Gnupg1 really necessary as a dependency?

Technical aspects, customization, code samples.
Post Reply
Harvey
Posts: 13
Joined: Tue Oct 30, 2018 12:03 pm

Gnupg1 really necessary as a dependency?

Post by Harvey »

Hi all, I recently did a direct deployment on an archlinux server. While it all went smooth (with some small adaptions for archlinux) one question arose:
The website for the Direct Deployment process mentions gnupg1 as a dependency, I guess because of python-gnupg which at least on archlinux comes with a dependency on gnupg version 2. I omitted the installation of gnupg1 and the installation seems to work. Is there some way to test if all is really well?

Greetings
Harvey
User avatar
rosarior
Developer
Developer
Posts: 630
Joined: Tue Aug 21, 2018 3:28 am
Location: Puerto Rico
Contact:

Re: Gnupg1 really necessary as a dependency?

Post by rosarior »

Hi,

GnuPG is only used for signing documents, verifying signed, and decrypting GPG encrypted documents. If you don't need any those features, you can get by without install GnuPG. Also, we test and pin each dependencies version to one that works, if the documentation mentions gnupg1 then the pinned python-gnupg version is known to work with gnupg1. These are property installed if you used the

Code: Select all

pip install
command. You can verify you are using the supported dependency versions with the command

Code: Select all

./manage.py checkdependencies
.

Because the GnuPG decryption and verification happens during upload, just uploading a new document will be enough to test that the missing GnuPG is not having any effect.

What adaptations where required for ArchLinux?
Harvey
Posts: 13
Joined: Tue Oct 30, 2018 12:03 pm

Re: Gnupg1 really necessary as a dependency?

Post by Harvey »

Hi,

first of all, thank you for all your hard work. As a preface lets clear out that I am referring to the following document:
https://docs.mayan-edms.com/chapters/deploying.html
rosarior wrote: Mon Nov 09, 2020 7:42 pm GnuPG is only used for signing documents, verifying signed, and decrypting GPG encrypted documents. If you don't need any those features, you can get by without install GnuPG.
Ok, so I can try if it really works when uploading a gpg encrypted document.
rosarior wrote: Mon Nov 09, 2020 7:42 pmAlso, we test and pin each dependencies version to one that works, if the documentation mentions gnupg1 then the pinned python-gnupg version is known to work with gnupg1.
I don't get it. I am referring to the installation of packages for the host system, not the virtualenv directory. The referred deployment document above wants me to install packages on the host, one of them gnupg1. Gnupg1 is no longer in the official archlinux repos and the python-gnupg in archlinux is depending on gnupg (version2) instead. So I thought this would be sufficient for gnupg to work in Mayan EDMS.
rosarior wrote: Mon Nov 09, 2020 7:42 pmThese are property installed if you used the

Code: Select all

pip install
command.
Again, I am referring to the installation of packages in the host system. I used the

Code: Select all

pip install
commands in the virtualenv directory as stated in the direct deployment document.
rosarior wrote: Mon Nov 09, 2020 7:42 pmYou can verify you are using the supported dependency versions with the command

Code: Select all

./manage.py checkdependencies
I can't find any manage.py command, neither under /opt/mayan-edms nor in the media directory. :?:
rosarior wrote: Mon Nov 09, 2020 7:42 pm What adaptations where required for ArchLinux?
Basically I had to pick the right packages from the repos and do some adaptions on where to find conf and ini files. I came up with a script which is working for me. FWIW I'll post it here just in case someone is interested. As always, if your box goes up in flames, I am not to blame. Your fault ;)

Code: Select all

#!/bin/bash
#
# Script to install mayanedms in Archlinux
# (as of 2020-11-06)

# install packages from archlinux repos
pacman -Sy perl-image-exiftool gcc coreutils ghostscript gnupg graphviz file fuse2 libjpeg-turbo libpqxx libpng libreoffice-still gnupg sudo \
libtiff poppler postgresql python python-virtualenv python-distlib redis sane-frontends supervisor tesseract tesseract-data-deu zlib --needed --noconfirm

# ExifTool needs a symlink to work
ln -s /usr/bin/vendor_perl/exiftool /usr/bin/exiftool

# gnupg1 is an AUR package hence not officially supported 
# (probably not needed anymore)
#pacman -U gnupg1-1.4.23-1-x86_64.pkg.tar.xz --needed --noconfirm

# Add the mayan user
useradd --shell /usr/sbin/nologin mayan

# now setup the virtualenv, python-distlib was installed to avoid a bug (missing dependency) in python-virtualenv
# https://bugs.archlinux.org/task/66095
virtualenv /opt/mayan-edms -p /usr/bin/python3

# the directory and its content should be owned by the mayan user
chown mayan:mayan /opt/mayan-edms -R

# Upgrade to the latest pip version
sudo -u mayan /opt/mayan-edms/bin/pip install -U pip

# now the real installation (as the mayan user)
sudo -u mayan /opt/mayan-edms/bin/pip install mayan-edms
sudo -u mayan /opt/mayan-edms/bin/pip install psycopg2==2.8.6 redis==3.5.3

# install Postgres enable the service and initialize the DB cluster, hence start the service
sudo -u postgres initdb -D /var/lib/postgres/data
systemctl start postgresql.service
systemctl enable postgresql.service

# Create the database user mayan
sudo -u postgres psql -c "CREATE USER mayan WITH password 'mayanuserpass';"
sudo -u postgres createdb -O mayan mayan

# create mayan media dir (different from default installation)
mkdir /home/mayan-edms
chown mayan:mayan /home/mayan-edms -R

# Create the database files for mayan
sudo -u mayan MAYAN_DATABASES="{'default':{'ENGINE':'django.db.backends.postgresql','NAME':'mayan','PASSWORD':'mayanuserpass','USER':'mayan','HOST':'127.0.0.1'}}" MAYAN_MEDIA_ROOT=/home/mayan-edms/media /opt/mayan-edms/bin/mayan-edms.py initialsetup

# Create Supervisor's mayan conf-files, in Archlinux to be found under /etc/supervisor.d and have to have *.ini as suffix
sudo -u mayan MAYAN_DATABASES="{'default':{'ENGINE':'django.db.backends.postgresql','NAME':'mayan','PASSWORD':'mayanuserpass','USER':'mayan','HOST':'127.0.0.1'}}" MAYAN_MEDIA_ROOT=/home/mayan-edms/media /opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord | sudo sh -c "cat > /etc/supervisor.d/mayan.ini"

# Configure Redis to discard data when it runs out of memory, not save its database, keep 2 databases, and be password protected
# (in Archlinux redis conf-files are to be found under /etc/)
echo "maxmemory-policy allkeys-lru" | sudo tee -a /etc/redis.conf
echo "save \"\"" | sudo tee -a /etc/redis.conf
echo "databases 2" | sudo tee -a /etc/redis.conf
echo "requirepass mayanredispassword" | sudo tee -a /etc/redis.conf
systemctl restart redis
systemctl enable redis

# enable/start supervisor service
systemctl enable supervisord.service
systemctl restart supervisord.service
Greetings
Harvey
Post Reply