external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-04 00:17:06 +00:00
Code Issues Releases Wiki Activity

Merge branch 'jammyjellyfish2204' of https://github.com/mail-in-a-box/mailinabox into jammyjellyfish2204

Browse Source 
# Conflicts:
#	README.md
#	setup/mail-dovecot.sh
#	setup/system.sh
#	setup/webmail.sh
#	setup/zpush.sh
#	tests/test_mail.py
This commit is contained in:
downtownallday 2022-01-11 16:39:39 -05:00
commit 4e6550ed22
31 changed files with 259 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/commit-tests.yml vendored
View File

@ -1,20 +1,14 @@
name: commit-tests name: commit-tests
on: [push] on: [workflow_dispatch]
jobs: jobs:
# MiaB-LDAP connected to a remote Nextcloud # MiaB-LDAP connected to a remote Nextcloud
remote-nextcloud-docker: remote-nextcloud-docker:
runs-on: ubuntu-18.04 runs-on: ubuntu-22.04
env: env:
PRIMARY_HOSTNAME: box1.abc.com PRIMARY_HOSTNAME: box1.abc.com
FEATURE_MUNIN: false FEATURE_MUNIN: false
# github specific: php-xsl is a virtual package provided by php-xml
PHP_XSL_PACKAGE: php-xml
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
# the github image comes preinstalled with multiple php versions
# and it sets the system php to the latest version. MIAB requires
# php 7.2 (the default on a new ubuntu 18 install)
- run: sudo update-alternatives --set php /usr/bin/php7.2
- name: setup - name: setup
run: sudo -E tests/system-setup/remote-nextcloud-docker.sh upgrade basic run: sudo -E tests/system-setup/remote-nextcloud-docker.sh upgrade basic
- name: test-runner - name: test-runner
@ -23,14 +17,12 @@ jobs:
# Upgrade from upstream install # Upgrade from upstream install
upgrade-from-upstream: upgrade-from-upstream:
runs-on: ubuntu-18.04 runs-on: ubuntu-22.04
env: env:
PRIMARY_HOSTNAME: box2.abc.com PRIMARY_HOSTNAME: box2.abc.com
UPSTREAM_TAG: main UPSTREAM_TAG: main
PHP_XSL_PACKAGE: php-xml
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- run: sudo update-alternatives --set php /usr/bin/php7.2
- name: setup - name: setup
run: sudo -E tests/system-setup/upgrade-from-upstream.sh basic totpuser run: sudo -E tests/system-setup/upgrade-from-upstream.sh basic totpuser
- name: test-runner - name: test-runner

19
CHANGELOG.md
View File

@ -1,6 +1,25 @@
CHANGELOG CHANGELOG
========= =========
Version 60 (date TBD)
---------------------
This is the first release for Ubuntu 22.04.
**Before upgrading**, you must **first upgrade your existing Ubuntu 18.04 box to Mail-in-a-Box v0.51** (or any later version of Mail-in-a-Box supporting Ubuntu 18.04), if you haven't already done so. That may not be possible after Ubuntu 18.04 reaches its end of life in April 2023, so please compete the upgrade well before then. (If you are not using Nextcloud's contacts or calendar, you can migrate to the latest version of Mail-in-a-Box from any previous version.)
For complete upgrade instructions, see:
LINK TBD
No features of Mail-in-a-Box have changed in this release, but with the newer version of Ubuntu the following software packages we use are updated:
* dovecot is upgraded to 2.3.16, postfix to 3.6.3, opendmark to 1.4 (which adds ARC-Authentication-Results headers), and spampd to 2.53 (alleviating a mail delivery rate limiting bug).
* Nextcloud is upgraded to 23.0.0 with PHP updated from 7.2 to 8.0.
* certbot is upgraded to 1.21 (via the Ubuntu repository instead of a PPA).
* fail2ban is upgraded to 0.11.2.
* nginx is upgraded to 1.18.
In Development In Development
-------------- --------------

2
Vagrantfile vendored
View File

@ -2,7 +2,7 @@
# vi: set ft=ruby : # vi: set ft=ruby :
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/bionic64" config.vm.box = "ubuntu/jammy64"
# Network config: Since it's a mail server, the machine must be connected # Network config: Since it's a mail server, the machine must be connected
# to the public web. However, we currently don't want to expose SSH since # to the public web. However, we currently don't want to expose SSH since

2
conf/nginx-top.conf
View File

@ -7,6 +7,6 @@
## your own --- please do not ask for help from us. ## your own --- please do not ask for help from us.
upstream php-fpm { upstream php-fpm {
server unix:/var/run/php/php7.2-fpm.sock; server unix:/var/run/php/php8.0-fpm.sock;
} }

4
management/backup.py
View File

@ -248,7 +248,7 @@ def perform_backup(full_backup):
if quit: if quit:
sys.exit(code) sys.exit(code)
service_command("php7.2-fpm", "stop", quit=True) service_command("php8.0-fpm", "stop", quit=True)
service_command("postfix", "stop", quit=True) service_command("postfix", "stop", quit=True)
service_command("dovecot", "stop", quit=True) service_command("dovecot", "stop", quit=True)
service_command("slapd", "stop", quit=True) service_command("slapd", "stop", quit=True)
@ -286,7 +286,7 @@ def perform_backup(full_backup):
service_command("slapd", "start", quit=False) service_command("slapd", "start", quit=False)
service_command("dovecot", "start", quit=False) service_command("dovecot", "start", quit=False)
service_command("postfix", "start", quit=False) service_command("postfix", "start", quit=False)
service_command("php7.2-fpm", "start", quit=False) service_command("php8.0-fpm", "start", quit=False)
# Remove old backups. This deletes all backup data no longer needed # Remove old backups. This deletes all backup data no longer needed
# from more than 3 days ago. # from more than 3 days ago.

8
management/dns_update.py
View File

@ -1000,9 +1000,9 @@ def get_secondary_dns(custom_dns, mode=None):
# doesn't. # doesn't.
if not hostname.startswith("xfr:"): if not hostname.startswith("xfr:"):
if mode == "xfr": if mode == "xfr":
response = dns.resolver.query(hostname+'.', "A", raise_on_no_answer=False) response = dns.resolver.resolve(hostname+'.', "A", raise_on_no_answer=False)
values.extend(map(str, response)) values.extend(map(str, response))
response = dns.resolver.query(hostname+'.', "AAAA", raise_on_no_answer=False) response = dns.resolver.resolve(hostname+'.', "AAAA", raise_on_no_answer=False)
values.extend(map(str, response)) values.extend(map(str, response))
continue continue
values.append(hostname) values.append(hostname)
@ -1025,10 +1025,10 @@ def set_secondary_dns(hostnames, env):
if not item.startswith("xfr:"): if not item.startswith("xfr:"):
# Resolve hostname. # Resolve hostname.
try: try:
response = resolver.query(item, "A") response = resolver.resolve(item, "A")
except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
try: try:
response = resolver.query(item, "AAAA") response = resolver.resolve(item, "AAAA")
except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
raise ValueError("Could not resolve the IP address of %s." % item) raise ValueError("Could not resolve the IP address of %s." % item)
else: else:

2
management/status_checks.py
View File

@ -785,7 +785,7 @@ def query_dns(qname, rtype, nxdomain='[Not Set]', at=None, as_list=False):
# Do the query. # Do the query.
try: try:
response = resolver.query(qname, rtype) response = resolver.resolve(qname, rtype)
except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
# Host did not have an answer for this query; not sure what the # Host did not have an answer for this query; not sure what the
# difference is between the two exceptions. # difference is between the two exceptions.

