]>
Commit | Line | Data |
---|---|---|
03c03402 DM |
1 | Installation |
2 | ============ | |
3 | ||
8eb27e2f TL |
4 | {pmg} is based on Debian. This is why the install disk images (ISO files) |
5 | provided by Proxmox include a complete Debian system as well as all necessary | |
6 | {pmg} packages. | |
03c03402 | 7 | |
8eb27e2f TL |
8 | TIP: See the xref:faq-support-table[support table in the FAQ] for the |
9 | relationship between {pmg} releases and Debian releases. | |
03c03402 | 10 | |
c78dc3bb | 11 | The installer will guide you through the setup, allowing you to partition the local |
8eb27e2f TL |
12 | disk(s), apply basic system configurations (for example, timezone, language, |
13 | network) and install all required packages. This process should not take more | |
14 | than a few minutes. Installing with the provided ISO is the recommended method | |
15 | for new and existing users. | |
16 | ||
17 | Alternatively, {pmg} can be installed on top of an existing Debian system. This | |
18 | option is only recommended for advanced users because detailed knowledge about | |
19 | {pmg} is required. | |
03c03402 | 20 | |
dfcaa012 AL |
21 | include::pmg-installation-media.adoc[] |
22 | ||
39abbce4 | 23 | [[pmg_install_iso]] |
03c03402 DM |
24 | Using the {pmg} Installation CD-ROM |
25 | ----------------------------------- | |
26 | ||
dfcaa012 | 27 | The installer ISO image includes the following: |
03c03402 DM |
28 | |
29 | * Complete operating system (Debian Linux, 64-bit) | |
30 | ||
b2d388d4 | 31 | * The {pmg} installer, which partitions the hard drive(s) with ext4, |
8eb27e2f | 32 | XFS or ZFS and installs the operating system |
03c03402 DM |
33 | |
34 | * Linux kernel | |
35 | ||
36 | * Postfix MTA, ClamAV, Spamassassin and the {pmg} toolset | |
37 | ||
582a64ad | 38 | * Web-based management interface for using the toolset |
03c03402 | 39 | |
aaec2aab CH |
40 | NOTE: All existing data on the for installation selected drives will be removed |
41 | during the installation process. The installer does not add boot menu entries | |
42 | for other operating systems. | |
b2d388d4 | 43 | |
dfcaa012 AL |
44 | Please insert the xref:installation_prepare_media[prepared installation media] |
45 | (for example, USB flash drive or CD-ROM) and boot from it. | |
46 | ||
47 | TIP: Make sure that booting from the installation medium (for example, USB) is | |
aaec2aab CH |
48 | enabled in your server's firmware settings. Secure boot needs to be disabled |
49 | when booting an installer prior to {pmg} version 8.1. | |
dfcaa012 | 50 | |
bf99325b DW |
51 | After choosing the correct entry (for example, Boot from USB) the {pmg} menu |
52 | will be displayed, and one of the following options can be selected: | |
03c03402 DM |
53 | |
54 | image::images/installer/pmg-grub-menu.png[] | |
55 | ||
aaec2aab | 56 | Install {pmg} (Graphical):: |
03c03402 DM |
57 | |
58 | Start normal installation. | |
59 | ||
aaec2aab CH |
60 | TIP: It's possible to use the installation wizard with a keyboard only. Buttons |
61 | can be clicked by pressing the `ALT` key combined with the underlined character | |
62 | from the respective button. For example, `ALT + N` to press a `Next` button. | |
03c03402 | 63 | |
aaec2aab | 64 | Install {pmg} (Terminal UI):: |
03c03402 | 65 | |
aaec2aab CH |
66 | Starts the terminal-mode installation wizard. It provides the same overall |
67 | installation experience as the graphical installer, but has generally better | |
68 | compatibility with very old and very new hardware. | |
03c03402 | 69 | |
aaec2aab | 70 | Install {pmg} (Terminal UI, Serial Console):: |
03c03402 | 71 | |
aaec2aab CH |
72 | Starts the terminal-mode installation wizard, additionally setting up the Linux |
73 | kernel to use the (first) serial port of the machine for in- and output. This | |
74 | can be used if the machine is completely headless and only has a serial console | |
