diff --git a/CHANGELOG.md b/CHANGELOG.md index 921995eb..5c26d4f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ Mail: System: +* ownCloud updated to version 8.0.2. * Brute-force SSH and IMAP login attempts are now prevented by properly configuring fail2ban. * Status checks are run each night and any changes from night to night are emailed to the box administrator (the first user account). diff --git a/setup/functions.sh b/setup/functions.sh index 94ea87cd..3b3b513b 100644 --- a/setup/functions.sh +++ b/setup/functions.sh @@ -179,3 +179,21 @@ function input_menu { result=$(dialog --stdout --title "$1" --menu "$2" 0 0 0 $3) result_code=$? } + +function git_clone { + # Clones a git repository, checks out a particular commit or tag, + # and moves the repository (or a subdirectory in it) to some path. + # We use separate clone and checkout because -b only supports tags + # and branches, but we sometimes want to reference a commit hash + # directly when the repo doesn't provide a tag. + REPO=$1 + TREEISH=$2 + SUBDIR=$3 + TARGETPATH=$4 + TMPPATH=/tmp/git-clone-$$ + rm -rf $TMPPATH $TARGETPATH + git clone -q $REPO $TMPPATH || exit 1 + (cd $TMPPATH; git checkout -q $TREEISH;) || exit 1 + mv $TMPPATH/$SUBDIR $TARGETPATH + rm -rf $TMPPATH +} diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 0597b8fb..57f66767 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -15,18 +15,49 @@ apt_install \ apt-get purge -qq -y owncloud* # Install ownCloud from source of this version: -owncloud_ver=7.0.4 +owncloud_ver=8.0.2 # Check if ownCloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade) if [ ! -d /usr/local/lib/owncloud/ ] \ || ! grep -q $owncloud_ver /usr/local/lib/owncloud/version.php; then - echo installing ownCloud... + # Clear out the existing ownCloud. + rm -f /tmp/owncloud-config.php + if [ ! -d /usr/local/lib/owncloud/ ]; then + echo installing ownCloud... + else + echo "upgrading ownCloud to $owncloud_ver (backing up existing ownCloud directory to /tmp/owncloud-backup-$$)..." + cp /usr/local/lib/owncloud/config/config.php /tmp/owncloud-config.php + mv /usr/local/lib/owncloud /tmp/owncloud-backup-$$ + fi + + # Download and extract ownCloud. rm -f /tmp/owncloud.zip wget -qO /tmp/owncloud.zip https://download.owncloud.org/community/owncloud-$owncloud_ver.zip unzip -u -o -q /tmp/owncloud.zip -d /usr/local/lib #either extracts new or replaces current files - hide_output php /usr/local/lib/owncloud/occ upgrade #if OC is up-to-date it wont matter rm -f /tmp/owncloud.zip + + # The two apps we actually want are not in ownCloud core. Clone them from + # their github repositories. + mkdir -p /usr/local/lib/owncloud/apps + git_clone https://github.com/owncloud/contacts v$owncloud_ver '' /usr/local/lib/owncloud/apps/contacts + git_clone https://github.com/owncloud/calendar v$owncloud_ver '' /usr/local/lib/owncloud/apps/calendar + + # Fix weird permissions. + chmod 750 /usr/local/lib/owncloud/{apps,config} + + # Restore configuration file if we're doing an upgrade. + if [ -f /tmp/owncloud-config.php ]; then + mv /tmp/owncloud-config.php /usr/local/lib/owncloud/config/config.php + fi + + # Make sure permissions are correct or the upgrade step won't run. + # $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress + # that error. + chown -f -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud + + # Run the upgrade script (if ownCloud is already up-to-date it wont matter). + hide_output sudo -u www-data php /usr/local/lib/owncloud/occ upgrade fi # ### Configuring ownCloud @@ -105,9 +136,12 @@ fi # Enable/disable apps. Note that this must be done after the ownCloud setup. # The firstrunwizard gave Josh all sorts of problems, so disabling that. -# user_external is what allows ownCloud to use IMAP for login. -hide_output php /usr/local/lib/owncloud/console.php app:disable firstrunwizard -hide_output php /usr/local/lib/owncloud/console.php app:enable user_external +# user_external is what allows ownCloud to use IMAP for login. The contacts +# and calendar apps are the extensions we really care about here. +hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable firstrunwizard +hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable user_external +hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable contacts +hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable calendar # Set PHP FPM values to support large file uploads # (semicolon is the comment character in this file, hashes produce deprecation warnings) diff --git a/setup/start.sh b/setup/start.sh index fa84b03d..72c364c8 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -77,7 +77,7 @@ fi if [ "$PRIVATE_IPV6" != "$PUBLIC_IPV6" ]; then echo "Private IPv6 Address: $PRIVATE_IPV6" fi -if [ -f /usr/bin/git ]; then +if [ -f .git ]; then echo "Mail-in-a-Box Version: " $(git describe) fi echo diff --git a/setup/system.sh b/setup/system.sh index 0b29e229..259c8768 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -20,12 +20,13 @@ apt_get_quiet upgrade # * cron: Runs background processes periodically. # * ntp: keeps the system time correct # * fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall +# * git: we install some things directly from github # * sudo: allows privileged users to execute commands as root without being root # * coreutils: includes `nproc` tool to report number of processors # * bc: allows us to do math to compute sane defaults apt_install python3 python3-dev python3-pip \ - wget curl sudo coreutils bc \ + wget curl git sudo coreutils bc \ haveged unattended-upgrades cron ntp fail2ban # Allow apt to install system updates automatically every day. diff --git a/setup/webmail.sh b/setup/webmail.sh index e2d549a7..0c04c8ae 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -20,7 +20,7 @@ source /etc/mailinabox.conf # load global vars # These dependencies are from `apt-cache showpkg roundcube-core`. apt_install \ - dbconfig-common git \ + dbconfig-common \ php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \ tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 @@ -53,11 +53,7 @@ if [ $needs_update == 1 ]; then rm -f /tmp/roundcube.tgz # install roundcube autoreply/vacation plugin - rm -rf /tmp/Roundcube-Plugins /usr/local/lib/roundcubemail/plugins/vacation_sieve - git clone -q https://github.com/arodier/Roundcube-Plugins.git /tmp/Roundcube-Plugins - GIT_DIR=/tmp/Roundcube-Plugins/.git git checkout -q $VACATION_SIEVE_VERSION || exit 1 - mv /tmp/Roundcube-Plugins/plugins/vacation_sieve /usr/local/lib/roundcubemail/plugins/vacation_sieve - rm -rf /tmp/Roundcube-Plugins + git_clone https://github.com/arodier/Roundcube-Plugins.git $VACATION_SIEVE_VERSION plugins/vacation_sieve /usr/local/lib/roundcubemail/plugins/vacation_sieve # record the version we've installed echo $VERSION:$VACATION_SIEVE_VERSION > /usr/local/lib/roundcubemail/version diff --git a/setup/zpush.sh b/setup/zpush.sh index c1fb94dd..3b5d0bdf 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -30,17 +30,11 @@ elif [[ $TARGETHASH != `cat /usr/local/lib/z-push/version` ]]; then needs_update=1 #NODOC fi if [ $needs_update == 1 ]; then - rm -rf /usr/local/lib/z-push - rm -f /tmp/zpush-repo echo installing z-push \(fmbiete fork\)... - git clone -q https://github.com/fmbiete/Z-Push-contrib /tmp/zpush-repo - (cd /tmp/zpush-repo/; git checkout -q $TARGETHASH;) - rm -rf /tmp/zpush-repo/.git - mv /tmp/zpush-repo /usr/local/lib/z-push + git_clone https://github.com/fmbiete/Z-Push-contrib $TARGETHASH '' /usr/local/lib/z-push rm -f /usr/sbin/z-push-{admin,top} ln -s /usr/local/lib/z-push/z-push-admin.php /usr/sbin/z-push-admin ln -s /usr/local/lib/z-push/z-push-top.php /usr/sbin/z-push-top - rm -f /tmp/zpush-repo echo $TARGETHASH > /usr/local/lib/z-push/version fi