43
setup/bootstrap.sh
View File

@ -9,32 +9,37 @@
if [ -z "$TAG" ]; then if [ -z "$TAG" ]; then
# If a version to install isn't explicitly given as an environment # If a version to install isn't explicitly given as an environment
# variable, then install the latest version. But the latest version # variable, then install the latest version. But the latest version
# depends on the operating system. Existing Ubuntu 14.04 users need # depends on the machine's version of Ubuntu. Existing users need to
# to be able to upgrade to the latest version supporting Ubuntu 14.04, # be able to upgrade to the latest version available for that version
# in part because an upgrade is required before jumping to Ubuntu 18.04. # of Ubuntu to satisfy the migration requirements.
# New users on Ubuntu 18.04 need to get the latest version number too.
# #
# Also, the system status checks read this script for TAG = (without the # Also, the system status checks read this script for TAG = (without the
# space, but if we put it in a comment it would confuse the status checks!) # space, but if we put it in a comment it would confuse the status checks!)
# to get the latest version, so the first such line must be the one that we # to get the latest version, so the first such line must be the one that we
# want to display in status checks. # want to display in status checks.
if [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' )" == "Ubuntu 18.04 LTS" ]; then #
# This machine is running Ubuntu 18.04. # Allow point-release versions of the major releases, e.g. 22.04.1 is OK.
TAG=v55 UBUNTU_VERSION=$( lsb_release -d | sed 's/.*:\s*//' | sed 's/\([0-9]*\.[0-9]*\)\.[0-9]/\1/' )"
if [ "$UBUNTU_VERSION" == "Ubuntu 22.04 LTS" ]; then
elif [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' )" == "Ubuntu 14.04 LTS" ]; then # This machine is running Ubuntu 22.04, which is supported by
# This machine is running Ubuntu 14.04. # Mail-in-a-Box versions 60 and later.
echo "You are installing the last version of Mail-in-a-Box that will" TAG=v60
echo "support Ubuntu 14.04. If this is a new installation of Mail-in-a-Box," elif [ "$UBUNTU_VERSION" == "Ubuntu 18.04 LTS" ]; then
echo "stop now and switch to a machine running Ubuntu 18.04. If you are" # This machine is running Ubuntu 18.04, which is supported by
echo "upgrading an existing Mail-in-a-Box --- great. After upgrading this" # Mail-in-a-Box versions 0.40 through 5x.
echo "box, please visit https://mailinabox.email for notes on how to upgrade" echo "Support is ending for Ubuntu 18.04."
echo "to Ubuntu 18.04." echo "Please immediately begin to migrate your information to"
echo "" echo "a new machine running Ubuntu 22.04. See:"
echo "https://mailinabox.email/maintenance.html#upgrade"
TAG=v56
elif [ "$UBUNTU_VERSION" == "Ubuntu 14.04 LTS" ]; then
# This machine is running Ubuntu 14.04, which is supported by
# Mail-in-a-Box versions 1 through v0.30.
echo "Ubuntu 14.04 is no longer supported."
echo "The last version of Mail-in-a-Box supporting Ubuntu 14.04 will be installed."
TAG=v0.30 TAG=v0.30
else else
echo "This script must be run on a system running Ubuntu 18.04 or Ubuntu 14.04." echo "This script may be used only on a machine running Ubuntu 14.04, 18.04, or 22.04."
exit 1 exit 1
fi fi
fi fi

46
setup/dns.sh
View File

@ -10,17 +10,13 @@
source setup/functions.sh # load our functions source setup/functions.sh # load our functions
source /etc/mailinabox.conf # load global vars source /etc/mailinabox.conf # load global vars
# Install the packages.
#
# * nsd: The non-recursive nameserver that publishes our DNS records.
# * ldnsutils: Helper utilities for signing DNSSEC zones.
# * openssh-client: Provides ssh-keyscan which we use to create SSHFP records.
echo "Installing nsd (DNS server)..."
apt_install nsd ldnsutils openssh-client
# Prepare nsd's configuration. # Prepare nsd's configuration.
# We configure nsd before installation as we only want it to bind to some addresses
# and it otherwise will have port / bind conflicts with bind9 used as the local resolver
mkdir -p /var/run/nsd mkdir -p /var/run/nsd
mkdir -p /etc/nsd
mkdir -p /etc/nsd/zones
touch /etc/nsd/zones.conf
cat > /etc/nsd/nsd.conf << EOF; cat > /etc/nsd/nsd.conf << EOF;
# Do not edit. Overwritten by Mail-in-a-Box setup. # Do not edit. Overwritten by Mail-in-a-Box setup.
@ -42,18 +38,6 @@ server:
EOF EOF
# Add log rotation
cat > /etc/logrotate.d/nsd <<EOF;
/var/log/nsd.log {
weekly
missingok
rotate 12
compress
delaycompress
notifempty
}
EOF
# Since we have bind9 listening on localhost for locally-generated # Since we have bind9 listening on localhost for locally-generated
# DNS queries that require a recursive nameserver, and the system # DNS queries that require a recursive nameserver, and the system
# might have other network interfaces for e.g. tunnelling, we have # might have other network interfaces for e.g. tunnelling, we have
@ -88,6 +72,26 @@ echo "include: /etc/nsd/nsd.conf.d/*.conf" >> /etc/nsd/nsd.conf;
# now be stored in /etc/nsd/nsd.conf.d. # now be stored in /etc/nsd/nsd.conf.d.
rm -f /etc/nsd/zones.conf rm -f /etc/nsd/zones.conf
# Add log rotation
cat > /etc/logrotate.d/nsd <<EOF;
/var/log/nsd.log {
weekly
missingok
rotate 12
compress
delaycompress
notifempty
}
EOF
# Install the packages.
#
# * nsd: The non-recursive nameserver that publishes our DNS records.
# * ldnsutils: Helper utilities for signing DNSSEC zones.
# * openssh-client: Provides ssh-keyscan which we use to create SSHFP records.
echo "Installing nsd (DNS server)..."
apt_install nsd ldnsutils openssh-client
# Create DNSSEC signing keys. # Create DNSSEC signing keys.
mkdir -p "$STORAGE_ROOT/dns/dnssec"; mkdir -p "$STORAGE_ROOT/dns/dnssec";

