search

passbolt / passbolt_api

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!
https://passbolt.com
GNU Affero General Public License v3.0
4.63k stars 306 forks source link

Debian postinst maintainer script doesn't honor `passbolt/nginx-configuration` #444

Closed maxtruxa closed 1 year ago

maxtruxa commented 2 years ago

Debian postinst maintainer script doesn't honor passbolt/nginx-configuration

What you did

Perform an unattended installation of the passbolt-ce-server package on Debian without nginx.

Note the line setting passbolt/nginx-configuration to false. MariaDB is already installed.

sudo debconf-set-selections <<EOS
passbolt-ce-server passbolt/mysql-configuration boolean true
passbolt-ce-server passbolt/mysql-passbolt-username string passbolt
passbolt-ce-server passbolt/mysql-passbolt-password password test1234
passbolt-ce-server passbolt/mysql-passbolt-password-repeat password test1234
passbolt-ce-server passbolt/mysql-passbolt-dbname string passbolt
passbolt-ce-server passbolt/nginx-configuration boolean false
passbolt-ce-server passbolt/nginx-configuration-three-choices select auto
passbolt-ce-server passbolt/nginx-configuration-two-choices select none
passbolt-ce-server passbolt/nginx-domain string passbolt.example.com
passbolt-ce-server passbolt/nginx-certificate-file string 
passbolt-ce-server passbolt/nginx-certificate-key-file string 
EOS
sudo DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends passbolt-ce-server

What happened

The installation fails at the postinst step.

# ... more output preceding this ...
Setting up passbolt-ce-server (3.7.0-1) ...
/var/lib/dpkg/info/passbolt-ce-server.postinst: line 217: certbot: command not found
dpkg: error processing package passbolt-ce-server (--configure):
 installed passbolt-ce-server package post-installation script subprocess returned error exit status 127

The failing line is here.

What you expected to happen

I expected the installation to succeed; without attempting to use nginx, certbot or anything else related to the web server.

Additional information

The hosting FAQ mentions passbolt/nginx-configuration, but that key is obviously not honored. Instead, the postinst script derives the value of nginx_values[configuration] from passbolt/nginx-configuration-three-choices/passbolt/nginx-configuration-two-choices.

One way to get around this (which I found by looking at the postinst script) is to set passbolt/nginx-configuration-three-choices and passbolt/nginx-configuration-two-choices to an empty string or an invalid value.

AnatomicJC commented 2 years ago

Hi @maxtruxa

Thank you for this report. I understand your point but if you don't want any certbot nor nginx, why set passbolt/nginx-configuration-three-choices select to auto ?

auto will trigger the certbot thing.

If you set this parameter to none, you will be able to install passbolt silently without issue.