Sympl issueshttps://gitlab.com/sympl.io/sympl/-/issues2019-09-17T13:45:19Zhttps://gitlab.com/sympl.io/sympl/-/issues/261sympl-ssl fails in NAT64 environments with IPv4 addresses2019-09-17T13:45:19ZPaul Cammishsympl-ssl fails in NAT64 environments with IPv4 addressesThis is due to the old Ruby library being used, which defaults to IPv4.
A workaround exists for this, which adds an entry to the hosts file, but fails to detect NAT64 setups.This is due to the old Ruby library being used, which defaults to IPv4.
A workaround exists for this, which adds an entry to the hosts file, but fails to detect NAT64 setups.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/259Running backups manually seems to cause issues2019-08-19T07:25:08ZPaul CammishRunning backups manually seems to cause issuesIt appears that running backups manually as the `sympl` user will cause the sympl-sqldump script to fail (as it's not running as root), possibly causing later backups to fail as a dump was started but not completed.
Sympl should probabl...It appears that running backups manually as the `sympl` user will cause the sympl-sqldump script to fail (as it's not running as root), possibly causing later backups to fail as a dump was started but not completed.
Sympl should probably check for a generic user with full mysql access rather than just root (or the root or Sympl user), and/or automatically use the `--force` flag when triggering backups.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/255sympl-web-rotate-logs doesnt work2019-07-09T19:27:36ZPaul Cammishsympl-web-rotate-logs doesnt workThis is due to it dropping permissions which is incompatible with the new security permissions system.
As it normally only ever runs as root, this isn't needed, and also means log rotation never happens properly as it's only telling the...This is due to it dropping permissions which is incompatible with the new security permissions system.
As it normally only ever runs as root, this isn't needed, and also means log rotation never happens properly as it's only telling the logger processes to reload, not Apache.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/254sympl-firewall: iptables email warning (buster)2019-08-16T17:51:06ZPaul Cammishsympl-firewall: iptables email warning (buster)It appears with the change to iptables-nft, wanring are being generated about iptables-legacy having rules (although they appear to be empty).It appears with the change to iptables-nft, wanring are being generated about iptables-legacy having rules (although they appear to be empty).Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/249sympl-ssl - IPv6 Only DNS Resolution2021-02-12T18:08:30ZPaul Cammishsympl-ssl - IPv6 Only DNS ResolutionDNS resolution times out in IPv6 Only environment when contacting Let's Encrypt.
This is due to the resolver assuming theres an IPv4 address, and binding to that for replies.
A workaround is to add the relevant host to /etc/hosts befor...DNS resolution times out in IPv6 Only environment when contacting Let's Encrypt.
This is due to the resolver assuming theres an IPv4 address, and binding to that for replies.
A workaround is to add the relevant host to /etc/hosts before running.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/246Roundcube unable to send mail in Buster.2019-07-02T16:38:13ZPaul CammishRoundcube unable to send mail in Buster.Needs confirming if this is affecting Stretch also.Needs confirming if this is affecting Stretch also.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/244Incorrect permissions on dkim selector file2019-06-28T16:43:46ZPaul CammishIncorrect permissions on dkim selector fileMy dkim selector file is currently owned by sympl:sympl, with permissions set to 660.
I received the following error in my logs overnight:
2019-06-27 06:39:42 1hgN8H-0005FM-Rw failed to expand dkim_selector: failed to open /srv/gentlys...My dkim selector file is currently owned by sympl:sympl, with permissions set to 660.
I received the following error in my logs overnight:
2019-06-27 06:39:42 1hgN8H-0005FM-Rw failed to expand dkim_selector: failed to open /srv/gentlysympl.gentlyhosting.uk/config/dkim: Permission denied (euid=105 egid=109)
What should the permissions / ownership be set to? The uid / gid referred to in the error are both Debian-exim. Can sympl automatically adjust these permissions if a specific set are required?Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/242sympl-mail-dovecot-sni should use ssl.bundle rather than ssl.crt2019-06-26T14:59:50ZPaul Cammishsympl-mail-dovecot-sni should use ssl.bundle rather than ssl.crtAs is, it provides the cert, but not the bundle, meaning the chain is broken.
It's worth investigating of the exim sni configuration has the same issue also.As is, it provides the cert, but not the bundle, meaning the chain is broken.
It's worth investigating of the exim sni configuration has the same issue also.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/240Job Failed #7680 - net_connect_unix(/var/run/dovecot/stats-writer)2019-06-26T16:11:45ZPaul CammishJob Failed #7680 - net_connect_unix(/var/run/dovecot/stats-writer)Job [#7680](https://gitlab.mythic-beasts.com/sympl/sympl/-/jobs/7680) failed for f7d32cae365d7e879cd6d3987ec68d63d0f125c8:
```
run-parts: executing autotest/test.d/90-symbiosis-test
Running sympl-test...
