From 382d316ce01532446c95053bc7b7e8dd3be021d9 Mon Sep 17 00:00:00 2001
From: "Christopher A. DeFlumeri" <chris@deflumeri.com>
Date: Sat, 7 Jul 2018 18:51:14 +0000
Subject: [PATCH] missed changes

---
 conf/management-initscript  | 135 -------------------------------
 conf/nginx-ssl.conf         |   8 +-
 conf/nginx.conf             |   4 +-
 management/dns_update.py    |  11 ++-
 management/status_checks.py |   6 +-
 setup/mail-dovecot.sh       |  23 +++---
 setup/management.sh         |  10 ++-
 setup/munin.sh              |  12 +++
 setup/owncloud.sh           | 153 ++----------------------------------
 setup/preflight.sh          |   2 +-
 setup/system.sh             |   4 +-
 setup/webmail.sh            |   2 +-
 12 files changed, 63 insertions(+), 307 deletions(-)
 delete mode 100755 conf/management-initscript

diff --git a/conf/management-initscript b/conf/management-initscript
deleted file mode 100755
index 8275da86..00000000
--- a/conf/management-initscript
+++ /dev/null
@@ -1,135 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides:          mailinabox
-# Required-Start:    $all
-# Required-Stop:     $all
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: Start and stop the Mail-in-a-Box management daemon.
-# Description:       Start and stop the Mail-in-a-Box management daemon.
-### END INIT INFO
-
-# Adapted from http://blog.codefront.net/2007/06/11/nginx-php-and-a-php-fastcgi-daemon-init-script/
-
-PATH=/sbin:/usr/sbin:/bin:/usr/bin
-DESC="Mail-in-a-Box Management Daemon"
-NAME=mailinabox
-DAEMON=/usr/local/lib/mailinabox/start
-PIDFILE=/var/run/$NAME.pid
-SCRIPTNAME=/etc/init.d/$NAME
-
-# Exit if the package is not installed
-[ -x "$DAEMON" ] || exit 0
-
-# Set defaults.
-START=yes
-EXEC_AS_USER=root
-
-# Ensure Python reads/writes files in UTF-8. If the machine
-# triggers some other locale in Python, like ASCII encoding,
-# Python may not be able to read/write files. Set also
-# setup/start.sh (where the locale is also installed if not
-# already present) and management/daily_tasks.sh.
-export LANGUAGE=en_US.UTF-8
-export LC_ALL=en_US.UTF-8
-export LANG=en_US.UTF-8
-export LC_TYPE=en_US.UTF-8
-
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
-
-# Load the VERBOSE setting and other rcS variables
-. /lib/init/vars.sh
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
-. /lib/lsb/init-functions
-
-# If the daemon is not enabled, give the user a warning and then exit,
-# unless we are stopping the daemon
-if [ "$START" != "yes" -a "$1" != "stop" ]; then
-        log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
-        exit 0
-fi
-
-# Process configuration
-#export ...
-DAEMON_ARGS=""
-
-
-do_start()
-{
-        # Return
-        #   0 if daemon has been started
-        #   1 if daemon was already running
-        #   2 if daemon could not be started
-        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
-                || return 1
-        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
-                --background --make-pidfile --chuid $EXEC_AS_USER --startas $DAEMON -- \
-                $DAEMON_ARGS \
-                || return 2
-}
-
-do_stop()
-{
-        # Return
-        #   0 if daemon has been stopped
-        #   1 if daemon was already stopped
-        #   2 if daemon could not be stopped
-        #   other if a failure occurred
-        start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE > /dev/null # --name $DAEMON
-        RETVAL="$?"
-        [ "$RETVAL" = 2 ] && return 2
-        # Wait for children to finish too if this is a daemon that forks
-        # and if the daemon is only ever run from this initscript.
-        # If the above conditions are not satisfied then add some other code
-        # that waits for the process to drop all resources that could be
-        # needed by services started subsequently.  A last resort is to
-        # sleep for some time.
-        start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
-        [ "$?" = 2 ] && return 2
-        # Many daemons don't delete their pidfiles when they exit.
-        rm -f $PIDFILE
-        return "$RETVAL"
-}
-case "$1" in
-  start)
-        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
-        do_start
-        case "$?" in
-                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-        esac
-        ;;
-  stop)
-        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
-        do_stop
-        case "$?" in
-                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-        esac
-        ;;
-  restart|force-reload)
-        log_daemon_msg "Restarting $DESC" "$NAME"
-        do_stop
-        case "$?" in
-          0|1)
-                do_start
-                case "$?" in
-                        0) log_end_msg 0 ;;
-                        1) log_end_msg 1 ;; # Old process is still running
-                        *) log_end_msg 1 ;; # Failed to start
-                esac
-                ;;
-          *)
-                # Failed to stop
-                log_end_msg 1
-                ;;
-        esac
-        ;;
-  *)
-        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
-        exit 3
-        ;;
-esac
diff --git a/conf/nginx-ssl.conf b/conf/nginx-ssl.conf
index e893ad67..d463b7c1 100644
--- a/conf/nginx-ssl.conf
+++ b/conf/nginx-ssl.conf
@@ -32,7 +32,7 @@ ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECD
 # Cut out (the old, broken) SSLv3 entirely. 
 # This **excludes IE6 users** and (apparently) Yandexbot.
 # Just comment out if you need to support IE6, bless your soul.
-ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+ssl_protocols TLSv1.2 TLSv1.1;
 
