missed changes

2025-04-21 03:02:09 +00:00 · 2018-07-07 18:51:14 +00:00 · 2018-07-07 18:51:14 +00:00 · 382d316ce0
commit 382d316ce0
parent f89b4ae04b
12 changed files with 63 additions and 307 deletions
--- a/conf/management-initscript
+++ b/conf/management-initscript
@ -1,135 +0,0 @@
 #! /bin/sh
 ### BEGIN INIT INFO
 # Provides:          mailinabox
 # Required-Start:    $all
 # Required-Stop:     $all
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Start and stop the Mail-in-a-Box management daemon.
 # Description:       Start and stop the Mail-in-a-Box management daemon.
 ### END INIT INFO
 # Adapted from http://blog.codefront.net/2007/06/11/nginx-php-and-a-php-fastcgi-daemon-init-script/
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 DESC="Mail-in-a-Box Management Daemon"
 NAME=mailinabox
 DAEMON=/usr/local/lib/mailinabox/start
 PIDFILE=/var/run/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
 # Exit if the package is not installed
 [ -x "$DAEMON" ] || exit 0
 # Set defaults.
 START=yes
 EXEC_AS_USER=root
 # Ensure Python reads/writes files in UTF-8. If the machine
 # triggers some other locale in Python, like ASCII encoding,
 # Python may not be able to read/write files. Set also
 # setup/start.sh (where the locale is also installed if not
 # already present) and management/daily_tasks.sh.
 export LANGUAGE=en_US.UTF-8
 export LC_ALL=en_US.UTF-8
 export LANG=en_US.UTF-8
 export LC_TYPE=en_US.UTF-8
 # Read configuration variable file if it is present
 [ -r /etc/default/$NAME ] && . /etc/default/$NAME
 # Load the VERBOSE setting and other rcS variables
 . /lib/init/vars.sh
 # Define LSB log_* functions.
 # Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
 . /lib/lsb/init-functions
 # If the daemon is not enabled, give the user a warning and then exit,
 # unless we are stopping the daemon
 if [ "$START" != "yes" -a "$1" != "stop" ]; then
        log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
        exit 0
 fi
 # Process configuration
 #export ...
 DAEMON_ARGS=""
 do_start()
 {
        # Return
        #   0 if daemon has been started
        #   1 if daemon was already running
        #   2 if daemon could not be started
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
                || return 1
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
                --background --make-pidfile --chuid $EXEC_AS_USER --startas $DAEMON -- \
                $DAEMON_ARGS \
                || return 2
 }
 do_stop()
 {
        # Return
        #   0 if daemon has been stopped
        #   1 if daemon was already stopped
        #   2 if daemon could not be stopped
        #   other if a failure occurred
        start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE > /dev/null # --name $DAEMON
        RETVAL="$?"
        [ "$RETVAL" = 2 ] && return 2
        # Wait for children to finish too if this is a daemon that forks
        # and if the daemon is only ever run from this initscript.
        # If the above conditions are not satisfied then add some other code
        # that waits for the process to drop all resources that could be
        # needed by services started subsequently.  A last resort is to
        # sleep for some time.
        start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
        [ "$?" = 2 ] && return 2
        # Many daemons don't delete their pidfiles when they exit.
        rm -f $PIDFILE
        return "$RETVAL"
 }
 case "$1" in
  start)
        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
        do_start
        case "$?" in
                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
  stop)
        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
        do_stop
        case "$?" in
                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
  restart|force-reload)
        log_daemon_msg "Restarting $DESC" "$NAME"
        do_stop
        case "$?" in
          0|1)
                do_start
                case "$?" in
                        0) log_end_msg 0 ;;
                        1) log_end_msg 1 ;; # Old process is still running
                        *) log_end_msg 1 ;; # Failed to start
                esac
                ;;
          *)
                # Failed to stop
                log_end_msg 1
                ;;
        esac
        ;;
  *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
        exit 3
        ;;
 esac
--- a/conf/nginx-ssl.conf
+++ b/conf/nginx-ssl.conf
@ -32,7 +32,7 @@ ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECD
 # Cut out (the old, broken) SSLv3 entirely. 
 # This **excludes IE6 users** and (apparently) Yandexbot.
 # Just comment out if you need to support IE6, bless your soul.
-ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+ssl_protocols TLSv1.2 TLSv1.1;
 # Turn on session resumption, using a cache shared across nginx processes,
 # as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html
@ -44,11 +44,7 @@ ssl_session_timeout 1d;
 # nginx 1.5.9+ ONLY
 #ssl_buffer_size 1400; 
-# SPDY header compression (0 for none, 9 for slow/heavy compression). Preferred is 6. 
+#spdy_headers_comp is deprecated and replaced by http2.
 # 
 # BUT: header compression is flawed and vulnerable in SPDY versions 1 - 3.
 # Disable with 0, until using a version of nginx with SPDY 4.
 spdy_headers_comp 0;
 # Now let's really get fancy, and pre-generate a 2048 bit random parameter
 # for DH elliptic curves. If not created and specified, default is only 1024 bits. 
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -31,8 +31,8 @@ server {
 # The secure HTTPS server.
 server {
-	listen 443 ssl;
+	listen 443 ssl http2;
-	listen [::]:443 ssl;
+	listen [::]:443 ssl http2;
 	server_name $HOSTNAME;
--- a/management/dns_update.py
+++ b/management/dns_update.py
@ -364,7 +364,16 @@ def build_sshfp_records():
 			s = line.split()
 			if len(s) == 2 and s[0] == 'Port':
 				ports = ports + [s[1]]
-	# the keys are the same at each port, so we only need to get
+                                
        # This code expects ports to have size at least 1, or later code breaks
        # with an out-of-bounds error.  The code as written pareses sshd_config
        # to check for port 22 being open, but this isn't sufficient, since
        # sshd has a default of 22.  So, populate the array with "22" here, since
        # it's highly likely the default has not changed on most deployments
        if not ports:
 		ports = ["22"]
        # the keys are the same at each port, so we only need to get
 	# them at the first port found (may not be port 22)
 	keys = shell("check_output", ["ssh-keyscan", "-t", "rsa,dsa,ecdsa,ed25519", "-p", ports[0], "localhost"])
 	for key in sorted(keys.split("\n")):
--- a/management/status_checks.py
+++ b/management/status_checks.py
@ -657,7 +657,11 @@ def check_web_domain(domain, rounded_time, ssl_certificates, env, output):
 	# website for also needs a signed certificate.
 	check_ssl_cert(domain, rounded_time, ssl_certificates, env, output)
-def query_dns(qname, rtype, nxdomain='[Not Set]', at=None):
+# On Ubuntu 18.04 dns queries by default do not query the network for loopback addresses
 # This means that dig A <my host> will always return 127.0.0.1.  I've switched the default
 # resolver for query_dns to the primary OpenDNS server, so that the correct A record will
 # be returned.  If this box is publishing DNS correctly, this should be fine, I think
 def query_dns(qname, rtype, nxdomain='[Not Set]', at="208.67.222.222"):
 	# Make the qname absolute by appending a period. Without this, dns.resolver.query
 	# will fall back a failed lookup to a second query with this machine's hostname
 	# appended. This has been causing some false-positive Spamhaus reports. The
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@ -23,10 +23,13 @@ source /etc/mailinabox.conf # load global vars
 # but dovecot-lucene is packaged by *us* in the Mail-in-a-Box PPA,
 # not by Ubuntu.
 # I removed the dovecot-lucene dependency, since there isn't a published bionic-compatible
 # package in the PPA
 echo "Installing Dovecot (IMAP server)..."
 apt_install \
 	dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-sqlite sqlite3 \
-	dovecot-sieve dovecot-managesieved dovecot-lucene
+	dovecot-sieve dovecot-managesieved
 # The `dovecot-imapd`, `dovecot-pop3d`, and `dovecot-lmtpd` packages automatically
 # enable IMAP, POP and LMTP protocols.
@ -114,14 +117,16 @@ tools/editconf.py /etc/dovecot/conf.d/20-pop3.conf \
 # Full Text Search - Enable full text search of mail using dovecot's lucene plugin,
 # which *we* package and distribute (dovecot-lucene package).
-tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
+# 
-	mail_plugins="\$mail_plugins fts fts_lucene"
+# I disabled the below, because we are not installing the dovecot-lucene plugin
-cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF;
+#tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
-plugin {
+#	mail_plugins="\$mail_plugins fts fts_lucene"
-  fts = lucene
+#cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF;
-  fts_lucene = whitespace_chars=@.
+#plugin {
-}
+#  fts = lucene
-EOF
+#  fts_lucene = whitespace_chars=@.
 #}
 #EOF
 # ### LDA (LMTP)
--- a/setup/management.sh
+++ b/setup/management.sh
@ -87,6 +87,10 @@ rm -f /tmp/bootstrap.zip
 # Create an init script to start the management daemon and keep it
 # running after a reboot.
 #
 # I changed the below from the /etc/init.d script to a systemd service
 # for mailinabox, because the /etc/init.d stuff just wasn't working.  This
 # seems to work well.
 rm -f /usr/local/bin/mailinabox-daemon # old path
 cat > $inst_dir/start <<EOF;
 #!/bin/bash
@ -95,8 +99,10 @@ exec python `pwd`/management/daemon.py
 EOF
 chmod +x $inst_dir/start
 rm -f /etc/init.d/mailinabox
-ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox
+rm -f /lib/systemd/system/mailinabox.service 
-hide_output update-rc.d mailinabox defaults
+cp $(pwd)/conf/management-service /lib/systemd/system/mailinabox.service 
 hide_output systemctl daemon-reload
 hide_output systemctl enable mailinabox.service
 # Remove old files we no longer use.
 rm -f /etc/cron.daily/mailinabox-backup
--- a/setup/munin.sh
+++ b/setup/munin.sh
@ -61,6 +61,18 @@ done
 # Create a 'state' directory. Not sure why we need to do this manually.
 mkdir -p /var/lib/munin-node/plugin-state/
 # Here, I create a systemd service for munin, since the old /etc/init.d one
 # just wasn't working.  I put the script in /usr/local/lib/mailinabox because
 # I didn't know a better place to put it
 cp management/munin_start.sh /usr/local/lib/mailinabox/munin_start.sh
 chmod 0644 /usr/local/lib/mailinabox/munin_start.sh
 chmod +x /usr/local/lib/mailinabox/munin_start.sh
 rm -f  /lib/systemd/system/munin.service
 cp conf/munin-service /lib/systemd/system/munin.service
 hide_output systemctl daemon-reload
 hide_output systemctl unmask munin.service
 hide_output systemctl enable munin.service
 # Restart services.
 restart_service munin
 restart_service munin-node
--- a/setup/owncloud.sh
+++ b/setup/owncloud.sh
@ -7,32 +7,17 @@ source /etc/mailinabox.conf # load global vars
 # ### Installing Nextcloud
-echo "Installing Nextcloud (contacts/calendar)..."
+# I removed almost all of the migration code, and removed all the dependencies 
 # that weren't needed for a clean install (primarily php5)
-# Keep the php5 dependancies for the owncloud upgrades
+echo "Installing Nextcloud (contacts/calendar)..."
 apt_install \
 	dbconfig-common \
 	php5-cli php5-sqlite php5-gd php5-imap php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \
 	php5 php5-dev php5-gd php5-fpm memcached php5-memcached
 apt-get purge -qq -y owncloud*
 apt_install php7.0 php7.0-fpm \
-	php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear php-apc curl \
+	php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear curl \
        php7.0-dev php7.0-gd memcached php7.0-memcached php7.0-xml php7.0-mbstring php7.0-zip php7.0-apcu
 # Migrate <= v0.10 setups that stored the ownCloud config.php in /usr/local rather than
 # in STORAGE_ROOT. Move the file to STORAGE_ROOT.
 if [ ! -f $STORAGE_ROOT/owncloud/config.php ] \
 	&& [ -f /usr/local/lib/owncloud/config/config.php ]; then
 	# Move config.php and symlink back into previous location.
 	echo "Migrating owncloud/config.php to new location."
 	mv /usr/local/lib/owncloud/config/config.php $STORAGE_ROOT/owncloud/config.php \
 		&& \
 	ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php
 fi
 InstallNextcloud() {
 	version=$1
@ -93,67 +78,6 @@ InstallNextcloud() {
 	fi
 }
 # We only install ownCloud intermediate versions to be able to seemlesly upgrade to Nextcloud
 InstallOwncloud() {
 	version=$1
 	hash=$2
 	echo
 	echo "Upgrading to OwnCloud version $version"
 	echo
 	# Remove the current owncloud/Nextcloud
 	rm -rf /usr/local/lib/owncloud
 	# Download and verify
 	wget_verify https://download.owncloud.org/community/owncloud-$version.tar.bz2 $hash /tmp/owncloud.tar.bz2
 	# Extract ownCloud
 	tar xjf /tmp/owncloud.tar.bz2 -C /usr/local/lib
 	rm -f /tmp/owncloud.tar.bz2
 	# The two apps we actually want are not in Nextcloud core. Download the releases from
 	# their github repositories.
 	mkdir -p /usr/local/lib/owncloud/apps
 	wget_verify https://github.com/owncloud/contacts/releases/download/v1.4.0.0/contacts.tar.gz c1c22d29699456a45db447281682e8bc3f10e3e7 /tmp/contacts.tgz
 	tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
 	rm /tmp/contacts.tgz
 	wget_verify https://github.com/nextcloud/calendar/releases/download/v1.4.0/calendar.tar.gz c84f3170efca2a99ea6254de34b0af3cb0b3a821 /tmp/calendar.tgz
 	tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
 	rm /tmp/calendar.tgz
 	# Fix weird permissions.
 	chmod 750 /usr/local/lib/owncloud/{apps,config}
 	# Create a symlink to the config.php in STORAGE_ROOT (for upgrades we're restoring the symlink we previously
 	# put in, and in new installs we're creating a symlink and will create the actual config later).
 	ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php
 	# Make sure permissions are correct or the upgrade step won't run.
 	# $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress
 	# that error.
 	chown -f -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud
 	# If this isn't a new installation, immediately run the upgrade script.
 	# Then check for success (0=ok and 3=no upgrade needed, both are success).
 	if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
 		# ownCloud 8.1.1 broke upgrades. It may fail on the first attempt, but
 		# that can be OK.
 		sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade
 		if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
 			echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
 			sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade
 			if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
 			sudo -u www-data php5 /usr/local/lib/owncloud/occ maintenance:mode --off
 			echo "...which seemed to work."
 		fi
 	fi
 }
 owncloud_ver=12.0.5
 owncloud_hash=d25afbac977a4e331f5e38df50aed0844498ca86
@ -163,7 +87,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
 	# Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail.
 	service php7.0-fpm stop &> /dev/null || /bin/true
-	service php5-fpm stop &> /dev/null || /bin/true
+	service php7-fpm stop &> /dev/null || /bin/true
 	# Backup the existing ownCloud/Nextcloud.
 	# Create a backup directory to store the current installation and database to
@ -180,73 +104,6 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
                cp /home/user-data/owncloud/config.php $BACKUP_DIRECTORY
        fi
 	# We only need to check if we do upgrades when owncloud/Nextcloud was previously installed
 	if [ -e /usr/local/lib/owncloud/version.php ]; then
 		if grep -q "OC_VersionString = '8\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then
 			echo "We are running 8.1.x, upgrading to 8.2.11 first"
 			InstallOwncloud 8.2.11 e4794938fc2f15a095018ba9d6ee18b53f6f299c
 		fi
 		# If we are upgrading from 8.2.x we should go to 9.0 first. Owncloud doesn't support skipping minor versions
 		if grep -q "OC_VersionString = '8\.2\.[0-9]" /usr/local/lib/owncloud/version.php; then
 			echo "We are running version 8.2.x, upgrading to 9.0.11 first"
 			# We need to disable memcached. The upgrade and install fails
 			# with memcached
 			CONFIG_TEMP=$(/bin/mktemp)
 			php <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php;
 			<?php
 				include("$STORAGE_ROOT/owncloud/config.php");
 				\$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
 				echo "<?php\n\\\$CONFIG = ";
 				var_export(\$CONFIG);
 				echo ";";
 			?>
 EOF
 			chown www-data.www-data $STORAGE_ROOT/owncloud/config.php
 			# We can now install owncloud 9.0.11
 			InstallOwncloud 9.0.11 fc8bad8a62179089bc58c406b28997fb0329337b
 			# The owncloud 9 migration doesn't migrate calendars and contacts
 			# The option to migrate these are removed in 9.1
 			# So the migrations should be done when we have 9.0 installed
 			sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-addressbooks
 			# The following migration has to be done for each owncloud user
 			for directory in $STORAGE_ROOT/owncloud/*@*/ ; do
 				username=$(basename "${directory}")
 				sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-calendar $username
 			done
 			sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:sync-birthday-calendar
 		fi
 		# If we are upgrading from 9.0.x we should go to 9.1 first.
 		if grep -q "OC_VersionString = '9\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then
 			echo "We are running ownCloud 9.0.x, upgrading to ownCloud 9.1.7 first"
 			InstallOwncloud 9.1.7 1307d997d0b23dc42742d315b3e2f11423a9c808
 		fi
 		# Newer ownCloud 9.1.x versions cannot be upgraded to Nextcloud 10 and have to be
 		# upgraded to Nextcloud 11 straight away, see:
 		# https://github.com/nextcloud/server/issues/2203
 		# However, for some reason, upgrading to the latest Nextcloud 11.0.7 doesn't
 		# work either. Therefore, we're upgrading to Nextcloud 11.0.0 in the interim.
 		# This should not be a problem since we're upgrading to the latest Nextcloud 12
 		# in the next step.
 		if grep -q "OC_VersionString = '9\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then
 			echo "We are running ownCloud 9.1.x, upgrading to Nextcloud 11.0.0 first"
 			InstallNextcloud 11.0.0 e8c9ebe72a4a76c047080de94743c5c11735e72e
 		fi
 		# If we are upgrading from 10.0.x we should go to Nextcloud 11.0 first.
 		if grep -q "OC_VersionString = '10\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then
 			echo "We are running Nextcloud 10.0.x, upgrading to Nextcloud 11.0.7 first"
 			InstallNextcloud 11.0.7 f936ddcb2ae3dbb66ee4926eb8b2ebbddc3facbe
 		fi
 	fi
 	InstallNextcloud $owncloud_ver $owncloud_hash
 fi
--- a/setup/preflight.sh
+++ b/setup/preflight.sh
@ -8,7 +8,7 @@ if [[ $EUID -ne 0 ]]; then
 fi
 # Check that we are running on Ubuntu 14.04 LTS (or 14.04.xx).
-if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" != "Ubuntu 14.04 LTS" ]; then
+if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" != "Ubuntu 18.04 LTS" ]; then
 	echo "Mail-in-a-Box only supports being installed on Ubuntu 14.04, sorry. You are running:"
 	echo
 	lsb_release -d | sed 's/.*:\s*//'
--- a/setup/system.sh
+++ b/setup/system.sh
@ -86,7 +86,9 @@ fi
 # text search plugin for (and by) dovecot, which is not available in
 # Ubuntu currently.
-hide_output add-apt-repository -y ppa:mail-in-a-box/ppa
+# The mail-in-a-box ppa doesn't have bionic-compatible sources, so
 # do not add it
 #hide_output add-apt-repository -y ppa:mail-in-a-box/ppa
 hide_output add-apt-repository -y ppa:certbot/certbot
 # ### Update Packages
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@ -25,7 +25,7 @@ apt_install \
 	php7.0-cli php7.0-sqlite php7.0-mcrypt php7.0-intl php7.0-json php7.0-common \
 	php7.0-gd php7.0-pspell tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 php7.0-mbstring
-apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3
+# I removed the php-mail-mimedecode line, since this is definitely not installed
 # We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC
 # on Apache and MySQL, by downloading the debs and installing them manually. #NODOC