Devuan/Debianb packaging etc

[klink-mit-panzerslip]

Hello,

I am using rainloop since years and am a bit annoyed by the fact is seem under-maintained (security issues posted with no reply).

I would switch to snappymail but it would be more practical if it was submitted to Devuan (through Debian).

Regards,

[the-djmaze]

Yes, RainLoop development is slow. That is why i forked it. However, due to the current fast development of SnappyMail, i understand nobody has made Debian releases as of yet.

Because every 1-2 weeks i release a new version with improvements, bugfixes but also new bugs.

And thanks to everyone here it does improve and almost is up to date with latest RFC's. Then the release cycle can slow down and be considered stable enough for larger distro's and someone might pick it up to maintain.

So for now you're on your own as i don't have distro channels yet.

[the-djmaze]

Could you test the v2.13.0 .deb i created?

[yeupou]

Hi there,

I tested the 2.13.0 .deb

Minor issue:

• the symlinks created on the postinst (/etc/apache2/sites-available/snappymail.conf etc) test only if the source file exists, if the destination already exists (like in my case since I was doing test) the postinst cannot be completed
• more on that: should these symlinks even be created? It activates software just on install and I am not sure that it is the recommended practice. Do other packages provide a sites-enabled symlink in addition to the automated symlink to sites-enabled

Blocker issues:

• files are installed in /usr/share/snappymail/snappymail/v/0.0.0/ instead of /usr/share/snappymail/snappymail/v/2.13.1/ so nothing works until you create a symlink
• once done, it stills fails, with "[202] Data folder permissions error [mkdir]" and, in logs: -2022/02/28 21:37:00 [error] 5103#5103: *13 FastCGI sent in stderr: "PHP message: PHP Warning: mkdir(): Permission denied in /usr/share/snappymail/snappymail/v/0.0.0/setup.php on line 87" while reading response header from upstream, client: 83.159.xxx.xxx, server: ~^mx, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.4-fpm.sock:",
• files in /var/lib/snappymail belongs to www-data and /usr/share/snappymail/snappymail/v/0.0.0 to root so that should be fine

To which point I upgraded using my own dirty package. I am sure it is a trivial issue, maybe related to the 0.0.0 path or else. With my dirty package (simple download of the package https://gitlab.com/yeupou/rien/-/blob/master/webmail-snappymail/usr/local/share/get-snappymail.sh + dedicated include.php, then packaged in an crude automated way), which resultsin something similar (in terms of files locations, except the code itself is in /usr/local instead of /usr), it worked, with the same /var/lib/data folder.

Question:

• are you sure about the dependencies? on my own package based on the requirements, I have: Depends: php-redis, php-zip, php-uuid, php-imagick, php-apcu

BTW, thanks for the issues solved in a timely fashion!

[the-djmaze]

@yeupou thanks for testing!

Minor issue:

* the symlinks created on the postinst (/etc/apache2/sites-available/snappymail.conf etc) test  only if the source file exists, if the destination already exists (like in my case since I was doing test) the postinst cannot be completed
* more on that: should these symlinks even be created? It activates software just on install and I am not sure that it is the recommended practice. Do other packages provide a sites-enabled symlink in addition to the automated symlink to sites-enabled

Shouldn't be there. It was in my testcode of postinst which is not in git. Removed it.

Blocker issues:

* files are installed in /usr/share/snappymail/snappymail/v/0.0.0/ instead of /usr/share/snappymail/snappymail/v/2.13.1/ so nothing works until you create a symlink

Changed that.

* once done, it stills fails, with "[202] Data folder permissions error [mkdir]" and, in logs:
  `-2022/02/28 21:37:00 [error] 5103#5103: *13 FastCGI sent in stderr: "PHP message: PHP Warning:  mkdir(): Permission denied in /usr/share/snappymail/snappymail/v/0.0.0/setup.php on line 87" while reading response header from upstream, client: 83.159.xxx.xxx, server: ~^mx, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.4-fpm.sock:", `

Odd, i've added error_log() entry with full path. Maybe there's a bug in the include.php for APP_DATA_FOLDER_PATH

Question:

* are you sure about the dependencies? on my own package based on the requirements, I have:
  Depends: php-redis, php-zip, php-uuid, php-imagick, php-apcu

The only required dependencies are:

• php-mbstring
• php-zlib
• php-json (should be enabled by default)
• php-libxml (should be enabled by default)
• php-dom (should be enabled by default)
• nginx | apache2 | httpd
• php-fpm | libapache2-mod-php

Optional dependencies are:

• php-sqlite3 | php-mysql | php-pgsql (for contacts)
• php-pdo_mysql | php-pdo_pgsql | php-pdo_sqlite
• php-curl
• php-exif
• php-gnupg
• php-gd | php-gmagick | php-imagick
• php-intl
• php-ldap
• php-openssl
• php-redis
• php-sodium
• php-uuid
• php-xxtea
• php-zip

Regarding security php-sodium would be the best choice, then php-openssl, then php-xxtea. I have no clue how to do that within a debian package.

[yeupou]

Regarding the dependencies, I think you could use Recommends vs Suggests at least to put php-sodium in Recommends (along with any package that provides features, if you do not want to put them directly as depends, which can be a legitimate packaging choice too) and the other two as in Suggests.

Regarding the privileges issue, not sure how it should work. As far I understand, it fails trying to mkdir( $sCheckFolder) while $sCheckFolder = APP_DATA_FOLDER_PATH.$sCheckName; $sCheckName = 'delete_if_you_see_it_after_install'

So it would try to mkdir(APP_DATA_FOLDER_PATH.delete_if_you_see_it_after_install)

Considering that APP_DATA_FOLDER_PATH is set by the /usr/share/snappymail/include.php it should work out of the box

Note however that in my own /usr/local/share/snappymail/include.php I have:

<?php
define('APP_DATA_FOLDER_PATH', '/var/lib/snappymail/');

So it means mkdir("/var/lib/snappymail/delete_if_you_see_it_after_install") I do not remember how it was in your, but it would fail if the last slash was missing because it would result in mkdir("/var/lib/snappymaildelete_if_you_see_it_after_install") while /var/lib should be 0755 root:root owned.

There is already a is_dir test on APP_DATA_FOLDER_PATH. Maybe, if there is no trailing slash, it should be forcefully added. Or you can simply change line 53-54 to

$sCheckFolder = APP_DATA_FOLDER_PATH.'/'.$sCheckName;
$sCheckFilePath = sCheckFolder.'/'.$sCheckName.'.file';

(since the extra the trailing slash would be harmless in /var/lib/snappymail//delete_if_you_see_it_after_install)

[the-djmaze]

Maybe, if there is no trailing slash, it should be forcefully added

You are right! It was missing the slash.

[the-djmaze]

I think you could use Recommends vs Suggests at least to put php-sodium in Recommends

Made some changes to the control file.

[yeupou]

No problem with 2.13.2. Great!

Next step would be creating a repository, some folder with a Packages file containing

Package: snappymail
Architecture: all
Version: 2.13.2
Maintainer: SnappyMail <debian@snappymail.eu>
Depends: nginx | apache2 | httpd, php-fpm | libapache2-mod-php, php-json, php-mbstring
Recommends: php-intl, php-sodium, php-uuid
Suggests: php-sqlite3 | php-mysql | php-pgsql, php-curl, php-exif, php-gnupg, php-gd | php-gmagick | php-imagick, p
hp-openssl, php-zip
Filename: ./snappymail_2.13.2-1_all.deb
Size: 2831352
MD5sum: 093e37b03a66252769f98b66ae364ef3
SHA1: 761b1ae89c1381d6a0fefe39503b094408a13801
SHA256: ac5c3a0010cda7bbe4ac7e8cb5e5a9f03acacfaec4cff020c5c80543c7cb8fd9
SHA512: a35ad444926def6fc8f9dfce6e26962a1a68b7fdffbd55df2667fe1958634da6cb1acd190683d80568c58727cbfc541adf099fa2877
5f0d5085f8147b1705f44
Homepage: https://snappymail.eu
Description: SnappyMail is a PHP-based simple, modern, lightweight & fast web-based email client with no database r
equirements.
 It supports IMAP, SMTP and Sieve protocols, multiple accounts and identities, an admin panel for configuration.
 Plugins can be installed to further extend functionality.
 Emails are not stored locally, but are accessed through IMAP.
Vcs-Browser: https://github.com/the-djmaze/snappymail
Vcs-Git: https://github.com/the-djmaze/snappymail.git

