Sympl issueshttps://gitlab.com/sympl.io/sympl/-/issues2019-05-28T11:58:08Zhttps://gitlab.com/sympl.io/sympl/-/issues/204"Not running MySQL backup tests, since not all the requirements are in place."2019-05-28T11:58:08ZPaul Cammish"Not running MySQL backup tests, since not all the requirements are in place."It looks like the relevant ruby libraries are missing for symbiosis-test from the repo/install (and would have been on the build box), but an attempt to track the relevant version down didn't come up with a perfect match.
This can proba...It looks like the relevant ruby libraries are missing for symbiosis-test from the repo/install (and would have been on the build box), but an attempt to track the relevant version down didn't come up with a perfect match.
This can probably just be rewritten in bash, as it's some simple SQL queries.Testing SuitePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/205"Quota exceeded (mailbox for user is full)"2019-05-28T11:58:11ZPaul Cammish"Quota exceeded (mailbox for user is full)"Symbiosis-test outputs `Quota exceeded (mailbox for user is full)` twice while running. This may be a bug, or it may be operating normally. Either way it should be fixed or supressed.Symbiosis-test outputs `Quota exceeded (mailbox for user is full)` twice while running. This may be a bug, or it may be operating normally. Either way it should be fixed or supressed.Testing SuitePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/203`symbiosis-test` fails the first antivirus test, but only on first run2019-06-07T10:53:05ZPaul Cammish`symbiosis-test` fails the first antivirus test, but only on first runIt's unclear why this is the case - it doesn't appear to be related to timing, or load or anything similar, but in the first ever run on a machine, the first antivirus test fails as the test mail is apparently let through.
```
=========...It's unclear why this is the case - it doesn't appear to be related to timing, or load or anything similar, but in the first ever run on a machine, the first antivirus test fails as the test mail is apparently let through.
```
===============================================================================
Failure: test_acl_check_antivirus(Exim4ConfigTest)
/etc/symbiosis/test.d/tc_exim4.rb:280:in `block in do_acl_script'
/etc/symbiosis/test.d/tc_exim4.rb:263:in `open'
/etc/symbiosis/test.d/tc_exim4.rb:263:in `do_acl_script'
/etc/symbiosis/test.d/tc_exim4.rb:410:in `test_acl_check_antivirus'
407:
408: FileUtils.touch(File.join(config_dir, "antivirus"))
409: # OK the file is there now, so reject (as per default)
=> 410: do_acl_script('exim4_acl_tests/antivirus_reject')
411:
412: # OK, now the file contains "tag" so accept, and tag
413: File.open(File.join(config_dir, "antivirus"),"w+"){|fh| fh.puts("tag my mail")}
ACL test failed after line 21 of exim4_acl_tests/antivirus_reject (OK id=1hTyWz-0000UI-BT)
<550> expected but was
<250>
diff:
? 550
? 2
===============================================================================
```
On every subsequent run it's fine, and there's no sign of a change caused by the first run.
As a workaround, it's now running twice, and discarding the first run silently.
Commit https://gitlab.mythic-beasts.com/sympl/sympl_stretch/commit/46a6e141f63e2c2ed025e530c7577ee2d97f07e5
Job [#2785](https://gitlab.mythic-beasts.com/sympl/sympl_stretch/-/jobs/2785) failed for 9480193f15793d90448b10ee278404beba37c304Future Planshttps://gitlab.com/sympl.io/sympl/-/issues/237core: ssl certs not getting linked on install2019-06-24T14:11:29ZPaul Cammishcore: ssl certs not getting linked on installLooks like something is borking along the way, probably preventing sympl-core from betting properly configured.
Should be fairly easy to fix.Looks like something is borking along the way, probably preventing sympl-core from betting properly configured.
Should be fairly easy to fix.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/264Default IP confusion with other services2020-04-21T21:19:55ZPaul CammishDefault IP confusion with other services# What is the current bug behavior?
When adding extra IPs manually (such as an IPv6 address), Sympl can get confused as to which is the primary IP, in cases where the IPs are listed out-of order in the output of `ip a`
# What is the e...# What is the current bug behavior?
When adding extra IPs manually (such as an IPv6 address), Sympl can get confused as to which is the primary IP, in cases where the IPs are listed out-of order in the output of `ip a`
# What is the expected correct behavior?
Sympl should probably take the IP(s) of the default domain `/srv/$HOSTNAME` as the default IP, only using the `config/ip` file to override this.
/cc @kelduumhttps://gitlab.com/sympl.io/sympl/-/issues/268DKIM signature covers the sender address, but should cover the FROM HEADER ad...2020-09-24T06:23:41ZPaul CammishDKIM signature covers the sender address, but should cover the FROM HEADER address.# Summary
DKIM signatures are based on the SMTP sender address, not the email FROM HEADER address, which is the wrong thing to do. When the FROM address is local, and there's a DKIM key to sign with, then that should be done.
