Sympl issueshttps://gitlab.com/sympl.io/sympl/-/issues2019-09-08T15:13:43Zhttps://gitlab.com/sympl.io/sympl/-/issues/263LetsEncrypt certificates not renewed early enough2019-09-08T15:13:43ZPaul CammishLetsEncrypt certificates not renewed early enough# Summary
LetsEncrypt certificates are not renewed a month before expiry (as recommended). This causes warning emails to be received from LetsEncrypt.
# Steps to reproduce
Enable LetsEncrypt certificates for a domain. Wait 60 days.
...# Summary
LetsEncrypt certificates are not renewed a month before expiry (as recommended). This causes warning emails to be received from LetsEncrypt.
# Steps to reproduce
Enable LetsEncrypt certificates for a domain. Wait 60 days.
# What is the current bug behavior?
Certificates are not renewed until 2 weeks before expiry, causing a warning.email to be received
# What is the expected correct behavior?
Certificate should be removed 30 days before expiry.
See: https://letsencrypt.org/docs/integration-guide/
for more info.
/cc @kelduumPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/235mail: Dovecot config entries obsoleted.2019-06-24T14:12:23ZPaul Cammishmail: Dovecot config entries obsoleted.```
ssl_protocols -> ssl_min_protocol
ssl_dh_parameters_length -> x
```
Possibly some others, so worth checking against a plain config.```
ssl_protocols -> ssl_min_protocol
ssl_dh_parameters_length -> x
```
Possibly some others, so worth checking against a plain config.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/236mail: Exim - Warning: purging the environment.2019-06-24T14:24:24ZPaul Cammishmail: Exim - Warning: purging the environment.On starting exim reports:
`Warning: purging the environment.`
`use keep_environment`
IIRC this is a thing from Jessie, so may have turned up again (or just not been fixed).On starting exim reports:
`Warning: purging the environment.`
`use keep_environment`
IIRC this is a thing from Jessie, so may have turned up again (or just not been fixed).Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/238mail: Sieve tests failing2019-07-02T16:38:04ZPaul Cammishmail: Sieve tests failingLooks like two tests are failing at present.
* test_deliver_with_sieve
* test_deliver_with_sieve_for_local_users
Likely a change to sieve configuration as with Stretch.Looks like two tests are failing at present.
* test_deliver_with_sieve
* test_deliver_with_sieve_for_local_users
Likely a change to sieve configuration as with Stretch.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/19New runner configuration is needed2019-04-11T21:59:48ZPaul CammishNew runner configuration is neededAt present it's all running inside docker - this is okay for simple jobs but not for testing, as its not the same as a real dedi or VM.
gitlab-runner supports VirtualBox VMs used for this purpose, so I will need to set this up.At present it's all running inside docker - this is okay for simple jobs but not for testing, as its not the same as a real dedi or VM.
gitlab-runner supports VirtualBox VMs used for this purpose, so I will need to set this up.Testing SuitePaul CammishPaul Cammish2019-04-12https://gitlab.com/sympl.io/sympl/-/issues/2Old issues from https://github.com/bytemarkhosting/symbiosis are missing.2019-04-22T17:55:31ZPaul CammishOld issues from https://github.com/bytemarkhosting/symbiosis are missing.We probably want to import these, maybe manually (at least the wontfix/open ones) so they can be dealt with.We probably want to import these, maybe manually (at least the wontfix/open ones) so they can be dealt with.https://gitlab.com/sympl.io/sympl/-/issues/214Packages needed to be renamed2019-05-31T17:05:57ZPaul CammishPackages needed to be renamedbytemark-symbiosis, symbiosis-* packages needed to be renamed to match the new sympl naming.
bytemark-symbiosis -> sympl-core
symbiosis-* -> sympl-*bytemark-symbiosis, symbiosis-* packages needed to be renamed to match the new sympl naming.
