cqrenet/relay
3
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-16 21:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
368c41ba27b470d30cddf59dce6e6c0affc39fba
relay/dovecot-build/README.md
Christian Hagenest 2811e08563 WIP
2024-05-23 14:33:45 +02:00

101 lines
4.7 KiB
Markdown
Raw Blame History

## Introduction to custom Dovecot builds
Chatmail servers use a custom Debian build of the IMAP 'dovecot' server software because
a) Dovecot developers did not yet merge a [pull request](https://github.com/dovecot/core/pull/216)
which majorly speeds up message delivery by removing a hardcoded 0.5 second delay
on relaying incoming messages.
b) Even if merged, it would take years for it to reach Debian stable,
the distribution that chatmail deployment uses.
c) The modified dovecot has been successfully used since December 2023 without issues
and we see no noticeable downside (theoretically higher CPU usage but not measureable)
but a considerable upside as the delay-removal facilitates end-to-end message
delivery of 200 ms in real networks.
The modified forked dovecot code lives at
[https://github.com/chatmail/dovecot](https://github.com/chatmail/dovecot).
The remainder of this document describes the setup of the Debian repository
containing the patched dovecot version.
## Building Debian packages at build.opensuse.org
Deltachat developers maintain a [shared account](https://build.opensuse.org/project/show/home:deltachat)
in the [Open Build Service (OBS)](https://openbuildservice.org/),
where the [resulting package](https://build.opensuse.org/package/show/home:deltachat/dovecot)
is now used in deploying chatmail servers.
The Open Build Service (OBS) is a platform for building and distributing software packages
across various operating systems and architectures.
It supports openSUSE, Fedora, Debian, Ubuntu and Arch.
It's [primary instance](https://build.opensuse.org/) is ran by the openSUSE project
and is part of the pipeline of the creation of SUSE Linux Enterprise.
The OBS provides a mercurial-like interface to create source repositories
that are then automatically built.
While in theory a package can be created entirely over the web interface,
the use of the cli-tool `osc` is more convenient
and is described in the [official documentation](https://openbuildservice.org/help/manuals/obs-user-guide/art.obs.bg#sec.obsbg.obsconfig).
### How to build the dovecot debian package for all platforms via our script
In scripts/dovecot/ is a shell script that prepares the required files and pushes them to build.opensuse.org.
Before using the script, you should have osc set up as described in the [official documentation](https://openbuildservice.org/help/manuals/obs-user-guide/art.obs.bg#sec.obsbg.obsconfig). You need to checkout our repository to ~/obs/
The script assumes you are on Debian. It automatically installs any needed build dependencies.
Use `source build-obs.sh` to run it.
### Build the debian package in the OBS manually
Alternatively you can follow these steps to do it manually:
On a Debian machine (for exampe [distrobox](https://distrobox.it/)),
clone the [chatmail dovecot fork](https://github.com/chatmail/dovecot).
In the directory above it, put the source code tar balls from
[upstream debian unstable](https://packages.debian.org/unstable/dovecot-core).
These are the two files ending in .tar.gz.
Now run the command `debuild -us -uc` in the dovecot repo we cloned.
This creates the files needed for the OBS.
Now copy the two .tar.gz. archives from before,
the tar.xz archive and the .dsc file into your local OBS repository.
With `osc add *` (don't add .osc) and `osc commit` the state is pushed to build.opensuse.org.
The OBS will now build the deb files for aarch64, armv7l, i586 and x86_64.
### Adding the resulting OBS repository to Debian
XXX suggested:
XXX - use the in-repo key for addition (if OBS key changes, we also need to update i in our repo anyway)
XXX - also link to the deployment code adding the key (https://github.com/deltachat/chatmail/blob/main/cmdeploy/src/cmdeploy/__init__.py)
XXX (question: what is missing/why is "apt-add-repository" not possible?)
To add the OBS-managed signing key to your local install:
https://build.opensuse.org/projects/home:deltachat/signing_keys/download?kind=gpg | sudo gpg --dearmor -o /etc/apt/keyrings/obs-home-deltachat.gpg`
Add to /etc/apt/sources.list:
`deb [signed-by=/etc/apt/keyrings/obs-home-deltachat.gpg] https://download.opensuse.org/repositories/home:/deltachat/Debian_12/ ./`
Install dovecot 🥳
`sudo apt update
sudo apt install dovecot-core`
### Security concerns
The signing of the patched dovecot package is done in the OBS and
in theory SUSE could make changes to the package delivered.
It is probably reasonable to trust SUSE to not mess with the build
process because it would cause serious negative reputation damage for them
if they tried and someone finds out.
Any security vulnerability in dovecot needs to be tracked
and also mirrored in our fork.
Reference in New Issue View Git Blame Copy Permalink