If there...# Summary
DKIM signatures are based on the SMTP sender address, not the email FROM HEADER address, which is the wrong thing to do. When the FROM address is local, and there's a DKIM key to sign with, then that should be done.
If there's no key to sign with, then perhaps we should not be sending the email!?
# Steps to reproduce
Send an email with a FROM address that doesn't match the SMTP sender address. You should notice that the DKIM header doesn't cover the FROM address.
/cc @kelduumhttps://gitlab.com/sympl.io/sympl/-/issues/244Incorrect permissions on dkim selector file2019-06-28T16:43:46ZPaul CammishIncorrect permissions on dkim selector fileMy dkim selector file is currently owned by sympl:sympl, with permissions set to 660.
I received the following error in my logs overnight:
2019-06-27 06:39:42 1hgN8H-0005FM-Rw failed to expand dkim_selector: failed to open /srv/gentlys...My dkim selector file is currently owned by sympl:sympl, with permissions set to 660.
I received the following error in my logs overnight:
2019-06-27 06:39:42 1hgN8H-0005FM-Rw failed to expand dkim_selector: failed to open /srv/gentlysympl.gentlyhosting.uk/config/dkim: Permission denied (euid=105 egid=109)
What should the permissions / ownership be set to? The uid / gid referred to in the error are both Debian-exim. Can sympl automatically adjust these permissions if a specific set are required?Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/240Job Failed #7680 - net_connect_unix(/var/run/dovecot/stats-writer)2019-06-26T16:11:45ZPaul CammishJob Failed #7680 - net_connect_unix(/var/run/dovecot/stats-writer)Job [#7680](https://gitlab.mythic-beasts.com/sympl/sympl/-/jobs/7680) failed for f7d32cae365d7e879cd6d3987ec68d63d0f125c8:
```
run-parts: executing autotest/test.d/90-symbiosis-test
Running sympl-test...
Loaded suite /usr/bin/sympl-test...Job [#7680](https://gitlab.mythic-beasts.com/sympl/sympl/-/jobs/7680) failed for f7d32cae365d7e879cd6d3987ec68d63d0f125c8:
```
run-parts: executing autotest/test.d/90-symbiosis-test
Running sympl-test...
Loaded suite /usr/bin/sympl-test
Started
...............................................................................
.......................................lda(test@h2t4nehquz.test,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
.lda(sympl-test@quick.sympl.test,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
.lda(test@tsn3b3s36c.test,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
.lda(test@cu9yts5qtz.test,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
F
===============================================================================
Failure: test_deliver_with_sieve(TestDovecot)
/etc/sympl/test.d/tc_dovecot.rb:371:in `do_test_deliver_with_sieve'
/etc/sympl/test.d/tc_dovecot.rb:382:in `test_deliver_with_sieve'
379:
380: def test_deliver_with_sieve
381: @mailbox.create
=> 382: do_test_deliver_with_sieve(@mailbox)
383: end
384:
385: def test_deliver_with_sieve_for_local_users
Found 1 messages in Maildir/new rather than 0
<0> expected but was
<1>
===============================================================================
.lda(sympl-test@quick.sympl.test,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
F
===============================================================================
Failure: test_deliver_with_sieve_for_local_users(TestDovecot)
/etc/sympl/test.d/tc_dovecot.rb:371:in `do_test_deliver_with_sieve'
/etc/sympl/test.d/tc_dovecot.rb:391:in `test_deliver_with_sieve_for_local_users'
388: mailbox = do_setup_local_mailbox(test_user)
389: sieve_file = File.join(mailbox.directory, ".sieve")
390:
=> 391: do_test_deliver_with_sieve(mailbox)
392: ensure
393: File.unlink(sieve_file) if sieve_file and File.exist?(sieve_file)
394: end
Found 1 messages in Maildir/new rather than 0
<0> expected but was
<1>
===============================================================================
...............................................................................
.......................
Finished in 102.66534708 seconds.
-------------------------------------------------------------------------------
226 tests, 1495 assertions, 2 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
99.115% passed
-------------------------------------------------------------------------------
2.20 tests/s, 14.56 assertions/s
```
This may simply be the way the testing interfaces with dovecot, as the 'stats' functionality in Dovecot has changed.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/327letsencrypt initialisation uses incorrect e-mail address2023-05-12T15:40:23ZPaul Cammishletsencrypt initialisation uses incorrect e-mail address# Summary
When letsencrypt is initialised, if a second website has already been created, that site's domain is used to register with letsencrypt rather than the system's hostname domain.
