]>
Commit | Line | Data |
---|---|---|
03c03402 DM |
1 | Installation |
2 | ============ | |
3 | ||
8eb27e2f TL |
4 | {pmg} is based on Debian. This is why the install disk images (ISO files) |
5 | provided by Proxmox include a complete Debian system as well as all necessary | |
6 | {pmg} packages. | |
03c03402 | 7 | |
8eb27e2f TL |
8 | TIP: See the xref:faq-support-table[support table in the FAQ] for the |
9 | relationship between {pmg} releases and Debian releases. | |
03c03402 | 10 | |
c78dc3bb | 11 | The installer will guide you through the setup, allowing you to partition the local |
8eb27e2f TL |
12 | disk(s), apply basic system configurations (for example, timezone, language, |
13 | network) and install all required packages. This process should not take more | |
14 | than a few minutes. Installing with the provided ISO is the recommended method | |
15 | for new and existing users. | |
16 | ||
17 | Alternatively, {pmg} can be installed on top of an existing Debian system. This | |
18 | option is only recommended for advanced users because detailed knowledge about | |
19 | {pmg} is required. | |
03c03402 | 20 | |
dfcaa012 AL |
21 | include::pmg-installation-media.adoc[] |
22 | ||
39abbce4 | 23 | [[pmg_install_iso]] |
03c03402 DM |
24 | Using the {pmg} Installation CD-ROM |
25 | ----------------------------------- | |
26 | ||
dfcaa012 | 27 | The installer ISO image includes the following: |
03c03402 DM |
28 | |
29 | * Complete operating system (Debian Linux, 64-bit) | |
30 | ||
b2d388d4 | 31 | * The {pmg} installer, which partitions the hard drive(s) with ext4, |
8eb27e2f | 32 | XFS or ZFS and installs the operating system |
03c03402 DM |
33 | |
34 | * Linux kernel | |
35 | ||
36 | * Postfix MTA, ClamAV, Spamassassin and the {pmg} toolset | |
37 | ||
582a64ad | 38 | * Web-based management interface for using the toolset |
03c03402 | 39 | |
aaec2aab CH |
40 | NOTE: All existing data on the for installation selected drives will be removed |
41 | during the installation process. The installer does not add boot menu entries | |
42 | for other operating systems. | |
b2d388d4 | 43 | |
dfcaa012 AL |
44 | Please insert the xref:installation_prepare_media[prepared installation media] |
45 | (for example, USB flash drive or CD-ROM) and boot from it. | |
46 | ||
47 | TIP: Make sure that booting from the installation medium (for example, USB) is | |
aaec2aab CH |
48 | enabled in your server's firmware settings. Secure boot needs to be disabled |
49 | when booting an installer prior to {pmg} version 8.1. | |
dfcaa012 | 50 | |
ca47e9ef CH |
51 | [thumbnail="../installer/pmg-grub-menu.png"] |
52 | ||
bf99325b DW |
53 | After choosing the correct entry (for example, Boot from USB) the {pmg} menu |
54 | will be displayed, and one of the following options can be selected: | |
03c03402 | 55 | |
aaec2aab | 56 | Install {pmg} (Graphical):: |
03c03402 DM |
57 | |
58 | Start normal installation. | |
59 | ||
aaec2aab CH |
60 | TIP: It's possible to use the installation wizard with a keyboard only. Buttons |
61 | can be clicked by pressing the `ALT` key combined with the underlined character | |
62 | from the respective button. For example, `ALT + N` to press a `Next` button. | |
03c03402 | 63 | |
aaec2aab | 64 | Install {pmg} (Terminal UI):: |
03c03402 | 65 | |
aaec2aab CH |
66 | Starts the terminal-mode installation wizard. It provides the same overall |
67 | installation experience as the graphical installer, but has generally better | |
68 | compatibility with very old and very new hardware. | |
03c03402 | 69 | |
aaec2aab | 70 | Install {pmg} (Terminal UI, Serial Console):: |
03c03402 | 71 | |
aaec2aab CH |
72 | Starts the terminal-mode installation wizard, additionally setting up the Linux |
73 | kernel to use the (first) serial port of the machine for in- and output. This | |
74 | can be used if the machine is completely headless and only has a serial console | |
