[pve-devel] [PATCH dab/dab-pve-appliances] add pmg 9.0 template

[pve-devel] [PATCH dab/dab-pve-appliances] add pmg 9.0 template

[Stoiko Ivanov]

While preparing a template for the upcoming trixie based pmg 9.0,
one small issue was that we install with the pmg-no-subscription
repository but remove the sources.list entry before packaging the
container-template via sed.

With deb822 sources the sed-command would become unwieldy, so instead
add 'Install-Sources' to the dab.conf configuration parser, for
sources entries, which are present for template creation, but not added
to the resulting template.

The patches for dab-pve-appliances are split in 3 for easier review, to
see which changes were actually needed - they could/should be squashed
together when applying.

one remaining issue - is that `dhcp` as network-configuration does not
work. while this is currently a general issue, for the pmg template,
our use of ifupdown2 is specific - as ifupdown2 only uses the deprecated
and unavailable isc-dhcp-client for obtaining leases.

dab:
Stoiko Ivanov (1):
  add support for repositories, used only for template generation

 PVE/DAB.pm | 31 ++++++++++++++++++++++++++++---
 dab        |  6 ++++++
 2 files changed, 34 insertions(+), 3 deletions(-)

dab-pve-appliances:
Stoiko Ivanov (3):
  add template for trixie based pmg 9.0
  pmg: trixie: purge ifupdown before installing ifupdown2
  pmg: trixie: use pmg-repository only during installation

 debian-13-trixie-pmg-9-64/Makefile        | 49 +++++++++++++++++++++++
 debian-13-trixie-pmg-9-64/dab.conf        | 15 +++++++
 debian-13-trixie-pmg-9-64/systemd-presets |  5 +++
 3 files changed, 69 insertions(+)
 create mode 100644 debian-13-trixie-pmg-9-64/Makefile
 create mode 100644 debian-13-trixie-pmg-9-64/dab.conf
 create mode 100644 debian-13-trixie-pmg-9-64/systemd-presets

-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH dab 1/1] add support for repositories, used only for template generation

[Stoiko Ivanov]

One use-case are the proxmox-mail-gateway container templates, which
ship the correct enterprise-repsitory entry.

Currently the used entry is removed via `sed` during container
creation. With deb822 sources the `sed` command would become a bit
unwieldy, so just add the option to define sources which are only
used for the container preparation

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 PVE/DAB.pm | 31 ++++++++++++++++++++++++++++---
 dab        |  6 ++++++
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/PVE/DAB.pm b/PVE/DAB.pm
index f74d363..59397f2 100644
--- a/PVE/DAB.pm
+++ b/PVE/DAB.pm
@@ -222,7 +222,7 @@ sub read_config {
 	    chomp $res->{description};	    
 	} elsif ($rec =~ s/^([^:]+):\s*(.*\S)\s*\n//) {
 	    my ($key, $value) = (lc ($1), $2);
-	    if ($key eq 'source' || $key eq 'mirror') {
+	    if ($key eq 'source' || $key eq 'mirror' || $key eq 'install-source') {
 		push @{$res->{$key}}, $value;
 	    } else {
 		die "duplicate key '$key'\n" if defined ($res->{$key});
@@ -507,9 +507,33 @@ sub new {
 		source => $url,
 		comp => $ca,
 		suite => $su,
+		keep => 1,
 	    };
 	} else {
-	    die "syntax error in source spezification '$s'\n";
+	    die "syntax error in source specification '$s'\n";
+	}
+    }
+
+    foreach my $is (@{$config->{'install-source'}}) {
+	if ($is =~ m@^\s*((https?|ftp)://\S+)\s+(\S+)((\s+(\S+))+)$@) {
+	    my ($url, $su, $components) = ($1, $3, $4);
+	    $su =~ s/SUITE/$suite/;
+	    $components =~ s/^\s+//;
+	    $components =~ s/\s+$//;
+	    my $ca;
+	    foreach my $co (split (/\s+/, $components)) {
+		push @$ca, $co;
+	    }
+	    $ca = ['main'] if !$ca;
+
+	    push @$sources, {
+		source => $url,
+		comp => $ca,
+		suite => $su,
+		keep => 0,
+	    };
+	} else {
+	    die "syntax error in install-source specification '$is'\n";
 	}
     }
 
