From be08742653f1678addbf7dc4a612c1f7e94dbea5 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Thu, 14 Jul 2022 18:37:21 +0200 Subject: [PATCH 01/40] exclude oauth clients & app passwords from mailbox tfa --- data/web/inc/functions.inc.php | 38 +++++++++++++++++------------- data/web/inc/prerequisites.inc.php | 2 +- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 08963888..b2c5eee5 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -807,7 +807,7 @@ function verify_hash($hash, $password) { } return false; } -function check_login($user, $pass, $app_passwd_data = false) { +function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false) { global $pdo; global $redis; global $imap_server; @@ -938,19 +938,22 @@ function check_login($user, $pass, $app_passwd_data = false) { foreach ($rows as $row) { // verify password if (verify_hash($row['password'], $pass) !== false) { - // check for tfa authenticators - $authenticators = get_tfa($user); - if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { - $_SESSION['pending_mailcow_cc_username'] = $user; - $_SESSION['pending_mailcow_cc_role'] = "user"; - $_SESSION['pending_tfa_methods'] = $authenticators['additional']; - unset($_SESSION['ldelay']); - $_SESSION['return'][] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $user, '*'), - 'msg' => array('logged_in_as', $user) - ); - return "pending"; + + if ($app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true && !$skip_tfa){ + // check for tfa authenticators + $authenticators = get_tfa($user); + if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { + $_SESSION['pending_mailcow_cc_username'] = $user; + $_SESSION['pending_mailcow_cc_role'] = "user"; + $_SESSION['pending_tfa_methods'] = $authenticators['additional']; + unset($_SESSION['ldelay']); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $user, '*'), + 'msg' => array('logged_in_as', $user) + ); + return "pending"; + } } else { if ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) { $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV'; @@ -961,12 +964,13 @@ function check_login($user, $pass, $app_passwd_data = false) { ':username' => $user, ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']) )); + } elseif (!$skip_tfa) { + // Reactivate TFA if it was set to "deactivate TFA for next login" + $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user"); + $stmt->execute(array(':user' => $user)); } unset($_SESSION['ldelay']); - // Reactivate TFA if it was set to "deactivate TFA for next login" - $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user"); - $stmt->execute(array(':user' => $user)); return "user"; } } diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php index 2897444b..cb02ba16 100644 --- a/data/web/inc/prerequisites.inc.php +++ b/data/web/inc/prerequisites.inc.php @@ -131,7 +131,7 @@ class mailcowPdo extends OAuth2\Storage\Pdo { $this->config['user_table'] = 'mailbox'; } public function checkUserCredentials($username, $password) { - if (check_login($username, $password) == 'user') { + if (check_login($username, $password, false, true) == 'user') { return true; } return false; From 0342ae926c8c02b13f02ec5f711b9d4d81d29334 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Thu, 14 Jul 2022 18:55:35 +0200 Subject: [PATCH 02/40] exclude oauth clients & app passwords from mailbox tfa --- data/web/inc/functions.inc.php | 40 +++++++++++++++++----------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index b2c5eee5..f705af03 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -834,7 +834,7 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false) if (verify_hash($row['password'], $pass)) { // check for tfa authenticators $authenticators = get_tfa($user); - if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { + if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$skip_tfa) { // active tfa authenticators found, set pending user login $_SESSION['pending_mailcow_cc_username'] = $user; $_SESSION['pending_mailcow_cc_role'] = "admin"; @@ -873,7 +873,7 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false) if (verify_hash($row['password'], $pass) !== false) { // check for tfa authenticators $authenticators = get_tfa($user); - if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { + if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$skip_tfa) { $_SESSION['pending_mailcow_cc_username'] = $user; $_SESSION['pending_mailcow_cc_role'] = "domainadmin"; $_SESSION['pending_tfa_methods'] = $authenticators['additional']; @@ -954,25 +954,25 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false) ); return "pending"; } - } else { - if ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) { - $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV'; - $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)"); - $stmt->execute(array( - ':service' => $service, - ':app_id' => $row['app_passwd_id'], - ':username' => $user, - ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']) - )); - } elseif (!$skip_tfa) { - // Reactivate TFA if it was set to "deactivate TFA for next login" - $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user"); - $stmt->execute(array(':user' => $user)); - } - - unset($_SESSION['ldelay']); - return "user"; } + + if ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) { + $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV'; + $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)"); + $stmt->execute(array( + ':service' => $service, + ':app_id' => $row['app_passwd_id'], + ':username' => $user, + ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']) + )); + } elseif (!$skip_tfa) { + // Reactivate TFA if it was set to "deactivate TFA for next login" + $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user"); + $stmt->execute(array(':user' => $user)); + } + + unset($_SESSION['ldelay']); + return "user"; } } From 1ca566f670d31280b37378fb76b40338436a9866 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Fri, 15 Jul 2022 13:02:13 +0200 Subject: [PATCH 03/40] autoselect authenticator if only one exists --- data/web/css/build/008-mailcow.css | 1 + data/web/templates/base.twig | 51 ++++++++++++++++++++++++++++-- 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/data/web/css/build/008-mailcow.css b/data/web/css/build/008-mailcow.css index f557084f..b118ca01 100644 --- a/data/web/css/build/008-mailcow.css +++ b/data/web/css/build/008-mailcow.css @@ -269,6 +269,7 @@ code { padding: 10px; background: #fbfbfb; border: 1px solid #ededed; + min-height: 110px; } .tag-box { diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig index 37c27e21..482b4e24 100644 --- a/data/web/templates/base.twig +++ b/data/web/templates/base.twig @@ -182,13 +182,21 @@ function recursiveBase64StrToArrayBuffer(obj) { keyboard: false }); + // validate Yubi OTP tfa $("#pending_tfa_tab_yubi_otp").click(function(){ $(".totp-authenticator-selection").removeClass("active"); $(".webauthn-authenticator-selection").removeClass("active"); - $("#collapseTotpTFA").collapse('hide'); $("#collapseWebAuthnTFA").collapse('hide'); + + // select default if only one authenticator exists + if ($('.yubi-authenticator-selection').length == 1){ + $('.yubi-authenticator-selection').addClass("active"); + var id = $('.yubi-authenticator-selection').children('input').first().val(); + $("#yubi_selected_id").val(id); + $("#collapseYubiTFA").collapse('show'); + } }); $(".yubi-authenticator-selection").click(function(){ $(".yubi-authenticator-selection").removeClass("active"); @@ -198,14 +206,37 @@ function recursiveBase64StrToArrayBuffer(obj) { $("#yubi_selected_id").val(id); $("#collapseYubiTFA").collapse('show'); + $("#collapseYubiTFA").children('input[name="token"]').focus(); + }); + if ($('.yubi-authenticator-selection').length == 1 && + $('.webauthn-authenticator-selection').length == 0){ + + // select default if only one authenticator exists + $('.yubi-authenticator-selection').addClass("active"); + + var id = $('.yubi-authenticator-selection').children('input').first().val(); + $("#yubi_selected_id").val(id); + + $("#collapseYubiTFA").collapse('show'); + } + $('#collapseYubiTFA').on('shown.bs.collapse', function() { + // autofocus + setTimeout(function() { $("#collapseYubiTFA").find('input[name="token"]').focus(); }, 200); }); // validate Time based OTP tfa $("#pending_tfa_tab_totp").click(function(){ $(".yubi-authenticator-selection").removeClass("active"); $(".webauthn-authenticator-selection").removeClass("active"); - $("#collapseYubiTFA").collapse('hide'); $("#collapseWebAuthnTFA").collapse('hide'); + + // select default if only one authenticator exists + if ($('.totp-authenticator-selection').length == 1){ + $('.totp-authenticator-selection').addClass("active"); + var id = $('.totp-authenticator-selection').children('input').first().val(); + $("#totp_selected_id").val(id); + $("#collapseTotpTFA").collapse('show'); + } }); $(".totp-authenticator-selection").click(function(){ $(".totp-authenticator-selection").removeClass("active"); @@ -216,6 +247,22 @@ function recursiveBase64StrToArrayBuffer(obj) { $("#collapseTotpTFA").collapse('show'); }); + if ($('.totp-authenticator-selection').length == 1 && + $('.yubi-authenticator-selection').length == 0 && + $('.webauthn-authenticator-selection').length == 0){ + + // select default if only one authenticator exists + $('.totp-authenticator-selection').addClass("active"); + + var id = $('.totp-authenticator-selection').children('input').first().val(); + $("#totp_selected_id").val(id); + + $("#collapseTotpTFA").collapse('show'); + } + $('#collapseTotpTFA').on('shown.bs.collapse', function() { + // autofocus + setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 200); + }); // validate WebAuthn tfa $("#pending_tfa_tab_webauthn").click(function(){ $(".totp-authenticator-selection").removeClass("active"); From c8620a066d447ed6aaf6054b184fd16146574e5b Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Fri, 15 Jul 2022 16:45:28 +0200 Subject: [PATCH 04/40] yubi_otp undo authenticator selection --- data/web/inc/functions.inc.php | 9 +--- data/web/templates/base.twig | 60 ++++++--------------------- data/web/templates/modals/footer.twig | 15 +------ 3 files changed, 17 insertions(+), 67 deletions(-) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index f705af03..ca371303 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -1630,12 +1630,8 @@ function verify_tfa_login($username, $_data) { global $WebAuthn; if ($_data['tfa_method'] != 'u2f'){ - $stmt = $pdo->prepare("SELECT `authmech` FROM `tfa` - WHERE `username` = :username AND `id` = :id AND `active` = '1'"); - $stmt->execute(array(':username' => $username, ':id' => $_data['id'])); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - switch ($row["authmech"]) { + switch ($_data["tfa_method"]) { case "yubi_otp": if (!ctype_alnum($_data['token']) || strlen($_data['token']) != 44) { $_SESSION['return'][] = array( @@ -1649,10 +1645,9 @@ function verify_tfa_login($username, $_data) { $stmt = $pdo->prepare("SELECT `id`, `secret` FROM `tfa` WHERE `username` = :username AND `authmech` = 'yubi_otp' - AND `id` = :id AND `active` = '1' AND `secret` LIKE :modhex"); - $stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id, ':id' => $_data['id'])); + $stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id)); $row = $stmt->fetch(PDO::FETCH_ASSOC); $yubico_auth = explode(':', $row['secret']); $yubi = new Auth_Yubico($yubico_auth[0], $yubico_auth[1]); diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig index 482b4e24..770decde 100644 --- a/data/web/templates/base.twig +++ b/data/web/templates/base.twig @@ -183,51 +183,9 @@ function recursiveBase64StrToArrayBuffer(obj) { }); - // validate Yubi OTP tfa - $("#pending_tfa_tab_yubi_otp").click(function(){ - $(".totp-authenticator-selection").removeClass("active"); - $(".webauthn-authenticator-selection").removeClass("active"); - $("#collapseTotpTFA").collapse('hide'); - $("#collapseWebAuthnTFA").collapse('hide'); - - // select default if only one authenticator exists - if ($('.yubi-authenticator-selection').length == 1){ - $('.yubi-authenticator-selection').addClass("active"); - var id = $('.yubi-authenticator-selection').children('input').first().val(); - $("#yubi_selected_id").val(id); - $("#collapseYubiTFA").collapse('show'); - } - }); - $(".yubi-authenticator-selection").click(function(){ - $(".yubi-authenticator-selection").removeClass("active"); - $(this).addClass("active"); - - var id = $(this).children('input').first().val(); - $("#yubi_selected_id").val(id); - - $("#collapseYubiTFA").collapse('show'); - $("#collapseYubiTFA").children('input[name="token"]').focus(); - }); - if ($('.yubi-authenticator-selection').length == 1 && - $('.webauthn-authenticator-selection').length == 0){ - - // select default if only one authenticator exists - $('.yubi-authenticator-selection').addClass("active"); - - var id = $('.yubi-authenticator-selection').children('input').first().val(); - $("#yubi_selected_id").val(id); - - $("#collapseYubiTFA").collapse('show'); - } - $('#collapseYubiTFA').on('shown.bs.collapse', function() { - // autofocus - setTimeout(function() { $("#collapseYubiTFA").find('input[name="token"]').focus(); }, 200); - }); // validate Time based OTP tfa $("#pending_tfa_tab_totp").click(function(){ - $(".yubi-authenticator-selection").removeClass("active"); $(".webauthn-authenticator-selection").removeClass("active"); - $("#collapseYubiTFA").collapse('hide'); $("#collapseWebAuthnTFA").collapse('hide'); // select default if only one authenticator exists @@ -248,9 +206,9 @@ function recursiveBase64StrToArrayBuffer(obj) { $("#collapseTotpTFA").collapse('show'); }); if ($('.totp-authenticator-selection').length == 1 && - $('.yubi-authenticator-selection').length == 0 && + $('#pending_tfa_tab_yubi_otp').length == 0 && $('.webauthn-authenticator-selection').length == 0){ - + // select default if only one authenticator exists $('.totp-authenticator-selection').addClass("active"); @@ -258,18 +216,26 @@ function recursiveBase64StrToArrayBuffer(obj) { $("#totp_selected_id").val(id); $("#collapseTotpTFA").collapse('show'); + setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 1000); } - $('#collapseTotpTFA').on('shown.bs.collapse', function() { + $('#pending_tfa_tab_totp').on('shown.bs.tab', function() { // autofocus setTimeout(function() { $("#collapseTotpTFA").find('input[name="token"]').focus(); }, 200); + }); + // validate Yubi OTP tfa + if ($('.webauthn-authenticator-selection').length == 0){ + // autofocus + setTimeout(function() { $("#collapseYubiTFA").find('input[name="token"]').focus(); }, 1000); + } + $('#pending_tfa_tab_yubi_otp').on('shown.bs.tab', function() { + // autofocus + $("#collapseYubiTFA").find('input[name="token"]').focus(); }); // validate WebAuthn tfa $("#pending_tfa_tab_webauthn").click(function(){ $(".totp-authenticator-selection").removeClass("active"); - $(".yubi-authenticator-selection").removeClass("active"); $("#collapseTotpTFA").collapse('hide'); - $("#collapseYubiTFA").collapse('hide'); }); $(".webauthn-authenticator-selection").click(function(){ $(".webauthn-authenticator-selection").removeClass("active"); diff --git a/data/web/templates/modals/footer.twig b/data/web/templates/modals/footer.twig index 67cc3482..52e89e00 100644 --- a/data/web/templates/modals/footer.twig +++ b/data/web/templates/modals/footer.twig @@ -206,20 +206,9 @@
- Authenticators + Authenticate -
- {% for authenticator in pending_tfa_methods %} - {% if authenticator["authmech"] == "yubi_otp" %} - - - {{ authenticator["key_id"] }} - - - {% endif %} - {% endfor %} -
-
+
Yubicon Icon From 9b32151ab50acaa3923fe106ba02f041950eb9d7 Mon Sep 17 00:00:00 2001 From: Peter Date: Tue, 2 Aug 2022 19:04:05 +0200 Subject: [PATCH 05/40] [GH-Actions][stale] Update to v5.1.1 --- .github/workflows/close_old_issues_and_prs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/close_old_issues_and_prs.yml b/.github/workflows/close_old_issues_and_prs.yml index 93472049..58cfdccd 100644 --- a/.github/workflows/close_old_issues_and_prs.yml +++ b/.github/workflows/close_old_issues_and_prs.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write steps: - name: Mark/Close Stale Issues and Pull Requests 🗑️ - uses: actions/stale@v5.1.0 + uses: actions/stale@v5.1.1 with: repo-token: ${{ secrets.STALE_ACTION_PAT }} days-before-stale: 60 From 4322c98f730756cdb28ea1750e6f9a7ec6ea5a70 Mon Sep 17 00:00:00 2001 From: Niklas Meyer Date: Fri, 5 Aug 2022 14:12:25 +0200 Subject: [PATCH 06/40] [UI] Moved PWChange Button for users back to original place --- data/web/templates/user/tab-user-auth.twig | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/data/web/templates/user/tab-user-auth.twig b/data/web/templates/user/tab-user-auth.twig index 675c22e1..7596a036 100644 --- a/data/web/templates/user/tab-user-auth.twig +++ b/data/web/templates/user/tab-user-auth.twig @@ -18,10 +18,6 @@ {{ lang.user.open_webmail_sso }} {% endif %} -
@@ -47,6 +43,8 @@

{{ mailboxdata.quota_used|formatBytes(2) }} / {% if mailboxdata.quota == 0 %}∞{% else %}{{ mailboxdata.quota|formatBytes(2) }}{% endif %}
{{ mailboxdata.messages }} {{ lang.user.messages }}

+
+

{{ lang.user.change_password }}

From 65eddee63e2d4bd640b41d5e3a47aa0c145a4919 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 17 Aug 2022 14:39:12 +0200 Subject: [PATCH 07/40] New variable for mailcow.conf in generate_config.sh --- generate_config.sh | 56 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 9 deletions(-) diff --git a/generate_config.sh b/generate_config.sh index de285178..0befa2ef 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -16,19 +16,49 @@ if [[ "$(uname -r)" =~ ^4\.4\. ]]; then fi fi -if grep --help 2>&1 | grep -q -i "busybox"; then - echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\"" - exit 1 -fi -if cp --help 2>&1 | grep -q -i "busybox"; then - echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\"" - exit 1 -fi +if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi +# This will also cover sort +if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi +if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi -for bin in openssl curl docker docker-compose git awk sha1sum; do +for bin in openssl curl docker git awk sha1sum; do if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi done +if docker compose > /dev/null 2>&1; then + if docker compose version --short | grep "^2." > /dev/null 2>&1; then + COMPOSE_VERSION=native + echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m" + echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m" + sleep 2 + echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m" + else + echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" + echo -e "\e[31mPlease update it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + exit 1 + fi +elif docker-compose > /dev/null 2>&1; then + if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then + if docker-compose version --short | grep "^2." > /dev/null 2>&1; then + COMPOSE_VERSION=standalone + echo -e "\e[31mFound Docker Compose Standalone.\e[0m" + echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m" + sleep 2 + echo -e "\e[33mNotice: You´ll have to update this Compose Version manually! Please see: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + else + echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" + echo -e "\e[31mPlease update manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + exit 1 + fi + fi + +else + echo -e "\e[31mCannot find Docker Compose.\e[0m" + echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + exit 1 +fi + + if [ -f mailcow.conf ]; then read -r -p "A config file exists and will be overwritten, are you sure you want to continue? [y/N] " response case $response in @@ -105,6 +135,8 @@ else SKIP_SOLR=n fi +if [] + [ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc cat << EOF > mailcow.conf @@ -183,6 +215,12 @@ TZ=${MAILCOW_TZ} COMPOSE_PROJECT_NAME=mailcowdockerized +# Used Docker Compose version +# Switch here between native (compose plugin) and standalone +# For more informations take a look at the mailcow docs regarding the configuration options. + +DOCKER_COMPOSE_VERSION=${COMPOSE_VERSION} + # Set this to "allow" to enable the anyone pseudo user. Disabled by default. # When enabled, ACL can be created, that apply to "All authenticated users" # This should probably only be activated on mail hosts, that are used exclusivly by one organisation. From 55f810b23f75952f92048db028244f901135fcf9 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 17 Aug 2022 16:00:58 +0200 Subject: [PATCH 08/40] Implemented new compose check in update.sh --- generate_config.sh | 2 - update.sh | 182 +++++++++++++++++---------------------------- 2 files changed, 69 insertions(+), 115 deletions(-) diff --git a/generate_config.sh b/generate_config.sh index 0befa2ef..daefbd7e 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -135,8 +135,6 @@ else SKIP_SOLR=n fi -if [] - [ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc cat << EOF > mailcow.conf diff --git a/update.sh b/update.sh index 6659de55..a934a659 100755 --- a/update.sh +++ b/update.sh @@ -175,61 +175,6 @@ remove_obsolete_nginx_ports() { done } -update_compose(){ -if [[ ${NO_UPDATE_COMPOSE} == "y" ]]; then - echo -e "\e[33mNot fetching latest docker-compose, please check for updates manually!\e[0m" - return 0 -elif [[ -e /etc/alpine-release ]]; then - echo -e "\e[33mNot fetching latest docker-compose, because you are using Alpine Linux without glibc support. Please update docker-compose via apk!\e[0m" - return 0 -else - if [ ! $FORCE ]; then - read -r -p "Do you want to update your docker-compose Version? It will automatic upgrade your docker-compose installation (recommended)? [y/N] " updatecomposeresponse - if [[ ! "${updatecomposeresponse}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then - echo "OK, not updating docker-compose." - return 0 - fi - fi - echo -e "\e[32mFetching new docker-compose version...