as written by:

apt-ftparchive packages . > Packages 
apt-ftparchive release . > Release
gpg --digest-algo SHA512 --clearsign --output InRelease Release
gpg --digest-algo SHA512 -abs --output Release.gpg Release

along with a snappymail-keyring package with relevant keys in /etc/apt/trusted.gpg.d/snappymail.gpg (and possibly, for conveniency, a /etc/apt/sources.list.d/snappymail.list), for instance generated by something like: gpg --export > keyring/etc/apt/trusted.gpg.d/snappymail.gpg --short.gpg`

(using gpg -u XXX option)

[yeupou]

No issue noticed with 2.13.3.

[jh23453]

I had installed snappymail manually with apache2 configuration in /etc/apache2-webmail/. I've installed snappymail_2.13.2-1_all.deb on Debian 11. I expected to get a file in /etc/apache2/sites-available, but there is none. For now I've modified my former configuration (changed paths) and snappymail seems to work for now. Thanks a lot!

[the-djmaze]

Next step would be creating a repository,

Does this work for you? https://snappymail.eu/repository/deb/

[yeupou]

To test the repository, I would require the GPG key

Err:3 https://snappymail.eu/repository/deb ./ InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 48208BA13290F3EB

(well I could run it with --allow-unauthenticated) https://wiki.debian.org/SecureApt#How_apt_uses_Release.gpg

[yeupou]

I tested with apt -o Acquire::AllowInsecureRepositories=true update but it fails.

In Packages, you have a full path like /home/.../snappymail/build/dist/releases/webmail/2.13.4/snappymail_2.13.4-1_all.deb that may be the problem. I would expect a relative path related to webroot or something like that.

[the-djmaze]

I would require the GPG key

It's at several places:

• https://keyserver.ubuntu.com Hockeypuck OpenPGP keyserver
• https://snappymail.eu/repository/deb/48208BA13290F3EB.asc
• https://github.com/the-djmaze/snappymail/blob/master/build/SnappyMail.asc

I would expect a relative path related to webroot or something like that.

I've fixed that. You can try again.

[yeupou]

for the key, I did:

gpg --keyserver keyserver.ubuntu.com --recv-keys   48208BA13290F3EB
gpg -a --export 48208BA13290F3EB | apt-key add -

so that is solved (however it could be nicer to have the keyring included in a dedicated package, for easy removal/update)

However, I still have a problem W: Skipping acquire of configured file 'Packages' as repository 'https://snappymail.eu/repository/deb ./ InRelease' does not seem to provide it (sources.list entry misspelt?)

What do you recommend as source.list entry? I have deb https://snappymail.eu/repository/deb ./ which make InRelease being loaded but failing to provide the relevant Packages file.

[the-djmaze]

@yeupou i only had a Packages.gz, so i've added the Packages

[yeupou]

It worked!

[ser]

I just want to signal that deb https://snappymail.eu/repository/deb ./ is not documented anywhere so it took me a while to find out the correct syntax.

[matthys70]

Where to find /etc/apache2/sites-available/snappymail.conf in debian package? Seem not be installed ... and NOT included in package :-(

[rolfen]

I installed the package and then how am I supposed to know where the www root is so that I can properly add and configure a nginx virtual host?

Please mention it somewhere.

[matthys70]

Just to get you started, this is my snappymail.conf in apache:

# Those aliases do not work properly with several hosts on your apache server
# Uncomment them to use it or adapt them to your configuration
Alias /snappymail /usr/share/snappymail

<Directory /usr/share/snappymail>
  DirectoryIndex index.php
  Options -Indexes +ExecCGI
  AllowOverride All
  Order deny,allow
  Allow from all
  Require all granted
</Directory>

<Directory /var/lib/snappymail>
  Options -Indexes
  Deny from all
</Directory>