commit eb43d2e8c56d26f588e00fa947b77f89d5df6b1b Author: Jérôme Lebleu Date: Mon Mar 28 22:14:19 2016 +0200 [enh] Initial commit for new app based on Kloadut/roundcube_ynh Since sources where included in the last YunoHost app package, this rebase is intended to have a lighter git repository. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d38c149 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.swp +*~ diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..7596b51 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "sources/plugins/ldapAliasSync"] + path = sources/plugins/ldapAliasSync + url = https://github.com/dim-0/ldapAliasSync diff --git a/README.md b/README.md new file mode 100644 index 0000000..09193f2 --- /dev/null +++ b/README.md @@ -0,0 +1,23 @@ +Roundcube for YunoHost +---------------------- + +This is a work-in-progress package review to update Roundcube to 1.1.x +and make use of new YunoHost facilities - e.g. app helpers. + +**Please note that upgrade from official app has not been fully tested +and so is not safe yet. Use this app at your own risk, but feel free to +report issues and/or improvements!** + +## TODO + + * Ask for rcmcarddav installation and/or check if *Baikal* is installed. + * Update backup/restore scripts. + * Improve installation and upgrade since composer take a long time + expecially when fetching repositories. + * ... + +## Links ## + +Roundcube: https://roundcube.net/ + +YunoHost: https://yunohost.org/ diff --git a/conf/config.inc.php b/conf/config.inc.php new file mode 100644 index 0000000..6d6b7b9 --- /dev/null +++ b/conf/config.inc.php @@ -0,0 +1,161 @@ + 'YunoHost Users', + 'hosts' => array('localhost'), + 'port' => 389, + 'user_specific' => false, + 'base_dn' => 'ou=users,dc=yunohost,dc=org', + 'scope' => 'list', + 'filter' => '(objectClass=mailAccount)', + 'hidden' => false, + 'searchonly' => true, + 'fieldmap' => array( + 'name' => 'uid', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'email' => 'mail:*', + ), +); + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// -- new_user_identity +// The id of the address book to use to automatically set a +// user's full name in their new identity. +$config['new_user_identity_addressbook'] = 'yunohost'; + +// -- http_authentication +// Redirect the client to this URL after logout. +$main_domain = exec('cat /etc/yunohost/current_host'); +$config['logout_url'] = 'https://'.$main_domain.'/yunohost/sso/?action=logout'; + +// -- ldapAliasSync +$config['ldapAliasSync'] = array( + // Mail parameters + 'mail' => array( + 'dovecot_seperator' => '*', + ), + // LDAP parameters + 'ldap' => array( + 'bind_dn' => '', + ), + # 'user_search' holds all config variables for the user search + 'user_search' => array( + 'base_dn' => 'uid=%local,ou=users,dc=yunohost,dc=org', + 'filter' => '(objectClass=mailAccount)', + 'mail_by' => 'attribute', + 'attr_mail' => 'mail', + 'attr_name' => 'cn', + ), + # 'alias_search' holds all config variables for the alias search + 'alias_search' => array( + 'base_dn' => 'uid=%local,ou=users,dc=yunohost,dc=org', + 'filter' => '(objectClass=mailAccount)', + 'mail_by' => 'attribute', + 'attr_mail' => 'mailalias', + 'attr_name' => 'cn', + ), +); diff --git a/conf/nginx.conf b/conf/nginx.conf new file mode 100644 index 0000000..84b835f --- /dev/null +++ b/conf/nginx.conf @@ -0,0 +1,40 @@ +location #PATH# { + alias #DESTDIR#; + + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + index index.php; + client_max_body_size 10G; + try_files $uri $uri/ /index.php?q=$uri&$args; + + # pass PHP scripts to FastCGI server + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + + fastcgi_pass unix:/var/run/php5-fpm-roundcube.sock; + fastcgi_index index.php; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + include fastcgi_params; + } + + # show YunoHost panel access + include conf.d/yunohost_panel.conf.inc; +} + +# prevent useless logs +location #PATH#/favicon.ico { + access_log off; + log_not_found off; +} + +# deny access to sensitive files +location ~ ^#PATH#/(config|temp|logs)/ { + deny all; +} +location ~ ^#PATH#/(.