From ee920bbf750a688d46bc8fa4d26edda1efba564b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 6 Feb 2018 14:33:23 +0100 Subject: [PATCH] First commit --- LICENSE | 674 +++++++++++++++++++++++++++++++++ README.md | 56 +++ check_process | 45 +++ conf/app.src | 6 + conf/config_horde.exp | 48 +++ conf/gollem_backends.php | 126 ++++++ conf/horde_conf.php | 161 ++++++++ conf/horde_registry.php | 2 + conf/ingo_backends.php | 438 +++++++++++++++++++++ conf/init_horde_install.exp | 12 + conf/nginx.conf | 33 ++ conf/php-fpm.conf | 396 +++++++++++++++++++ conf/php-fpm.ini | 12 + manifest.json | 120 ++++++ scripts/_common.sh | 90 +++++ scripts/backup | 34 ++ scripts/change_url | 85 +++++ scripts/experimental_helper.sh | 11 + scripts/install | 144 +++++++ scripts/remove | 41 ++ scripts/restore | 51 +++ scripts/upgrade | 54 +++ sources/sso_auth.patch | 39 ++ 23 files changed, 2678 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 check_process create mode 100644 conf/app.src create mode 100644 conf/config_horde.exp create mode 100644 conf/gollem_backends.php create mode 100644 conf/horde_conf.php create mode 100644 conf/horde_registry.php create mode 100644 conf/ingo_backends.php create mode 100644 conf/init_horde_install.exp create mode 100644 conf/nginx.conf create mode 100644 conf/php-fpm.conf create mode 100644 conf/php-fpm.ini create mode 100644 manifest.json create mode 100644 scripts/_common.sh create mode 100755 scripts/backup create mode 100644 scripts/change_url create mode 100644 scripts/experimental_helper.sh create mode 100755 scripts/install create mode 100755 scripts/remove create mode 100755 scripts/restore create mode 100755 scripts/upgrade create mode 100644 sources/sso_auth.patch diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..94a9ed0 --- /dev/null +++ b/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/README.md b/README.md new file mode 100644 index 0000000..13b4f39 --- /dev/null +++ b/README.md @@ -0,0 +1,56 @@ +Horde for yunohost +======================== + +*https://www.horde.org/ + +[![Integration level](https://dash.yunohost.org/integration/horde.svg)](https://ci-apps.yunohost.org/jenkins/job/horde%20%28Community%29/lastBuild/consoleFull) + +[![Install Horde with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=horde) + +Install +------- + +From command line: + +`sudo yunohost app install -l horde https://github.com/YunoHost-Apps/horde_ynh` + +Upgrade +------- + +From command line: + +`sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/horde_ynh` + +Issue +----- + +Any issue is welcome here : https://github.com/YunoHost-Apps/horde_ynh/issues + +ActiveSync +---------- + +For calendar, task and addressbook activeSync has been configured but not yet tested. + + +Troubleshotting +--------------- + +**Get Address is missing domain while to try to send an email.** + +- You need to create an identity before send an email. +- To create this go in the settings wheel > Preferences > Global Preferences > Personal Information. +- Complete the form and save it. +- You might be able to sed an email now. + +License +------- + +Horde is published under the GPL-2.0, LGPL-2.1, BSD-2-Clause, ASL, OSI certified +All information about the licence for each part is available here : http://pear.horde.org/ + +TODO +---- + +- [ ] Service auto-discovery test +- [ ] Improve doc +- [ ] Improve https://vm-yh-2.lan/horde/test.php to have all optional dependence installed \ No newline at end of file diff --git a/check_process b/check_process new file mode 100644 index 0000000..f08806c --- /dev/null +++ b/check_process @@ -0,0 +1,45 @@ +# See here for more informations +# https://github.com/YunoHost/package_check#syntax-check_process-file + +# Move this file from check_process.default to check_process when you have filled it. + +;; Test complet + ; Manifest + domain="domain.tld" (DOMAIN) + path="/path" (PATH) + admin="john" (USER) + language="fr" + is_public=1 (PUBLIC|public=1|private=0) + service_autodiscovery=1 + whups_install=1 + sesha_install=1 + ansel_install=1 + wicked_install=1 + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_nourl=0 + setup_private=1 + setup_public=1 + upgrade=1 + backup_restore=1 + multi_instance=1 + incorrect_path=1 + port_already_use=0 + change_url=1 +;;; Levels + Level 1=auto + Level 2=auto + Level 3=auto + # https://github.com/YunoHost-Apps/horde_ynh/blob/master/sources/sso_auth.patch + Level 4=1 + Level 5=auto + Level 6=auto + Level 7=auto + Level 8=0 + Level 9=0 + Level 10=0 +;;; Options +Email= +Notification=none diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..e4dd89f --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=url of app's source +SOURCE_SUM=sha256 checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/config_horde.exp b/conf/config_horde.exp new file mode 100644 index 0000000..f6f5d8a --- /dev/null +++ b/conf/config_horde.exp @@ -0,0 +1,48 @@ +#!