merge upstream changes to update to ubuntu 2204

2026-03-22 18:47:23 +01:00 · 2022-09-04 20:52:56 +02:00
parent 197a142043
commit 1ce9766204
19 changed files with 92 additions and 137 deletions
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -34,7 +34,7 @@ if [ -z "$TAG" ]; then
 		# This machine is running Ubuntu 18.04, which is supported by
 		# Mail-in-a-Box versions 0.40 through 5x.
 		echo "Support is ending for Ubuntu 18.04."
-		echo "Please immediately begin to migrate your information to"
+		echo "Please immediately begin to migrate your data to"
 		echo "a new machine running Ubuntu 22.04. See:"
 		echo "https://mailinabox.email/maintenance.html#upgrade"
 		TAG=v57a
--- a/setup/dns.sh
+++ b/setup/dns.sh
@@ -10,8 +10,6 @@
 source setup/functions.sh # load our functions
 source /etc/mailinabox.conf # load global vars

-echo "Installing nsd (DNS server)..."
-
 # Prepare nsd's configuration.
 # We configure nsd before installation as we only want it to bind to some addresses
 # and it otherwise will have port / bind conflicts with unbound used as the local resolver
@@ -69,18 +67,19 @@ cat > /etc/logrotate.d/nsd <<EOF;
 EOF

 # Add systemd override file to fix some permissions
-mkdir -p /etc/systemd/system/nsd.service.d/
-cat > /etc/systemd/system/nsd.service.d/nsd-permissions.conf << EOF
-[Service]
-ReadWritePaths=/var/lib/nsd /etc/nsd /run /var/log /run/nsd
-CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_NET_ADMIN
-EOF
+#mkdir -p /etc/systemd/system/nsd.service.d/
+#cat > /etc/systemd/system/nsd.service.d/nsd-permissions.conf << EOF
+#[Service]
+#ReadWritePaths=/var/lib/nsd /etc/nsd /run /var/log /run/nsd
+#CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_NET_ADMIN
+#EOF

 # Install the packages.
 #
 # * nsd: The non-recursive nameserver that publishes our DNS records.
 # * ldnsutils: Helper utilities for signing DNSSEC zones.
 # * openssh-client: Provides ssh-keyscan which we use to create SSHFP records.
+echo "Installing nsd (DNS server)..."
 apt_install nsd ldnsutils openssh-client

 # Create DNSSEC signing keys.
--- a/setup/dovecot-fts-xapian.sh
+++ b/setup/dovecot-fts-xapian.sh
@@ -35,8 +35,6 @@ if [ ! -f /usr/lib/dovecot/decode2text.sh ]; then
 	cp -f /usr/share/doc/dovecot-core/examples/decode2text.sh /usr/lib/dovecot
 fi

-#cp -f lib/lib21_fts_xapian_plugin.so /usr/lib/dovecot/modules/
-
 # Create configuration file
 cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF;
 plugin {
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -4,6 +4,8 @@
 # -o pipefail: don't ignore errors in the non-last command in a pipeline
 set -euo pipefail

+PHP_VER=php_version
+
 function hide_output {
 	# This function hides the output of a command unless the command fails
 	# and returns a non-zero exit code.
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -1,6 +1,7 @@
 #!/bin/bash

 source setup/functions.sh
+source /etc/mailinabox.conf # load global vars

 echo "Installing Mail-in-a-Box system management daemon..."

@@ -28,9 +29,9 @@ done
 apt_install duplicity python3-pip virtualenv certbot rsync

 # b2sdk is used for backblaze backups.
-# boto is used for amazon aws backups.
+# boto3 is used for amazon aws backups.
 # Both are installed outside the pipenv, so they can be used by duplicity
-hide_output pip3 install --upgrade b2sdk==1.14.1 boto
+hide_output pip3 install --upgrade b2sdk boto3

 # Create a virtualenv for the installation of Python 3 packages
 # used by the management daemon.
@@ -51,8 +52,8 @@ hide_output $venv/bin/pip install --upgrade \
 	rtyaml "email_validator>=1.0.0" "exclusiveprocess" \
 	flask dnspython python-dateutil expiringdict \
 	qrcode[pil] pyotp \
-	"idna>=2.0.0" "cryptography==2.2.2" psutil postfix-mta-sts-resolver \
-	b2sdk==1.14.1 boto
+	"idna>=2.0.0" "cryptography==37.0.2" psutil postfix-mta-sts-resolver \
+	b2sdk boto3

 # CONFIGURATION

--- a/setup/nextcloud.sh
+++ b/setup/nextcloud.sh
@@ -49,8 +49,8 @@ apt_install php php-fpm \
 	php-dev php-xml php-mbstring php-zip php-apcu php-json \
 	php-intl php-imagick php-gmp php-bcmath

-# Enable apc is required before installing nextcloud
-tools/editconf.py /etc/php/$(php_version)/mods-available/apcu.ini -c ';' \
+# Enable APC before Nextcloud tools are run.
+tools/editconf.py /etc/php/$PHP_VER/mods-available/apcu.ini -c ';' \
    apc.enabled=1 \
    apc.enable_cli=1

@@ -155,7 +155,7 @@ fi
 if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then

 	# Stop php-fpm if running. If they are not running (which happens on a previously failed install), dont bail.
-	service php$(php_version)-fpm stop &> /dev/null || /bin/true
+	service php$PHP_VER-fpm stop &> /dev/null || /bin/true

 	# Backup the existing ownCloud/Nextcloud.
 	# Create a backup directory to store the current installation and database to
@@ -182,42 +182,9 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc
 		elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[012] ]]; then
 			echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup will continue, but skip the Nextcloud migration."
 			return 0
-		elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^13 ]]; then
-			# If we are running Nextcloud 13, upgrade to Nextcloud 14
-			InstallNextcloud 14.0.6 4e43a57340f04c2da306c8eea98e30040399ae5a 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466
-			CURRENT_NEXTCLOUD_VER="14.0.6"
-		fi
-		if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^14 ]]; then
-			# During the upgrade from Nextcloud 14 to 15, user_external may cause the upgrade to fail.
-			# We will disable it here before the upgrade and install it again after the upgrade.
-			hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable user_external
-			InstallNextcloud 15.0.8 4129d8d4021c435f2e86876225fb7f15adf764a3 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 a1f3835c752929e3598eb94f22300516867ac6ab 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
-			CURRENT_NEXTCLOUD_VER="15.0.8"
-		fi
-		if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^15 ]]; then
-			InstallNextcloud 16.0.6 0bb3098455ec89f5af77a652aad553ad40a88819 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
-			CURRENT_NEXTCLOUD_VER="16.0.6"
-		fi
-		if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^16 ]]; then
-			InstallNextcloud 17.0.6 50b98d2c2f18510b9530e558ced9ab51eb4f11b0 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
-			CURRENT_NEXTCLOUD_VER="17.0.6"
-		fi
-		if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^17 ]]; then
-			# Don't exit the install if this column already exists (see #2076)
-			(echo "ALTER TABLE oc_flow_operations ADD COLUMN entity VARCHAR;" | sqlite3 $STORAGE_ROOT/owncloud/owncloud.db 2>/dev/null) || true
-			InstallNextcloud 18.0.10 39c0021a8b8477c3f1733fddefacfa5ebf921c68 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
-			CURRENT_NEXTCLOUD_VER="18.0.10"
-		fi
-		if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^18 ]]; then
-			InstallNextcloud 19.0.4 01e98791ba12f4860d3d4047b9803f97a1b55c60 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
-			CURRENT_NEXTCLOUD_VER="19.0.4"
-		fi
-		if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^19 ]]; then
-			InstallNextcloud 20.0.14 92cac708915f51ee2afc1787fd845476fd090c81 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
-			CURRENT_NEXTCLOUD_VER="20.0.14"
-			
-			# Nextcloud 20 needs to have some optional columns added
-			sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-columns
+		elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[3456789] ]]; then
+			echo "Upgrades from Mail-in-a-Box prior to v60 with Nextcloud 19 or earlier are not supported. Upgrade to the latest Mail-in-a-Box version supported on your machine first. Setup will continue, but skip the Nextcloud migration."
+			return 0
 		fi
 		if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^20 ]]; then
 			InstallNextcloud 21.0.7 f5c7079c5b56ce1e301c6a27c0d975d608bb01c9 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
@@ -261,7 +228,7 @@ if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then
    array(
      'class' => '\OCA\UserExternal\IMAP',
          'arguments' => array(
-          '127.0.0.1', 143, null
+        '127.0.0.1', 143, null, null, false, false
         ),
    ),
  ),
@@ -324,7 +291,7 @@ php <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php;
 <?php
 include("$STORAGE_ROOT/owncloud/config.php");

-\$CONFIG['config_is_read_only'] = true; # should prevent warnings from occ tool but doesn't
+\$CONFIG['config_is_read_only'] = true;

 \$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME');

@@ -337,7 +304,14 @@ include("$STORAGE_ROOT/owncloud/config.php");

 \$CONFIG['mail_domain'] = '$PRIMARY_HOSTNAME';

-\$CONFIG['user_backends'] = array(array('class' => '\OCA\UserExternal\IMAP','arguments' => array('127.0.0.1', 143, null),),);
+\$CONFIG['user_backends'] = array(
+  array(
+    'class' => '\OCA\UserExternal\IMAP',
+    'arguments' => array(
+      '127.0.0.1', 143, null, null, false, false
+    ),
+  ),
+);

 echo "<?php\n\\\$CONFIG = ";
 var_export(\$CONFIG);
@@ -380,7 +354,7 @@ sudo -u www-data php /usr/local/lib/owncloud/occ app:update --all

 # Set PHP FPM values to support large file uploads
 # (semicolon is the comment character in this file, hashes produce deprecation warnings)
-tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \
+tools/editconf.py /etc/php/$PHP_VER/fpm/php.ini -c ';' \
 	upload_max_filesize=16G \
 	post_max_size=16G \
 	output_buffering=16384 \
@@ -389,7 +363,7 @@ tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \
 	short_open_tag=On

 # Set Nextcloud recommended opcache settings
-tools/editconf.py /etc/php/$(php_version)/cli/conf.d/10-opcache.ini -c ';' \
+tools/editconf.py /etc/php/$PHP_VER/cli/conf.d/10-opcache.ini -c ';' \
 	opcache.enable=1 \
 	opcache.enable_cli=1 \
 	opcache.interned_strings_buffer=8 \
@@ -398,6 +372,12 @@ tools/editconf.py /etc/php/$(php_version)/cli/conf.d/10-opcache.ini -c ';' \
 	opcache.save_comments=1 \
 	opcache.revalidate_freq=1

+# Migrate users_external data from <0.6.0 to version 3.0.0 (see https://github.com/nextcloud/user_external).
+# This version was probably in use in Mail-in-a-Box v0.41 (February 26, 2019) and earlier.
+# We moved to v0.6.3 in 193763f8. Ignore errors - maybe there are duplicated users with the
+# correct backend already.
+sqlite3 $STORAGE_ROOT/owncloud/owncloud.db "UPDATE oc_users_external SET backend='127.0.0.1';" || /bin/true
+
 # Set up a cron job for Nextcloud.
 cat > /etc/cron.d/mailinabox-nextcloud << EOF;
 #!/bin/bash
@@ -419,4 +399,4 @@ rm -f /etc/cron.hourly/mailinabox-owncloud
 # ```

 # Enable PHP modules and restart PHP.
-restart_service php$(php_version)-fpm
+restart_service php$PHP_VER-fpm
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -72,6 +72,10 @@ fi
 fi

 # Create the STORAGE_USER and STORAGE_ROOT directory if they don't already exist.
+#
+# Set the directory and all of its parent directories' permissions to world
+# readable since it holds files owned by different processes.
+#
 # If the STORAGE_ROOT is missing the mailinabox.version file that lists a
 # migration (schema) number for the files stored there, assume this is a fresh
 # installation to that directory and write the file to contain the current
@@ -82,6 +86,8 @@ fi
 if [ ! -d $STORAGE_ROOT ]; then
 	mkdir -p $STORAGE_ROOT
 fi
+f=$STORAGE_ROOT
+while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done;
 if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
 	setup/migrate.py --current > $STORAGE_ROOT/mailinabox.version
 	chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -83,6 +83,9 @@ fi
 tools/editconf.py /etc/systemd/journald.conf MaxRetentionSec=10day

 hide_output systemctl restart systemd-journald.service
+
+# ### Add PPAs.
+
 # We install some non-standard Ubuntu packages maintained by other
 # third-party providers. First ensure add-apt-repository is installed.

@@ -96,6 +99,8 @@ fi
 # come from there and minimal Ubuntu installs may have it turned off.
 hide_output add-apt-repository -y universe

+# Install the duplicity PPA.
+hide_output add-apt-repository -y ppa:duplicity-team/duplicity-release-git
 # ### Update Packages

 # Update system packages to make sure we have the latest upstream versions
--- a/setup/web.sh
+++ b/setup/web.sh
@@ -46,11 +46,11 @@ tools/editconf.py /etc/nginx/nginx.conf -s \
 	ssl_protocols="TLSv1.2 TLSv1.3;"

 # Tell PHP not to expose its version number in the X-Powered-By header.
-tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \
+tools/editconf.py /etc/php/$PHP_VER/fpm/php.ini -c ';' \
 	expose_php=Off

 # Set PHPs default charset to UTF-8, since we use it. See #367.
-tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \
+tools/editconf.py /etc/php/$PHP_VER/fpm/php.ini -c ';' \
        default_charset="UTF-8"

 # Set higher timeout since fts searches with Roundcube may take longer
@@ -60,7 +60,7 @@ tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \
        default_socket_timeout=180

 # Configure the path environment for php-fpm
-tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \
+tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \
 	env[PATH]=/usr/local/bin:/usr/bin:/bin \

 # Configure php-fpm based on the amount of memory the machine has
@@ -70,7 +70,7 @@ tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \
 TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true)
 if [ $TOTAL_PHYSICAL_MEM -lt 1000000 ]
 then
-        tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \
+        tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \
                pm=ondemand \
                pm.max_children=8 \
                pm.start_servers=2 \
@@ -78,7 +78,7 @@ then
                pm.max_spare_servers=3
 elif [ $TOTAL_PHYSICAL_MEM -lt 2000000 ]
 then
-        tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \
+        tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \
                pm=ondemand \
                pm.max_children=16 \
                pm.start_servers=4 \
@@ -86,14 +86,14 @@ then
                pm.max_spare_servers=6
 elif [ $TOTAL_PHYSICAL_MEM -lt 3000000 ]
 then
-        tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \
+        tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \
                pm=dynamic \
                pm.max_children=60 \
                pm.start_servers=6 \
                pm.min_spare_servers=3 \
                pm.max_spare_servers=9
 else
-        tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \
+        tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \
                pm=dynamic \
                pm.max_children=120 \
                pm.start_servers=12 \
@@ -162,7 +162,7 @@ chown www-data /var/log/nginx/geoipblock.log

 # Start services.
 restart_service nginx
-restart_service php$(php_version)-fpm
+restart_service php$PHP_VER-fpm

 # Open ports.
 ufw_allow http
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -217,4 +217,4 @@ chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite

 # Enable PHP modules.
 phpenmod -v php mcrypt imap
-restart_service php$(php_version)-fpm
+restart_service php$PHP_VER-fpm