+/|)\. { + deny all; +} diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf new file mode 100644 index 0000000..47b2ac1 --- /dev/null +++ b/conf/php-fpm.conf @@ -0,0 +1,243 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[#POOLNAME#] + +; Per pool prefix +; It only applies on the following directives: +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php5-fpm-#POOLNAME#.sock + +; Set listen(2) backlog. A value of '-1' means unlimited. +; Default Value: 128 (-1 on FreeBSD and OpenBSD) +;listen.backlog = -1 + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0666 +listen.owner = www-data +listen.group = www-data +listen.mode = 0600 + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives: +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes to be created when pm is set to 'dynamic'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. +; Note: Used when pm is set to either 'static' or 'dynamic' +; Note: This value is mandatory. +pm.max_children = 6 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 3 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 3 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 5 + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. By default, the status page shows the following +; information: +; accepted conn - the number of request accepted by the pool; +; pool - the name of the pool; +; process manager - static or dynamic; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes. +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic') +; The values of 'idle processes', 'active processes' and 'total processes' are +; updated each second. The value of 'accepted conn' is updated in real time. +; Example output: +; accepted conn: 12073 +; pool: www +; process manager: static +; idle processes: 35 +; active processes: 65 +; total processes: 100 +; max children reached: 1 +; By default the status page output is formatted as text/plain. Passing either +; 'html' or 'json' as a query string will return the corresponding output +; syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +pm.status_path = /fpm-status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 120s + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_slowlog_timeout = 5s + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/#POOLNAME#.slow.log + +; Set open file descriptor rlimit. +; Default Value: system defined value +rlimit_files = 4096 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = #DESTDIR# + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +catch_workers_output = yes + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M + +php_value[upload_max_filesize] = 10G +php_value[post_max_size] = 10G +php_value[mail.add_x_header] = Off diff --git a/conf/rcmcarddav.config.inc.php b/conf/rcmcarddav.config.inc.php new file mode 100644 index 0000000..d15db43 --- /dev/null +++ b/conf/rcmcarddav.config.inc.php @@ -0,0 +1,209 @@ +'] = array( + // required attributes + 'name' => '', + 'username' => '', + 'password' => '', + 'url' => '', + + // optional attributes + 'active' => , + 'readonly' => , + 'refresh_time' => '', + 'preemptive_auth' => <1 or 0>, + + // attributes that are fixed (i.e., not editable by the user) and + // auto-updated for this preset + 'fixed' => array( < 0 or more of the other attribute keys > ), + + // hide this preset from CalDAV preferences section so users can't even + // see it + 'hide' => , +); +*/ + +// All values in angle brackets have to be substituted. +// +// The meaning of the different parameters is as follows: +// +// : Unique preset name, must not be '_GLOBAL'. The presetname is +// not