some minor hackery for ubuntu 24

* fix deprecation warnings in ssl_certificates.py * version check allows git versions * rejigger systemctl usage for u24
2025-04-20 02:52:11 +00:00 · 2025-03-01 23:56:07 -06:00 · 2025-03-01 23:56:07 -06:00 · d5674a2574
commit d5674a2574
parent 3efd4257b5
5 changed files with 9 additions and 9 deletions
--- a/management/ssl_certificates.py
+++ b/management/ssl_certificates.py
@ -93,13 +93,13 @@ def get_ssl_certificates(env):

 	# Sort the certificates to prefer good ones.
 	import datetime
-	now = datetime.datetime.utcnow()
+	now = datetime.datetime.now(datetime.UTC)
 	ret = { }
 	for domain, cert_list in domains.items():
 		#for c in cert_list: print(domain, c.not_valid_before, c.not_valid_after, "("+str(now)+")", c.issuer, c.subject, c._filename)
 		cert_list.sort(key = lambda cert : (
 			# must be valid NOW
-			cert["cert"].not_valid_before <= now <= cert["cert"].not_valid_after,
+			cert["cert"].not_valid_before.astimezone(datetime.UTC) <= now <= cert["cert"].not_valid_after.astimezone(datetime.UTC),

 			# prefer one that is not self-signed
 			cert["cert"].issuer != cert["cert"].subject,
@ -567,8 +567,8 @@ def check_certificate(domain, ssl_certificate, ssl_private_key, warn_if_expiring
 	# Check that the certificate hasn't expired. The datetimes returned by the
 	# certificate are 'naive' and in UTC. We need to get the current time in UTC.
 	import datetime
-	now = datetime.datetime.utcnow()
-	if not(cert.not_valid_before <= now <= cert.not_valid_after):
+	now = datetime.datetime.now(datetime.UTC)
+	if not(cert.not_valid_before.astimezone(datetime.UTC) <= now <= cert.not_valid_after.astimezone(datetime.UTC)):
 		return (f"The certificate has expired or is not yet valid. It is valid from {cert.not_valid_before} to {cert.not_valid_after}.", None)

 	# Next validate that the certificate is valid. This checks whether the certificate
@ -604,7 +604,7 @@ def check_certificate(domain, ssl_certificate, ssl_private_key, warn_if_expiring

 		# But is it expiring soon?
 		cert_expiration_date = cert.not_valid_after
-		ndays = (cert_expiration_date-now).days
+		ndays = (cert_expiration_date.astimezone(datetime.UTC)-now).days
 		if not rounded_time or ndays <= 10:
 			# Yikes better renew soon!
 			expiry_info = "The certificate expires in %d days on %s." % (ndays, cert_expiration_date.date().isoformat())
--- a/management/status_checks.py
+++ b/management/status_checks.py
@ -968,6 +968,8 @@ def check_miab_version(env, output):
 			output.print_ok("Mail-in-a-Box is up to date. You are running version %s." % this_ver)
 		elif latest_ver is None:
 			output.print_error("Latest Mail-in-a-Box version could not be determined. You are running version %s." % this_ver)
+		elif re.match(r'[A-F,0-9]{40}', this_ver, re.I):
+			output.print_ok("This version appears to be a git checkout (%s). Good luck!" % this_ver[0:7])
 		else:
 			output.print_error(f"A new version of Mail-in-a-Box is available. You are running version {this_ver}. The latest version is {latest_ver}. For upgrade instructions, see https://mailinabox.email. ")

--- a/setup/management.sh
+++ b/setup/management.sh
@ -105,7 +105,6 @@ exec gunicorn -b localhost:10222 -w 1 --timeout 630 wsgi:app
 EOF
 chmod +x $inst_dir/start
 cp --remove-destination conf/mailinabox.service /lib/systemd/system/mailinabox.service # target was previously a symlink so remove it first
-hide_output systemctl link -f /lib/systemd/system/mailinabox.service
 hide_output systemctl daemon-reload
 hide_output systemctl enable mailinabox.service

--- a/setup/munin.sh
+++ b/setup/munin.sh
@ -65,7 +65,6 @@ mkdir -p /var/lib/munin-node/plugin-state/
 ln -sf "$PWD/management/munin_start.sh" /usr/local/lib/mailinabox/munin_start.sh
 chmod 0744 /usr/local/lib/mailinabox/munin_start.sh
 cp --remove-destination conf/munin.service /lib/systemd/system/munin.service # target was previously a symlink so remove first
-hide_output systemctl link -f /lib/systemd/system/munin.service
 hide_output systemctl daemon-reload
 hide_output systemctl unmask munin.service
 hide_output systemctl enable munin.service
--- a/setup/preflight.sh
+++ b/setup/preflight.sh
@ -12,8 +12,8 @@ fi
 # Pull in the variables defined in /etc/os-release but in a
 # namespace to avoid polluting our variables.
 source <(cat /etc/os-release | sed s/^/OS_RELEASE_/)
-if [ "${OS_RELEASE_ID:-}" != "ubuntu" ] || [ "${OS_RELEASE_VERSION_ID:-}" != "22.04" ]; then
-	echo "Mail-in-a-Box only supports being installed on Ubuntu 22.04, sorry. You are running:"
+if [ "${OS_RELEASE_ID:-}" != "ubuntu" ] || [ "${OS_RELEASE_VERSION_ID:-}" != "24.04" ]; then
+	echo "Mail-in-a-Box only supports being installed on Ubuntu 24.04, sorry. You are running:"
 	echo
 	echo "${OS_RELEASE_ID:-"Unknown linux distribution"} ${OS_RELEASE_VERSION_ID:-}"
 	echo