/usr/bin/expect +set timeout 10 + +set final_path [lindex $argv 0] +set db_name [lindex $argv 1] +set db_user [lindex $argv 2] +set db_password [lindex $argv 3] +set admin_user [lindex $argv 4] + +spawn php -d include_path=$final_path/pear/php $final_path/pear/webmail-install + +expect "What database backend should we use?" +send "mysql\r"; + +expect "Username to connect to the database as" +send "$db_user\r"; + +expect "Password to connect with" +send "$db_password\r"; + +expect "How should we connect to the database?" +send "tcp\r"; + +expect "Database server/host" +send "localhost\r"; + +expect "Port the DB is running on, if non-standard" +send "3306\r"; + +expect "Database name to use" +send "$db_name\r"; + +expect "Internally used charset" +send "\r"; + +expect "Use SSL to connect to the server?" +send "false\r"; + +expect "Split reads to a different server?" +send "false\r"; + +expect "level to your configured logger." +send "0\r"; + +expect "Specify an existing mail user who you want to give administrator" +send "$admin_user\r"; + +interact \ No newline at end of file diff --git a/conf/gollem_backends.php b/conf/gollem_backends.php new file mode 100644 index 0000000..39f4761 --- /dev/null +++ b/conf/gollem_backends.php @@ -0,0 +1,126 @@ + false, + 'name' => 'Filesystem', + 'driver' => 'file', + 'hordeauth' => true, + 'params' => array( + // The base location under which the user home directories live. + 'vfsroot' => '__GOLLEM_DATA_DIR__', + // The default permissions to set for newly created folders and files. + // 'permissions' => '750' + ), + 'loginparams' => array(), + 'root' => '/', + 'home' => $GLOBALS['registry']->getAuth(), + // 'createhome' => false, + // 'filter' => '^regex$', + // 'quota' => false, + 'shares' => true, + 'attributes' => array( + 'type', + 'name', + 'share', + 'edit', + 'download', + 'modified', + 'size', + ) +); diff --git a/conf/horde_conf.php b/conf/horde_conf.php new file mode 100644 index 0000000..b4d1bdd --- /dev/null +++ b/conf/horde_conf.php @@ -0,0 +1,161 @@ +applications['horde']['webroot'] = '__PATH__'; \ No newline at end of file diff --git a/conf/ingo_backends.php b/conf/ingo_backends.php new file mode 100644 index 0000000..67d4fb9 --- /dev/null +++ b/conf/ingo_backends.php @@ -0,0 +1,438 @@ + true, + 'transport' => array( + Ingo::RULE_ALL => array( + 'driver' => 'null', + 'params' => array(), + ), + ), + 'script' => array( + Ingo::RULE_ALL => array( + 'driver' => 'imap', + 'params' => array(), + ), + ), + 'shares' => false +); + +/* Maildrop Example */ +$backends['maildrop'] = array( + // Disabled by default + 'disabled' => true, + 'transport' => array( + Ingo::RULE_ALL => array( + 'driver' => 'vfs', + 'params' => array( + // Hostname of the VFS server + 'hostspec' => 'localhost', + // Name of the maildrop config file to write + 'filename' => '.mailfilter', + // The path to the .mailfilter filter file, defaults to the + // filters' owner's home directory. + // You can use the following variables: + // %u = name of the filters' owner + // %d = domain name of the filters' owner + // %U = the transport 'username' + // Example: + // '/data/maildrop/filters/%d/%u' + // This would be translated into: + // '/data/maildrop/filters///.mailfilter' + // 'vfs_path' => '/path/to/maildrop', + + // VFS: FTP example + // The VFS driver to use + 'vfstype' => 'ftp', + // Port of the VFS server + 'port' => 21, + // Specify permissions for uploaded files if necessary: + // 'file_perms' => '0640', + + // VFS: SSH2 example + // The VFS driver to use + // 'vfstype' => 'ssh2', + // Port of the VFS server + // 'port' => 22, + ) + ), + ), + 'script' => array( + Ingo::RULE_ALL => array( + 'driver' => 'maildrop', + 'params' => array( + // Any arguments passed to the mailbot command. The -N flag (to + // no include the original, quoted message content has been + // added with Maildrop 2.5.1/Courier 0.65.1. + 'mailbotargs' => '-N', + // What path style does the IMAP server use ['mbox'|'maildir']? + 'path_style' => 'mbox', + // Strip 'INBOX.' from the beginning of folder names in + // generated scripts? + 'strip_inbox' => false, + // An array of variables to append to every generated script. + // Use if you need to set up specific environment variables. + 'variables' => array( + // Example for the $PATH variable + // 'PATH' => '/usr/bin' + ) + ), + ), + ), + 'shares' => false +); + +/* Procmail Example */ +$backends['procmail'] = array( + // Disabled by default + 'disabled' => true, + 'transport' => array( + Ingo::RULE_ALL => array( + 'driver' => 'vfs', + 'params' => array( + // Hostname of the VFS server + 'hostspec' => 'localhost', + // Name of the procmail config file to write + 'filename' => '.procmailrc', + // The path to the .procmailrc filter file, defaults to the + // filters' owner's home directory. + // You can use