\e[0m" - echo -e "\e[32mTrying to determine GLIBC version...\e[0m" - if ldd --version > /dev/null; then - GLIBC_V=$(ldd --version | grep -E '(GLIBC|GNU libc)' | rev | cut -d ' ' -f1 | rev | cut -d '.' -f2) - if [ ! -z "${GLIBC_V}" ] && [ ${GLIBC_V} -gt 27 ]; then - DC_DL_SUFFIX= - else - DC_DL_SUFFIX=legacy - fi - else - DC_DL_SUFFIX=legacy - fi - sleep 1 - if [[ $(command -v pip 2>&1) && $(pip list --local 2>&1 | grep -v DEPRECATION | grep -c docker-compose) == 1 || $(command -v pip3 2>&1) && $(pip3 list --local 2>&1 | grep -v DEPRECATION | grep -c docker-compose) == 1 ]]; then - echo -e "\e[33mFound a docker-compose Version installed with pip!\e[0m" - echo -e "\e[31mPlease uninstall the pip Version of docker-compose since it doesn´t support Versions higher than 1.29.2.\e[0m" - sleep 2 - echo -e "\e[33mExiting...\e[0m" - exit 1 - #prevent breaking a working docker-compose installed with pip - elif [[ $(curl -sL -w "%{http_code}" https://www.servercow.de/docker-compose/latest.php?vers=${DC_DL_SUFFIX} -o /dev/null) == "200" ]]; then - LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php) - COMPOSE_VERSION=$(docker-compose version --short) - if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then - COMPOSE_PATH=$(command -v docker-compose) - if [[ -w ${COMPOSE_PATH} ]]; then - curl -#L https://github.com/docker/compose/releases/download/v${LATEST_COMPOSE}/docker-compose-$(uname -s)-$(uname -m) > $COMPOSE_PATH - chmod +x $COMPOSE_PATH - else - echo -e "\e[33mWARNING: $COMPOSE_PATH is not writable, but new version $LATEST_COMPOSE is available (installed: $COMPOSE_VERSION)\e[0m" - return 1 - fi - fi - else - echo -e "\e[33mCannot determine latest docker-compose version, skipping...\e[0m" - return 1 - fi -fi -} - ############## End Function Section ############## # Check permissions @@ -279,11 +224,47 @@ for bin in curl docker git awk sha1sum; do fi done -if [[ -z $(command -v docker-compose) ]]; then - echo -e "\e[31mCannot find docker-compose Standalone.\e[0m" - echo -e "\e[31mPlease install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" - sleep 3 - exit 1; +if ! grep "DOCKER_COMPOSE_VERSION=native" mailcow.conf > /dev/null 2>&1 && ! grep "DOCKER_COMPOSE_VERSION=standalone" mailcow.conf > /dev/null 2>&1; then + if docker compose > /dev/null 2>&1; then + if docker compose version --short | grep "^2." > /dev/null 2>&1; then + COMPOSE_VERSION=native + COMPOSE_COMMAND="docker compose" + echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m" + echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m" + sleep 2 + echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m" + else + echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" + echo -e "\e[31mPlease update it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + exit 1 + fi + elif docker-compose > /dev/null 2>&1; then + if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then + if docker-compose version --short | grep "^2." > /dev/null 2>&1; then + COMPOSE_VERSION=standalone + COMPOSE_COMMAND="docker-compose" + echo -e "\e[31mFound Docker Compose Standalone.\e[0m" + echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m" + sleep 2 + echo -e "\e[33mNotice: You´ll have to update this Compose Version manually! Please see: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + else + echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" + echo -e "\e[31mPlease update manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + exit 1 + fi + fi + + else + echo -e "\e[31mCannot find Docker Compose.\e[0m" + echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + exit 1 + fi + +elif cat mailcow.conf | grep "DOCKER_COMPOSE_VERSION=native" > /dev/null 2>&1; then + COMPOSE_COMMAND="docker compose" + +elif cat mailcow.conf | grep "DOCKER_COMPOSE_VERSION=standalone" > /dev/null 2>&1; then + COMPOSE_COMMAND="docker-compose" fi export LC_ALL=C @@ -328,33 +309,15 @@ while (($#)); do echo -e "\e[32mRunning in forced mode...\e[0m" FORCE=y ;; - --no-update-compose) - NO_UPDATE_COMPOSE=y - ;; - --update-compose) - LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php) - COMPOSE_VERSION=$(docker-compose version --short) - if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then - echo -e "\e[33mA new docker-compose Version is available: $LATEST_COMPOSE\e[0m" - echo -e "\e[33mYour Version is: $COMPOSE_VERSION\e[0m" - update_compose - echo -e "\e[32mYour docker-compose Version is now up to date!\e[0m" - else - echo -e "\e[32mYour docker-compose Version is up to date! Not updating it...\e[0m" - fi - exit 0 - ;; --skip-ping-check) SKIP_PING_CHECK=y ;; --help|-h) - echo './update.sh [-c|--check, --ours, --gc, --no-update-compose, --update-compose, --prefetch, --skip-start, --skip-ping-check, -f|--force, -h|--help] + echo './update.sh [-c|--check, --ours, --gc, --prefetch, --skip-start, --skip-ping-check, -f|--force, -h|--help] -c|--check - Check for updates and exit (exit codes => 0: update available, 3: no updates) --ours - Use merge strategy option "ours" to solve conflicts in favor of non-mailcow code (local changes over remote changes), not recommended! --gc - Run garbage collector to delete old image tags - --no-update-compose - Skip the docker-compose Updates during the mailcow Update process - --update-compose - Only run the docker-compose Update process (don´t updates your mailcow itself) --prefetch - Only prefetch new images and exit (useful to prepare updates) --skip-start - Do not start mailcow after update --skip-ping-check - Skip ICMP Check to public DNS resolvers (Use it only if you´ve blocked any ICMP Connections to your mailcow machine) @@ -365,19 +328,12 @@ while (($#)); do shift done -# Check if Docker-Compose is older then v2 before continuing -if ! docker-compose version --short | grep "^2." > /dev/null 2>&1; then - echo -e "\e[33mYour docker-compose Version is not up to date!\e[0m" - echo -e "\e[33mmailcow needs docker-compose > 2.X.X!\e[0m" - echo -e "\e[33mYour current installed Version: $(docker-compose version --short)\e[0m" - sleep 3 - update_compose - if [[ ! "${updatecomposeresponse}" =~ ^([yY][eE][sS]|[yY])+$ ]] && [[ ! ${FORCE} ]]; then - echo -e "\e[31mmailcow does not work with docker-compose < 2.X.X anymore!\e[0m" - echo -e "\e[31mPlease update your docker-compose manually, to run mailcow.\e[0m" - echo -e "\e[31mExiting...\e[0m" - exit 1 - fi +# Check if Docker Compose is older then v2 before continuing +if ! $COMPOSE_COMMAND version --short | grep "^2." > /dev/null 2>&1; then + echo -e "\e[33mYour Docker Compose Version is not up to date!\e[0m" + echo -e "\e[33mmailcow needs Docker Compose > 2.X.X!\e[0m" + echo -e "\e[33mYour current installed Version: $($COMPOSE_COMMAND version --short)\e[0m" + exit 1 fi [[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing"; exit 1;} @@ -386,7 +342,7 @@ source mailcow.conf DOTS=${MAILCOW_HOSTNAME//[^.]}; if [ ${#DOTS} -lt 2 ]; then echo "MAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is not a FQDN!" - echo "Please change it to a FQDN and run docker-compose down followed by docker-compose up -d" + echo "Please change it to a FQDN and run $COMPOSE_COMMAND down followed by $COMPOSE_COMMAND up -d" exit 1 fi @@ -413,6 +369,7 @@ CONFIG_ARRAY=( "SNAT_TO_SOURCE" "SNAT6_TO_SOURCE" "COMPOSE_PROJECT_NAME" + "DOCKER_COMPOSE_VERSION" "SQL_PORT" "API_KEY" "API_KEY_READ_ONLY" @@ -448,6 +405,15 @@ for option in ${CONFIG_ARRAY[@]}; do echo "Adding new option \"${option}\" to mailcow.conf" echo "COMPOSE_PROJECT_NAME=mailcowdockerized" >> mailcow.conf fi + elif [[ ${option} == "DOCKER_COMPOSE_VERSION" ]]; then + if ! grep -q ${option} mailcow.conf; then + echo "Adding new option \"${option}\" to mailcow.conf" + echo "# Used Docker Compose version" >> mailcow.conf + echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf + echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf + echo "" >> mailcow.conf + echo "DOCKER_COMPOSE_VERSION=${COMPOSE_VERSION}" >> mailcow.conf + fi elif [[ ${option} == "DOVEADM_PORT" ]]; then if ! grep -q ${option} mailcow.conf; then echo "Adding new option \"${option}\" to mailcow.conf" @@ -699,28 +665,18 @@ if [ ! $FORCE ]; then migrate_docker_nat fi -LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php) -COMPOSE_VERSION=$(docker-compose version --short) -if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then - echo -e "\e[33mA new docker-compose Version is available: $LATEST_COMPOSE\e[0m" - echo -e "\e[33mYour Version is: $COMPOSE_VERSION\e[0m" - update_compose -else - echo -e "\e[32mYour docker-compose Version is up to date! Not updating it...\e[0m" -fi - remove_obsolete_nginx_ports echo -e "\e[32mValidating docker-compose stack configuration...\e[0m" sed -i 's/HTTPS_BIND:-:/HTTPS_BIND:-/g' docker-compose.yml sed -i 's/HTTP_BIND:-:/HTTP_BIND:-/g' docker-compose.yml -if ! docker-compose config -q; then +if ! $COMPOSE_COMMAND config -q; then echo -e "\e[31m\nOh no, something went wrong. Please check the error message above.\e[0m" exit 1 fi echo -e "\e[32mChecking for conflicting bridges...\e[0m" -MAILCOW_BRIDGE=$(docker-compose config | grep -i com.docker.network.bridge.name | cut -d':' -f2) +MAILCOW_BRIDGE=$($COMPOSE_COMMAND config | grep -i com.docker.network.bridge.name | cut -d':' -f2) while read NAT_ID; do iptables -t nat -D POSTROUTING $NAT_ID done < <(iptables -L -vn -t nat --line-numbers | grep $IPV4_NETWORK | grep -E 'MASQUERADE.*all' | grep -v ${MAILCOW_BRIDGE} | cut -d' ' -f1) @@ -740,8 +696,8 @@ prefetch_images echo -e "\e[32mStopping mailcow...\e[0m" sleep 2 -MAILCOW_CONTAINERS=($(docker-compose ps -q)) -docker-compose down +MAILCOW_CONTAINERS=($($COMPOSE_COMMAND ps -q)) +$COMPOSE_COMMAND down echo -e "\e[32mChecking for remaining containers...\e[0m" sleep 2 for container in "${MAILCOW_CONTAINERS[@]}"; do @@ -778,13 +734,13 @@ elif [[ ${MERGE_RETURN} == 1 ]]; then elif [[ ${MERGE_RETURN} != 0 ]]; then echo -e "\e[31m\nOh no, something went wrong. Please check the error message above.\e[0m" echo - echo "Run docker-compose up -d to restart your stack without updates or try again after fixing the mentioned errors." + echo "Run $COMPOSE_COMMAND up -d to restart your stack without updates or try again after fixing the mentioned errors." exit 1 fi echo -e "\e[32mFetching new images, if any...\e[0m" sleep 2 -docker-compose pull +$COMPOSE_COMMAND pull # Fix missing SSL, does not overwrite existing files [[ ! -d data/assets/ssl ]] && mkdir -p data/assets/ssl @@ -796,7 +752,7 @@ if grep -q 'SYSCTL_IPV6_DISABLED=1' mailcow.conf; then echo '!! IMPORTANT !!' echo echo 'SYSCTL_IPV6_DISABLED was removed due to complications. IPv6 can be disabled by editing "docker-compose.yml" and setting "enable_ipv6: true" to "enable_ipv6: false".' - echo 'This setting will only be active after a complete shutdown of mailcow by running "docker-compose down" followed by "docker-compose up -d".' + echo 'This setting will only be active after a complete shutdown of mailcow by running $COMPOSE_COMMAND down followed by $COMPOSE_COMMAND up -d".' echo echo '!! IMPORTANT !!' echo @@ -839,11 +795,11 @@ else fi if [[ ${SKIP_START} == "y" ]]; then - echo -e "\e[33mNot starting mailcow, please run \"docker-compose up -d --remove-orphans\" to start mailcow.\e[0m" + echo -e "\e[33mNot starting mailcow, please run \"$COMPOSE_COMMAND up -d --remove-orphans\" to start mailcow.\e[0m" else echo -e "\e[32mStarting mailcow...\e[0m" sleep 2 - docker-compose up -d --remove-orphans + $COMPOSE_COMMAND up -d --remove-orphans fi echo -e "\e[32mCollecting garbage...\e[0m" @@ -858,4 +814,4 @@ fi # echo # git reflog --color=always | grep "Before update on " # echo -# echo "Use \"git reset --hard hash-on-the-left\" and run docker-compose up -d afterwards." \ No newline at end of file +# echo "Use \"git reset --hard hash-on-the-left\" and run $COMPOSE_COMMAND up -d afterwards." \ No newline at end of file From ad8b7f08944c05854d8d6bf87ae13cd7ecd92f5a Mon Sep 17 00:00:00 2001 From: andryyy Date: Thu, 18 Aug 2022 15:08:00 +0200 Subject: [PATCH 09/40] [Dovecot] Fixes broken sieve compiler in some rare cases when using replication --- data/Dockerfiles/dovecot/docker-entrypoint.sh | 8 ++++++++ data/conf/dovecot/dovecot.conf | 1 - docker-compose.yml | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh index 9ac2dc64..ac7aeb1d 100755 --- a/data/Dockerfiles/dovecot/docker-entrypoint.sh +++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh @@ -349,6 +349,14 @@ sievec /var/vmail/sieve/global_sieve_after.sieve sievec /usr/lib/dovecot/sieve/report-spam.sieve sievec /usr/lib/dovecot/sieve/report-ham.sieve +for file in /var/vmail/*/*/sieve/*.sieve ; do + if [[ "$file" == "/var/vmail/*/*/sieve/*.sieve" ]]; then + continue + fi + sievec "$file" "$(dirname "$file")/../.dovecot.svbin" + chown vmail:vmail "$(dirname "$file")/../.dovecot.svbin" +done + # Fix permissions chown root:root /etc/dovecot/sql/*.conf chown root:dovecot /etc/dovecot/sql/dovecot-dict-sql-sieve* /etc/dovecot/sql/dovecot-dict-sql-quota* /etc/dovecot/lua/passwd-verify.lua diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf index b7aca757..33a6e409 100644 --- a/data/conf/dovecot/dovecot.conf +++ b/data/conf/dovecot/dovecot.conf @@ -194,7 +194,6 @@ plugin { fts_solr = url=http://solr:8983/solr/dovecot-fts/ quota = dict:Userquota::proxy::sqlquota quota_rule2 = Trash:storage=+100%% - sieve = /var/vmail/sieve/%u.sieve sieve_plugins = sieve_imapsieve sieve_extprograms sieve_vacation_send_from_recipient = yes sieve_redirect_envelope_from = recipient diff --git a/docker-compose.yml b/docker-compose.yml index 91266e00..9d5f9473 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -215,7 +215,7 @@ services: - sogo dovecot-mailcow: - image: mailcow/dovecot:1.17 + image: mailcow/dovecot:1.18 depends_on: - mysql-mailcow dns: From 0dcfac8f15c4541c571e7558d7d9c317844e4d91 Mon Sep 17 00:00:00 2001 From: Peter Date: Thu, 18 Aug 2022 19:06:54 +0200 Subject: [PATCH 10/40] Update SOGo to 5.7.1 --- data/Dockerfiles/sogo/Dockerfile | 6 +++--- docker-compose.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile index 72f7d816..f08600ac 100644 --- a/data/Dockerfiles/sogo/Dockerfile +++ b/data/Dockerfiles/sogo/Dockerfile @@ -2,7 +2,7 @@ FROM debian:bullseye-slim LABEL maintainer "Andre Peters " ARG DEBIAN_FRONTEND=noninteractive -ARG SOGO_DEBIAN_REPOSITORY=http://packages.inverse.ca/SOGo/nightly/5/debian/ +ARG SOGO_DEBIAN_REPOSITORY=http://packages.sogo.nu/nightly/5/debian/ ENV LC_ALL C ENV GOSU_VERSION 1.14 @@ -30,7 +30,7 @@ RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \ && gosu nobody true \ && mkdir /usr/share/doc/sogo \ && touch /usr/share/doc/sogo/empty.sh \ - && apt-key adv --keyserver keyserver.ubuntu.com --recv-key 0x810273C4 \ + && apt-key adv --keyserver keys.openpgp.org --recv-key 74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9 \ && echo "deb ${SOGO_DEBIAN_REPOSITORY} bullseye bullseye" > /etc/apt/sources.list.d/sogo.list \ && apt-get update && apt-get install -y --no-install-recommends \ sogo \ @@ -52,4 +52,4 @@ RUN chmod +x /bootstrap-sogo.sh \ ENTRYPOINT ["/docker-entrypoint.sh"] -CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf +CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 9d5f9473..9fbfef59 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -168,7 +168,7 @@ services: - phpfpm sogo-mailcow: - image: mailcow/sogo:1.109 + image: mailcow/sogo:1.110 environment: - DBNAME=${DBNAME} - DBUSER=${DBUSER} From 1f3d9d4e1cdb4f20db607f555286b8dcbbda8993 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Fri, 19 Aug 2022 15:17:19 +0200 Subject: [PATCH 11/40] Implemented user choice compose in cold-standby --- helper-scripts/_cold-standby.sh | 56 ++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 19 deletions(-) diff --git a/helper-scripts/_cold-standby.sh b/helper-scripts/_cold-standby.sh index fadee6f6..0e8885a3 100755 --- a/helper-scripts/_cold-standby.sh +++ b/helper-scripts/_cold-standby.sh @@ -77,7 +77,7 @@ function preflight_local_checks() { exit 1 fi - for bin in rsync docker docker-compose grep cut; do + for bin in rsync docker grep cut; do if [[ -z $(which ${bin}) ]]; then >&2 echo -e "\e[31mCannot find ${bin} in local PATH, exiting...\e[0m" exit 1 @@ -111,7 +111,7 @@ function preflight_remote_checks() { exit 1 fi - for bin in rsync docker docker-compose; do + for bin in rsync docker; do if ! ssh -o StrictHostKeyChecking=no \ -i "${REMOTE_SSH_KEY}" \ ${REMOTE_SSH_HOST} \ @@ -121,17 +121,44 @@ function preflight_remote_checks() { exit 1 fi done + + ssh -o StrictHostKeyChecking=no \ + -i "${REMOTE_SSH_KEY}" \ + ${REMOTE_SSH_HOST} \ + -p ${REMOTE_SSH_PORT} \ + "bash -s" << "EOF" +if docker compose > /dev/null 2>&1; then + exit 0 +elif docker-compose version --short | grep "^2." > /dev/null 2>&1; then + exit 1 +else +exit 2 +fi +EOF + +if [ $? = 0 ]; then + COMPOSE_COMMAND="docker compose" + echo "DEBUG: Using native docker compose on remote" + +elif [ $? = 1 ]; then + COMPOSE_COMMAND="docker-compose" + echo "DEBUG: Using standalone docker compose on remote" + +else + echo -e "\e[31mCannot find any Docker Compose on remote, exiting...\e[0m" + exit 1 +fi } +SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) +source "${SCRIPT_DIR}/../mailcow.conf" +COMPOSE_FILE="${SCRIPT_DIR}/../docker-compose.yml" +CMPS_PRJ=$(echo ${COMPOSE_PROJECT_NAME} | tr -cd 'A-Za-z-_') +SQLIMAGE=$(grep -iEo '(mysql|mariadb)\:.+' "${COMPOSE_FILE}") + preflight_local_checks preflight_remote_checks -SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) -COMPOSE_FILE="${SCRIPT_DIR}/../docker-compose.yml" -source "${SCRIPT_DIR}/../mailcow.conf" -CMPS_PRJ=$(echo ${COMPOSE_PROJECT_NAME} | tr -cd 'A-Za-z-_') -SQLIMAGE=$(grep -iEo '(mysql|mariadb)\:.+' "${COMPOSE_FILE}") - echo echo -e "\033[1mFound compose project name ${CMPS_PRJ} for ${MAILCOW_HOSTNAME}\033[0m" echo -e "\033[1mFound SQL ${SQLIMAGE}\033[0m" @@ -258,7 +285,7 @@ echo "OK" -i "${REMOTE_SSH_KEY}" \ ${REMOTE_SSH_HOST} \ -p ${REMOTE_SSH_PORT} \ - docker-compose -f "${SCRIPT_DIR}/../docker-compose.yml" pull --no-parallel --quiet 2>&1 ; then + ${COMPOSE_COMMAND} -f "${SCRIPT_DIR}/../docker-compose.yml" pull --no-parallel --quiet 2>&1 ; then >&2 echo -e "\e[31m[ERR]\e[0m - Could not pull images on remote" fi @@ -271,13 +298,4 @@ if ! ssh -o StrictHostKeyChecking=no \ >&2 echo -e "\e[31m[ERR]\e[0m - Could not cleanup old images on remote" fi -echo -e "\033[1mExecuting update script and checking for new docker-compose Version on remote...\033[0m" -if ! ssh -o StrictHostKeyChecking=no \ - -i "${REMOTE_SSH_KEY}" \ - ${REMOTE_SSH_HOST} \ - -p ${REMOTE_SSH_PORT} \ - ${SCRIPT_DIR}/../update.sh -f --update-compose ; then - >&2 echo -e "\e[31m[ERR]\e[0m - Could not fetch docker-compose on remote" -fi - -echo -e "\e[32mDone\e[0m" +echo -e "\e[32mDone\e[0m" \ No newline at end of file From 6708059227d3f4900b9a6365b91db11d8c78338e Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Fri, 19 Aug 2022 15:55:24 +0200 Subject: [PATCH 12/40] Moved compose check to top. Improved variable check. --- update.sh | 144 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 74 insertions(+), 70 deletions(-) diff --git a/update.sh b/update.sh index a934a659..812d8d11 100755 --- a/update.sh +++ b/update.sh @@ -175,6 +175,51 @@ remove_obsolete_nginx_ports() { done } +detect_docker_compose_command(){ +if ! [ "${DOCKER_COMPOSE_VERSION}" == "native" ] && ! [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then + if docker compose > /dev/null 2>&1; then + if docker compose version --short | grep "^2." > /dev/null 2>&1; then + DOCKER_COMPOSE_VERSION=native + COMPOSE_COMMAND="docker compose" + echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m" + echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m" + sleep 2 + echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m" + else + echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" + echo -e "\e[31mPlease update it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + exit 1 + fi + elif docker-compose > /dev/null 2>&1; then + if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then + if docker-compose version --short | grep "^2." > /dev/null 2>&1; then + DOCKER_COMPOSE_VERSION=standalone + COMPOSE_COMMAND="docker-compose" + echo -e "\e[31mFound Docker Compose Standalone.\e[0m" + echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m" + sleep 2 + echo -e "\e[33mNotice: You´ll have to update this Compose Version manually! Please see: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + else + echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" + echo -e "\e[31mPlease update manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + exit 1 + fi + fi + + else + echo -e "\e[31mCannot find Docker Compose.\e[0m" + echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + exit 1 + fi + +elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then + COMPOSE_COMMAND="docker compose" + +elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then + COMPOSE_COMMAND="docker-compose" +fi +} + ############## End Function Section ############## # Check permissions @@ -217,6 +262,10 @@ PATH=$PATH:/opt/bin umask 0022 +# Unset COMPOSE_COMMAND and DOCKER_COMPOSE_VERSION Variable to be on the newest state. +unset COMPOSE_COMMAND +unset DOCKER_COMPOSE_VERSION + for bin in curl docker git awk sha1sum; do if [[ -z $(command -v ${bin}) ]]; then echo "Cannot find ${bin}, exiting..." @@ -224,49 +273,6 @@ for bin in curl docker git awk sha1sum; do fi done -if ! grep "DOCKER_COMPOSE_VERSION=native" mailcow.conf > /dev/null 2>&1 && ! grep "DOCKER_COMPOSE_VERSION=standalone" mailcow.conf > /dev/null 2>&1; then - if docker compose > /dev/null 2>&1; then - if docker compose version --short | grep "^2." > /dev/null 2>&1; then - COMPOSE_VERSION=native - COMPOSE_COMMAND="docker compose" - echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m" - echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m" - sleep 2 - echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m" - else - echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" - echo -e "\e[31mPlease update it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" - exit 1 - fi - elif docker-compose > /dev/null 2>&1; then - if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then - if docker-compose version --short | grep "^2." > /dev/null 2>&1; then - COMPOSE_VERSION=standalone - COMPOSE_COMMAND="docker-compose" - echo -e "\e[31mFound Docker Compose Standalone.