bytemark-symbiosis -> sympl-core
symbiosis-* -> sympl-*Rebranding Symbiosis to SymplPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/210Packages should be published in a repo2019-06-08T22:06:25ZPaul CammishPackages should be published in a repoThis will include properly signed packages, via the Mythic Beasts repo.This will include properly signed packages, via the Mythic Beasts repo.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/239phpmyadmin: phpmyadmin is no longer packaged in Debian Buster2020-09-16T16:16:37ZPaul Cammishphpmyadmin: phpmyadmin is no longer packaged in Debian BusterBased on an [informal poll](https://twitter.com/Mythic_Beasts/status/1139540952840908800) it look like a picture of a kitten should be a good replacement, however I'll probably rename the package, swap to [Adminer](https://www.adminer.or...Based on an [informal poll](https://twitter.com/Mythic_Beasts/status/1139540952840908800) it look like a picture of a kitten should be a good replacement, however I'll probably rename the package, swap to [Adminer](https://www.adminer.org/), and add instructions for installing phpmyadmin yourself.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/13poppass_handler.rb no longer checks passwords for complexity2019-06-10T15:01:30ZPaul Cammishpoppass_handler.rb no longer checks passwords for complexity`email/lib/symbiosis/email/poppass_handler.rb` has been switched from ruby-cracklib to plain ruby-password.
As part of the change (quick fix), it no longer enforces password complexity, allowing weak and possibly compromisable passwords.`email/lib/symbiosis/email/poppass_handler.rb` has been switched from ruby-cracklib to plain ruby-password.
As part of the change (quick fix), it no longer enforces password complexity, allowing weak and possibly compromisable passwords.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/197Publish packages properly ;)2019-06-07T10:49:35ZPaul CammishPublish packages properly ;)The installation instructions smell a little -- getting a proper repo might be a nice touch.
You might find [Bintray](https://bintray.com/signup/oss) one way of doing it. I came across it for TV headend.The installation instructions smell a little -- getting a proper repo might be a nice touch.
You might find [Bintray](https://bintray.com/signup/oss) one way of doing it. I came across it for TV headend.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/329Removal of sympl-ftp package doesn't remove /etc/sympl/monit.d/pure-ftp symlink2023-06-10T21:36:53ZPaul CammishRemoval of sympl-ftp package doesn't remove /etc/sympl/monit.d/pure-ftp symlink# What is the current bug behavior?
When you remove sympl-ftp (`apt remove --purge sympl-ftp`), the file `/usr/share/sympl/monit/checks/pure-ftpd` is removed but the symlink `/etc/sympl/monit.d/pure-ftpd` remains, causing the monitoring...# What is the current bug behavior?
When you remove sympl-ftp (`apt remove --purge sympl-ftp`), the file `/usr/share/sympl/monit/checks/pure-ftpd` is removed but the symlink `/etc/sympl/monit.d/pure-ftpd` remains, causing the monitoring to whine.
# What is the expected correct behavior?
The symlink `/etc/sympl/monit.d/pure-ftpd` should be removed also
/cc @kelduumhttps://gitlab.com/sympl.io/sympl/-/issues/246Roundcube unable to send mail in Buster.2019-07-02T16:38:13ZPaul CammishRoundcube unable to send mail in Buster.Needs confirming if this is affecting Stretch also.Needs confirming if this is affecting Stretch also.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/223Ruby scripts have output noise when run in verbose.2019-06-07T14:21:08ZPaul CammishRuby scripts have output noise when run in verbose.The --verbose fag sets the ruby $VERBOSE variable, with is outputting various warnings.
Changing the name of this variable should avoid the collision.
symbiosis-dns-generate --verbose
```
Falling back to gcc to determine sizeof size_t....The --verbose fag sets the ruby $VERBOSE variable, with is outputting various warnings.
Changing the name of this variable should avoid the collision.
symbiosis-dns-generate --verbose
```
Falling back to gcc to determine sizeof size_t.
/usr/lib/ruby/vendor_ruby/diffy/diff.rb:43: warning: method redefined; discarding old diff
/usr/lib/ruby/vendor_ruby/erubis/enhancer.rb:517: warning: instance variable @prefixrexp not initialized
```
symbiosis-firewall --verbose
```
Falling back to gcc to determine sizeof size_t.
readnews defined twice. Ignoring definition for port 532
dicom defined twice. Ignoring definition for port 11112
```
symbiosis-firewall-blacklist --verbose
```
Falling back to gcc to determine sizeof size_t.
