external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-21 03:02:09 +00:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
Christopher A. DeFlumeri 2018-07-20 10:11:48 -04:00
commit f51201ce14
6 changed files with 41 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CHANGELOG.md
View File

@ -1,6 +1,21 @@
CHANGELOG CHANGELOG
========= =========
In Development
--------------
System:
* We now use EFF's `certbot` to provision TLS certificates (from Let's Encrypt) instead of our home-grown ACME library.
Contacts/Calendar:
* Fix for Mac OS X autoconfig of the calendar.
Setup:
* Installing Z-Push broke because of what looks like a change or problem in their git server HTTPS certificate. That's fixed.
v0.27 (June 14, 2018) v0.27 (June 14, 2018)
--------------------- ---------------------

3
Vagrantfile vendored
View File

@ -22,6 +22,9 @@ Vagrant.configure("2") do |config|
# Set environment variables so that the setup script does # Set environment variables so that the setup script does
# not ask any questions during provisioning. We'll let the # not ask any questions during provisioning. We'll let the
# machine figure out its own public IP. # machine figure out its own public IP.
#
# Please note: NONINTERACTIVE=1 mode means that you'll automatically agree
# to Let's Encrypt's ACME Subscriber Agreement.
export NONINTERACTIVE=1 export NONINTERACTIVE=1
export PUBLIC_IP=auto export PUBLIC_IP=auto
export PUBLIC_IPV6=auto export PUBLIC_IPV6=auto

2
conf/ios-profile.xml
View File

@ -18,8 +18,6 @@
<string>PRIMARY_HOSTNAME</string> <string>PRIMARY_HOSTNAME</string>
<key>CalDAVPort</key> <key>CalDAVPort</key>
<real>443</real> <real>443</real>
<key>CalDAVPrincipalURL</key>
<string>/cloud/remote.php/caldav/calendars/</string>
<key>CalDAVUseSSL</key> <key>CalDAVUseSSL</key>
<true/> <true/>
<key>PayloadDescription</key> <key>PayloadDescription</key>

8
management/ssl_certificates.py
View File

@ -142,9 +142,8 @@ def get_ssl_certificates(env):
return ret return ret
def get_domain_ssl_files(domain, ssl_certificates, env, allow_missing_cert=False, use_main_cert=True): def get_domain_ssl_files(domain, ssl_certificates, env, allow_missing_cert=False, use_main_cert=True):
# I moved the system_certificate declaration here, since otherwise we get a if use_main_cert or not allow_missing_cert:
# "local variable 'system_certificate' referenced before assignment" error in the # Get the system certificate info.
# elif not allow_missing_cert block
ssl_private_key = os.path.join(os.path.join(env["STORAGE_ROOT"], 'ssl', 'ssl_private_key.pem')) ssl_private_key = os.path.join(os.path.join(env["STORAGE_ROOT"], 'ssl', 'ssl_private_key.pem'))
ssl_certificate = os.path.join(os.path.join(env["STORAGE_ROOT"], 'ssl', 'ssl_certificate.pem')) ssl_certificate = os.path.join(os.path.join(env["STORAGE_ROOT"], 'ssl', 'ssl_certificate.pem'))
system_certificate = { system_certificate = {
@ -153,6 +152,7 @@ def get_domain_ssl_files(domain, ssl_certificates, env, allow_missing_cert=False
"primary-domain": env['PRIMARY_HOSTNAME'], "primary-domain": env['PRIMARY_HOSTNAME'],
"certificate_object": load_pem(load_cert_chain(ssl_certificate)[0]), "certificate_object": load_pem(load_cert_chain(ssl_certificate)[0]),
} }
if use_main_cert: if use_main_cert:
if domain == env['PRIMARY_HOSTNAME']: if domain == env['PRIMARY_HOSTNAME']:
# The primary domain must use the server certificate because # The primary domain must use the server certificate because
@ -226,7 +226,7 @@ def get_certificates_to_provision(env, limit_domains=None, show_valid_certs=True
# DNS is all good. # DNS is all good.
# Check for a good existing cert. # Check for a good existing cert.
existing_cert = get_domain_ssl_files(domain, existing_certs, env, use_main_cert=False) existing_cert = get_domain_ssl_files(domain, existing_certs, env, use_main_cert=False, allow_missing_cert=True)
if existing_cert: if existing_cert:
existing_cert_check = check_certificate(domain, existing_cert['certificate'], existing_cert['private-key'], existing_cert_check = check_certificate(domain, existing_cert['certificate'], existing_cert['private-key'],
warn_if_expiring_soon=14) warn_if_expiring_soon=14)

3
setup/start.sh
View File

@ -139,7 +139,8 @@ echo "Mail-in-a-Box uses Let's Encrypt to provision free certificates"
echo "to enable HTTPS connections to your box. You'll now be asked to agree" echo "to enable HTTPS connections to your box. You'll now be asked to agree"
echo "to Let's Encrypt's terms of service." echo "to Let's Encrypt's terms of service."
echo echo
certbot register --register-unsafely-without-email --config-dir $STORAGE_ROOT/ssl/lets_encrypt certbot register $([ "$NONINTERACTIVE" == 1 ] && echo "--agree-tos") \
--register-unsafely-without-email --config-dir $STORAGE_ROOT/ssl/lets_encrypt
fi fi
# Done. # Done.

12
setup/zpush.sh
View File

@ -23,6 +23,7 @@ phpenmod -v php7.0 imap
# Copy Z-Push into place. # Copy Z-Push into place.
VERSION=2.3.9 VERSION=2.3.9
TARGETHASH=60087b97e4b1c73db096e252cf893c75df556907
needs_update=0 #NODOC needs_update=0 #NODOC
if [ ! -f /usr/local/lib/z-push/version ]; then if [ ! -f /usr/local/lib/z-push/version ]; then
needs_update=1 #NODOC needs_update=1 #NODOC
@ -31,13 +32,12 @@ elif [[ $VERSION != `cat /usr/local/lib/z-push/version` ]]; then
needs_update=1 #NODOC needs_update=1 #NODOC
fi fi
if [ $needs_update == 1 ]; then if [ $needs_update == 1 ]; then
wget_verify http://download.z-push.org/final/2.3/z-push-$VERSION.tar.gz $TARGETHASH /tmp/z-push.tar.gz
rm -rf /usr/local/lib/z-push rm -rf /usr/local/lib/z-push
tar -xzf /tmp/z-push.tar.gz -C /usr/local/lib/
git_clone https://stash.z-hub.io/scm/zp/z-push.git $VERSION '' /tmp/z-push rm /tmp/z-push.tar.gz
mv /usr/local/lib/z-push-$VERSION /usr/local/lib/z-push
mkdir /usr/local/lib/z-push
cp -r /tmp/z-push/src/* /usr/local/lib/z-push
rm -rf /tmp/z-push
rm -f /usr/sbin/z-push-{admin,top} rm -f /usr/sbin/z-push-{admin,top}
ln -s /usr/local/lib/z-push/z-push-admin.php /usr/sbin/z-push-admin ln -s /usr/local/lib/z-push/z-push-admin.php /usr/sbin/z-push-admin