75 | available. | |
03c03402 | 76 | |
aaec2aab CH |
77 | Both modes use the same code base for the actual installation process to |
78 | benefit from more than a decade of bug fixes and ensure feature parity. | |
03c03402 | 79 | |
aaec2aab CH |
80 | TIP: The 'Terminal UI' option can be used in case the graphical installer does |
81 | not work correctly, due to e.g. driver issues. | |
03c03402 | 82 | |
aaec2aab CH |
83 | Advanced Options: Install {pmg} (Graphical, Debug Mode):: |
84 | ||
85 | Starts the installation in debug mode. A console will be opened at several | |
86 | installation steps. This helps to debug the situation if something goes wrong. | |
87 | To exit a debug console, press `CTRL-D`. This option can be used to boot a live | |
88 | system with all basic tools available. You can use it, for example, to repair a | |
89 | degraded ZFS 'rpool' or fix the bootloader for an existing {pmg} setup. | |
90 | ||
91 | Advanced Options: Install {pmg} (Terminal UI, Debug Mode):: | |
92 | ||
93 | Same as the graphical debug mode, but preparing the system to run the | |
94 | terminal-based installer instead. | |
95 | ||
96 | Advanced Options: Install {pmg} (Serial Console Debug Mode):: | |
97 | ||
98 | Same the terminal-based debug mode, but additionally sets up the Linux kernel to | |
99 | use the (first) serial port of the machine for in- and output. | |
100 | ||
101 | Advanced Options: Rescue Boot:: | |
102 | ||
103 | With this option you can boot an existing installation. It searches all attached | |
104 | hard disks. If it finds an existing installation, it boots directly into that | |
105 | disk using the Linux kernel from the ISO. This can be useful if there are | |
106 | problems with the bootloader (GRUB/`systemd-boot`) or the BIOS/UEFI is unable to | |
107 | read the boot block from the disk. | |
108 | ||
109 | Advanced Options: Test Memory (memtest86+):: | |
110 | ||
111 | Runs `memtest86+`. This is useful to check if the memory is functional and free | |
112 | of errors. Secure Boot must be turned off in the UEFI firmware setup utility to | |
113 | run this option. | |
114 | ||
115 | You normally select *Install {pmg} (Graphical)* to start the installation. | |
dc69da07 | 116 | image::images/installer/pmg-select-target-disk.png[] |
03c03402 | 117 | |
bf99325b DW |
118 | The first step is to read our EULA (End User License Agreement). Following |
119 | this, you can select the target hard disk(s) for the installation. | |
03c03402 | 120 | |
582a64ad OB |
121 | CAUTION: By default, the whole server is used and all existing data is removed. |
122 | Make sure there is no important data on the server before proceeding with the | |
123 | installation. | |
03c03402 | 124 | |
03c03402 | 125 | The `Options` button lets you select the target file system, which |
12908dd2 | 126 | defaults to `ext4`. The installer uses LVM if you select |
bf99325b | 127 | `ext4` or `xfs` as a file system, and offers additional options to |
03c03402 DM |
128 | restrict LVM space (see <<advanced_lvm_options,below>>) |
129 | ||
bf99325b DW |
130 | If you have more than one disk, you can also use ZFS as a file system. |
131 | ZFS supports several software RAID levels, which is particularly useful | |
03c03402 | 132 | if you do not have a hardware RAID controller. The `Options` button |
bf99325b | 133 | lets you choose the ZFS RAID level and select which disks will be used. |
03c03402 | 134 | |
aaec2aab CH |
135 | WARNING: ZFS on top of any hardware RAID is not supported and can result in data |
136 | loss. | |
137 | ||
dc69da07 DM |
138 | image::images/installer/pmg-select-location.png[] |
139 | ||
582a64ad | 140 | The next page asks for basic configuration options like your |
bf99325b DW |
141 | location, timezone, and keyboard layout. The location is used to |
142 | select a nearby download server, in order to increase the speed of updates. | |