```
symbiosis-firewall-whitelist --verbose
```
Falling back to gcc to determine sizeof size_t.
```
symbiosis-httpd-generate-stats --verbose
```
Falling back to gcc to determine sizeof size_t.
/usr/lib/ruby/vendor_ruby/diffy/diff.rb:43: warning: method redefined; discarding old diff
```
symbiosis-httpd-rotate-logs --verbose
```
Falling back to gcc to determine sizeof size_t.
```
symbiosis-ssl
```
net/http: warning: Content-Type did not set; using application/x-www-form-urlencoded
net/http: warning: Content-Type did not set; using application/x-www-form-urlencoded
```Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/259Running backups manually seems to cause issues2019-08-19T07:25:08ZPaul CammishRunning backups manually seems to cause issuesIt appears that running backups manually as the `sympl` user will cause the sympl-sqldump script to fail (as it's not running as root), possibly causing later backups to fail as a dump was started but not completed.
Sympl should probabl...It appears that running backups manually as the `sympl` user will cause the sympl-sqldump script to fail (as it's not running as root), possibly causing later backups to fail as a dump was started but not completed.
Sympl should probably check for a generic user with full mysql access rather than just root (or the root or Sympl user), and/or automatically use the `--force` flag when triggering backups.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/14Stretch version requires stretch-backports repo2019-06-07T10:58:32ZPaul CammishStretch version requires stretch-backports repoThis is due to the XMPP functionality which uses Prosody's mod_auth_dovecot module from `prosody-modules`, which is not included in the normal stretch release.This is due to the XMPP functionality which uses Prosody's mod_auth_dovecot module from `prosody-modules`, which is not included in the normal stretch release.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/241stretch-testing -> stretch2019-06-25T08:36:27ZPaul Cammishstretch-testing -> stretch# Testing to Stable
## Setup
* [x] Add example.com to /etc/hosts.
* [x] Start with a clean machine running the relevant version of Debian.
## Install
* [x] Run Install script as per https://wiki.sympl.host/Installation_Instructions w...# Testing to Stable
## Setup
* [x] Add example.com to /etc/hosts.
* [x] Start with a clean machine running the relevant version of Debian.
## Install
* [x] Run Install script as per https://wiki.sympl.host/Installation_Instructions without dpkg prompts.
* [x] User is pointed to https://wiki.sympl.host for docs, and https://forum.sympl.host for issues.
* [x] User has to set a new password for `sympl`, and is suggested to use an SSH key.
* [x] User can log in as the `sympl` user.
## Core
* [x] Banner happens on login and provides correct version/system stats.
* [x] Typical utilities such as vim, htop, etc are installed and work normally.
## Web
* [x] `mkdir -p /srv/example.com/public/htdocs`, make sure you are served a 'theres nothing here yet' page.
* [x] `echo 'Testing example.com' > /srv/example.com/public/htdocs/index.html`, check the page loads with the new content.
* [x] `echo '<?php phpinfo() ?>' > /srv/example.com/public/htdocs/index.php`, check the page loads with phpinfo.
* [x] `sudo sympl-web-configure --verbose`, check /srv/example.com/ contains public/logs, php_tmp, php_sessions.
* [x] Browse to http://example.com again, check logs are being written to `public/logs/access.log`.
* [x] Browse to https://example.com again (expect browser warning), check logs are being written to `public/logs/ssl_access.log`.
* [x] `sudo sympl-web-rotate-logs`, check logs have rotated.
* [x] `sudo sympl-web-generate-stats --verbose`, check stats have NOT been created.
* [x] `mkdir -p /srv/example.com/config ; echo selfsigned > /srv/example.com/config/ssl-provider ; sudo sympl-ssl --verbose`, check cert is generated.
* [x] `sudo sympl-web-configure --verbose`, check site now loads with self-signed certificate.
## FTP
* [x] Confirm you cannot login anonymously via FTP.
* [x] `echo some-password > /srv/example.com/config/ftp-password`, check you can log in with user `example.com` password `some-password` via FTP and are placed in public.