75 | available. | |
03c03402 | 76 | |
9fc9adae CH |
77 | [thumbnail="../installer/pmg-tui-installer.png"] |
78 | ||
aaec2aab CH |
79 | Both modes use the same code base for the actual installation process to |
80 | benefit from more than a decade of bug fixes and ensure feature parity. | |
03c03402 | 81 | |
aaec2aab CH |
82 | TIP: The 'Terminal UI' option can be used in case the graphical installer does |
83 | not work correctly, due to e.g. driver issues. | |
03c03402 | 84 | |
aaec2aab CH |
85 | Advanced Options: Install {pmg} (Graphical, Debug Mode):: |
86 | ||
87 | Starts the installation in debug mode. A console will be opened at several | |
88 | installation steps. This helps to debug the situation if something goes wrong. | |
89 | To exit a debug console, press `CTRL-D`. This option can be used to boot a live | |
90 | system with all basic tools available. You can use it, for example, to repair a | |
91 | degraded ZFS 'rpool' or fix the bootloader for an existing {pmg} setup. | |
92 | ||
93 | Advanced Options: Install {pmg} (Terminal UI, Debug Mode):: | |
94 | ||
95 | Same as the graphical debug mode, but preparing the system to run the | |
96 | terminal-based installer instead. | |
97 | ||
98 | Advanced Options: Install {pmg} (Serial Console Debug Mode):: | |
99 | ||
100 | Same the terminal-based debug mode, but additionally sets up the Linux kernel to | |
101 | use the (first) serial port of the machine for in- and output. | |
102 | ||
103 | Advanced Options: Rescue Boot:: | |
104 | ||
105 | With this option you can boot an existing installation. It searches all attached | |
106 | hard disks. If it finds an existing installation, it boots directly into that | |
107 | disk using the Linux kernel from the ISO. This can be useful if there are | |
108 | problems with the bootloader (GRUB/`systemd-boot`) or the BIOS/UEFI is unable to | |
109 | read the boot block from the disk. | |
110 | ||
111 | Advanced Options: Test Memory (memtest86+):: | |
112 | ||
113 | Runs `memtest86+`. This is useful to check if the memory is functional and free | |
114 | of errors. Secure Boot must be turned off in the UEFI firmware setup utility to | |
115 | run this option. | |
116 | ||
117 | You normally select *Install {pmg} (Graphical)* to start the installation. | |
ca47e9ef CH |
118 | |
119 | [thumbnail="../installer/pmg-select-target-disk.png"] | |
03c03402 | 120 | |
bf99325b DW |
121 | The first step is to read our EULA (End User License Agreement). Following |
122 | this, you can select the target hard disk(s) for the installation. | |
03c03402 | 123 | |
582a64ad OB |
124 | CAUTION: By default, the whole server is used and all existing data is removed. |
125 | Make sure there is no important data on the server before proceeding with the | |
126 | installation. | |
03c03402 | 127 | |
03c03402 | 128 | The `Options` button lets you select the target file system, which |
12908dd2 | 129 | defaults to `ext4`. The installer uses LVM if you select |
bf99325b | 130 | `ext4` or `xfs` as a file system, and offers additional options to |
03c03402 DM |
131 | restrict LVM space (see <<advanced_lvm_options,below>>) |
132 | ||
bf99325b DW |
133 | If you have more than one disk, you can also use ZFS as a file system. |
134 | ZFS supports several software RAID levels, which is particularly useful | |
03c03402 | 135 | if you do not have a hardware RAID controller. The `Options` button |
bf99325b | 136 | lets you choose the ZFS RAID level and select which disks will be used. |
03c03402 | 137 | |
aaec2aab CH |
138 | WARNING: ZFS on top of any hardware RAID is not supported and can result in data |
139 | loss. | |
140 | ||
ca47e9ef | 141 | [thumbnail="../installer/pmg-select-location.png", float="left"] |
dc69da07 | 142 | |
582a64ad | 143 | The next page asks for basic configuration options like your |
bf99325b DW |
144 | location, timezone, and keyboard layout. The location is used to |
