external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity
mailinabox/setup/migrate.py

234 lines
8.1 KiB
Python
Raw Normal View History

migrate the SSL certificates path for non-primary certs to a new layout using a new migration script
2014-06-30 20:41:29 +00:00
#!/usr/bin/python3
# Migrates any file structures, database schemas, etc. between versions of Mail-in-a-Box.
# We have to be careful here that any dependencies are already installed in the previous
# version since this script runs before all other aspects of the setup script.
import sys, os, os.path, glob, re, shutil
sys.path.insert(0, 'management')
make a privileges column in the users table and mark the first user as an admin
2014-08-08 12:31:22 +00:00
from utils import load_environment, save_environment, shell
migrate the SSL certificates path for non-primary certs to a new layout using a new migration script
2014-06-30 20:41:29 +00:00
def migration_1(env):
# Re-arrange where we store SSL certificates. There was a typo also.
def move_file(fn, domain_name_escaped, filename):
# Moves an SSL-related file into the right place.
fn1 = os.path.join( env["STORAGE_ROOT"], 'ssl', domain_name_escaped, file_type)
os.makedirs(os.path.dirname(fn1), exist_ok=True)
shutil.move(fn, fn1)
# Migrate the 'domains' directory.
for sslfn in glob.glob(os.path.join( env["STORAGE_ROOT"], 'ssl/domains/*' )):
fn = os.path.basename(sslfn)
m = re.match("(.*)_(certifiate.pem|cert_sign_req.csr|private_key.pem)$", fn)
if m:
# get the new name for the file
domain_name, file_type = m.groups()
if file_type == "certifiate.pem": file_type = "ssl_certificate.pem" # typo
if file_type == "cert_sign_req.csr": file_type = "certificate_signing_request.csr" # nicer
move_file(sslfn, domain_name, file_type)
# Move the old domains directory if it is now empty.
try:
os.rmdir(os.path.join( env["STORAGE_ROOT"], 'ssl/domains'))
except:
pass
use the Dovecot managesieve service to manage sieve scripts This lets roundcube's manageseive plugin do cool things like vacation responses. Also: * Run the spam filtering sieve script out of a global sieve file that we'll place in /etc/dovecot. It is no longer necessary to create per-user sieve files for this. Remove them with a new migration. Remove the code that created them. * Corrects the spam script. Backslashes were double-escaped probably because this script started embedded within the bash script. Not sure how this was working until now. this adapts work by @h8h in #103
2014-07-10 07:40:51 +00:00
def migration_2(env):
# Delete the .dovecot_sieve script everywhere. This was formerly a copy of our spam -> Spam
# script. We now install it as a global script, and we use managesieve, so the old file is
# irrelevant. Also delete the compiled binary form.
for fn in glob.glob(os.path.join(env["STORAGE_ROOT"], 'mail/mailboxes/*/*/.dovecot.sieve')):
os.unlink(fn)
for fn in glob.glob(os.path.join(env["STORAGE_ROOT"], 'mail/mailboxes/*/*/.dovecot.svbin')):
os.unlink(fn)
migrate the migration state from MIGRATIONID in /etc/mailinabox.conf to STORAGE_ROOT/mailinabox.version so that the data format of STORAGE_ROOT is stored in the directory itself
2014-08-03 21:41:32 +00:00
def migration_3(env):
# Move the migration ID from /etc/mailinabox.conf to $STORAGE_ROOT/mailinabox.version
# so that the ID stays with the data files that it describes the format of. The writing
# of the file will be handled by the main function.
pass
make a privileges column in the users table and mark the first user as an admin
2014-08-08 12:31:22 +00:00
def migration_4(env):
# Add a new column to the mail users table where we can store administrative privileges.
db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
shell("check_call", ["sqlite3", db, "ALTER TABLE users ADD privileges TEXT NOT NULL DEFAULT ''"])
Fix permissions of backup secret according to Josh's comment at https://github.com/mail-in-a-box/mailinabox/pull/150#issuecomment-53120156
2014-08-22 21:23:56 +00:00
def migration_5(env):
normalize some whitespace
2014-08-26 11:09:15 +00:00
# The secret key for encrypting backups was world readable. Fix here.
os.chmod(os.path.join(env["STORAGE_ROOT"], 'backup/secret_key.txt'), 0o600)
Fix permissions of backup secret according to Josh's comment at https://github.com/mail-in-a-box/mailinabox/pull/150#issuecomment-53120156
2014-08-22 21:23:56 +00:00
dnssec: use RSASHA256 keys for .email domains
2014-10-04 17:29:42 +00:00
def migration_6(env):
# We now will generate multiple DNSSEC keys for different algorithms, since TLDs may
# not support them all. .email only supports RSA/SHA-256. Rename the keys.conf file
# to be algorithm-specific.
basepath = os.path.join(env["STORAGE_ROOT"], 'dns/dnssec')
shutil.move(os.path.join(basepath, 'keys.conf'), os.path.join(basepath, 'RSASHA1-NSEC3-SHA1.conf'))
store IDNs (internationalized domain names) in IDNA (ASCII) in our database, not in Unicode I changed my mind. In 1bf8f1991f6f08e0fb1e3d2572d280d894a5e431 I allowed Unicode domain names to go into the database. I thought that was nice because it's what the user *means*. But it's not how the web works. Web and DNS were working, but mail wasn't. Postfix (as shipped with Ubuntu 14.04 without support for SMTPUTF8) exists in an ASCII-only world. When it goes to the users/aliases table, it queries in ASCII (IDNA) only and had no hope of delivering mail if the domain was in full Unicode in the database. I was thinking ahead to SMTPUTF8, where we *could* put Unicode in the database (though that would prevent IDNA-encoded addressing from being deliverable) not realizing it isn't well supported yet anyway. It's IDNA that goes on the wire in most places anyway (SMTP without SMTPUTF8 (and therefore how Postfix queries our users/aliases tables), DNS zone files, nginx config, CSR 'CN' field, X509 Common Name and Subject Alternative Names fields), so we should really be talking in terms of IDNA (i.e. ASCII). This partially reverts commit 1bf8f1991f6f08e0fb1e3d2572d280d894a5e431, where I added a lot of Unicode=>IDNA conversions when writing configuration files. Instead I'm doing Unicode=>IDNA before email addresses get into the users/aliases table. Now we assume the database uses IDNA-encoded ASCII domain names. When adding/removing aliases, addresses are converted to ASCII (w/ IDNA). User accounts must be ASCII-only anyway because of Dovecot's auth limitations, so we don't do any IDNA conversion (don't want to change the user's login info behind their back!). The aliases control panel page converts domains back to Unicode for display to be nice. The status checks converts the domains to Unicode just for the output headings. A migration is added to convert existing aliases with Unicode domains into IDNA. Any custom DNS or web settings with Unicode may need to be changed. Future support for SMTPUTF8 will probably need to add columns in the users/aliases table so that it lists both IDNA and Unicode forms.
2015-03-29 13:33:31 +00:00
def migration_7(env):
# I previously wanted domain names to be stored in Unicode in the database. Now I want them
# to be in IDNA. Affects aliases only.
import sqlite3
conn = sqlite3.connect(os.path.join(env["STORAGE_ROOT"], "mail/users.sqlite"))
# Get existing alias source addresses.
c = conn.cursor()
c.execute('SELECT source FROM aliases')
aliases = [ row[0] for row in c.fetchall() ]
# Update to IDNA-encoded domains.
for email in aliases:
try:
localpart, domainpart = email.split("@")
domainpart = domainpart.encode("idna").decode("ascii")
newemail = localpart + "@" + domainpart
if newemail != email:
c = conn.cursor()
c.execute("UPDATE aliases SET source=? WHERE source=?", (newemail, email))
if c.rowcount != 1: raise ValueError("Alias not found.")
print("Updated alias", email, "to", newemail)
except Exception as e:
print("Error updating IDNA alias", email, e)
# Save.
conn.commit()
dkim 2048 bits - migration and zone file generation changes * Add a migration to delete any existing DKIM key so that existing machines get a fresh 2048-bit key. (Sadly we don't support key rotation so the change is immediate.) * Because the DNS record for a 2048-bit key is so much longer, the way we read OpenDKIM's DNS record text file had to be modified to combine an arbitrary number of TXT record quoted ("...") strings. * When writing out the TXT record value, the string must be split into quoted ("...") strings with a maximum length of 255 bytes each, per the DNS spec. * Added a changelog entry.
2015-06-25 13:02:40 +00:00
def migration_8(env):
# Delete DKIM keys. We had generated 1024-bit DKIM keys.
# By deleting the key file we'll automatically generate
# a new key, which will be 2048 bits.
os.unlink(os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.private'))
store IDNs (internationalized domain names) in IDNA (ASCII) in our database, not in Unicode I changed my mind. In 1bf8f1991f6f08e0fb1e3d2572d280d894a5e431 I allowed Unicode domain names to go into the database. I thought that was nice because it's what the user *means*. But it's not how the web works. Web and DNS were working, but mail wasn't. Postfix (as shipped with Ubuntu 14.04 without support for SMTPUTF8) exists in an ASCII-only world. When it goes to the users/aliases table, it queries in ASCII (IDNA) only and had no hope of delivering mail if the domain was in full Unicode in the database. I was thinking ahead to SMTPUTF8, where we *could* put Unicode in the database (though that would prevent IDNA-encoded addressing from being deliverable) not realizing it isn't well supported yet anyway. It's IDNA that goes on the wire in most places anyway (SMTP without SMTPUTF8 (and therefore how Postfix queries our users/aliases tables), DNS zone files, nginx config, CSR 'CN' field, X509 Common Name and Subject Alternative Names fields), so we should really be talking in terms of IDNA (i.e. ASCII). This partially reverts commit 1bf8f1991f6f08e0fb1e3d2572d280d894a5e431, where I added a lot of Unicode=>IDNA conversions when writing configuration files. Instead I'm doing Unicode=>IDNA before email addresses get into the users/aliases table. Now we assume the database uses IDNA-encoded ASCII domain names. When adding/removing aliases, addresses are converted to ASCII (w/ IDNA). User accounts must be ASCII-only anyway because of Dovecot's auth limitations, so we don't do any IDNA conversion (don't want to change the user's login info behind their back!). The aliases control panel page converts domains back to Unicode for display to be nice. The status checks converts the domains to Unicode just for the output headings. A migration is added to convert existing aliases with Unicode domains into IDNA. Any custom DNS or web settings with Unicode may need to be changed. Future support for SMTPUTF8 will probably need to add columns in the users/aliases table so that it lists both IDNA and Unicode forms.
2015-03-29 13:33:31 +00:00
Add support for bidirectional mail alias controls This is an extension of #427. Building on that change it adds support in the aliases table for flagging aliases as: 1. Applicable to inbound and outbound mail. 2. Applicable to inbound mail only. 3. Applicable to outbound mail only. 4. Disabled. The aliases UI is also updated to allow administrators to set the direction of each alias. Using this extra information, the sqlite queries executed by Postfix are updated so only the relevant alias types are checked. The goal and result of this change is that outbound-only catch-all aliases can now be defined (in fact catch-all aliases of any type can be defined). This allow us to continue supporting relaying as described at https://mailinabox.email/advanced-configuration.html#relay without requiring that administrators either create regular aliases for each outbound *relay* address, or that they create a catch-all alias and then face a flood of spam. I have tested the code as it is in this commit and fixed every issue I found, so in that regard the change is complete. However I see room for improvement in terms of updating terminology to make the UI etc. easier to understand. I'll make those changes as subsequent commits so that this tested checkpoint is not lost, but also so they can be rejected independently of the actual change if not wanted.