@@ -1380,7 +1404,8 @@ sub bootstrap {
 	mkdir "$rootdir/etc/apt/sources.list.d";
 	my $origin = lc($suiteinfo->{origin});
 	my $keyring = $suiteinfo->{keyring} or die "missing keyring for origin '$origin'";
-	my $uris = { map { $_->{source} => 1 } $self->{sources}->@* };
+	my @keep_sources = grep { $_->{keep} } $self->{sources}->@*;
+	my $uris = { map { $_->{source} => 1 } @keep_sources };
 
 	for my $uri (keys $uris->%*) {
 	    my $sources = [ grep { $_->{source} eq $uri } $self->{sources}->@* ];
diff --git a/dab b/dab
index d79afe6..c01c513 100755
--- a/dab
+++ b/dab
@@ -451,6 +451,12 @@ Note: SUITE is a variable and will be substituted.
 There are also reasonable defaults for Ubuntu. If you do not specify any source
 the defaults are used.
 
+=item B<Install-Source:> I<URL [components]>
+
+Defines a source location used only during appliance creation. It is
+not added to the sources.list entries in the resulting templates. Else behaves
+like a B<Source:> entry.
+
 =item B<Depends:> I<dependencies>
 
 Debian like package dependencies. This can be used to make sure that speific
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH dab-pve-appliances 1/3] add template for trixie based pmg 9.0

[Stoiko Ivanov]

copied from debian-12-bookworm-pmg-8-64, with the version number and
codename adapted.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 debian-13-trixie-pmg-9-64/Makefile        | 49 +++++++++++++++++++++++
 debian-13-trixie-pmg-9-64/dab.conf        | 15 +++++++
 debian-13-trixie-pmg-9-64/systemd-presets |  5 +++
 3 files changed, 69 insertions(+)
 create mode 100644 debian-13-trixie-pmg-9-64/Makefile
 create mode 100644 debian-13-trixie-pmg-9-64/dab.conf
 create mode 100644 debian-13-trixie-pmg-9-64/systemd-presets

diff --git a/debian-13-trixie-pmg-9-64/Makefile b/debian-13-trixie-pmg-9-64/Makefile
new file mode 100644
index 0000000..9330588
--- /dev/null
+++ b/debian-13-trixie-pmg-9-64/Makefile
@@ -0,0 +1,49 @@
+BASEDIR:=$(shell dab basedir)
+
+CVD_FILES:=main.cvd bytecode.cvd daily.cvd safebrowsing.cvd
+
+all: info/init_ok ${CVD_FILES}
+	dab bootstrap --minimal
+	sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin yes/' ${BASEDIR}/etc/ssh/sshd_config
+	mkdir -p ${BASEDIR}/etc/systemd/system-preset
+	cp systemd-presets ${BASEDIR}/etc/systemd/system-preset/00-pve-template.preset
+	touch ${BASEDIR}/proxmox_install_mode
+	dab install \
+	    antiword \
+	    dbus \
+	    docx2txt \
+	    gpg \
+	    ifupdown2 \
+	    libcgi-pm-perl \
+	    libdbi-perl \
+	    libsasl2-modules \
+	    odt2txt \
+	    perl-openssl-defaults \
+	    poppler-utils \
+	    proxmox-mailgateway-container \
+	    tesseract-ocr \
+	    unrtf \
+	    ;
+	rm ${BASEDIR}/proxmox_install_mode
+	sed -i '/^deb.*\.proxmox\.com\/.*$$/d;$${/^$$/d;}' ${BASEDIR}/etc/apt/sources.list
+	cp ${CVD_FILES} ${BASEDIR}/var/lib/clamav/
+	dab finalize --compressor zstd-max
+
+info/init_ok: dab.conf
+	dab init
+	touch $@
+
+.PHONY: clean
+clean:
+	dab clean
+	rm -f *~
+
+.PHONY: dist-clean
+dist-clean: clean
+	dab dist-clean
+	rm -f ${CVD_FILES}
+
+${CVD_FILES}:
+	curl -L --silent --show-error --fail --time-cond $@ --user-agent "CVDUPDATE/0.3.0 (9d591f58-b430-4d0c-99b2-febb1cee0872)" -o $@.tmp https://database.clamav.net/$@
+	[ -f $@.tmp ] && mv $@.tmp $@ || true
+	if command -v sigtool > /dev/null ; then sigtool -i $@; else echo "skipping verification of $@"; fi
diff --git a/debian-13-trixie-pmg-9-64/dab.conf b/debian-13-trixie-pmg-9-64/dab.conf
new file mode 100644
index 0000000..a17a1f7
--- /dev/null
+++ b/debian-13-trixie-pmg-9-64/dab.conf
@@ -0,0 +1,15 @@
+Suite: trixie
+CacheDir: ../cache
+Source: http://ftp.debian.org/debian SUITE main contrib
+Source: http://ftp.debian.org/debian SUITE-updates main contrib
+Source: http://security.debian.org/debian-security SUITE-security main contrib
+Source: http://download.proxmox.com/debian/pmg/ SUITE pmg-no-subscription
+Architecture: amd64
+Name: proxmox-mail-gateway-9.0-standard
+Version: 9.0-beta1
+Section: mail
+Maintainer: Proxmox Support Team <support@proxmox.com>
+Infopage: https://www.proxmox.com/en/proxmox-mail-gateway/overview
+Description: Proxmox Mail Gateway 9.0
+ A full featured mail proxy for spam and virus filtering, optimized for
+ container environment.
diff --git a/debian-13-trixie-pmg-9-64/systemd-presets b/debian-13-trixie-pmg-9-64/systemd-presets
new file mode 100644
index 0000000..2711b48
--- /dev/null
+++ b/debian-13-trixie-pmg-9-64/systemd-presets
@@ -0,0 +1,5 @@
+disable clamav-clamonacc.service
+disable pg_basebackup@.timer
+disable pg_basebackup@.timer
+disable pg_dump@.timer
+disable pg_receivewal@.service
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH dab-pve-appliances 2/3] pmg: trixie: purge ifupdown before installing ifupdown2

[Stoiko Ivanov]

without this there is not working networking in the resulting
container:
* ifupdown is in state 'ic'
* `ifup` and `ifdown` do not exist on the system.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 debian-13-trixie-pmg-9-64/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian-13-trixie-pmg-9-64/Makefile b/debian-13-trixie-pmg-9-64/Makefile
index 9330588..35dc127 100644
--- a/debian-13-trixie-pmg-9-64/Makefile
+++ b/debian-13-trixie-pmg-9-64/Makefile
@@ -8,6 +8,7 @@ all: info/init_ok ${CVD_FILES}
 	mkdir -p ${BASEDIR}/etc/systemd/system-preset
 	cp systemd-presets ${BASEDIR}/etc/systemd/system-preset/00-pve-template.preset
 	touch ${BASEDIR}/proxmox_install_mode
+	dab exec apt purge -y ifupdown
 	dab install \
 	    antiword \
 	    dbus \
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH dab-pve-appliances 3/3] pmg: trixie: use pmg-repository only during installation

[Stoiko Ivanov]

This patch depends on the changes for dab, which enable providing a
debian repository only for installation, without it being added to the
resulting container.

