search

ykaliuta / fidogate

FidoGate
GNU General Public License v2.0
12 stars 6 forks source link

Installing on Centos 7 #25

Open nahimov opened 10 months ago

nahimov commented 10 months ago

Hello! Is it possible to install this package fidogate to centos 7 ? I'll try to: rpm -i fidogate-5.12-1.x86_64.rpm but have a problem with perl: error: Failed dependencies: perl(getopts.pl) is needed by fidogate-5.12-1.x86_64 I have installed perl, but no idea what they want....

nahimov commented 10 months ago

so strange, i install perl-Perl4-CoreLibs, after start rpm -U fidogate-5.12-1.x86_64.rpm, after i see:

Nov 25 18:16:51 v6q2mre27tqvz5i systemd[1]: Unit fidogate.service entered failed state. Nov 25 18:16:51 v6q2mre27tqvz5i systemd[1]: fidogate.service failed. Nov 25 18:16:52 v6q2mre27tqvz5i sshd[8705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.237.131.141 user=root Nov 25 18:16:54 v6q2mre27tqvz5i sshd[8705]: Failed password for root from 121.237.131.141 port 49183 ssh2 Nov 25 18:16:54 v6q2mre27tqvz5i sshd[8705]: Connection closed by 121.237.131.141 port 49183 [preauth] Nov 25 18:16:56 v6q2mre27tqvz5i sshd[8713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.237.131.141 user=root Nov 25 18:16:59 v6q2mre27tqvz5i sshd[8713]: Failed password for root from 121.237.131.141 port 49726 ssh2 Nov 25 18:16:59 v6q2mre27tqvz5i sshd[8713]: Connection closed by 121.237.131.141 port 49726 [preauth]

I'm consufed

ykaliuta commented 9 months ago

I basically abandoned the project since the war in Ukraine started. Historically I used only russian speaking part of fidonet and it mostly supports the war, so I'm not interested in it anymore.

nahimov commented 9 months ago

Hello! What does Fido have to do with war? Fido has always been out of politics. For example, I come from Kyiv, I communicate with you in English, because I don’t know which country you are from and I do not want to violate the opinion of someone. Странно всё это, ну ладно...

ykaliuta commented 9 months ago

The crucial part is that I'm not interested in and I do not use the project anymore. And I explained why. It happens in open source every now and then.

kosfango commented 7 months ago

Nov 25 18:16:51 v6q2mre27tqvz5i systemd[1]: Unit fidogate.service entered failed state. Nov 25 18:16:51 v6q2mre27tqvz5i systemd[1]: fidogate.service failed.

Did you check fidogate logs? Also you can check: systemctl status fidogate.service and journactl -u fidogate.service

ykaliuta commented 7 months ago

Fidogate itself is not a daemon. systemd unit file is used just to create a directory in /run for flags (it was non-volatile /var/run years ago and a part of the package, but then things changed). I did not check why it does not work anymore or in your case, but it should not be a showstopper, you should be able to create it manually at least.

kosfango commented 7 months ago

Fidogate itself is not a daemon. systemd unit file is used just to create a directory in /run for flags (it was non-volatile /var/run years ago and a part of the package, but then things changes). I did not check why it does not work anymore or in your case, but it should not be a showstopper, you should be able to create it manually at least.

Yes, you are fully right, but systemd unit logs can help to understand the reason of this current issue. As far as I remember, Centos 7 has SELINUX enabled by default and also some debian-based OS have apparmor. Mandatory access control can affect to creating directories needed for Fidogate. Unfortunately, I never tested Fidogate in rmp or deb based OS.

ykaliuta commented 7 months ago

If you know how to fix the unit file I'll apply the patch, no problem

kosfango commented 7 months ago

If you know how to fix the unit file I'll apply the patch, no problem

Let me start my vm ware workstation... As far as I remember, I had Centos7 installed for tests.