38
setup/ldap.sh
View File

@ -158,7 +158,13 @@ EOF
# Install packages # Install packages
say "Installing OpenLDAP server..." say "Installing OpenLDAP server..."
apt_install slapd ldap-utils python3-ldap3 python3-ldif3 ca-certificates xz-utils
# we must install slapd without DEBIAN_FRONTEND=noninteractive or
# debconf selections are ignored
hide_output apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" install slapd
# install additional packages
apt_install ldap-utils python3-ldap3 ca-certificates xz-utils
# If slapd was not installed by us, the selections above did # If slapd was not installed by us, the selections above did
# nothing. To check this we see if SLAPD_CONF in # nothing. To check this we see if SLAPD_CONF in
@ -169,7 +175,8 @@ EOF
# we do #2 .... # we do #2 ....
local SLAPD_CONF="" local SLAPD_CONF=""
eval "$(grep ^SLAPD_CONF= /etc/default/slapd)" eval "$(grep ^SLAPD_CONF= /etc/default/slapd)"
local cursuffix="$(slapcat -s "cn=config" | grep "^olcSuffix: ")" local cursuffix="$(slapcat -b "cn=config" | grep "^olcSuffix: ")"
say_debug "current slapd suffix=$cursuffix"
if [ -z "$SLAPD_CONF" ] && if [ -z "$SLAPD_CONF" ] &&
! grep "$LDAP_DOMAIN" <<<"$cursuffix" >/dev/null ! grep "$LDAP_DOMAIN" <<<"$cursuffix" >/dev/null
then then
@ -191,7 +198,7 @@ EOF
# Ensure slapd is running # Ensure slapd is running
systemctl start slapd && wait_slapd_start systemctl start slapd && wait_slapd_start
# Change the admin password hash format in the server from slapd's # Change the root password hash format in the server from slapd's
# default {SSHA} to SHA-512 {CRYPT} with 16 characters of salt # default {SSHA} to SHA-512 {CRYPT} with 16 characters of salt
get_attribute "cn=config" "olcSuffix=${LDAP_BASE}" "olcRootPW" get_attribute "cn=config" "olcSuffix=${LDAP_BASE}" "olcRootPW"
if [ ${#ATTR_VALUE[*]} -eq 1 -a $(grep -c "{SSHA}" <<< "$ATTR_VALUE") -eq 1 ]; then if [ ${#ATTR_VALUE[*]} -eq 1 -a $(grep -c "{SSHA}" <<< "$ATTR_VALUE") -eq 1 ]; then
@ -202,12 +209,15 @@ dn: $ATTR_DN
replace: olcRootPW replace: olcRootPW
olcRootPW: $hash olcRootPW: $hash
EOF EOF
say_verbose "Updating admin hash to SHA512-CRYPT" fi
ldapmodify -H ldap://127.0.0.1/ -x -D "$LDAP_ADMIN_DN" -w "$LDAP_ADMIN_PASSWORD" >/dev/null <<EOF
dn: $LDAP_ADMIN_DN get_attribute "cn=config" "olcSuffix=${LDAP_BASE}" "olcRootDN"
replace: userPassword if [ "$ATTR_VALUE" != "$LDAP_ADMIN_DN" ]; then
userPassword: $hash say ""
EOF say "UNEXPECTED: oldRootDN under $ATTR_DN"
say " is set to: $ATTR_VALUE"
say " expected : $LDAP_ADMIN_DN"
die
fi fi
} }
@ -669,6 +679,8 @@ process_cmdline() {
apply_access_control apply_access_control
elif [ "$2" == "apparmor" ]; then elif [ "$2" == "apparmor" ]; then
update_apparmor update_apparmor
elif [ "$2" == "system-packages" ]; then
install_system_packages
else else
echo "Invalid: '$2'. Only 'server' and 'apparmor' supported" echo "Invalid: '$2'. Only 'server' and 'apparmor' supported"
exit 1 exit 1
@ -706,7 +718,7 @@ process_cmdline() {
if [ "$s" == "all" ]; then if [ "$s" == "all" ]; then
echo "" echo ""
echo '--------------------------------' echo '--------------------------------'
slapcat ${slapcat_args[@]} -s "$LDAP_BASE" | grep -Ev "^$hide_attrs:" slapcat ${slapcat_args[@]} -b "$LDAP_BASE" | grep -Ev "^$hide_attrs:"
fi fi
if [ "$s" == "all" -o "$s" == "config" ]; then if [ "$s" == "all" -o "$s" == "config" ]; then
echo "" echo ""
@ -714,12 +726,12 @@ process_cmdline() {
cat "$MIAB_SLAPD_CONF/cn=config.ldif" | grep -Ev "^$hide_attrs:" cat "$MIAB_SLAPD_CONF/cn=config.ldif" | grep -Ev "^$hide_attrs:"
get_attribute "cn=config" "olcSuffix=${LDAP_BASE}" "dn" get_attribute "cn=config" "olcSuffix=${LDAP_BASE}" "dn"
echo "" echo ""
slapcat ${slapcat_args[@]} -s "$ATTR_DN" | grep -Ev "^$hide_attrs:" slapcat ${slapcat_args[@]} -b "$ATTR_DN" | grep -Ev "^$hide_attrs:"
fi fi
if [ "$s" == "all" -o "$s" == "schema" ]; then if [ "$s" == "all" -o "$s" == "schema" ]; then
echo "" echo ""
echo '--------------------------------' echo '--------------------------------'
slapcat ${slapcat_args[@]} -s "cn=schema,cn=config" | grep -Ev "^$hide_attrs:" slapcat ${slapcat_args[@]} -b "cn=schema,cn=config" | grep -Ev "^$hide_attrs:"
fi fi
if [ "$s" == "all" -o "$s" == "frontend" ]; then if [ "$s" == "all" -o "$s" == "frontend" ]; then
echo "" echo ""
@ -901,5 +913,5 @@ restart_service slapd
cat > /etc/cron.d/mailinabox-ldap << EOF cat > /etc/cron.d/mailinabox-ldap << EOF
# Mail-in-a-Box # Mail-in-a-Box
# Dump database to ldif # Dump database to ldif
30 2 * * * root /usr/sbin/slapcat -F "$MIAB_SLAPD_CONF" -o ldif-wrap=no -s "$LDAP_BASE" | /usr/bin/xz > "$STORAGE_LDAP_ROOT/db.ldif.xz"; chmod 600 "$STORAGE_LDAP_ROOT/db.ldif.xz" 30 2 * * * root /usr/sbin/slapcat -F "$MIAB_SLAPD_CONF" -o ldif-wrap=no -b "$LDAP_BASE" | /usr/bin/xz > "$STORAGE_LDAP_ROOT/db.ldif.xz"; chmod 600 "$STORAGE_LDAP_ROOT/db.ldif.xz"
EOF EOF

