mailinabox/setup/functions.sh

function hide_output {
	# This function hides the output of a command unless the command fails
	# and returns a non-zero exit code.

	# Get a temporary file.
	OUTPUT=$(tempfile)

	# Execute command, redirecting stderr/stdout to the temporary file.
	$@ &> $OUTPUT

	# If the command failed, show the output that was captured in the temporary file.
	E=$?
	if [ $E != 0 ]; then
		# Something failed.
		echo
		echo FAILED: $@
		echo -----------------------------------------
		cat $OUTPUT
		echo -----------------------------------------
		exit $E
	fi

	# Remove temporary file.
	rm -f $OUTPUT
}

function apt_get_quiet {
	# Run apt-get in a totally non-interactive mode.
	#
	# Somehow all of these options are needed to get it to not ask the user
	# questions about a) whether to proceed (-y), b) package options (noninteractive),
	# and c) what to do about files changed locally (we don't cause that to happen but
	# some VM providers muck with their images; -o).
	#
	# Although we could pass -qq to apt-get to make output quieter, many packages write to stdout
	# and stderr things that aren't really important. Use our hide_output function to capture
	# all of that and only show it if there is a problem (i.e. if apt_get returns a failure exit status).
	DEBIAN_FRONTEND=noninteractive hide_output apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" "$@"
}

function apt_install {
	# Install a bunch of packages. We used to report which packages were already
	# installed and which needed installing, before just running an 'apt-get
	# install' for all of the packages.  Calling `dpkg` on each package is slow,
	# and doesn't affect what we actually do, except in the messages, so let's
	# not do that anymore.
	PACKAGES=$@
	apt_get_quiet install $PACKAGES
}

function get_default_hostname {
	# Guess the machine's hostname. It should be a fully qualified
	# domain name suitable for DNS. None of these calls may provide
	# the right value, but it's the best guess we can make.
	set -- $(hostname --fqdn      2>/dev/null ||
                 hostname --all-fqdns 2>/dev/null ||
                 hostname             2>/dev/null)
	printf '%s\n' "$1" # return this value
}

function get_publicip_from_web_service {
	# This seems to be the most reliable way to determine the
	# machine's public IP address: asking a very nice web API
	# for how they see us. Thanks go out to icanhazip.com.
	# See: https://major.io/icanhazip-com-faq/
	#
	# Pass '4' or '6' as an argument to this function to specify
	# what type of address to get (IPv4, IPv6).
	curl -$1 --fail --silent --max-time 15 icanhazip.com 2>/dev/null
}

function get_default_privateip {
	# Return the IP address of the network interface connected
	# to the Internet.
	#
	# Pass '4' or '6' as an argument to this function to specify
	# what type of address to get (IPv4, IPv6).
	#
	# We used to use `hostname -I` and then filter for either
	# IPv4 or IPv6 addresses. However if there are multiple
	# network interfaces on the machine, not all may be for
	# reaching the Internet.
	#
	# Instead use `ip route get` which asks the kernel to use
	# the system's routes to select which interface would be
	# used to reach a public address. We'll use 8.8.8.8 as
	# the destination. It happens to be Google Public DNS, but
	# no connection is made. We're just seeing how the box
	# would connect to it. There many be multiple IP addresses
	# assigned to an interface. `ip route get` reports the
	# preferred. That's good enough for us. See issue #121.
	#
	# With IPv6, the best route may be via an interface that
	# only has a link-local address (fe80::*). These addresses
	# are only unique to an interface and so need an explicit
	# interface specification in order to use them with bind().
	# In these cases, we append "%interface" to the address.
	# See the Notes section in the man page for getaddrinfo and
	# https://discourse.mailinabox.email/t/update-broke-mailinabox/34/9.
	#
	# Also see ae67409603c49b7fa73c227449264ddd10aae6a9 and
	# issue #3 for why/how we originally added IPv6.

	target=8.8.8.8

	# For the IPv6 route, use the corresponding IPv6 address
	# of Google Public DNS. Again, it doesn't matter so long
	# as it's an address on the public Internet.
	if [ "$1" == "6" ]; then target=2001:4860:4860::8888; fi

