When installing on Centos 7, the following error is observed:
grep: /var/spool/cron//*: No such file or directory

This happens after the install of haveged and before the selinux setup.

I do not know if this error causes any problems.

We used the install script for CentOS 7 on CentOS 8. Here is install.log.

===================================
Installing passbolt dependencies...
===================================
Last metadata expiration check: 0:05:06 ago on Wed 30 Sep 2020 05:22:28 PM CEST.
Dependencies resolved.
Nothing to do.
Complete!
Last metadata expiration check: 0:05:07 ago on Wed 30 Sep 2020 05:22:28 PM CEST.
Package epel-release-8-8.el8.noarch is already installed.
Dependencies resolved.
================================================================================
 Package           Architecture   Version                  Repository      Size
================================================================================
Installing:
 yum-utils         noarch         4.0.12-4.el8_2           BaseOS          66 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 66 k
Installed size: 20 k
Downloading Packages:
yum-utils-4.0.12-4.el8_2.noarch.rpm             1.7 MB/s |  66 kB     00:00
--------------------------------------------------------------------------------
Total                                           315 kB/s |  66 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Installing       : yum-utils-4.0.12-4.el8_2.noarch                        1/1
  Running scriptlet: yum-utils-4.0.12-4.el8_2.noarch                        1/1
  Verifying        : yum-utils-4.0.12-4.el8_2.noarch                        1/1

Installed:
  yum-utils-4.0.12-4.el8_2.noarch

Complete!
Last metadata expiration check: 0:05:10 ago on Wed 30 Sep 2020 05:22:28 PM CEST.
remi-release-7.rpm                              305 kB/s |  20 kB     00:00
Error:
 Problem: conflicting requests
  - nothing provides epel-release = 7 needed by remi-release-7.8-1.el7.remi.noarch
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

Could someone have a look? Thanks :-)

I install nginx from the http://nginx.org/packages/mainline/debian repository. Their nginx packages do not ship with the /etc/nginx/sites-available directory. Trying to configure nginx with dpkg-reconfigure -phigh passbolt-ce-server fails, because passbolt-ce-server.postinst does nothing when the $NGINX_SITES_AVAILABLE directory is not present (see function configure_nginx_config_file). This is understandable, but confusing, because the installer says nginx is configured and ready to go, even though nothing was done.

System:
ESXi 6.7 VM, Debian 9 x64 with full updates, ntpdate configured, security auto-updates configured

Attempt:
Installing Passbolt using installation script

Expectation:
Passbolt installer on clean Debian 9 install would function as described.

Result:
The script failed at the following code:

Processing triggers for systemd (232-25+deb9u11) ...
=====================
Setting up mariadb...
=====================
ERROR 1064 (42000) at line 7: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '-user@'localhost' identified by xxxxxxxxx at line 1
root@passwords:~#

When running passbolt_ce_debian_installer.sh on current Debian10 I get an error:
./passbolt_ce_debian_installer.sh: Zeile 917: usermod: Kommando nicht gefunden.

Changing command in line 917 to: /sbin/usermod instead of just usermod fixes the issue for me.

When installing on Centos 7, the following error is observed:

===============================================================
Setting up selinux permissions. This may take a little while...
===============================================================
libsemanage.dbase_llist_query: could not query record value
================================================================================

I do not know if this actually has any effect.

This comes from:

https://community.passbolt.com/t/configuration-link-redirects-to-wrong-site-welcome-to-nginx-debian-10-buster/2103/2

Installation method:
Ubuntu 18.04 install script with PHP7.2->PHP7.4 fix on new Ubuntu 20.04 AWS image.

Looks OK in a browser but fails healthcheck with following message...

 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
  [HELP] fopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fopen(): Failed to enable crypto
fopen(https://passbol.example.com/healthcheck/status.json): failed to open stream: operation failed

I fixed this by using the fullchain.pem instead of the cert.pem file by replacing the passbolt_certificate.crt symlink in /etc/ssl/certs/. The following patch should do the same although I haven't tested it.