# Steps to reproduce
1. Automatically install ...# Summary
When letsencrypt is initialised, if a second website has already been created, that site's domain is used to register with letsencrypt rather than the system's hostname domain.
# Steps to reproduce
1. Automatically install sympl on Debian 11.
2. 'sympl web create banana.DOMAIN'
3. Follow wiki instructions to rename system from localhost.localdomain to apple.DOMAIN
4. 'echo "letsencrypt" > /srv/apple.DOMAIN/config/ssl-provider'
5. 'sudo sympl-ssl --verbose --force $newhost'
# What is the current bug behavior?
When letsencrypt is run for the first time, if a website other than the default one has already been created, the wrong domain is used to register with letsencrypt
# What is the expected correct behavior?
The system hostname domain should be used
# Relevant logs and/or screenshots
```
* Examining certificates for apple.DOMAIN
SSL set 0: The certificate subject is not valid for this domain apple.DOMAIN.
SSL set 0: The certificate subject is not valid for this domain apple.DOMAIN.
No valid certificate sets found.
Fetching a new certificate from LetsEncrypt.
Created new account with email address: root@banana.DOMAIN
Requesting verification for apple.DOMAIN from https://acme-v02.api.letsencrypt.org/directory
Successfully verified apple.DOMAIN
Requesting verification for www.apple.DOMAIN from https://acme-v02.api.letsencrypt.org/directory
!! Unable to verify www.apple.DOMAIN (status: invalid)
!! Check http://www.apple.DOMAIN/.well-known/acme-challenge/V45LrunGXuYPgAU8fnsLSvQDZReL0DemhcFc0Nf0APY works.
Successfully fetched new certificate and created set 1
Rolled over to SSL set 1
```
You can see that while the correct certificate is requested (apple.DOMAIN), the wrong e-mail address (root@banana.DOMAIN) is used to register with letsencrypt.
# Possible fixes
Sorry, no idea.
/cc @kelduumhttps://gitlab.com/sympl.io/sympl/-/issues/235mail: Dovecot config entries obsoleted.2019-06-24T14:12:23ZPaul Cammishmail: Dovecot config entries obsoleted.```
ssl_protocols -> ssl_min_protocol
ssl_dh_parameters_length -> x
```
Possibly some others, so worth checking against a plain config.```
ssl_protocols -> ssl_min_protocol
ssl_dh_parameters_length -> x
```
Possibly some others, so worth checking against a plain config.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/236mail: Exim - Warning: purging the environment.2019-06-24T14:24:24ZPaul Cammishmail: Exim - Warning: purging the environment.On starting exim reports:
`Warning: purging the environment.`
`use keep_environment`
IIRC this is a thing from Jessie, so may have turned up again (or just not been fixed).On starting exim reports:
`Warning: purging the environment.`
`use keep_environment`
IIRC this is a thing from Jessie, so may have turned up again (or just not been fixed).Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/238mail: Sieve tests failing2019-07-02T16:38:04ZPaul Cammishmail: Sieve tests failingLooks like two tests are failing at present.
* test_deliver_with_sieve
* test_deliver_with_sieve_for_local_users
Likely a change to sieve configuration as with Stretch.Looks like two tests are failing at present.
* test_deliver_with_sieve
* test_deliver_with_sieve_for_local_users
Likely a change to sieve configuration as with Stretch.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/319multiple: 'tempfile is deprecated; consider using mktemp instead.'2022-03-28T10:02:58ZPaul Cammishmultiple: 'tempfile is deprecated; consider using mktemp instead.'Reported in https://forum.sympl.host/t/tempfile-is-deprecated-messages/245
Cron weekly (and likely others) report `WARNING: tempfile is deprecated; consider using mktemp instead. ` when running the jobs.
On investigation, `tempfile` is...Reported in https://forum.sympl.host/t/tempfile-is-deprecated-messages/245
Cron weekly (and likely others) report `WARNING: tempfile is deprecated; consider using mktemp instead. ` when running the jobs.
On investigation, `tempfile` is used in:
```list
core/lib/symbiosis/config_file.rb
core/test.d/tc_utils.rb
core/test.d/tc_config_file.rb
dns/lib/symbiosis/config_files/tinydns.rb
firewall/sbin/sympl-firewall-blacklist
firewall/sbin/sympl-firewall-whitelist
firewall/sbin/sympl-firewall
firewall/test.d/tc_blacklistdb.r
ftp/test.d/tc_ftp.rb
mail/sympl/test.d/tc_poppassd.rb
mail/sympl/test.d/tc_dict_handler.rb
web/lib/symbiosis/config_files/apache.rb
web/lib/symbiosis/config_files/webalizer.rb
web/test.d/tc_apache_logger.rb
web/test.d/tb_sympl_web_configure.rb
```
More investigation is probably needed as it looks to be originating with the ruby tempfile.rb library.https://gitlab.com/sympl.io/sympl/-/issues/258Occasional short-term failures reported by monitoring2019-07-31T17:52:47ZPaul CammishOccasional short-term failures reported by monitoringRecently received the following report from the automatic monitoring. It resolved itself a few minutes later.