2015-06-27 17:23:15 +00:00
def migration_9(env):
Store and set alias receivers and senders separately for maximum control
2015-07-04 15:31:11 +00:00
# Switch from storing alias ownership in one column (used for both
# directions) to two columns (one for determining inbound forward-tos and
# one for determining outbound permitted-senders). This was motivated by the
# addition of #427 ("Reject outgoing mail if FROM does not match Login") -
# which introduced the notion of outbound permitted-senders.
Add support for bidirectional mail alias controls This is an extension of #427. Building on that change it adds support in the aliases table for flagging aliases as: 1. Applicable to inbound and outbound mail. 2. Applicable to inbound mail only. 3. Applicable to outbound mail only. 4. Disabled. The aliases UI is also updated to allow administrators to set the direction of each alias. Using this extra information, the sqlite queries executed by Postfix are updated so only the relevant alias types are checked. The goal and result of this change is that outbound-only catch-all aliases can now be defined (in fact catch-all aliases of any type can be defined). This allow us to continue supporting relaying as described at https://mailinabox.email/advanced-configuration.html#relay without requiring that administrators either create regular aliases for each outbound *relay* address, or that they create a catch-all alias and then face a flood of spam. I have tested the code as it is in this commit and fixed every issue I found, so in that regard the change is complete. However I see room for improvement in terms of updating terminology to make the UI etc. easier to understand. I'll make those changes as subsequent commits so that this tested checkpoint is not lost, but also so they can be rejected independently of the actual change if not wanted.
2015-06-27 17:23:15 +00:00
db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
Store and set alias receivers and senders separately for maximum control
2015-07-04 15:31:11 +00:00
# Move the old aliases table to one side.
shell("check_call", ["sqlite3", db, "ALTER TABLE aliases RENAME TO aliases_8"])
# Create the new aliases table, initially empty.
shell("check_call", ["sqlite3", db, "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, address TEXT NOT NULL UNIQUE, receivers TEXT NOT NULL, senders TEXT NOT NULL)"])
import sqlite3
conn = sqlite3.connect(os.path.join(env["STORAGE_ROOT"], "mail/users.sqlite"))
c = conn.cursor()
c.execute('SELECT email FROM users')
valid_logins = [ row[0] for row in c.fetchall() ]
c = conn.cursor()
c.execute('SELECT source, destination FROM aliases_8')
aliases = { row[0]: row[1] for row in c.fetchall() }
# Populate the new aliases table. Forward-to addresses (receivers) is taken
# directly from the old destination column. Permitted-sender logins
# (senders) is made up of only those addresses in the old destination column
# that are valid logins, as other values are not relevant. Their presence
# would not do any harm, except that it would make the aliases UI confusing
# on upgraded boxes.
for source in aliases:
address = source
receivers = aliases[source]
validated_senders = []
for login in aliases[source].split(","):
login = login.strip()
if login == "": continue
if login in valid_logins:
validated_senders.append(login)
senders = ",".join(validated_senders)
c = conn.cursor()
c.execute("INSERT INTO aliases (address, receivers, senders) VALUES (?, ?, ?)", (address, receivers, senders))
# Save.
conn.commit()
# Delete the old aliases table.
shell("check_call", ["sqlite3", db, "DROP TABLE aliases_8"])
Add support for bidirectional mail alias controls This is an extension of #427. Building on that change it adds support in the aliases table for flagging aliases as: 1. Applicable to inbound and outbound mail. 2. Applicable to inbound mail only. 3. Applicable to outbound mail only. 4. Disabled. The aliases UI is also updated to allow administrators to set the direction of each alias. Using this extra information, the sqlite queries executed by Postfix are updated so only the relevant alias types are checked. The goal and result of this change is that outbound-only catch-all aliases can now be defined (in fact catch-all aliases of any type can be defined). This allow us to continue supporting relaying as described at https://mailinabox.email/advanced-configuration.html#relay without requiring that administrators either create regular aliases for each outbound *relay* address, or that they create a catch-all alias and then face a flood of spam. I have tested the code as it is in this commit and fixed every issue I found, so in that regard the change is complete. However I see room for improvement in terms of updating terminology to make the UI etc. easier to understand. I'll make those changes as subsequent commits so that this tested checkpoint is not lost, but also so they can be rejected independently of the actual change if not wanted.