4
setup/mail-dovecot.sh
View File

@ -84,9 +84,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
ssl=required \ ssl=required \
"ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \ "ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \
"ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \ "ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \
"ssl_protocols=!SSLv3" \ "ssl_min_protocol=TLSv1.2" \
"ssl_prefer_server_ciphers = yes" \
"ssl_protocols=TLSv1.2" \
"ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \ "ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
"ssl_prefer_server_ciphers=no" \ "ssl_prefer_server_ciphers=no" \
"ssl_dh_parameters_length=2048" "ssl_dh_parameters_length=2048"

15
setup/mail-postfix.sh
View File

@ -13,8 +13,8 @@
# destinations according to aliases, and passses email on to # destinations according to aliases, and passses email on to
# another service for local mail delivery. # another service for local mail delivery.
# #
# The first hop in local mail delivery is to Spamassassin via # The first hop in local mail delivery is to spampd via
# LMTP. Spamassassin then passes mail over to Dovecot for # LMTP. spampd then passes mail over to Dovecot for
# storage in the user's mailbox. # storage in the user's mailbox.
# #
# Postfix also listens on ports 465/587 (SMTPS, SMTP+STARTLS) for # Postfix also listens on ports 465/587 (SMTPS, SMTP+STARTLS) for
@ -205,16 +205,17 @@ tools/editconf.py /etc/postfix/main.cf \
# ### Incoming Mail # ### Incoming Mail
# Pass any incoming mail over to a local delivery agent. Spamassassin # Pass mail to spampd, which acts as the local delivery agent (LDA),
# will act as the LDA agent at first. It is listening on port 10025 # which then passes the mail over to the Dovecot LMTP server after.
# with LMTP. Spamassassin will pass the mail over to Dovecot after. # spampd runs on port 10025 by default.
# #
# In a basic setup we would pass mail directly to Dovecot by setting # In a basic setup we would pass mail directly to Dovecot by setting
# virtual_transport to `lmtp:unix:private/dovecot-lmtp`. # virtual_transport to `lmtp:unix:private/dovecot-lmtp`.
tools/editconf.py /etc/postfix/main.cf "virtual_transport=lmtp:[127.0.0.1]:10025" tools/editconf.py /etc/postfix/main.cf "virtual_transport=lmtp:[127.0.0.1]:10025"
# Because of a spampd bug, limit the number of recipients in each connection. # Clear the lmtp_destination_recipient_limit setting which in previous
# versions of Mail-in-a-Box was set to 1 because of a spampd bug.
# See https://github.com/mail-in-a-box/mailinabox/issues/1523. # See https://github.com/mail-in-a-box/mailinabox/issues/1523.
tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1 tools/editconf.py /etc/postfix/main.cf -e lmtp_destination_recipient_limit=
# Who can send mail to us? Some basic filters. # Who can send mail to us? Some basic filters.

2
setup/management.sh
View File

@ -25,7 +25,7 @@ done
# #
# certbot installs EFF's certbot which we use to # certbot installs EFF's certbot which we use to
# provision free TLS certificates. # provision free TLS certificates.
apt_install duplicity python-pip virtualenv certbot rsync apt_install duplicity python3-pip virtualenv certbot rsync
# b2sdk is used for backblaze backups. # b2sdk is used for backblaze backups.
# boto is used for amazon aws backups. # boto is used for amazon aws backups.