[paste_1093477.txt](/uploads/b13f16c409a7c2c5791a95e3d7601585/paste_1093477.txt)
I've seen similar short-term failures a coup...Recently received the following report from the automatic monitoring. It resolved itself a few minutes later.
[paste_1093477.txt](/uploads/b13f16c409a7c2c5791a95e3d7601585/paste_1093477.txt)
I've seen similar short-term failures a couple of timeshttps://gitlab.com/sympl.io/sympl/-/issues/13poppass_handler.rb no longer checks passwords for complexity2019-06-10T15:01:30ZPaul Cammishpoppass_handler.rb no longer checks passwords for complexity`email/lib/symbiosis/email/poppass_handler.rb` has been switched from ruby-cracklib to plain ruby-password.
As part of the change (quick fix), it no longer enforces password complexity, allowing weak and possibly compromisable passwords.`email/lib/symbiosis/email/poppass_handler.rb` has been switched from ruby-cracklib to plain ruby-password.
As part of the change (quick fix), it no longer enforces password complexity, allowing weak and possibly compromisable passwords.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/246Roundcube unable to send mail in Buster.2019-07-02T16:38:13ZPaul CammishRoundcube unable to send mail in Buster.Needs confirming if this is affecting Stretch also.Needs confirming if this is affecting Stretch also.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/223Ruby scripts have output noise when run in verbose.2019-06-07T14:21:08ZPaul CammishRuby scripts have output noise when run in verbose.The --verbose fag sets the ruby $VERBOSE variable, with is outputting various warnings.
Changing the name of this variable should avoid the collision.
symbiosis-dns-generate --verbose
```
Falling back to gcc to determine sizeof size_t....The --verbose fag sets the ruby $VERBOSE variable, with is outputting various warnings.
Changing the name of this variable should avoid the collision.
symbiosis-dns-generate --verbose
```
Falling back to gcc to determine sizeof size_t.
/usr/lib/ruby/vendor_ruby/diffy/diff.rb:43: warning: method redefined; discarding old diff
/usr/lib/ruby/vendor_ruby/erubis/enhancer.rb:517: warning: instance variable @prefixrexp not initialized
```
symbiosis-firewall --verbose
```
Falling back to gcc to determine sizeof size_t.
readnews defined twice. Ignoring definition for port 532
dicom defined twice. Ignoring definition for port 11112
```
symbiosis-firewall-blacklist --verbose
```
Falling back to gcc to determine sizeof size_t.
```
symbiosis-firewall-whitelist --verbose
```
Falling back to gcc to determine sizeof size_t.
```
symbiosis-httpd-generate-stats --verbose
```
Falling back to gcc to determine sizeof size_t.
/usr/lib/ruby/vendor_ruby/diffy/diff.rb:43: warning: method redefined; discarding old diff
```
symbiosis-httpd-rotate-logs --verbose
```
Falling back to gcc to determine sizeof size_t.
```
symbiosis-ssl
```
net/http: warning: Content-Type did not set; using application/x-www-form-urlencoded
net/http: warning: Content-Type did not set; using application/x-www-form-urlencoded
```Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/259Running backups manually seems to cause issues2019-08-19T07:25:08ZPaul CammishRunning backups manually seems to cause issuesIt appears that running backups manually as the `sympl` user will cause the sympl-sqldump script to fail (as it's not running as root), possibly causing later backups to fail as a dump was started but not completed.
Sympl should probabl...It appears that running backups manually as the `sympl` user will cause the sympl-sqldump script to fail (as it's not running as root), possibly causing later backups to fail as a dump was started but not completed.
Sympl should probably check for a generic user with full mysql access rather than just root (or the root or Sympl user), and/or automatically use the `--force` flag when triggering backups.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/16symbiosis-encrypt-password doesn't check for weak passwords2019-06-10T15:01:46ZPaul Cammishsymbiosis-encrypt-password doesn't check for weak passwordsNeeds to be updated to use ruby-password rather than cracklibNeeds to be updated to use ruby-password rather than cracklibSympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/17symbiosis-password-test doesn't do anything serious2019-06-10T15:01:48ZPaul Cammishsymbiosis-password-test doesn't do anything seriousThis will also need the old ruby-cracklib code swapping to use ruby-password.
As is, it won't check for weak passwords, which is it's core function.This will also need the old ruby-cracklib code swapping to use ruby-password.
As is, it won't check for weak passwords, which is it's core function.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammish