From 90fced1ee257a085920e6b10c57ae932fd2f50b1 Mon Sep 17 00:00:00 2001
From: yodax <michael@kroes.email>
Date: Sun, 9 Jul 2017 21:35:11 +0200
Subject: [PATCH] Make PHP7 the default for Roundcube, Z-Push and Nextcloud.
 Update Roundcube to 1.3. Update Z-Push to 2.3.7. Make Roundcube connect to
 the primary hostname to pass certificate validation. Move the PPA setup next
 to the MIAB PPA

---
 conf/nginx-primaryonly.conf |  2 +-
 conf/nginx-top.conf         |  2 +-
 setup/owncloud.sh           | 38 +++++++++++++++++--------------------
 setup/system.sh             | 10 ++++++++++
 setup/web.sh                | 14 +++++++++-----
 setup/webmail.sh            | 20 ++++++++++---------
 setup/zpush.sh              | 10 +++++-----
 7 files changed, 54 insertions(+), 42 deletions(-)

diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf
index 9ba27000..6a7f7d88 100644
--- a/conf/nginx-primaryonly.conf
+++ b/conf/nginx-primaryonly.conf
@@ -43,7 +43,7 @@
 		fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
 		fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel;
 		fastcgi_read_timeout 630;
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass php-fpm;
 		client_max_body_size 1G;
 		fastcgi_buffers 64 4K;
 	}
diff --git a/conf/nginx-top.conf b/conf/nginx-top.conf
index 6be9b414..a5822a82 100644
--- a/conf/nginx-top.conf
+++ b/conf/nginx-top.conf
@@ -7,6 +7,6 @@
 ##       your own --- please do not ask for help from us.
 
 upstream php-fpm {
-	server unix:/var/run/php5-fpm.sock;
+	server unix:/var/run/php/php7.0-fpm.sock;
 }
 
diff --git a/setup/owncloud.sh b/setup/owncloud.sh
index c4cf8985..df095df8 100755
--- a/setup/owncloud.sh
+++ b/setup/owncloud.sh
@@ -9,6 +9,7 @@ source /etc/mailinabox.conf # load global vars
 
 echo "Installing Nextcloud (contacts/calendar)..."
 
+# Keep the php5 dependancies for the owncloud upgrades
 apt_install \
 	dbconfig-common \
 	php5-cli php5-sqlite php5-gd php5-imap php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \
@@ -16,10 +17,6 @@ apt_install \
 
 apt-get purge -qq -y owncloud*
 
-# Install php-7 from the ppa of the ubuntu php maintainer Ondřej Surý located here https://launchpad.net/%7Eondrej/+archive/ubuntu/php
-hide_output add-apt-repository -y ppa:ondrej/php
-apt_add_repository_to_unattended_upgrades LP-PPA-ondrej-php:trusty
-hide_output apt-get update
 apt_install php7.0 php7.0-fpm \
 	php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear php-apc curl \
         php7.0-dev php7.0-gd memcached php7.0-memcached php7.0-xml php7.0-mbstring php7.0-zip php7.0-apcu
@@ -85,12 +82,12 @@ InstallNextCloud() {
 	if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
 		# ownCloud 8.1.1 broke upgrades. It may fail on the first attempt, but
 		# that can be OK.
-		sudo -u www-data php7.0 /usr/local/lib/owncloud/occ upgrade
+		sudo -u www-data php /usr/local/lib/owncloud/occ upgrade
 		if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
 			echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
-			sudo -u www-data php7.0 /usr/local/lib/owncloud/occ upgrade
+			sudo -u www-data php /usr/local/lib/owncloud/occ upgrade
 			if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
-			sudo -u www-data php7.0 /usr/local/lib/owncloud/occ maintenance:mode --off
+			sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off
 			echo "...which seemed to work."
 		fi
 	fi
@@ -146,12 +143,12 @@ InstallOwncloud() {
 	if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
 		# ownCloud 8.1.1 broke upgrades. It may fail on the first attempt, but
 		# that can be OK.
-		sudo -u www-data php /usr/local/lib/owncloud/occ upgrade
+		sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade
 		if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
 			echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
-			sudo -u www-data php /usr/local/lib/owncloud/occ upgrade
+			sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade
 			if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
-			sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off
+			sudo -u www-data php5 /usr/local/lib/owncloud/occ maintenance:mode --off
 			echo "...which seemed to work."
 		fi
 	fi
@@ -216,13 +213,13 @@ EOF
 			# The owncloud 9 migration doesn't migrate calendars and contacts
 			# The option to migrate these are removed in 9.1
 			# So the migrations should be done when we have 9.0 installed
-			sudo -u www-data php /usr/local/lib/owncloud/occ dav:migrate-addressbooks
+			sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-addressbooks
 			# The following migration has to be done for each owncloud user
 			for directory in $STORAGE_ROOT/owncloud/*@*/ ; do
 				username=$(basename "${directory}")
-				sudo -u www-data php /usr/local/lib/owncloud/occ dav:migrate-calendar $username
+				sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-calendar $username
 			done
-			sudo -u www-data php /usr/local/lib/owncloud/occ dav:sync-birthday-calendar
+			sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:sync-birthday-calendar
 		fi
 
 		# If we are upgrading from 9.0.x we should go to 9.1 first.
@@ -313,7 +310,7 @@ EOF
 	# Execute Nextcloud's setup step, which creates the Nextcloud sqlite database.
 	# It also wipes it if it exists. And it updates config.php with database
 	# settings and deletes the autoconfig.php file.
-	(cd /usr/local/lib/owncloud; sudo -u www-data php7.0 /usr/local/lib/owncloud/index.php;)
+	(cd /usr/local/lib/owncloud; sudo -u www-data php /usr/local/lib/owncloud/index.php;)
 fi
 
 # Update config.php.
@@ -355,15 +352,15 @@ chown www-data.www-data $STORAGE_ROOT/owncloud/config.php
 # The firstrunwizard gave Josh all sorts of problems, so disabling that.
 # user_external is what allows Nextcloud to use IMAP for login. The contacts
 # and calendar apps are the extensions we really care about here.
-hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:disable firstrunwizard
-hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:enable user_external
-hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:enable contacts
-hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:enable calendar
+hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable firstrunwizard
+hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable user_external
+hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable contacts
+hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable calendar
 
 # When upgrading, run the upgrade script again now that apps are enabled. It seems like
 # the first upgrade at the top won't work because apps may be disabled during upgrade?
 # Check for success (0=ok, 3=no upgrade needed).
-sudo -u www-data php7.0 /usr/local/lib/owncloud/occ upgrade
+sudo -u www-data php /usr/local/lib/owncloud/occ upgrade
 if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
 
 # Set PHP FPM values to support large file uploads
@@ -400,7 +397,7 @@ fi
 cat > /etc/cron.hourly/mailinabox-owncloud << EOF;
 #!/bin/bash
 # Mail-in-a-Box
-sudo -u www-data php7.0 -f /usr/local/lib/owncloud/cron.php
+sudo -u www-data php -f /usr/local/lib/owncloud/cron.php
 EOF
 chmod +x /etc/cron.hourly/mailinabox-owncloud
 
@@ -414,5 +411,4 @@ chmod +x /etc/cron.hourly/mailinabox-owncloud
 # ```
 
 # Enable PHP modules and restart PHP.
-restart_service php5-fpm
 restart_service php7.0-fpm
diff --git a/setup/system.sh b/setup/system.sh
index c0af3215..0b51ae26 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -88,6 +88,16 @@ fi
 
 hide_output add-apt-repository -y ppa:mail-in-a-box/ppa
 
+# ### Add PHP7 PPA
+
+# Nextcloud requires PHP7, we will install the ppa from ubuntu php maintainer Ondřej Surý
+# The PPA is located here https://launchpad.net/%7Eondrej/+archive/ubuntu/php
+# Unattended upgrades are activated for the repository
+
+hide_output add-apt-repository -y ppa:ondrej/php
+apt_add_repository_to_unattended_upgrades LP-PPA-ondrej-php:trusty
+hide_output apt-get update
+
 # ### Update Packages
 
 # Update system packages to make sure we have the latest upstream versions of things from Ubuntu.
diff --git a/setup/web.sh b/setup/web.sh
index 6a412b98..0d94fcfd 100755
--- a/setup/web.sh
+++ b/setup/web.sh
@@ -18,7 +18,11 @@ fi
 # Turn off nginx's default website.
 
 echo "Installing Nginx (web server)..."
-apt_install nginx php5-fpm
+
+apt_install nginx php7.0-cli php7.0-fpm
+
+# Set PHP7 as the default
+update-alternatives --set php /usr/bin/php7.0
 
 rm -f /etc/nginx/sites-enabled/default
 
@@ -40,15 +44,15 @@ tools/editconf.py /etc/nginx/nginx.conf -s \
 	server_names_hash_bucket_size="128;"
 
 # Tell PHP not to expose its version number in the X-Powered-By header.
-tools/editconf.py /etc/php5/fpm/php.ini -c ';' \
+tools/editconf.py /etc/php/7.0/fpm/php.ini -c ';' \
 	expose_php=Off
 
 # Set PHPs default charset to UTF-8, since we use it. See #367.
-tools/editconf.py /etc/php5/fpm/php.ini -c ';' \
+tools/editconf.py /etc/php/7.0/fpm/php.ini -c ';' \
         default_charset="UTF-8"
 
 # Bump up PHP's max_children to support more concurrent connections
-tools/editconf.py /etc/php5/fpm/pool.d/www.conf -c ';' \
+tools/editconf.py /etc/php/7.0/fpm/pool.d/www.conf -c ';' \
 	pm.max_children=8
 
 # Other nginx settings will be configured by the management service
@@ -103,7 +107,7 @@ done #NODOC
 
 # Start services.
 restart_service nginx
-restart_service php5-fpm
+restart_service php7.0-fpm
 
 # Open ports.
 ufw_allow http
diff --git a/setup/webmail.sh b/setup/webmail.sh
index 34eba5f1..ed4cd80d 100755
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -22,8 +22,10 @@ source /etc/mailinabox.conf # load global vars
 echo "Installing Roundcube (webmail)..."
 apt_install \
 	dbconfig-common \
-	php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \
-	tinymce libjs-jquery libjs-jquery-mousewheel libmagic1
+	php7.0-cli php7.0-sqlite php7.0-mcrypt php7.0-intl php7.0-json php7.0-common \
+	php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg \
+	php7.0-gd php7.0-pspell tinymce libjs-jquery libjs-jquery-mousewheel libmagic1
+
 apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3
 
 # We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC
@@ -34,8 +36,8 @@ apt-get purge -qq -y roundcube* #NODOC
 # Install Roundcube from source if it is not already present or if it is out of date.
 # Combine the Roundcube version number with the commit hash of vacation_sieve to track
 # whether we have the latest version.
-VERSION=1.2.4
-HASH=e2091ea775b80eda43ab225130d5a2e888c3789a
+VERSION=1.3.0
+HASH=634c89b9c51c44fb757bb19c77ad5083cf7aa030
 VACATION_SIEVE_VERSION=91ea6f52216390073d1f5b70b5f6bea0bfaee7e5
 PERSISTENT_LOGIN_VERSION=c4516c4be37d12ef653de86497304e073a863c2a
 HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
@@ -60,7 +62,7 @@ fi
 if [ $needs_update == 1 ]; then
 	# install roundcube
 	wget_verify \
-		https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION.tar.gz \
+		https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz \
 		$HASH \
 		/tmp/roundcube.tgz
 	tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz
@@ -110,10 +112,10 @@ cat > $RCM_CONFIG <<EOF;
 \$config['log_dir'] = '/var/log/roundcubemail/';
 \$config['temp_dir'] = '/tmp/roundcubemail/';
 \$config['db_dsnw'] = 'sqlite:///$STORAGE_ROOT/mail/roundcube/roundcube.sqlite?mode=0640';
-\$config['default_host'] = 'ssl://localhost';
+\$config['default_host'] = 'ssl://${PRIMARY_HOSTNAME}';
 \$config['default_port'] = 993;
 \$config['imap_timeout'] = 15;
-\$config['smtp_server'] = 'tls://127.0.0.1';
+\$config['smtp_server'] = 'tls://${PRIMARY_HOSTNAME}';
 \$config['smtp_port'] = 587;
 \$config['smtp_user'] = '%u';
 \$config['smtp_pass'] = '%p';
@@ -210,5 +212,5 @@ chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
 chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
 
 # Enable PHP modules.
-php5enmod mcrypt
-restart_service php5-fpm
+phpenmod -v php7.0 mcrypt imap
+restart_service php7.0-fpm
diff --git a/setup/zpush.sh b/setup/zpush.sh
index 0a9e3998..d5675baf 100755
--- a/setup/zpush.sh
+++ b/setup/zpush.sh
@@ -17,13 +17,13 @@ source /etc/mailinabox.conf # load global vars
 
 echo "Installing Z-Push (Exchange/ActiveSync server)..."
 apt_install \
-	php-soap php5-imap libawl-php php5-xsl
+	php7.0-soap php7.0-imap libawl-php php7.0-xsl
 
-php5enmod imap
+phpenmod -v php7.0 imap
 
 # Copy Z-Push into place.
-TARGETHASH=131229a8feda09782dfd06449adce3d5a219183f
-VERSION=2.3.6
+TARGETHASH=01cdfafcdf6855f566a9cbc5826b3d9930a9b35b
+VERSION=2.3.7
 needs_update=0 #NODOC
 if [ ! -f /usr/local/lib/z-push/version ]; then
 	needs_update=1 #NODOC
@@ -100,7 +100,7 @@ EOF
 
 # Restart service.
 
-restart_service php5-fpm
+restart_service php7.0-fpm
 
 # Fix states after upgrade