merge upstream changes to update to ubuntu 2204

management/backup.py

@@ -15,7 +15,7 @@ import dateutil.parser, dateutil.relativedelta, dateutil.tz
 import rtyaml
 from exclusiveprocess import Lock
 
-from utils import load_environment, shell, wait_for_service, fix_boto, get_php_version
+from utils import load_environment, shell, wait_for_service, get_php_version
 
 def backup_status(env):
 	# If backups are disabled, return no status.
@@ -200,12 +200,7 @@ def get_duplicity_target_url(config):
 		from urllib.parse import urlsplit, urlunsplit
 		target = list(urlsplit(target))
 
-		# Duplicity now defaults to boto3 as the backend for S3, but we have
-		# legacy boto installed (boto3 doesn't support Ubuntu 18.04) so
-		# we retarget for classic boto.
-		target[0] = "boto+" + target[0]
-
-		# In addition, although we store the S3 hostname in the target URL,
+		# Although we store the S3 hostname in the target URL,
 		# duplicity no longer accepts it in the target URL. The hostname in
 		# the target URL must be the bucket name. The hostname is passed
 		# via get_duplicity_additional_args. Move the first part of the
@@ -457,7 +452,6 @@ def list_target_files(config):
 
 	elif target.scheme == "s3":
 		# match to a Region
-		fix_boto() # must call prior to importing boto
 		import boto.s3
 		from boto.exception import BotoServerError
 		custom_region = False
@@ -634,4 +628,3 @@ if __name__ == "__main__":
 		# possibly performing an incremental backup.
 		full_backup = "--full" in sys.argv
 		perform_backup(full_backup)
-

management/daemon.py

@@ -122,7 +122,6 @@ def index():
 	no_users_exist = (len(get_mail_users(env)) == 0)
 	no_admins_exist = (len(get_admins(env)) == 0)
 
-	utils.fix_boto() # must call prior to importing boto
 	import boto.s3
 	backup_s3_hosts = [(r.name, r.endpoint) for r in boto.s3.regions()]
 

management/ssl_certificates.py

@@ -58,36 +58,33 @@ def get_ssl_certificates(env):
 			# Not a valid PEM format for a PEM type we care about.
 			continue
 
-		# Remember where we got this object.
-		pem._filename = fn
-
 		# Is it a private key?
 		if isinstance(pem, RSAPrivateKey):
-			private_keys[pem.public_key().public_numbers()] = pem
+			private_keys[pem.public_key().public_numbers()] = { "filename": fn, "key": pem }
 
 		# Is it a certificate?
 		if isinstance(pem, Certificate):
-			certificates.append(pem)
+			certificates.append({ "filename": fn, "cert": pem })
 
 	# Process the certificates.
 	domains = { }
 	for cert in certificates:
 		# What domains is this certificate good for?
-		cert_domains, primary_domain = get_certificate_domains(cert)
-		cert._primary_domain = primary_domain
+		cert_domains, primary_domain = get_certificate_domains(cert["cert"])
+		cert["primary_domain"] = primary_domain
 
 		# Is there a private key file for this certificate?
-		private_key = private_keys.get(cert.public_key().public_numbers())
+		private_key = private_keys.get(cert["cert"].public_key().public_numbers())
 		if not private_key:
 			continue
-		cert._private_key = private_key
+		cert["private_key"] = private_key
 
 		# Add this cert to the list of certs usable for the domains.
 		for domain in cert_domains:
 			# The primary hostname can only use a certificate mapped
 			# to the system private key.
 			if domain == env['PRIMARY_HOSTNAME']:
-				if cert._private_key._filename != os.path.join(env['STORAGE_ROOT'], 'ssl', 'ssl_private_key.pem'):
+				if cert["private_key"]["filename"] != os.path.join(env['STORAGE_ROOT'], 'ssl', 'ssl_private_key.pem'):
 					continue
 
 			domains.setdefault(domain, []).append(cert)
@@ -100,10 +97,10 @@ def get_ssl_certificates(env):
 		#for c in cert_list: print(domain, c.not_valid_before, c.not_valid_after, "("+str(now)+")", c.issuer, c.subject, c._filename)
 		cert_list.sort(key = lambda cert : (
 			# must be valid NOW
-			cert.not_valid_before <= now <= cert.not_valid_after,
+			cert["cert"].not_valid_before <= now <= cert["cert"].not_valid_after,
 