2015-06-27 17:23:15 +00:00
remove the hard-coded migration ID from setup.sh
2014-07-10 12:49:19 +00:00
def get_current_migration():
ver = 0
while True:
next_ver = (ver + 1)
migration_func = globals().get("migration_%d" % next_ver)
if not migration_func:
return ver
ver = next_ver
def run_migrations():
migrate the SSL certificates path for non-primary certs to a new layout using a new migration script
2014-06-30 20:41:29 +00:00
if not os.access("/etc/mailinabox.conf", os.W_OK, effective_ids=True):
print("This script must be run as root.", file=sys.stderr)
sys.exit(1)
env = load_environment()
migrate the migration state from MIGRATIONID in /etc/mailinabox.conf to STORAGE_ROOT/mailinabox.version so that the data format of STORAGE_ROOT is stored in the directory itself
2014-08-03 21:41:32 +00:00
migration_id_file = os.path.join(env['STORAGE_ROOT'], 'mailinabox.version')
Behave nicely when mailinabox.version file is missing
2015-03-04 10:25:06 +00:00
migration_id = None
migrate the migration state from MIGRATIONID in /etc/mailinabox.conf to STORAGE_ROOT/mailinabox.version so that the data format of STORAGE_ROOT is stored in the directory itself
2014-08-03 21:41:32 +00:00
if os.path.exists(migration_id_file):
with open(migration_id_file) as f:
Behave nicely when mailinabox.version file is missing
2015-03-04 10:25:06 +00:00
migration_id = f.read().strip();
if migration_id is None:
migrate the migration state from MIGRATIONID in /etc/mailinabox.conf to STORAGE_ROOT/mailinabox.version so that the data format of STORAGE_ROOT is stored in the directory itself
2014-08-03 21:41:32 +00:00
# Load the legacy location of the migration ID. We'll drop support
# for this eventually.
Behave nicely when mailinabox.version file is missing
2015-03-04 10:25:06 +00:00
migration_id = env.get("MIGRATIONID")
if migration_id is None:
print()
print("%s file doesn't exists. Skipping migration..." % (migration_id_file,))
return
ourver = int(migration_id)
migrate the SSL certificates path for non-primary certs to a new layout using a new migration script
2014-06-30 20:41:29 +00:00
while True:
next_ver = (ourver + 1)
migration_func = globals().get("migration_%d" % next_ver)
if not migration_func:
# No more migrations to run.
break
migrate the migration state from MIGRATIONID in /etc/mailinabox.conf to STORAGE_ROOT/mailinabox.version so that the data format of STORAGE_ROOT is stored in the directory itself
2014-08-03 21:41:32 +00:00
print()
migrate the SSL certificates path for non-primary certs to a new layout using a new migration script
2014-06-30 20:41:29 +00:00
print("Running migration to Mail-in-a-Box #%d..." % next_ver)
try:
migration_func(env)
except Exception as e:
print()
print("Error running the migration script:")
print()
print(e)
print()
print("Your system may be in an inconsistent state now. We're terribly sorry. A re-install from a backup might be the best way to continue.")
sys.exit(1)
ourver = next_ver
# Write out our current version now. Do this sooner rather than later
# in case of any problems.
migrate the migration state from MIGRATIONID in /etc/mailinabox.conf to STORAGE_ROOT/mailinabox.version so that the data format of STORAGE_ROOT is stored in the directory itself
2014-08-03 21:41:32 +00:00
with open(migration_id_file, "w") as f:
f.write(str(ourver) + "\n")
# Delete the legacy location of this field.
if "MIGRATIONID" in env:
del env["MIGRATIONID"]
save_environment(env)
migrate the SSL certificates path for non-primary certs to a new layout using a new migration script
2014-06-30 20:41:29 +00:00
# iterate and try next version...
remove the hard-coded migration ID from setup.sh
2014-07-10 12:49:19 +00:00
if __name__ == "__main__":
if sys.argv[-1] == "--current":
# Return the number of the highest migration.
print(str(get_current_migration()))
elif sys.argv[-1] == "--migrate":
# Perform migrations.
run_migrations()