Sympl issueshttps://gitlab.com/sympl.io/sympl/-/issues2019-06-12T13:10:49Zhttps://gitlab.com/sympl.io/sympl/-/issues/220Web stats are insecure and need updating2019-06-12T13:10:49ZPaul CammishWeb stats are insecure and need updatingIt's unclear if the stats stuff even gets used, as it's not mentioned much in the old Symbiosis docs.
However, some time ago it was supposed to be disabled by default, but that's not the case, so it's automatically generated for each si...It's unclear if the stats stuff even gets used, as it's not mentioned much in the old Symbiosis docs.
However, some time ago it was supposed to be disabled by default, but that's not the case, so it's automatically generated for each site at /stats, and doesn't require any auth at all.
This should either be secured properly, or replaced with something a bit more up to date, like goaccess which has a package and is realtime.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/224Web: `sympl-web-* --manual` requires sympl-common package2019-06-28T15:08:51ZPaul CammishWeb: `sympl-web-* --manual` requires sympl-common packageThis isn't a problem when building in gitlab-ci, but breaks otherwise.
Option 1: Add sympl-common as a build dependency. (quick but untidy!)
Option 2: Make them work like the others and output the man page without any dependencies.
Opt...This isn't a problem when building in gitlab-ci, but breaks otherwise.
Option 1: Add sympl-common as a build dependency. (quick but untidy!)
Option 2: Make them work like the others and output the man page without any dependencies.
Option 2 is the best option here, especially as the libs aren't needed elsewhere.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/222A new 'theres no site here yet' page is needed2019-06-07T10:37:50ZPaul CammishA new 'theres no site here yet' page is neededThe old one had 2012-eta Bytemark branding, but I should be able to do something better - just need a proper logo for Sympl created.The old one had 2012-eta Bytemark branding, but I should be able to do something better - just need a proper logo for Sympl created.Rebranding Symbiosis to SymplPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/221Symbiosis: symbiosis-httpd-logger is run where it's not really needed2019-06-20T13:24:05ZPaul CammishSymbiosis: symbiosis-httpd-logger is run where it's not really neededThe HTTP and HTTPS templates for sites both run the symbiosis-httpd-logger process (aka sypl-web-logger) which does little other than write logs owned by the admin user.
This is useful for the zz-mass-hosting configuration, as it then w...The HTTP and HTTPS templates for sites both run the symbiosis-httpd-logger process (aka sypl-web-logger) which does little other than write logs owned by the admin user.
This is useful for the zz-mass-hosting configuration, as it then writes logs to the relevant locations, but it's wasted resources when you have a lot of sites running.
If #219 happens, then the templates should just write the files directly via the normal apache method.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/216The auth/helper processes don't seem to be running after a reboot2019-06-02T21:18:53ZPaul CammishThe auth/helper processes don't seem to be running after a rebootspecifically:
```
/usr/sbin/pure-authd --run /usr/sbin/symbiosis-ftpd-check-password --socket /var/run/pure-ftpd/pure-authd.sock
/usr/bin/ruby /usr/sbin/symbiosis-email-poppassd
/usr/bin/ruby /usr/sbin/symbiosis-email-dict-proxy
```specifically:
```
/usr/sbin/pure-authd --run /usr/sbin/symbiosis-ftpd-check-password --socket /var/run/pure-ftpd/pure-authd.sock
/usr/bin/ruby /usr/sbin/symbiosis-email-poppassd
/usr/bin/ruby /usr/sbin/symbiosis-email-dict-proxy
```Rebranding Symbiosis to SymplPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/215Command line scripts need to be renamed, references to symbiosis in filesyste...2019-06-06T11:01:27ZPaul CammishCommand line scripts need to be renamed, references to symbiosis in filesystem removedWIP in https://gitlab.mythic-beasts.com/sympl/sympl_stretch/merge_requests/19
Any existing command line scripts should have symlinks/helpers created to them from the old names for compatibility.
Ruby Libraries can stay where they are f...WIP in https://gitlab.mythic-beasts.com/sympl/sympl_stretch/merge_requests/19
Any existing command line scripts should have symlinks/helpers created to them from the old names for compatibility.
Ruby Libraries can stay where they are for now (this can be tackled later), but things like /etc/symbiosis and dpkg copies need to be moved/renamed (and symlinks created).