 			# prefer one that is not self-signed
-			cert.issuer != cert.subject,
+			cert["cert"].issuer != cert["cert"].subject,
 
 			###########################################################
 			# The above lines ensure that valid certificates are chosen
@@ -113,7 +110,7 @@ def get_ssl_certificates(env):
 
 			# prefer one with the expiration furthest into the future so
 			# that we can easily rotate to new certs as we get them
-			cert.not_valid_after,
+			cert["cert"].not_valid_after,
 
 			###########################################################
 			# We always choose the certificate that is good for the
@@ -128,15 +125,15 @@ def get_ssl_certificates(env):
 
 			# in case a certificate is installed in multiple paths,
 			# prefer the... lexicographically last one?
-			cert._filename,
+			cert["filename"],
 
 		), reverse=True)
 		cert = cert_list.pop(0)
 		ret[domain] = {
-			"private-key": cert._private_key._filename,
-			"certificate": cert._filename,
-			"primary-domain": cert._primary_domain,
-			"certificate_object": cert,
+			"private-key": cert["private_key"]["filename"],
+			"certificate": cert["filename"],
+			"primary-domain": cert["primary_domain"],
+			"certificate_object": cert["cert"],
 			}
 
 	return ret

management/status_checks.py

@@ -338,9 +338,9 @@ def run_domain_checks(rounded_time, env, output, pool, domains_to_check=None):
 	domains_to_check = [
 		d for d in domains_to_check
 		if not (
-		   d.split(".", 1)[0] in ("www", "autoconfig", "autodiscover", "mta-sts")
-		   and len(d.split(".", 1)) == 2
-		   and d.split(".", 1)[1] in domains_to_check
+			d.split(".", 1)[0] in ("www", "autoconfig", "autodiscover", "mta-sts")
+			and len(d.split(".", 1)) == 2
+			and d.split(".", 1)[1] in domains_to_check
 		)
 	]
 
@@ -810,8 +810,8 @@ def query_dns(qname, rtype, nxdomain='[Not Set]', at=None, as_list=False, retry=
 	# Make sure at is not a string that cannot be used as a nameserver
 	if at:
 		if at not in {'[Not set]', '[timeout]'}:
-        		resolver = dns.resolver.Resolver()
-        		resolver.nameservers = [at]
+			resolver = dns.resolver.Resolver()
+			resolver.nameservers = [at]
 		else:
 			logging.error("at not set to a usable nameserver, %s", at)
 			
@@ -941,13 +941,13 @@ def what_version_is_this(env):
 def get_latest_miab_version():
 	# This pings https://mailinabox.email/setup.sh and extracts the tag named in
 	# the script to determine the current product version.
-    from urllib.request import urlopen, HTTPError, URLError
-    from socket import timeout
+	from urllib.request import urlopen, HTTPError, URLError
+	from socket import timeout
 
-    try:
-        return re.search(b'TAG=(.*)', urlopen("https://mailinabox.email/setup.sh?ping=1", timeout=5).read()).group(1).decode("utf8")
-    except (HTTPError, URLError, timeout):
-        return None
+	try:
+		return re.search(b'TAG=(.*)', urlopen("https://mailinabox.email/setup.sh?ping=1", timeout=5).read()).group(1).decode("utf8")
+	except (HTTPError, URLError, timeout):
+		return None
 
 def check_miab_version(env, output):
 	config = load_settings(env)

management/utils.py

@@ -177,13 +177,6 @@ def wait_for_service(port, public, env, timeout):
 				return False
 		time.sleep(min(timeout/4, 1))
 
-def fix_boto():
-	# Google Compute Engine instances install some Python-2-only boto plugins that
-	# conflict with boto running under Python 3. Disable boto's default configuration
-	# file prior to importing boto so that GCE's plugin is not loaded:
-	import os
-	os.environ["BOTO_CONFIG"] = "/etc/boto3.cfg"
-
 def get_php_version():
 	# Gets the version of PHP installed in the system.
 	return shell("check_output", ["/usr/bin/php", "-v"])[4:7]