145 | select a nearby download server, in order to increase the speed of updates. | |
146 | The installer is usually able to auto-detect these settings, so you only need to | |
147 | change them in rare situations when auto-detection fails, or when you want to | |
582a64ad | 148 | use a keyboard layout not commonly used in your country. |
dc69da07 | 149 | |
ca47e9ef | 150 | [thumbnail="../installer/pmg-set-password.png"] |
dc69da07 DM |
151 | |
152 | You then need to specify an email address and the superuser (root) | |
153 | password. The password must have at least 5 characters, but we highly | |
154 | recommend to use stronger passwords - here are some guidelines: | |
155 | ||
156 | - Use a minimum password length of 12 to 14 characters. | |
157 | ||
158 | - Include lowercase and uppercase alphabetic characters, numbers and symbols. | |
159 | ||
60522152 TL |
160 | - Avoid character repetition, keyboard patterns, dictionary words, letter or |
161 | number sequences, usernames, relative or pet names, romantic links (current | |
162 | or past) and biographical information (e.g., ID numbers, ancestors' names or | |
163 | dates). | |
dc69da07 | 164 | |
aecce55c TL |
165 | It is sometimes necessary to send notification to the system administrator, for |
166 | example: | |
dc69da07 DM |
167 | |
168 | - Information about available package updates. | |
169 | ||
bf99325b | 170 | - Error messages from periodic cron jobs. |
dc69da07 | 171 | |
aecce55c | 172 | All those notification mails will be sent to the specified email address. |
dc69da07 | 173 | |
ca47e9ef | 174 | [thumbnail="../installer/pmg-setup-network.png"] |
03c03402 | 175 | |
aecce55c TL |
176 | The next step is the network configuration. Please note that you can use either |
177 | IPv4 or IPv6 here, but not both. If you want to configure a dual stack node, | |
bf99325b | 178 | you can easily do that after the installation. |
03c03402 | 179 | |
ca47e9ef | 180 | [thumbnail="../installer/pmg-installation.png", float="left"] |
f6249b79 | 181 | |
aecce55c TL |
182 | When you press `Next`, you will see an overview of your entered configuration. |
183 | Please re-check every setting, you can still use the `Previous` button to go | |
184 | back and edit any settings. | |
f6249b79 | 185 | |
bf99325b DW |
186 | After clicking `Install`, the installer will begin to format and copy packages |
187 | to the target disk(s). | |
dc69da07 | 188 | |
ca47e9ef | 189 | [thumbnail="../installer/pmg-summary.png"] |
dc69da07 | 190 | |
bf99325b DW |
191 | Copying the packages usually takes several minutes. When this is |
192 | finished, you can reboot the server. | |
03c03402 | 193 | |
aaec2aab CH |
194 | If the installation failed, check out specific errors on the second TTY |
195 | (`CTRL + ALT + F2') and ensure that the systems meets the | |
196 | xref:install_minimal_requirements[minimum requirements]. If the installation | |
197 | is still not working, look at the xref:getting_help[how to get help chapter]. | |
198 | ||
bf99325b | 199 | Further configuration is done via the {pmg} web interface: |
f03ead41 SI |
200 | |
201 | [thumbnail="pmg-gui-login-window.png"] | |
03c03402 | 202 | |
bf99325b | 203 | . Point your browser to the IP address given during the installation |
f03ead41 | 204 | (https://youripaddress:8006). |
b5b01ac3 | 205 | |
bf99325b | 206 | . Log in and upload your subscription key. |
b2d388d4 | 207 | + |
bf99325b | 208 | NOTE: The default login is "root", and the password is the one chosen during the |
aecce55c | 209 | installation. |
03c03402 | 210 | |
b2d388d4 DM |
211 | . Check the IP configuration and hostname. |
212 | ||
bf99325b | 213 | . Check the timezone. |
b2d388d4 DM |
214 | |
215 | . Check your xref:firewall_settings[Firewall settings]. | |
216 | ||
bf99325b | 217 | . Configure {pmg} to forward the incoming SMTP traffic to your mail |
b2d388d4 | 218 | server ('Configuration/Mail Proxy/Default Relay') - 'Default |