Loaded suite /usr/bin/sympl-test...Job [#7680](https://gitlab.mythic-beasts.com/sympl/sympl/-/jobs/7680) failed for f7d32cae365d7e879cd6d3987ec68d63d0f125c8:
```
run-parts: executing autotest/test.d/90-symbiosis-test
Running sympl-test...
Loaded suite /usr/bin/sympl-test
Started
...............................................................................
.......................................lda(test@h2t4nehquz.test,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
.lda(sympl-test@quick.sympl.test,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
.lda(test@tsn3b3s36c.test,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
.lda(test@cu9yts5qtz.test,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
F
===============================================================================
Failure: test_deliver_with_sieve(TestDovecot)
/etc/sympl/test.d/tc_dovecot.rb:371:in `do_test_deliver_with_sieve'
/etc/sympl/test.d/tc_dovecot.rb:382:in `test_deliver_with_sieve'
379:
380: def test_deliver_with_sieve
381: @mailbox.create
=> 382: do_test_deliver_with_sieve(@mailbox)
383: end
384:
385: def test_deliver_with_sieve_for_local_users
Found 1 messages in Maildir/new rather than 0
<0> expected but was
<1>
===============================================================================
.lda(sympl-test@quick.sympl.test,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
F
===============================================================================
Failure: test_deliver_with_sieve_for_local_users(TestDovecot)
/etc/sympl/test.d/tc_dovecot.rb:371:in `do_test_deliver_with_sieve'
/etc/sympl/test.d/tc_dovecot.rb:391:in `test_deliver_with_sieve_for_local_users'
388: mailbox = do_setup_local_mailbox(test_user)
389: sieve_file = File.join(mailbox.directory, ".sieve")
390:
=> 391: do_test_deliver_with_sieve(mailbox)
392: ensure
393: File.unlink(sieve_file) if sieve_file and File.exist?(sieve_file)
394: end
Found 1 messages in Maildir/new rather than 0
<0> expected but was
<1>
===============================================================================
...............................................................................
.......................
Finished in 102.66534708 seconds.
-------------------------------------------------------------------------------
226 tests, 1495 assertions, 2 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
99.115% passed
-------------------------------------------------------------------------------
2.20 tests/s, 14.56 assertions/s
```
This may simply be the way the testing interfaces with dovecot, as the 'stats' functionality in Dovecot has changed.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/238mail: Sieve tests failing2019-07-02T16:38:04ZPaul Cammishmail: Sieve tests failingLooks like two tests are failing at present.
* test_deliver_with_sieve
* test_deliver_with_sieve_for_local_users
Likely a change to sieve configuration as with Stretch.Looks like two tests are failing at present.
* test_deliver_with_sieve
* test_deliver_with_sieve_for_local_users
Likely a change to sieve configuration as with Stretch.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/237core: ssl certs not getting linked on install2019-06-24T14:11:29ZPaul Cammishcore: ssl certs not getting linked on installLooks like something is borking along the way, probably preventing sympl-core from betting properly configured.
Should be fairly easy to fix.Looks like something is borking along the way, probably preventing sympl-core from betting properly configured.
Should be fairly easy to fix.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/236mail: Exim - Warning: purging the environment.2019-06-24T14:24:24ZPaul Cammishmail: Exim - Warning: purging the environment.On starting exim reports:
`Warning: purging the environment.`
`use keep_environment`
IIRC this is a thing from Jessie, so may have turned up again (or just not been fixed).On starting exim reports:
`Warning: purging the environment.`
`use keep_environment`
IIRC this is a thing from Jessie, so may have turned up again (or just not been fixed).Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/235mail: Dovecot config entries obsoleted.2019-06-24T14:12:23ZPaul Cammishmail: Dovecot config entries obsoleted.```
ssl_protocols -> ssl_min_protocol
ssl_dh_parameters_length -> x
```
Possibly some others, so worth checking against a plain config.```
ssl_protocols -> ssl_min_protocol
ssl_dh_parameters_length -> x
```
Possibly some others, so worth checking against a plain config.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/232Sympl determines host name incorrectly during install2022-04-26T09:50:34ZPaul CammishSympl determines host name incorrectly during installDuring the install, sympl creates a 'default' directory based on the hostname of the machine. However, it incorrectly uses the domain 'localdomain' when creating this directory.
On a clean debian machine, the /etc/hostname file contains...During the install, sympl creates a 'default' directory based on the hostname of the machine. However, it incorrectly uses the domain 'localdomain' when creating this directory.