kosfango commented 7 months ago

As I wrote before, systemctl logs helped

 fidogate.service - Fidogate runtime prepare
   Loaded: loaded (/usr/lib/systemd/system/fidogate.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2024-01-30 17:34:56 EST; 24s ago
  Process: 14208 ExecStart=/bin/chown ftn:news /run/fidogate (code=exited, status=1/FAILURE)
  Process: 14206 ExecStart=/bin/mkdir -p /run/fidogate (code=exited, status=0/SUCCESS)
 Main PID: 14208 (code=exited, status=1/FAILURE)
Jan 30 17:34:56 localhost.localdomain systemd[1]: Starting Fidogate runtime prepare...
Jan 30 17:34:56 localhost.localdomain chown[14208]: /bin/chown: invalid user: ‘ftn:news’
Jan 30 17:34:56 localhost.localdomain systemd[1]: fidogate.service: main process exited, code=exited, status=1/FAILURE
Jan 30 17:34:56 localhost.localdomain systemd[1]: Failed to start Fidogate runtime prepare.
Jan 30 17:34:56 localhost.localdomain systemd[1]: Unit fidogate.service entered failed state.
Jan 30 17:34:56 localhost.localdomain systemd[1]: fidogate.service failed.
Jan 30 17:30:35 localhost.localdomain sshd[13601]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 30 17:31:15 localhost.localdomain polkitd[640]: Registered Authentication Agent for unix-process:14094:25675 (system bus name :1.23
Jan 30 17:31:15 localhost.localdomain systemd[1]: Reloading.
Jan 30 17:31:16 localhost.localdomain polkitd[640]: Unregistered Authentication Agent for unix-process:14094:25675 (system bus name :1.
Jan 30 17:34:50 localhost.localdomain yum[14172]: Installed: perl-Perl4-CoreLibs-0.003-7.el7.noarch
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: group added to /etc/group: name=news, GID=13
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: group added to /etc/gshadow: name=news
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: new group: name=news, GID=13
Jan 30 17:34:55 localhost.localdomain useradd[14198]: new user: name=news, UID=996, GID=13, home=/etc/fidogate, shell=/bin/bash
Jan 30 17:34:56 localhost.localdomain systemd[1]: Starting Fidogate runtime prepare...
-- Subject: Unit fidogate.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fidogate.service has begun starting up.
Jan 30 17:34:56 localhost.localdomain chown[14208]: /bin/chown: invalid user: ‘ftn:news’
Jan 30 17:34:56 localhost.localdomain systemd[1]: fidogate.service: main process exited, code=exited, status=1/FAILURE
Jan 30 17:34:56 localhost.localdomain systemd[1]: Failed to start Fidogate runtime prepare.
-- Subject: Unit fidogate.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Looks like issue around: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/debian/fidogate.service#L6-L8 but seems it's for debian.

Into spec file: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L18

Also: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/src/Makefile.am#L127-L130

Also: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/Makefile.am#L56-L60

I think it should be news:news, but I don't understand where rpm get ftn:new

kosfango commented 7 months ago

If you know how to fix the unit file I'll apply the patch, no problem

Yes, found: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L56

ykaliuta commented 7 months ago

Yes, I create user ftn in debian postinst and probably forgot it in %postin

kosfango commented 7 months ago

Yes, I create user ftn in debian postinst and probably forgot it in %postin

The issue is a simple, but need to think how it should be most correctly: there we have ftn:ftn https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/debian/fidogate.postinst#L37-L38 there we have ftn:news https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/debian/fidogate.service#L7 there ftn:news https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/debian/fidogate.postinst#L41 and etc: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/debian/fidogate.postinst#L43-L44

ykaliuta commented 7 months ago

Yes, it's on purpose. To marry news and ftn. And there are SUID binaries for that.

kosfango commented 7 months ago

Perhaps, we should create additional user around here:

https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L62-L63

but I dont know if it's a good solution: something like:

useradd -r -g news -d /home/ftn -c "Fidogate user" ftn

However, it looks like a bad hardcode

kosfango commented 7 months ago

Also we can just try to change news to ftn:

https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L18

While, I'm not understanding how it should be by desing

ykaliuta commented 7 months ago

Perhaps, we should create additional user around here:

https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L62-L63

but I dont know if it's a good solution: something like:

useradd -r -g news -d /home/ftn -c "Fidogate user" ftn

However, it looks like a bad hardcode

Hmm, and %{user} is news there in rpm. I'm wondering how I supposed it to work on rpm-based and how tested :) It was long time ago

kosfango commented 7 months ago

I suspect that we need both users and groups: ftn:ftn (for Fidogate) and news:news for Innd service, but not sure on 100%

kosfango commented 7 months ago

Also, Fidogate can work without Innd service. I think in this case news:news will absent in the system. Btw, does innd use news:news by default in Linux?

ykaliuta commented 7 months ago

IIRC on debian there is binkd under ftn, so I wanted to integrate it there. Probably for rpm-based it is not valid and working under news:news is ok. But then the unit file should be fixed for that.

kosfango commented 7 months ago

IIRC on debian there is binkd under ftn, so I wanted to integrate it there. Probably for rpm-based it is not valid and working under news:news is ok. But then the unit file should be fixed for that.

Souds good. We can put dedicated unit file something here: https://github.com/ykaliuta/fidogate/tree/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm

Just to change ftn to news:

[Unit]
Description=Fidogate runtime prepare

[Service]
Type=oneshot
ExecStart=/bin/mkdir -p /run/fidogate
ExecStart=/bin/chown news:news /run/fidogate
ExecStart=/bin/chmod 770 /run/fidogate

[Install]
WantedBy=multi-user.target

and change path here: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L56

to install -D -m 0644 %{name}.service

ykaliuta commented 7 months ago

Also, Fidogate can work without Innd service. I think in this case news:news will absent in the system. Btw, does innd use news:news by default in Linux?

It is Suggested for debian but I do not remember if news user is included into base passwd. May be bug here as well for sure.

kosfango commented 7 months ago

It is Suggested for debian but I do not remember if news user is included into base passwd. May be bug here as well for sure.

As far as I see, Centos 7 didn't have news:news before Fidogate rmp installation: pay attention to uid:

[root@localhost tmp]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
s.anohin:x:1000:1000::/home/s.anohin:/bin/bash
dockerroot:x:997:994:Docker User:/var/lib/docker:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
news:x:996:13:Fidonet user:/etc/fidogate:/bin/bash

and gid

[root@localhost tmp]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
input:x:999:
systemd-journal:x:190:
systemd-network:x:192:
dbus:x:81:
polkitd:x:998:
ssh_keys:x:997:
sshd:x:74:
postdrop:x:90:
postfix:x:89:
chrony:x:996:
s.anohin:x:1000:
cgred:x:995:
dockerroot:x:994:
apache:x:48:
mysql:x:27:
jackuser:x:993:
tss:x:59:
news:x:13:
ykaliuta commented 7 months ago

IIRC on debian there is binkd under ftn, so I wanted to integrate it there. Probably for rpm-based it is not valid and working under news:news is ok. But then the unit file should be fixed for that.

Souds good. We can put dedicated unit file something here: https://github.com/ykaliuta/fidogate/tree/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm

Just to change ftn to news:

[Unit]
Description=Fidogate runtime prepare

[Service]
Type=oneshot
ExecStart=/bin/mkdir -p /run/fidogate
ExecStart=/bin/chown news:news /run/fidogate
ExecStart=/bin/chmod 770 /run/fidogate

[Install]
WantedBy=multi-user.target

and change path here:

https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L56

to install -D -m 0644 %{name}.service

In theory it would be better to generate both from some common template but probably it does not make sense for such a simple case (keeping in mind that make dist generated tarball should be buildable for rpm). So, I will take it

ykaliuta commented 7 months ago

It is Suggested for debian but I do not remember if news user is included into base passwd. May be bug here as well for sure.

