User:Mhavela

From Alpine Linux

Creating a bootable alpine-1.9.x iso

Create a build environment

To start with you need a working build environment.

Update your build environment

Inside the build environment you will need latest aports.BR If you don't already have it, run:

git clone http://git.alpinelinux.org/aports /aports

If you already had it you can just update it:

cd /aports && git pull


Upgrading Alpine

This document describes how to replace an Alpine installation with a newer version.

The upgrade process consist of the following steps:

  • Backup current setup
  • Upgrade Alpine CD/USB
  • Execute upgrade script
  • Save changes
  • Reboot

Backing up current config

Its recommended to make a backup of your config before you start.
The idea is to save the (*apkovl*) from your media to a safe place.
If you need to rollback, simply revert to your old *apkovl.tar.gz*.

Backing up to media

You could replace the existing floppy with a new (dos-formatted) floppy and then run the command:

lbu ci floppy

Or you could use a USB to store your configuration.

lbu ci usb

Download new Alpine

Download latest ISO image (or USB image).

Upgrade CD media

Burn the ISO on a blank CD and replace the existing CD with the new.

/etc/init.d/modloop stop
eject

Now you should insert the new media.

/etc/init.d/modloop start

Upgrade USB media

On USB installations you can just download and unpack the latest tar directly to /media/usb.

$ wget -C /media/usb -q -O - \
      http://distrib-coffee.ipsl.jussieu.fr/pub/linux/alpine/alpine/v1.7/usbdrive/alpine-1.7.22-i386.tar.gz \
      | tar -zvx

Execute upgrade script

The new media has a upgrade script found on root level on media (/media/cdrom/upgrade or /media/usb/upgrade).
Start by executing this script (in our example below we use CD media).

/media/cdrom/upgrade

Example on how a upgrade could look

Before actually upgrading packages it will get an overview what packages will be upgraded.
It migh look something like this:

~ $ /media/usb/upgrade 
Upgrading from alpine-1.7.2 to alpine-1.7.6
Will try to upgrade packages from 
fetching usb://apks/INDEX.md5.gz
Looking for new packages...
The following packages will be updated:
alpine-baselayout-1.4.1-r1          <  needs updating (index has 1.6.0)
alpine-conf-0.9                     <  needs updating (index has 1.0)
busybox-1.5.0-r1                    <  needs updating (index has 1.7.1)

Press Enter to continue or Ctrl-c to abort.

Verify that it looks ok and press [enter] to start the upgrade.

As a first step the upgrade script will try to upgrade apk-tools, uclibc and busybox.
Then it will upgrade all packages by running 'apk_add -u'.
It will look something like this:

fetching usb://apks/busybox-1.7.1.apk
updating busybox-1.5.0-r1 to busybox-1.7.1
fetching usb://apks/alpine-baselayout-1.6.0.apk
updating alpine-baselayout-1.4.1-r1 to alpine-baselayout-1.6.0
fetching usb://apks/alpine-conf-1.0.apk
updating alpine-conf-0.9 to alpine-conf-1.0

When then 'apk_add' application upgrades packages, it will detect that you have modified some config files.
Instead of overwriting your config, it will install the new config with the suffix '.apk-new'.
This way you are able to review and merge in changes from the default config to your own config file.
Config files that are untouched will just silently be replaced.

The 'upgrade' script will execute 'update-conf' to assist you in merging the config files.
It will first display a list of config files that you will need to take care of manually.
Like this:

The following config files have been updated and need attention:
/etc/profile
/etc/modules
/etc/inittab
/etc/hosts
/etc/init.d/syslog
/etc/init.d/networking
/etc/init.d/modloop

Afterward it will step through every file, displaying a diff and give you options to act:

--- /etc/profile        2007-05-31 14:11:47 +0000
+++ /etc/profile.apk-new        2007-09-07 06:33:36 +0000
@@ -1,4 +1,3 @@
 export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
 export PAGER=less
 umask 022
-export LBU_MEDIA=usb
New /etc/profile available:
Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]: 

In this case we have added 'export LBU_MEDIA=usb' so we don't need to specify the media to 'lbu'.
We want to keep our current file as it is so we just press 'z' (and [enter]) to zap the new config and keep the old. Next is file is '/etc/modules':

--- /etc/modules        2007-05-09 16:02:31 +0000
+++ /etc/modules.apk-new        2007-09-07 06:33:36 +0000
@@ -1,4 +1,2 @@
 deadline-iosched
 af_packet
-xt_state
-xt_tcpudp
New /etc/modules available:
Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]: 

Also here we just keep the current config by pressing 'z' since the modules are needed for our ipsec.

Next file is '/etc/inittab':

--- /etc/inittab        2007-06-20 13:21:20 +0000
+++ /etc/inittab.apk-new        2007-09-07 06:33:36 +0000
@@ -4,7 +4,7 @@
 ::wait:/etc/init.d/rcL
 
 # Set up a couple of getty's
-::respawn:/sbin/cttyhack /sbin/getty - 9600 vt100
+::respawn:/usr/bin/cttyhack /sbin/getty - 9600 vt100
 tty2::respawn:/sbin/getty 38400 tty2
 tty3::respawn:/sbin/getty 38400 tty3
 tty4::respawn:/sbin/getty 38400 tty4
New /etc/inittab available:
Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]: 

This time the change is not caused by us, but its a change in the default config.
This is even related to where the login screen should appear so if we dont merge this change, we might not be able to see the login screen!
We choose 'u' to use the new config.

Continue go through every config file.
Sometimes you might want to edit the new file, or leave the upgrade process to take care of the config file manually by using option 'q'.
You can always resume later by either running the 'upgrade' script again or by executing 'update-conf -i'.

Save changes

Now that all upgrades are done, we should save our settings to our media (which you hopefully have backed up).

lbu ci floppy

Rebooting

In most cases you will need to reboot Alpine (specially if there are changes in the kernel):

kill 1

Note: If you know what you are doing, you might not need to reboot.
But make sure that all services affected by the upgrade are restarted.


Postfix on 1.9

General

The idea is to create a postfix config to host multiple maildomains.
I want to document both how it's set up and how it's maintained

When you are done with postfix installation you could proceed and install (depending on your needs)

  • clamsmtpd
  • gross
  • dovecot
  • Other email related applications

Initial Setup

Burn alpine_1.9alpha10 on a CD and boot the machine.
Suggestion: Follow notes on Setting_up_a_ssh-server to be able to remotely administer this box.

Postfix

Install

apk_add postfix

Prepare

We need to create a user on this system that has rights to read/write mail on you system.
Let's call this user vmail (you can choose another name if you like).
You will get prompted for a password.

adduser vmail

Now we need to know what gid/uid that user got.
Take notes on the numbers, you will need the in the upcoming configuration (in my case I got uid/gid '1001').

grep vmail /etc/passwd

This newly-created user will need permissions in the mail group.
Edit /etc/group and add vmail to the postdrop group. Se example below:

postdrop:x:208:vmail

Create missing dirs

Seems we are missing /var/spool/mail and /var/mail so we need to create those

mkdir /var/spool/mail
ln -s /var/spool/mail /var/mail

Create virtual maildir

In the upcoming configuration we are going to specify /var/mail/vhosts/ as the virtual_mailbox_base so we need to create it.

mkdir /var/mail/vhosts

And we need to give permissions to our vmail user so he can read/write in this folder.

chown vmail:vmail /var/mail/vhosts

Configuration

For now I just dump whatever I have. I will clean up these notes soon.

/etc/postfix/main.cf

These are the variables that varies from the defaults

## These settings differers from the default config ##
soft_bounce = yes   # For testing
myhostname = mail.example.net
mydomain = example.net
myorigin = $mydomain
mydestination = localhost, mail.localdomain, localhost.localdomain, localdomain   # See 'virtual_mailbox_domains' for more information
mynetworks = 192.168.10.0/24, 127.0.0.0/8
relayhost =
in_flow_delay = 1s
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

## The following is added to the config ##
virtual_mailbox_domains = example.net
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_alias_maps = hash:/etc/postfix/valias

/etc/postfix/valias

postmaster@example.net user1@example.net
hostmaster@example.net user2@example.net

/etc/postfix/vmailbox

user1@example.net      example.net/user1/
user2@example.net      example.net/user2/
@example.net           example.net/catchall #everyone else doesn't match rule above

Create DB's

Once you created the above config-files, you need to make generate some DB's

postmap /etc/postfix/vmailbox
postmap /etc/postfix/valias

I am not 100% if the next command is needed, but I think that you need to create the 'aliases' DB.

postmap /etc/postfix/aliases

Start postfix

It's time to start. Hopefully it works!

/etc/init.d/postfix start

Debugging

In case something goes wrong you should have a look in your syslog.
Personally I use to tail the logfile while debugging

tail -f /var/log/messages

Dovecot on 1.9

General

Dovecot should be configured to let users fetch their mail through ssl
The aim is also to be able to fetch mail with mobile devices eg. mobile phones.

Initial Setup

Start by following the 'postfix' instructions before you proceed to setup dovecot.

Dovecot

Install

apk_add dovecot

Prepare

The upcoming configuration is going to need some certificates.

Certificates

We want to keep things clean, so we create a dovecot folder for it's certs/keys

mkdir /etc/ssl/dovecot

Now we start creating the certs

openssl genrsa 512/1024 > server.pem
openssl req -new -key server.pem -days 365 -out request.pem  # You will get prompted for various information that is added the the file
openssl genrsa 2048 > server.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem

Configuration

For now I just dump whatever I have. I will clean up these notes soon.

/etc/dovecot/dovecot.conf

## These settings varies from the default configuration ##
base_dir = /var/run/dovecot/
protocols = imap imaps
listen = *
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/dovecot/server.pem
ssl_key_file = /etc/ssl/dovecot/server.key
ssl_parameters_regenerate = 168
verbose_ssl = yes
login_chroot = yes
login_greeting = Dovecot ready.
mail_location = maildir:/var/spool/mail/vhosts/%d/%n
mail_privileged_group = mail
mail_debug = no
verbose_proctitle = no
valid_chroot_dirs = /var/mail
protocols lda {     # This line is not changed - it's here to help you know where to make edits
  postmaster_address = postmaster@example.net
}     # This line is not changed - it's here to help you know where to make edits
auth_verbose = yes
auth_debug = yes
auth_worker_max_count = 30
auth default {     # This line is not changed - it's here to help you know where to make edits
  mechanism = plain login digest-md5
  passdb passwd-file {
    args = /etc/dovecot/dovecot-passwd
  }
  userdb passwd-file {
    args = /etc/dovecot/dovecot-users
  }
  socket listen {
    path = /var/spool/postfix/private/auth
    user = postfix
    group = postfix
    mode = 0660
  }
}     # This line is not changed - it's here to help you know where to make edits

/etc/dovecot/dovecot-users

The uid/gid number below '1004' should match your 'vmail' account (the account that owns '/var/mail/vhosts')

user1@example.net::1004:1004::/var/spool/vhosts/example.net/:/bin/false::
user2@example.net::1004:1004::/var/spool/vhosts/example.net/:/bin/false::

/etc/dovecot/dovecot-passwd

To generate the passwords you can use the dovecotpw command.
The output can be used to create a password for your 'dovecot-passwd'

dovecotpw -s MD5-CRYPT 

The /etc/dovecot/passwd file should look like this:

user1@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
user2@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0

Start dovecot

It's time to start. Hopefully it works!

/etc/init.d/dovecot start

Debugging

In case something goes wrong you should have a look in your syslog.
Personally I use to tail the logfile while debugging

tail -f /var/log/dovecot