143 | The installer is usually able to auto-detect these settings, so you only need to | |
144 | change them in rare situations when auto-detection fails, or when you want to | |
582a64ad | 145 | use a keyboard layout not commonly used in your country. |
dc69da07 DM |
146 | |
147 | image::images/installer/pmg-set-password.png[] | |
148 | ||
149 | You then need to specify an email address and the superuser (root) | |
150 | password. The password must have at least 5 characters, but we highly | |
151 | recommend to use stronger passwords - here are some guidelines: | |
152 | ||
153 | - Use a minimum password length of 12 to 14 characters. | |
154 | ||
155 | - Include lowercase and uppercase alphabetic characters, numbers and symbols. | |
156 | ||
60522152 TL |
157 | - Avoid character repetition, keyboard patterns, dictionary words, letter or |
158 | number sequences, usernames, relative or pet names, romantic links (current | |
159 | or past) and biographical information (e.g., ID numbers, ancestors' names or | |
160 | dates). | |
dc69da07 | 161 | |
aecce55c TL |
162 | It is sometimes necessary to send notification to the system administrator, for |
163 | example: | |
dc69da07 DM |
164 | |
165 | - Information about available package updates. | |
166 | ||
bf99325b | 167 | - Error messages from periodic cron jobs. |
dc69da07 | 168 | |
aecce55c | 169 | All those notification mails will be sent to the specified email address. |
dc69da07 DM |
170 | |
171 | image::images/installer/pmg-setup-network.png[] | |
03c03402 | 172 | |
aecce55c TL |
173 | The next step is the network configuration. Please note that you can use either |
174 | IPv4 or IPv6 here, but not both. If you want to configure a dual stack node, | |
bf99325b | 175 | you can easily do that after the installation. |
03c03402 | 176 | |
f6249b79 TL |
177 | image::images/installer/pmg-summary.png[] |
178 | ||
aecce55c TL |
179 | When you press `Next`, you will see an overview of your entered configuration. |
180 | Please re-check every setting, you can still use the `Previous` button to go | |
181 | back and edit any settings. | |
f6249b79 | 182 | |
bf99325b DW |
183 | After clicking `Install`, the installer will begin to format and copy packages |
184 | to the target disk(s). | |
dc69da07 DM |
185 | |
186 | image::images/installer/pmg-installation.png[] | |
187 | ||
bf99325b DW |
188 | Copying the packages usually takes several minutes. When this is |
189 | finished, you can reboot the server. | |
03c03402 | 190 | |
aaec2aab CH |
191 | If the installation failed, check out specific errors on the second TTY |
192 | (`CTRL + ALT + F2') and ensure that the systems meets the | |
193 | xref:install_minimal_requirements[minimum requirements]. If the installation | |
194 | is still not working, look at the xref:getting_help[how to get help chapter]. | |
195 | ||
bf99325b | 196 | Further configuration is done via the {pmg} web interface: |
f03ead41 SI |
197 | |
198 | [thumbnail="pmg-gui-login-window.png"] | |
03c03402 | 199 | |
bf99325b | 200 | . Point your browser to the IP address given during the installation |
f03ead41 | 201 | (https://youripaddress:8006). |
b5b01ac3 | 202 | |
bf99325b | 203 | . Log in and upload your subscription key. |
b2d388d4 | 204 | + |
bf99325b | 205 | NOTE: The default login is "root", and the password is the one chosen during the |
aecce55c | 206 | installation. |
03c03402 | 207 | |
b2d388d4 DM |
208 | . Check the IP configuration and hostname. |
209 | ||
bf99325b | 210 | . Check the timezone. |
b2d388d4 DM |
211 | |
212 | . Check your xref:firewall_settings[Firewall settings]. | |
213 | ||
bf99325b | 214 | . Configure {pmg} to forward the incoming SMTP traffic to your mail |
b2d388d4 | 215 | server ('Configuration/Mail Proxy/Default Relay') - 'Default |
09e283f2 | 216 | Relay' is your email server. |
b2d388d4 | 217 | |
