Rebuilding SRPMS as non-root user and some other things...
Hi
I'm installing OTRS on CentOS 4 (RHEL4) and there were a couple
things I noticed:
1. The Red Hat SRPMs won't rebuild using a non-root account.
2. The RPM I initially built depended on sendmail, but the server I
want to run on is using postfix (the CentOS 4 postfix,
system-switch-mail was used to change the MTA). I fixed this by
removing sendmail from the spec file before rebuilding the SRPM.
3. Installing things like this in /opt isn't so common for Red Hat /
Fedora based distributions...
4. The web based installer for MySQL won't work if SELinux is
running (I realise the download page says that SELinux needs to be
disabled). So I manually created the db and inserted
otrs-schema.mysql.sql and then initial_insert.sql
Chris
PS The UK mirror site is very out of date, that latest version it
has is otrs-1.3.2.
--
Chris Croome
Hi Chris, On Mo, Sep 19, 2005 at 03:44:41 +0100, Chris Croome wrote:
I'm installing OTRS on CentOS 4 (RHEL4) and there were a couple things I noticed:
1. The Red Hat SRPMs won't rebuild using a non-root account.
2. The RPM I initially built depended on sendmail, but the server I want to run on is using postfix (the CentOS 4 postfix, system-switch-mail was used to change the MTA). I fixed this by removing sendmail from the spec file before rebuilding the SRPM.
OK.
3. Installing things like this in /opt isn't so common for Red Hat / Fedora based distributions...
Into which path do you install OTRS on CentOS? It is not enough to change the installation path in the spec file, you have to adapt the perl-startup files for web servers with mod_perl too for example. Because most OTRS installations are running on SUSE systems we decited to use /opt for installation. We know that this might cause trouble on other systems but we can't maintain OTRS packages for all linux distros. So we would be happy if other people create and maintain installation packages for the different distros, because they know for sure the distro better than we do.
4. The web based installer for MySQL won't work if SELinux is running (I realise the download page says that SELinux needs to be disabled).
Hmm. I don't have any experince with SElinux. What exactly is the problem? Do you have an idea how the webinstaller could be used even if SELinux is installed?
So I manually created the db and inserted otrs-schema.mysql.sql and then initial_insert.sql
Also install the otrs-schema-post.mysql.sql file. Do you have a working installation package now? If you like, we could link to this package via the otrs.org web site or we can put it on our web space. That would be very nice for us ;). But keep in mind, that you would be the maintainer of this package :).
PS The UK mirror site is very out of date, that latest version it has is otrs-1.3.2.
Yes, thanks for this hint. We'll contact the person who mirrors this site and see whats going on ;). Best regards, Christian -- ((otrs)) :: OTRS GmbH :: Europaring 4 :: D - 94315 Straubing Fon: +49 (0) 9421 1862 760 :: Fax: +49 (0) 9421 1862 769 http://www.otrs.com/ :: Communication with success!
Hi We just crossed emails... :-) On Tue 20-Sep-2005 at 11:12:13AM +0200, Christian Schoepplein wrote:
On Mo, Sep 19, 2005 at 03:44:41 +0100, Chris Croome wrote:
3. Installing things like this in /opt isn't so common for Red Hat / Fedora based distributions...
Into which path do you install OTRS on CentOS?
I didn't change anything and installed in /opt ...
It is not enough to change the installation path in the spec file, you have to adapt the perl-startup files for web servers with mod_perl too for example. Because most OTRS installations are running on SUSE systems we decited to use /opt for installation. We know that this might cause trouble on other systems but we can't maintain OTRS packages for all linux distros. So we would be happy if other people create and maintain installation packages for the different distros, because they know for sure the distro better than we do.
Yes, I understand this and I think it's fair enough, I would have the same attitude if I were you :-)
4. The web based installer for MySQL won't work if SELinux is running (I realise the download page says that SELinux needs to be disabled).
Hmm. I don't have any experince with SElinux. What exactly is the problem? Do you have an idea how the webinstaller could be used even if SELinux is installed?
Hmm, I *think* if the SELinux rules I sent in my last email are applied before the install then it'll work OK, but I haven't tested this...
So I manually created the db and inserted otrs-schema.mysql.sql and then initial_insert.sql
Also install the otrs-schema-post.mysql.sql file.
Ah, OK, thanks.
Do you have a working installation package now? If you like, we could link to this package via the otrs.org web site or we can put it on our web space. That would be very nice for us ;). But keep in mind, that you would be the maintainer of this package :).
Well, I wish I was able to take this on but I don't (yet) feel experienced enough in package building to be able to change things like the install path or that only root can build RPMS... Of course spare time is also an issue... I could make the RPM I built available somewhere though if anyone wants it, I don't consider it good enough to link from the web site though...
PS The UK mirror site is very out of date, that latest version it has is otrs-1.3.2.
Yes, thanks for this hint. We'll contact the person who mirrors this site and see whats going on ;).
Cool :-)
Chris
PS "Saluation" is a bit weird "Title" is the English translation that
people would find more usual... :-)
--
Chris Croome
Hi Chris, On Di, Sep 20, 2005 at 10:42:03 +0100, Chris Croome wrote:
On Tue 20-Sep-2005 at 11:12:13AM +0200, Christian Schoepplein wrote:
On Mo, Sep 19, 2005 at 03:44:41 +0100, Chris Croome wrote:
4. The web based installer for MySQL won't work if SELinux is running (I realise the download page says that SELinux needs to be disabled).
Hmm. I don't have any experince with SElinux. What exactly is the problem? Do you have an idea how the webinstaller could be used even if SELinux is installed?
Hmm, I *think* if the SELinux rules I sent in my last email are applied before the install then it'll work OK, but I haven't tested this...
OK, I'll see if we can test it some where.
Do you have a working installation package now? If you like, we could link to this package via the otrs.org web site or we can put it on our web space. That would be very nice for us ;). But keep in mind, that you would be the maintainer of this package :).
Well, I wish I was able to take this on but I don't (yet) feel experienced enough in package building to be able to change things like the install path or that only root can build RPMS... Of course spare time is also an issue...
OK, no problem at all :).
PS "Saluation" is a bit weird "Title" is the English translation that people would find more usual... :-)
Do you mean generaly for OTRS or especialy in the english docu which is available since yesterday? BTW.: We all are no native english speakers :(. Unfortunatly this results in english translations that must be cruel, funny or whatever for people who speak this language every day. For this reason we would be very happy if our english (and ofcourse other languages too) translations could be reworked and corrected by native speakers or if bug reports on http://bugs.otrs.org can be created for translation errors. Best regards, Christian -- ((otrs)) :: OTRS GmbH :: Europaring 4 :: D - 94315 Straubing Fon: +49 (0) 9421 1862 760 :: Fax: +49 (0) 9421 1862 769 http://www.otrs.com/ :: Communication with success!
Hi On Mon 19-Sep-2005 at 03:44:41PM +0100, Chris Croome wrote:
I'm installing OTRS on CentOS 4 (RHEL4)
So far this is what I have doen to make SELinux work OK with OTRS:
1. Add the following to
/etc/selinux/targeted/src/policy/domains/program/apache.te
allow httpd_t policy_src_t:dir search;
allow httpd_t usr_t:dir write;
allow httpd_t usr_t:dir add_name;
allow httpd_t usr_t:file create;
2. cd /etc/selinux/targeted/src/policy; make load
3. Restart httpd
I'm no SELinux expert though... :-)
Chris
--
Chris Croome
Hi Chris, On Di, Sep 20, 2005 at 10:26:23 +0100, Chris Croome wrote:
On Mon 19-Sep-2005 at 03:44:41PM +0100, Chris Croome wrote:
I'm installing OTRS on CentOS 4 (RHEL4)
So far this is what I have doen to make SELinux work OK with OTRS:
1. Add the following to /etc/selinux/targeted/src/policy/domains/program/apache.te
allow httpd_t policy_src_t:dir search; allow httpd_t usr_t:dir write; allow httpd_t usr_t:dir add_name; allow httpd_t usr_t:file create;
2. cd /etc/selinux/targeted/src/policy; make load
3. Restart httpd
I'm no SELinux expert though... :-)
Thanks for this short description! I'll try to create a FAQ article about this for CentOS as soon as possible. If the same changes are necesary on other systems (in the same files with the same paths) I could create a general article. Is anyone here using SELinux on another system? Best regards, Christian -- ((otrs)) :: OTRS GmbH :: Europaring 4 :: D - 94315 Straubing Fon: +49 (0) 9421 1862 760 :: Fax: +49 (0) 9421 1862 769 http://www.otrs.com/ :: Communication with success!
Hi On Tue 20-Sep-2005 at 12:43:00PM +0200, Christian Schoepplein wrote:
On Di, Sep 20, 2005 at 10:26:23 +0100, Chris Croome wrote:
On Mon 19-Sep-2005 at 03:44:41PM +0100, Chris Croome wrote:
I'm installing OTRS on CentOS 4 (RHEL4)
So far this is what I have doen to make SELinux work OK with OTRS:
1. Add the following to /etc/selinux/targeted/src/policy/domains/program/apache.te
allow httpd_t policy_src_t:dir search; allow httpd_t usr_t:dir write; allow httpd_t usr_t:dir add_name; allow httpd_t usr_t:file create;
2. cd /etc/selinux/targeted/src/policy; make load
3. Restart httpd
Thanks for this short description! I'll try to create a FAQ article about this for CentOS as soon as possible.
CentOS 4 should be exactly the same as Red Hat Enterprise 4 and I expect
that Fedora Core 3 and 4 will be more-or-less the same...
The other thing that could go in the FAQ is how to get the rules above
-- basically if you do this after SELinux stops something from
happening:
tail /var/log/messages | audit2allow
Then you get back a rule like the ones above, keep doing this and adding
rules till stuff works... :-)
Chris
--
Chris Croome
participants (2)
-
Chris Croome -
Christian Schoepplein