diff --git a/CHANGELOG.md b/CHANGELOG.md index e575533b..533a556c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ Version 60 (date TBD) This is the first release for Ubuntu 22.04. -**Before upgrading**, you must **first upgrade your existing Ubuntu 18.04 box to Mail-in-a-Box v0.51** (or any later version of Mail-in-a-Box supporting Ubuntu 18.04), if you haven't already done so. That may not be possible after Ubuntu 18.04 reaches its end of life in April 2023, so please compete the upgrade well before then. (If you are not using Nextcloud's contacts or calendar, you can migrate to the latest version of Mail-in-a-Box from any previous version.) +**Before upgrading**, you must **first upgrade your existing Ubuntu 18.04 box to Mail-in-a-Box v0.51 or later**, if you haven't already done so. That may not be possible after Ubuntu 18.04 reaches its end of life in April 2023, so please complete the upgrade well before then. (If you are not using Nextcloud's contacts or calendar, you can migrate to the latest version of Mail-in-a-Box from any previous version.) For complete upgrade instructions, see: @@ -14,16 +14,13 @@ LINK TBD No features of Mail-in-a-Box have changed in this release, but with the newer version of Ubuntu the following software packages we use are updated: -* dovecot is upgraded to 2.3.16, postfix to 3.6.3, opendmark to 1.4 (which adds ARC-Authentication-Results headers), and spampd to 2.53 (alleviating a mail delivery rate limiting bug). -* Nextcloud is upgraded to 23.0.0 with PHP updated from 7.2 to 8.0. +* dovecot is upgraded to 2.3.16, postfix to 3.6.4, opendmark to 1.4 (which adds ARC-Authentication-Results headers), and spampd to 2.53 (alleviating a mail delivery rate limiting bug). +* Nextcloud is upgraded to 24.0.0 with PHP updated from 7.2 to 8.1. * certbot is upgraded to 1.21 (via the Ubuntu repository instead of a PPA). * fail2ban is upgraded to 0.11.2. * nginx is upgraded to 1.18. * bind9 is replaced with unbound -In Development --------------- - Version 57a (June 19, 2022) --------------------------- diff --git a/README.md b/README.md index 0e465ceb..520f1c77 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ Additionally, this project has a [Code of Conduct](CODE_OF_CONDUCT.md), which su In The Box ---------- -Mail-in-a-Box turns a fresh Ubuntu 22.04 or 20.04 LTS 64-bit machine into a working mail server by installing and configuring various components. +Mail-in-a-Box turns a fresh Ubuntu 22.04 LTS 64-bit machine into a working mail server by installing and configuring various components. It is a one-click email appliance. There are no user-configurable setup options. It "just works." diff --git a/lib/howto_build_xapian.txt b/lib/howto_build_xapian.txt deleted file mode 100644 index 85a8dd92..00000000 --- a/lib/howto_build_xapian.txt +++ /dev/null @@ -1,15 +0,0 @@ -# Install required packages -apt-get build-dep dovecot-core -apt-get install dovecot-dev libxapian-dev git libxapian30 libicu-dev - -# Clone the project -git clone https://github.com/grosjo/fts-xapian -cd fts-xapian - -# Compile (don't install) -autoreconf -vi -./configure --with-dovecot=/usr/lib/dovecot -make - -# install library found under src/.libs -cp src/.libs/lib21_fts_xapian_plugin.so /usr/lib/dovecot/modules \ No newline at end of file diff --git a/lib/lib21_fts_xapian_plugin.so b/lib/lib21_fts_xapian_plugin.so deleted file mode 100755 index 65087e65..00000000 Binary files a/lib/lib21_fts_xapian_plugin.so and /dev/null differ diff --git a/management/backup.py b/management/backup.py index 5a394505..b2fc1655 100755 --- a/management/backup.py +++ b/management/backup.py @@ -15,7 +15,7 @@ import dateutil.parser, dateutil.relativedelta, dateutil.tz import rtyaml from exclusiveprocess import Lock -from utils import load_environment, shell, wait_for_service, fix_boto, get_php_version +from utils import load_environment, shell, wait_for_service, get_php_version def backup_status(env): # If backups are disabled, return no status. @@ -200,12 +200,7 @@ def get_duplicity_target_url(config): from