\e[0m" - echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m" - sleep 2 - echo -e "\e[33mNotice: You´ll have to update this Compose Version manually! Please see: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" - else - echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" - echo -e "\e[31mPlease update manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" - exit 1 - fi - fi - - else - echo -e "\e[31mCannot find Docker Compose.\e[0m" - echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" - exit 1 - fi - -elif cat mailcow.conf | grep "DOCKER_COMPOSE_VERSION=native" > /dev/null 2>&1; then - COMPOSE_COMMAND="docker compose" - -elif cat mailcow.conf | grep "DOCKER_COMPOSE_VERSION=standalone" > /dev/null 2>&1; then - COMPOSE_COMMAND="docker-compose" -fi - export LC_ALL=C DATE=$(date +%Y-%m-%d_%H_%M_%S) BRANCH=$(cd ${SCRIPT_DIR}; git rev-parse --abbrev-ref HEAD) @@ -328,15 +334,7 @@ while (($#)); do shift done -# Check if Docker Compose is older then v2 before continuing -if ! $COMPOSE_COMMAND version --short | grep "^2." > /dev/null 2>&1; then - echo -e "\e[33mYour Docker Compose Version is not up to date!\e[0m" - echo -e "\e[33mmailcow needs Docker Compose > 2.X.X!\e[0m" - echo -e "\e[33mYour current installed Version: $($COMPOSE_COMMAND version --short)\e[0m" - exit 1 -fi - -[[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing"; exit 1;} +[[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing! Is mailcow installed?"; exit 1;} chmod 600 mailcow.conf source mailcow.conf DOTS=${MAILCOW_HOSTNAME//[^.]}; @@ -346,11 +344,21 @@ if [ ${#DOTS} -lt 2 ]; then exit 1 fi +detect_docker_compose_command + if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi # This will also cover sort if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi +# Check if Docker Compose is older then v2 before continuing +if ! $COMPOSE_COMMAND version --short | grep "^2." > /dev/null 2>&1; then + echo -e "\e[33mYour Docker Compose Version is not up to date!\e[0m" + echo -e "\e[33mmailcow needs Docker Compose > 2.X.X!\e[0m" + echo -e "\e[33mYour current installed Version: $($COMPOSE_COMMAND version --short)\e[0m" + exit 1 +fi + CONFIG_ARRAY=( "SKIP_LETS_ENCRYPT" "SKIP_SOGO" @@ -412,7 +420,7 @@ for option in ${CONFIG_ARRAY[@]}; do echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf echo "" >> mailcow.conf - echo "DOCKER_COMPOSE_VERSION=${COMPOSE_VERSION}" >> mailcow.conf + echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf fi elif [[ ${option} == "DOVEADM_PORT" ]]; then if ! grep -q ${option} mailcow.conf; then @@ -638,23 +646,16 @@ else fi fi -echo -e "\e[32mChecking for newer update script...\e[0m" -SHA1_1=$(sha1sum update.sh) -git fetch origin #${BRANCH} -git checkout origin/${BRANCH} update.sh -SHA1_2=$(sha1sum update.sh) -if [[ ${SHA1_1} != ${SHA1_2} ]]; then - echo "update.sh changed, please run this script again, exiting." - chmod +x update.sh - exit 2 -fi - -if [[ -f mailcow.conf ]]; then - source mailcow.conf -else - echo -e "\e[31mNo mailcow.conf - is mailcow installed?\e[0m" - exit 1 -fi +# echo -e "\e[32mChecking for newer update script...\e[0m" +# SHA1_1=$(sha1sum update.sh) +# git fetch origin #${BRANCH} +# git checkout origin/${BRANCH} update.sh +# SHA1_2=$(sha1sum update.sh) +# if [[ ${SHA1_1} != ${SHA1_2} ]]; then +# echo "update.sh changed, please run this script again, exiting." +# chmod +x update.sh +# exit 2 +# fi if [ ! $FORCE ]; then read -r -p "Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N] " response @@ -794,6 +795,9 @@ else echo -e "\e[33mCannot determine current git repository version...\e[0m" fi +# Set DOCKER_COMPOSE_VERSION +sed -i 's/^DOCKER_COMPOSE_VERSION=$/DOCKER_COMPOSE_VERSION='$DOCKER_COMPOSE_VERSION'/g' mailcow.conf + if [[ ${SKIP_START} == "y" ]]; then echo -e "\e[33mNot starting mailcow, please run \"$COMPOSE_COMMAND up -d --remove-orphans\" to start mailcow.\e[0m" else From 925b2209058c29a7c5bc5c86c27296826a3670d8 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Mon, 22 Aug 2022 10:24:38 +0200 Subject: [PATCH 13/40] Compose Version detection implemented in Backup script --- helper-scripts/backup_and_restore.sh | 20 ++++++++++++++++---- update.sh | 20 ++++++++++---------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh index 506420b4..6781600f 100755 --- a/helper-scripts/backup_and_restore.sh +++ b/helper-scripts/backup_and_restore.sh @@ -160,12 +160,24 @@ function backup() { } function restore() { - for bin in docker docker-compose; do + for bin in docker; do if [[ -z $(which ${bin}) ]]; then >&2 echo -e "\e[31mCannot find ${bin} in local PATH, exiting...\e[0m" exit 1 fi - done + done + + if [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then + COMPOSE_COMMAND="docker compose" + + elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then + COMPOSE_COMMAND="docker-compose" + + else + echo -e "\e[31mCan not read DOCKER_COMPOSE_VERSION variable from mailcow.conf! Is your mailcow up to date? Exiting...\e[0m" + exit 1 + fi + echo echo "Stopping watchdog-mailcow..." docker stop $(docker ps -qf name=watchdog-mailcow) @@ -244,7 +256,7 @@ function restore() { continue else echo "Stopping mailcow..." - docker-compose -f ${COMPOSE_FILE} --env-file ${ENV_FILE} down + ${COMPOSE_COMMAND} -f ${COMPOSE_FILE} --env-file ${ENV_FILE} down fi #docker stop $(docker ps -qf name=mysql-mailcow) if [[ -d "${RESTORE_LOCATION}/mysql" ]]; then @@ -282,7 +294,7 @@ function restore() { sed -i --follow-symlinks "/DBROOT/c\DBROOT=${DBROOT}" ${SCRIPT_DIR}/../mailcow.conf source ${SCRIPT_DIR}/../mailcow.conf echo "Starting mailcow..." - docker-compose -f ${COMPOSE_FILE} --env-file ${ENV_FILE} up -d + ${COMPOSE_COMMAND} -f ${COMPOSE_FILE} --env-file ${ENV_FILE} up -d #docker start $(docker ps -aqf name=mysql-mailcow) fi ;; diff --git a/update.sh b/update.sh index 812d8d11..4f4cb354 100755 --- a/update.sh +++ b/update.sh @@ -646,16 +646,16 @@ else fi fi -# echo -e "\e[32mChecking for newer update script...\e[0m" -# SHA1_1=$(sha1sum update.sh) -# git fetch origin #${BRANCH} -# git checkout origin/${BRANCH} update.sh -# SHA1_2=$(sha1sum update.sh) -# if [[ ${SHA1_1} != ${SHA1_2} ]]; then -# echo "update.sh changed, please run this script again, exiting." -# chmod +x update.sh -# exit 2 -# fi +echo -e "\e[32mChecking for newer update script...\e[0m" +SHA1_1=$(sha1sum update.sh) +git fetch origin #${BRANCH} +git checkout origin/${BRANCH} update.sh +SHA1_2=$(sha1sum update.sh) +if [[ ${SHA1_1} != ${SHA1_2} ]]; then + echo "update.sh changed, please run this script again, exiting." + chmod +x update.sh + exit 2 +fi if [ ! $FORCE ]; then read -r -p "Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N] " response From 047c4aa3a02743cd4747bc2826c10dedddab5367 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Mon, 22 Aug 2022 15:44:01 +0200 Subject: [PATCH 14/40] Added seperate update_compose Script + some Improvements --- generate_config.sh | 2 + helper-scripts/update_compose.sh | 70 ++++++++++++++++++++++++++++++++ update.sh | 2 + 3 files changed, 74 insertions(+) create mode 100755 helper-scripts/update_compose.sh diff --git a/generate_config.sh b/generate_config.sh index daefbd7e..33a7b1e1 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -216,6 +216,8 @@ COMPOSE_PROJECT_NAME=mailcowdockerized # Used Docker Compose version # Switch here between native (compose plugin) and standalone # For more informations take a look at the mailcow docs regarding the configuration options. +# Normally this should be untouched but if you decided to use either of those you can switch it manually here. +# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail. DOCKER_COMPOSE_VERSION=${COMPOSE_VERSION} diff --git a/helper-scripts/update_compose.sh b/helper-scripts/update_compose.sh new file mode 100755 index 00000000..c58eabea --- /dev/null +++ b/helper-scripts/update_compose.sh @@ -0,0 +1,70 @@ +#!/bin/bash +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +source ${SCRIPT_DIR}/../mailcow.conf + +if [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then +LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php) +COMPOSE_VERSION=$(docker-compose version --short) +if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then + echo -e "\e[33mA new docker-compose Version is available: $LATEST_COMPOSE\e[0m" + echo -e "\e[33mYour Version is: $COMPOSE_VERSION\e[0m" +else + echo -e "\e[32mYour docker-compose Version is up to date! Not updating it...\e[0m" + exit 0 +fi +read -r -p "Do you want to update your docker-compose Version? It will automatic upgrade your docker-compose installation (recommended)? [y/N] " updatecomposeresponse + if [[ ! "${updatecomposeresponse}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then + echo "OK, not updating docker-compose." + exit 0 + fi +echo -e "\e[32mFetching new docker-compose (standalone) version...\e[0m" +echo -e "\e[32mTrying to determine GLIBC version...\e[0m" + if ldd --version > /dev/null; then + GLIBC_V=$(ldd --version | grep -E '(GLIBC|GNU libc)' | rev | cut -d ' ' -f1 | rev | cut -d '.' -f2) + if [ ! -z "${GLIBC_V}" ] && [ ${GLIBC_V} -gt 27 ]; then + DC_DL_SUFFIX= + else + DC_DL_SUFFIX=legacy + fi + else + DC_DL_SUFFIX=legacy + fi + sleep 1 + if [[ $(command -v pip 2>&1) && $(pip list --local 2>&1 | grep -v DEPRECATION | grep -c docker-compose) == 1 || $(command -v pip3 2>&1) && $(pip3 list --local 2>&1 | grep -v DEPRECATION | grep -c docker-compose) == 1 ]]; then + echo -e "\e[33mFound a docker-compose Version installed with pip!\e[0m" + echo -e "\e[31mPlease uninstall the pip Version of docker-compose since it doesn´t support Versions higher than 1.29.2.\e[0m" + sleep 2 + echo -e "\e[33mExiting...\e[0m" + exit 1 + #prevent breaking a working docker-compose installed with pip + elif [[ $(curl -sL -w "%{http_code}" https://www.servercow.de/docker-compose/latest.php?vers=${DC_DL_SUFFIX} -o /dev/null) == "200" ]]; then + LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php) + COMPOSE_VERSION=$(docker-compose version --short) + if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then + COMPOSE_PATH=$(command -v docker-compose) + if [[ -w ${COMPOSE_PATH} ]]; then + curl -#L https://github.com/docker/compose/releases/download/v${LATEST_COMPOSE}/docker-compose-$(uname -s)-$(uname -m) > $COMPOSE_PATH + chmod +x $COMPOSE_PATH + echo -e "\e[32mYour Docker Compose (standalone) has been updated to: $LATEST_COMPOSE\e[0m" + exit 0 + else + echo -e "\e[33mWARNING: $COMPOSE_PATH is not writable, but new version $LATEST_COMPOSE is available (installed: $COMPOSE_VERSION)\e[0m" + return 1 + fi + fi + else + echo -e "\e[33mCannot determine latest docker-compose version, skipping...\e[0m" + exit 1 + fi + +elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then + echo -e "\e[31mYou are using the native Docker Compose Plugin. This Script is for the standalone Docker Compose Version only.\e[0m" + sleep 2 + echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m" + exit 1 + +else + echo -e "\e[31mCan not read DOCKER_COMPOSE_VERSION variable from mailcow.conf! Is your mailcow up to date? Exiting...\e[0m" + exit 1 +fi \ No newline at end of file diff --git a/update.sh b/update.sh index 4f4cb354..43ebcf07 100755 --- a/update.sh +++ b/update.sh @@ -419,6 +419,8 @@ for option in ${CONFIG_ARRAY[@]}; do echo "# Used Docker Compose version" >> mailcow.conf echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf + echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf + echo "# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail." >> mailcow.conf echo "" >> mailcow.conf echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf fi From 4f380debb5a1b4e0079dde717ed3c6a455629b43 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Tue, 23 Aug 2022 11:38:06 +0200 Subject: [PATCH 15/40] Added branch switch in generate_config.sh --- generate_config.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/generate_config.sh b/generate_config.sh index 33a7b1e1..1ae76b21 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -135,6 +135,25 @@ else SKIP_SOLR=n fi +echo "Which branch of mailcow do you want to use?" +echo "" +echo "Available Branches:" +echo "- master branch (stable updates) | default, recommended [1]" +echo "- nightly branch (unstable updates, testing) | not-production ready [2]" +sleep 1 +read -r -p "Choose the Branch with it´s number [1/2] " branch + case $branch in + [2]) + git_branch="nightly" + ;; + *) + git_branch="master" + ;; + esac + +git fetch --all +git checkout -f $git_branch + [ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc cat << EOF > mailcow.conf @@ -413,4 +432,4 @@ else echo ' $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php echo '?>' >> data/web/inc/app_info.inc.php echo -e "\e[33mCannot determine current git repository version...\e[0m" -fi +fi \ No newline at end of file From b16b276f369a820d8c2cd2a7f9abb927ef3606d9 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Tue, 23 Aug 2022 14:04:40 +0200 Subject: [PATCH 16/40] Implement nightly/stable switch in update.sh --- update.sh | 127 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 120 insertions(+), 7 deletions(-) diff --git a/update.sh b/update.sh index 43ebcf07..7d47b3cc 100755 --- a/update.sh +++ b/update.sh @@ -301,11 +301,22 @@ while (($#)); do --skip-start) SKIP_START=y ;; + --skip-ping-check) + SKIP_PING_CHECK=y + ;; + --stable) + CURRENT_BRANCH="$(cd ${SCRIPT_DIR}; git rev-parse --abbrev-ref HEAD)" + NEW_BRANCH="master" + ;; --gc) echo -e "\e[32mCollecting garbage...\e[0m" docker_garbage exit 0 ;; + --nightly) + CURRENT_BRANCH="$(cd ${SCRIPT_DIR}; git rev-parse --abbrev-ref HEAD)" + NEW_BRANCH="nightly" + ;; --prefetch) echo -e "\e[32mPrefetching images...\e[0m" prefetch_images @@ -315,18 +326,17 @@ while (($#)); do echo -e "\e[32mRunning in forced mode...\e[0m" FORCE=y ;; - --skip-ping-check) - SKIP_PING_CHECK=y - ;; --help|-h) - echo './update.sh [-c|--check, --ours, --gc, --prefetch, --skip-start, --skip-ping-check, -f|--force, -h|--help] + echo './update.sh [-c|--check, --ours, --gc, --nightly, --prefetch, --skip-start, --skip-ping-check, --stable, -f|--force, -h|--help] -c|--check - Check for updates and exit (exit codes => 0: update available, 3: no updates) --ours - Use merge strategy option "ours" to solve conflicts in favor of non-mailcow code (local changes over remote changes), not recommended! --gc - Run garbage collector to delete old image tags + --nightly - Switch your mailcow updates to the unstable (nightly) branch. FOR TESTING PURPOSES ONLY!!!! --prefetch - Only prefetch new images and exit (useful to prepare updates) --skip-start - Do not start mailcow after update --skip-ping-check - Skip ICMP Check to public DNS resolvers (Use it only if you´ve blocked any ICMP Connections to your mailcow machine) + --stable - Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly. -f|--force - Force update, do not ask questions ' exit 1 @@ -648,6 +658,84 @@ else fi fi +if [ $NEW_BRANCH != "master" ] || [ $NEW_BRANCH != "nightly"] + echo -e "\e[33mDetecting which build your mailcow runs on...\e[0m" + sleep 1 + if [ ${BRANCH} == "master" ]; then + echo -e "\e[32mYou are receiving stable updates (master).\e[0m" + echo -e "\e[33mTo change that run the update.sh Script one time with the --nightly parameter to switch to nightly builds.\e[0m" + + elif [ ${BRANCH} == "nightly" ]; then + echo -e "\e[31mYou are receiving unstable updates (nightly). These are for testing purposes only!!!\e[0m" + sleep 1 + echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m" + + else + echo -e "\e[33mYou are receiving updates from a unsupported branch.\e[0m" + sleep 1 + echo -e "\e[33mThe mailcow stack might still work but it is recommended to switch to the master branch (stable builds).\e[0m" + echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m" + fi +elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ] + echo -e "\e[33mYou are about to switch your mailcow Updates to the stable (master) branch.\e[0m" + sleep 1 + echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no Data is lost...\e[0m" + sleep 1 + echo -e "\e[31mWARNING: Please see on GitHub or ask in the communitys if a switch to master is stable or not. + In some rear cases a Update back to master can destroy your mailcow configuration in case of Database Upgrades etc. + Normally a upgrade back to master should be safe during each full release. Check GitHub for Database Changes and Update only if there similar to the full release!\e[0m" + read -r -p "Are you sure you that want to continue upgrading to the stable (master) branch? [y/N] " response + if [[ ! "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then + echo "OK. If you prepared yourself for that please run the update.sh Script with the --stable parameter again to trigger this process here." + exit 0 + fi + + BRANCH = NEW_BRANCH + DIFF_DIRECTORY=update_diffs + DIFF_FILE=${DIFF_DIRECTORY}/diff_before_upgrade_to_master_$(date +"%Y-%m-%d-%H-%M-%S") + mv diff_before_upgrade* ${DIFF_DIRECTORY}/ 2> /dev/null + if ! git diff-index --quiet HEAD; then + echo -e "\e[32mSaving diff to ${DIFF_FILE}...\e[0m" + mkdir -p ${DIFF_DIRECTORY} + git diff ${BRANCH} --stat > ${DIFF_FILE} + git diff ${BRANCH} >> ${DIFF_FILE} + fi + echo -e "\e[32mSwitching Branch to ${BRANCH}...\e[0m" + git fetch origin --all + git checkout -f origin/${BRANCH} + +elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ] + echo -e "\e[33mYou are about to switch your mailcow Updates to the unstable (nightly) branch.\e[0m" + sleep 1 + echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no Data is lost...\e[0m" + sleep 1 + echo -e "\e[31mWARNING: A switch to nightly is possible any time. But a switch back (to master) not.\e[0m" + read -r -p "Are you sure you that want to continue upgrading to the unstable (nightly) branch? [y/N] " response + if [[ ! "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then + echo "OK. If you prepared yourself for that please run the update.sh Script with the --nightly parameter again to trigger this process here." + exit 0 + fi + + BRANCH = NEW_BRANCH + DIFF_DIRECTORY=update_diffs + DIFF_FILE=${DIFF_DIRECTORY}/diff_before_upgrade_to_nightly_$(date +"%Y-%m-%d-%H-%M-%S") + mv diff_before_upgrade* ${DIFF_DIRECTORY}/ 2> /dev/null + if ! git diff-index --quiet HEAD; then + echo -e "\e[32mSaving diff to ${DIFF_FILE}...\e[0m" + mkdir -p ${DIFF_DIRECTORY} + git diff ${BRANCH} --stat > ${DIFF_FILE} + git diff ${BRANCH} >> ${DIFF_FILE} + fi + + git fetch origin --all + git checkout -f origin/${BRANCH} + +elif [ $FORCE ]; then + echo -e "\e[31mYou are running in forced mode!\e[0m" + echo -e "\e[31mA Branch Switch can only be performed manually (monitored).\e[0m" + echo -e "\e[31mPlease rerun the update.sh Script without the --force/-f parameter.\e[0m" +fi + echo -e "\e[32mChecking for newer update script...\e[0m" SHA1_1=$(sha1sum update.sh) git fetch origin #${BRANCH} @@ -783,16 +871,41 @@ if [ -f "data/conf/rspamd/local.d/metrics.conf" ]; then fi # Set app_info.inc.php -mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`) +if [ ${BRANCH} == "master" ]; then + mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`) + mailcow_last_git_version="" +elif [ ${BRANCH} == "nightly" ]; then + mailcow_git_version=$(git rev-parse --short HEAD) +else + mailcow_git_version=$(git rev-parse --short HEAD) +fi + +mailcow_git_commit=$(git rev-parse HEAD) +mailcow_git_commit_date=$(git show -s --format=%cd --date=format:'%Y-%m-%d %H:%M') + if [ $? -eq 0 ]; then echo ' data/web/inc/app_info.inc.php echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_LAST_GIT_VERSION="";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_OWNER="mailcow";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_REPO="mailcow-dockerized";' >> data/web/inc/app_info.inc.php echo ' $MAILCOW_GIT_URL="https://github.com/mailcow/mailcow-dockerized";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_COMMIT="'$mailcow_git_commit'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_COMMIT_DATE="'$mailcow_git_commit_date'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_BRANCH="'$BRANCH'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php echo '?>' >> data/web/inc/app_info.inc.php else echo ' data/web/inc/app_info.inc.php - echo ' $MAILCOW_GIT_VERSION="";' >> data/web/inc/app_info.inc.php - echo ' $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_LAST_GIT_VERSION="";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_OWNER="mailcow";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_REPO="mailcow-dockerized";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_URL="https://github.com/mailcow/mailcow-dockerized";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_COMMIT="";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_COMMIT_DATE="";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_BRANCH="'$BRANCH'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php echo '?>' >> data/web/inc/app_info.inc.php echo -e "\e[33mCannot determine current git repository version...\e[0m" fi From 7a23e4fd4e02df90dd8ac0fe7968f47fda6839cf Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 12:12:41 +0200 Subject: [PATCH 17/40] Fix for Sieve error (due to IPv6 Comp from SOGo) --- data/Dockerfiles/dovecot/docker-entrypoint.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh index ac7aeb1d..801d422a 100755 --- a/data/Dockerfiles/dovecot/docker-entrypoint.sh +++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh @@ -307,11 +307,18 @@ namespace { } EOF +# Get SOGo IPv6 from Dig +SOGO_V6=$(dig +answer sogo AAAA +short) + cat < /etc/dovecot/sogo_trusted_ip.conf # Autogenerated by mailcow remote ${IPV4_NETWORK}.248 { disable_plaintext_auth = no } + +remote ${SOGO_V6} { + disable_plaintext_auth = no +} EOF # Create random master Password for SOGo SSO From 575eab1cf02d5ef75a86df4fd400d595dd14c113 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 12:26:14 +0200 Subject: [PATCH 18/40] Implemented Check if IPv6 is disabled --- data/Dockerfiles/dovecot/docker-entrypoint.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh index 801d422a..aa1aa0ae 100755 --- a/data/Dockerfiles/dovecot/docker-entrypoint.sh +++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh @@ -310,6 +310,7 @@ EOF # Get SOGo IPv6 from Dig SOGO_V6=$(dig +answer sogo AAAA +short) +if [ $SOGO_V6 ]; then cat < /etc/dovecot/sogo_trusted_ip.conf # Autogenerated by mailcow remote ${IPV4_NETWORK}.248 { @@ -321,6 +322,15 @@ remote ${SOGO_V6} { } EOF +else +cat < /etc/dovecot/sogo_trusted_ip.conf +# Autogenerated by mailcow +remote ${IPV4_NETWORK}.248 { + disable_plaintext_auth = no +} +EOF +fi + # Create random master Password for SOGo SSO RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1) echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass From a8eb3b6ac5b03238f04eb33f08fde1ec98c07729 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 14:31:32 +0200 Subject: [PATCH 19/40] Added nightly footer --- data/web/templates/base.twig | 13 ++++++++++--- update.sh | 3 ++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig index 37c27e21..ba0810a1 100644 --- a/data/web/templates/base.twig +++ b/data/web/templates/base.twig @@ -477,13 +477,20 @@ function recursiveBase64StrToArrayBuffer(obj) { {% if ui_texts.ui_footer %}
{{ ui_texts.ui_footer|rot13|raw }} {% endif %} - {% if mailcow_cc_username and mailcow_info.version_tag|default %} + {% if mailcow_cc_username and mailcow_info.mailcow_build|lower == "stable" and mailcow_info.version_tag|default %} 🐮 + 🐋 = 💕 - - Version: {{ mailcow_info.version_tag }} + Version: {{ mailcow_info.version_tag }} + {% endif %} + {% if mailcow_cc_username and mailcow_info.mailcow_build|lower == "nightly" and mailcow_info.version_tag|default %} + + 🛠️🐮 + 🐋 = 💕 + Nightly: {{ mailcow_info.version_tag }} +
+ Build: {{ mailcow_info.git_commit_date }} + {% endif %} diff --git a/update.sh b/update.sh index 7d47b3cc..2d8ed95a 100755 --- a/update.sh +++ b/update.sh @@ -873,11 +873,12 @@ fi # Set app_info.inc.php if [ ${BRANCH} == "master" ]; then mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`) - mailcow_last_git_version="" elif [ ${BRANCH} == "nightly" ]; then mailcow_git_version=$(git rev-parse --short HEAD) + mailcow_last_git_version="" else mailcow_git_version=$(git rev-parse --short HEAD) + mailcow_last_git_version="" fi mailcow_git_commit=$(git rev-parse HEAD) From 77f9947613fa3aac9ac772574495a0ee50a3c91f Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 14:37:00 +0200 Subject: [PATCH 20/40] Readded footer + vars. --- data/web/inc/footer.inc.php | 9 ++++++++- data/web/templates/base.twig | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php index b2f1d4d5..61d81dff 100644 --- a/data/web/inc/footer.inc.php +++ b/data/web/inc/footer.inc.php @@ -48,7 +48,14 @@ if (isset($pending_tfa_authmechs['u2f'])) { $globalVariables = [ 'mailcow_info' => array( 'version_tag' => $GLOBALS['MAILCOW_GIT_VERSION'], - 'git_project_url' => $GLOBALS['MAILCOW_GIT_URL'] + 'last_version_tag' => $GLOBALS['MAILCOW_LAST_GIT_VERSION'], + 'git_owner' => $GLOBALS['MAILCOW_GIT_OWNER'], + 'git_repo' => $GLOBALS['MAILCOW_GIT_REPO'], + 'git_project_url' => $GLOBALS['MAILCOW_GIT_URL'], + 'git_commit' => $GLOBALS['MAILCOW_GIT_COMMIT'], + 'git_commit_date' => $GLOBALS['MAILCOW_GIT_COMMIT_DATE'], + 'mailcow_branch' => $GLOBALS['MAILCOW_BRANCH'], + 'updated_at' => $GLOBALS['MAILCOW_UPDATEDAT'] ), 'js_path' => '/cache/'.basename($JSPath), 'pending_tfa_methods' => @$_SESSION['pending_tfa_methods'], diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig index ba0810a1..e97199b3 100644 --- a/data/web/templates/base.twig +++ b/data/web/templates/base.twig @@ -477,14 +477,14 @@ function recursiveBase64StrToArrayBuffer(obj) { {% if ui_texts.ui_footer %}
{{ ui_texts.ui_footer|rot13|raw }} {% endif %} - {% if mailcow_cc_username and mailcow_info.mailcow_build|lower == "stable" and mailcow_info.version_tag|default %} + {% if mailcow_cc_username and mailcow_info.mailcow_branch|lower == "master" and mailcow_info.version_tag|default %} 🐮 + 🐋 = 💕 Version: {{ mailcow_info.version_tag }} {% endif %} - {% if mailcow_cc_username and mailcow_info.mailcow_build|lower == "nightly" and mailcow_info.version_tag|default %} + {% if mailcow_cc_username and mailcow_info.mailcow_branch|lower == "origin/feature/nightly-editions" and mailcow_info.version_tag|default %} 🛠️🐮 + 🐋 = 💕 Nightly: {{ mailcow_info.version_tag }} From 4f7ee669d3c3fc13829f629a392215abd899c35f Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 14:42:31 +0200 Subject: [PATCH 21/40] Added missing ;then in update.sh --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index 2d8ed95a..4e277e26 100755 --- a/update.sh +++ b/update.sh @@ -658,7 +658,7 @@ else fi fi -if [ $NEW_BRANCH != "master" ] || [ $NEW_BRANCH != "nightly"] +if [ $NEW_BRANCH != "master" ] || [ $NEW_BRANCH != "nightly"]; then echo -e "\e[33mDetecting which build your mailcow runs on...\e[0m" sleep 1 if [ ${BRANCH} == "master" ]; then @@ -676,7 +676,7 @@ if [ $NEW_BRANCH != "master" ] || [ $NEW_BRANCH != "nightly"] echo -e "\e[33mThe mailcow stack might still work but it is recommended to switch to the master branch (stable builds).\e[0m" echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m" fi -elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ] +elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ]; then echo -e "\e[33mYou are about to switch your mailcow Updates to the stable (master) branch.\e[0m" sleep 1 echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no Data is lost...\e[0m" @@ -704,7 +704,7 @@ elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ] git fetch origin --all git checkout -f origin/${BRANCH} -elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ] +elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then echo -e "\e[33mYou are about to switch your mailcow Updates to the unstable (nightly) branch.\e[0m" sleep 1 echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no Data is lost...\e[0m" From 9db9818edea9ba7680aef32267d91e57a6ff0895 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 15:00:39 +0200 Subject: [PATCH 22/40] Moved Force Mode check in prio --- update.sh | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/update.sh b/update.sh index 4e277e26..6b19dd1d 100755 --- a/update.sh +++ b/update.sh @@ -658,7 +658,7 @@ else fi fi -if [ $NEW_BRANCH != "master" ] || [ $NEW_BRANCH != "nightly"]; then +if ! [ $NEW_BRANCH ]; then echo -e "\e[33mDetecting which build your mailcow runs on...\e[0m" sleep 1 if [ ${BRANCH} == "master" ]; then @@ -676,6 +676,11 @@ if [ $NEW_BRANCH != "master" ] || [ $NEW_BRANCH != "nightly"]; then echo -e "\e[33mThe mailcow stack might still work but it is recommended to switch to the master branch (stable builds).\e[0m" echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m" fi +elif [ $FORCE = "y" ]; then + echo -e "\e[31mYou are running in forced mode!\e[0m" + echo -e "\e[31mA Branch Switch can only be performed manually (monitored).\e[0m" + echo -e "\e[31mPlease rerun the update.sh Script without the --force/-f parameter.\e[0m" + sleep 1 elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ]; then echo -e "\e[33mYou are about to switch your mailcow Updates to the stable (master) branch.\e[0m" sleep 1 @@ -683,7 +688,8 @@ elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ]; then sleep 1 echo -e "\e[31mWARNING: Please see on GitHub or ask in the communitys if a switch to master is stable or not. In some rear cases a Update back to master can destroy your mailcow configuration in case of Database Upgrades etc. - Normally a upgrade back to master should be safe during each full release. Check GitHub for Database Changes and Update only if there similar to the full release!\e[0m" + Normally a upgrade back to master should be safe during each full release. + Check GitHub for Database Changes and Update only if there similar to the full release!\e[0m" read -r -p "Are you sure you that want to continue upgrading to the stable (master) branch? [y/N] " response if [[ ! "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then echo "OK. If you prepared yourself for that please run the update.sh Script with the --stable parameter again to trigger this process here." @@ -709,7 +715,7 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then sleep 1 echo -e "\e[33mBefore you do: Please take a backup of all components to ensure that no Data is lost...\e[0m" sleep 1 - echo -e "\e[31mWARNING: A switch to nightly is possible any time. But a switch back (to master) not.\e[0m" + echo -e "\e[31mWARNING: A switch to nightly is possible any time. But a switch back (to master) isn't.\e[0m" read -r -p "Are you sure you that want to continue upgrading to the unstable (nightly) branch? [y/N] " response if [[ ! "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then echo "OK. If you prepared yourself for that please run the update.sh Script with the --nightly parameter again to trigger this process here." @@ -730,10 +736,6 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then git fetch origin --all git checkout -f origin/${BRANCH} -elif [ $FORCE ]; then - echo -e "\e[31mYou are running in forced mode!\e[0m" - echo -e "\e[31mA Branch Switch can only be performed manually (monitored).\e[0m" - echo -e "\e[31mPlease rerun the update.sh Script without the --force/-f parameter.\e[0m" fi echo -e "\e[32mChecking for newer update script...\e[0m" From cdc8f63b4b2ec1622c4f62106a4e3ea2b57bc7ba Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 15:05:14 +0200 Subject: [PATCH 23/40] Fixed Force flag --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 6b19dd1d..93f8f365 100755 --- a/update.sh +++ b/update.sh @@ -676,7 +676,7 @@ if ! [ $NEW_BRANCH ]; then echo -e "\e[33mThe mailcow stack might still work but it is recommended to switch to the master branch (stable builds).\e[0m" echo -e "\e[33mTo change that run the update.sh Script one time with the --stable parameter to switch to stable builds.\e[0m" fi -elif [ $FORCE = "y" ]; then +elif [ $FORCE ]; then echo -e "\e[31mYou are running in forced mode!\e[0m" echo -e "\e[31mA Branch Switch can only be performed manually (monitored).\e[0m" echo -e "\e[31mPlease rerun the update.sh Script without the --force/-f parameter.