|
|
(3 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
| = Creating a bootable alpine-1.9.x iso = | | = Work in progress docs = |
| | | * Nothing at the moment |
| == Create a build environment ==
| |
| To start with you need a working [[Setting_up_the_build_environment|build environment]].
| |
| | |
| == Update your build environment ==
| |
| Inside the [[Setting_up_the_build_environment|build environment]] you will need latest aports.[[BR]]
| |
| If you don't already have it, run:
| |
| git clone http://git.alpinelinux.org/aports /aports
| |
| If you already had it you can just update it:
| |
| cd /aports && git pull
| |
| | |
| | |
| | |
| = Upgrading Alpine =
| |
| | |
| This document describes how to replace an Alpine installation with a newer version.
| |
| | |
| The upgrade process consist of the following steps:
| |
| * Backup current setup
| |
| * Upgrade Alpine CD/USB
| |
| * Execute upgrade script
| |
| * Save changes
| |
| * Reboot
| |
| | |
| == Backing up current config ==
| |
| Its recommended to make a backup of your config before you start.<BR>
| |
| The idea is to save the (*apkovl*) from your media to a safe place.<BR>
| |
| If you need to rollback, simply revert to your old *apkovl.tar.gz*.
| |
| | |
| === Backing up to media ===
| |
| You could replace the existing floppy with a new (dos-formatted) floppy and then run the command:
| |
| lbu ci floppy
| |
| | |
| Or you could use a USB to store your configuration.
| |
| lbu ci usb
| |
| | |
| == Download new Alpine ==
| |
| [http://wiki.alpinelinux.org/w/index.php?title=Downloads Download] latest ISO image (or USB image).
| |
| | |
| === Upgrade CD media ===
| |
| Burn the ISO on a blank CD and replace the existing CD with the new.
| |
| /etc/init.d/modloop stop
| |
| eject
| |
| Now you should insert the new media.
| |
| /etc/init.d/modloop start
| |
| | |
| === Upgrade USB media ===
| |
| On USB installations you can just download and unpack the latest tar directly to ''/media/usb''.
| |
| $ wget -C /media/usb -q -O - \
| |
| http://distrib-coffee.ipsl.jussieu.fr/pub/linux/alpine/alpine/v1.7/usbdrive/alpine-1.7.22-i386.tar.gz \
| |
| | tar -zvx
| |
| | |
| == Execute upgrade script ==
| |
| The new media has a ''upgrade'' script found on root level on media (/media/cdrom/upgrade or /media/usb/upgrade).<BR>
| |
| Start by executing this script (in our example below we use CD media).
| |
| /media/cdrom/upgrade
| |
| | |
| === Example on how a upgrade could look ===
| |
| Before actually upgrading packages it will get an overview what packages will be upgraded.<BR>
| |
| It migh look something like this:
| |
| <pre>~ $ /media/usb/upgrade
| |
| Upgrading from alpine-1.7.2 to alpine-1.7.6
| |
| Will try to upgrade packages from
| |
| fetching usb://apks/INDEX.md5.gz
| |
| Looking for new packages...
| |
| The following packages will be updated:
| |
| alpine-baselayout-1.4.1-r1 < needs updating (index has 1.6.0)
| |
| alpine-conf-0.9 < needs updating (index has 1.0)
| |
| busybox-1.5.0-r1 < needs updating (index has 1.7.1)
| |
| | |
| Press Enter to continue or Ctrl-c to abort.
| |
| </pre>
| |
| | |
| Verify that it looks ok and press [''enter''] to start the upgrade.
| |
| | |
| As a first step the upgrade script will try to upgrade apk-tools, uclibc and busybox.<BR>
| |
| Then it will upgrade all packages by running'' 'apk_add -u'''.<BR>
| |
| It will look something like this:
| |
| <pre>fetching usb://apks/busybox-1.7.1.apk
| |
| updating busybox-1.5.0-r1 to busybox-1.7.1
| |
| fetching usb://apks/alpine-baselayout-1.6.0.apk
| |
| updating alpine-baselayout-1.4.1-r1 to alpine-baselayout-1.6.0
| |
| fetching usb://apks/alpine-conf-1.0.apk
| |
| updating alpine-conf-0.9 to alpine-conf-1.0
| |
| </pre>
| |
| | |
| When then'' 'apk_add' ''application upgrades packages, it will detect that you have modified some config files.<BR>
| |
| Instead of overwriting your config, it will install the new config with the suffix'' '.apk-new'''.<BR>
| |
| This way you are able to review and merge in changes from the default config to your own config file.<BR>
| |
| Config files that are untouched will just silently be replaced.
| |
| | |
| The'' 'upgrade' ''script will execute'' 'update-conf' ''to assist you in merging the config files.<BR>
| |
| It will first display a list of config files that you will need to take care of manually.<BR>
| |
| Like this:
| |
| <pre>The following config files have been updated and need attention:
| |
| /etc/profile
| |
| /etc/modules
| |
| /etc/inittab
| |
| /etc/hosts
| |
| /etc/init.d/syslog
| |
| /etc/init.d/networking
| |
| /etc/init.d/modloop
| |
| </pre>
| |
| | |
| Afterward it will step through every file, displaying a diff and give you options to act:
| |
| <pre>
| |
| --- /etc/profile 2007-05-31 14:11:47 +0000
| |
| +++ /etc/profile.apk-new 2007-09-07 06:33:36 +0000
| |
| @@ -1,4 +1,3 @@
| |
| export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
| |
| export PAGER=less
| |
| umask 022
| |
| -export LBU_MEDIA=usb
| |
| New /etc/profile available:
| |
| Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]:
| |
| </pre>
| |
| | |
| In this case we have added'' 'export LBU_MEDIA=usb' ''so we don't need to specify the media to'' 'lbu'''.<BR>
| |
| We want to keep our current file as it is so we just press'' 'z' ''(and [''enter'']) to zap the new config and keep the old.
| |
| Next is file is'' '/etc/modules''':
| |
| <pre>
| |
| --- /etc/modules 2007-05-09 16:02:31 +0000
| |
| +++ /etc/modules.apk-new 2007-09-07 06:33:36 +0000
| |
| @@ -1,4 +1,2 @@
| |
| deadline-iosched
| |
| af_packet
| |
| -xt_state
| |
| -xt_tcpudp
| |
| New /etc/modules available:
| |
| Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]:
| |
| </pre>
| |
| | |
| Also here we just keep the current config by pressing'' 'z' ''since the modules are needed for our ipsec.
| |
| | |
| Next file is'' '/etc/inittab''':
| |
| <pre>--- /etc/inittab 2007-06-20 13:21:20 +0000
| |
| +++ /etc/inittab.apk-new 2007-09-07 06:33:36 +0000
| |
| @@ -4,7 +4,7 @@
| |
| ::wait:/etc/init.d/rcL
| |
|
| |
| # Set up a couple of getty's
| |
| -::respawn:/sbin/cttyhack /sbin/getty - 9600 vt100
| |
| +::respawn:/usr/bin/cttyhack /sbin/getty - 9600 vt100
| |
| tty2::respawn:/sbin/getty 38400 tty2
| |
| tty3::respawn:/sbin/getty 38400 tty3
| |
| tty4::respawn:/sbin/getty 38400 tty4
| |
| New /etc/inittab available:
| |
| Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]:
| |
| </pre>
| |
| | |
| This time the change is not caused by us, but its a change in the default config.<BR>
| |
| This is even related to where the login screen should appear so if we dont merge this change, we might not be able to see the login screen!<BR>
| |
| We choose'' 'u' ''to use the new config.
| |
| | |
| Continue go through every config file.<BR>
| |
| Sometimes you might want to edit the new file, or leave the upgrade process to take care of the config file manually by using option'' 'q'''.<BR>
| |
| You can always resume later by either running the'' 'upgrade' ''script again or by executing'' 'update-conf -i'''.
| |
| | |
| == Save changes ==
| |
| Now that all upgrades are done, we should save our settings to our media (which you hopefully have backed up).
| |
| lbu ci floppy
| |
| | |
| == Rebooting ==
| |
| In most cases you will need to reboot Alpine (specially if there are changes in the kernel):
| |
| kill 1
| |
| '''''Note:''' If you know what you are doing, you might not need to reboot.<BR>But make sure that all services affected by the upgrade are restarted.''
| |
| | |
| | |
| = Postfix on 1.9 = | |
| | |
| == General ==
| |
| The idea is to create a postfix config to host multiple maildomains.<BR>
| |
| I want to document both how it's set up and how it's maintained
| |
| | |
| Dovecot should be configured to let users fetch their mail through ssl<BR>
| |
| The aim is also to be able to fetch mail with mobile devices eg. mobile phones.
| |
| | |
| == Initial Setup ==
| |
| Burn [http://dl-3.alpinelinux.org/alpine/v1.9/iso/alpine-1.9.0_alpha10-i386.iso alpine_1.9alpha10] on a CD and boot the machine.<BR>
| |
| '''''Suggestion:''' Follow notes on [[Setting_up_a_ssh-server]] to be able to remotely administer this box.''
| |
| | |
| == Postfix ==
| |
| | |
| === Install ===
| |
| apk_add postfix
| |
| | |
| === Prepare ===
| |
| We need to create a user on this system that has rights to read/write mail on you system.<BR>
| |
| Let's call this user ''vmail'' (you can choose another name if you like).<BR>
| |
| You will get prompted for a password.
| |
| adduser vmail
| |
| Now we need to know what gid/uid that user got.<BR>
| |
| Take notes on the numbers, you will need the in the upcoming configuration (in my case I got uid/gid '1001').
| |
| grep vmail /etc/passwd
| |
| This newly-created user will need permissions in the ''mail'' group.<BR>
| |
| Edit ''/etc/group'' and add ''vmail'' to the ''postdrop'' group. Se example below:
| |
| <pre>
| |
| postdrop:x:208:vmail
| |
| </pre>
| |
| | |
| ==== Create missing dirs ====
| |
| Seems we are missing ''/var/spool/mail'' and ''/var/mail'' so we need to create those
| |
| mkdir /var/spool/mail
| |
| ln -s /var/spool/mail /var/mail
| |
| | |
| ==== Create virtual maildir ====
| |
| In the upcoming configuration we are going to specify ''/var/mail/vhosts/'' as the ''virtual_mailbox_base'' so we need to create it.
| |
| mkdir /var/mail/vhosts
| |
| And we need to give permissions to our ''vmail'' user so he can read/write in this folder.
| |
| chown vmail:vmail /var/mail/vhosts
| |
| | |
| === Configuration ===
| |
| For now I just dump whatever I have.
| |
| I will clean up these notes soon.
| |
| | |
| ==== /etc/postfix/main.cf ====
| |
| These are the variables that varies from the defaults
| |
| <pre>
| |
| ## These settings differers from the default config ##
| |
| soft_bounce = yes # For testing
| |
| myhostname = mail.example.net
| |
| mydomain = example.net
| |
| myorigin = $mydomain
| |
| mydestination = localhost, mail.localdomain, localhost.localdomain, localdomain # See 'virtual_mailbox_domains' for more information
| |
| mynetworks = 192.168.10.0/24, 127.0.0.0/8
| |
| relayhost =
| |
| in_flow_delay = 1s
| |
| home_mailbox = Maildir/
| |
| mail_spool_directory = /var/spool/mail
| |
| smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
| |
| | |
| ## The following is added to the config ##
| |
| virtual_mailbox_domains = example.net
| |
| virtual_mailbox_base = /var/mail/vhosts
| |
| virtual_mailbox_maps = hash:/etc/postfix/vmailbox
| |
| virtual_minimum_uid = 100
| |
| virtual_uid_maps = static:1001
| |
| virtual_gid_maps = static:1001
| |
| virtual_alias_maps = hash:/etc/postfix/valias
| |
| </pre>
| |
| | |
| ==== /etc/postfix/valias ====
| |
| <pre>
| |
| postmaster@example.net user1@example.net
| |
| hostmaster@example.net user2@example.net
| |
| </pre>
| |
| | |
| ==== /etc/postfix/vmailbox ====
| |
| <pre>
| |
| user1@example.net example.net/user1/
| |
| user2@example.net example.net/user2/
| |
| @example.net example.net/catchall #everyone else doesn't match rule above
| |
| </pre>
| |
| | |
| === Create DB's ===
| |
| Once you created the above config-files, you need to make generate some DB's
| |
| postmap /etc/postfix/vmailbox
| |
| postmap /etc/postfix/valias
| |
| I am not 100% if the next command is needed, but I ''think'' that you need to create the 'aliases' DB.
| |
| postmap /etc/postfix/aliases
| |
| | |
| === Start postfix ===
| |
| It's time to start. Hopefully it works!
| |
| /etc/init.d/postfix start
| |
| | |
| === Debugging ===
| |
| In case something goes wrong you should have a look in your syslog.<BR>
| |
| Personally I use to tail the logfile while debugging
| |
| tail -f /var/log/messages
| |
| | |
| | |
| | |
| = Dovecot on 1.9 =
| |
| | |
| == General ==
| |
| Dovecot should be configured to let users fetch their mail through ssl<BR>
| |
| The aim is also to be able to fetch mail with mobile devices eg. mobile phones.
| |
| | |
| == Initial Setup ==
| |
| Start by following the 'postfix' instructions before you proceed to setup dovecot.
| |
| | |
| == Dovecot ==
| |
| | |
| === Install ===
| |
| apk_add dovecot
| |
| | |
| === Prepare ===
| |
| The upcoming configuration is going to need some certificates.
| |
| | |
| ==== Certificates ====
| |
| We want to keep things clean, so we create a dovecot folder for it's certs/keys
| |
| mkdir /etc/ssl/dovecot
| |
| Now we start creating the certs
| |
| openssl genrsa 512/1024 > server.pem
| |
| openssl req -new -key server.pem -days 365 -out request.pem # You will get prompted for various information that is added the the file
| |
| openssl genrsa 2048 > server.key
| |
| openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem
| |
| | |
| === Configuration ===
| |
| For now I just dump whatever I have.
| |
| I will clean up these notes soon.
| |
| | |
| ==== /etc/dovecot/dovecot.conf ====
| |
| <pre>
| |
| ## These settings varies from the default configuration ##
| |
| base_dir = /var/run/dovecot/
| |
| protocols = imap imaps
| |
| listen = *
| |
| disable_plaintext_auth = no
| |
| ssl_disable = no
| |
| ssl_cert_file = /etc/ssl/dovecot/server.pem
| |
| ssl_key_file = /etc/ssl/dovecot/server.key
| |
| ssl_parameters_regenerate = 168
| |
| verbose_ssl = yes
| |
| login_chroot = yes
| |
| login_greeting = Dovecot ready.
| |
| mail_location = maildir:/var/spool/mail/vhosts/%d/%n
| |
| mail_privileged_group = mail
| |
| mail_debug = no
| |
| verbose_proctitle = no
| |
| valid_chroot_dirs = /var/mail
| |
| protocols lda { # This line is not changed - it's here to help you know where to make edits
| |
| postmaster_address = postmaster@example.net
| |
| } # This line is not changed - it's here to help you know where to make edits
| |
| auth_verbose = yes
| |
| auth_debug = yes
| |
| auth_worker_max_count = 30
| |
| auth default { # This line is not changed - it's here to help you know where to make edits
| |
| mechanism = plain login digest-md5
| |
| passdb passwd-file {
| |
| args = /etc/dovecot/dovecot-passwd
| |
| }
| |
| userdb passwd-file {
| |
| args = /etc/dovecot/dovecot-users
| |
| }
| |
| socket listen {
| |
| path = /var/spool/postfix/private/auth
| |
| user = postfix
| |
| group = postfix
| |
| mode = 0660
| |
| }
| |
| } # This line is not changed - it's here to help you know where to make edits
| |
| </pre>
| |
| | |
| ==== /etc/dovecot/dovecot-users ====
| |
| The uid/gid number below '1004' should match your 'vmail' account (the account that owns '/var/mail/vhosts')
| |
| <pre>
| |
| user1@example.net::1004:1004::/var/spool/vhosts/example.net/:/bin/false::
| |
| user2@example.net::1004:1004::/var/spool/vhosts/example.net/:/bin/false::
| |
| </pre>
| |
| | |
| ==== /etc/dovecot/dovecot-passwd ====
| |
| To generate the passwords you can use the dovecotpw command.<BR>
| |
| The output can be used to create a password for your 'dovecot-passwd'
| |
| dovecotpw -s MD5-CRYPT
| |
| The /etc/dovecot/passwd file should look like this:
| |
| user1@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
| |
| user2@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
| |
| | |
| === Start dovecot ===
| |
| It's time to start. Hopefully it works!
| |
| /etc/init.d/dovecot start
| |
| | |
| === Debugging ===
| |
| In case something goes wrong you should have a look in your syslog.<BR>
| |
| Personally I use to tail the logfile while debugging
| |
| tail -f /var/log/dovecot
| |