09e283f2 | 218 | . Configure your email server to send all outgoing messages through |
303ee757 | 219 | your {pmg} ('Smart Host', port 26 by default). |
b2d388d4 DM |
220 | |
221 | For detailed deployment scenarios see chapter | |
222 | xref:chapter_deployment[Planning for Deployment]. | |
223 | ||
bf99325b DW |
224 | After the installation, you have to route all your incoming and |
225 | outgoing email traffic to {pmg}. For incoming traffic, you | |
b2d388d4 | 226 | have to configure your firewall and/or DNS settings. For outgoing |
09e283f2 | 227 | traffic you need to change the existing email server configuration. |
b2d388d4 | 228 | |
03c03402 DM |
229 | |
230 | [[advanced_lvm_options]] | |
231 | Advanced LVM Configuration Options | |
232 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
233 | ||
234 | The installer creates a Volume Group (VG) called `pmg`, and additional | |
235 | Logical Volumes (LVs) called `root` and `swap`. The size of | |
236 | those volumes can be controlled with: | |
237 | ||
238 | `hdsize`:: | |
239 | ||
582a64ad OB |
240 | Defines the total disk size to be used. This way you can save free |
241 | space on the disk for further partitioning (i.e. for an additional PV | |
242 | and VG on the same disk that can be used for LVM storage). | |
03c03402 DM |
243 | |
244 | `swapsize`:: | |
245 | ||
246 | Defines the size of the `swap` volume. The default is the size of the | |
bf99325b DW |
247 | installed memory. The minimum is 4 GB and the maximum is 8 GB. The resulting |
248 | value cannot be greater than `hdsize/8`. | |
03c03402 | 249 | |
03c03402 DM |
250 | `minfree`:: |
251 | ||
bf99325b DW |
252 | Defines the amount of free space that should be left in the LVM volume group |
253 | `pmg`. With more than 128GB storage available, the default is 16GB, otherwise | |
254 | `hdsize/8` will be used. | |
03c03402 DM |
255 | + |
256 | NOTE: LVM requires free space in the VG for snapshot creation (not | |
257 | required for lvmthin snapshots). | |
258 | ||
259 | ||
260 | ZFS Performance Tips | |
261 | ~~~~~~~~~~~~~~~~~~~~ | |
262 | ||
c8be3f03 CH |
263 | ZFS works best with a lot of memory. If you intend to use ZFS make sure to have |
264 | enough RAM available for it. A good calculation is 4GB plus 1GB RAM for each TB | |
03c03402 DM |
265 | RAW disk space. |
266 | ||
c8be3f03 CH |
267 | ZFS can use a dedicated drive as write cache, called the ZFS Intent Log (ZIL). |
268 | Use a fast drive (SSD) for it. It can be added after installation with the | |
269 | following command: | |
03c03402 | 270 | |
c8be3f03 CH |
271 | --- |
272 | # zpool add <pool-name> log </dev/path_to_fast_ssd> | |
273 | --- | |
3372775f | 274 | |
84f2aef4 CH |
275 | Adding the `nomodeset` Kernel Parameter |
276 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
277 | ||
278 | Problems may arise on very old or very new hardware due to graphics drivers. If | |
279 | the installation hangs during the boot. In that case, you can try adding the | |
280 | `nomodeset` parameter. This prevents the Linux kernel from loading any | |
281 | graphics drivers and forces it to continue using the BIOS/UEFI-provided | |
282 | framebuffer. | |
283 | ||
284 | On the {pmg} bootloader menu, navigate to 'Install {pmg} (Terminal UI)' and | |
285 | press `e` to edit the entry. Using the arrow keys, navigate to the line starting | |
286 | with `linux`, move the cursor to the end of that line and add the | |
287 | parameter `nomodeset`, separated by a space from the pre-existing last | |
288 | parameter. | |
289 | ||
290 | Then press `Ctrl-X` or `F10` to boot the configuration. | |
291 | ||
39abbce4 | 292 | [[pmg_install_on_debian]] |
03c03402 DM |
293 | Install {pmg} on Debian |
294 | ----------------------- | |
295 | ||
296 | {pmg} ships as a set of Debian packages, so you can install it | |
297 | on top of a normal Debian installation. After configuring the | |
