merge upstream v69

kiekerjan · Jul 20, 2024 · 3febbc5 · 3febbc5
2 parents f7d7485 + 1b3e5e8
commit 3febbc5
Show file tree

Hide file tree

Showing 30 changed files with 407 additions and 270 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,20 @@
 CHANGELOG
 =========
 
+Version 69 (July 20, 2024)
+--------------------------
+
+Package updates:
+
+* Nextcloud is updated to 28.0.6.
+
+Other updates:
+
+* Fixed an error generating the weekly statistics.
+* Fixed file permissions when setting up Nextcloud.
+* Added an undocumented option to proxy websockets.
+* Internal improvements to the code to make it more reliable and readable.
+
 Version 68 (April 1, 2024)
 --------------------------
 

diff --git a/README.md b/README.md
@@ -19,10 +19,10 @@ Functionality changes and additions
 * Configure domain names for which only www will be hosted  
   Edit /etc/miabwwwdomains.conf to configure. The box will handle incoming traffic asking for these domain names. The DNS entries are entered in an external DNS provider! If you want this box to handle the DNS entries, simply add a mail alias. (existing functionality of the vanilla Mail-in-a-Box)
 * Add some munin plugins
-* Update nextcloud to 26.0.8
+* Update nextcloud to 28.0.6
   And updated calendar and contacts apps
 * Add nextcloud notes app
-* Update roundcube to 1.6.5
+* Update roundcube to 1.6.7
 * Add roundcube context menu plugin
 * Add roundcube two factor authentication plugin
 * Use shorter TTL values in the DNS server  
@@ -123,7 +123,7 @@ Clone this repository and checkout the tag corresponding to the most recent rele
 
 	$ git clone https://github.com/mail-in-a-box/mailinabox
 	$ cd mailinabox
-	$ git checkout v68
+	$ git checkout v69
 
 Begin the installation.
 

diff --git a/management/daily_tasks.sh b/management/daily_tasks.sh
@@ -13,7 +13,7 @@ source /etc/mailinabox.conf
 
 # On Mondays, i.e. once a week, send the administrator a report of total emails
 # sent and received so the admin might notice server abuse.
-if [ `date "+%u"` -eq 1 ]; then
+if [ "$(date "+%u")" -eq 1 ]; then
     management/mail_log.py -t week -r -s -l -g -b | management/email_administrator.py "Mail-in-a-Box Usage Report"
 
     /usr/sbin/pflogsumm -u 5 -h 5 --problems_first /var/log/mail.log.1 | management/email_administrator.py "Postfix log analysis summary"

diff --git a/management/mail_log.py b/management/mail_log.py
@@ -679,7 +679,7 @@ def print_user_table(users, data=None, sub_data=None, activity=None, latest=None
                 data_accum[col] += d[row]
 
         try:
-            if None not in [latest, earliest]:
+            if None not in [latest, earliest]: # noqa PLR6201
                 vert_pos = len(line)
                 e = earliest[row]
                 l = latest[row]
@@ -733,7 +733,7 @@ def print_user_table(users, data=None, sub_data=None, activity=None, latest=None
             header += l.rjust(max(5, len(l) + 1, col_widths[col]))
 
     try:
-        if None not in [latest, earliest]:
+        if None not in [latest, earliest]: # noqa PLR6201
             header += " │ timespan   "
     except TypeError:
         pass
@@ -760,7 +760,7 @@ def print_user_table(users, data=None, sub_data=None, activity=None, latest=None
         footer += temp.format(data_accum[row])
 
     try:
-        if None not in [latest, earliest]:
+        if None not in [latest, earliest]: # noqa PLR6201
             max_l = max(latest)
             min_e = min(earliest)
             timespan = relativedelta(max_l, min_e)

diff --git a/management/web_update.py b/management/web_update.py
@@ -179,6 +179,7 @@ def hashfile(filepath):
 				pass_http_host_header = False
 				proxy_redirect_off = False
 				frame_options_header_sameorigin = False
+				web_sockets = False
 				m = re.search("#(.*)$", url)
 				if m:
 					for flag in m.group(1).split(","):
@@ -188,6 +189,8 @@ def hashfile(filepath):
 							proxy_redirect_off = True
 						elif flag == "frame-options-sameorigin":
 							frame_options_header_sameorigin = True
+						elif flag == "web-sockets":
+							web_sockets = True
 					url = re.sub("#(.*)$", "", url)
 
 				nginx_conf_extra += "\tlocation %s {" % path
@@ -203,22 +206,22 @@ def hashfile(filepath):
 							proxy_for_immich = True
 