user visible and only used for an internal mapping between +// addressbooks created from a preset and the preset itself. You +// should never change this throughout its lifetime. +// +// The following parameters are REQUIRED and need to be specified for any preset. +// +// name: User-visible name of the addressbook. If the server provides +// an additional display name for the addressbooks found for the +// preset, it will be appended in brackets to this name, except +// if carddav_name_only is true (see below). +// +// username: CardDAV username to access the addressbook. Set this setting +// to '%u' to use the roundcube username. +// In case one uses an email address as username there is the +// additional option to choose '%l', which will only use the +// local part of the username (eg: user.name@example.com will +// become user.name). +// +// password: CardDAV password to access the addressbook. Set this setting +// to '%p' to use the roundcube password. The password will not +// be stored in the database when using %p. +// +// url: URL where to find the CardDAV addressbook(s). If the given URL +// refers directly to an addressbook, only this single +// addressbook will be added. If the URL points somewhere in the +// CardDAV space, but _not_ to the location of a particular +// addressbook, the server will be queried for the available +// addressbooks and all of them will be added. You can use %u +// within the URL as a placeholder for the CardDAV username. +// '%l' works the same way as it does for the username field. +// +// The following parameters are OPTIONAL and need to be specified only if the default +// value is not acceptable. +// +// active: If this parameter is false, the addressbook is not used by roundcube +// unless the user changes this setting. +// Default: true +// +// carddav_name_only: +// If this parameter is true, only the server provided displayname +// is used for addressbooks created from this preset, except if +// the server does not provide a display name. +// Default: false +// +// readonly: If this parameter is true, the addressbook will only be +// accessible in read-only mode, i.e., the user will not be able +// to add, modify or delete contacts in the addressbook. +// Default: false +// +// refresh_time: Time interval for that cached versions of the addressbook +// entries should be used, in hours. After this time interval has +// passed since the last pull from the server, it will be +// refreshed when the addressbook is accessed the next time. +// Default: 01:00:00 +// +// preemptive_auth: +// If this parameter is 1, the authentication headers will be sent +// automatically with every request, regardless of the server +// requesting them or not. +// This must be set for ownCloud to work correctly. +// Default: 0 +// +// fixed: Array of parameter keys that must not be changed by the user. +// Note that only fixed parameters will be automatically updated +// for existing addressbooks created from presets. Otherwise the +// user may already have changed the setting, and his change +// would be lost. You can add any of the above keys, but it the +// setting only affects parameters that can be changed via the +// settings pane (e.g., readonly cannot be changed by the user +// anyway). Still only parameters listed as fixed will +// automatically updated if the preset is changed. +// Default: empty, all settings modifiable by user +// +// !!! WARNING: Only add 'url' to the list of fixed addressbooks +// if it _directly_ points to an address book collection. +// Otherwise, the plugin will initially lookup the URLs for the +// collections on the server, and at the next login overwrite it +// with the fixed value stored here. Therefore, if you change the +// URL, you have two options: +// 1) If the new URL is a variation of the old one (e.g. hostname +// change), you can run an SQL UPDATE query directly in the +// database to adopt all addressbooks. +// 2) If the new URL is not easily derivable from the old one, +// change the key of the preset and change the URL. Addressbooks +// belonging to the old preset will be deleted upon the next +// login of the user and freshly created. +// +// hide: Whether this preset should be hidden from the CalDAV listing +// on the preferences page. + + +// How Preset Updates work +// +// Preset addressbooks are created for a user as she logs in. + +//// ** ADDRESSBOOK PRESETS - EXAMPLE: Two Addressbook Presets + +//// Preset 1: Personal +/* +$prefs['Personal'] = array( + // required attributes + 'name' => 'Personal', + // will be substituted for the roundcube username + 'username' => '%u', + // will be substituted for the roundcube password + 'password' => '%p', + // %u will be substituted for the CardDAV username + 'url' => 'https://ical.example.org/caldav.php/%u/Personal', + + 'active' => true, + 'readonly' => false, + 'refresh_time' => '02:00:00', + + 'fixed' => array( 'username' ), + 'hide' => false, +); +*/ + +//// Preset 2: Corporate +/* +$prefs['Work'] = array( + 'name' => 'Corporate', + 'username' => 'CorpUser', + 'password' => 'C0rpPasswo2d', + 'url' => 'https://ical.example.org/caldav.php/%u/Corporate', + + 'fixed' => array( 'name', 'username', 'password' ), + 'hide' => true, +); +*/ + +$prefs['baikal'] = array( + // required attributes + 'name' => 'CardDAV', + // will be substituted for the roundcube username + 'username' => '%u', + // will be substituted for the roundcube password + 'password' => '%p', + // %u will be substituted for the CardDAV username + 'url' => 'https://yuno_baikal_domainyuno_baikal_path/card.php/addressbooks/%u/default/', + + 'active' => true, + 'readonly' => false, + 'refresh_time' => '00:05:00', + + 'fixed' => array( 'username', 'password' ), + 'hide' => false, +); + diff --git a/manifest.json b/manifest.json new file mode 100644 index 0000000..5f15862 --- /dev/null +++ b/manifest.json @@ -0,0 +1,45 @@ +{ + "name": "Roundcube", + "id": "roundcube", + "description": { + "en": "Open Source Webmail software", + "fr": "Webmail Open Source" + }, + "url": "http://roundcube.net/", + "maintainer": { + "name": "kload", + "email": "kload@kload.fr" + }, + "multi_instance": "true", + "services": [ + "nginx", + "php5-fpm", + "mysql" + ], + "requirements": { + "yunohost": ">= 2.3.10" + }, + "arguments": { + "install" : [ + { + "name": "domain", + "type": "domain", + "ask": { + "en": "Choose a domain for Roundcube", + "fr": "Choisissez un domaine pour Roundcube" + }, + "example": "domain.org" + }, + { + "name": "path", + "type": "path", + "ask": { + "en": "Choose a path for Roundcube", + "fr": "Choisissez un chemin pour Roundcube" + }, + "example": "/webmail", + "default": "/webmail" + } + ] + } +} diff --git a/patches/00-installto-opts.patch b/patches/00-installto-opts.patch new file mode 100644 index 0000000..fc27f50 --- /dev/null +++ b/patches/00-installto-opts.patch @@ -0,0 +1,32 @@ +--- a/bin/installto.sh 2016-03-26 19:17:32.092002076 +0100 ++++ b/bin/installto.sh 2016-03-26 19:26:37.787511189 +0100 +@@ -23,6 +23,9 @@ + + require_once INSTALL_PATH . 'program/include/clisetup.php'; + ++// get arguments ++$opts = rcube_utils::get_opt(array('f' => 'force', 'y' => 'accept')); ++ + $target_dir = unslashify($_SERVER['argv'][1]); + + if (empty($target_dir) || !is_dir(realpath($target_dir))) +@@ -35,13 +38,15 @@ + + $oldversion = $m[1]; + +-if (version_compare(version_parse($oldversion), version_parse(RCMAIL_VERSION), '>=')) ++if (version_compare(version_parse($oldversion), version_parse(RCMAIL_VERSION), '>=') && !opts['force']) + rcube::raise_error("Installation at target location is up-to-date!", false, true); + +-echo "Upgrading from $oldversion. Do you want to continue? (y/N)\n"; +-$input = trim(fgets(STDIN)); ++if (!opts['accept']) { ++ echo "Upgrading from $oldversion. Do you want to continue? (y/N)\n"; ++ $input = trim(fgets(STDIN)); ++} + +-if (strtolower($input) == 'y') { ++if ($opts['accept'] || strtolower($input) == 'y') { + $err = false; + echo "Copying files to target location..."; + $dirs = array('program','installer','bin','SQL','plugins','skins'); diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..d840d11 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,96 @@ +# +# Common variables +# + +# Roundcube version +VERSION=1.1.4 + +# Roundcube complete tarball checksum +ROUNDCUBE_COMPLETE_MD5="260686b4894896744bffa2d8bb259995" + +# Remote URL to fetch Roundcube complete tarball +ROUNDCUBE_COMPLETE_URL="https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/${VERSION}/roundcubemail-${VERSION}-complete.tar.gz" + +# App package root directory should be the parent folder +PKGDIR=$(cd ../; pwd) + +# +# Common helpers +# + +# Print a message to stderr and exit +# usage: print MSG [RETCODE] +die() { + printf "%s" "$1" 1>&2 + exit "${2:-1}" +} + +# Download and extract Roundcube sources to the given directory +# usage: extract_roundcube_to DESTDIR +extract_roundcube() { + local DESTDIR=$1 + + # retrieve and extract Roundcube tarball + rc_tarball="${DESTDIR}/roundcube.tar.gz" + wget -q -O "$rc_tarball" "$ROUNDCUBE_COMPLETE_URL" \ + || die "Unable to download Roundcube tarball" + echo "$ROUNDCUBE_COMPLETE_MD5 $rc_tarball" | md5sum -c >/dev/null \ + || die "Invalid checksum of downloaded tarball" + tar xf "$rc_tarball" -C "$DESTDIR" --strip-components 1 \ + || die "Unable to extract Roundcube tarball" + rm "$rc_tarball" + + # apply patches + (cd "$DESTDIR" \ + && for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \ + || die "Unable to apply patches to Roundcube" + + # copy composer.json-dist for Roundcube with complete dependencies + cp "${PKGDIR}/sources/composer.json-dist" "${DESTDIR}/composer.json-dist" +} + +# Execute a command as another user +# usage: exec_as USER COMMAND [ARG ...] +exec_as() { + local USER=$1 + shift 1 + + if [[ $USER = $(whoami) ]]; then + eval $@ + else + # use sudo twice to be root and be allowed to use another user + sudo sudo -u "$USER" $@ + fi +} + +# Execute a composer command from a given directory +# usage: composer_exec AS_USER WORKDIR COMMAND [ARG ...] +exec_composer() { + local AS_USER=$1 + local WORKDIR=$2 + shift 2 + + exec_as "$AS_USER" COMPOSER_HOME="${WORKDIR}/.composer" \ + php "${WORKDIR}/composer.phar" $@ \ + -d "${WORKDIR}" --quiet --no-interaction +} + +# Install and initialize Composer in the given directory +# usage: init_composer DESTDIR [AS_USER] +init_composer() { + local DESTDIR=$1 + local AS_USER=${2:-admin} + + # install composer + curl -sS https://getcomposer.org/installer \ + | exec_as "$AS_USER" php -- --quiet --install-dir="$DESTDIR" \ + || die "Unable to install Composer" + + # install composer.json + exec_as "$AS_USER" \ + cp "${DESTDIR}/composer.json-dist" "${DESTDIR}/composer.json" + + # update dependencies to create composer.lock + exec_composer "$AS_USER" "$DESTDIR" update --no-dev \ + || die "Unable to update Roundcube core dependencies" +} diff --git a/scripts/backup b/scripts/backup new file mode 100644 index 0000000..14b17f5 --- /dev/null +++ b/scripts/backup @@ -0,0 +1,28 @@ +#!/bin/bash + +# Retrieve arguments +backup_dir=$1 +app=$2 + +# Set app specific variables +dbname=$app +dbuser=$app + +# Source app helpers +. /usr/share/yunohost/helpers + +# Retrieve app settings +domain=$(ynh_app_setting_get $app domain) +path=$(ynh_app_setting_get $app path) +dbpass=$(ynh_app_setting_get $app mysqlpwd) + +# Copy the app files +DESTDIR="/var/www/$app" +sudo cp -a "$DESTDIR" ./sources + +# Copy the conf files +sudo cp -a "/etc/nginx/conf.d/${domain}.d/${app}.conf" ./nginx.conf +sudo cp -a "/etc/php5/fpm/pool.d/${app}.conf" ./php-fpm.conf + +# Dump the database +mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql diff --git a/scripts/install b/scripts/install new file mode 100644 index 0000000..5a5d78b --- /dev/null +++ b/scripts/install @@ -0,0 +1,107 @@ +#!