 # Turn on session resumption, using a cache shared across nginx processes,
 # as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html
@@ -44,11 +44,7 @@ ssl_session_timeout 1d;
 # nginx 1.5.9+ ONLY
 #ssl_buffer_size 1400; 
 
-# SPDY header compression (0 for none, 9 for slow/heavy compression). Preferred is 6. 
-# 
-# BUT: header compression is flawed and vulnerable in SPDY versions 1 - 3.
-# Disable with 0, until using a version of nginx with SPDY 4.
-spdy_headers_comp 0;
+#spdy_headers_comp is deprecated and replaced by http2.
 
 # Now let's really get fancy, and pre-generate a 2048 bit random parameter
 # for DH elliptic curves. If not created and specified, default is only 1024 bits. 
diff --git a/conf/nginx.conf b/conf/nginx.conf
index ce662751..fafd3409 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -31,8 +31,8 @@ server {
 
 # The secure HTTPS server.
 server {
-	listen 443 ssl;
-	listen [::]:443 ssl;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
 
 	server_name $HOSTNAME;
 
diff --git a/management/dns_update.py b/management/dns_update.py
index b6e1022d..b0ab5caa 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -364,7 +364,16 @@ def build_sshfp_records():
 			s = line.split()
 			if len(s) == 2 and s[0] == 'Port':
 				ports = ports + [s[1]]
-	# the keys are the same at each port, so we only need to get
+                                
+        # This code expects ports to have size at least 1, or later code breaks
+        # with an out-of-bounds error.  The code as written pareses sshd_config
+        # to check for port 22 being open, but this isn't sufficient, since
+        # sshd has a default of 22.  So, populate the array with "22" here, since
+        # it's highly likely the default has not changed on most deployments
+        if not ports:
+		ports = ["22"]
+
+        # the keys are the same at each port, so we only need to get
 	# them at the first port found (may not be port 22)
 	keys = shell("check_output", ["ssh-keyscan", "-t", "rsa,dsa,ecdsa,ed25519", "-p", ports[0], "localhost"])
 	for key in sorted(keys.split("\n")):
diff --git a/management/status_checks.py b/management/status_checks.py
index 3b0026d9..8e9c7d83 100755
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -657,7 +657,11 @@ def check_web_domain(domain, rounded_time, ssl_certificates, env, output):
 	# website for also needs a signed certificate.
 	check_ssl_cert(domain, rounded_time, ssl_certificates, env, output)
 
-def query_dns(qname, rtype, nxdomain='[Not Set]', at=None):
+# On Ubuntu 18.04 dns queries by default do not query the network for loopback addresses
+# This means that dig A <my host> will always return 127.0.0.1.  I've switched the default
+# resolver for query_dns to the primary OpenDNS server, so that the correct A record will
+# be returned.  If this box is publishing DNS correctly, this should be fine, I think
+def query_dns(qname, rtype, nxdomain='[Not Set]', at="208.67.222.222"):
 	# Make the qname absolute by appending a period. Without this, dns.resolver.query
 	# will fall back a failed lookup to a second query with this machine's hostname
 	# appended. This has been causing some false-positive Spamhaus reports. The
diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 21343964..d3be3ed7 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -23,10 +23,13 @@ source /etc/mailinabox.conf # load global vars
 # but dovecot-lucene is packaged by *us* in the Mail-in-a-Box PPA,
 # not by Ubuntu.
 
+# I removed the dovecot-lucene dependency, since there isn't a published bionic-compatible
+# package in the PPA
+
 echo "Installing Dovecot (IMAP server)..."
 apt_install \
 	dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-sqlite sqlite3 \
-	dovecot-sieve dovecot-managesieved dovecot-lucene
+	dovecot-sieve dovecot-managesieved
 
 # The `dovecot-imapd`, `dovecot-pop3d`, and `dovecot-lmtpd` packages automatically
 # enable IMAP, POP and LMTP protocols.
@@ -114,14 +117,16 @@ tools/editconf.py /etc/dovecot/conf.d/20-pop3.conf \
 
 # Full Text Search - Enable full text search of mail using dovecot's lucene plugin,
 # which *we* package and distribute (dovecot-lucene package).
-tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
-	mail_plugins="\$mail_plugins fts fts_lucene"
-cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF;
-plugin {
-  fts = lucene
-  fts_lucene = whitespace_chars=@.
-}
-EOF
+# 
+# I disabled the below, because we are not installing the dovecot-lucene plugin
+#tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
+#	mail_plugins="\$mail_plugins fts fts_lucene"
+#cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF;
+#plugin {
+#  fts = lucene
+#  fts_lucene = whitespace_chars=@.
+#}
+#EOF
 
 # ### LDA (LMTP)
 
diff --git a/setup/management.sh b/setup/management.sh
index 064906d3..777406f4 100755
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -87,6 +87,10 @@ rm -f /tmp/bootstrap.zip
 
 # Create an init script to start the management daemon and keep it
 # running after a reboot.
+#
+# I changed the below from the /etc/init.d script to a systemd service
+# for mailinabox, because the /etc/init.d stuff just wasn't working.  This
+# seems to work well.
 rm -f /usr/local/bin/mailinabox-daemon # old path
 cat > $inst_dir/start <<EOF;
 #!/bin/bash
@@ -95,8 +99,10 @@ exec python `pwd`/management/daemon.py
 EOF
 chmod +x $inst_dir/start
 rm -f /etc/init.d/mailinabox
-ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox
-hide_output update-rc.d mailinabox defaults
+rm -f /lib/systemd/system/mailinabox.service 
+cp $(pwd)/conf/management-service /lib/systemd/system/mailinabox.service 
+hide_output systemctl daemon-reload
+hide_output systemctl enable mailinabox.service
 
 # Remove old files we no longer use.
 rm -f /etc/cron.daily/mailinabox-backup
diff --git a/setup/munin.sh b/setup/munin.sh
index c812dab2..0b5ac12a 100755
--- a/setup/munin.sh
+++ b/setup/munin.sh
@@ -61,6 +61,18 @@ done
 # Create a 'state' directory. Not sure why we need to do this manually.
 mkdir -p /var/lib/munin-node/plugin-state/
 
+# Here, I create a systemd service for munin, since the old /etc/init.d one
+# just wasn't working.  I put the script in /usr/local/lib/mailinabox because
+# I didn't know a better place to put it
+cp management/munin_start.sh /usr/local/lib/mailinabox/munin_start.sh
+chmod 0644 /usr/local/lib/mailinabox/munin_start.sh
+chmod +x /usr/local/lib/mailinabox/munin_start.sh
+rm -f  /lib/systemd/system/munin.service
+cp conf/munin-service /lib/systemd/system/munin.service
+hide_output systemctl daemon-reload
+hide_output systemctl unmask munin.service
+hide_output systemctl enable munin.service
+
 # Restart services.
 restart_service munin
 restart_service munin-node
diff --git a/setup/owncloud.sh b/setup/owncloud.sh
index 8a6c0a36..f44f1da9 100755
--- a/setup/owncloud.sh
+++ b/setup/owncloud.sh
@@ -7,32 +7,17 @@ source /etc/mailinabox.conf # load global vars
 
 # ### Installing Nextcloud
 
-echo "Installing Nextcloud (contacts/calendar)..."
+# I removed almost all of the migration code, and removed all the dependencies 
+# that weren't needed for a clean install (primarily php5)
 
-# Keep the php5 dependancies for the owncloud upgrades
-apt_install \
-	dbconfig-common \
-	php5-cli php5-sqlite php5-gd php5-imap php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \
-	php5 php5-dev php5-gd php5-fpm memcached php5-memcached
+echo "Installing Nextcloud (contacts/calendar)..."
 
 apt-get purge -qq -y owncloud*
 
 apt_install php7.0 php7.0-fpm \
-	php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear php-apc curl \
+	php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear curl \
         php7.0-dev php7.0-gd memcached php7.0-memcached php7.0-xml php7.0-mbstring php7.0-zip php7.0-apcu
 
-# Migrate <= v0.10 setups that stored the ownCloud config.php in /usr/local rather than
-# in STORAGE_ROOT. Move the file to STORAGE_ROOT.
-if [ ! -f $STORAGE_ROOT/owncloud/config.php ] \
-	&& [ -f /usr/local/lib/owncloud/config/config.php ]; then
-
-	# Move config.php and symlink back into previous location.
-	echo "Migrating owncloud/config.php to new location."
-	mv /usr/local/lib/owncloud/config/config.php $STORAGE_ROOT/owncloud/config.php \
-		&& \
-	ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php
-fi
-
 InstallNextcloud() {
 
 	version=$1
@@ -93,67 +78,6 @@ InstallNextcloud() {
 	fi
 }
 
-# We only install ownCloud intermediate versions to be able to seemlesly upgrade to Nextcloud
-InstallOwncloud() {
-
-	version=$1
-	hash=$2
-
-	echo
-	echo "Upgrading to OwnCloud version $version"
-	echo
-
-	# Remove the current owncloud/Nextcloud
-	rm -rf /usr/local/lib/owncloud
-
-	# Download and verify
-	wget_verify https://download.owncloud.org/community/owncloud-$version.tar.bz2 $hash /tmp/owncloud.tar.bz2
-
-
-	# Extract ownCloud
-	tar xjf /tmp/owncloud.tar.bz2 -C /usr/local/lib
-	rm -f /tmp/owncloud.tar.bz2
-
-	# The two apps we actually want are not in Nextcloud core. Download the releases from
-	# their github repositories.
-	mkdir -p /usr/local/lib/owncloud/apps
-
-	wget_verify https://github.com/owncloud/contacts/releases/download/v1.4.0.0/contacts.tar.gz c1c22d29699456a45db447281682e8bc3f10e3e7 /tmp/contacts.tgz
-	tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
-	rm /tmp/contacts.tgz
-
-	wget_verify https://github.com/nextcloud/calendar/releases/download/v1.4.0/calendar.tar.gz c84f3170efca2a99ea6254de34b0af3cb0b3a821 /tmp/calendar.tgz
-	tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
-	rm /tmp/calendar.tgz
-
-	# Fix weird permissions.
-	chmod 750 /usr/local/lib/owncloud/{apps,config}
-
-	# Create a symlink to the config.php in STORAGE_ROOT (for upgrades we're restoring the symlink we previously
-	# put in, and in new installs we're creating a symlink and will create the actual config later).
-	ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php
-
-	# Make sure permissions are correct or the upgrade step won't run.
-	# $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress
-	# that error.
-	chown -f -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud
-
-	# If this isn't a new installation, immediately run the upgrade script.
-	# Then check for success (0=ok and 3=no upgrade needed, both are success).
-	if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
-		# ownCloud 8.1.1 broke upgrades. It may fail on the first attempt, but
-		# that can be OK.
-		sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade
-		if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
-			echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
-			sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade
-			if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
-			sudo -u www-data php5 /usr/local/lib/owncloud/occ maintenance:mode --off
-			echo "...which seemed to work."
-		fi
-	fi
-}
-
 owncloud_ver=12.0.5
 owncloud_hash=d25afbac977a4e331f5e38df50aed0844498ca86
 
@@ -163,7 +87,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
 
 	# Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail.
 	service php7.0-fpm stop &> /dev/null || /bin/true
-	service php5-fpm stop &> /dev/null || /bin/true
+	service php7-fpm stop &> /dev/null || /bin/true
 
 	# Backup the existing ownCloud/Nextcloud.
 	# Create a backup directory to store the current installation and database to
@@ -180,73 +104,6 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
                 cp /home/user-data/owncloud/config.php $BACKUP_DIRECTORY
         fi
 
-	# We only need to check if we do upgrades when owncloud/Nextcloud was previously installed
-	if [ -e /usr/local/lib/owncloud/version.php ]; then
-		if grep -q "OC_VersionString = '8\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then
-			echo "We are running 8.1.x, upgrading to 8.2.11 first"
-			InstallOwncloud 8.2.11 e4794938fc2f15a095018ba9d6ee18b53f6f299c
-		fi
-
-		# If we are upgrading from 8.2.x we should go to 9.0 first. Owncloud doesn't support skipping minor versions
-		if grep -q "OC_VersionString = '8\.2\.[0-9]" /usr/local/lib/owncloud/version.php; then
-			echo "We are running version 8.2.x, upgrading to 9.0.11 first"
-
-			# We need to disable memcached. The upgrade and install fails
-			# with memcached
-			CONFIG_TEMP=$(/bin/mktemp)
-			php <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php;
-			<?php
-				include("$STORAGE_ROOT/owncloud/config.php");
-
-				\$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
-
-				echo "<?php\n\\\$CONFIG = ";
-				var_export(\$CONFIG);
-				echo ";";
-			?>
-EOF
-			chown www-data.www-data $STORAGE_ROOT/owncloud/config.php
-
-			# We can now install owncloud 9.0.11
-			InstallOwncloud 9.0.11 fc8bad8a62179089bc58c406b28997fb0329337b
-
-			# The owncloud 9 migration doesn't migrate calendars and contacts
-			# The option to migrate these are removed in 9.1
-			# So the migrations should be done when we have 9.0 installed
-			sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-addressbooks
-			# The following migration has to be done for each owncloud user
-			for directory in $STORAGE_ROOT/owncloud/*@*/ ; do
-				username=$(basename "${directory}")
-				sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-calendar $username
-			done
-			sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:sync-birthday-calendar
-		fi
-
-		# If we are upgrading from 9.0.x we should go to 9.1 first.
-		if grep -q "OC_VersionString = '9\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then
-			echo "We are running ownCloud 9.0.x, upgrading to ownCloud 9.1.7 first"
-			InstallOwncloud 9.1.7 1307d997d0b23dc42742d315b3e2f11423a9c808
-		fi
-
-		# Newer ownCloud 9.1.x versions cannot be upgraded to Nextcloud 10 and have to be
-		# upgraded to Nextcloud 11 straight away, see:
-		# https://github.com/nextcloud/server/issues/2203
-		# However, for some reason, upgrading to the latest Nextcloud 11.0.7 doesn't
-		# work either. Therefore, we're upgrading to Nextcloud 11.0.0 in the interim.
-		# This should not be a problem since we're upgrading to the latest Nextcloud 12
-		# in the next step.
-		if grep -q "OC_VersionString = '9\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then
-			echo "We are running ownCloud 9.1.x, upgrading to Nextcloud 11.0.0 first"
-			InstallNextcloud 11.0.0 e8c9ebe72a4a76c047080de94743c5c11735e72e
-		fi
-
-		# If we are upgrading from 10.0.x we should go to Nextcloud 11.0 first.
-		if grep -q "OC_VersionString = '10\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then
-			echo "We are running Nextcloud 10.0.x, upgrading to Nextcloud 11.0.7 first"
-			InstallNextcloud 11.0.7 f936ddcb2ae3dbb66ee4926eb8b2ebbddc3facbe
-		fi
-	fi
-
 	InstallNextcloud $owncloud_ver $owncloud_hash
 fi
 
diff --git a/setup/preflight.sh b/setup/preflight.sh
index 4be2ec41..f7a99941 100644
--- a/setup/preflight.sh
+++ b/setup/preflight.sh
@@ -8,7 +8,7 @@ if [[ $EUID -ne 0 ]]; then
 fi
 
 # Check that we are running on Ubuntu 14.04 LTS (or 14.04.xx).
-if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" != "Ubuntu 14.04 LTS" ]; then
+if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" != "Ubuntu 18.04 LTS" ]; then
 	echo "Mail-in-a-Box only supports being installed on Ubuntu 14.04, sorry. You are running:"
 	echo
 	lsb_release -d | sed 's/.*:\s*//'
diff --git a/setup/system.sh b/setup/system.sh
index 04728051..3cc85e7a 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -86,7 +86,9 @@ fi
 # text search plugin for (and by) dovecot, which is not available in
 # Ubuntu currently.
 
-hide_output add-apt-repository -y ppa:mail-in-a-box/ppa
+# The mail-in-a-box ppa doesn't have bionic-compatible sources, so
+# do not add it
+#hide_output add-apt-repository -y ppa:mail-in-a-box/ppa
 hide_output add-apt-repository -y ppa:certbot/certbot
 
 # ### Update Packages
diff --git a/setup/webmail.sh b/setup/webmail.sh
index 666153c1..69f8588e 100755
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -25,7 +25,7 @@ apt_install \
 	php7.0-cli php7.0-sqlite php7.0-mcrypt php7.0-intl php7.0-json php7.0-common \
 	php7.0-gd php7.0-pspell tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 php7.0-mbstring
 
-apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3
+# I removed the php-mail-mimedecode line, since this is definitely not installed
 
 # We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC
 # on Apache and MySQL, by downloading the debs and installing them manually. #NODOC