	# Get the route information.
	route=$(ip -$1 -o route get $target | grep -v unreachable)

	# Parse the address out of the route information.
	address=$(echo $route | sed "s/.* src \([^ ]*\).*/\1/")

	if [[ "$1" == "6" && $address == fe80:* ]]; then
		# For IPv6 link-local addresses, parse the interface out
		# of the route information and append it with a '%'.
		interface=$(echo $route | sed "s/.* dev \([^ ]*\).*/\1/")
		address=$address%$interface
	fi

	echo $address
		
}

function ufw_allow {
	if [ -z "$DISABLE_FIREWALL" ]; then
		# ufw has completely unhelpful output
		ufw allow $1 > /dev/null;
	fi
}

function restart_service {
	hide_output service $1 restart
}

## Dialog Functions ##
function message_box {
	dialog --title "$1" --msgbox "$2" 0 0
}

function input_box {
	# input_box "title" "prompt" "defaultvalue" VARIABLE
	# The user's input will be stored in the variable VARIABLE.
	# The exit code from dialog will be stored in VARIABLE_EXITCODE.
	declare -n result=$4
	declare -n result_code=$4_EXITCODE
	result=$(dialog --stdout --title "$1" --inputbox "$2" 0 0 "$3")
	result_code=$?
}

function input_menu {
	# input_menu "title" "prompt" "tag item tag item" VARIABLE
	# The user's input will be stored in the variable VARIABLE.
	# The exit code from dialog will be stored in VARIABLE_EXITCODE.
	declare -n result=$4
	declare -n result_code=$4_EXITCODE
	local IFS=^$'\n'
	result=$(dialog --stdout --title "$1" --menu "$2" 0 0 0 $3)
	result_code=$?
}

function wget_verify {
	# Downloads a file from the web and checks that it matches
	# a provided hash. If the comparison fails, exit immediately.
	URL=$1
	HASH=$2
	DEST=$3
	CHECKSUM="$HASH  $DEST"
	rm -f $DEST
	wget -q -O $DEST $URL || exit 1
	if ! echo "$CHECKSUM" | sha1sum --check --strict > /dev/null; then
		echo "------------------------------------------------------------"
		echo "Download of $URL did not match expected checksum."
		echo "Found:"
		sha1sum $DEST
		echo
		echo "Expected:"
		echo "$CHECKSUM"
		rm -f $DEST
		exit 1
	fi
}

function git_clone {
	# Clones a git repository, checks out a particular commit or tag,
	# and moves the repository (or a subdirectory in it) to some path.
	# We use separate clone and checkout because -b only supports tags
	# and branches, but we sometimes want to reference a commit hash
	# directly when the repo doesn't provide a tag.
	REPO=$1
	TREEISH=$2
	SUBDIR=$3
	TARGETPATH=$4
	TMPPATH=/tmp/git-clone-$$
	rm -rf $TMPPATH $TARGETPATH
	git clone -q $REPO $TMPPATH || exit 1
	(cd $TMPPATH; git checkout -q $TREEISH;) || exit 1
	mv $TMPPATH/$SUBDIR $TARGETPATH
	rm -rf $TMPPATH
}
hide lots of unnecessary and scary output during setup 2014-07-16 13:06:45 +00:00			`function hide_output {`
			`# This function hides the output of a command unless the command fails`
			`# and returns a non-zero exit code.`

			`# Get a temporary file.`
			`OUTPUT=$(tempfile)`

			`# Execute command, redirecting stderr/stdout to the temporary file.`
			`$@ &> $OUTPUT`

			`# If the command failed, show the output that was captured in the temporary file.`
need my new email_validator library during questions 2015-05-03 14:44:37 +00:00			`E=$?`
			`if [ $E != 0 ]; then`
hide lots of unnecessary and scary output during setup 2014-07-16 13:06:45 +00:00			`# Something failed.`
			`echo`
			`echo FAILED: $@`
			`echo -----------------------------------------`
			`cat $OUTPUT`
			`echo -----------------------------------------`
need my new email_validator library during questions 2015-05-03 14:44:37 +00:00			`exit $E`
hide lots of unnecessary and scary output during setup 2014-07-16 13:06:45 +00:00			`fi`

			`# Remove temporary file.`
			`rm -f $OUTPUT`
			`}`

prevent apt from asking the user any questions Add additional options to really prevent apt from asking questions, which causes setup to hang because stdin/out have been redirected. fixes #270, #291 2015-02-13 13:41:52 +00:00			`function apt_get_quiet {`
			`# Run apt-get in a totally non-interactive mode.`
			`#`
			`# Somehow all of these options are needed to get it to not ask the user`
			`# questions about a) whether to proceed (-y), b) package options (noninteractive),`
			`# and c) what to do about files changed locally (we don't cause that to happen but`
			`# some VM providers muck with their images; -o).`
			`#`
			`# Although we could pass -qq to apt-get to make output quieter, many packages write to stdout`
			`# and stderr things that aren't really important. Use our hide_output function to capture`
			`# all of that and only show it if there is a problem (i.e. if apt_get returns a failure exit status).`
			`DEBIAN_FRONTEND=noninteractive hide_output apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" "$@"`
			`}`

make a bash function to use everywhere we apt-get-install (`DEBIAN_FRONTEND=noninteractive apt-get -qq -y `) ensures the output is quiet 2014-05-01 19:13:00 +00:00			`function apt_install {`
silence all of the installing/already installed package messages on installation Querying dpkg for each package is slow, and we have way too much output on installation because of it. 2015-08-19 19:58:35 +00:00			`# Install a bunch of packages. We used to report which packages were already`
			`# installed and which needed installing, before just running an 'apt-get`
			# install' for all of the packages. Calling `dpkg` on each package is slow,
			`# and doesn't affect what we actually do, except in the messages, so let's`
			`# not do that anymore.`
make a bash function to use everywhere we apt-get-install (`DEBIAN_FRONTEND=noninteractive apt-get -qq -y `) ensures the output is quiet 2014-05-01 19:13:00 +00:00			`PACKAGES=$@`
prevent apt from asking the user any questions Add additional options to really prevent apt from asking questions, which causes setup to hang because stdin/out have been redirected. fixes #270, #291 2015-02-13 13:41:52 +00:00			`apt_get_quiet install $PACKAGES`
make a bash function to use everywhere we apt-get-install (`DEBIAN_FRONTEND=noninteractive apt-get -qq -y `) ensures the output is quiet 2014-05-01 19:13:00 +00:00			`}`

Improve hostname/IP default values Default IP+hostname values were incorrect for my VPS provider. I improved the detection, which should give correct results results for almost any provider. Specific issues addressed: - icanhazip.com detection was only enabled in non-interactive mode - `hostname` is by convention a short (non-fqdn) name in Ubuntu - `hostname --fqdn` fails if provider does not pouplate `hosts` file - `hostname -i` fails if provider does not populate `hosts` file - `curl` without `--fail` will someday return crazy results when icanhazip.com returns 500 errors or similar 2014-06-07 17:54:58 +00:00			`function get_default_hostname {`
add comments to the new get_default_hostname etc. functions, and simplify the logic in the Vagrantfile and start.sh so that we always call into the same two functions 2014-06-07 18:55:57 +00:00			`# Guess the machine's hostname. It should be a fully qualified`
			`# domain name suitable for DNS. None of these calls may provide`
			`# the right value, but it's the best guess we can make.`
Improve hostname/IP default values Default IP+hostname values were incorrect for my VPS provider. I improved the detection, which should give correct results results for almost any provider. Specific issues addressed: - icanhazip.com detection was only enabled in non-interactive mode - `hostname` is by convention a short (non-fqdn) name in Ubuntu - `hostname --fqdn` fails if provider does not pouplate `hosts` file - `hostname -i` fails if provider does not populate `hosts` file - `curl` without `--fail` will someday return crazy results when icanhazip.com returns 500 errors or similar 2014-06-07 17:54:58 +00:00			`set -- $(hostname --fqdn 2>/dev/null \|\|`
			`hostname --all-fqdns 2>/dev/null \|\|`
			`hostname 2>/dev/null)`
add comments to the new get_default_hostname etc. functions, and simplify the logic in the Vagrantfile and start.sh so that we always call into the same two functions 2014-06-07 18:55:57 +00:00			`printf '%s\n' "$1" # return this value`
Improve hostname/IP default values Default IP+hostname values were incorrect for my VPS provider. I improved the detection, which should give correct results results for almost any provider. Specific issues addressed: - icanhazip.com detection was only enabled in non-interactive mode - `hostname` is by convention a short (non-fqdn) name in Ubuntu - `hostname --fqdn` fails if provider does not pouplate `hosts` file - `hostname -i` fails if provider does not populate `hosts` file - `curl` without `--fail` will someday return crazy results when icanhazip.com returns 500 errors or similar 2014-06-07 17:54:58 +00:00			`}`

			`function get_publicip_from_web_service {`
add comments to the new get_default_hostname etc. functions, and simplify the logic in the Vagrantfile and start.sh so that we always call into the same two functions 2014-06-07 18:55:57 +00:00			`# This seems to be the most reliable way to determine the`
			`# machine's public IP address: asking a very nice web API`
			`# for how they see us. Thanks go out to icanhazip.com.`
have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces hopefully fixes #121; thanks for the help @sfPlayer1 2014-07-29 23:24:10 +00:00			`# See: https://major.io/icanhazip-com-faq/`
			`#`
			`# Pass '4' or '6' as an argument to this function to specify`
			`# what type of address to get (IPv4, IPv6).`
put a 15-second timeout in asking icanhazip.com for our IP address, although this limit does not seem to actually work (i.e. if I set the limit to 5 seconds, curl still hangs 10+ when I turn off my network connection) 2014-07-30 00:03:19 +00:00			`curl -$1 --fail --silent --max-time 15 icanhazip.com 2>/dev/null`
Improve hostname/IP default values Default IP+hostname values were incorrect for my VPS provider. I improved the detection, which should give correct results results for almost any provider. Specific issues addressed: - icanhazip.com detection was only enabled in non-interactive mode - `hostname` is by convention a short (non-fqdn) name in Ubuntu - `hostname --fqdn` fails if provider does not pouplate `hosts` file - `hostname -i` fails if provider does not populate `hosts` file - `curl` without `--fail` will someday return crazy results when icanhazip.com returns 500 errors or similar 2014-06-07 17:54:58 +00:00			`}`

have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces hopefully fixes #121; thanks for the help @sfPlayer1 2014-07-29 23:24:10 +00:00			`function get_default_privateip {`
			`# Return the IP address of the network interface connected`
			`# to the Internet.`
			`#`
link-local IPv6 addresses need a '%interface' specification to be useful 2014-08-31 12:09:13 +00:00			`# Pass '4' or '6' as an argument to this function to specify`
			`# what type of address to get (IPv4, IPv6).`
			`#`
have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces hopefully fixes #121; thanks for the help @sfPlayer1 2014-07-29 23:24:10 +00:00			# We used to use `hostname -I` and then filter for either
			`# IPv4 or IPv6 addresses. However if there are multiple`
			`# network interfaces on the machine, not all may be for`
			`# reaching the Internet.`
			`#`
			# Instead use `ip route get` which asks the kernel to use
			`# the system's routes to select which interface would be`
			`# used to reach a public address. We'll use 8.8.8.8 as`
			`# the destination. It happens to be Google Public DNS, but`
			`# no connection is made. We're just seeing how the box`
			`# would connect to it. There many be multiple IP addresses`
			# assigned to an interface. `ip route get` reports the
			`# preferred. That's good enough for us. See issue #121.`
			`#`
link-local IPv6 addresses need a '%interface' specification to be useful 2014-08-31 12:09:13 +00:00			`# With IPv6, the best route may be via an interface that`
			`# only has a link-local address (fe80::*). These addresses`
			`# are only unique to an interface and so need an explicit`
			`# interface specification in order to use them with bind().`
			`# In these cases, we append "%interface" to the address.`
			`# See the Notes section in the man page for getaddrinfo and`
			`# https://discourse.mailinabox.email/t/update-broke-mailinabox/34/9.`
			`#`
have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces hopefully fixes #121; thanks for the help @sfPlayer1 2014-07-29 23:24:10 +00:00			`# Also see ae67409603c49b7fa73c227449264ddd10aae6a9 and`
			`# issue #3 for why/how we originally added IPv6.`
Support dual-stack IPv4/IPv6 mail servers Addresses #3 Added support by adding parallel code wherever `$PUBLIC_IP` was used. Providing an IPv6 address is completely optional. Playing around on my IPv6-enabled mail server revealed that — before this change — mailinabox might try to use an IPv6 address as the value for `$PUBLIC_IP`, which wouldn't work out well. 2014-06-08 22:32:52 +00:00
have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces hopefully fixes #121; thanks for the help @sfPlayer1 2014-07-29 23:24:10 +00:00			`target=8.8.8.8`
Support dual-stack IPv4/IPv6 mail servers Addresses #3 Added support by adding parallel code wherever `$PUBLIC_IP` was used. Providing an IPv6 address is completely optional. Playing around on my IPv6-enabled mail server revealed that — before this change — mailinabox might try to use an IPv6 address as the value for `$PUBLIC_IP`, which wouldn't work out well. 2014-06-08 22:32:52 +00:00
have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces hopefully fixes #121; thanks for the help @sfPlayer1 2014-07-29 23:24:10 +00:00			`# For the IPv6 route, use the corresponding IPv6 address`
			`# of Google Public DNS. Again, it doesn't matter so long`
			`# as it's an address on the public Internet.`
			`if [ "$1" == "6" ]; then target=2001:4860:4860::8888; fi`
Improve hostname/IP default values Default IP+hostname values were incorrect for my VPS provider. I improved the detection, which should give correct results results for almost any provider. Specific issues addressed: - icanhazip.com detection was only enabled in non-interactive mode - `hostname` is by convention a short (non-fqdn) name in Ubuntu - `hostname --fqdn` fails if provider does not pouplate `hosts` file - `hostname -i` fails if provider does not populate `hosts` file - `curl` without `--fail` will someday return crazy results when icanhazip.com returns 500 errors or similar 2014-06-07 17:54:58 +00:00
link-local IPv6 addresses need a '%interface' specification to be useful 2014-08-31 12:09:13 +00:00			`# Get the route information.`
			`route=$(ip -$1 -o route get $target \| grep -v unreachable)`

			`# Parse the address out of the route information.`
			`address=$(echo $route \| sed "s/.* src \([^ ]\)./\1/")`

			`if [[ "$1" == "6" && $address == fe80:* ]]; then`
			`# For IPv6 link-local addresses, parse the interface out`
			`# of the route information and append it with a '%'.`
			`interface=$(echo $route \| sed "s/.* dev \([^ ]\)./\1/")`
			`address=$address%$interface`
			`fi`

			`echo $address`

Support dual-stack IPv4/IPv6 mail servers Addresses #3 Added support by adding parallel code wherever `$PUBLIC_IP` was used. Providing an IPv6 address is completely optional. Playing around on my IPv6-enabled mail server revealed that — before this change — mailinabox might try to use an IPv6 address as the value for `$PUBLIC_IP`, which wouldn't work out well. 2014-06-08 22:32:52 +00:00			`}`

add a bash function ufw_allow which calls 'ufw allow' but hides its totally useless output 2014-05-01 19:35:18 +00:00			`function ufw_allow {`
docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting a510e08f9e3b2714019dc7832b1bd7b7eae4ba6c and setting an environment variable) 2014-05-02 02:39:45 +00:00			`if [ -z "$DISABLE_FIREWALL" ]; then`
			`# ufw has completely unhelpful output`
			`ufw allow $1 > /dev/null;`
			`fi`
add a bash function ufw_allow which calls 'ufw allow' but hides its totally useless output 2014-05-01 19:35:18 +00:00			`}`

hide lots of unnecessary and scary output during setup 2014-07-16 13:06:45 +00:00			`function restart_service {`
			`hide_output service $1 restart`
			`}`
Added dialogs, so that the setup.sh can ask the user any questions even when its piped; Added additional email valdidation for the last step 2014-08-21 01:09:09 +00:00
			`## Dialog Functions ##`
			`function message_box {`
			`dialog --title "$1" --msgbox "$2" 0 0`
			`}`

			`function input_box {`
simplify the input_box function 2014-08-21 15:52:19 +00:00			`# input_box "title" "prompt" "defaultvalue" VARIABLE`
			`# The user's input will be stored in the variable VARIABLE.`
			`# The exit code from dialog will be stored in VARIABLE_EXITCODE.`
			`declare -n result=$4`
			`declare -n result_code=$4_EXITCODE`
			`result=$(dialog --stdout --title "$1" --inputbox "$2" 0 0 "$3")`
			`result_code=$?`
Added dialogs, so that the setup.sh can ask the user any questions even when its piped; Added additional email valdidation for the last step 2014-08-21 01:09:09 +00:00			`}`
when asking for a CSR country code, give the user a list 2014-08-21 17:19:22 +00:00
			`function input_menu {`
			`# input_menu "title" "prompt" "tag item tag item" VARIABLE`
			`# The user's input will be stored in the variable VARIABLE.`
			`# The exit code from dialog will be stored in VARIABLE_EXITCODE.`
			`declare -n result=$4`
			`declare -n result_code=$4_EXITCODE`
			`local IFS=^$'\n'`
			`result=$(dialog --stdout --title "$1" --menu "$2" 0 0 0 $3)`
			`result_code=$?`
			`}`
upgrade to ownCloud 8.0.2 The contacts and calendar apps are now maintained outside of ownCloud core, so we now pull them in from github tags and must enable them explicitly. 2015-02-12 19:53:17 +00:00
check that the downloaded ownCloud and roundcube files match a known SHA1 hash 2015-04-11 19:21:38 +00:00			`function wget_verify {`
			`# Downloads a file from the web and checks that it matches`
			`# a provided hash. If the comparison fails, exit immediately.`
			`URL=$1`
			`HASH=$2`
			`DEST=$3`
			`CHECKSUM="$HASH $DEST"`
			`rm -f $DEST`
			`wget -q -O $DEST $URL \|\| exit 1`
			`if ! echo "$CHECKSUM" \| sha1sum --check --strict > /dev/null; then`
			`echo "------------------------------------------------------------"`
			`echo "Download of $URL did not match expected checksum."`
			`echo "Found:"`
			`sha1sum $DEST`
			`echo`
			`echo "Expected:"`
			`echo "$CHECKSUM"`
			`rm -f $DEST`
			`exit 1`
			`fi`
			`}`

upgrade to ownCloud 8.0.2 The contacts and calendar apps are now maintained outside of ownCloud core, so we now pull them in from github tags and must enable them explicitly. 2015-02-12 19:53:17 +00:00			`function git_clone {`
			`# Clones a git repository, checks out a particular commit or tag,`
			`# and moves the repository (or a subdirectory in it) to some path.`
			`# We use separate clone and checkout because -b only supports tags`
			`# and branches, but we sometimes want to reference a commit hash`
			`# directly when the repo doesn't provide a tag.`
			`REPO=$1`
			`TREEISH=$2`
			`SUBDIR=$3`
			`TARGETPATH=$4`
			`TMPPATH=/tmp/git-clone-$$`
			`rm -rf $TMPPATH $TARGETPATH`
			`git clone -q $REPO $TMPPATH \|\| exit 1`
			`(cd $TMPPATH; git checkout -q $TREEISH;) \|\| exit 1`
			`mv $TMPPATH/$SUBDIR $TARGETPATH`
			`rm -rf $TMPPATH`
			`}`