readthedocs.io/en/latest/cli_vs_yum.html
- https://man7.org/linux/man-pages/man5/dnf.conf.5.html
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/software-management_considerations-in-adopting-rhel-8
- https://fedoraproject.org/wiki/Features/YumMetalinks
- https://www.tecmint.com/reset-forgotten-root-password-in-rocky-linux-almalinux/