09e283f2 | 219 | Relay' is your email server. |
b2d388d4 | 220 | |
09e283f2 | 221 | . Configure your email server to send all outgoing messages through |
303ee757 | 222 | your {pmg} ('Smart Host', port 26 by default). |
b2d388d4 DM |
223 | |
224 | For detailed deployment scenarios see chapter | |
225 | xref:chapter_deployment[Planning for Deployment]. | |
226 | ||
bf99325b DW |
227 | After the installation, you have to route all your incoming and |
228 | outgoing email traffic to {pmg}. For incoming traffic, you | |
b2d388d4 | 229 | have to configure your firewall and/or DNS settings. For outgoing |
09e283f2 | 230 | traffic you need to change the existing email server configuration. |
b2d388d4 | 231 | |
03c03402 DM |
232 | |
233 | [[advanced_lvm_options]] | |
234 | Advanced LVM Configuration Options | |
235 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
236 | ||
237 | The installer creates a Volume Group (VG) called `pmg`, and additional | |
238 | Logical Volumes (LVs) called `root` and `swap`. The size of | |
239 | those volumes can be controlled with: | |
240 | ||
241 | `hdsize`:: | |
242 | ||
582a64ad OB |
243 | Defines the total disk size to be used. This way you can save free |
244 | space on the disk for further partitioning (i.e. for an additional PV | |
245 | and VG on the same disk that can be used for LVM storage). | |
03c03402 DM |
246 | |
247 | `swapsize`:: | |
248 | ||
249 | Defines the size of the `swap` volume. The default is the size of the | |
bf99325b DW |
250 | installed memory. The minimum is 4 GB and the maximum is 8 GB. The resulting |
251 | value cannot be greater than `hdsize/8`. | |
03c03402 | 252 | |
03c03402 DM |
253 | `minfree`:: |
254 | ||
bf99325b DW |
255 | Defines the amount of free space that should be left in the LVM volume group |
256 | `pmg`. With more than 128GB storage available, the default is 16GB, otherwise | |
257 | `hdsize/8` will be used. | |
03c03402 DM |
258 | + |
259 | NOTE: LVM requires free space in the VG for snapshot creation (not | |
260 | required for lvmthin snapshots). | |
261 | ||
262 | ||
263 | ZFS Performance Tips | |
264 | ~~~~~~~~~~~~~~~~~~~~ | |
265 | ||
c8be3f03 CH |
266 | ZFS works best with a lot of memory. If you intend to use ZFS make sure to have |
267 | enough RAM available for it. A good calculation is 4GB plus 1GB RAM for each TB | |
03c03402 DM |
268 | RAW disk space. |
269 | ||
c8be3f03 CH |
270 | ZFS can use a dedicated drive as write cache, called the ZFS Intent Log (ZIL). |
271 | Use a fast drive (SSD) for it. It can be added after installation with the | |
272 | following command: | |
03c03402 | 273 | |
c8be3f03 CH |
274 | --- |
275 | # zpool add <pool-name> log </dev/path_to_fast_ssd> | |
276 | --- | |
3372775f | 277 | |
84f2aef4 CH |
278 | Adding the `nomodeset` Kernel Parameter |
279 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
280 | ||
281 | Problems may arise on very old or very new hardware due to graphics drivers. If | |
282 | the installation hangs during the boot. In that case, you can try adding the | |
283 | `nomodeset` parameter. This prevents the Linux kernel from loading any | |
284 | graphics drivers and forces it to continue using the BIOS/UEFI-provided | |
285 | framebuffer. | |
286 | ||
287 | On the {pmg} bootloader menu, navigate to 'Install {pmg} (Terminal UI)' and | |
288 | press `e` to edit the entry. Using the arrow keys, navigate to the line starting | |
289 | with `linux`, move the cursor to the end of that line and add the | |
290 | parameter `nomodeset`, separated by a space from the pre-existing last | |
291 | parameter. | |
292 | ||
293 | Then press `Ctrl-X` or `F10` to boot the configuration. | |
294 | ||
39abbce4 | 295 | [[pmg_install_on_debian]] |
03c03402 DM |
296 | Install {pmg} on Debian |
297 | ----------------------- | |
298 | ||
299 | {pmg} ships as a set of Debian packages, so you can install it | |
