Merge 32cfd1ed52 into a332be6a7b

Change how backup.py script deals with S3 backups.
In case that no static AWS credentials are specified, we try to create the boto3 client without explicitly passing static credentials. This way, we can benedit from dynamic credentials in AWS environments (e.g. using EC2 instance roles)
2026-03-26 19:27:23 +01:00 · 2024-04-04 06:47:15 +08:00 · 2023-05-19 13:25:18 +02:00
8 changed files with 35 additions and 51 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,21 +1,6 @@
 CHANGELOG
 =========
 Version 69 (July 20, 2024)
 --------------------------
 Package updates:
 * Nextcloud is updated to 26.0.13.
 * Z-Push is updated to 2.7.3.
 Other updates:
 * Fixed an error generating the weekly statistics.
 * Fixed file permissions when setting up Nextcloud.
 * Added an undocumented option to proxy websockets.
 * Internal improvements to the code to make it more reliable and readable.
 Version 68 (April 1, 2024)
 --------------------------
@@ -40,6 +25,7 @@ Other:
 * fail2ban is updated to see "HTTP/2.0" requests to munin also.
 * Internal improvements to the code to make it more reliable and readable.
 Version 67 (December 22, 2023)
 ------------------------------
--- a/README.md
+++ b/README.md
@@ -60,7 +60,7 @@ Clone this repository and checkout the tag corresponding to the most recent rele
 	$ git clone https://github.com/mail-in-a-box/mailinabox
 	$ cd mailinabox
-	$ git checkout v69
+	$ git checkout v68
 Begin the installation.
--- a/management/backup.py
+++ b/management/backup.py
@@ -512,10 +512,13 @@ def list_target_files(config):
 		# connect to the region & bucket
 		try:
-			s3 = boto3.client('s3', \
+			if config['target_user'] == "" and config['target_pass'] == "":
-				endpoint_url=f'https://{target.hostname}', \
+				s3 = boto3.client('s3', endpoint_url=f'https://{target.hostname}')
-				aws_access_key_id=config['target_user'], \
+			else:
-				aws_secret_access_key=config['target_pass'])
+				s3 = boto3.client('s3', \
 					endpoint_url=f'https://{target.hostname}', \
 					aws_access_key_id=config['target_user'], \
 					aws_secret_access_key=config['target_pass'])
 			bucket_objects = s3.list_objects_v2(Bucket=bucket, Prefix=path)['Contents']
 			backup_list = [(key['Key'][len(path):], key['Size']) for key in bucket_objects]
 		except ClientError as e:
--- a/management/mail_log.py
+++ b/management/mail_log.py
@@ -679,7 +679,7 @@ def print_user_table(users, data=None, sub_data=None, activity=None, latest=None
                data_accum[col] += d[row]
        try:
-            if None not in [latest, earliest]: # noqa PLR6201
+            if None not in {latest, earliest}:
                vert_pos = len(line)
                e = earliest[row]
                l = latest[row]
@@ -732,7 +732,7 @@ def print_user_table(users, data=None, sub_data=None, activity=None, latest=None
        else:
            header += l.rjust(max(5, len(l) + 1, col_widths[col]))
-    if None not in [latest, earliest]: # noqa PLR6201
+    if None not in {latest, earliest}:
        header += " │ timespan   "
    lines.insert(0, header.rstrip())
@@ -757,7 +757,7 @@ def print_user_table(users, data=None, sub_data=None, activity=None, latest=None
        footer += temp.format(data_accum[row])
    try:
-        if None not in [latest, earliest]: # noqa PLR6201
+        if None not in {latest, earliest}:
            max_l = max(latest)
            min_e = min(earliest)
            timespan = relativedelta(max_l, min_e)
--- a/management/web_update.py
+++ b/management/web_update.py
@@ -166,7 +166,6 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 				pass_http_host_header = False
 				proxy_redirect_off = False
 				frame_options_header_sameorigin = False
 				web_sockets = False
 				m = re.search("#(.*)$", url)
 				if m:
 					for flag in m.group(1).split(","):
@@ -176,8 +175,6 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 							proxy_redirect_off = True
 						elif flag == "frame-options-sameorigin":
 							frame_options_header_sameorigin = True
 						elif flag == "web-sockets":
 							web_sockets = True
 					url = re.sub("#(.*)$", "", url)
 				nginx_conf_extra += "\tlocation %s {" % path
@@ -188,10 +185,6 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 					nginx_conf_extra += "\n\t\tproxy_set_header Host $http_host;"
 				if frame_options_header_sameorigin:
 					nginx_conf_extra += "\n\t\tproxy_set_header X-Frame-Options SAMEORIGIN;"
 				if web_sockets:
 					nginx_conf_extra += "\n\t\tproxy_http_version 1.1;"
 					nginx_conf_extra += "\n\t\tproxy_set_header Upgrade $http_upgrade;"
 					nginx_conf_extra += "\n\t\tproxy_set_header Connection 'Upgrade';"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Host $http_host;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Proto $scheme;"
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -23,7 +23,7 @@ if [ -z "$TAG" ]; then
 	if [ "$UBUNTU_VERSION" == "Ubuntu 22.04 LTS" ]; then
 		# This machine is running Ubuntu 22.04, which is supported by
 		# Mail-in-a-Box versions 60 and later.
-		TAG=v69
+		TAG=v68
 	elif [ "$UBUNTU_VERSION" == "Ubuntu 18.04 LTS" ]; then
 		# This machine is running Ubuntu 18.04, which is supported by
 		# Mail-in-a-Box versions 0.40 through 5x.
--- a/setup/nextcloud.sh
+++ b/setup/nextcloud.sh
@@ -21,8 +21,8 @@ echo "Installing Nextcloud (contacts/calendar)..."
 #   we automatically install intermediate versions as needed.
 # * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and
 #   copying it from the error message when it doesn't match what is below.
-nextcloud_ver=26.0.13
+nextcloud_ver=26.0.12
-nextcloud_hash=d5c10b650e5396d5045131c6d22c02a90572527c
+nextcloud_hash=b55e9f51171c0a9b9ab3686cf5c8ad1a4292ca15
 # Nextcloud apps
 # --------------
@@ -40,12 +40,12 @@ contacts_ver=5.5.3
 contacts_hash=799550f38e46764d90fa32ca1a6535dccd8316e5
 # Always ensure the versions are supported, see https://apps.nextcloud.com/apps/calendar
-calendar_ver=4.7.6
+calendar_ver=4.6.6
-calendar_hash=a995bca4effeecb2cab25f3bbeac9bfe05fee766
+calendar_hash=e34a71669a52d997e319d64a984dcd041389eb22
 # Always ensure the versions are supported, see https://apps.nextcloud.com/apps/user_external
-user_external_ver=3.3.0
+user_external_ver=3.2.0
-user_external_hash=280d24eb2a6cb56b4590af8847f925c28d8d853e
+user_external_hash=a494073dcdecbbbc79a9c77f72524ac9994d2eec
 # Developer advice (test plan)
 # ----------------------------
@@ -131,7 +131,7 @@ InstallNextcloud() {
 	# Make sure permissions are correct or the upgrade step won't run.
 	# $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress
 	# that error.
-	chown -f -R www-data:www-data "$STORAGE_ROOT/owncloud" /usr/local/lib/owncloud || /bin/true
+	chown -f -R www-data:www-data "$STORAGE_ROOT/owncloud /usr/local/lib/owncloud" || /bin/true
 	# If this isn't a new installation, immediately run the upgrade script.
 	# Then check for success (0=ok and 3=no upgrade needed, both are success).
@@ -274,6 +274,15 @@ if [ ! -f "$STORAGE_ROOT/owncloud/owncloud.db" ]; then
    ),
  ),
  'memcache.local' => '\OC\Memcache\APCu',
  'mail_smtpmode' => 'sendmail',
  'mail_smtpsecure' => '',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => false,
  'mail_smtphost' => '',
  'mail_smtpport' => '',
  'mail_smtpname' => '',
  'mail_smtppassword' => '',
  'mail_from_address' => 'owncloud',
 );
 ?>
 EOF
@@ -329,10 +338,13 @@ include("$STORAGE_ROOT/owncloud/config.php");
 \$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
 \$CONFIG['overwrite.cli.url'] = 'https://${PRIMARY_HOSTNAME}/cloud';
 \$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches our master administrator address
 \$CONFIG['logtimezone'] = '$TIMEZONE';
 \$CONFIG['logdateformat'] = 'Y-m-d H:i:s';
 \$CONFIG['mail_domain'] = '$PRIMARY_HOSTNAME';
 \$CONFIG['user_backends'] = array(
  array(
    'class' => '\OCA\UserExternal\IMAP',
@@ -342,16 +354,6 @@ include("$STORAGE_ROOT/owncloud/config.php");
  ),
 );
 \$CONFIG['mail_domain'] = '$PRIMARY_HOSTNAME';
 \$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches the required administrator alias on mail_domain/$PRIMARY_HOSTNAME
 \$CONFIG['mail_smtpmode'] = 'sendmail';
 \$CONFIG['mail_smtpauth'] = true; # if smtpmode is smtp
 \$CONFIG['mail_smtphost'] = '127.0.0.1'; # if smtpmode is smtp
 \$CONFIG['mail_smtpport'] = '587'; # if smtpmode is smtp
 \$CONFIG['mail_smtpsecure'] = ''; # if smtpmode is smtp, must be empty string
 \$CONFIG['mail_smtpname'] = ''; # if smtpmode is smtp, set this to a mail user
 \$CONFIG['mail_smtppassword'] = ''; # if smtpmode is smtp, set this to the user's password
 echo "<?php\n\\\$CONFIG = ";
 var_export(\$CONFIG);
 echo ";";
--- a/setup/zpush.sh
+++ b/setup/zpush.sh
@@ -17,13 +17,13 @@ source /etc/mailinabox.conf # load global vars
 echo "Installing Z-Push (Exchange/ActiveSync server)..."
 apt_install \
-       php"${PHP_VER}"-soap php"${PHP_VER}"-imap libawl-php php"$PHP_VER"-xml php"${PHP_VER}"-intl
+       php"${PHP_VER}"-soap php"${PHP_VER}"-imap libawl-php php"$PHP_VER"-xml
 phpenmod -v "$PHP_VER" imap
 # Copy Z-Push into place.
-VERSION=2.7.3
+VERSION=2.7.1
-TARGETHASH=9d4bec41935e9a4e07880c5ff915bcddbda4443b
+TARGETHASH=f15c566b1ad50de24f3f08f505f0c3d8155c2d0d
 needs_update=0 #NODOC
 if [ ! -f /usr/local/lib/z-push/version ]; then
 	needs_update=1 #NODOC