* [x] package:core
* [x] package:backup
* [x] package:common
* [x] package:cron
* [x] package:dns
* [x] package:email
* [x] package:firewall
* [x] package:ftpd
* [x] package:httpd
* [x] package:monit
* [x] package:mysql
* [x] package:phpmyadmin
* [x] package:updater
* [x] package:webmail
----
* [x] update all version numbers
* [x] double-check all copyright filesRebranding Symbiosis to SymplPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/214Packages needed to be renamed2019-05-31T17:05:57ZPaul CammishPackages needed to be renamedbytemark-symbiosis, symbiosis-* packages needed to be renamed to match the new sympl naming.
bytemark-symbiosis -> sympl-core
symbiosis-* -> sympl-*bytemark-symbiosis, symbiosis-* packages needed to be renamed to match the new sympl naming.
bytemark-symbiosis -> sympl-core
symbiosis-* -> sympl-*Rebranding Symbiosis to SymplPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/213XMPP support is to be retired.2019-06-07T14:25:53ZPaul CammishXMPP support is to be retired.1. It requires backports in Stretch
2. There little to no evidence if it being used1. It requires backports in Stretch
2. There little to no evidence if it being usedSympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/212Finish SNI for Support Exim and Dovecot2019-06-20T13:23:25ZPaul CammishFinish SNI for Support Exim and DovecotIt's possible to do this in Symbiosis with some changes, and a legacy branch included the change for Exim, however, the dovecot change will need a little more work.
https://docs.bytemark.co.uk/article/enabling-sni-for-exim-on-symbiosis/...It's possible to do this in Symbiosis with some changes, and a legacy branch included the change for Exim, however, the dovecot change will need a little more work.
https://docs.bytemark.co.uk/article/enabling-sni-for-exim-on-symbiosis/
https://docs.bytemark.co.uk/article/enabling-sni-for-dovecot-on-symbiosis/Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/208There are no build tests for XMPP2019-06-07T10:57:26ZPaul CammishThere are no build tests for XMPPThere aren't currently any tests to ensure XMPP is functional.
However, it's unclear if anyone uses this functionality in Symbiosis at present, as it mostly looks like other chat systems (Slack and its companions) have supplanted runnin...There aren't currently any tests to ensure XMPP is functional.
However, it's unclear if anyone uses this functionality in Symbiosis at present, as it mostly looks like other chat systems (Slack and its companions) have supplanted running your own instance, especially as there's no web front end so you would need to run a local client.Future PlansPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/206symbiosis-test skips phpmyadmin tests2019-05-28T11:58:10ZPaul Cammishsymbiosis-test skips phpmyadmin testsIt looks like due to the changes to MariaDB, the tests which expect to log in to phpmyadmin as root/debian-sys-maint are failing.
```
Skipping phpmyadmin debian-sys-maint auth test - password not found.
Skipping phpmyadmin root auth tes...It looks like due to the changes to MariaDB, the tests which expect to log in to phpmyadmin as root/debian-sys-maint are failing.
```
Skipping phpmyadmin debian-sys-maint auth test - password not found.
Skipping phpmyadmin root auth test - password not found.
```
This should be fairly simple to fix to use the generated 'admin' username/password, and ensure the passwordless logins fail.Testing SuitePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/205"Quota exceeded (mailbox for user is full)"2019-05-28T11:58:11ZPaul Cammish"Quota exceeded (mailbox for user is full)"Symbiosis-test outputs `Quota exceeded (mailbox for user is full)` twice while running. This may be a bug, or it may be operating normally. Either way it should be fixed or supressed.Symbiosis-test outputs `Quota exceeded (mailbox for user is full)` twice while running. This may be a bug, or it may be operating normally. Either way it should be fixed or supressed.Testing SuitePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/204"Not running MySQL backup tests, since not all the requirements are in place."2019-05-28T11:58:08ZPaul Cammish"Not running MySQL backup tests, since not all the requirements are in place."It looks like the relevant ruby libraries are missing for symbiosis-test from the repo/install (and would have been on the build box), but an attempt to track the relevant version down didn't come up with a perfect match.
This can proba...It looks like the relevant ruby libraries are missing for symbiosis-test from the repo/install (and would have been on the build box), but an attempt to track the relevant version down didn't come up with a perfect match.