 				if proxy_for_photoprism:
+					web_sockets = True
 					nginx_conf_extra += "\n\t\tproxy_buffering off;"
-					nginx_conf_extra += "\n\t\tproxy_http_version 1.1;"
-					nginx_conf_extra += "\n\t\tproxy_set_header Upgrade $http_upgrade;"
-					nginx_conf_extra += "\n\t\tproxy_set_header Connection \"upgrade\";"
 					nginx_conf_extra += "\n\t\tclient_max_body_size 500M;"
 				if proxy_for_immich:
-					nginx_conf_extra += "\n\t\tproxy_http_version 1.1;"
-					nginx_conf_extra += "\n\t\tproxy_set_header Upgrade $http_upgrade;"
-					nginx_conf_extra += "\n\t\tproxy_set_header Connection \"upgrade\";"
+					web_sockets = True
 					nginx_conf_extra += "\n\t\tclient_max_body_size 500M;"
 				if proxy_redirect_off:
 					nginx_conf_extra += "\n\t\tproxy_redirect off;"
 				if pass_http_host_header:
 					nginx_conf_extra += "\n\t\tproxy_set_header Host $http_host;"
 				if frame_options_header_sameorigin:
 					nginx_conf_extra += "\n\t\tproxy_set_header X-Frame-Options SAMEORIGIN;"
+				if web_sockets:
+					nginx_conf_extra += "\n\t\tproxy_http_version 1.1;"
+					nginx_conf_extra += "\n\t\tproxy_set_header Upgrade $http_upgrade;"
+					nginx_conf_extra += "\n\t\tproxy_set_header Connection 'Upgrade';"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Host $http_host;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Proto $scheme;"

diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
@@ -25,7 +25,7 @@ if [ -z "$TAG" ]; then
 	if [ "$UBUNTU_VERSION" == "Ubuntu 22.04 LTS" ]; then
 		# This machine is running Ubuntu 22.04, which is supported by
 		# Mail-in-a-Box versions 60 and later.
-		TAG=v68
+		TAG=v69
 	elif [ "$UBUNTU_VERSION" == "Ubuntu 18.04 LTS" ]; then
 		# This machine is running Ubuntu 18.04, which is supported by
 		# Mail-in-a-Box versions 0.40 through 5x.
@@ -54,9 +54,9 @@ if [[ $EUID -ne 0 ]]; then
 fi
 
 # Clone the Mail-in-a-Box repository if it doesn't exist.
-if [ ! -d $HOME/mailinabox ]; then
+if [ ! -d "$HOME/mailinabox" ]; then
 	if [ ! -f /usr/bin/git ]; then
-		echo Installing git . . .
+		echo "Installing git . . ."
 		apt-get -q -q update
 		DEBIAN_FRONTEND=noninteractive apt-get -q -q install -y git < /dev/null
 		echo
@@ -70,25 +70,25 @@ if [ ! -d $HOME/mailinabox ]; then
 		fi		
 	fi
 
-	echo Downloading Mail-in-a-Box $TAG. . . 
+	echo "Downloading Mail-in-a-Box $TAG. . ."
 
 	git clone \
-		-b $TAG --depth 1 \
-		$SOURCE \
-		$HOME/mailinabox \
+		-b "$TAG" --depth 1 \
+		"$SOURCE" \
+		"$HOME/mailinabox" \
 		< /dev/null 2> /dev/null
 	echo
 fi
 
 # Change directory to it.
-cd $HOME/mailinabox
+cd "$HOME/mailinabox" || exit
 
 # Update it.
-if [ "$TAG" != $(git describe --always) ]; then
-	echo Updating Mail-in-a-Box to $TAG . . .
-	git fetch --depth 1 --force --prune origin tag $TAG
-	if ! git checkout -q $TAG; then
-		echo "Update failed. Did you modify something in $(pwd)?"
+if [ "$TAG" != "$(git describe --always)" ]; then
+	echo "Updating Mail-in-a-Box to $TAG . . ."
+	git fetch --depth 1 --force --prune origin tag "$TAG"
+	if ! git checkout -q "$TAG"; then
+		echo "Update failed. Did you modify something in $PWD?"
 		exit 1
 	fi
 	echo