this seemed a bit more elegant, than the sed-script for removing
one deb822 entry in a file with multiple entries.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 debian-13-trixie-pmg-9-64/Makefile | 1 -
 debian-13-trixie-pmg-9-64/dab.conf | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/debian-13-trixie-pmg-9-64/Makefile b/debian-13-trixie-pmg-9-64/Makefile
index 35dc127..ab0bc6a 100644
--- a/debian-13-trixie-pmg-9-64/Makefile
+++ b/debian-13-trixie-pmg-9-64/Makefile
@@ -26,7 +26,6 @@ all: info/init_ok ${CVD_FILES}
 	    unrtf \
 	    ;
 	rm ${BASEDIR}/proxmox_install_mode
-	sed -i '/^deb.*\.proxmox\.com\/.*$$/d;$${/^$$/d;}' ${BASEDIR}/etc/apt/sources.list
 	cp ${CVD_FILES} ${BASEDIR}/var/lib/clamav/
 	dab finalize --compressor zstd-max
 
diff --git a/debian-13-trixie-pmg-9-64/dab.conf b/debian-13-trixie-pmg-9-64/dab.conf
index a17a1f7..019933e 100644
--- a/debian-13-trixie-pmg-9-64/dab.conf
+++ b/debian-13-trixie-pmg-9-64/dab.conf
@@ -3,7 +3,7 @@ CacheDir: ../cache
 Source: http://ftp.debian.org/debian SUITE main contrib
 Source: http://ftp.debian.org/debian SUITE-updates main contrib
 Source: http://security.debian.org/debian-security SUITE-security main contrib
-Source: http://download.proxmox.com/debian/pmg/ SUITE pmg-no-subscription
+Install-Source: http://download.proxmox.com/debian/pmg/ SUITE pmg-no-subscription
 Architecture: amd64
 Name: proxmox-mail-gateway-9.0-standard
 Version: 9.0-beta1
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] applied: [PATCH dab 1/1] add support for repositories, used only for template generation

[Thomas Lamprecht]

On Tue, 30 Sep 2025 16:51:27 +0200, Stoiko Ivanov wrote:
> One use-case are the proxmox-mail-gateway container templates, which
> ship the correct enterprise-repsitory entry.
> 
> Currently the used entry is removed via `sed` during container
> creation. With deb822 sources the `sed` command would become a bit
> unwieldy, so just add the option to define sources which are only
> used for the container preparation
> 
> [...]

Applied, thanks!

[1/1] add support for repositories, used only for template generation
      commit: 4af804657404dce64f526d242583ea812c3daa3d


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] applied: [PATCH dab-pve-appliances 1/3] add template for trixie based pmg 9.0

[Thomas Lamprecht]

On Tue, 30 Sep 2025 16:51:28 +0200, Stoiko Ivanov wrote:
> copied from debian-12-bookworm-pmg-8-64, with the version number and
> codename adapted.
> 
> 

Applied, thanks!

[1/3] add template for trixie based pmg 9.0
      commit: cf1b19b03a81819b0a9f1576ff6b51b9a674fe90


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] applied: [PATCH dab-pve-appliances 2/3] pmg: trixie: purge ifupdown before installing ifupdown2

[Thomas Lamprecht]

On Tue, 30 Sep 2025 16:51:29 +0200, Stoiko Ivanov wrote:
> without this there is not working networking in the resulting
> container:
> * ifupdown is in state 'ic'
> * `ifup` and `ifdown` do not exist on the system.
> 
> 

Applied, thanks!

[2/3] pmg: trixie: purge ifupdown before installing ifupdown2
      commit: 21019c5bc636cdd140ea16f2c2ee0bf1d0383b55


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] applied: [PATCH dab-pve-appliances 3/3] pmg: trixie: use pmg-repository only during installation

[Thomas Lamprecht]

On Tue, 30 Sep 2025 16:51:30 +0200, Stoiko Ivanov wrote:
> This patch depends on the changes for dab, which enable providing a
> debian repository only for installation, without it being added to the
> resulting container.
> 
> this seemed a bit more elegant, than the sed-script for removing
> one deb822 entry in a file with multiple entries.
> 
> [...]

Applied, thanks!

[3/3] pmg: trixie: use pmg-repository only during installation
      commit: 0da8df9c809290f23b96eff7f7cb8ad4fab43a82


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel