Merge master

2026-03-19 18:17:22 +01:00 · 2016-07-21 16:30:03 +02:00
parent 913eafd2d0 82903cd09e
commit 125405edfb
27 changed files with 365 additions and 214 deletions
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -7,7 +7,7 @@
 #########################################################

 if [ -z "$TAG" ]; then
-	TAG=v0.17b
+	TAG=v0.18c
 fi

 # Are we running as root?
--- a/setup/dkim.sh
+++ b/setup/dkim.sh
@@ -31,7 +31,7 @@ ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
 InternalHosts           refile:/etc/opendkim/TrustedHosts
 KeyTable                refile:/etc/opendkim/KeyTable
 SigningTable            refile:/etc/opendkim/SigningTable
-Socket                  inet:8891@localhost
+Socket                  inet:8891@127.0.0.1
 RequireSafeKeys         false
 EOF
 fi
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -38,7 +38,8 @@ apt_install \
 # would be 20 users). Set it to 250 times the number of cores this
 # machine has, so on a two-core machine that's 500 processes/100 users).
 tools/editconf.py /etc/dovecot/conf.d/10-master.conf \
-	default_process_limit=$(echo "`nproc` * 250" | bc)
+	default_process_limit=$(echo "`nproc` * 250" | bc) \
+	log_path=/var/log/mail.log

 # The inotify `max_user_instances` default is 128, which constrains
 # the total number of watched (IMAP IDLE push) folders by open connections.
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -122,8 +122,9 @@ tools/editconf.py /etc/postfix/main.cf \
 	smtpd_tls_cert_file=$STORAGE_ROOT/ssl/ssl_certificate.pem \
 	smtpd_tls_key_file=$STORAGE_ROOT/ssl/ssl_private_key.pem \
 	smtpd_tls_dh1024_param_file=$STORAGE_ROOT/ssl/dh2048.pem \
+	smtpd_tls_protocols=\!SSLv2,\!SSLv3 \
 	smtpd_tls_ciphers=medium \
-	smtpd_tls_exclude_ciphers=aNULL \
+	smtpd_tls_exclude_ciphers=aNULL,RC4 \
 	smtpd_tls_received_header=yes

 # Prevent non-authenticated users from sending mail that requires being
@@ -158,6 +159,10 @@ tools/editconf.py /etc/postfix/main.cf \
 # even if we don't know if it's to the right party, than to not encrypt at all. Instead we'll
 # now see notices about trusted certs. The CA file is provided by the package `ca-certificates`.
 tools/editconf.py /etc/postfix/main.cf \
+	smtp_tls_protocols=\!SSLv2,\!SSLv3 \
+	smtp_tls_mandatory_protocols=\!SSLv2,\!SSLv3 \
+	smtp_tls_ciphers=medium \
+	smtp_tls_exclude_ciphers=aNULL,RC4 \
 	smtp_tls_security_level=dane \
 	smtp_dns_support_level=dnssec \
 	smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt \
--- a/setup/mail-users.sh
+++ b/setup/mail-users.sh
@@ -38,17 +38,19 @@ passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
 }
 userdb {
-  driver = static
-  args = uid=mail gid=mail home=$STORAGE_ROOT/mail/mailboxes/%d/%n
+  driver = sql
+  args = /etc/dovecot/dovecot-sql.conf.ext
 }
 EOF

-# Configure the SQL to query for a user's password.
+# Configure the SQL to query for a user's metadata and password.
 cat > /etc/dovecot/dovecot-sql.conf.ext << EOF;
 driver = sqlite
 connect = $db_path
 default_pass_scheme = SHA512-CRYPT
 password_query = SELECT email as user, password FROM users WHERE email='%u';
+user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home FROM users WHERE email='%u';
+iterate_query = SELECT email AS user FROM users;
 EOF
 chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions

--- a/setup/owncloud.sh
+++ b/setup/owncloud.sh
@@ -17,8 +17,8 @@ apt_install \
 apt-get purge -qq -y owncloud*

 # Install ownCloud from source of this version:
-owncloud_ver=8.1.1
-owncloud_hash=34077e78575a3e689825a00964ee37fbf83fbdda
+owncloud_ver=8.2.3
+owncloud_hash=bfdf6166fbf6fc5438dc358600e7239d1c970613

 # Migrate <= v0.10 setups that stored the ownCloud config.php in /usr/local rather than
 # in STORAGE_ROOT. Move the file to STORAGE_ROOT.
@@ -52,8 +52,8 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
 	# The two apps we actually want are not in ownCloud core. Clone them from
 	# their github repositories.
 	mkdir -p /usr/local/lib/owncloud/apps
-	git_clone https://github.com/owncloudarchive/contacts 4ff855e7c2075309041bead09fbb9eb7df678244 '' /usr/local/lib/owncloud/apps/contacts
-	git_clone https://github.com/owncloudarchive/calendar ec53139b144c0f842c33813305612e8006c42ea5 '' /usr/local/lib/owncloud/apps/calendar
+	git_clone https://github.com/owncloudarchive/contacts 9ba2e667ae8c7ea36d8c4a4c3413c374beb24b1b '' /usr/local/lib/owncloud/apps/contacts
+	git_clone https://github.com/owncloudarchive/calendar 2086e738a3b7b868ec59cd61f0f88b49c3f21dd1 '' /usr/local/lib/owncloud/apps/calendar

 	# Fix weird permissions.
 	chmod 750 /usr/local/lib/owncloud/{apps,config}
@@ -108,12 +108,12 @@ if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then
  'user_backends' => array(
    array(
      'class'=>'OC_User_IMAP',
-      'arguments'=>array('{localhost:993/imap/ssl/novalidate-cert}')
+      'arguments'=>array('{127.0.0.1:993/imap/ssl/novalidate-cert}')
    )
  ),
  'memcache.local' => '\\OC\\Memcache\\Memcached',
  "memcached_servers" => array (
-    array('localhost', 11211),
+    array('127.0.0.1', 11211),
  ),
  'mail_smtpmode' => 'sendmail',
  'mail_smtpsecure' => '',
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -112,7 +112,7 @@ source setup/management.sh
 source setup/munin.sh

 # Ping the management daemon to write the DNS and nginx configuration files.
-until nc -z -w 4 localhost 10222
+until nc -z -w 4 127.0.0.1 10222
 do
 	echo Waiting for the Mail-in-a-Box management daemon to start...
 	sleep 2
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -40,6 +40,16 @@ if [ ! -z "$IP_ADDRESS_OF_USER" ]; then
 	fi
 fi

+# ### Set hostname of the box
+
+# If the hostname is not correctly resolvable sudo can't be used. This will result in
+# errors during the install
+#
+# First set the hostname in the configuration file, then activate the setting
+
+echo $PRIMARY_HOSTNAME > /etc/hostname
+hostname $PRIMARY_HOSTNAME
+
 # ### Add swap space to the system

 # If the physical memory of the system is below 2GB it is wise to create a
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -34,11 +34,11 @@ apt-get purge -qq -y roundcube* #NODOC
 # Install Roundcube from source if it is not already present or if it is out of date.
 # Combine the Roundcube version number with the commit hash of vacation_sieve to track
 # whether we have the latest version.
-VERSION=1.1.4
-HASH=4883c8bb39fadf8af94ffb09ee426cba9f8ef2e3
+VERSION=1.2.0
+HASH=2088985fb613b4e4e3373933ca44b26fce0489fb
 VACATION_SIEVE_VERSION=91ea6f52216390073d1f5b70b5f6bea0bfaee7e5
 PERSISTENT_LOGIN_VERSION=1e9d724476a370ce917a2fcd5b3217b0c306c24e
-HTML5_NOTIFIER_VERSION=046eb388dd63b1ec77a3ee485757fc25ae9e684d
+HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
 UPDATE_KEY=$VERSION:$VACATION_SIEVE_VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:a
 needs_update=0 #NODOC
 if [ ! -f /usr/local/lib/roundcubemail/version ]; then
@@ -51,7 +51,7 @@ fi
 if [ $needs_update == 1 ]; then
 	# install roundcube
 	wget_verify \
-		https://s3.amazonaws.com/joshdata/mail-in-a-box/public/roundcubemail-$VERSION.tar.gz \
+		https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION.tar.gz \
 		$HASH \
 		/tmp/roundcube.tgz
 	tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz
@@ -94,12 +94,12 @@ cat > /usr/local/lib/roundcubemail/config/config.inc.php <<EOF;
 \$config['default_host'] = 'ssl://localhost';
 \$config['default_port'] = 993;
 \$config['imap_timeout'] = 15;
-\$config['smtp_server'] = 'tls://localhost';
+\$config['smtp_server'] = 'tls://127.0.0.1';
 \$config['smtp_port'] = 587;
 \$config['smtp_user'] = '%u';
 \$config['smtp_pass'] = '%p';
 \$config['support_url'] = 'https://mailinabox.email/';
-\$config['product_name'] = 'Mail-in-a-Box/Roundcube Webmail';
+\$config['product_name'] = '$PRIMARY_HOSTNAME Webmail';
 \$config['des_key'] = '$SECRET_KEY';
 \$config['plugins'] = array('html5_notifier', 'archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'vacation_sieve', 'persistent_login');
 \$config['skin'] = 'classic';
@@ -121,7 +121,7 @@ cat > /usr/local/lib/roundcubemail/plugins/vacation_sieve/config.inc.php <<EOF;
    'transfer' => array(
        'mode' =>  'managesieve',
        'ms_activate_script' => true,
-        'host'   => 'localhost',
+        'host'   => '127.0.0.1',
        'port'   => '4190',
        'usetls' => false,
        'path' => 'vacation',
@@ -157,6 +157,12 @@ chmod 775 $STORAGE_ROOT/mail
 chown root.www-data $STORAGE_ROOT/mail/users.sqlite 
 chmod 664 $STORAGE_ROOT/mail/users.sqlite 

+# Run Roundcube database migration script, if the database exists (it's created by
+# Roundcube on first use).
+if [ -f $STORAGE_ROOT/mail/roundcube/roundcube.sqlite ]; then
+	/usr/local/lib/roundcubemail/bin/updatedb.sh --dir /usr/local/lib/roundcubemail/SQL --package roundcube
+fi
+
 # Enable PHP modules.
 php5enmod mcrypt
 restart_service php5-fpm