* [x] Confirm you can upload/download/delete files via FTP.
* [x] `echo someuser:someotherpass:htdocs:0M > /srv/example.com/config/ftp-users`, check you can log in with user `someuser@example.com` password `someotherpass` via FTP and are placed in htdocs.
* [x] Confirm you can download but not upload files via FTP.
* [x] `sudo sympl-password-test --verbose`, confirm password warning.
## Mail & WebMail
* [x] `mkdir -p /srv/example.com/mailboxes/user ; echo some-password > /srv/example.com/mailboxes/user/password ; sudo sympl-password-test --verbose`, confirm password warning.
* [x] Browse to https://example.com/webmail, log in with `user` and `password`
* [x] `echo new-password > /srv/example.com/mailboxes/user/password`, log out of webmail.
* [x] Confirm you cannot log in with old password.
* [x] Confirm you can log in with new password.
* [x] `sudo sympl-mail-encrypt-passwords --verbose`
* [x] Log out and back in again.
* [x] Send mail to a gmail address, confirm bounce/delivery.
* [x] `openssl genrsa -out /srv/example.com/config/dkim.key 2048 ; chmod 640 /srv/example.com/config/dkim.key ; chown admin:Debian-exim /srv/example.com/config/dkim.key ; touch /srv/example.com/config/dkim`
* [x] Send email again, check for DKIM record in bounce/delivery.
## Network
* [x] `ip a ; sympl-ip`, confirm IPs match.
* [x] `echo 10.111.234.56 > /srv/example.com/config/ip ; sudo sympl-configure-ips --verbose`, confirm new IP picked up.
* [x] `ip a ; sympl-ip`, confirm '10.111.234.56' now listed on both results.
* [x] `sudo iptables -L -n | grep -c ':1234'`, confirm result is 0.
* [x] `touch /etc/sympl/firewall/incoming.d/99-1234 ; sudo sympl-firewall`
* [x] `sudo iptables -L -n | grep -c ':1234'`, confirm result is 2.
* [x] `touch '/etc/sympl/firewall/blacklist.d/10.9.8.7|31' ; sudo sympl-firewall`
* [x] `sudo iptables -L -n | grep -c '10.9.8.6'`, confirm result is 1.
## MySQL / MariaDB & phpMyAdmin
* [x] `mysql -e 'show databases'`, confirm databases are listed.
* [x] Browse to http://example.com/phpmyadmin, confirm redirected to HTTPS.
* [x] `cat ~/mysql_password`, log in with user `sympl` and password.
* [x] Confirm no errors/warnings, database can be created.
## Monit
* [x] `sudo service apache2 stop ; sudo service apache2 status ; sudo sympl-monit ; sudo service apache2 status ;`, confirm apache is started again.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/6symbiosis-common has unmet dependencies2019-04-03T23:10:01ZPaul Cammishsymbiosis-common has unmet dependencies```
The following packages have unmet dependencies:
symbiosis-common : Depends: ruby-acme-client (>= 0.3.5) but it is not installable
Depends: ruby-linux-netlink but it is not installable
Depends:...```
The following packages have unmet dependencies:
symbiosis-common : Depends: ruby-acme-client (>= 0.3.5) but it is not installable
Depends: ruby-linux-netlink but it is not installable
Depends: ruby-cracklib but it is not installable
```Packages Build and InstallPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/7symbiosis-email has unmet dependencies2019-04-01T23:53:49ZPaul Cammishsymbiosis-email has unmet dependencies```
The following packages have unmet dependencies:
symbiosis-email : Depends: ruby-cracklib but it is not installable
``````
The following packages have unmet dependencies:
symbiosis-email : Depends: ruby-cracklib but it is not installable
```Packages Build and InstallPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/8symbiosis-email-activesync has unmet dependecies2019-04-01T23:53:45ZPaul Cammishsymbiosis-email-activesync has unmet dependecies```
The following packages have unmet dependencies:
symbiosis-email-activesync : Depends: d-push but it is not installable
``````
The following packages have unmet dependencies:
symbiosis-email-activesync : Depends: d-push but it is not installable
```Packages Build and InstallPaul CammishPaul Cammish