urllib.parse import urlsplit, urlunsplit target = list(urlsplit(target)) - # Duplicity now defaults to boto3 as the backend for S3, but we have - # legacy boto installed (boto3 doesn't support Ubuntu 18.04) so - # we retarget for classic boto. - target[0] = "boto+" + target[0] - - # In addition, although we store the S3 hostname in the target URL, + # Although we store the S3 hostname in the target URL, # duplicity no longer accepts it in the target URL. The hostname in # the target URL must be the bucket name. The hostname is passed # via get_duplicity_additional_args. Move the first part of the @@ -457,7 +452,6 @@ def list_target_files(config): elif target.scheme == "s3": # match to a Region - fix_boto() # must call prior to importing boto import boto.s3 from boto.exception import BotoServerError custom_region = False @@ -634,4 +628,3 @@ if __name__ == "__main__": # possibly performing an incremental backup. full_backup = "--full" in sys.argv perform_backup(full_backup) - diff --git a/management/daemon.py b/management/daemon.py index 3ab391aa..ecf6f10e 100755 --- a/management/daemon.py +++ b/management/daemon.py @@ -122,7 +122,6 @@ def index(): no_users_exist = (len(get_mail_users(env)) == 0) no_admins_exist = (len(get_admins(env)) == 0) - utils.fix_boto() # must call prior to importing boto import boto.s3 backup_s3_hosts = [(r.name, r.endpoint) for r in boto.s3.regions()] diff --git a/management/ssl_certificates.py b/management/ssl_certificates.py index 96959425..203c9f7b 100755 --- a/management/ssl_certificates.py +++ b/management/ssl_certificates.py @@ -58,36 +58,33 @@ def get_ssl_certificates(env): # Not a valid PEM format for a PEM type we care about. continue - # Remember where we got this object. - pem._filename = fn - # Is it a private key? if isinstance(pem, RSAPrivateKey): - private_keys[pem.public_key().public_numbers()] = pem + private_keys[pem.public_key().public_numbers()] = { "filename": fn, "key": pem } # Is it a certificate? if isinstance(pem, Certificate): - certificates.append(pem) + certificates.append({ "filename": fn, "cert": pem }) # Process the certificates. domains = { } for cert in certificates: # What domains is this certificate good for? - cert_domains, primary_domain = get_certificate_domains(cert) - cert._primary_domain = primary_domain + cert_domains, primary_domain = get_certificate_domains(cert["cert"]) + cert["primary_domain"] = primary_domain # Is there a private key file for this certificate? - private_key = private_keys.get(cert.public_key().public_numbers()) + private_key = private_keys.get(cert["cert"].public_key().public_numbers()) if not private_key: continue - cert._private_key = private_key + cert["private_key"] = private_key # Add this cert to the list of certs usable for the domains. for domain in cert_domains: # The primary hostname can only use a certificate mapped # to the system private key. if domain == env['PRIMARY_HOSTNAME']: - if cert._private_key._filename != os.path.join(env['STORAGE_ROOT'], 'ssl', 'ssl_private_key.pem'): + if cert["private_key"]["filename"] != os.path.join(env['STORAGE_ROOT'], 'ssl', 'ssl_private_key.pem'): continue domains.setdefault(domain, []).append(cert) @@ -100,10 +97,10 @@ def get_ssl_certificates(env): #for c in cert_list: print(domain, c.not_valid_before, c.not_valid_after, "("+str(now)+")", c.issuer, c.subject, c._filename) cert_list.sort(key = lambda cert : ( # must be valid NOW - cert.not_valid_before <= now <= cert.not_valid_after, + cert["cert"].not_valid_before <= now <= cert["cert"].not_valid_after, # prefer one that is not self-signed - cert.issuer != cert.subject, + cert["cert"].issuer != cert["cert"].subject, ########################################################### # The above lines ensure that valid certificates are chosen @@ -113,7 +110,7 @@ def get_ssl_certificates(env): # prefer one with the expiration furthest into the future so # that we can easily rotate to new certs as we get them - cert.not_valid_after, + cert["cert"].not_valid_after, ########################################################### # We