the following variables: + // %u = name of the filters' owner + // %U = the 'username' from above + // Example: + // '/data/procmail/filters/%u' + // This would be translated into: + // '/data/procmail/filters//.procmailrc' + // 'vfs_path' => '/path/to/procmail', + + // If procmail needs an external command for mail delivery, you + // can specify it below. You can also set a prefix for the + // mailbox name + // eg. for /usr/local/sbin/dmail +INBOX + // 'delivery_agent' => '/usr/local/sbin/dmail', + // 'delivery_mailbox_prefix' => '+', + + // if the GNU utilities cannot be found in the path + // or have different names, you can specify their location below + // 'date' => '/opt/csw/bin/gdate', + // 'echo' => '/opt/csw/bin/gecho', + // 'ls' => '/opt/csw/bin/gls', + + // VFS: FTP example + // The VFS driver to use + 'vfstype' => 'ftp', + // Port of the VFS server + 'port' => 21, + + // VFS: SSH2 example + // The VFS driver to use + // 'vfstype' => 'ssh2', + // Port of the VFS server + // 'port' => 22, + ) + ), + ), + 'script' => array( + Ingo::RULE_ALL => array( + 'driver' => 'procmail', + 'params' => array( + // What path style does the IMAP server use ['mbox'|'maildir']? + 'path_style' => 'mbox', + // An array of variables to append to every generated script. + // Use if you need to set up specific environment variables. + 'variables' => array( + // The $DEFAULT variable. If using Maildir, Ingo will use + // this value as the default unless you explicitly + // configure otherwise. + // 'DEFAULT' => '$HOME/Maildir/', + // The $DEFAULT variable. If using Maildir, Ingo will use + // this value as the default unless you explicitly + // configure otherwise. + // 'MAILDIR' => '$HOME/Maildir', + // Example for the $PATH variable + // 'PATH' => '/usr/bin', + // Example for the $VACATION_DIR variable (used to store + // vacation files) + // 'VACATION_DIR' => '$HOME', + ), + // If you need procmail to be called from .forward in the + // user's home directory, set the file and the content below: + // 'forward_file' => '.forward', + // 'forward_string' => '"|/usr/local/bin/procmail"', + ), + ), + ), + 'shares' => false +); + +/* Sieve Example */ +$backends['sieve'] = array( + // Disabled by default + 'disabled' => false, + 'transport' => array( + Ingo::RULE_ALL => array( + 'driver' => 'timsieved', + 'params' => array( + // NOTE: Ingo by default sends only the bare Horde username + // for authentication. Sieve servers generally need both the + // username and domain. See the 'transport_auth' hook for + // an example on how to change the Ingo default behavior. + + // Hostname of the timsieved server + 'hostspec' => 'localhost', + // Login type of the server + 'logintype' => 'PLAIN', + // Enable/disable TLS encryption + 'usetls' => false, + // Port number of the timsieved server + 'port' => 4190, + // Name of the sieve script + 'scriptname' => 'ingo', + // Enable debugging. The sieve protocol communication is + // logged with the DEBUG level. + 'debug' => false, + ), + ), + ), + 'script' => array( + Ingo::RULE_ALL => array( + 'driver' => 'sieve', + 'params' => array( + // If true, use the deprecated 'imapflags' extension to set + // flag status instead of the newer, standardized + // 'imap4flags'. + // 'imapflags' => true, + + // If true, use the deprecated 'notify' extension instead of + // the newer, standardized 'enotify'. + // 'notify' => true, + + // If using Dovecot or any other Sieve implementation that + // requires folder names to be UTF-8 encoded, set this + // parameter to true. + 'utf8' => false, + ), + ), + ), + 'shares' => false +); + +/* sivtest Example */ +$backends['sivtest'] = array( + // Disabled by default + 'disabled' => true, + 'transport' => array( + Ingo::RULE_ALL => array( + 'driver' => 'sivtest', + 'params' => array( + // Hostname of the timsieved server + 'hostspec' => 'localhost', + // Login type of the server + 'logintype' => 'GSSAPI', + // Enable/disable TLS encryption + 'usetls' => true, + // Port number of the timsieved server + 'port' => 4190, + // Name of the sieve script + 'scriptname' => 'ingo', + // Location of sivtest + 'command' => '/usr/bin/sivtest', + // name of the socket we're using + 'socket' => Horde::getTempDir() . '/sivtest.' + . uniqid(mt_rand()) . '.sock', + ), + ), + ), + 'script' => array( + Ingo::RULE_ALL => array( + 'driver' => 'sieve', + 'params' => array(), + ), + ), + 'shares' => false, +); + +/* Sun ONE/JES Example (LDAP/Sieve) */ +$backends['ldapsieve'] = array( + // Disabled by default + 'disabled' => true, + 'transport' => array( + Ingo::RULE_ALL => array( + 'driver' => 'ldap', + 'params' => array( + // Hostname of the ldap server + 'hostspec' => 'localhost', + // Port number of the timsieved server + 'port' => 389, + // LDAP Protocol Version (default = 2). 3 is required for TLS. + 'version' => 3, + // Whether or not to use TLS. If using TLS, you MUST configure + // OpenLDAP (either /etc/ldap.conf or /etc/ldap/ldap.conf) with + // the CA certificate which signed the certificate of the + // server to which you are connecting. e.g.: + // + // TLS_CACERT /usr/share/ca-certificates/mozilla/Equifax_Secure_CA.crt + // + // You MAY have problems if you are using TLS and your server + // is configured to make random referrals, since some OpenLDAP + // libraries appear to check the certificate against the + // original domain name, and not the referred-to domain. This + // can be worked around by putting the following directive in + // the ldap.conf: + // + // TLS_REQCERT never + 'tls' => true, + // Bind DN (for bind and script distinguished names, %u is + // replaced with username, and %d is replaced with the internet + // domain components (e.g. "dc=example, dc=com") if available). + 'bind_dn' => 'cn=ingo, ou=applications, dc=example, dc=com', + // Bind password. If not provided, user's password is used + // (useful when bind_dn contains %u). + 'bind_password' => 'secret', + // How to find user object. + 'script_base' => 'ou=People, dc=example, dc=com', + 'script_filter' => '(uid=%u)', + // Attribute script is stored in. Will not touch non-Ingo + // scripts. + 'script_attribute' => 'mailSieveRuleSource' + ), + ), + ), + 'script' => array( + Ingo::RULE_ALL => array( + 'driver' => 'sieve', + 'params' => array() + ), + ), +); + +/* ISPConfig Example */ +$backends['ispconfig'] = array( + 'disabled' => true, + 'transport' => array( + Ingo::RULE_ALL => array( + 'driver' => 'ispconfig', + // enabling transport_auth() in hooks.php is likely to be required + 'params' => array( + 'soap_uri' => 'http://ispconfig-webinterface.example.com:8080/remote/', + // This user must be created in the ISPConfig webinterface + // under System -> Remote Users. The required permissions + // ("functions") is "mail user functions" only. + 'soap_user' => 'horde', + 'soap_pass' => 'secret' + ), + ), + ), + 'script' => array( + Ingo::RULE_ALL => array( + 'driver' => 'ispconfig', + 'params' => array() + ), + ), + 'shares' => false +); + +/* Custom SQL Example */ +$backends['customsql'] = array( + 'disabled' => true, + 'transport' => array( + Ingo::RULE_ALL => array( + 'driver' => 'sql', + 'params' => $GLOBALS['conf']['sql'], + ), + ), + 'script' => array( + Ingo::RULE_ALL => array( + 'driver' => 'customsql', + 'params' => array( + 'vacation_unset' => 'UPDATE vacation SET active = 0 WHERE user = %u', + 'vacation_set' => 'REPLACE INTO vacation (active, subject, message, user) VALUES (1, %s, %m, %u)' + ), + ), + ), + 'shares' => false +); diff --git a/conf/init_horde_install.exp b/conf/init_horde_install.exp new file mode 100644 index 0000000..8aacdde --- /dev/null +++ b/conf/init_horde_install.exp @@ -0,0 +1,12 @@ +#!/usr/bin/expect +set timeout 10 + +set final_path [lindex $argv 0] +set horde_path [lindex $argv 1] + +spawn $final_path/pear/pear -c $final_path/pear.conf run-scripts horde/horde_role + +expect "Filesystem location for the base Horde application" +send "$horde_path\r"; + +interact diff --git a/conf/nginx.conf b/conf/nginx.conf new file mode 100644 index 0000000..86915f6 --- /dev/null +++ b/conf/nginx.conf @@ -0,0 +1,33 @@ +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + + # Path to source + alias __FINALPATH__/horde/ ; + + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + index index.php; + + # Common parameter to increase upload size limit in conjuction with dedicated php-fpm file + client_max_body_size 50M; + + try_files $uri $uri/ index.php; + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + # PHP configuration end + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; + more_clear_input_headers 'Accept-Encoding'; +} + + diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf new file mode 100644 index 0000000..7a96990 --- /dev/null +++ b/conf/php-fpm.conf @@ -0,0 +1,396 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[__NAMETOCHANGE__] + +; Per pool prefix +; It only applies on the following directives: +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock + +; Set listen(2) backlog. A value of '-1' means unlimited. +; Default Value: 128 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 128 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_slowlog_timeout = 5s + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = __FINALPATH__ + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +catch_workers_output = yes + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M + +; Special settings for Horde +php_value[include_path] = "__FINALPATH__/pear/php:.:__FINALPATH__/horde/lib" +env[PHP_PEAR_SYSCONF_DIR] = __FINALPATH__ diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini new file mode 100644 index 0000000..fe7176e --- /dev/null +++ b/conf/php-fpm.ini @@ -0,0 +1,12 @@ +; Common values to change to increase file upload limit +; upload_max_filesize = 50M +; post_max_size = 50M +; mail.add_x_header = Off + +; Other common parameters +; max_execution_time = 600 +; max_input_time = 300 +; memory_limit = 256M +; short_open_tag = On +session.gc_divisor = 20000 +session.gc_probability = 1 \ No newline at end of file diff --git a/manifest.json b/manifest.json new file mode 100644 index 0000000..47fd91b --- /dev/null +++ b/manifest.json @@ -0,0 +1,120 @@ +{ + "name": "Horde", + "id": "horde", + "packaging_format": 1, + "description": { + "en": "A groupware (webmail, adressbook, calendar) witch use PHP", + "fr": "Un groupware (webmail, carnet adresses, agenda), utilisant PHP." + }, + "version": "5.2.22~ynh1", + "url": "https://www.horde.org/", + "license": "LGPL-2.0", + "maintainer": { + "name": "Josué Tille", + "email": "josue@tille.ch" + }, + "requirements": { + "yunohost": ">= 2.7.2" + }, + "multi_instance": true, + "services": [ + "nginx", + "php5-fpm", + "mysql" + ], + "arguments": { + "install" : [ + { + "name": "domain", + "type": "domain", + "ask": { + "en": "Choose a domain name for Horde", + "fr": "Choisissez un nom de domaine pour Horde" + }, + "example": "example.com" + }, + { + "name": "path", + "type": "path", + "ask": { + "en": "Choose a path for Horde", + "fr": "Choisissez un chemin pour Horde" + }, + "example": "/horde", + "default": "/horde" + }, + { + "name": "admin", + "type": "user", + "ask": { + "en": "Choose an admin user", + "fr": "Choisissez l’administrateur" + }, + "example": "johndoe" + }, + { + "name": "is_public", + "type": "boolean", + "ask": { + "en": "Is it a public server ?", + "fr": "Est-ce un serveur publique ?" + }, + "default": 0 + }, + { + "name": "service_autodiscovery", + "type": "boolean", + "ask": { + "en": "Would you like to enable the caldDav/cardDAV service autodiscovery ?", + "fr": "Voulez-vous activer l'autodécouverte des services calDAV/cardDAV ?" + }, + "default": 0 + }, + { + "name": "language", + "ask": { + "en": "Choose the application language", + "fr": "Choisissez la langue de l'application" + }, + "choices": [ + "bg", "de", "en", "es", "fi", "fo", "fr", "hr", "hu", + "id", "is", "it", "lt", "lv", "mg", "mk", "mt", "nl", + "pl", "pt", "ro", "ru", "sk", "so", "th", "tr", "uz" + ], + "default": "en" + }, + { + "name": "whups_install", + "type": "boolean", + "ask": { + "en": "Install a ticket-tracking system (Whups) ?" + }, + "default": 0 + }, + { + "name": "sesha_install", + "type": "boolean", + "ask": { + "en": "Install a Inventory Manager (Sesha) ?" + }, + "default": 0 + }, + { + "name": "ansel_install", + "type": "boolean", + "ask": { + "en": "Install a full featured phpto management (Ansel) ?" + }, + "default": 0 + }, + { + "name": "wicked_install", + "type": "boolean", + "ask": { + "en": "Install a Wiki (Wicked) ?" + }, + "default": 0 + } + ] + } +} \ No newline at end of file diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..061e39c --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,90 @@ +#!/bin/bash + +app=$YNH_APP_INSTANCE_NAME +gollem_data_dir="/home/yunohost.app/$app" + +install_dependance() { + ynh_install_app_dependencies php-pear expect php5-imagick php5-tidy +} + +patch_app() { + local old_dir=$(pwd) + (cd "$final_path/horde" && patch -p1 < $YNH_CWD/../sources/sso_auth.patch) || echo "Unable to apply patches" + cd $old_dir +} + +config_horde() { + ynh_backup_if_checksum_is_different "$final_path/horde/config/conf.php" + ynh_backup_if_checksum_is_different "$final_path/horde/config/registry.local.php" + ynh_backup_if_checksum_is_different "$final_path/horde/gollem/config/backends.local.php" + ynh_backup_if_checksum_is_different "$final_path/horde/ingo/config/backends.local.php" + + cp ../conf/horde_conf.php "$final_path/horde/config/conf.php" + ynh_replace_string "__DOMAIN__" "$domain" "$final_path/horde/config/conf.php" + ynh_replace_string "__PATH__" "$path_url" "$final_path/horde/config/conf.php" + ynh_replace_string "__FINAL_PATH__" "$final_path" "$final_path/horde/config/conf.php" + ynh_replace_string "__DB_NAME__" "$db_name" "$final_path/horde/config/conf.php" + ynh_replace_string "__DB_USER__" "$db_user" "$final_path/horde/config/conf.php" + ynh_replace_string "__DB_PASSWORD__" "$db_pwd" "$final_path/horde/config/conf.php" + ynh_replace_string "__ADMIN_USER__" "$admin" "$final_path/horde/config/conf.php" + ynh_replace_string "__SECRET_KEY__" "$secret_key" "$final_path/horde/config/conf.php" + + cp ../conf/horde_registry.php "$final_path/horde/config/registry.local.php" + ynh_replace_string "__PATH__" "$path_url" "$final_path/horde/config/registry.local.php" + + cp ../conf/gollem_backends.php "$final_path/horde/gollem/config/backends.local.php" + ynh_replace_string "__GOLLEM_DATA_DIR__" "$gollem_data_dir" "$final_path/horde/gollem/config/backends.local.php" + + cp ../conf/ingo_backends.php "$final_path/horde/ingo/config/backends.local.php" + + ynh_store_file_checksum "$final_path/horde/config/conf.php" + ynh_store_file_checksum "$final_path/horde/config/registry.local.php" + ynh_store_file_checksum "$final_path/horde/gollem/config/backends.local.php" + ynh_store_file_checksum "$final_path/horde/ingo/config/backends.local.php" +} + +config_nginx() { + if [ "$path_url" != "/" ] + then + ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" + fi + ynh_add_nginx_config + [[ $service_autodiscovery ]] && add_nginx_autodiscovery + ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" +} + +add_nginx_autodiscovery() { + nginx_domain_path=/etc/nginx/conf.d/$domain.d/* + nginx_config_path="/etc/nginx/conf.d/$domain.d/$app.conf" + grep "/Microsoft-Server-ActiveSync" $nginx_domain_path || echo "location /Microsoft-Server-ActiveSync { + return 301 https://\$server_name$path_url/rpc.php; + } + " >> "$nginx_config_path" + + grep "/autodiscover/autodiscover.xml" $nginx_domain_path || echo "location /autodiscover/autodiscover.xml { + return 301 https://\$server_name$path_url/rpc.php; + } + " >> "$nginx_config_path" + + grep "/Autodiscover/Autodiscover.xml" $nginx_domain_path || echo "location /Autodiscover/Autodiscover.xml { + return 301 https://\$server_name$path_url/rpc.php; + } + " >> "$nginx_config_path" + + grep "/.well-known/caldav" $nginx_domain_path || echo "location /.well-known/caldav { + return 301 https://\$server_name$path_url/rpc.php; + } + " >> "$nginx_config_path" + + grep "/.well-known/carddav" $nginx_domain_path || echo "location /.well-known/carddav { + return 301 https://\$server_name$path_url/rpc.php; + } + " >> "$nginx_config_path" +} + +set_permission() { + chown -R www-data:$app $final_path + chown -R www-data:$app $gollem_data_dir + chmod u=rwX,g=rwX,o= -R $final_path + chmod u=rwX,g=rwX,o= -R $gollem_data_dir +} \ No newline at end of file diff --git a/scripts/backup b/scripts/backup new file mode 100755 index 0000000..8068fe0 --- /dev/null +++ b/scripts/backup @@ -0,0 +1,34 @@ +#!/bin/bash + +# Source YunoHost helpers +source /usr/share/yunohost/helpers + +# Stop script if errors +ynh_abort_if_errors + +# Import common cmd +source ../settings/scripts/experimental_helper.sh +source ../settings/scripts/_common.sh + +# LOAD SETTINGS +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) + +# BACKUP THE APP MAIN DIR +ynh_backup "$final_path" + +# Backup user data +ynh_backup "$gollem_data_dir" "user_data" 1 + +# BACKUP THE NGINX CONFIGURATION +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +# BACKUP THE PHP-FPM CONFIGURATION +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" + +# BACKUP THE MYSQL DATABASE +ynh_mysql_dump_db "$db_name" > db.sql \ No newline at end of file diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..d7b2131 --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,85 @@ +#!/bin/bash + +# IMPORT GENERIC HELPERS +source /usr/share/yunohost/helpers + +cp -r /etc/yunohost/apps/horde/conf ../ # Quick hack for https://github.com/YunoHost/yunohost/pull/427 + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +# Import common cmd +source ./experimental_helper.sh +source ./_common.sh + +# RETRIEVE ARGUMENTS +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH +app=$YNH_APP_INSTANCE_NAME + +admin=$(ynh_app_setting_get $app admin) +final_path=$(ynh_app_setting_get $app final_path) +port=$(ynh_app_setting_get $app port) +secret_key=$(ynh_app_setting_get $app secret_key) +db_name=$(ynh_app_setting_get $app db_name) +db_user=$(ynh_app_setting_get $app db_user) +db_pwd=$(ynh_app_setting_get $app mysqlpwd) + +# CHECK THE SYNTAX OF THE PATHS +test -n "$old_path" || old_path="/" +test -n "$new_path" || new_path="/" +new_path=$(ynh_normalize_url_path $new_path) +old_path=$(ynh_normalize_url_path $old_path) + +domain="$new_domain" +path_url="$new_path" + +# CHECK WHICH PARTS SHOULD BE CHANGED +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +# MODIFY URL IN NGINX CONF +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the nginx config file +# if [ $change_path -eq 1 ] +# then +# # Make a backup of the original nginx config file if modified +# ynh_backup_if_checksum_is_different "$nginx_conf_path" +# # Replace locations starting with old_path +# # Look for every location possible patterns (see https://nginx.org/en/docs/http/ngx_http_core_module.html#location) +# ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? $old_path" "location\1 $new_path" "$nginx_conf_path" +# # Replace path in "return" directives +# ynh_replace_string "return \([[:digit:]]\{3\}\) $old_path" "return \1 $new_path" "$nginx_conf_path" +# # Calculate and store the nginx config file checksum +# ynh_store_file_checksum "$nginx_conf_path" +# fi + +# Change the domain for nginx +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum "$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +config_nginx + +# Update horde config +config_horde + +# RELOAD NGINX +systemctl reload nginx diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh new file mode 100644 index 0000000..aa1c2df --- /dev/null +++ b/scripts/experimental_helper.sh @@ -0,0 +1,11 @@ + +# Delete a file checksum from the app settings +# +# $app should be defined when calling this helper +# +# usage: ynh_remove_file_checksum file +# | arg: file - The file for which the checksum will be deleted +ynh_delete_file_checksum () { + local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' + ynh_app_setting_delete $app $checksum_setting_name +} \ No newline at end of file diff --git a/scripts/install b/scripts/install new file mode 100755 index 0000000..5344da7 --- /dev/null +++ b/scripts/install @@ -0,0 +1,144 @@ +#!/bin/bash + +# IMPORT GENERIC HELPERS +source /usr/share/yunohost/helpers + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +# Import common cmd +source ./experimental_helper.sh +source ./_common.sh + +# RETRIEVE ARGUMENTS FROM THE MANIFEST +domain=$YNH_APP_ARG_DOMAIN +path_url=$(ynh_normalize_url_path $YNH_APP_ARG_PATH) +admin=$YNH_APP_ARG_ADMIN +is_public=$YNH_APP_ARG_IS_PUBLIC +service_autodiscovery=$YNH_APP_ARG_SERVICE_AUTODISCOVERY +language=$YNH_APP_ARG_LANGUAGE +whups_install=$YNH_APP_ARG_WHUPS_INSTALL +sesha_install=$YNH_APP_ARG_SESHA_INSTALL +ansel_install=$YNH_APP_ARG_ANSEL_INSTALL +wicked_install=$YNH_APP_ARG_WICKED_INSTALL + +# Set variable +final_path="/var/www/$app" + +# STORE SETTINGS FROM MANIFEST +ynh_app_setting_set $app admin $admin +ynh_app_setting_set $app language $language +ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set $app is_public $is_public +ynh_app_setting_set $app service_autodiscovery $service_autodiscovery +ynh_app_setting_set $app whups_install $whups_install +ynh_app_setting_set $app sesha_install $sesha_install +ynh_app_setting_set $app ansel_install $ansel_install +ynh_app_setting_set $app wicked_install $wicked_install + +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url + +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +test ! -e "$final_path" || ynh_die "This path already contains a folder" + +# Set list of optionnal app to install +optionnal_apps_list="" + +if [[ $whups_install == 1 ]] +then + optionnal_apps_list="$optionnal_apps_list horde/whups" +fi +if [[ $sesha_install == 1 ]] +then + optionnal_apps_list="$optionnal_apps_list horde/sesha" +fi +# if [[ $ansel_install == 1 ]] +# then +# optionnal_apps_list="$optionnal_apps_list horde/ansel" +# fi +if [[ $wicked_install == 1 ]] +then + optionnal_apps_list="$optionnal_apps_list horde/wicked" +fi + +# Enable all necessary locales +if [[ "$language" != "en" ]] +then + locale_lang=$(egrep -i "(${language})_\1\.UTF-8" /etc/locale.gen | egrep -o "[a-z]{2}_[A-Z]{2}\.UTF-8") + ynh_replace_string "^#\s$locale_lang" "$locale_lang" /etc/locale.gen + locale-gen +fi + +# INSTALL DEPENDENCIES +install_dependance + +# CREATE A MYSQL DATABASE +db_name=$(ynh_sanitize_dbid $app) +db_user=$db_name +ynh_app_setting_set $app db_name $db_name +ynh_app_setting_set $app db_user $db_user +db_pwd=$(ynh_string_random 15) +ynh_mysql_setup_db $db_name $db_user $db_pwd + +# Create a system user +ynh_system_user_create $app + +# Set execution for expect scripts +chmod +x ../conf/init_horde_install.exp +chmod +x ../conf/config_horde.exp + +# Install horde by pear +mkdir $final_path +mkdir $final_path/data +mkdir -p $gollem_data_dir + +pear config-create "$final_path" "$final_path/pear.conf" +pear -c "$final_path/pear.conf" install -o -f pear + +pear_cmd="$final_path/pear/pear -c $final_path/pear.conf" + +$pear_cmd config-set auto_discover 1 +$pear_cmd config-set data_dir $final_path/data +$pear_cmd channel-discover pear.horde.org + +$pear_cmd install horde/horde_role + +../conf/init_horde_install.exp "$final_path" "$final_path/horde" + +$pear_cmd config-set horde_dir "$final_path/horde" +$pear_cmd install -a -B horde/webmail $optionnal_apps_list + +PHP_PEAR_SYSCONF_DIR=$final_path ../conf/config_horde.exp "$final_path" "$db_name" "$db_user" "$db_pwd" "$admin" +secret_key=$(grep 'secret_key' "$final_path/horde/config/conf.php" | cut -d"'" -f4) +ynh_app_setting_set $app secret_key "$secret_key" + +# Patch the app +patch_app + +# Configure Horde +config_horde + +# Create a dedicated nginx config +config_nginx + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +# SECURE FILES AND DIRECTORIES +set_permission + +# configure the sso +if [ "$is_public" = "0" ]; +then # Retire l'accès public + ynh_app_setting_delete $app skipped_uris +else + ynh_app_setting_set $app skipped_uris "/" +fi + +# SETUP LOGROTATE +ynh_use_logrotate $final_path/horde +ynh_use_logrotate $final_path/horde/services +ynh_use_logrotate $final_path/horde/services/portal diff --git a/scripts/remove b/scripts/remove new file mode 100755 index 0000000..3f77ef8 --- /dev/null +++ b/scripts/remove @@ -0,0 +1,41 @@ +#!/bin/bash + +# Source YunoHost helpers +source /usr/share/yunohost/helpers + +# Import common cmd +source ./experimental_helper.sh +source ./_common.sh + +# Retrieve app settings +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get $app domain) +port=$(ynh_app_setting_get $app port) +db_name=$(ynh_app_setting_get $app db_name) +db_user=$(ynh_app_setting_get $app db_user) +final_path=$(ynh_app_setting_get $app final_path) + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db $db_user $db_name + +# Remove the app directory securely +ynh_secure_remove "$final_path" + +# Remove user data +ynh_secure_remove "$gollem_data_dir" + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +# Delete a system user +ynh_system_user_delete $app + +# Remove the app-specific logrotate config +ynh_remove_logrotate \ No newline at end of file diff --git a/scripts/restore b/scripts/restore new file mode 100755 index 0000000..78ed786 --- /dev/null +++ b/scripts/restore @@ -0,0 +1,51 @@ +#!/bin/bash + +# Source YunoHost helpers +source /usr/share/yunohost/helpers + +# Stop script if errors +ynh_abort_if_errors + +# Import common cmd +source ../settings/scripts/experimental_helper.sh +source ../settings/scripts/_common.sh + +# LOAD SETTINGS +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) + +# CHECK IF THE APP CAN BE RESTORED +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " + +# Define and install dependencies +install_dependance + +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +# Restore all config and data +ynh_restore + +# RESTORE THE MYSQL DATABASE +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_mysql_setup_db $db_name $db_name $db_pwd +ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql + +# SECURE FILES AND DIRECTORIES +set_permission + +# SETUP LOGROTATE +ynh_use_logrotate $final_path/horde +ynh_use_logrotate $final_path/horde/services +ynh_use_logrotate $final_path/horde/services/portal + +# Reload services +systemctl reload php5-fpm +systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade new file mode 100755 index 0000000..bae1873 --- /dev/null +++ b/scripts/upgrade @@ -0,0 +1,54 @@ +#!/bin/bash + +# IMPORT GENERIC HELPERS +source /usr/share/yunohost/helpers + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +# Import common cmd +source ./experimental_helper.sh +source ./_common.sh + + +# LOAD SETTINGS +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_normalize_url_path $(ynh_app_setting_get $app path)) +admin=$(ynh_app_setting_get $app admin) +service_autodiscovery=$(ynh_app_setting_get $app service_autodiscovery) +final_path=$(ynh_app_setting_get $app final_path) +port=$(ynh_app_setting_get $app port) +secret_key=$(ynh_app_setting_get $app secret_key) +db_name=$(ynh_app_setting_get $app db_name) +db_user=$(ynh_app_setting_get $app db_user) +db_pwd=$(ynh_app_setting_get $app mysqlpwd) + +# Backup the current version of the app +ynh_backup_before_upgrade + +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +# INSTALL DEPENDENCIES +install_dependance + +# Upgrade Horde by PEAR +pear_cmd="$final_path/pear/pear -c $final_path/pear.conf" +$pear_cmd channel-update pear.horde.org +$pear_cmd upgrade -R $final_path -a -B -c pear.horde.org + +# Patch the app +patch_app + +# Configure Horde +config_horde + +# NGINX CONFIGURATION +config_nginx + +# SECURE FILES AND DIRECTORIES +set_permission \ No newline at end of file diff --git a/sources/sso_auth.patch b/sources/sso_auth.patch new file mode 100644 index 0000000..ed0e7a8 --- /dev/null +++ b/sources/sso_auth.patch @@ -0,0 +1,39 @@ +diff -Naur a/login.php b/login.php +--- a/login.php 2018-01-06 22:18:02.000000000 +0100 ++++ b/login.php 2018-01-06 23:13:50.562577137 +0100 +@@ -130,7 +130,8 @@ + /* Explicitly set language in un-authenticated session. */ + $registry->setLanguage($GLOBALS['language']); + } elseif (Horde_Util::getPost('login_post') || +- Horde_Util::getPost('login_button')) { ++ Horde_Util::getPost('login_button') || ++ !empty($_SERVER['REMOTE_USER'])) { + $select_view = Horde_Util::getPost('horde_select_view'); + if ($select_view == 'mobile_nojs') { + $nojs = true; +@@ -144,6 +145,16 @@ + 'password' => Horde_Util::getPost('horde_pass'), + 'mode' => $select_view + ); ++ $user = Horde_Util::getPost('horde_user'); ++ ++ /* Get auth from SSO */ ++ if ($_SERVER['PHP_AUTH_PW']) { ++ $auth_params = array( ++ 'password' => $_SERVER['PHP_AUTH_PW'], ++ 'mode' => $select_view ++ ); ++ $user = $_SERVER['REMOTE_USER']; ++ } + + try { + $result = $auth->getLoginParams(); +@@ -152,7 +163,7 @@ + } + } catch (Horde_Exception $e) {} + +- if ($auth->authenticate(Horde_Util::getPost('horde_user'), $auth_params)) { ++ if ($auth->authenticate($user, $auth_params)) { + Horde::log( + sprintf( + 'Login success for %s to %s (%s)',