--- setup_nginx.sh.original     2021-02-11 10:22:17.403335794 +0000
+++ setup_nginx.sh      2021-02-11 10:23:13.648014058 +0000
@@ -36,7 +36,7 @@
   if [[ "$(__config_get 'ssl_auto')" == 'true' ]]; then
     if __setup_letsencrypt 'passbolt_hostname' 'letsencrypt_email'; then
       __nginx_config "$script_directory/conf/nginx/passbolt_ssl.conf" "$NGINX_SITE_DIR/passbolt_ssl.conf" 'passbolt_hostname'
-      ln -s "$LETSENCRYPT_LIVE_DIR/$passbolt_domain/cert.pem" "$SSL_CERT_PATH"
+      ln -s "$LETSENCRYPT_LIVE_DIR/$passbolt_domain/fullchain.pem" "$SSL_CERT_PATH"
       ln -s "$LETSENCRYPT_LIVE_DIR/$passbolt_domain/privkey.pem" "$SSL_KEY_PATH"
       __ssl_substitutions
       enable_service "$nginx_service"

When using the apt install method on Ubuntu 20 I accidentally selected "manual" SSL configuration even though I don't have a certificate. When asked for a domain I can only continue. So I entered a blank URL and after that it will ask me for a certificate location, when I type anything or nothing and press next the installer states that the certificate location is invalid and I should enter it again. At this point neither Esc, Ctrl + C or any other method works to cancel the installer or go back and select "none" instead.

Here is the issue on fresh install on 10/24/2020

======================
Installing composer...

--2020-10-24 17:08:55-- https://getcomposer.org/installer
Resolving getcomposer.org (getcomposer.org)... 142.44.245.229, 2607:5300:201:2100::4:d105
Connecting to getcomposer.org (getcomposer.org)|142.44.245.229|:443... connected .
HTTP request sent, awaiting response... 200 OK
Length: 276190 (270K) [application/octet-stream]
Saving to: ‘composer-setup.php’

 0K .......... .......... .......... .......... .......... 18% 1.91M 0s
50K .......... .......... .......... .......... .......... 37% 2.05M 0s

100K .......... .......... .......... .......... .......... 55% 11.7M 0s
150K .......... .......... .......... .......... .......... 74% 2.55M 0s
200K .......... .......... .......... .......... .......... 92% 11.6M 0s
250K .......... ......... 100% 17.1M=0.08s

2020-10-24 17:08:55 (3.38 MB/s) - ‘composer-setup.php’ saved [276190/276190]

All settings correct for using Composer
Downloading...

Composer (version 2.0.0) successfully installed to: /usr/bin/composer.phar
Use it: php /usr/bin/composer.phar

===================================
Installing composer dependencies...

Installing dependencies from lock file
Verifying lock file contents can be installed on current platform.
Your lock file does not contain a compatible set of packages. Please run composer update.

Problem 1
- thadafinser/package-info is locked to version v1.0.0 and an update of this package was not requested.
- thadafinser/package-info v1.0.0 requires composer-plugin-api ^1.0 -> found composer-plugin-api[2.0.0] but it does not match the constraint.
Problem 2
- thadafinser/package-info v1.0.0 requires composer-plugin-api ^1.0 -> found composer-plugin-api [2.0.0] but it does not match the constraint.
- thadafinser/user-agent-parser v2.0.0 requires thadafinser/package-info ^1.0 -> satisfiable by thadafinser/package-info[v1.0.0].
- thadafinser/user-agent-parser is locked to version v2.0.0 and an update of this package was not requested.

You are using Composer 2, which some of your plugins seem to be incompatible with. Make sure you update your plugins or report a plugin-issue to ask them to support Composer 2.
passbolt@pm:$ thadafinser/package-info is locked to version v1.0.0 and an update of this package was not requested.
-bash: thadafinser/package-info: No such file or directory
passbolt@pm:$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
passbolt@pm:$
passbolt@pm:$ All settings correct for using Composer
Installing composer dependencies...

Installing dependencies from lock file
Verifying lock file contents can be installed on current platform.
Your lock file does not contain a compatible set of packages. Please run composer update.

Problem 1
- thadafinser/package-info is locked to version v1.0.0 and an update of this package was not requested.
- thadafinser/package-info v1.0.0 requires composer-plugin-api ^1.0 -> found composer-plugin-api[2.0.0] but it does not match the constraint.

Problem 2
- thadafinser/package-info v1.0.0 requires composer-plugin-api ^1.0 -> found composer-plugin-api[2.0.0] but it does not match the constraint.
- thadafinser/user-agent-parser v2.0.0 requires thadafinser/package-info ^1.0 -> satisfiable by thadafinser/package-info[v1.0.0].
- thadafinser/user-agent-parser is locked to version v2.0.0 and an update of this package was not requested.

You are using Composer 2, which some of your plugins seem to be incompatible with. Make sure you update your plugins or report a plugin-issue to ask them to support Composer 2.
passbolt@pm:~$ thadafinser/package-info is locked to version v1.0.0 and an update of this package was not requested.