bf99325b | 298 | xref:pmg_package_repositories[package repositories], you need to run: |
03c03402 DM |
299 | |
300 | [source,bash] | |
301 | ---- | |
3e2d2270 TL |
302 | apt update |
303 | apt install proxmox-mailgateway | |
03c03402 DM |
304 | ---- |
305 | ||
bf99325b | 306 | Installing on top of an existing Debian installation seems easy, but |
582a64ad | 307 | it assumes that you have correctly installed the base system, and you |
03c03402 DM |
308 | know how you want to configure and use the local storage. Network |
309 | configuration is also completely up to you. | |
310 | ||
311 | NOTE: In general, this is not trivial, especially when you use LVM or | |
312 | ZFS. | |
e3eaa56a DM |
313 | |
314 | ||
39abbce4 | 315 | [[pmg_install_on_debian_container]] |
bf99325b | 316 | Install {pmg} as a Linux Container Appliance |
3fc72cc0 | 317 | -------------------------------------------- |
c13d3d4f | 318 | |
bf99325b | 319 | {pmg} can also run inside a Debian-based LXC |
c13d3d4f | 320 | instance. In order to keep the set of installed software, and thus the |
582a64ad | 321 | necessary updates minimal, you can use the `proxmox-mailgateway-container` |
bf99325b | 322 | meta-package. This does not depend on any Linux kernel, firmware, or components |
aaec2aab | 323 | used for booting from bare-metal, like GRUB. |
17a13972 | 324 | |
bf99325b | 325 | A ready-to-use appliance template is available through the `mail` section of the |
15dbf331 CE |
326 | https://www.proxmox.com/proxmox-virtual-environment/overview[Proxmox VE] |
327 | appliance manager, so if you already use Proxmox VE, you can set up a {pmg} | |
328 | instance in minutes. | |
17a13972 | 329 | |
bf99325b DW |
330 | NOTE: It's recommended to use a static network configuration. If DHCP must be |
331 | used, ensure that the container always leases the same IP, for example, by | |
332 | reserving one with the container's network MAC address. | |
5991f9eb | 333 | |
bf99325b | 334 | Additionally, you can install this on top of a container-based Debian |
3e2d2270 | 335 | installation. After configuring the |
bf99325b | 336 | xref:pmg_package_repositories[package repositories], you need to run: |
3e2d2270 TL |
337 | |
338 | [source,bash] | |
339 | ---- | |
340 | apt update | |
341 | apt install proxmox-mailgateway-container | |
342 | ---- | |
5991f9eb | 343 | |
e3eaa56a DM |
344 | [[pmg_package_repositories]] |
345 | Package Repositories | |
346 | -------------------- | |
347 | ||
0261cbde FE |
348 | {pmg} uses http://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as its |
349 | package management tool like any other Debian-based system. | |
350 | ||
351 | Repositories in {pmg} | |
352 | ~~~~~~~~~~~~~~~~~~~~~ | |
353 | ||
354 | Repositories are a collection of software packages. They can be used to install | |
355 | new software, but are also important to get new updates. | |
356 | ||
357 | NOTE: You need valid Debian and Proxmox repositories to get the latest | |
358 | security updates, bug fixes and new features. | |
359 | ||
360 | APT Repositories are defined in the file `/etc/apt/sources.list` and in `.list` | |
361 | files placed in `/etc/apt/sources.list.d/`. | |
362 | ||
363 | Repository Management | |
364 | ^^^^^^^^^^^^^^^^^^^^^ | |
365 | ||
366 | [thumbnail="pmg-gui-admin-repositories.png"] | |
367 | ||
368 | Since {pmg} 7.0 you can check the repository state in the web interface. The | |
369 | 'Dashboard' shows a high level status overview, while the separate 'Repository' | |
370 | panel (accessible via 'Administration') shows in-depth status and list of all | |
371 | configured repositories. | |
372 | ||
373 | Basic repository management, for example, activating or deactivating a | |
374 | repository, is also supported. | |
375 | ||
376 | Sources.list | |
377 | ^^^^^^^^^^^^ | |
378 | ||
379 | In a `sources.list` file, each line defines a package repository. The preferred | |