diff --git a/setup/dkim.sh b/setup/dkim.sh
@@ -49,41 +49,41 @@ if [ ! -f "$STORAGE_ROOT/mail/dkim/mail.key" ]; then
 	# Check if there is an existing rsa key
 	if [ -f "$STORAGE_ROOT/mail/dkim/mail.private" ]; then
 		# Re-use existing key
-		cp -f $STORAGE_ROOT/mail/dkim/mail.private $STORAGE_ROOT/mail/dkim/mail.key
-		cp -f $STORAGE_ROOT/mail/dkim/mail.txt $STORAGE_ROOT/mail/dkim/mail.dns
+		cp -f "$STORAGE_ROOT/mail/dkim/mail.private" "$STORAGE_ROOT/mail/dkim/mail.key"
+		cp -f "$STORAGE_ROOT/mail/dkim/mail.txt" "$STORAGE_ROOT/mail/dkim/mail.dns"
 	else
 		# All defaults are supposed to be ok, default key for rsa is 2048 bit
-		dknewkey --ktype rsa $STORAGE_ROOT/mail/dkim/mail
+		dknewkey --ktype rsa "$STORAGE_ROOT/mail/dkim/mail"
 
 		# Force dns entry into the format dns_update.py expects
 		# We use selector mail for the rsa key, to be compatible with earlier installations of Mail-in-a-Box
-		sed -i 's/v=DKIM1;/mail._domainkey IN      TXT      ( "v=DKIM1; s=email;/' $STORAGE_ROOT/mail/dkim/mail.dns
-		echo '" )' >> $STORAGE_ROOT/mail/dkim/mail.dns
+		sed -i 's/v=DKIM1;/mail._domainkey IN      TXT      ( "v=DKIM1; s=email;/' "$STORAGE_ROOT/mail/dkim/mail.dns"
+		echo '" )' >> "$STORAGE_ROOT/mail/dkim/mail.dns"
 	fi
 
 	# Change format from pkcs#8 to pkcs#1, dkimpy seemingly is not able to handle the #8 format
 	# See bug https://bugs.launchpad.net/dkimpy/+bug/1978835
 	line=$(head -n 1 mail.key)
 	if [ ! "$line" = "-----BEGIN RSA PRIVATE KEY-----" ]; then
 		# Generate pkcs#1 key from the pkcs#8 key
-		openssl pkey -in $STORAGE_ROOT/mail/dkim/mail.key -traditional -out $STORAGE_ROOT/mail/dkim/mail.key.1
-		mv -f $STORAGE_ROOT/mail/dkim/mail.key $STORAGE_ROOT/mail/dkim/mail.key.8
-		cp -f $STORAGE_ROOT/mail/dkim/mail.key.1 $STORAGE_ROOT/mail/dkim/mail.key
+		openssl pkey -in "$STORAGE_ROOT/mail/dkim/mail.key" -traditional -out "$STORAGE_ROOT/mail/dkim/mail.key.1"
+		mv -f "$STORAGE_ROOT/mail/dkim/mail.key" "$STORAGE_ROOT/mail/dkim/mail.key.8"
+		cp -f "$STORAGE_ROOT/mail/dkim/mail.key.1" "$STORAGE_ROOT/mail/dkim/mail.key"
 	fi
 fi
 
 if [ ! -f "$STORAGE_ROOT/mail/dkim/box-ed25519.key" ]; then
 	# Generate ed25519 key
-	dknewkey --ktype ed25519 $STORAGE_ROOT/mail/dkim/box-ed25519
+	dknewkey --ktype ed25519 "$STORAGE_ROOT/mail/dkim/box-ed25519"
 
 	# For the ed25519 dns entry, we use selector box-ed25519
-	sed -i 's/v=DKIM1;/box-ed25519._domainkey IN      TXT      ( "v=DKIM1; s=email;/' $STORAGE_ROOT/mail/dkim/box-ed25519.dns
-	echo '" )' >> $STORAGE_ROOT/mail/dkim/box-ed25519.dns
+	sed -i 's/v=DKIM1;/box-ed25519._domainkey IN      TXT      ( "v=DKIM1; s=email;/' "$STORAGE_ROOT/mail/dkim/box-ed25519.dns"
+	echo '" )' >> "$STORAGE_ROOT/mail/dkim/box-ed25519.dns"
 fi
 
