upgrade roundcube

2022-10-20 22:40:01 +02:00 · 2022-10-20 22:40:01 +02:00 · 1de8353ac5
commit 1de8353ac5
parent f66172b86c
12 changed files with 346 additions and 553 deletions
--- a/seed/base-fedora-36/templates/login
+++ b/seed/base-fedora-36/templates/login
@ -1,4 +1,4 @@
-# File from util-linux-*.x86_64 (not installed)
+#GNUNUX File from util-linux-*.x86_64 (not installed)
 #%PAM-1.0
 auth       substack     system-auth
 auth       include      postlogin
--- a/seed/php-fpm/templates/php-fpm.conf
+++ b/seed/php-fpm/templates/php-fpm.conf
@ -23,8 +23,10 @@ pid = /run/php-fpm/php-fpm.pid
 ; If it's set to "syslog", log is sent to syslogd instead of being written
 ; in a local file.
 ; Default Value: /var/log/php-fpm.log
-; GNUNUX error_log = /var/log/php-fpm/error.log
+;>GNUNUX
+;error_log = /var/log/php-fpm/error.log
 error_log = syslog
+;<GNUNUX

 ; syslog_facility is used to specify what type of program is logging the
 ; message. This lets syslogd specify that messages from different facilities
--- a/seed/php-fpm/templates/www.conf
+++ b/seed/php-fpm/templates/www.conf
@ -21,9 +21,15 @@
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
 ; RPM: apache user chosen to provide access to the same directories as httpd
+;>GNUNUX
+;user = apache
 user = %%php_fpm_user
+;<GNUNUX
 ; RPM: Keep a group allowed to write in log dir.
+;>GNUNUX
+;group = apache
 group = %%php_fpm_user
+;<GNUNUX

 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:
@ -52,7 +58,10 @@ listen = /run/php-fpm/www.sock
 ; When POSIX Access Control Lists are supported you can set them using
 ; these options, value is a comma separated list of user/group names.
 ; When set, listen.owner and listen.group are ignored
+;>GNUNUX
+;listen.acl_users = apache,nginx
 listen.acl_users = %%php_fpm_user
+;<GNUNUX
 ;listen.acl_groups =

 ; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
@ -322,7 +331,10 @@ pm.max_spare_servers = 35
 ; The log file for slow requests
 ; Default Value: not set
 ; Note: slowlog is mandatory if request_slowlog_timeout is set
+;>GNUNUX
+;slowlog = /var/log/php-fpm/www-slow.log
 slowlog = syslog
+;<GNUNUX

 ; The timeout for serving a single request after which a PHP backtrace will be
 ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
@ -420,7 +432,10 @@ slowlog = syslog
 ;                specified at startup with the -d argument
 ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
 ;php_flag[display_errors] = off
+;>GNUNUX
+;php_admin_value[error_log] = /var/log/php-fpm/www-error.log
 php_admin_value[error_log] = syslog
+;<GNUNUX
 php_admin_flag[log_errors] = on
 ;php_admin_value[memory_limit] = 128M

@ -432,8 +447,11 @@ php_admin_flag[log_errors] = on
 ;
 ; See warning about choosing the location of these directories on your system
 ; at http://php.net/session.save-path
+;<GNUNUX
+;php_value[session.save_handler] = files
+;php_value[session.save_path]    = /var/lib/php/session
 php_value[session.save_handler] = redis
-;GNUNUX php_value[session.save_path]    = /var/lib/php/session
 ;php_value[session.save_path]    = "tcp://%%redis_client_server_domainname:6379?auth[user]=%%redis_client_username&auth[pass]=%%redis_client_password"
+;>GNUNUX
 php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
 ;php_value[opcache.file_cache]  = /var/lib/php/opcache
--- a/seed/php/templates/php.ini
+++ b/seed/php/templates/php.ini
--- a/seed/roundcube/UPGRADE.md
+++ b/seed/roundcube/UPGRADE.md
@ -0,0 +1 @@
+diff -u /var/lib/machines/roundcube.in.silique.fr/usr/share/factory/./etc/roundcubemail/defaults.inc.php /var/lib/risotto/templates/roundcube.in.silique.fr/./etc/roundcubemail/config.inc.php
--- a/seed/roundcube/applicationservice.yml
+++ b/seed/roundcube/applicationservice.yml
@ -1,7 +1,7 @@
 format: '0.1'
 description: Interface web de consultation des courriels Roundcube
 depends:
-  - base-fedora-35
+  - base-fedora-36
  - postgresql-client
  - imap-client
  - redis-client
--- a/seed/roundcube/dictionaries/31_roundcube.xml
+++ b/seed/roundcube/dictionaries/31_roundcube.xml
@ -5,7 +5,6 @@
      <file owner="root" group="nginx" mode="640">/etc/roundcubemail/config.inc.php</file>
      <file>/etc/nginx/default.d/roundcubemail.conf</file>
      <file source="domain.inc.php" file_type="variable" variable="roundcube_domains">roundcube_config</file>
-      <file>/secrets/roundcube-init.php</file>
      <file engine="none">/static/silique_cloud.svg</file>
      <file engine="none">/static/watermark.html</file>
      <file>/etc/pki/ca-trust/source/anchors/ca_MailServer.crt</file>
--- a/seed/roundcube/manual/image/preinstall/roundcube.sh
+++ b/seed/roundcube/manual/image/preinstall/roundcube.sh
@ -1 +1 @@
-PKG="$PKG roundcubemail php-cli php-pgsql php-pecl-redis5"
+PKG="$PKG roundcubemail php-pgsql php-pecl-redis5"
--- a/seed/roundcube/templates/config.inc.php
+++ b/seed/roundcube/templates/config.inc.php
@ -102,10 +102,7 @@ $config['per_user_logging'] = false;
 $config['smtp_log'] = true;

 // Log successful/failed logins to <log_dir>/userlogins.log or to syslog
-// GNUNUX $config['log_logins'] = false;
-#>GNUNUX
 $config['log_logins'] = false;
-#<GNUNUX

 // Log session debug information/authentication errors to <log_dir>/session.log or to syslog
 $config['session_debug'] = false;
@ -170,8 +167,6 @@ $config['imap_auth_type'] = null;
 //   ],
 // ];
 // Note: These can be also specified as an array of options indexed by hostname
-
-
 $config['imap_conn_options'] = null;

 // IMAP connection timeout, in seconds. Default: 0 (use default_socket_timeout)
@ -241,7 +236,10 @@ $config['imap_disabled_caps'] = [];
 $config['imap_log_session'] = false;

 // Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache' or 'memcached'.
+//>GNUNUX
+//$config['imap_cache'] = null;
 $config['imap_cache'] = 'db';
+//<GNUNUX

 // Enables messages cache. Only 'db' cache is supported.
 // This requires an IMAP server that supports QRESYNC and CONDSTORE
@ -532,7 +530,10 @@ $config['support_url'] = '';
 // file from the currently selected skin. Prepend name/path with a slash to use
 // current skin folder. Remove the slash to point to a file in the Roundcube
 // root directory. It can be also a full URL.
+//>GNUNUX
+//$config['blankpage_url'] = '/watermark.html';
 $config['blankpage_url'] = '/risotto/watermark.html';
+//<GNUNUX

 // Logo image replacement. Specifies location of the image as:
 // - URL relative to the document root of this Roundcube installation
@ -566,7 +567,10 @@ $config['blankpage_url'] = '/risotto/watermark.html';
     "[print]" => "/images/logo_print.png",
   ];
 */
+//>GNUNUX
+//$config['skin_logo'] = null;
 $config['skin_logo'] = '/risotto/silique_cloud.svg';
+//<GNUNUX

 // Automatically register user in Roundcube database on successful (IMAP) logon.
 // Set to false if only registered users should be allowed to the webmail.
@ -584,7 +588,10 @@ $config['log_dir'] = '/var/log/roundcubemail/';

 // Location of temporary saved files such as attachments and cache files
 // must be writeable for the user who runs PHP process (Apache user if mod_php is being used)
+//>GNUNUX
+//$config['temp_dir'] = '/var/lib/roundcubemail/temp/';
 $config['temp_dir'] = '/tmp/';
+//<GNUNUX

 // expire files in temp_dir after 48 hours
 // possible units: s, m, h, d, w
@ -663,7 +670,10 @@ $config['session_samesite'] = null;
 // Make sure the Redis extension (https://pecl.php.net/package/redis) version >= 2.0.0 is installed.
 //
 // Setting this value to 'php' will use the default session save handler configured in PHP
+//>GNUNUX
+//$config['session_storage'] = 'db';
 $config['session_storage'] = 'redis';
+//<GNUNUX

 // List of trusted proxies
 // X_FORWARDED_* and X_REAL_IP headers are only accepted from these IPs
@ -763,11 +773,14 @@ $config['useragent'] = null;
 // try to load host-specific configuration
 // see https://github.com/roundcube/roundcubemail/wiki/Configuration:-Multi-Domain-Setup
 // for more details
+//>GNUNUX
+//$config['include_host_config'] = false;
 $config['include_host_config'] = array(
 %for %%domain in %%roundcube_domains
  "%%domain" => "%%{domain}.inc.php",
 %end for
 );
+//<GNUNUX

 // path to a text file which will be added to each sent message
 // paths are relative to the Roundcube root folder
--- a/seed/roundcube/templates/roundcube-init.php
+++ b/seed/roundcube/templates/roundcube-init.php
@ -1,13 +0,0 @@
-<?php
-//$sql = file_get_contents('/usr/share/roundcubemail/SQL/mysql.initial.sql');
-//$mysqli = mysqli_init();
-//$mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
-//$mysqli->ssl_set(NULL, NULL, "/etc/ssl/certs/ca-bundle.crt", NULL, NULL);
-//$mysqli->real_connect('mariadb_client_server_domainname', 'mariadb_client_username', 'mariadb_client_password', 'mariadb_client_database');
-//$mysqli->multi_query($sql);
-//$mysqli->close();
-$sql = file_get_contents('/usr/share/roundcubemail/SQL/postgres.initial.sql');
-$db = pg_connect("host=%%pg_client_server_domainname port=5432 dbname=%%pg_client_database user=%%pg_client_username password=%%pg_client_password");
-pg_query($db, $sql);
-pg_close($db);
-?>
--- a/seed/roundcube/templates/roundcube.service
+++ b/seed/roundcube/templates/roundcube.service
@ -5,7 +5,8 @@ Before=nginx.service php-fpm.service

 [Service]
 Type=oneshot
-ExecStart=-/usr/bin/php /usr/local/lib/secrets/roundcube-init.php
+Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
+ExecStart=-/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -f /usr/share/roundcubemail/SQL/postgres.initial.sql"

 [Install]
 WantedBy=multi-user.target
--- a/seed/roundcube/templates/roundcubemail.conf
+++ b/seed/roundcube/templates/roundcubemail.conf
@ -1,12 +1,23 @@
+#>GNUNUX
+#location = /roundcubemail {
+#alias /usr/share/roundcubemail/;
 location = / {
    alias %%nginx_root;
+#<GNUNUX
 }

+#>GNUNUX
+#location /roundcubemail/ {
+#    root /usr/share;
 location / {
    root %%nginx_root;
+#<GNUNUX
    index index.php;

+#>GNUNUX
+#    location ~ ^/roundcubemail/bin/(.+)$ {
    location ~ ^/bin/(.+)$ {
+#<GNUNUX
        deny all;
    }
    location ~ ^/plugins/enigma/home/(.+)$ {
@ -16,7 +27,10 @@ location / {
    # Define who can access the installer
    # keep this secured once configured

+#>GNUNUX
+#    location ~ ^/roundcubemail/installer/(.+\.php)$ {
    location ~ ^/installer/(.+\.php)$ {
+#<GNUNUX
        allow 127.0.0.1;
        allow ::1;
        deny all;
@ -32,10 +46,13 @@ location / {
    # Define who can access the Webmail
    # You can enlarge permissions once configured

+#>GNUNUX
+#    location ~ ^/roundcubemail/(.+\.php)$ {
+#    allow 127.0.0.1;
+#    allow ::1;
+#    deny all;
    location ~ ^/(.+\.php)$ {
-# GNUNUX        allow 127.0.0.1;
-# GNUNUX        allow ::1;
-# GNUNUX        deny all;
+#<GNUNUX

        try_files $uri =404;
        fastcgi_intercept_errors on;
@ -46,6 +63,8 @@ location / {
    }
 }

+#>GNUNUX
 location /skins/elastic/risotto {
    alias /usr/local/lib/static/;
 }
+#<GNUNUX
				`@ -0,0 +1 @@`
				`diff -u /var/lib/machines/roundcube.in.silique.fr/usr/share/factory/./etc/roundcubemail/defaults.inc.php /var/lib/risotto/templates/roundcube.in.silique.fr/./etc/roundcubemail/config.inc.php`