380 | source must come first. Empty lines are ignored. A `#` character anywhere on a | |
381 | line marks the remainder of that line as a comment. The available packages from | |
382 | a repository are acquired by running `apt update`. Updates can be installed | |
383 | directly using `apt`, or via the GUI (Administration -> Updates). | |
e3eaa56a DM |
384 | |
385 | .File `/etc/apt/sources.list` | |
386 | ---- | |
483f7a35 | 387 | # basic Debian repositories: |
25901eb2 TL |
388 | deb http://deb.debian.org/debian bookworm main contrib |
389 | deb http://deb.debian.org/debian bookworm-updates main contrib | |
aedc8192 | 390 | |
e3eaa56a | 391 | # security updates |
25901eb2 | 392 | deb http://security.debian.org/debian-security bookworm-security main contrib |
483f7a35 TL |
393 | |
394 | # Proxmox Mail Gateway repo required too - see below! | |
e3eaa56a DM |
395 | ---- |
396 | ||
0261cbde | 397 | {pmg} provides three different package repositories. |
e3eaa56a DM |
398 | |
399 | ||
400 | {pmg} Enterprise Repository | |
401 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
402 | ||
403 | This is the default, stable and recommended repository, available for | |
404 | all {pmg} subscription users. It contains the most stable packages, | |
405 | and is suitable for production use. The `pmg-enterprise` repository is | |
406 | enabled by default: | |
407 | ||
408 | .File `/etc/apt/sources.list.d/pmg-enterprise.list` | |
409 | ---- | |
25901eb2 | 410 | deb https://enterprise.proxmox.com/debian/pmg bookworm pmg-enterprise |
e3eaa56a DM |
411 | ---- |
412 | ||
413 | As soon as updates are available, the `root@pam` user is notified via | |
bf99325b | 414 | email about the newly available packages. From the GUI, the change-log of |
e3eaa56a | 415 | each package can be viewed (if available), showing all details of the |
bf99325b | 416 | update. Thus, you will never miss important security fixes. |
e3eaa56a | 417 | |
bf99325b DW |
418 | Please note that you need a valid subscription key to access this |
419 | repository. We offer different support levels, which you can find further | |
420 | details about at {pricing-url}. | |
e3eaa56a DM |
421 | |
422 | NOTE: You can disable this repository by commenting out the above line | |
bf99325b | 423 | using a `#` (at the start of the line). This prevents error messages, |
e3eaa56a | 424 | if you do not have a subscription key. Please configure the |
bf99325b | 425 | `pmg-no-subscription` repository in this case. |
e3eaa56a DM |
426 | |
427 | ||
428 | {pmg} No-Subscription Repository | |
429 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
430 | ||
431 | As the name suggests, you do not need a subscription key to access | |
432 | this repository. It can be used for testing and non-production | |
bf99325b | 433 | use. It's not recommended to use this on production servers, as these |
e3eaa56a DM |
434 | packages are not always heavily tested and validated. |
435 | ||
bf99325b | 436 | We recommend configuring this repository in `/etc/apt/sources.list`. |
e3eaa56a DM |
437 | |
438 | .File `/etc/apt/sources.list` | |
439 | ---- | |
25901eb2 TL |
440 | deb http://ftp.debian.org/debian bookworm main contrib |
441 | deb http://ftp.debian.org/debian bookworm-updates main contrib | |
483f7a35 TL |
442 | |
443 | # security updates | |
25901eb2 | 444 | deb http://security.debian.org/debian-security bookworm-security main contrib |
e3eaa56a DM |
445 | |
446 | # PMG pmg-no-subscription repository provided by proxmox.com, | |
447 | # NOT recommended for production use | |
25901eb2 | 448 | deb http://download.proxmox.com/debian/pmg bookworm pmg-no-subscription |
e3eaa56a DM |
449 | ---- |
450 | ||
451 | ||
452 | {pmg} Test Repository | |
453 | ~~~~~~~~~~~~~~~~~~~~~ | |
454 | ||
bf99325b DW |
455 | Finally, there is a repository called `pmgtest`. This contains the |