On a clean debian machine, the /etc/hostname file contains a bare hostname. Code in core/debian/postinst uses this file as the hostname, and if it sees a 'bare' hostname, appends 'localdomain' to the hostname read from the file.
The debian installation had a full hostname specified, and typing
hostname -f
retrieves this full host name correctly.
The postinst script will also fall back to using hostname -f if /etc/hostname exists.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/231sympl-filesystem-security: /srv/example.com/public is not set 27752019-06-12T13:11:10ZPaul Cammishsympl-filesystem-security: /srv/example.com/public is not set 2775Looks like I missed this when I was putting the script together, should be a simple fix:
`find "${domain}/public" ! -type l ! \( -type f ! -perm 664 -exec chmod 664 {} \; -o -type d -perm 2775 -exec chmod 2775 {} \; \)`
sympl-filesyste...Looks like I missed this when I was putting the script together, should be a simple fix:
`find "${domain}/public" ! -type l ! \( -type f ! -perm 664 -exec chmod 664 {} \; -o -type d -perm 2775 -exec chmod 2775 {} \; \)`
sympl-filesystem-security should also check config/ssl/sets exists before trying to do anything with it
Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/230sympl-web: Logs directory is not automatically created2019-06-12T13:11:07ZPaul Cammishsympl-web: Logs directory is not automatically createdThis looks to happen when the directory is not owned by a non-system user, and is likely in `sympl-web-logger`
Adding this to sympl-web-configure in a relevant place should fix it:
```ruby
dirname = File.dirname("#{domain.directory}...This looks to happen when the directory is not owned by a non-system user, and is likely in `sympl-web-logger`
Adding this to sympl-web-configure in a relevant place should fix it:
```ruby
dirname = File.dirname("#{domain.directory}/public/logs/.")
unless File.directory?(dirname)
verbose "\tCReating log directory #{dirname}"
FileUtils.mkdir_p(dirname)
FileUtils.chown_R 'sympl', 'sympl', dirname, :verbose => true
end
```Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/220Web stats are insecure and need updating2019-06-12T13:10:49ZPaul CammishWeb stats are insecure and need updatingIt's unclear if the stats stuff even gets used, as it's not mentioned much in the old Symbiosis docs.
However, some time ago it was supposed to be disabled by default, but that's not the case, so it's automatically generated for each si...It's unclear if the stats stuff even gets used, as it's not mentioned much in the old Symbiosis docs.
However, some time ago it was supposed to be disabled by default, but that's not the case, so it's automatically generated for each site at /stats, and doesn't require any auth at all.
This should either be secured properly, or replaced with something a bit more up to date, like goaccess which has a package and is realtime.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/206symbiosis-test skips phpmyadmin tests2019-05-28T11:58:10ZPaul Cammishsymbiosis-test skips phpmyadmin testsIt looks like due to the changes to MariaDB, the tests which expect to log in to phpmyadmin as root/debian-sys-maint are failing.
```
Skipping phpmyadmin debian-sys-maint auth test - password not found.
Skipping phpmyadmin root auth tes...It looks like due to the changes to MariaDB, the tests which expect to log in to phpmyadmin as root/debian-sys-maint are failing.
```
Skipping phpmyadmin debian-sys-maint auth test - password not found.
Skipping phpmyadmin root auth test - password not found.
```
This should be fairly simple to fix to use the generated 'admin' username/password, and ensure the passwordless logins fail.Testing SuitePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/205"Quota exceeded (mailbox for user is full)"2019-05-28T11:58:11ZPaul Cammish"Quota exceeded (mailbox for user is full)"Symbiosis-test outputs `Quota exceeded (mailbox for user is full)` twice while running. This may be a bug, or it may be operating normally. Either way it should be fixed or supressed.Symbiosis-test outputs `Quota exceeded (mailbox for user is full)` twice while running. This may be a bug, or it may be operating normally. Either way it should be fixed or supressed.Testing SuitePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/204"Not running MySQL backup tests, since not all the requirements are in place."2019-05-28T11:58:08ZPaul Cammish"Not running MySQL backup tests, since not all the requirements are in place."It looks like the relevant ruby libraries are missing for symbiosis-test from the repo/install (and would have been on the build box), but an attempt to track the relevant version down didn't come up with a perfect match.
This can proba...It looks like the relevant ruby libraries are missing for symbiosis-test from the repo/install (and would have been on the build box), but an attempt to track the relevant version down didn't come up with a perfect match.
This can probably just be rewritten in bash, as it's some simple SQL queries.Testing SuitePaul CammishPaul Cammish