63
setup/nextcloud.sh
View File

@ -23,14 +23,14 @@ echo "Installing Nextcloud (contacts/calendar)..."
# we automatically install intermediate versions as needed. # we automatically install intermediate versions as needed.
# * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and # * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and
# copying it from the error message when it doesn't match what is below. # copying it from the error message when it doesn't match what is below.
nextcloud_ver=20.0.14 nextcloud_ver=23.0.0
nextcloud_hash=92cac708915f51ee2afc1787fd845476fd090c81 nextcloud_hash=0d496eb0808c292502479e93cd37fe2daf95786a
# Nextcloud apps # Nextcloud apps
# -------------- # --------------
# * Find the most recent tag that is compatible with the Nextcloud version above by # * Find the most recent tag that is compatible with the Nextcloud version above by
# consulting the <dependencies>...<nextcloud> node at: # consulting the <dependencies>...<nextcloud> node at:
# https://github.com/nextcloud-releases/contacts/blob/maaster/appinfo/info.xml # https://github.com/nextcloud-releases/contacts/blob/master/appinfo/info.xml
# https://github.com/nextcloud-releases/calendar/blob/master/appinfo/info.xml # https://github.com/nextcloud-releases/calendar/blob/master/appinfo/info.xml
# https://github.com/nextcloud/user_external/blob/master/appinfo/info.xml # https://github.com/nextcloud/user_external/blob/master/appinfo/info.xml
# * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and # * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and
@ -155,8 +155,8 @@ fi
# from the version currently installed, do the install/upgrade # from the version currently installed, do the install/upgrade
if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then
# Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail. # Stop php-fpm if running. If they are not running (which happens on a previously failed install), dont bail.
service php7.2-fpm stop &> /dev/null || /bin/true service php8.0-fpm stop &> /dev/null || /bin/true
# Backup the existing ownCloud/Nextcloud. # Backup the existing ownCloud/Nextcloud.
# Create a backup directory to store the current installation and database to # Create a backup directory to store the current installation and database to
@ -183,42 +183,19 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc
elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[012] ]]; then elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[012] ]]; then
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup will continue, but skip the Nextcloud migration." echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup will continue, but skip the Nextcloud migration."
return 0 return 0
elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^13 ]]; then elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[3456789] ]]; then
# If we are running Nextcloud 13, upgrade to Nextcloud 14 echo "Upgrades from Mail-in-a-Box prior to v60 with Nextcloud 19 or earlier are not supported. Upgrade to the latest Mail-in-a-Box version supported on your machine first. Setup will continue, but skip the Nextcloud migration."
InstallNextcloud 14.0.6 4e43a57340f04c2da306c8eea98e30040399ae5a 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 return 0
CURRENT_NEXTCLOUD_VER="14.0.6" elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^20 ]]; then
fi InstallNextcloud 21.0.7 f5c7079c5b56ce1e301c6a27c0d975d608bb01c9 4.0.7 8ab31d205408e4f12067d8a4daa3595d46b513e3 3.0.4 6fb1e998d307c53245faf1c37a96eb982bbee8ba 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^14 ]]; then CURRENT_NEXTCLOUD_VER="21.0.7"
# During the upgrade from Nextcloud 14 to 15, user_external may cause the upgrade to fail. elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^21 ]]; then
# We will disable it here before the upgrade and install it again after the upgrade. InstallNextcloud 22.2.2 489eaf4147ad1b59385847b7d7db293712cced88 4.0.7 8ab31d205408e4f12067d8a4daa3595d46b513e3 3.0.4 6fb1e998d307c53245faf1c37a96eb982bbee8ba 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable user_external CURRENT_NEXTCLOUD_VER="22.2.2"
InstallNextcloud 15.0.8 4129d8d4021c435f2e86876225fb7f15adf764a3 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
CURRENT_NEXTCLOUD_VER="15.0.8"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^15 ]]; then
InstallNextcloud 16.0.6 0bb3098455ec89f5af77a652aad553ad40a88819 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
CURRENT_NEXTCLOUD_VER="16.0.6"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^16 ]]; then
InstallNextcloud 17.0.6 50b98d2c2f18510b9530e558ced9ab51eb4f11b0 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
CURRENT_NEXTCLOUD_VER="17.0.6"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^17 ]]; then
# Don't exit the install if this column already exists (see #2076)
(echo "ALTER TABLE oc_flow_operations ADD COLUMN entity VARCHAR;" | sqlite3 $STORAGE_ROOT/owncloud/owncloud.db 2>/dev/null) || true
InstallNextcloud 18.0.10 39c0021a8b8477c3f1733fddefacfa5ebf921c68 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
CURRENT_NEXTCLOUD_VER="18.0.10"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^18 ]]; then
InstallNextcloud 19.0.4 01e98791ba12f4860d3d4047b9803f97a1b55c60 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
CURRENT_NEXTCLOUD_VER="19.0.4"
fi fi
fi fi
InstallNextcloud $nextcloud_ver $nextcloud_hash $contacts_ver $contacts_hash $calendar_ver $calendar_hash $user_external_ver $user_external_hash InstallNextcloud $nextcloud_ver $nextcloud_hash $contacts_ver $contacts_hash $calendar_ver $calendar_hash $user_external_ver $user_external_hash
# Nextcloud 20 needs to have some optional columns added
sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-columns
fi fi
# ### Configuring Nextcloud # ### Configuring Nextcloud
@ -309,6 +286,8 @@ php <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php;
<?php <?php
include("$STORAGE_ROOT/owncloud/config.php"); include("$STORAGE_ROOT/owncloud/config.php");
\$CONFIG['config_is_read_only'] = true; # should prevent warnings from occ tool but doesn't
\$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME'); \$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME');
\$CONFIG['memcache.local'] = '\OC\Memcache\APCu'; \$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
@ -351,7 +330,7 @@ sudo -u www-data \
# Set PHP FPM values to support large file uploads # Set PHP FPM values to support large file uploads
# (semicolon is the comment character in this file, hashes produce deprecation warnings) # (semicolon is the comment character in this file, hashes produce deprecation warnings)
tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \ tools/editconf.py /etc/php/8.0/fpm/php.ini -c ';' \
upload_max_filesize=16G \ upload_max_filesize=16G \
post_max_size=16G \ post_max_size=16G \
output_buffering=16384 \ output_buffering=16384 \
@ -360,7 +339,7 @@ tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \
short_open_tag=On short_open_tag=On
# Set Nextcloud recommended opcache settings # Set Nextcloud recommended opcache settings
tools/editconf.py /etc/php/7.2/cli/conf.d/10-opcache.ini -c ';' \ tools/editconf.py /etc/php/8.0/cli/conf.d/10-opcache.ini -c ';' \
opcache.enable=1 \ opcache.enable=1 \
opcache.enable_cli=1 \ opcache.enable_cli=1 \
opcache.interned_strings_buffer=8 \ opcache.interned_strings_buffer=8 \
@ -370,8 +349,8 @@ tools/editconf.py /etc/php/7.2/cli/conf.d/10-opcache.ini -c ';' \
opcache.revalidate_freq=1 opcache.revalidate_freq=1
# If apc is explicitly disabled we need to enable it # If apc is explicitly disabled we need to enable it
if grep -q apc.enabled=0 /etc/php/7.2/mods-available/apcu.ini; then if grep -q apc.enabled=0 /etc/php/8.0/mods-available/apcu.ini; then
tools/editconf.py /etc/php/7.2/mods-available/apcu.ini -c ';' \ tools/editconf.py /etc/php/8.0/mods-available/apcu.ini -c ';' \
apc.enabled=1 apc.enabled=1
fi fi
@ -396,4 +375,4 @@ rm -f /etc/cron.hourly/mailinabox-owncloud
# ``` # ```
# Enable PHP modules and restart PHP. # Enable PHP modules and restart PHP.
restart_service php7.2-fpm restart_service php8.0-fpm

8
setup/preflight.sh
View File

@ -7,11 +7,11 @@ if [[ $EUID -ne 0 ]]; then
exit 1 exit 1
fi fi
# Check that we are running on Ubuntu 18.04 LTS (or 18.04.xx). # Check that we are running on Ubuntu 20.04 LTS (or 20.04.xx).
if [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' )" != "Ubuntu 18.04 LTS" ]; then if [ "$( lsb_release --id --short )" != "Ubuntu" ] || [ "$( lsb_release --release --short )" != "22.04" ]; then
echo "Mail-in-a-Box only supports being installed on Ubuntu 18.04, sorry. You are running:" echo "Mail-in-a-Box only supports being installed on Ubuntu 22.04, sorry. You are running:"
echo echo
lsb_release -d | sed 's/.*:\s*//' lsb_release --description --short
echo echo
echo "We can't write scripts that run on every possible setup, sorry." echo "We can't write scripts that run on every possible setup, sorry."
exit 1 exit 1