 # Ensure files are owned by the dkimpy-milter user and are private otherwise.
-chown -R dkimpy-milter:dkimpy-milter $STORAGE_ROOT/mail/dkim
-chmod go-rwx $STORAGE_ROOT/mail/dkim
+chown -R dkimpy-milter:dkimpy-milter "$STORAGE_ROOT/mail/dkim"
+chmod go-rwx "$STORAGE_ROOT/mail/dkim"
 
 tools/editconf.py /etc/opendmarc.conf -s \
 	"Syslog=true" \

diff --git a/setup/dns.sh b/setup/dns.sh
@@ -106,15 +106,15 @@ if [ ! -f "$STORAGE_ROOT/dns/dnssec/$algo.conf" ]; then
 	# (This previously used -b 2048 but it's unclear if this setting makes sense
 	# for non-RSA keys, so it's removed. The RSA-based keys are not recommended
 	# anymore anyway.)
-	KSK=$(umask 077; cd $STORAGE_ROOT/dns/dnssec; ldns-keygen -r /dev/urandom -a $algo -k _domain_);
+	KSK=$(umask 077; cd "$STORAGE_ROOT/dns/dnssec"; ldns-keygen -r /dev/urandom -a $algo -k _domain_);
 
 	# Now create a Zone-Signing Key (ZSK) which is expected to be
 	# rotated more often than a KSK, although we have no plans to
 	# rotate it (and doing so would be difficult to do without
 	# disturbing DNS availability.) Omit `-k`.
 	# (This previously used -b 1024 but it's unclear if this setting makes sense
 	# for non-RSA keys, so it's removed.)
-	ZSK=$(umask 077; cd $STORAGE_ROOT/dns/dnssec; ldns-keygen -r /dev/urandom -a $algo _domain_);
+	ZSK=$(umask 077; cd "$STORAGE_ROOT/dns/dnssec"; ldns-keygen -r /dev/urandom -a $algo _domain_);
 
 	# These generate two sets of files like:
 	#
@@ -126,7 +126,7 @@ if [ ! -f "$STORAGE_ROOT/dns/dnssec/$algo.conf" ]; then
 	# options. So we'll store the names of the files we just generated.
 	# We might have multiple keys down the road. This will identify
 	# what keys are the current keys.
-	cat > $STORAGE_ROOT/dns/dnssec/$algo.conf << EOF;
+	cat > "$STORAGE_ROOT/dns/dnssec/$algo.conf" << EOF;
 KSK=$KSK
 ZSK=$ZSK
 EOF
@@ -142,7 +142,7 @@ cat > /etc/cron.daily/mailinabox-dnssec << EOF;
 #!/bin/bash
 # Mail-in-a-Box
 # Re-sign any DNS zones with DNSSEC because the signatures expire periodically.
-$(pwd)/tools/dns_update
+$PWD/tools/dns_update
 EOF
 chmod +x /etc/cron.daily/mailinabox-dnssec
 

diff --git a/setup/firstuser.sh b/setup/firstuser.sh
@@ -1,3 +1,4 @@
+#!/bin/bash
 # If there aren't any mail users yet, create one.
 if [ -z "$(management/cli.py user)" ]; then
 	# The outut of "management/cli.py user" is a list of mail users. If there
@@ -10,7 +11,7 @@ if [ -z "$(management/cli.py user)" ]; then
 			input_box "Mail Account" \
 				"Let's create your first mail account.
 				\n\nWhat email address do you want?" \
-				me@$(get_default_hostname) \
+				"me@$(get_default_hostname)" \
 				EMAIL_ADDR
 
 			if [ -z "$EMAIL_ADDR" ]; then
@@ -22,7 +23,7 @@ if [ -z "$(management/cli.py user)" ]; then
 				input_box "Mail Account" \
 					"That's not a valid email address.
 					\n\nWhat email address do you want?" \
-					$EMAIL_ADDR \
+					"$EMAIL_ADDR" \
 					EMAIL_ADDR
 				if [ -z "$EMAIL_ADDR" ]; then
 					# user hit ESC/cancel
@@ -47,11 +48,11 @@ if [ -z "$(management/cli.py user)" ]; then
 	fi
 
 	# Create the user's mail account. This will ask for a password if none was given above.
-	management/cli.py user add $EMAIL_ADDR ${EMAIL_PW:-}
+	management/cli.py user add "$EMAIL_ADDR" "${EMAIL_PW:-}"
 
 	# Make it an admin.
-	hide_output management/cli.py user make-admin $EMAIL_ADDR
+	hide_output management/cli.py user make-admin "$EMAIL_ADDR"
 
 	# Create an alias to which we'll direct all automatically-created administrative aliases.
-	management/cli.py alias add administrator@$PRIMARY_HOSTNAME $EMAIL_ADDR > /dev/null
+	management/cli.py alias add "administrator@$PRIMARY_HOSTNAME" "$EMAIL_ADDR" > /dev/null
 fi