300 | on top of a normal Debian installation. After configuring the | |
bf99325b | 301 | xref:pmg_package_repositories[package repositories], you need to run: |
03c03402 DM |
302 | |
303 | [source,bash] | |
304 | ---- | |
3e2d2270 TL |
305 | apt update |
306 | apt install proxmox-mailgateway | |
03c03402 DM |
307 | ---- |
308 | ||
bf99325b | 309 | Installing on top of an existing Debian installation seems easy, but |
582a64ad | 310 | it assumes that you have correctly installed the base system, and you |
03c03402 DM |
311 | know how you want to configure and use the local storage. Network |
312 | configuration is also completely up to you. | |
313 | ||
314 | NOTE: In general, this is not trivial, especially when you use LVM or | |
315 | ZFS. | |
e3eaa56a DM |
316 | |
317 | ||
39abbce4 | 318 | [[pmg_install_on_debian_container]] |
bf99325b | 319 | Install {pmg} as a Linux Container Appliance |
3fc72cc0 | 320 | -------------------------------------------- |
c13d3d4f | 321 | |
bf99325b | 322 | {pmg} can also run inside a Debian-based LXC |
c13d3d4f | 323 | instance. In order to keep the set of installed software, and thus the |
582a64ad | 324 | necessary updates minimal, you can use the `proxmox-mailgateway-container` |
bf99325b | 325 | meta-package. This does not depend on any Linux kernel, firmware, or components |
aaec2aab | 326 | used for booting from bare-metal, like GRUB. |
17a13972 | 327 | |
bf99325b | 328 | A ready-to-use appliance template is available through the `mail` section of the |
15dbf331 CE |
329 | https://www.proxmox.com/proxmox-virtual-environment/overview[Proxmox VE] |
330 | appliance manager, so if you already use Proxmox VE, you can set up a {pmg} | |
331 | instance in minutes. | |
17a13972 | 332 | |
bf99325b DW |
333 | NOTE: It's recommended to use a static network configuration. If DHCP must be |
334 | used, ensure that the container always leases the same IP, for example, by | |
335 | reserving one with the container's network MAC address. | |
5991f9eb | 336 | |
bf99325b | 337 | Additionally, you can install this on top of a container-based Debian |
3e2d2270 | 338 | installation. After configuring the |
bf99325b | 339 | xref:pmg_package_repositories[package repositories], you need to run: |
3e2d2270 TL |
340 | |
341 | [source,bash] | |
342 | ---- | |
343 | apt update | |
344 | apt install proxmox-mailgateway-container | |
345 | ---- | |
5991f9eb | 346 | |
e3eaa56a DM |
347 | [[pmg_package_repositories]] |
348 | Package Repositories | |
349 | -------------------- | |
350 | ||
0261cbde FE |
351 | {pmg} uses http://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as its |
352 | package management tool like any other Debian-based system. | |
353 | ||
354 | Repositories in {pmg} | |
355 | ~~~~~~~~~~~~~~~~~~~~~ | |
356 | ||
357 | Repositories are a collection of software packages. They can be used to install | |
358 | new software, but are also important to get new updates. | |
359 | ||
360 | NOTE: You need valid Debian and Proxmox repositories to get the latest | |
361 | security updates, bug fixes and new features. | |
362 | ||
363 | APT Repositories are defined in the file `/etc/apt/sources.list` and in `.list` | |
364 | files placed in `/etc/apt/sources.list.d/`. | |
365 | ||
366 | Repository Management | |
367 | ^^^^^^^^^^^^^^^^^^^^^ | |
368 | ||
369 | [thumbnail="pmg-gui-admin-repositories.png"] | |
370 | ||
371 | Since {pmg} 7.0 you can check the repository state in the web interface. The | |
372 | 'Dashboard' shows a high level status overview, while the separate 'Repository' | |
373 | panel (accessible via 'Administration') shows in-depth status and list of all | |
374 | configured repositories. | |
375 | ||
376 | Basic repository management, for example, activating or deactivating a | |
377 | repository, is also supported. | |
378 | ||
379 | Sources.list | |
380 | ^^^^^^^^^^^^ | |
381 | ||
382 | In a `sources.list` file, each line defines a package repository. The preferred | |
383 | source must come first. Empty lines are ignored. A `#` character anywhere on a | |
384 | line marks the remainder of that line as a comment. The available packages from | |
385 | a repository are acquired by running `apt update`. Updates can be installed | |
386 | directly using `apt`, or via the GUI (Administration -> Updates). | |
e3eaa56a DM |
387 | |
388 | .File `/etc/apt/sources.list` | |
389 | ---- | |
483f7a35 | 390 | # basic Debian repositories: |
25901eb2 TL |
391 | deb http://deb.debian.org/debian bookworm main contrib |
392 | deb http://deb.debian.org/debian bookworm-updates main contrib | |
aedc8192 | 393 | |
e3eaa56a | 394 | # security updates |
25901eb2 | 395 | deb http://security.debian.org/debian-security bookworm-security main contrib |
483f7a35 TL |
396 | |
397 | # Proxmox Mail Gateway repo required too - see below! | |
e3eaa56a DM |
398 | ---- |
399 | ||
0261cbde | 400 | {pmg} provides three different package repositories. |
e3eaa56a DM |
401 | |
402 | ||
403 | {pmg} Enterprise Repository | |
404 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
405 | ||
406 | This is the default, stable and recommended repository, available for | |
407 | all {pmg} subscription users. It contains the most stable packages, | |
408 | and is suitable for production use. The `pmg-enterprise` repository is | |
409 | enabled by default: | |
410 | ||
411 | .File `/etc/apt/sources.list.d/pmg-enterprise.list` | |
412 | ---- | |
25901eb2 | 413 | deb https://enterprise.proxmox.com/debian/pmg bookworm pmg-enterprise |
e3eaa56a DM |
414 | ---- |
415 | ||
416 | As soon as updates are available, the `root@pam` user is notified via | |
bf99325b | 417 | email about the newly available packages. From the GUI, the change-log of |
e3eaa56a | 418 | each package can be viewed (if available), showing all details of the |
bf99325b | 419 | update. Thus, you will never miss important security fixes. |
e3eaa56a | 420 | |
bf99325b DW |
421 | Please note that you need a valid subscription key to access this |
422 | repository. We offer different support levels, which you can find further | |
423 | details about at {pricing-url}. | |
e3eaa56a DM |
424 | |
425 | NOTE: You can disable this repository by commenting out the above line | |
bf99325b | 426 | using a `#` (at the start of the line). This prevents error messages, |
e3eaa56a | 427 | if you do not have a subscription key. Please configure the |
bf99325b | 428 | `pmg-no-subscription` repository in this case. |
e3eaa56a DM |
429 | |
430 | ||
431 | {pmg} No-Subscription Repository | |
432 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
433 | ||
434 | As the name suggests, you do not need a subscription key to access | |
435 | this repository. It can be used for testing and non-production | |
bf99325b | 436 | use. It's not recommended to use this on production servers, as these |
e3eaa56a DM |
437 | packages are not always heavily tested and validated. |
438 | ||
bf99325b | 439 | We recommend configuring this repository in `/etc/apt/sources.list`. |
e3eaa56a DM |
440 | |
441 | .File `/etc/apt/sources.list` | |
442 | ---- | |
25901eb2 TL |
443 | deb http://ftp.debian.org/debian bookworm main contrib |
444 | deb http://ftp.debian.org/debian bookworm-updates main contrib | |
483f7a35 TL |
445 | |
446 | # security updates | |
25901eb2 | 447 | deb http://security.debian.org/debian-security bookworm-security main contrib |
e3eaa56a DM |
448 | |
449 | # PMG pmg-no-subscription repository provided by proxmox.com, | |
450 | # NOT recommended for production use | |
25901eb2 | 451 | deb http://download.proxmox.com/debian/pmg bookworm pmg-no-subscription |
e3eaa56a DM |
452 | ---- |
453 | ||
454 | ||
455 | {pmg} Test Repository | |
456 | ~~~~~~~~~~~~~~~~~~~~~ | |
457 | ||
bf99325b DW |
458 | Finally, there is a repository called `pmgtest`. This contains the |
459 | latest packages, and is heavily used by developers to test new | |
460 | features. As with before, you can configure this using | |
e3eaa56a DM |
461 | `/etc/apt/sources.list` by adding the following line: |
462 | ||
463 | .sources.list entry for `pmgtest` | |
464 | ---- | |
25901eb2 | 465 | deb http://download.proxmox.com/debian/pmg bookworm pmgtest |
e3eaa56a DM |
466 | ---- |
467 | ||
582a64ad | 468 | WARNING: the `pmgtest` repository should only be used |
e3eaa56a DM |
469 | for testing new features or bug fixes. |
470 | ||
471 | ||
472 | SecureApt | |
473 | ~~~~~~~~~ | |
474 | ||
bf99325b DW |
475 | We use GnuPG to sign the `Release` files inside these repositories, |
476 | and APT uses these signatures to verify that all packages are from a | |
e3eaa56a DM |
477 | trusted source. |
478 | ||
bf99325b DW |
479 | The key used for verification is already installed, if you install from |
480 | our installation CD. If you install via another means, you can manually | |
25901eb2 | 481 | download the key by executing the following command as root user: |
e3eaa56a | 482 | |
483f7a35 | 483 | ---- |
25901eb2 | 484 | # wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg |
483f7a35 | 485 | ---- |
e3eaa56a | 486 | |
483f7a35 | 487 | Verify the checksum afterwards with the `sha512sum` CLI tool: |
e3eaa56a DM |
488 | |
489 | ---- | |
25901eb2 TL |
490 | # sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg |
491 | 7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87 /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg | |
e3eaa56a DM |
492 | ---- |
493 | ||
483f7a35 | 494 | or the `md5sum` CLI tool: |
e3eaa56a DM |
495 | |
496 | ---- | |
25901eb2 TL |
497 | # md5sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg |
498 | 41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg | |
e3eaa56a DM |
499 | ---- |
500 | ||
501 | ||
45613eb1 AZ |
502 | Debian Non-Free Repository |
503 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
96806766 SI |
504 | |
505 | Certain software cannot be made available in the `main` and `contrib` | |
506 | areas of the {debian} archives, since it does not adhere to the Debian | |
507 | Free Software Guidelines (DFSG). These are distributed in the | |
508 | {debian_nonfree_archive_area}. For {pmg} two packages from the `non-free` area | |
509 | are needed in order to support the RAR archive format: | |
510 | ||
511 | * `p7zip-rar` for matching xref:pmg_mailfilter_what[Archive Objects] in the | |
512 | xref:chapter_mailfilter[Rule system] | |
513 | ||
514 | * `libclamunrar` for detecting viruses in RAR archives. | |
515 | ||
45613eb1 AZ |
516 | To enable the `non-free` component, run `editor /etc/apt/sources.list` and |
517 | append `non-free` to the end of each `.debian.org` repository line. | |
5479707c | 518 | |
bf99325b | 519 | Following this, you can install the required packages with: |
5479707c TL |
520 | |
521 | ---- | |
522 | apt update | |
523 | apt install libclamunrar p7zip-rar | |
524 | ---- | |
9163e56a AZ |
525 | |
526 | ||
527 | [[pmg_debian_firmware_repo]] | |
528 | Debian Firmware Repository | |
529 | ~~~~~~~~~~~~~~~~~~~~~~~~~ | |
530 | Starting with Debian Bookworm ({pmg} 8) non-free firmware (as defined by | |
531 | https://www.debian.org/social_contract#guidelines[DFSG]) has been moved to the | |
532 | newly created Debian repository component `non-free-firmware`. | |
533 | ||
534 | Enable this repository if you want to set up | |
535 | xref:pmg_firmware_cpu[Early OS Microcode Updates] or need additional | |
536 | xref:pmg_firmware_runtime_files[Runtime Firmware Files] not already included in | |
537 | the pre-installed package `pve-firmware`. | |
538 | ||
539 | To be able to install packages from this component, run | |
540 | `editor /etc/apt/sources.list`, append `non-free-firmware` to the end of each | |
541 | `.debian.org` repository line and run `apt update`. |