/bin/bash + +set -e +set -u + +# Retrieve arguments +domain=$1 +path=${2%/} +app=${!#} + +# Load common variables +. ./_common.sh + +# Set app specific variables +dbname=$app +dbuser=$app + +# Source app helpers +. /usr/share/yunohost/helpers + +# TODO: Check domain/path availability with app helper +sudo yunohost app checkurl $domain$path -a $app \ + || die "The path ${domain}${path} is not available for app installation." + +# Check destination directory +DESTDIR="/var/www/$app" +[[ -d $DESTDIR ]] && die \ +"The destination directory '$DESTDIR' already exists.\ + You should safely delete it before installing this app." + +# Create tmp directory and install app inside +TMPDIR=$(ynh_mkdir_tmp) +extract_roundcube "$TMPDIR" +init_composer "$TMPDIR" + +# Generate random DES key & password +deskey=$(ynh_string_random 24) +dbpass=$(ynh_string_random) + +# Initialize database +ynh_mysql_create_db $dbname $dbuser $dbpass +ynh_mysql_connect_as $dbuser $dbpass $dbname \ + < "${TMPDIR}/SQL/mysql.initial.sql" + +# Copy and set Roundcube configuration +rc_conf="${TMPDIR}/config/config.inc.php" +cp ../conf/config.inc.php "$rc_conf" +sed -i "s/#DESKEY#/${deskey}/g" "$rc_conf" +sed -i "s/#DBUSER#/${dbuser}/g" "$rc_conf" +sed -i "s/#DBPASS#/${dbpass}/g" "$rc_conf" +sed -i "s/#DBNAME#/${dbname}/g" "$rc_conf" + +# Install files and set permissions +sudo mv "$TMPDIR" "$DESTDIR" +sudo mkdir -p "${DESTDIR}/logs" "${DESTDIR}/temp" +sudo chown -R www-data: "$DESTDIR" + +# Install some plugins manually +sudo cp -r ../sources/plugins/ldapAliasSync "${DESTDIR}/plugins" +sudo chown -R www-data: "${DESTDIR}/plugins/ldapAliasSync" + +# Install additional plugins +exec_composer www-data "$DESTDIR" require "johndoh/contextmenu dev-release-2.1" +exec_composer www-data "$DESTDIR" require "sblaisot/automatic_addressbook" + +## Install rcmcarddav TODO: if baikal is detected +#sudo yunohost app list -f baikal --json | grep '"installed": true' +#if [ "$?" -eq 0 ]; then +# echo "Detected Baikal" +# +# caldavdomain=$(sudo yunohost app setting baikal domain) +# caldavpath=$(sudo yunohost app setting baikal path) +# caldavpath=${caldavpath%/} +# +# sed -i "s@yuno_baikal_domain@$caldavdomain@g" ../conf/rcmcarddav.config.inc.php +# sed -i "s@yuno_baikal_path@$caldavpath@g" ../conf/rcmcarddav.config.inc.php +# sudo cp ../conf/rcmcarddav.config.inc.php $final_path/plugins/carddav/config.inc.php +# +# sudo sed -i "s@yuno_enable_carddav@True@g" $final_path/config/main.inc.php +# +# mysql -u $dbuser -p$dbpass $dbname < ../sources/plugins/carddav/dbinit/mysql-drop.sql +# mysql -u $dbuser -p$dbpass $dbname < ../sources/plugins/carddav/dbinit/mysql.sql +#else +# mysql -u $dbuser -p$dbpass $dbname < ../sources/plugins/carddav/dbinit/mysql-drop.sql +# sudo sed -i "s@yuno_enable_carddav@False@g" $final_path/config/main.inc.php +#fi + +# Copy and set nginx configuration +nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" +sed -i "s@#PATH#@${path}@g" ../conf/nginx.conf +sed -i "s@#DESTDIR#@${DESTDIR}/@g" ../conf/nginx.conf +sudo cp ../conf/nginx.conf "$nginx_conf" + +# Copy and set php-fpm configuration +phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" +sed -i "s@#POOLNAME#@${app}@g" ../conf/php-fpm.conf +sed -i "s@#DESTDIR#@${DESTDIR}/@g" ../conf/php-fpm.conf +sudo cp ../conf/php-fpm.conf "$phpfpm_conf" +sudo chown root: $phpfpm_conf +sudo chmod 644 $phpfpm_conf + +# Save app settings +ynh_app_setting_set $app mysqlpwd $dbpass + +# Reload services +sudo service php5-fpm restart || true +sudo service nginx reload || true diff --git a/scripts/remove b/scripts/remove new file mode 100644 index 0000000..e88830b --- /dev/null +++ b/scripts/remove @@ -0,0 +1,28 @@ +#!