This can probably just be rewritten in bash, as it's some simple SQL queries.Testing SuitePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/229sympl-webmail: Roundcube configuration is broken2019-06-13T18:38:57ZPaul Cammishsympl-webmail: Roundcube configuration is brokenIt's unclear why, but it may be due to the defaults being misapplied on install, but it reports a problem connecting to the database.
This will need tests created also, as they are missing at present.It's unclear why, but it may be due to the defaults being misapplied on install, but it reports a problem connecting to the database.
This will need tests created also, as they are missing at present.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/217sympl-backup: Pre/post backup scripts need updating2019-06-13T23:36:45ZPaul Cammishsympl-backup: Pre/post backup scripts need updatingThey do 3 things:
1. Sync a copy of any existing backups from the backup space.
2. Dump MySQL and Postgres(!?) databases, although not particularly well.
3. Sync the result of the backups to the backup space once complete.
This uses the...They do 3 things:
1. Sync a copy of any existing backups from the backup space.
2. Dump MySQL and Postgres(!?) databases, although not particularly well.
3. Sync the result of the backups to the backup space once complete.
This uses the old deprecated Bytemark backup space, determining the destination server via the hostname of the local server, although this can be configured.
It's probably worth replacing the backup sync functionality with a couple of popular options and replacing the SQL dump script with something more modern which doesn't lock tables when dumping.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/170Symbiosis: Request: Write mysql root credentials to /root/.my.cnf when imaging.2019-06-09T23:33:49ZPaul CammishSymbiosis: Request: Write mysql root credentials to /root/.my.cnf when imaging.Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/56
(Note: This may be something for imager, or Stretch, but applied to Symbiosis *images* only)
It's never clear that the `root`, `admin` and mysql `root@localhost` ...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/56
(Note: This may be something for imager, or Stretch, but applied to Symbiosis *images* only)
It's never clear that the `root`, `admin` and mysql `root@localhost` users all have the same password in a newly imaged machine, which leads to users likely changing the root/admin passwords like they should, and not making note of the `root@localhost` password we set for mysql.
Simply writing the below to `/root/.my.cnf` (with relevant permissions) would make password recovery simpler, and allow the user to log in directly.
```config
[client]
user=root
password="<example>"
```
There's a small outside risk to this, by keeping it in `/root` would negate most of this, and make things simpler for users.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/219Administrative user should be named something unique / permissions tidyup2019-06-09T23:34:46ZPaul CammishAdministrative user should be named something unique / permissions tidyupAs is, Symbiosis has an 'admin' user which is used for most functions, and (in theory) some level of security, although this is weakly enforced, and there is a possibility of a name collision.
A better alternative would probably be to h...As is, Symbiosis has an 'admin' user which is used for most functions, and (in theory) some level of security, although this is weakly enforced, and there is a possibility of a name collision.
A better alternative would probably be to have a user called 'sympl' or similar which would own the configs, files and so on, and then it would be safe to chown/chmod items in the config directory to prevent access to things which should be secure.
This looks to be a fairly simple change, and would go with giving the user a proper home directory (/home/sympl) rather than forcing them to use /srv, which becomes untidy quickly, and gives us the opportunity to pre-populate some basic settings (prompt, etc) for ease of use.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/17symbiosis-password-test doesn't do anything serious2019-06-10T15:01:48ZPaul Cammishsymbiosis-password-test doesn't do anything seriousThis will also need the old ruby-cracklib code swapping to use ruby-password.
As is, it won't check for weak passwords, which is it's core function.This will also need the old ruby-cracklib code swapping to use ruby-password.
As is, it won't check for weak passwords, which is it's core function.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/16symbiosis-encrypt-password doesn't check for weak passwords2019-06-10T15:01:46ZPaul Cammishsymbiosis-encrypt-password doesn't check for weak passwordsNeeds to be updated to use ruby-password rather than cracklibNeeds to be updated to use ruby-password rather than cracklibSympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/13poppass_handler.rb no longer checks passwords for complexity2019-06-10T15:01:30ZPaul Cammishpoppass_handler.rb no longer checks passwords for complexity`email/lib/symbiosis/email/poppass_handler.rb` has been switched from ruby-cracklib to plain ruby-password.
As part of the change (quick fix), it no longer enforces password complexity, allowing weak and possibly compromisable passwords.`email/lib/symbiosis/email/poppass_handler.rb` has been switched from ruby-cracklib to plain ruby-password.
As part of the change (quick fix), it no longer enforces password complexity, allowing weak and possibly compromisable passwords.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammish