Commit ab983a08 authored by Marco Mariani's avatar Marco Mariani

zimbra doc: reindent

parent 2fcedb3d
...@@ -191,7 +191,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi ...@@ -191,7 +191,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi
A layered approach has been applied: A layered approach has been applied:
- when possible, replace /opt/zimbra with ${ZIMBRA_HOME} in bash *) when possible, replace /opt/zimbra with ${ZIMBRA_HOME} in bash
(and /usr/local/java with JAVA_HOME) (and /usr/local/java with JAVA_HOME)
Pay attention to the quotes. Inside shell scripts, "$VAR" does variable Pay attention to the quotes. Inside shell scripts, "$VAR" does variable
...@@ -205,7 +205,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi ...@@ -205,7 +205,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi
An error is returned in buildThirdParty.sh if ZIMBRA_HOME is not set up. An error is returned in buildThirdParty.sh if ZIMBRA_HOME is not set up.
- use $(ZIMBRA_HOME) in makefiles *) use $(ZIMBRA_HOME) in makefiles
Be careful of using proper parens: $() and not ${} Be careful of using proper parens: $() and not ${}
Makefiles will automatically use the envvar if defined, but when debugging Makefiles will automatically use the envvar if defined, but when debugging
...@@ -215,7 +215,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi ...@@ -215,7 +215,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi
we make sure we remember to use of environment.sh we make sure we remember to use of environment.sh
- plain sed replacement *) plain sed replacement
Before starting the build, all remaining /opt/zimbra occurrences are replaced Before starting the build, all remaining /opt/zimbra occurrences are replaced
with a global with a global
...@@ -224,7 +224,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi ...@@ -224,7 +224,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi
(see buildout.cfg:[zimbra-sources-search-replace]) (see buildout.cfg:[zimbra-sources-search-replace])
- replace s/../../ with s|..|..| in bash (and m|...| in Perl) *) replace s/../../ with s|..|..| in bash (and m|...| in Perl)
There are several occurences of /opt/zimbra in regular expressions, where There are several occurences of /opt/zimbra in regular expressions, where
it appears as \/opt\/zimbra. it appears as \/opt\/zimbra.
...@@ -244,7 +244,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi ...@@ -244,7 +244,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi
and change them from ' to " where needed. and change them from ' to " where needed.
- sed replacement for awk *) sed replacement for awk
Unfortunately, awk cannot use other characters in place of the slash delimiter. Unfortunately, awk cannot use other characters in place of the slash delimiter.
A more complex sed substitution is performed for these cases: A more complex sed substitution is performed for these cases:
...@@ -253,7 +253,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi ...@@ -253,7 +253,7 @@ Assumption 4: scripts, binaries, libraries, configuration files and databases wi
SUB3="s#\\\\/opt\\\\/zimbra#$ZIMBRA_HOME_WITH_BACKSLASHES#g" SUB3="s#\\\\/opt\\\\/zimbra#$ZIMBRA_HOME_WITH_BACKSLASHES#g"
- sed replacement for Java code *) sed replacement for Java code
There is also a case of '/opt/zimbra' that is built by string composition in Java. There is also a case of '/opt/zimbra' that is built by string composition in Java.
...@@ -280,7 +280,7 @@ Assumption 5: processes can be run by a specific user (zimbra, postfix, postdrop ...@@ -280,7 +280,7 @@ Assumption 5: processes can be run by a specific user (zimbra, postfix, postdrop
The changes can be grouped by purpose: The changes can be grouped by purpose:
- Removing user checks *) Removing user checks
The first thing to remove are the parts of code that abort a script when run by a different user. The first thing to remove are the parts of code that abort a script when run by a different user.
This change should generally be applied as soon as possible, so that further permission problems can be detected. This change should generally be applied as soon as possible, so that further permission problems can be detected.
...@@ -297,7 +297,7 @@ Assumption 5: processes can be run by a specific user (zimbra, postfix, postdrop ...@@ -297,7 +297,7 @@ Assumption 5: processes can be run by a specific user (zimbra, postfix, postdrop
($>) and usage(); ($>) and usage();
- Removing usage of su/sudo *) Removing usage of su/sudo
This goes both ways: scripts run by root that need to run scripts as zimbra, and vice-versa. This goes both ways: scripts run by root that need to run scripts as zimbra, and vice-versa.
For the latter, Zimbra requires /etc/sudoers to be properly set up: For the latter, Zimbra requires /etc/sudoers to be properly set up:
...@@ -332,7 +332,7 @@ Assumption 5: processes can be run by a specific user (zimbra, postfix, postdrop ...@@ -332,7 +332,7 @@ Assumption 5: processes can be run by a specific user (zimbra, postfix, postdrop
( ${zimbra_home}/bin/zmprov -m -l -- ${zmprov_opts} ${key} | sed -e "s/^${key}::* //" > ${tmpfile} 2> /dev/null ) && mv -f ${tmpfile} ${file} ( ${zimbra_home}/bin/zmprov -m -l -- ${zmprov_opts} ${key} | sed -e "s/^${key}::* //" > ${tmpfile} 2> /dev/null ) && mv -f ${tmpfile} ${file}
- Configuration changes *) Configuration changes
Users "zimbra", "postfix" and "postdrop" are referenced in the configuration files Users "zimbra", "postfix" and "postdrop" are referenced in the configuration files
used by postfix, opendkim, amavis, clamd, dspam. used by postfix, opendkim, amavis, clamd, dspam.