/bin/bash + +# Load common variables and helpers +. ./_common.sh + +# Set app specific variables +app=$1 +dbname=$app +dbuser=$app + +# Source app helpers +. /usr/share/yunohost/helpers + +# Drop MySQL database and user +ynh_mysql_drop_db $dbname || true +ynh_mysql_drop_user $dbuser || true + +# Retrieve domain from app settings +domain=$(ynh_app_setting_get $app domain) + +# Delete app directory and configurations +sudo rm -rf "/var/www/${app}" +sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf" +[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" + +# Reload services +sudo service php5-fpm restart || true +sudo service nginx reload || true diff --git a/scripts/restore b/scripts/restore new file mode 100644 index 0000000..5628f09 --- /dev/null +++ b/scripts/restore @@ -0,0 +1,63 @@ +#!/bin/bash + +# Retrieve arguments +backup_dir=$1 +app=$2 + +# TODO: Put a simple die function in app helpers, redeclare it since +# _common.sh cannot be easily sourced +die() { + printf "%s" "$1" 1>&2 + exit "${2:-1}" +} + +# Set app specific variables +dbname=$app +dbuser=$app + +# Source app helpers +. /usr/share/yunohost/helpers + +# Retrieve old app settings +domain=$(ynh_app_setting_get $app domain) +path=$(ynh_app_setting_get $app path) +dbpass=$(ynh_app_setting_get $app mysqlpwd) + +# TODO: Check domain/path availability with app helper +sudo yunohost app checkurl $domain$path -a $app \ + || die "The path ${domain}${path} is not available for app installation." + +# Check destination directory +DESTDIR="/var/www/$app" +[[ -d $DESTDIR ]] && die \ +"The destination directory '$DESTDIR' already exists.\ + You should safely delete it before restoring this app." + +# Check configuration files +nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" +[[ -f $nginx_conf ]] && die \ +"The NGINX configuration already exists at '${nginx_conf}'. + You should safely delete it before restoring this app." +phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" +[[ -f $phpfpm_conf ]] && die \ +"The PHP FPM configuration already exists at '${phpfpm_conf}'. + You should safely delete it before restoring this app." + +# Restore the app files +sudo cp -a ./sources "$DESTDIR" + +# Create and restore the database +ynh_mysql_create_db $dbname $dbuser $dbpass +ynh_mysql_connect_as $dbuser $dbpass $dbname < ./dump.sql + +# Fix installation directories and permissions +sudo mkdir -p "${DESTDIR}/logs" "${DESTDIR}/temp" +sudo chown -R www-data: "$DESTDIR" + +# Restore configuration files +sudo cp -a ./nginx.conf "$nginx_conf" +sudo cp -a ./php-fpm.conf "$phpfpm_conf" + +# Reload services +sudo service php5-fpm restart || true +sudo service nginx reload || true diff --git a/scripts/upgrade b/scripts/upgrade new file mode 100644 index 0000000..333c422 --- /dev/null +++ b/scripts/upgrade @@ -0,0 +1,107 @@ +#!/bin/bash + +set -e +set -u + +# Load common variables and helpers +. ./_common.sh + +# Set app specific variables +app=${!#} +dbname=$app +dbuser=$app + +# Source app helpers +. /usr/share/yunohost/helpers + +# Retrieve app settings +domain=$(ynh_app_setting_get $app domain) +path=$(ynh_app_setting_get $app path) +dbpass=$(ynh_app_setting_get $app mysqlpwd) + +# Check destination directory +DESTDIR="/var/www/$app" +[[ ! -d $DESTDIR ]] && die \ +"The destination directory '$DESTDIR' does not exist.