22
setup/system.sh
View File

@ -97,26 +97,6 @@ fi
# come from there and minimal Ubuntu installs may have it turned off. # come from there and minimal Ubuntu installs may have it turned off.
hide_output add-apt-repository -y universe hide_output add-apt-repository -y universe
# Install the certbot PPA.
if [ $(. /etc/os-release; echo $VERSION_ID | awk -F. '{print $1}') -le 18 ]
then
hide_output add-apt-repository -y ppa:certbot/certbot
else
hide_output snap install core
hide_output snap refresh core
if ! snap list certbot 1>/dev/null 2>&1; then
# a ppa was required on ubuntu 18, but snaps are used in ubuntu 19+
# remove the ppa and certbot per eff's instructions
hide_output add-apt-repository -r -y ppa:certbot/certbot
hide_output apt-get remove -y certbot
fi
hide_output snap install --classic certbot
ln -sf /snap/bin/certbot /usr/bin/certbot
fi
# Install the duplicity PPA.
hide_output add-apt-repository -y ppa:duplicity-team/duplicity-release-git
# ### Update Packages # ### Update Packages
# Update system packages to make sure we have the latest upstream versions # Update system packages to make sure we have the latest upstream versions
@ -347,7 +327,7 @@ fi #NODOC
# If more queries than specified are sent, bind9 returns SERVFAIL. After flushing the cache during system checks, # If more queries than specified are sent, bind9 returns SERVFAIL. After flushing the cache during system checks,
# we ran into the limit thus we are increasing it from 75 (default value) to 100. # we ran into the limit thus we are increasing it from 75 (default value) to 100.
apt_install bind9 apt_install bind9
tools/editconf.py /etc/default/bind9 \ tools/editconf.py /etc/default/named \
"OPTIONS=\"-u bind -4\"" "OPTIONS=\"-u bind -4\""
if ! grep -q "listen-on " /etc/bind/named.conf.options; then if ! grep -q "listen-on " /etc/bind/named.conf.options; then
# Add a listen-on directive if it doesn't exist inside the options block. # Add a listen-on directive if it doesn't exist inside the options block.

16
setup/web.sh
View File

@ -46,15 +46,15 @@ tools/editconf.py /etc/nginx/nginx.conf -s \
ssl_protocols="TLSv1.2 TLSv1.3;" ssl_protocols="TLSv1.2 TLSv1.3;"
# Tell PHP not to expose its version number in the X-Powered-By header. # Tell PHP not to expose its version number in the X-Powered-By header.
tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \ tools/editconf.py /etc/php/8.0/fpm/php.ini -c ';' \
expose_php=Off expose_php=Off
# Set PHPs default charset to UTF-8, since we use it. See #367. # Set PHPs default charset to UTF-8, since we use it. See #367.
tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \ tools/editconf.py /etc/php/8.0/fpm/php.ini -c ';' \
default_charset="UTF-8" default_charset="UTF-8"
# Configure the path environment for php-fpm # Configure the path environment for php-fpm
tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/8.0/fpm/pool.d/www.conf -c ';' \
env[PATH]=/usr/local/bin:/usr/bin:/bin \ env[PATH]=/usr/local/bin:/usr/bin:/bin \
# Configure php-fpm based on the amount of memory the machine has # Configure php-fpm based on the amount of memory the machine has
@ -64,7 +64,7 @@ tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \
TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true) TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true)
if [ $TOTAL_PHYSICAL_MEM -lt 1000000 ] if [ $TOTAL_PHYSICAL_MEM -lt 1000000 ]
then then
tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/8.0/fpm/pool.d/www.conf -c ';' \
pm=ondemand \ pm=ondemand \
pm.max_children=8 \ pm.max_children=8 \
pm.start_servers=2 \ pm.start_servers=2 \
@ -72,7 +72,7 @@ then
pm.max_spare_servers=3 pm.max_spare_servers=3
elif [ $TOTAL_PHYSICAL_MEM -lt 2000000 ] elif [ $TOTAL_PHYSICAL_MEM -lt 2000000 ]
then then
tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/8.0/fpm/pool.d/www.conf -c ';' \
pm=ondemand \ pm=ondemand \
pm.max_children=16 \ pm.max_children=16 \
pm.start_servers=4 \ pm.start_servers=4 \
@ -80,14 +80,14 @@ then
pm.max_spare_servers=6 pm.max_spare_servers=6
elif [ $TOTAL_PHYSICAL_MEM -lt 3000000 ] elif [ $TOTAL_PHYSICAL_MEM -lt 3000000 ]
then then
tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/8.0/fpm/pool.d/www.conf -c ';' \
pm=dynamic \ pm=dynamic \
pm.max_children=60 \ pm.max_children=60 \
pm.start_servers=6 \ pm.start_servers=6 \
pm.min_spare_servers=3 \ pm.min_spare_servers=3 \
pm.max_spare_servers=9 pm.max_spare_servers=9
else else
tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/8.0/fpm/pool.d/www.conf -c ';' \
pm=dynamic \ pm=dynamic \
pm.max_children=120 \ pm.max_children=120 \
pm.start_servers=12 \ pm.start_servers=12 \
@ -147,7 +147,7 @@ chown -R $STORAGE_USER $STORAGE_ROOT/www
# Start services. # Start services.
restart_service nginx restart_service nginx
restart_service php7.2-fpm restart_service php8.0-fpm
# Open ports. # Open ports.
ufw_allow http ufw_allow http

4
setup/webmail.sh
View File

@ -24,7 +24,7 @@ echo "Installing Roundcube (webmail)..."
apt_install \ apt_install \
dbconfig-common \ dbconfig-common \
php-cli php-sqlite3 php-intl php-json php-common php-curl php-ldap \ php-cli php-sqlite3 php-intl php-json php-common php-curl php-ldap \
php-gd php-pspell tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 php-mbstring php-gd php-pspell libjs-jquery libjs-jquery-mousewheel libmagic1 php-mbstring
# Install Roundcube from source if it is not already present or if it is out of date. # Install Roundcube from source if it is not already present or if it is out of date.
# Combine the Roundcube version number with the commit hash of plugins to track # Combine the Roundcube version number with the commit hash of plugins to track
@ -237,4 +237,4 @@ chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
# Enable PHP modules. # Enable PHP modules.
phpenmod -v php mcrypt imap ldap phpenmod -v php mcrypt imap ldap
restart_service php7.2-fpm restart_service php8.0-fpm

4
setup/zpush.sh
View File

@ -17,7 +17,7 @@ source /etc/mailinabox.conf # load global vars
echo "Installing Z-Push (Exchange/ActiveSync server)..." echo "Installing Z-Push (Exchange/ActiveSync server)..."
apt_install \ apt_install \
php-soap php-imap libawl-php ${PHP_XSL_PACKAGE:-php-xsl} php-soap php-imap libawl-php php8.0-xml
phpenmod -v php imap phpenmod -v php imap
@ -102,7 +102,7 @@ EOF
# Restart service. # Restart service.
restart_service php7.2-fpm restart_service php8.0-fpm
# Fix states after upgrade # Fix states after upgrade

2
tests/system-setup/setup-defaults.sh
View File

@ -42,4 +42,4 @@ export UPSTREAM_TAG="${UPSTREAM_TAG:-}"
# For setup scripts that install miabldap releases # For setup scripts that install miabldap releases
export MIABLDAP_GIT="${MIABLDAP_GIT:-https://github.com/downtownallday/mailinabox-ldap.git}" export MIABLDAP_GIT="${MIABLDAP_GIT:-https://github.com/downtownallday/mailinabox-ldap.git}"
export MIABLDAP_RELEASE_TAG="${MIABLDAP_RELEASE_TAG:-v0.54}" export MIABLDAP_RELEASE_TAG="${MIABLDAP_RELEASE_TAG:-v55}"

10
tests/system-setup/upgrade-from-upstream.sh
View File

@ -79,16 +79,6 @@ upstream_install() {
|| die "Couldn't patch setup/dns.sh !!" || die "Couldn't patch setup/dns.sh !!"
fi fi
if [ ! -z "$PHP_XSL_PACKAGE" ]; then
# For Github Actions - github's ubuntu 18 includes multiple
# PHP versions pre-installed and the php-xsl package for these
# versions is a virtual package of package php-xml. To handle
# this, change the setup scripts so that $PHP_XSL_PACKAGE
# (php-xml) is installed instead of php-xsl.
H2 "Patching upstream setup/zpush.sh to install $PHP_XSL_PACKAGE instead of php-xsl"
sed -i "s/php-xsl/$PHP_XSL_PACKAGE/g" setup/zpush.sh
fi
H2 "Run upstream setup" H2 "Run upstream setup"
if ! setup/start.sh; then if ! setup/start.sh; then
echo "$F_WARN" echo "$F_WARN"

2
tests/test_dns.py
View File

@ -48,7 +48,7 @@ def test2(tests, server, description):
for qname, rtype, expected_answer in tests: for qname, rtype, expected_answer in tests:
# do the query and format the result as a string # do the query and format the result as a string
try: try:
response = dns.resolver.query(qname, rtype) response = dns.resolver.resolve(qname, rtype)
except dns.resolver.NoNameservers: except dns.resolver.NoNameservers:
# host did not have an answer for this query # host did not have an answer for this query
print("Could not connect to %s for DNS query." % server) print("Could not connect to %s for DNS query." % server)

1
tests/test_mail.py
View File

@ -101,7 +101,6 @@ This is a test message. It should be automatically deleted by the test script.""
subject=subject, subject=subject,
) )
def imap_login(host, login, pw): def imap_login(host, login, pw):
# Attempt to login with IMAP. Our setup uses email addresses # Attempt to login with IMAP. Our setup uses email addresses
# as IMAP/SMTP usernames. # as IMAP/SMTP usernames.

4
tests/vagrant/Vagrantfile vendored
View File

@ -3,7 +3,7 @@ load './funcs.rb'
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.synced_folder "../..", "/mailinabox", id: "mailinabox", automount: false config.vm.synced_folder "../..", "/mailinabox", id: "mailinabox", automount: false
use_preloaded_box config, "ubuntu/bionic64" use_preloaded_box config, "ubuntu/jammy64"
# fresh install with encryption-at-rest # fresh install with encryption-at-rest
@ -43,7 +43,7 @@ SH
cd /mailinabox cd /mailinabox
source tests/vagrant/globals.sh || exit 1 source tests/vagrant/globals.sh || exit 1
export PRIMARY_HOSTNAME=qa3.abc.com export PRIMARY_HOSTNAME=qa3.abc.com
export UPSTREAM_TAG=main export UPSTREAM_TAG=jammyjellyfish2204
tests/system-setup/upgrade-from-upstream.sh basic totpuser || exit 1 tests/system-setup/upgrade-from-upstream.sh basic totpuser || exit 1
tests/runner.sh upgrade-basic upgrade-totpuser default || exit 2 tests/runner.sh upgrade-basic upgrade-totpuser default || exit 2
SH SH

1
tests/vagrant/preloaded/.gitignore vendored
View File

@ -1 +1,2 @@
*.box *.box
src/

28
tests/vagrant/preloaded/Vagrantfile vendored
View File

@ -1,7 +1,20 @@
def checkout_tag_and_mount(obj, tag)
if "#{tag}" == ""
obj.vm.synced_folder "../../..", "/mailinabox", id: "mailinabox", automount: false
else
_srcdir="src/maibldap-#{tag}"
if not Dir.exist?(_srcdir)
puts "Cloning tag #{tag} to #{_srcdir}"
system("git clone -b #{tag} --depth 1 #{ENV['MIABLDAP_GIT']} #{_srcdir}")
end
obj.vm.synced_folder _srcdir, "/mailinabox", id: "mailinabox", automount: false
end
end
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.synced_folder "../../..", "/mailinabox", id: "mailinabox", automount: false checkout_tag_and_mount config, ENV['RELEASE_TAG']
config.vm.define "preloaded-ubuntu-bionic64" do |m1| config.vm.define "preloaded-ubuntu-bionic64" do |m1|
m1.vm.box = "ubuntu/bionic64" m1.vm.box = "ubuntu/bionic64"
@ -9,11 +22,22 @@ Vagrant.configure("2") do |config|
cd /mailinabox cd /mailinabox
tests/vagrant/preloaded/prepvm.sh --no-dry-run tests/vagrant/preloaded/prepvm.sh --no-dry-run
rc=$? rc=$?
echo "$rc" > "tests/vagrant/preloaded/prepcode.txt" echo "$rc" > "/vagrant/prepcode.txt"
[ $rc -gt 0 ] && exit 1 [ $rc -gt 0 ] && exit 1
exit 0 exit 0
SH SH
end end
config.vm.define "preloaded-ubuntu-jammy64" do |m1|
m1.vm.box = "ubuntu/jammy64"
m1.vm.provision :shell, :inline => <<-SH
cd /mailinabox
tests/vagrant/preloaded/prepvm.sh --no-dry-run
rc=$?
echo "$rc" > "/vagrant/prepcode.txt"
[ $rc -gt 0 ] && exit 1
exit 0
SH
end
end end