As far as I see, Centos 7 didn't have news:news before Fidogate rmp installation: pay attention to uid:

[root@localhost tmp]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
s.anohin:x:1000:1000::/home/s.anohin:/bin/bash
dockerroot:x:997:994:Docker User:/var/lib/docker:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
news:x:996:13:Fidonet user:/etc/fidogate:/bin/bash

and gid

[root@localhost tmp]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
utmp:x:22:
utempter:x:35:
input:x:999:
systemd-journal:x:190:
systemd-network:x:192:
dbus:x:81:
polkitd:x:998:
ssh_keys:x:997:
sshd:x:74:
postdrop:x:90:
postfix:x:89:
chrony:x:996:
s.anohin:x:1000:
cgred:x:995:
dockerroot:x:994:
apache:x:48:
mysql:x:27:
jackuser:x:993:
tss:x:59:
news:x:13:

news 13 is predefined.

kosfango commented 7 months ago

Also we see in logs:

Jan 30 17:34:55 localhost.localdomain groupadd[14193]: group added to /etc/group: name=news, GID=13
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: group added to /etc/gshadow: name=news
Jan 30 17:34:55 localhost.localdomain groupadd[14193]: new group: name=news, GID=13
Jan 30 17:34:55 localhost.localdomain useradd[14198]: new user: name=news, UID=996, GID=13, home=/etc/fidogate, shell=/bin/bash
kosfango commented 7 months ago

I've checked another VPS on Centos 7, so there is no have news:news by default

ykaliuta commented 7 months ago

Anyway, the assumption is wrong for whatever reason, the user(s) should be checked and properly created

kosfango commented 7 months ago

Anyway, the assumption is wrong for whatever reason, the user(s) should be checked and properly created

From inn rpm:

getent group news >/dev/null || groupadd -g 13 -r news
getent passwd news >/dev/null || \
useradd -r -u 9 -g news -d /etc/news  \
-c "News server user" news
exit 0
kosfango commented 7 months ago

So, we have already checking news user into the system by OR operator:

https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L60-L62

I see similar code

ykaliuta commented 7 months ago

So, we have already checking news user into the system by OR operator:

https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L60-L62

So, I was not so stupid after all :)

kosfango commented 7 months ago

So, we have already checking news user into the system by OR operator: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L60-L62

So, I was not so stupid after all :)

Sorry, I get wrong rpm :)

kosfango commented 7 months ago

So, I was not so stupid after all :)

Post was edited: https://github.com/ykaliuta/fidogate/issues/25#issuecomment-1918135900

kosfango commented 7 months ago

The main difference gid/uid:

news:x:9:13:News server user:/etc/news:/bin/bash

kosfango commented 7 months ago

Also, there is have a little interference with home directories: /etc/news VS /etc/fidogate. In this case, may be reasonable to use in rpm spec define user ftn instead of news

kosfango commented 7 months ago

So, finally, maybe change news to ftn will be enough here: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L18

in this case user ftn will be included to news group also: https://github.com/ykaliuta/fidogate/blob/e4e8b9451e61a79b828a064ce02e2427934324eb/packages/rpm/fidogate.spec.in#L60-L62

and seems, we won't get interference news and ftp users

kosfango commented 7 months ago

Sorry, I get wrong rpm :)

I remebered that UNIX-like community use user fido:fido. In this case, it's possible to use the same for rpm/deb based system: fido:fido for all FTN software. news:news for innd and other This will be a cool unification

ykaliuta commented 7 months ago

There is no unification. https://salsa.debian.org/md/binkd/-/blob/master/debian/binkd.postinst?ref_type=heads

kosfango commented 7 months ago

There is no unification. https://salsa.debian.org/md/binkd/-/blob/master/debian/binkd.postinst?ref_type=heads

Yes, you are right. In this case, ftn user for Fidogate in rpm-based OS will be more natively

kosfango commented 7 months ago

There is no unification. https://salsa.debian.org/md/binkd/-/blob/master/debian/binkd.postinst?ref_type=heads

I'll try to rebuild rpm to change user news in spec file to ftn and try to install new rpm on my VPS. I'll send you git patch if won't see errors during install