\ + The app is not correctly installed, you should remove it first." + +# Create tmp directory and install app inside +TMPDIR=$(ynh_mkdir_tmp) +extract_roundcube "$TMPDIR" + +# Install the new Roundcube version +sudo php "${TMPDIR}/bin/installto.sh" "$DESTDIR" --force --accept \ + || die "Unable to update Roundcube installation" +rm -rf "$TMPDIR" + +# Generate a new random DES key +deskey=$(ynh_string_random 24) + +# Copy and set Roundcube configuration +rc_conf="${DESTDIR}/config/config.inc.php" +sed -i "s/#DESKEY#/${deskey}/g" ../conf/config.inc.php +sed -i "s/#DBUSER#/${dbuser}/g" ../conf/config.inc.php +sed -i "s/#DBPASS#/${dbpass}/g" ../conf/config.inc.php +sed -i "s/#DBNAME#/${dbname}/g" ../conf/config.inc.php +sudo cp ../conf/config.inc.php "$rc_conf" + +# Fix installation directories and permissions +sudo mkdir -p "${DESTDIR}/logs" "${DESTDIR}/temp" +sudo chown -R www-data: "$DESTDIR" + +# Check if dependencies need to be updated with composer +if [[ -f ${DESTDIR}/composer.json ]]; then + # TODO: update new Roundcube dependencies versions + exec_composer www-data "$DESTDIR" update --no-dev +else + init_composer "$DESTDIR" +fi + +# Install some plugins manually +sudo rm -rf "${DESTDIR}/plugins/ldapAliasSync" +sudo cp -r ../sources/plugins/ldapAliasSync "${DESTDIR}/plugins" +sudo chown -R www-data: "${DESTDIR}/plugins/ldapAliasSync" + +# Update or install additional plugins +exec_composer www-data "$DESTDIR" require "johndoh/contextmenu dev-release-2.1" +exec_composer www-data "$DESTDIR" require "sblaisot/automatic_addressbook" + +## Install rcmcarddav if baikal is detected +#sudo yunohost app list -f baikal --json | grep '"installed": true' +#if [ "$?" -eq 0 ]; then +# echo "Detected Baikal" +# +# caldavdomain=$(sudo yunohost app setting baikal domain) +# caldavpath=$(sudo yunohost app setting baikal path) +# caldavpath=${caldavpath%/} +# +# sed -i "s@yuno_baikal_domain@$caldavdomain@g" ../conf/rcmcarddav.config.inc.php +# sed -i "s@yuno_baikal_path@$caldavpath@g" ../conf/rcmcarddav.config.inc.php +# sudo cp ../conf/rcmcarddav.config.inc.php $final_path/plugins/carddav/config.inc.php +# +# sudo sed -i "s@yuno_enable_carddav@True@g" $final_path/config/main.inc.php +# +# mysql -u $db_user -p$db_pwd $db_user < ../sources/plugins/carddav/dbinit/mysql-drop.sql +# mysql -u $db_user -p$db_pwd $db_user < ../sources/plugins/carddav/dbinit/mysql.sql +#else +# mysql -u $db_user -p$db_pwd $db_user < ../sources/plugins/carddav/dbinit/mysql-drop.sql +# sudo sed -i "s@yuno_enable_carddav@False@g" $final_path/config/main.inc.php +#fi + +# Copy and set nginx configuration +nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" +sed -i "s@#PATH#@${path}@g" ../conf/nginx.conf +sed -i "s@#DESTDIR#@${DESTDIR}/@g" ../conf/nginx.conf +sudo cp ../conf/nginx.conf "$nginx_conf" + +# Copy and set php-fpm configuration +phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" +sed -i "s@#POOLNAME#@${app}@g" ../conf/php-fpm.conf +sed -i "s@#DESTDIR#@${DESTDIR}/@g" ../conf/php-fpm.conf +sudo cp ../conf/php-fpm.conf "$phpfpm_conf" +sudo chown root: $phpfpm_conf +sudo chmod 644 $phpfpm_conf + +# Reload services +sudo service php5-fpm restart || true +sudo service nginx reload || true diff --git a/sources/composer.json-dist b/sources/composer.json-dist new file mode 100644 index 0000000..6b687b5 --- /dev/null +++ b/sources/composer.json-dist @@ -0,0 +1,24 @@ +{ + "name": "roundcube/roundcubemail", + "description": "The Roundcube Webmail suite", + "license": "GPL-3.0+", + "repositories": [ + { + "type": "composer", + "url": "https://plugins.roundcube.net/" + } + ], + "require": { + "php": ">=5.3.7", + "pear-pear.php.net/auth_sasl": "~1.0.6", + "pear-pear.php.net/net_idna2": "~0.1.1", + "pear-pear.php.net/net_sieve": "~1.3.4", + "pear-pear.php.net/mail_mime": "~1.9.0", + "pear-pear.php.net/net_smtp": "~1.7.1", + "patchwork/utf8": "~1.2.3", + "roundcube/plugin-installer": "dev-master", + "pear-pear.php.net/net_ldap2": "~2.1.0", + "kolab/net_ldap3": "dev-master" + }, + "minimum-stability": "dev" +} diff --git a/sources/plugins/ldapAliasSync b/sources/plugins/ldapAliasSync new file mode 160000 index 0000000..addf1e8 --- /dev/null +++ b/sources/plugins/ldapAliasSync @@ -0,0 +1 @@ +Subproject commit addf1e870166a36e3abc8c2b5305315644a04532