Some of these files are provided as templates and need to be patched by sed replacement Some of these files are provided as templates and need to be patched by sed replacement
...@@ -340,7 +340,7 @@ Assumption 5: processes can be run by a specific user (zimbra, postfix, postdrop ...@@ -340,7 +340,7 @@ Assumption 5: processes can be run by a specific user (zimbra, postfix, postdrop
The actual configuration files are written by zmconfigd. The actual configuration files are written by zmconfigd.
- Ad-hoc patches to C code *) Ad-hoc patches to C code
Three patches to postfix are provided, to avoid using initgroups(3), seteuid(2), Three patches to postfix are provided, to avoid using initgroups(3), seteuid(2),
setgid(2), setsid(2) and explicit user checks. setgid(2), setsid(2) and explicit user checks.
...@@ -350,11 +350,11 @@ Assumption 5: processes can be run by a specific user (zimbra, postfix, postdrop ...@@ -350,11 +350,11 @@ Assumption 5: processes can be run by a specific user (zimbra, postfix, postdrop
but we don't, so we allow it because authbind relies on it to preload libauthbind.so but we don't, so we allow it because authbind relies on it to preload libauthbind.so
- Removed calls to chown/chmod and zmfixperms *) Removed calls to chown/chmod and zmfixperms
This also required directly changing permissions of files in the repository to allow +x. This also required directly changing permissions of files in the repository to allow +x.
- Granting access to IP ports lower than 1024 *) Granting access to IP ports lower than 1024
This is a common requirement, and port forwarding through iptables is not always possible. This is a common requirement, and port forwarding through iptables is not always possible.
The only solution that we found that works with IPv4/IPv6, with all versions of Java and allows The only solution that we found that works with IPv4/IPv6, with all versions of Java and allows
LD_PRELOAD/LD_LIBRARY_PATH usage is the authbind package. LD_PRELOAD/LD_LIBRARY_PATH usage is the authbind package.
...@@ -451,7 +451,7 @@ The following are characteristics of a software project that are easy to verify, ...@@ -451,7 +451,7 @@ The following are characteristics of a software project that are easy to verify,
and can raise early warnings. and can raise early warnings.
- The use of Perforce or other cumbersome VCS *) The use of Perforce or other cumbersome VCS
While I don't deny the quality of the tool when used every day, it is not While I don't deny the quality of the tool when used every day, it is not
intuitive to most developers, not transparent (and very slow) to anonymous intuitive to most developers, not transparent (and very slow) to anonymous
...@@ -462,7 +462,7 @@ and can raise early warnings. ...@@ -462,7 +462,7 @@ and can raise early warnings.
lack of familiarity and for the limitations of the anonymous access. lack of familiarity and for the limitations of the anonymous access.
- Support for a limited number of platforms *) Support for a limited number of platforms
Linux distributions supported by ZCS 8.0.4: Linux distributions supported by ZCS 8.0.4:
...@@ -492,7 +492,7 @@ and can raise early warnings. ...@@ -492,7 +492,7 @@ and can raise early warnings.
are, and how they can be removed. are, and how they can be removed.
- Third party libraries and applications cannot be provided separately *) Third party libraries and applications cannot be provided separately
Not only does Zimbra provide its own mysql/openldap/perl/etc applications as part Not only does Zimbra provide its own mysql/openldap/perl/etc applications as part
of the zimbra-core*.deb, zimbra-ldap*.deb and such packages, but they of the zimbra-core*.deb, zimbra-ldap*.deb and such packages, but they
...@@ -502,7 +502,7 @@ and can raise early warnings. ...@@ -502,7 +502,7 @@ and can raise early warnings.
easier to reuse the mysql/mariadb component from SlapOS. easier to reuse the mysql/mariadb component from SlapOS.
- Several toolchains are employed *) Several toolchains are employed
Make, cmake, GNU autoconf/autotools/libtool, ant, cpan.. all of them in the Make, cmake, GNU autoconf/autotools/libtool, ant, cpan.. all of them in the
same project may require a lot of searches for specific flags to provide in same project may require a lot of searches for specific flags to provide in
...@@ -513,7 +513,7 @@ and can raise early warnings. ...@@ -513,7 +513,7 @@ and can raise early warnings.
Case in point: ftp://ftp.ucsb.edu/pub/mirrors/procmail/procmail-3.22.tar.gz Case in point: ftp://ftp.ucsb.edu/pub/mirrors/procmail/procmail-3.22.tar.gz
- The deployment step is complex, long or requires a lot of interaction. *) The deployment step is complex, long or requires a lot of interaction.
Let's say you are building the FooBar application. Let's say you are building the FooBar application.
Hopefully, the build system can also deploy, and put a working application Hopefully, the build system can also deploy, and put a working application
...@@ -533,7 +533,7 @@ and can raise early warnings. ...@@ -533,7 +533,7 @@ and can raise early warnings.
This configuration menu is the biggest red flag we have met so far. This configuration menu is the biggest red flag we have met so far.
- The application can auto-update itself, install plugins and extensions *) The application can auto-update itself, install plugins and extensions
Can the application update itself from the Internet? If so, any change we make to Can the application update itself from the Internet? If so, any change we make to
the sources could be replaced by the new version. The new version may expect the sources could be replaced by the new version. The new version may expect
...@@ -547,7 +547,7 @@ and can raise early warnings. ...@@ -547,7 +547,7 @@ and can raise early warnings.
don't work, a customer could quickly lose interest. don't work, a customer could quickly lose interest.
- Installing the application changes /etc/sudoers *) Installing the application changes /etc/sudoers
This might actually be useful to detect early which binaries and scripts will need to This might actually be useful to detect early which binaries and scripts will need to
be run as root, or as specific users. Try to find the reason behind this requirement be run as root, or as specific users. Try to find the reason behind this requirement
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment