From f2c730642abc65316309e8fa06029fdab09c4e6b Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 8 Jan 2022 19:09:11 -0500 Subject: [PATCH 1/9] Update Ubuntu version checks from 18.04 to 22.04 --- setup/bootstrap.sh | 43 ++++++++++++++++++++++++------------------- setup/preflight.sh | 8 ++++---- 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh index 7168e160..af6f4040 100644 --- a/setup/bootstrap.sh +++ b/setup/bootstrap.sh @@ -9,32 +9,37 @@ if [ -z "$TAG" ]; then # If a version to install isn't explicitly given as an environment # variable, then install the latest version. But the latest version - # depends on the operating system. Existing Ubuntu 14.04 users need - # to be able to upgrade to the latest version supporting Ubuntu 14.04, - # in part because an upgrade is required before jumping to Ubuntu 18.04. - # New users on Ubuntu 18.04 need to get the latest version number too. + # depends on the machine's version of Ubuntu. Existing users need to + # be able to upgrade to the latest version available for that version + # of Ubuntu to satisfy the migration requirements. # # Also, the system status checks read this script for TAG = (without the # space, but if we put it in a comment it would confuse the status checks!) # to get the latest version, so the first such line must be the one that we # want to display in status checks. - if [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' )" == "Ubuntu 18.04 LTS" ]; then - # This machine is running Ubuntu 18.04. - TAG=v55 - - elif [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' )" == "Ubuntu 14.04 LTS" ]; then - # This machine is running Ubuntu 14.04. - echo "You are installing the last version of Mail-in-a-Box that will" - echo "support Ubuntu 14.04. If this is a new installation of Mail-in-a-Box," - echo "stop now and switch to a machine running Ubuntu 18.04. If you are" - echo "upgrading an existing Mail-in-a-Box --- great. After upgrading this" - echo "box, please visit https://mailinabox.email for notes on how to upgrade" - echo "to Ubuntu 18.04." - echo "" + # + # Allow point-release versions of the major releases, e.g. 22.04.1 is OK. + UBUNTU_VERSION=$( lsb_release -d | sed 's/.*:\s*//' | sed 's/\([0-9]*\.[0-9]*\)\.[0-9]/\1/' )" + if [ "$UBUNTU_VERSION" == "Ubuntu 22.04 LTS" ]; then + # This machine is running Ubuntu 22.04, which is supported by + # Mail-in-a-Box versions 60 and later. + TAG=v60 + elif [ "$UBUNTU_VERSION" == "Ubuntu 18.04 LTS" ]; then + # This machine is running Ubuntu 18.04, which is supported by + # Mail-in-a-Box versions 0.40 through 5x. + echo "Support is ending for Ubuntu 18.04." + echo "Please immediately begin to migrate your information to" + echo "a new machine running Ubuntu 22.04. See:" + echo "https://mailinabox.email/maintenance.html#upgrade" + TAG=v56 + elif [ "$UBUNTU_VERSION" == "Ubuntu 14.04 LTS" ]; then + # This machine is running Ubuntu 14.04, which is supported by + # Mail-in-a-Box versions 1 through v0.30. + echo "Ubuntu 14.04 is no longer supported." + echo "The last version of Mail-in-a-Box supporting Ubuntu 14.04 will be installed." TAG=v0.30 - else - echo "This script must be run on a system running Ubuntu 18.04 or Ubuntu 14.04." + echo "This script may be used only on a machine running Ubuntu 14.04, 18.04, or 22.04." exit 1 fi fi diff --git a/setup/preflight.sh b/setup/preflight.sh index 9d2715c5..bd6d65b7 100644 --- a/setup/preflight.sh +++ b/setup/preflight.sh @@ -7,11 +7,11 @@ if [[ $EUID -ne 0 ]]; then exit 1 fi -# Check that we are running on Ubuntu 18.04 LTS (or 18.04.xx). -if [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' )" != "Ubuntu 18.04 LTS" ]; then - echo "Mail-in-a-Box only supports being installed on Ubuntu 18.04, sorry. You are running:" +# Check that we are running on Ubuntu 20.04 LTS (or 20.04.xx). +if [ "$( lsb_release --id --short )" != "Ubuntu" ] || [ "$( lsb_release --release --short )" != "22.04" ]; then + echo "Mail-in-a-Box only supports being installed on Ubuntu 22.04, sorry. You are running:" echo - lsb_release -d | sed 's/.*:\s*//' + lsb_release --description --short echo echo "We can't write scripts that run on every possible setup, sorry." exit 1 From a0f86dc81b9c79defe843b4275788231da579b3b Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 8 Jan 2022 19:24:41 -0500 Subject: [PATCH 2/9] Update and drop some package and file names for Ubuntu 22.04 * Update php-xsl to php8.0-xml for zpush. * Fix path to bind9 startup options file in Ubuntu 22.04. * tinymce has not been a Roundcube requirement recently and is no longer a package in Ubuntu 22.04 * Upgrade Vagrant box to Ubuntu 22.04 --- Vagrantfile | 2 +- setup/system.sh | 2 +- setup/webmail.sh | 2 +- setup/zpush.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 04788292..757c2ec9 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -2,7 +2,7 @@ # vi: set ft=ruby : Vagrant.configure("2") do |config| - config.vm.box = "ubuntu/bionic64" + config.vm.box = "ubuntu/jammy64" # Network config: Since it's a mail server, the machine must be connected # to the public web. However, we currently don't want to expose SSH since diff --git a/setup/system.sh b/setup/system.sh index 036fe3f9..e8099218 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -331,7 +331,7 @@ fi #NODOC # If more queries than specified are sent, bind9 returns SERVFAIL. After flushing the cache during system checks, # we ran into the limit thus we are increasing it from 75 (default value) to 100. apt_install bind9 -tools/editconf.py /etc/default/bind9 \ +tools/editconf.py /etc/default/named \ "OPTIONS=\"-u bind -4\"" if ! grep -q "listen-on " /etc/bind/named.conf.options; then # Add a listen-on directive if it doesn't exist inside the options block. diff --git a/setup/webmail.sh b/setup/webmail.sh index 4855d0dc..938bcdd3 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -23,7 +23,7 @@ echo "Installing Roundcube (webmail)..." apt_install \ dbconfig-common \ php-cli php-sqlite3 php-intl php-json php-common php-curl php-ldap \ - php-gd php-pspell tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 php-mbstring + php-gd php-pspell libjs-jquery libjs-jquery-mousewheel libmagic1 php-mbstring # Install Roundcube from source if it is not already present or if it is out of date. # Combine the Roundcube version number with the commit hash of plugins to track diff --git a/setup/zpush.sh b/setup/zpush.sh index c1c00f2a..1d19e4dd 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -17,7 +17,7 @@ source /etc/mailinabox.conf # load global vars echo "Installing Z-Push (Exchange/ActiveSync server)..." apt_install \ - php-soap php-imap libawl-php php-xsl + php-soap php-imap libawl-php php8.0-xml phpenmod -v php imap From 13e756e73464265997ac800ffd184d1947d5d296 Mon Sep 17 00:00:00 2001 From: Daniel Mabbett Date: Fri, 24 Apr 2020 20:37:59 +1000 Subject: [PATCH 3/9] Configure nsd listening interfaces before installing nsd so that it does not interfere with bind9 --- setup/dns.sh | 46 +++++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/setup/dns.sh b/setup/dns.sh index c8a73a73..9b9b1b0a 100755 --- a/setup/dns.sh +++ b/setup/dns.sh @@ -10,17 +10,13 @@ source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars -# Install the packages. -# -# * nsd: The non-recursive nameserver that publishes our DNS records. -# * ldnsutils: Helper utilities for signing DNSSEC zones. -# * openssh-client: Provides ssh-keyscan which we use to create SSHFP records. -echo "Installing nsd (DNS server)..." -apt_install nsd ldnsutils openssh-client - # Prepare nsd's configuration. - +# We configure nsd before installation as we only want it to bind to some addresses +# and it otherwise will have port / bind conflicts with bind9 used as the local resolver mkdir -p /var/run/nsd +mkdir -p /etc/nsd +mkdir -p /etc/nsd/zones +touch /etc/nsd/zones.conf cat > /etc/nsd/nsd.conf << EOF; # Do not edit. Overwritten by Mail-in-a-Box setup. @@ -42,18 +38,6 @@ server: EOF -# Add log rotation -cat > /etc/logrotate.d/nsd <> /etc/nsd/nsd.conf; # now be stored in /etc/nsd/nsd.conf.d. rm -f /etc/nsd/zones.conf +# Add log rotation +cat > /etc/logrotate.d/nsd < Date: Thu, 29 Jul 2021 09:49:03 +0300 Subject: [PATCH 4/9] Fix DeprecationWarning in dnspython query vs resolve method The resolve method disables resolving relative names by default. This change probably makes a7710e90 unnecessary. @JoshData added some additional changes from query to resolve. --- management/dns_update.py | 8 ++++---- management/status_checks.py | 2 +- tests/test_dns.py | 2 +- tests/test_mail.py | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/management/dns_update.py b/management/dns_update.py index fde9b146..45ea94fa 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -1000,9 +1000,9 @@ def get_secondary_dns(custom_dns, mode=None): # doesn't. if not hostname.startswith("xfr:"): if mode == "xfr": - response = dns.resolver.query(hostname+'.', "A", raise_on_no_answer=False) + response = dns.resolver.resolve(hostname+'.', "A", raise_on_no_answer=False) values.extend(map(str, response)) - response = dns.resolver.query(hostname+'.', "AAAA", raise_on_no_answer=False) + response = dns.resolver.resolve(hostname+'.', "AAAA", raise_on_no_answer=False) values.extend(map(str, response)) continue values.append(hostname) @@ -1025,10 +1025,10 @@ def set_secondary_dns(hostnames, env): if not item.startswith("xfr:"): # Resolve hostname. try: - response = resolver.query(item, "A") + response = resolver.resolve(item, "A") except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): try: - response = resolver.query(item, "AAAA") + response = resolver.resolve(item, "AAAA") except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): raise ValueError("Could not resolve the IP address of %s." % item) else: diff --git a/management/status_checks.py b/management/status_checks.py index d3c642c6..2c2180a3 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -785,7 +785,7 @@ def query_dns(qname, rtype, nxdomain='[Not Set]', at=None, as_list=False): # Do the query. try: - response = resolver.query(qname, rtype) + response = resolver.resolve(qname, rtype) except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): # Host did not have an answer for this query; not sure what the # difference is between the two exceptions. diff --git a/tests/test_dns.py b/tests/test_dns.py index c5fe8051..ce51c9d9 100755 --- a/tests/test_dns.py +++ b/tests/test_dns.py @@ -48,7 +48,7 @@ def test2(tests, server, description): for qname, rtype, expected_answer in tests: # do the query and format the result as a string try: - response = dns.resolver.query(qname, rtype) + response = dns.resolver.resolve(qname, rtype) except dns.resolver.NoNameservers: # host did not have an answer for this query print("Could not connect to %s for DNS query." % server) diff --git a/tests/test_mail.py b/tests/test_mail.py index 8c8838a5..312f3332 100755 --- a/tests/test_mail.py +++ b/tests/test_mail.py @@ -48,7 +48,7 @@ server = smtplib.SMTP_SSL(host) ipaddr = socket.gethostbyname(host) # IPv4 only! reverse_ip = dns.reversename.from_address(ipaddr) # e.g. "1.0.0.127.in-addr.arpa." try: - reverse_dns = dns.resolver.query(reverse_ip, 'PTR')[0].target.to_text(omit_final_dot=True) # => hostname + reverse_dns = dns.resolver.resolve(reverse_ip, 'PTR')[0].target.to_text(omit_final_dot=True) # => hostname except dns.resolver.NXDOMAIN: print("Reverse DNS lookup failed for %s. SMTP EHLO name check skipped." % ipaddr) reverse_dns = None From a0f9835e43c6cc0d1b3f292969f4146924bd2d33 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 8 Jan 2022 19:09:30 -0500 Subject: [PATCH 5/9] certbot and duplicity PPAs no longer need to be added because recent versions are now included in the Ubuntu respository --- setup/system.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/setup/system.sh b/setup/system.sh index e8099218..09fbc454 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -97,12 +97,6 @@ fi # come from there and minimal Ubuntu installs may have it turned off. hide_output add-apt-repository -y universe -# Install the certbot PPA. -hide_output add-apt-repository -y ppa:certbot/certbot - -# Install the duplicity PPA. -hide_output add-apt-repository -y ppa:duplicity-team/duplicity-release-git - # ### Update Packages # Update system packages to make sure we have the latest upstream versions From ae2087843185f1b10ebbf49272783abdd04364ca Mon Sep 17 00:00:00 2001 From: Daniel Mabbett Date: Fri, 24 Apr 2020 14:25:43 +1000 Subject: [PATCH 6/9] Upgrade from PHP 7.2 to 8.0 for Ubuntu 22.04 (Updated by @JoshData from the original commit which was for Ubuntu 20.04 using PHP 7.4. And although 8.1 seems to be available, it's not supported by Nextcloud yet, and it likely will never be supported by the the version of Nextcloud that succeeds the last version of Nextcloud that supports PHP 7.2, and we have to install the next version so that an upgrade is permitted, so skipping to PHP 8.1 may not be easily possible.) --- conf/nginx-top.conf | 2 +- management/backup.py | 4 ++-- setup/management.sh | 2 +- setup/nextcloud.sh | 14 +++++++------- setup/web.sh | 16 ++++++++-------- setup/webmail.sh | 2 +- setup/zpush.sh | 2 +- tools/owncloud-restore.sh | 4 ++-- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/conf/nginx-top.conf b/conf/nginx-top.conf index 4d888366..c3f4c0d6 100644 --- a/conf/nginx-top.conf +++ b/conf/nginx-top.conf @@ -7,6 +7,6 @@ ## your own --- please do not ask for help from us. upstream php-fpm { - server unix:/var/run/php/php7.2-fpm.sock; + server unix:/var/run/php/php8.0-fpm.sock; } diff --git a/management/backup.py b/management/backup.py index 0a8a021e..9011eda8 100755 --- a/management/backup.py +++ b/management/backup.py @@ -247,7 +247,7 @@ def perform_backup(full_backup): if quit: sys.exit(code) - service_command("php7.2-fpm", "stop", quit=True) + service_command("php8.0-fpm", "stop", quit=True) service_command("postfix", "stop", quit=True) service_command("dovecot", "stop", quit=True) @@ -281,7 +281,7 @@ def perform_backup(full_backup): # Start services again. service_command("dovecot", "start", quit=False) service_command("postfix", "start", quit=False) - service_command("php7.2-fpm", "start", quit=False) + service_command("php8.0-fpm", "start", quit=False) # Remove old backups. This deletes all backup data no longer needed # from more than 3 days ago. diff --git a/setup/management.sh b/setup/management.sh index 8dc64f3b..7961aecb 100755 --- a/setup/management.sh +++ b/setup/management.sh @@ -25,7 +25,7 @@ done # # certbot installs EFF's certbot which we use to # provision free TLS certificates. -apt_install duplicity python-pip virtualenv certbot rsync +apt_install duplicity python3-pip virtualenv certbot rsync # b2sdk is used for backblaze backups. # boto is used for amazon aws backups. diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index d8ce7635..ee1d21b2 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -146,8 +146,8 @@ fi # from the version currently installed, do the install/upgrade if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then - # Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail. - service php7.2-fpm stop &> /dev/null || /bin/true + # Stop php-fpm if running. If they are not running (which happens on a previously failed install), dont bail. + service php8.0-fpm stop &> /dev/null || /bin/true # Backup the existing ownCloud/Nextcloud. # Create a backup directory to store the current installation and database to @@ -342,7 +342,7 @@ sudo -u www-data \ # Set PHP FPM values to support large file uploads # (semicolon is the comment character in this file, hashes produce deprecation warnings) -tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \ +tools/editconf.py /etc/php/8.0/fpm/php.ini -c ';' \ upload_max_filesize=16G \ post_max_size=16G \ output_buffering=16384 \ @@ -351,7 +351,7 @@ tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \ short_open_tag=On # Set Nextcloud recommended opcache settings -tools/editconf.py /etc/php/7.2/cli/conf.d/10-opcache.ini -c ';' \ +tools/editconf.py /etc/php/8.0/cli/conf.d/10-opcache.ini -c ';' \ opcache.enable=1 \ opcache.enable_cli=1 \ opcache.interned_strings_buffer=8 \ @@ -361,8 +361,8 @@ tools/editconf.py /etc/php/7.2/cli/conf.d/10-opcache.ini -c ';' \ opcache.revalidate_freq=1 # If apc is explicitly disabled we need to enable it -if grep -q apc.enabled=0 /etc/php/7.2/mods-available/apcu.ini; then - tools/editconf.py /etc/php/7.2/mods-available/apcu.ini -c ';' \ +if grep -q apc.enabled=0 /etc/php/8.0/mods-available/apcu.ini; then + tools/editconf.py /etc/php/8.0/mods-available/apcu.ini -c ';' \ apc.enabled=1 fi @@ -387,4 +387,4 @@ rm -f /etc/cron.hourly/mailinabox-owncloud # ``` # Enable PHP modules and restart PHP. -restart_service php7.2-fpm +restart_service php8.0-fpm diff --git a/setup/web.sh b/setup/web.sh index 4433ff0d..9df3d724 100755 --- a/setup/web.sh +++ b/setup/web.sh @@ -46,15 +46,15 @@ tools/editconf.py /etc/nginx/nginx.conf -s \ ssl_protocols="TLSv1.2 TLSv1.3;" # Tell PHP not to expose its version number in the X-Powered-By header. -tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \ +tools/editconf.py /etc/php/8.0/fpm/php.ini -c ';' \ expose_php=Off # Set PHPs default charset to UTF-8, since we use it. See #367. -tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \ +tools/editconf.py /etc/php/8.0/fpm/php.ini -c ';' \ default_charset="UTF-8" # Configure the path environment for php-fpm -tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ +tools/editconf.py /etc/php/8.0/fpm/pool.d/www.conf -c ';' \ env[PATH]=/usr/local/bin:/usr/bin:/bin \ # Configure php-fpm based on the amount of memory the machine has @@ -64,7 +64,7 @@ tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true) if [ $TOTAL_PHYSICAL_MEM -lt 1000000 ] then - tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ + tools/editconf.py /etc/php/8.0/fpm/pool.d/www.conf -c ';' \ pm=ondemand \ pm.max_children=8 \ pm.start_servers=2 \ @@ -72,7 +72,7 @@ then pm.max_spare_servers=3 elif [ $TOTAL_PHYSICAL_MEM -lt 2000000 ] then - tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ + tools/editconf.py /etc/php/8.0/fpm/pool.d/www.conf -c ';' \ pm=ondemand \ pm.max_children=16 \ pm.start_servers=4 \ @@ -80,14 +80,14 @@ then pm.max_spare_servers=6 elif [ $TOTAL_PHYSICAL_MEM -lt 3000000 ] then - tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ + tools/editconf.py /etc/php/8.0/fpm/pool.d/www.conf -c ';' \ pm=dynamic \ pm.max_children=60 \ pm.start_servers=6 \ pm.min_spare_servers=3 \ pm.max_spare_servers=9 else - tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ + tools/editconf.py /etc/php/8.0/fpm/pool.d/www.conf -c ';' \ pm=dynamic \ pm.max_children=120 \ pm.start_servers=12 \ @@ -147,7 +147,7 @@ chown -R $STORAGE_USER $STORAGE_ROOT/www # Start services. restart_service nginx -restart_service php7.2-fpm +restart_service php8.0-fpm # Open ports. ufw_allow http diff --git a/setup/webmail.sh b/setup/webmail.sh index 938bcdd3..71ea6a7e 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -208,4 +208,4 @@ chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite # Enable PHP modules. phpenmod -v php mcrypt imap -restart_service php7.2-fpm +restart_service php8.0-fpm diff --git a/setup/zpush.sh b/setup/zpush.sh index 1d19e4dd..673689ed 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -102,7 +102,7 @@ EOF # Restart service. -restart_service php7.2-fpm +restart_service php8.0-fpm # Fix states after upgrade diff --git a/tools/owncloud-restore.sh b/tools/owncloud-restore.sh index 4b0ba4de..9cdf5dbe 100755 --- a/tools/owncloud-restore.sh +++ b/tools/owncloud-restore.sh @@ -26,7 +26,7 @@ if [ ! -f $1/config.php ]; then fi echo "Restoring backup from $1" -service php7.2-fpm stop +service php8.0-fpm stop # remove the current ownCloud/Nextcloud installation rm -rf /usr/local/lib/owncloud/ @@ -45,5 +45,5 @@ chown www-data.www-data $STORAGE_ROOT/owncloud/config.php sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off -service php7.2-fpm start +service php8.0-fpm start echo "Done" From 114916d9ab6c0b5bff774f98c959673481c876c0 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 8 Jan 2022 19:29:25 -0500 Subject: [PATCH 7/9] Upgrade to Nextcloud 23.0.0 The first version supporting PHP 8.0 is Nextcloud 21. Therefore we can add migrations only to Nextcloud 21 forward, and so we only support migrating from Nextcloud 20 (Mail-in-a-Box versions v0.51+). Migration steps through Nextcloud 21 and 22 are added. --- setup/nextcloud.sh | 51 ++++++++++++++-------------------------------- 1 file changed, 15 insertions(+), 36 deletions(-) diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index ee1d21b2..331023dc 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -21,14 +21,14 @@ echo "Installing Nextcloud (contacts/calendar)..." # we automatically install intermediate versions as needed. # * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and # copying it from the error message when it doesn't match what is below. -nextcloud_ver=20.0.14 -nextcloud_hash=92cac708915f51ee2afc1787fd845476fd090c81 +nextcloud_ver=23.0.0 +nextcloud_hash=0d496eb0808c292502479e93cd37fe2daf95786a # Nextcloud apps # -------------- # * Find the most recent tag that is compatible with the Nextcloud version above by # consulting the ... node at: -# https://github.com/nextcloud-releases/contacts/blob/maaster/appinfo/info.xml +# https://github.com/nextcloud-releases/contacts/blob/master/appinfo/info.xml # https://github.com/nextcloud-releases/calendar/blob/master/appinfo/info.xml # https://github.com/nextcloud/user_external/blob/master/appinfo/info.xml # * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and @@ -174,42 +174,19 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[012] ]]; then echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup will continue, but skip the Nextcloud migration." return 0 - elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^13 ]]; then - # If we are running Nextcloud 13, upgrade to Nextcloud 14 - InstallNextcloud 14.0.6 4e43a57340f04c2da306c8eea98e30040399ae5a 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 - CURRENT_NEXTCLOUD_VER="14.0.6" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^14 ]]; then - # During the upgrade from Nextcloud 14 to 15, user_external may cause the upgrade to fail. - # We will disable it here before the upgrade and install it again after the upgrade. - hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable user_external - InstallNextcloud 15.0.8 4129d8d4021c435f2e86876225fb7f15adf764a3 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 - CURRENT_NEXTCLOUD_VER="15.0.8" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^15 ]]; then - InstallNextcloud 16.0.6 0bb3098455ec89f5af77a652aad553ad40a88819 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 - CURRENT_NEXTCLOUD_VER="16.0.6" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^16 ]]; then - InstallNextcloud 17.0.6 50b98d2c2f18510b9530e558ced9ab51eb4f11b0 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 - CURRENT_NEXTCLOUD_VER="17.0.6" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^17 ]]; then - # Don't exit the install if this column already exists (see #2076) - (echo "ALTER TABLE oc_flow_operations ADD COLUMN entity VARCHAR;" | sqlite3 $STORAGE_ROOT/owncloud/owncloud.db 2>/dev/null) || true - InstallNextcloud 18.0.10 39c0021a8b8477c3f1733fddefacfa5ebf921c68 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a - CURRENT_NEXTCLOUD_VER="18.0.10" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^18 ]]; then - InstallNextcloud 19.0.4 01e98791ba12f4860d3d4047b9803f97a1b55c60 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a - CURRENT_NEXTCLOUD_VER="19.0.4" - fi + elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[3456789] ]]; then + echo "Upgrades from Mail-in-a-Box prior to v60 with Nextcloud 19 or earlier are not supported. Upgrade to the latest Mail-in-a-Box version supported on your machine first. Setup will continue, but skip the Nextcloud migration." + return 0 + elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^20 ]]; then + InstallNextcloud 21.0.7 f5c7079c5b56ce1e301c6a27c0d975d608bb01c9 4.0.7 8ab31d205408e4f12067d8a4daa3595d46b513e3 3.0.4 6fb1e998d307c53245faf1c37a96eb982bbee8ba 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a + CURRENT_NEXTCLOUD_VER="21.0.7" + elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^21 ]]; then + InstallNextcloud 22.2.2 489eaf4147ad1b59385847b7d7db293712cced88 4.0.7 8ab31d205408e4f12067d8a4daa3595d46b513e3 3.0.4 6fb1e998d307c53245faf1c37a96eb982bbee8ba 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a + CURRENT_NEXTCLOUD_VER="22.2.2" + fi fi InstallNextcloud $nextcloud_ver $nextcloud_hash $contacts_ver $contacts_hash $calendar_ver $calendar_hash $user_external_ver $user_external_hash - - # Nextcloud 20 needs to have some optional columns added - sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-columns fi # ### Configuring Nextcloud @@ -300,6 +277,8 @@ php < $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php; Date: Sun, 9 Jan 2022 10:32:36 -0500 Subject: [PATCH 8/9] Update dovecot, spampd settings for Ubuntu 22.04 * dovecot's ssl_protocols became ssl_min_protocol in 2.3 * spampd fixed a bug so we can remove lmtp_destination_recipient_limit=1 in postfix --- setup/mail-dovecot.sh | 2 +- setup/mail-postfix.sh | 15 ++++++++------- tools/editconf.py | 26 +++++++++++++++++++------- 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh index 26d32895..394ede8b 100755 --- a/setup/mail-dovecot.sh +++ b/setup/mail-dovecot.sh @@ -84,7 +84,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \ ssl=required \ "ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \ "ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \ - "ssl_protocols=TLSv1.2" \ + "ssl_min_protocol=TLSv1.2" \ "ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \ "ssl_prefer_server_ciphers=no" \ "ssl_dh_parameters_length=2048" diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh index dc1fff85..196d371d 100755 --- a/setup/mail-postfix.sh +++ b/setup/mail-postfix.sh @@ -13,8 +13,8 @@ # destinations according to aliases, and passses email on to # another service for local mail delivery. # -# The first hop in local mail delivery is to Spamassassin via -# LMTP. Spamassassin then passes mail over to Dovecot for +# The first hop in local mail delivery is to spampd via +# LMTP. spampd then passes mail over to Dovecot for # storage in the user's mailbox. # # Postfix also listens on ports 465/587 (SMTPS, SMTP+STARTLS) for @@ -193,16 +193,17 @@ tools/editconf.py /etc/postfix/main.cf \ # ### Incoming Mail -# Pass any incoming mail over to a local delivery agent. Spamassassin -# will act as the LDA agent at first. It is listening on port 10025 -# with LMTP. Spamassassin will pass the mail over to Dovecot after. +# Pass mail to spampd, which acts as the local delivery agent (LDA), +# which then passes the mail over to the Dovecot LMTP server after. +# spampd runs on port 10025 by default. # # In a basic setup we would pass mail directly to Dovecot by setting # virtual_transport to `lmtp:unix:private/dovecot-lmtp`. tools/editconf.py /etc/postfix/main.cf "virtual_transport=lmtp:[127.0.0.1]:10025" -# Because of a spampd bug, limit the number of recipients in each connection. +# Clear the lmtp_destination_recipient_limit setting which in previous +# versions of Mail-in-a-Box was set to 1 because of a spampd bug. # See https://github.com/mail-in-a-box/mailinabox/issues/1523. -tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1 +tools/editconf.py /etc/postfix/main.cf -e lmtp_destination_recipient_limit= # Who can send mail to us? Some basic filters. diff --git a/tools/editconf.py b/tools/editconf.py index d665f861..e80742e4 100755 --- a/tools/editconf.py +++ b/tools/editconf.py @@ -14,6 +14,10 @@ # # NAME VALUE # +# If the -e option is given and VALUE is empty, the setting is removed +# from the configuration file if it is set (i.e. existing occurrences +# are commented out and no new setting is added). +# # If the -c option is given, then the supplied character becomes the comment character # # If the -w option is given, then setting lines continue onto following @@ -35,6 +39,7 @@ settings = sys.argv[2:] delimiter = "=" delimiter_re = r"\s*=\s*" +erase_setting = False comment_char = "#" folded_lines = False testing = False @@ -44,6 +49,9 @@ while settings[0][0] == "-" and settings[0] != "--": # Space is the delimiter delimiter = " " delimiter_re = r"\s+" + elif opt == "-e": + # Erase settings that have empty values. + erase_setting = True elif opt == "-w": # Line folding is possible in this file. folded_lines = True @@ -81,7 +89,7 @@ while len(input_lines) > 0: # See if this line is for any settings passed on the command line. for i in range(len(settings)): - # Check that this line contain this setting from the command-line arguments. + # Check if this line contain this setting from the command-line arguments. name, val = settings[i].split("=", 1) m = re.match( "(\s*)" @@ -91,8 +99,10 @@ while len(input_lines) > 0: if not m: continue indent, is_comment, existing_val = m.groups() - # If this is already the setting, do nothing. - if is_comment is None and existing_val == val: + # If this is already the setting, keep it in the file, except: + # * If we've already seen it before, then remove this duplicate line. + # * If val is empty and erase_setting is on, then comment it out. + if is_comment is None and existing_val == val and not (not val and erase_setting): # It may be that we've already inserted this setting higher # in the file so check for that first. if i in found: break @@ -107,8 +117,9 @@ while len(input_lines) > 0: # the line is already commented, pass it through buf += line - # if this option oddly appears more than once, don't add the setting again - if i in found: + # if this option already is set don't add the setting again, + # or if we're clearing the setting with -e, don't add it + if (i in found) or (not val and erase_setting): break # add the new setting @@ -122,9 +133,10 @@ while len(input_lines) > 0: # If did not match any setting names, pass this line through. buf += line -# Put any settings we didn't see at the end of the file. +# Put any settings we didn't see at the end of the file, +# except settings being cleared. for i in range(len(settings)): - if i not in found: + if (i not in found) and not (not val and erase_setting): name, val = settings[i].split("=", 1) buf += name + delimiter + val + "\n" From 3998214e8763df878a445d4e1e3fe93c630475f0 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sun, 9 Jan 2022 10:39:29 -0500 Subject: [PATCH 9/9] Start changelog and instructions updates for version 60 supporting Ubuntu 22.04 To scan for updated apt packages in Ubuntu 22.04, I ran on Ubuntu 18.04 and 22.04 and compared the output: ``` for package in openssl openssh-client haveged pollinate fail2ban ufw bind9 nsd ldnsutils nginx dovecot-core postfix opendkim opendkim-tools opendmarc postgrey spampd razor pyzor dovecot-antispam sqlite3 duplicity certbot munin munin-node php python3; do echo -n "$package "; dpkg-query --showformat='${Version}' --show $package; echo done ``` --- CHANGELOG.md | 19 +++++++++++++++++++ README.md | 6 +++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1eefb2ca..e96261bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,25 @@ CHANGELOG ========= +Version 60 (date TBD) +--------------------- + +This is the first release for Ubuntu 22.04. + +**Before upgrading**, you must **first upgrade your existing Ubuntu 18.04 box to Mail-in-a-Box v0.51** (or any later version of Mail-in-a-Box supporting Ubuntu 18.04), if you haven't already done so. That may not be possible after Ubuntu 18.04 reaches its end of life in April 2023, so please compete the upgrade well before then. (If you are not using Nextcloud's contacts or calendar, you can migrate to the latest version of Mail-in-a-Box from any previous version.) + +For complete upgrade instructions, see: + +LINK TBD + +No features of Mail-in-a-Box have changed in this release, but with the newer version of Ubuntu the following software packages we use are updated: + +* dovecot is upgraded to 2.3.16, postfix to 3.6.3, opendmark to 1.4 (which adds ARC-Authentication-Results headers), and spampd to 2.53 (alleviating a mail delivery rate limiting bug). +* Nextcloud is upgraded to 23.0.0 with PHP updated from 7.2 to 8.0. +* certbot is upgraded to 1.21 (via the Ubuntu repository instead of a PPA). +* fail2ban is upgraded to 0.11.2. +* nginx is upgraded to 1.18. + In Development -------------- diff --git a/README.md b/README.md index 40a0e0d7..ab9a8039 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ Additionally, this project has a [Code of Conduct](CODE_OF_CONDUCT.md), which su In The Box ---------- -Mail-in-a-Box turns a fresh Ubuntu 18.04 LTS 64-bit machine into a working mail server by installing and configuring various components. +Mail-in-a-Box turns a fresh Ubuntu 22.04 LTS 64-bit machine into a working mail server by installing and configuring various components. It is a one-click email appliance. There are no user-configurable setup options. It "just works." @@ -54,13 +54,13 @@ Installation See the [setup guide](https://mailinabox.email/guide.html) for detailed, user-friendly instructions. -For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine... +For experts, start with a completely fresh (really, I mean it) Ubuntu 22.04 LTS 64-bit machine. On the machine... Clone this repository and checkout the tag corresponding to the most recent release: $ git clone https://github.com/mail-in-a-box/mailinabox $ cd mailinabox - $ git checkout v55 + $ git checkout v60 Begin the installation.