always choose the certificate that is good for the @@ -128,15 +125,15 @@ def get_ssl_certificates(env): # in case a certificate is installed in multiple paths, # prefer the... lexicographically last one? - cert._filename, + cert["filename"], ), reverse=True) cert = cert_list.pop(0) ret[domain] = { - "private-key": cert._private_key._filename, - "certificate": cert._filename, - "primary-domain": cert._primary_domain, - "certificate_object": cert, + "private-key": cert["private_key"]["filename"], + "certificate": cert["filename"], + "primary-domain": cert["primary_domain"], + "certificate_object": cert["cert"], } return ret diff --git a/management/status_checks.py b/management/status_checks.py index d74c228d..e6621340 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -338,9 +338,9 @@ def run_domain_checks(rounded_time, env, output, pool, domains_to_check=None): domains_to_check = [ d for d in domains_to_check if not ( - d.split(".", 1)[0] in ("www", "autoconfig", "autodiscover", "mta-sts") - and len(d.split(".", 1)) == 2 - and d.split(".", 1)[1] in domains_to_check + d.split(".", 1)[0] in ("www", "autoconfig", "autodiscover", "mta-sts") + and len(d.split(".", 1)) == 2 + and d.split(".", 1)[1] in domains_to_check ) ] @@ -810,8 +810,8 @@ def query_dns(qname, rtype, nxdomain='[Not Set]', at=None, as_list=False, retry= # Make sure at is not a string that cannot be used as a nameserver if at: if at not in {'[Not set]', '[timeout]'}: - resolver = dns.resolver.Resolver() - resolver.nameservers = [at] + resolver = dns.resolver.Resolver() + resolver.nameservers = [at] else: logging.error("at not set to a usable nameserver, %s", at) @@ -941,13 +941,13 @@ def what_version_is_this(env): def get_latest_miab_version(): # This pings https://mailinabox.email/setup.sh and extracts the tag named in # the script to determine the current product version. - from urllib.request import urlopen, HTTPError, URLError - from socket import timeout + from urllib.request import urlopen, HTTPError, URLError + from socket import timeout - try: - return re.search(b'TAG=(.*)', urlopen("https://mailinabox.email/setup.sh?ping=1", timeout=5).read()).group(1).decode("utf8") - except (HTTPError, URLError, timeout): - return None + try: + return re.search(b'TAG=(.*)', urlopen("https://mailinabox.email/setup.sh?ping=1", timeout=5).read()).group(1).decode("utf8") + except (HTTPError, URLError, timeout): + return None def check_miab_version(env, output): config = load_settings(env) diff --git a/management/utils.py b/management/utils.py index de23361c..8b910da4 100644 --- a/management/utils.py +++ b/management/utils.py @@ -177,13 +177,6 @@ def wait_for_service(port, public, env, timeout): return False time.sleep(min(timeout/4, 1)) -def fix_boto(): - # Google Compute Engine instances install some Python-2-only boto plugins that - # conflict with boto running under Python 3. Disable boto's default configuration - # file prior to importing boto so that GCE's plugin is not loaded: - import os - os.environ["BOTO_CONFIG"] = "/etc/boto3.cfg" - def get_php_version(): # Gets the version of PHP installed in the system. return shell("check_output", ["/usr/bin/php", "-v"])[4:7] diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh index 0e530240..4df85ca5 100644 --- a/setup/bootstrap.sh +++ b/setup/bootstrap.sh @@ -34,7 +34,7 @@ if [ -z "$TAG" ]; then # This machine is running Ubuntu 18.04, which is supported by # Mail-in-a-Box versions 0.40 through 5x. echo "Support is ending for Ubuntu 18.04." - echo "Please immediately begin to migrate your information to" + echo "Please immediately begin to migrate your data to" echo "a new machine running Ubuntu 22.04. See:" echo "https://mailinabox.email/maintenance.html#upgrade" TAG=v57a diff --git a/setup/dns.sh b/setup/dns.sh index f24eb56b..4f93e9e6 100755 --- a/setup/dns.sh +++ b/setup/dns.sh @@ -10,8 +10,6 @@ source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars -echo "Installing nsd (DNS server)..." - # Prepare nsd's configuration. # We configure nsd before installation as we only want it to bind to some addresses # and it otherwise will have port / bind conflicts with unbound used as the local resolver @@ -69,18 +67,19 @@ cat > /etc/logrotate.d/nsd < /etc/systemd/system/nsd.service.d/nsd-permissions.conf << EOF -[Service] -ReadWritePaths=/var/lib/nsd /etc/nsd /run /var/log /run/nsd -CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_NET_ADMIN -EOF +#mkdir -p /etc/systemd/system/nsd.service.d/ +#cat > /etc/systemd/system/nsd.service.d/nsd-permissions.conf << EOF +#[Service] +#ReadWritePaths=/var/lib/nsd /etc/nsd /run /var/log /run/nsd +#CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_NET_ADMIN +#EOF # Install the packages. # # * nsd: The non-recursive nameserver that publishes our DNS records. # * ldnsutils: Helper utilities for signing DNSSEC zones. # * openssh-client: Provides ssh-keyscan which we use to create SSHFP records. +echo "Installing nsd (DNS server)..." apt_install nsd ldnsutils openssh-client # Create DNSSEC signing keys. diff --git a/setup/dovecot-fts-xapian.sh b/setup/dovecot-fts-xapian.sh index 67e553b5..fb63ae24 100755 --- a/setup/dovecot-fts-xapian.sh +++ b/setup/dovecot-fts-xapian.sh @@ -35,8 +35,6 @@ if [ ! -f /usr/lib/dovecot/decode2text.sh ]; then cp -f /usr/share/doc/dovecot-core/examples/decode2text.sh /usr/lib/dovecot fi -#cp -f lib/lib21_fts_xapian_plugin.so /usr/lib/dovecot/modules/ - # Create configuration file cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF; plugin { diff --git a/setup/functions.sh b/setup/functions.sh index e245ff50..fd86f1e7 100644 --- a/setup/functions.sh +++ b/setup/functions.sh @@ -4,6 +4,8 @@ # -o pipefail: don't ignore errors in the non-last command in a pipeline set -euo pipefail +PHP_VER=php_version + function hide_output { # This function hides the output of a command unless the command fails # and returns a non-zero exit code. diff --git a/setup/management.sh b/setup/management.sh index 1bec1c85..cfac5db9 100755 --- a/setup/management.sh +++ b/setup/management.sh @@ -1,6 +1,7 @@ #!/bin/bash source setup/functions.sh +source /etc/mailinabox.conf # load global vars echo "Installing Mail-in-a-Box system management daemon..." @@ -28,9 +29,9 @@ done apt_install duplicity python3-pip virtualenv certbot rsync # b2sdk is used for backblaze backups. -# boto is used for amazon aws backups. +# boto3 is used for amazon aws backups. # Both are installed outside the pipenv, so they can be used by duplicity -hide_output pip3 install --upgrade b2sdk==1.14.1 boto +hide_output pip3 install --upgrade b2sdk boto3 # Create a virtualenv for the installation of Python 3 packages # used by the management daemon. @@ -51,8 +52,8 @@ hide_output $venv/bin/pip install --upgrade \ rtyaml "email_validator>=1.0.0" "exclusiveprocess" \ flask dnspython python-dateutil expiringdict \ qrcode[pil] pyotp \ - "idna>=2.0.0" "cryptography==2.2.2" psutil postfix-mta-sts-resolver \ - b2sdk==1.14.1 boto + "idna>=2.0.0" "cryptography==37.0.2" psutil postfix-mta-sts-resolver \ + b2sdk boto3 # CONFIGURATION diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index d27e8349..49b536bc 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -49,8 +49,8 @@ apt_install php php-fpm \ php-dev php-xml php-mbstring php-zip php-apcu php-json \ php-intl php-imagick php-gmp php-bcmath -# Enable apc is required before installing nextcloud -tools/editconf.py /etc/php/$(php_version)/mods-available/apcu.ini -c ';' \ +# Enable APC before Nextcloud tools are run. +tools/editconf.py /etc/php/$PHP_VER/mods-available/apcu.ini -c ';' \ apc.enabled=1 \ apc.enable_cli=1 @@ -155,7 +155,7 @@ fi if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then # Stop php-fpm if running. If they are not running (which happens on a previously failed install), dont bail. - service php$(php_version)-fpm stop &> /dev/null || /bin/true + service php$PHP_VER-fpm stop &> /dev/null || /bin/true # Backup the existing ownCloud/Nextcloud. # Create a backup directory to store the current installation and database to @@ -182,42 +182,9 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[012] ]]; then echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup will continue, but skip the Nextcloud migration." return 0 - elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^13 ]]; then - # If we are running Nextcloud 13, upgrade to Nextcloud 14 - InstallNextcloud 14.0.6 4e43a57340f04c2da306c8eea98e30040399ae5a 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 - CURRENT_NEXTCLOUD_VER="14.0.6" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^14 ]]; then - # During the upgrade from Nextcloud 14 to 15, user_external may cause the upgrade to fail. - # We will disable it here before the upgrade and install it again after the upgrade. - hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable user_external - InstallNextcloud 15.0.8 4129d8d4021c435f2e86876225fb7f15adf764a3 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 a1f3835c752929e3598eb94f22300516867ac6ab 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 - CURRENT_NEXTCLOUD_VER="15.0.8" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^15 ]]; then - InstallNextcloud 16.0.6 0bb3098455ec89f5af77a652aad553ad40a88819 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 - CURRENT_NEXTCLOUD_VER="16.0.6" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^16 ]]; then - InstallNextcloud 17.0.6 50b98d2c2f18510b9530e558ced9ab51eb4f11b0 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 - CURRENT_NEXTCLOUD_VER="17.0.6" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^17 ]]; then - # Don't exit the install if this column already exists (see #2076) - (echo "ALTER TABLE oc_flow_operations ADD COLUMN entity VARCHAR;" | sqlite3 $STORAGE_ROOT/owncloud/owncloud.db 2>/dev/null) || true - InstallNextcloud 18.0.10 39c0021a8b8477c3f1733fddefacfa5ebf921c68 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a - CURRENT_NEXTCLOUD_VER="18.0.10" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^18 ]]; then - InstallNextcloud 19.0.4 01e98791ba12f4860d3d4047b9803f97a1b55c60 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a - CURRENT_NEXTCLOUD_VER="19.0.4" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^19 ]]; then - InstallNextcloud 20.0.14 92cac708915f51ee2afc1787fd845476fd090c81 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a - CURRENT_NEXTCLOUD_VER="20.0.14" - - # Nextcloud 20 needs to have some optional columns added - sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-columns + elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[3456789] ]]; then + echo "Upgrades from Mail-in-a-Box prior to v60 with Nextcloud 19 or earlier are not supported. Upgrade to the latest Mail-in-a-Box version supported on your machine first. Setup will continue, but skip the Nextcloud migration." + return 0 fi if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^20 ]]; then InstallNextcloud 21.0.7 f5c7079c5b56ce1e301c6a27c0d975d608bb01c9 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a @@ -261,7 +228,7 @@ if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then array( 'class' => '\OCA\UserExternal\IMAP', 'arguments' => array( - '127.0.0.1', 143, null + '127.0.0.1', 143, null, null, false, false ), ), ), @@ -324,7 +291,7 @@ php < $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php; '\OCA\UserExternal\IMAP','arguments' => array('127.0.0.1', 143, null),),); +\$CONFIG['user_backends'] = array( + array( + 'class' => '\OCA\UserExternal\IMAP', + 'arguments' => array( + '127.0.0.1', 143, null, null, false, false + ), + ), +); echo " /etc/cron.d/mailinabox-nextcloud << EOF; #!/bin/bash @@ -419,4 +399,4 @@ rm -f /etc/cron.hourly/mailinabox-owncloud # ``` # Enable PHP modules and restart PHP. -restart_service php$(php_version)-fpm +restart_service php$PHP_VER-fpm diff --git a/setup/start.sh b/setup/start.sh index 76cab31f..3c5e8842 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -72,6 +72,10 @@ fi fi # Create the STORAGE_USER and STORAGE_ROOT directory if they don't already exist. +# +# Set the directory and all of its parent directories' permissions to world +# readable since it holds files owned by different processes. +# # If the STORAGE_ROOT is missing the mailinabox.version file that lists a # migration (schema) number for the files stored there, assume this is a fresh # installation to that directory and write the file to contain the current @@ -82,6 +86,8 @@ fi if [ ! -d $STORAGE_ROOT ]; then mkdir -p $STORAGE_ROOT fi +f=$STORAGE_ROOT +while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done; if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then setup/migrate.py --current > $STORAGE_ROOT/mailinabox.version chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version diff --git a/setup/system.sh b/setup/system.sh index e9758ce7..7b905b7e 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -83,6 +83,9 @@ fi tools/editconf.py /etc/systemd/journald.conf MaxRetentionSec=10day hide_output systemctl restart systemd-journald.service + +# ### Add PPAs. + # We install some non-standard Ubuntu packages maintained by other # third-party providers. First ensure add-apt-repository is installed. @@ -96,6 +99,8 @@ fi # come from there and minimal Ubuntu installs may have it turned off. hide_output add-apt-repository -y universe +# Install the duplicity PPA. +hide_output add-apt-repository -y ppa:duplicity-team/duplicity-release-git # ### Update Packages # Update system packages to make sure we have the latest upstream versions diff --git a/setup/web.sh b/setup/web.sh index 3a8fc81b..1f90d71d 100755 --- a/setup/web.sh +++ b/setup/web.sh @@ -46,11 +46,11 @@ tools/editconf.py /etc/nginx/nginx.conf -s \ ssl_protocols="TLSv1.2 TLSv1.3;" # Tell PHP not to expose its version number in the X-Powered-By header. -tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \ +tools/editconf.py /etc/php/$PHP_VER/fpm/php.ini -c ';' \ expose_php=Off # Set PHPs default charset to UTF-8, since we use it. See #367. -tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \ +tools/editconf.py /etc/php/$PHP_VER/fpm/php.ini -c ';' \ default_charset="UTF-8" # Set higher timeout since fts searches with Roundcube may take longer @@ -60,7 +60,7 @@ tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \ default_socket_timeout=180 # Configure the path environment for php-fpm -tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ +tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \ env[PATH]=/usr/local/bin:/usr/bin:/bin \ # Configure php-fpm based on the amount of memory the machine has @@ -70,7 +70,7 @@ tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true) if [ $TOTAL_PHYSICAL_MEM -lt 1000000 ] then - tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ + tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \ pm=ondemand \ pm.max_children=8 \ pm.start_servers=2 \ @@ -78,7 +78,7 @@ then pm.max_spare_servers=3 elif [ $TOTAL_PHYSICAL_MEM -lt 2000000 ] then - tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ + tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \ pm=ondemand \ pm.max_children=16 \ pm.start_servers=4 \ @@ -86,14 +86,14 @@ then pm.max_spare_servers=6 elif [ $TOTAL_PHYSICAL_MEM -lt 3000000 ] then - tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ + tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \ pm=dynamic \ pm.max_children=60 \ pm.start_servers=6 \ pm.min_spare_servers=3 \ pm.max_spare_servers=9 else - tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ + tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \ pm=dynamic \ pm.max_children=120 \ pm.start_servers=12 \ @@ -162,7 +162,7 @@ chown www-data /var/log/nginx/geoipblock.log # Start services. restart_service nginx -restart_service php$(php_version)-fpm +restart_service php$PHP_VER-fpm # Open ports. ufw_allow http diff --git a/setup/webmail.sh b/setup/webmail.sh index a1d82f4c..57dc32fa 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -217,4 +217,4 @@ chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite # Enable PHP modules. phpenmod -v php mcrypt imap -restart_service php$(php_version)-fpm +restart_service php$PHP_VER-fpm