456 | latest packages, and is heavily used by developers to test new | |
457 | features. As with before, you can configure this using | |
e3eaa56a DM |
458 | `/etc/apt/sources.list` by adding the following line: |
459 | ||
460 | .sources.list entry for `pmgtest` | |
461 | ---- | |
25901eb2 | 462 | deb http://download.proxmox.com/debian/pmg bookworm pmgtest |
e3eaa56a DM |
463 | ---- |
464 | ||
582a64ad | 465 | WARNING: the `pmgtest` repository should only be used |
e3eaa56a DM |
466 | for testing new features or bug fixes. |
467 | ||
468 | ||
469 | SecureApt | |
470 | ~~~~~~~~~ | |
471 | ||
bf99325b DW |
472 | We use GnuPG to sign the `Release` files inside these repositories, |
473 | and APT uses these signatures to verify that all packages are from a | |
e3eaa56a DM |
474 | trusted source. |
475 | ||
bf99325b DW |
476 | The key used for verification is already installed, if you install from |
477 | our installation CD. If you install via another means, you can manually | |
25901eb2 | 478 | download the key by executing the following command as root user: |
e3eaa56a | 479 | |
483f7a35 | 480 | ---- |
25901eb2 | 481 | # wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg |
483f7a35 | 482 | ---- |
e3eaa56a | 483 | |
483f7a35 | 484 | Verify the checksum afterwards with the `sha512sum` CLI tool: |
e3eaa56a DM |
485 | |
486 | ---- | |
25901eb2 TL |
487 | # sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg |
488 | 7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87 /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg | |
e3eaa56a DM |
489 | ---- |
490 | ||
483f7a35 | 491 | or the `md5sum` CLI tool: |
e3eaa56a DM |
492 | |
493 | ---- | |
25901eb2 TL |
494 | # md5sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg |
495 | 41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg | |
e3eaa56a DM |
496 | ---- |
497 | ||
498 | ||
45613eb1 AZ |
499 | Debian Non-Free Repository |
500 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
96806766 SI |
501 | |
502 | Certain software cannot be made available in the `main` and `contrib` | |
503 | areas of the {debian} archives, since it does not adhere to the Debian | |
504 | Free Software Guidelines (DFSG). These are distributed in the | |
505 | {debian_nonfree_archive_area}. For {pmg} two packages from the `non-free` area | |
506 | are needed in order to support the RAR archive format: | |
507 | ||
508 | * `p7zip-rar` for matching xref:pmg_mailfilter_what[Archive Objects] in the | |
509 | xref:chapter_mailfilter[Rule system] | |
510 | ||
511 | * `libclamunrar` for detecting viruses in RAR archives. | |
512 | ||
45613eb1 AZ |
513 | To enable the `non-free` component, run `editor /etc/apt/sources.list` and |
514 | append `non-free` to the end of each `.debian.org` repository line. | |
5479707c | 515 | |
bf99325b | 516 | Following this, you can install the required packages with: |
5479707c TL |
517 | |
518 | ---- | |
519 | apt update | |
520 | apt install libclamunrar p7zip-rar | |
521 | ---- | |
9163e56a AZ |
522 | |
523 | ||
524 | [[pmg_debian_firmware_repo]] | |
525 | Debian Firmware Repository | |
526 | ~~~~~~~~~~~~~~~~~~~~~~~~~ | |
527 | Starting with Debian Bookworm ({pmg} 8) non-free firmware (as defined by | |
528 | https://www.debian.org/social_contract#guidelines[DFSG]) has been moved to the | |
529 | newly created Debian repository component `non-free-firmware`. | |
530 | ||
531 | Enable this repository if you want to set up | |
532 | xref:pmg_firmware_cpu[Early OS Microcode Updates] or need additional | |
533 | xref:pmg_firmware_runtime_files[Runtime Firmware Files] not already included in | |
534 | the pre-installed package `pve-firmware`. | |
535 | ||
536 | To be able to install packages from this component, run | |
537 | `editor /etc/apt/sources.list`, append `non-free-firmware` to the end of each | |
538 | `.debian.org` repository line and run `apt update`. |