Command 'All' not found, did you mean:

command 'dll' from deb brickos

Try: sudo apt install

passbolt@pm:$ Downloading...
Downloading...: command not found
passbolt@pm:$
passbolt@pm:$ Composer (version 2.0.0) successfully installed to: /usr/bin/composer.phar
-bash: syntax error near unexpected token `version'
passbolt@pm:$ Use it: php /usr/bin/composer.phar

Command 'Use' not found, did you mean:

command 'nse' from deb ns2
command 'ase' from deb ase

Try: sudo apt install

At the end of the CLI based installer, the user is told to go to the passbolt web interface, which is inaccessable.

Centos 7 ships with the firewall enabled as default and needs http/s services allowing through it.

There are arguments both for and against the installer doing this (it could easily be said that it's the system administrator's responsibility), I would argue that the installer should take care of it.

The installation process makes it very clear that it "will configure your operating system to be passbolt ready and will take care of installing and configuring the web server (Nginx), database (MariaDb), PHP, SSL and GPG keyring", which to me implies that it should "just work" afterwards.

This is at best, confusing to users as following the documented instructions isn't actually enough to get going. Ideally the installer should either prompt for firewall setup, or probably just do it - we don't prompt for nginx configuration and installation, and being able to access it after install seems like a logical part of it.

still unable to install on centos8..
when I run this command:

./build_scripts.sh -d centos
Distribution not supported
usage: ./build_scripts.sh [OPTION] [ARGUMENT]

OPTIONS:
-h This help message
-d DISTRIBUTION_NAME Builds for a specific distribution. Supported values centos/debian/redhat/ubuntu

Here my build when doing "cat /etc/os-release"

NAME="CentOS Linux"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"

did i do something wrong?

Hey folks, I did a mistake during the setup of Passbolt, I tied to reinstall it by running the command again but the deployment is in an idle state and I need to reset the installation.

How can do this in a clean fashion? Is it possible to reinstall it and install it over?

Thanks.

Hello,

when installing Passbolt with these install_scripts then following nginx error occured:

could not build the server_names_hash, you should increase server_names_hash_bucket_size

These error could be avoided by setting the server_names_hash_bucket_size in nginx passbolt config to 64 or 128.

These are the only required changes to get passbolt functionning on ubuntu 20.04. I hope someone finds it useful.

diff ./dist/ubuntu/passbolt_ce_ubuntu_installer.sh.old ./dist/ubuntu/passbolt_ce_ubuntu_installer.sh
< readonly FPM_WWW_POOL="/etc/php/7.2/fpm/pool.d/www.conf"
< readonly FPM_SERVICE="php7.2-fpm"
---
> readonly FPM_WWW_POOL="/etc/php/7.4/fpm/pool.d/www.conf"
> readonly FPM_SERVICE="php7.4-fpm"

The passbolt_pro_debian_installer.sh script configures Nginx incorrectly, as it configures it to listen on IPv4 only. Please make Nginx listen on IPv4 and IPv6.

Thank you for the report @tuxis-ie

When extracting the installer archive (tar -xzf passbolt-ce-installer-centos-7.tar.gz) the permissions of the folder that the files are extracted in are replaced with uid:1000, gid:100, chmod:0755.

If one follows the install instructions after logging in as root, then /root has its permissions changed.
Apart from making /root world readable, it also has the consequence of breaking ssh key-based logins and probably causing other unintended side effects.

After some testing, it seems that creating the tar archive using the dot glob causes this problem (eg tar -czf file.tgz ., as not only are the contents of the current directory included but also the permissions of the containing folder.

This can be tested by running tar -tvf passbolt-ce-installer-centos-7.tar.gz and seeing that ./ has a distinct entry with permissions attached.

FIX:
Create the installer archive using the * wildcard (rather than .) as this does not include the containing folder or its permissions (eg tar -czf file.tgz *).

Not sure if this is the right place for Debian package installation issues.

In passbolt-ce-server.postinst lines 186 and 187, we find:

cp "${nginx_values[cert_file]}" "$PASSBOLT_SSL_CERT_PATH"`
cp "${nginx_values[cert_key_file]}" "$PASSBOLT_SSL_KEY_PATH"

cp returns a non-zero exit code when source and destination file is the same. Ergo, when the specified certificate chain and/or private key is already in $PASSBOLT_SSL_CERT_PATH or $PASSBOLT_SSL_KEY_PATH (which is a good place for SSL certificates, so this is very likely), the postinst script fails with no indication of any issues, except for cp output.