46
tests/vagrant/preloaded/create_preloaded.sh
View File

@ -1,5 +1,13 @@
#!/bin/bash #!/bin/bash
# load defaults for MIABLDAP_RELEASE_TAG and MIABLDAP_GIT
pushd "../../.." >/dev/null
source tests/system-setup/setup-defaults.sh || exit 1
popd >/dev/null
# TODO: replace MIABLDAP_RELEASE_TAG with the actual tag for the last supported version of miabldap for bionic64
UBUNTU_BIONIC64_RELEASE_TAG=$MIABLDAP_RELEASE_TAG
vagrant destroy -f vagrant destroy -f
rm -f prepcode.txt rm -f prepcode.txt
@ -12,10 +20,44 @@ done
vagrant box update vagrant box update
for box in "preloaded-ubuntu-bionic64"
boxes=(
"preloaded-ubuntu-bionic64"
"preloaded-ubuntu-jammy64"
)
# preload packages from source of the following git tags. empty string
# means use the current source tree
tags=(
"$UBUNTU_BIONIC64_RELEASE_TAG"
""
)
try_reboot=(
false
true
)
idx=0
for box in "${boxes[@]}"
do do
if [ ! -z "$1" -a "$1" != "$box" ]; then
continue
fi
export RELEASE_TAG="${tags[$idx]}"
vagrant up $box vagrant up $box
upcode=$? upcode=$?
if [ $upcode -ne 0 -a ! -e "./prepcode.txt" ] && ${try_reboot[$idx]}
then
# a reboot may be necessary if guest addtions was newly
# compiled by vagrant plugin "vagrant-vbguest"
echo ""
echo "VAGRANT UP RETURNED $upcode -- RETRYING AFTER REBOOT"
vagrant halt $box
vagrant up $box
upcode=$?
fi
let idx+=1
prepcode=$(cat "./prepcode.txt") prepcode=$(cat "./prepcode.txt")
rm -f prepcode.txt rm -f prepcode.txt
echo "" echo ""
@ -49,5 +91,5 @@ do
vagrant box remove $cached_name vagrant box remove $cached_name
code=$? code=$?
fi fi
echo "Result: $code" echo "Remove cache box result: $code - ignoring"
done done

7
tests/vagrant/preloaded/prepvm.sh
View File

@ -67,6 +67,13 @@ install_packages() {
# don't install slapd - it requires user input # don't install slapd - it requires user input
pkgs="$(sed 's/slapd//g' <<< "$pkgs")" pkgs="$(sed 's/slapd//g' <<< "$pkgs")"
if [ $(. /etc/os-release; echo $VERSION_ID | awk -F. '{print $1}') -ge 22 ];
then
# don't install opendmarc on ubuntu 22 and higher - it requires
# interactive user input
pkgs="$(sed 's/opendmarc//g' <<< "$pkgs")"
fi
if [ ! -z "$pkgs" ]; then if [ ! -z "$pkgs" ]; then
echo "install: $pkgs" echo "install: $pkgs"
if ! $dry_run; then if ! $dry_run; then

2
tests/vagrant/vanilla/Vagrantfile vendored
View File

@ -4,7 +4,7 @@ Vagrant.configure("2") do |config|
config.vm.synced_folder "../../..", "/mailinabox", id: "mailinabox", automount: false config.vm.synced_folder "../../..", "/mailinabox", id: "mailinabox", automount: false
config.vm.network "public_network", bridge: "#$default_network_interface" config.vm.network "public_network", bridge: "#$default_network_interface"
use_preloaded_box config, "ubuntu/bionic64", ".." use_preloaded_box config, "ubuntu/jammy64", ".."
# vanilla install # vanilla install

26
tools/editconf.py
View File

@ -14,6 +14,10 @@
# #
# NAME VALUE # NAME VALUE
# #
# If the -e option is given and VALUE is empty, the setting is removed
# from the configuration file if it is set (i.e. existing occurrences
# are commented out and no new setting is added).
#
# If the -c option is given, then the supplied character becomes the comment character # If the -c option is given, then the supplied character becomes the comment character
# #
# If the -w option is given, then setting lines continue onto following # If the -w option is given, then setting lines continue onto following
@ -35,6 +39,7 @@ settings = sys.argv[2:]
delimiter = "=" delimiter = "="
delimiter_re = r"\s*=\s*" delimiter_re = r"\s*=\s*"
erase_setting = False
comment_char = "#" comment_char = "#"
folded_lines = False folded_lines = False
testing = False testing = False
@ -44,6 +49,9 @@ while settings[0][0] == "-" and settings[0] != "--":
# Space is the delimiter # Space is the delimiter
delimiter = " " delimiter = " "
delimiter_re = r"\s+" delimiter_re = r"\s+"
elif opt == "-e":
# Erase settings that have empty values.
erase_setting = True
elif opt == "-w": elif opt == "-w":
# Line folding is possible in this file. # Line folding is possible in this file.
folded_lines = True folded_lines = True
@ -81,7 +89,7 @@ while len(input_lines) > 0:
# See if this line is for any settings passed on the command line. # See if this line is for any settings passed on the command line.
for i in range(len(settings)): for i in range(len(settings)):
# Check that this line contain this setting from the command-line arguments. # Check if this line contain this setting from the command-line arguments.
name, val = settings[i].split("=", 1) name, val = settings[i].split("=", 1)
m = re.match( m = re.match(
"(\s*)" "(\s*)"
@ -91,8 +99,10 @@ while len(input_lines) > 0:
if not m: continue if not m: continue
indent, is_comment, existing_val = m.groups() indent, is_comment, existing_val = m.groups()
# If this is already the setting, do nothing. # If this is already the setting, keep it in the file, except:
if is_comment is None and existing_val == val: # * If we've already seen it before, then remove this duplicate line.
# * If val is empty and erase_setting is on, then comment it out.
if is_comment is None and existing_val == val and not (not val and erase_setting):
# It may be that we've already inserted this setting higher # It may be that we've already inserted this setting higher
# in the file so check for that first. # in the file so check for that first.
if i in found: break if i in found: break
@ -107,8 +117,9 @@ while len(input_lines) > 0:
# the line is already commented, pass it through # the line is already commented, pass it through
buf += line buf += line
# if this option oddly appears more than once, don't add the setting again # if this option already is set don't add the setting again,
if i in found: # or if we're clearing the setting with -e, don't add it
if (i in found) or (not val and erase_setting):
break break
# add the new setting # add the new setting
@ -122,9 +133,10 @@ while len(input_lines) > 0:
# If did not match any setting names, pass this line through. # If did not match any setting names, pass this line through.
buf += line buf += line
# Put any settings we didn't see at the end of the file. # Put any settings we didn't see at the end of the file,
# except settings being cleared.
for i in range(len(settings)): for i in range(len(settings)):
if i not in found: if (i not in found) and not (not val and erase_setting):
name, val = settings[i].split("=", 1) name, val = settings[i].split("=", 1)
buf += name + delimiter + val + "\n" buf += name + delimiter + val + "\n"

4
tools/owncloud-restore.sh
View File

@ -26,7 +26,7 @@ if [ ! -f $1/config.php ]; then
fi fi
echo "Restoring backup from $1" echo "Restoring backup from $1"
service php7.2-fpm stop service php8.0-fpm stop
# remove the current ownCloud/Nextcloud installation # remove the current ownCloud/Nextcloud installation
rm -rf /usr/local/lib/owncloud/ rm -rf /usr/local/lib/owncloud/
@ -45,5 +45,5 @@ chown www-data.www-data $STORAGE_ROOT/owncloud/config.php
sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off
service php7.2-fpm start service php8.0-fpm start
echo "Done" echo "Done"