\e[0m" From 825c8a6abee977529b3b29dd3e167d5d42b3fb47 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 15:56:02 +0200 Subject: [PATCH 24/40] Changed Git Checkout form --- update.sh | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/update.sh b/update.sh index 93f8f365..e8141b41 100755 --- a/update.sh +++ b/update.sh @@ -695,8 +695,7 @@ elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ]; then echo "OK. If you prepared yourself for that please run the update.sh Script with the --stable parameter again to trigger this process here." exit 0 fi - - BRANCH = NEW_BRANCH + BRANCH=$NEW_BRANCH DIFF_DIRECTORY=update_diffs DIFF_FILE=${DIFF_DIRECTORY}/diff_before_upgrade_to_master_$(date +"%Y-%m-%d-%H-%M-%S") mv diff_before_upgrade* ${DIFF_DIRECTORY}/ 2> /dev/null @@ -708,7 +707,7 @@ elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ]; then fi echo -e "\e[32mSwitching Branch to ${BRANCH}...\e[0m" git fetch origin --all - git checkout -f origin/${BRANCH} + git checkout -f ${BRANCH} elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then echo -e "\e[33mYou are about to switch your mailcow Updates to the unstable (nightly) branch.\e[0m" @@ -721,8 +720,7 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then echo "OK. If you prepared yourself for that please run the update.sh Script with the --nightly parameter again to trigger this process here." exit 0 fi - - BRANCH = NEW_BRANCH + BRANCH=$NEW_BRANCH DIFF_DIRECTORY=update_diffs DIFF_FILE=${DIFF_DIRECTORY}/diff_before_upgrade_to_nightly_$(date +"%Y-%m-%d-%H-%M-%S") mv diff_before_upgrade* ${DIFF_DIRECTORY}/ 2> /dev/null @@ -732,10 +730,8 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then git diff ${BRANCH} --stat > ${DIFF_FILE} git diff ${BRANCH} >> ${DIFF_FILE} fi - git fetch origin --all - git checkout -f origin/${BRANCH} - + git checkout -f ${BRANCH} fi echo -e "\e[32mChecking for newer update script...\e[0m" @@ -932,8 +928,8 @@ if [ -f "${SCRIPT_DIR}/post_update_hook.sh" ]; then bash "${SCRIPT_DIR}/post_update_hook.sh" fi -# echo "In case you encounter any problem, hard-reset to a state before updating mailcow:" -# echo -# git reflog --color=always | grep "Before update on " -# echo -# echo "Use \"git reset --hard hash-on-the-left\" and run $COMPOSE_COMMAND up -d afterwards." \ No newline at end of file +echo "In case you encounter any problem, hard-reset to a state before updating mailcow:" +echo +git reflog --color=always | grep "Before update on " +echo +echo "Use \"git reset --hard hash-on-the-left\" and run $COMPOSE_COMMAND up -d afterwards." \ No newline at end of file From 85deeaf80645fc78adadfbe5b514651096f09382 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 16:00:57 +0200 Subject: [PATCH 25/40] Corrected origin fetch --- update.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/update.sh b/update.sh index e8141b41..b5bd13c5 100755 --- a/update.sh +++ b/update.sh @@ -730,7 +730,7 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then git diff ${BRANCH} --stat > ${DIFF_FILE} git diff ${BRANCH} >> ${DIFF_FILE} fi - git fetch origin --all + git fetch origin git checkout -f ${BRANCH} fi @@ -928,8 +928,8 @@ if [ -f "${SCRIPT_DIR}/post_update_hook.sh" ]; then bash "${SCRIPT_DIR}/post_update_hook.sh" fi -echo "In case you encounter any problem, hard-reset to a state before updating mailcow:" -echo -git reflog --color=always | grep "Before update on " -echo -echo "Use \"git reset --hard hash-on-the-left\" and run $COMPOSE_COMMAND up -d afterwards." \ No newline at end of file +# echo "In case you encounter any problem, hard-reset to a state before updating mailcow:" +# echo +# git reflog --color=always | grep "Before update on " +# echo +# echo "Use \"git reset --hard hash-on-the-left\" and run $COMPOSE_COMMAND up -d afterwards." \ No newline at end of file From e202530afb57ee33c7cce6f9e2dbb3594e6df30f Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 16:12:36 +0200 Subject: [PATCH 26/40] Set correct Commit ID from origin instead of local --- update.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/update.sh b/update.sh index b5bd13c5..c27fcd43 100755 --- a/update.sh +++ b/update.sh @@ -730,7 +730,7 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then git diff ${BRANCH} --stat > ${DIFF_FILE} git diff ${BRANCH} >> ${DIFF_FILE} fi - git fetch origin + git fetch origin --all git checkout -f ${BRANCH} fi @@ -872,14 +872,14 @@ fi if [ ${BRANCH} == "master" ]; then mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`) elif [ ${BRANCH} == "nightly" ]; then - mailcow_git_version=$(git rev-parse --short HEAD) + mailcow_git_version=$(git rev-parse origin/${BRANCH} --short HEAD | head -2 | tail -1) mailcow_last_git_version="" else mailcow_git_version=$(git rev-parse --short HEAD) mailcow_last_git_version="" fi -mailcow_git_commit=$(git rev-parse HEAD) +mailcow_git_commit=$(git rev-parse origin/${BRANCH}) mailcow_git_commit_date=$(git show -s --format=%cd --date=format:'%Y-%m-%d %H:%M') if [ $? -eq 0 ]; then @@ -928,8 +928,8 @@ if [ -f "${SCRIPT_DIR}/post_update_hook.sh" ]; then bash "${SCRIPT_DIR}/post_update_hook.sh" fi -# echo "In case you encounter any problem, hard-reset to a state before updating mailcow:" -# echo -# git reflog --color=always | grep "Before update on " -# echo -# echo "Use \"git reset --hard hash-on-the-left\" and run $COMPOSE_COMMAND up -d afterwards." \ No newline at end of file +echo "In case you encounter any problem, hard-reset to a state before updating mailcow:" +echo +git reflog --color=always | grep "Before update on " +echo +echo "Use \"git reset --hard hash-on-the-left\" and run $COMPOSE_COMMAND up -d afterwards." \ No newline at end of file From ef311f22bf5b188837909427438ee29423c2ac56 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 16:16:38 +0200 Subject: [PATCH 27/40] Corrected Twig Footer --- data/web/templates/base.twig | 2 +- update.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig index e97199b3..be23c19d 100644 --- a/data/web/templates/base.twig +++ b/data/web/templates/base.twig @@ -484,7 +484,7 @@ function recursiveBase64StrToArrayBuffer(obj) { {% endif %} - {% if mailcow_cc_username and mailcow_info.mailcow_branch|lower == "origin/feature/nightly-editions" and mailcow_info.version_tag|default %} + {% if mailcow_cc_username and mailcow_info.mailcow_branch|lower == "nightly" and mailcow_info.version_tag|default %} 🛠️🐮 + 🐋 = 💕 Nightly: {{ mailcow_info.version_tag }} diff --git a/update.sh b/update.sh index c27fcd43..d0e4c4ba 100755 --- a/update.sh +++ b/update.sh @@ -706,7 +706,7 @@ elif [ $NEW_BRANCH == "master" ] && [ $CURRENT_BRANCH != "master" ]; then git diff ${BRANCH} >> ${DIFF_FILE} fi echo -e "\e[32mSwitching Branch to ${BRANCH}...\e[0m" - git fetch origin --all + git fetch origin git checkout -f ${BRANCH} elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then @@ -730,7 +730,7 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then git diff ${BRANCH} --stat > ${DIFF_FILE} git diff ${BRANCH} >> ${DIFF_FILE} fi - git fetch origin --all + git fetch origin git checkout -f ${BRANCH} fi From 5ea43051856104e9ea5d01bde800b0180e6edd04 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 24 Aug 2022 16:26:07 +0200 Subject: [PATCH 28/40] Fix Upstream Commit ID grep --- update.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/update.sh b/update.sh index d0e4c4ba..4efbc6a5 100755 --- a/update.sh +++ b/update.sh @@ -872,7 +872,7 @@ fi if [ ${BRANCH} == "master" ]; then mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`) elif [ ${BRANCH} == "nightly" ]; then - mailcow_git_version=$(git rev-parse origin/${BRANCH} --short HEAD | head -2 | tail -1) + mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream})) mailcow_last_git_version="" else mailcow_git_version=$(git rev-parse --short HEAD) @@ -928,8 +928,8 @@ if [ -f "${SCRIPT_DIR}/post_update_hook.sh" ]; then bash "${SCRIPT_DIR}/post_update_hook.sh" fi -echo "In case you encounter any problem, hard-reset to a state before updating mailcow:" -echo -git reflog --color=always | grep "Before update on " -echo -echo "Use \"git reset --hard hash-on-the-left\" and run $COMPOSE_COMMAND up -d afterwards." \ No newline at end of file +# echo "In case you encounter any problem, hard-reset to a state before updating mailcow:" +# echo +# git reflog --color=always | grep "Before update on " +# echo +# echo "Use \"git reset --hard hash-on-the-left\" and run $COMPOSE_COMMAND up -d afterwards." \ No newline at end of file From 778a3ed551c270d0bb104eddd26c3587fcc25df4 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Thu, 25 Aug 2022 10:07:42 +0200 Subject: [PATCH 29/40] Use universal Git Commit Date Command --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 4efbc6a5..169923b9 100755 --- a/update.sh +++ b/update.sh @@ -880,7 +880,7 @@ else fi mailcow_git_commit=$(git rev-parse origin/${BRANCH}) -mailcow_git_commit_date=$(git show -s --format=%cd --date=format:'%Y-%m-%d %H:%M') +mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} ) if [ $? -eq 0 ]; then echo ' data/web/inc/app_info.inc.php From 1f9f4157a674850962b06fe68553ff040e6c9a5e Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Thu, 25 Aug 2022 10:27:46 +0200 Subject: [PATCH 30/40] Corrected detect docker compose command position --- update.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/update.sh b/update.sh index 169923b9..7ebb0f49 100755 --- a/update.sh +++ b/update.sh @@ -344,6 +344,8 @@ while (($#)); do shift done +detect_docker_compose_command + [[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing! Is mailcow installed?"; exit 1;} chmod 600 mailcow.conf source mailcow.conf @@ -354,8 +356,6 @@ if [ ${#DOTS} -lt 2 ]; then exit 1 fi -detect_docker_compose_command - if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi # This will also cover sort if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi From bc9141753fab8fb4b591461d92703c345ebbef0c Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Thu, 25 Aug 2022 10:32:33 +0200 Subject: [PATCH 31/40] Re-arranged position of source mailcow.conf --- update.sh | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/update.sh b/update.sh index 7ebb0f49..a7664c67 100755 --- a/update.sh +++ b/update.sh @@ -344,11 +344,12 @@ while (($#)); do shift done +chmod 600 mailcow.conf +source mailcow.conf + detect_docker_compose_command [[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing! Is mailcow installed?"; exit 1;} -chmod 600 mailcow.conf -source mailcow.conf DOTS=${MAILCOW_HOSTNAME//[^.]}; if [ ${#DOTS} -lt 2 ]; then echo "MAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is not a FQDN!" @@ -734,16 +735,16 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then git checkout -f ${BRANCH} fi -echo -e "\e[32mChecking for newer update script...\e[0m" -SHA1_1=$(sha1sum update.sh) -git fetch origin #${BRANCH} -git checkout origin/${BRANCH} update.sh -SHA1_2=$(sha1sum update.sh) -if [[ ${SHA1_1} != ${SHA1_2} ]]; then - echo "update.sh changed, please run this script again, exiting." - chmod +x update.sh - exit 2 -fi +# echo -e "\e[32mChecking for newer update script...\e[0m" +# SHA1_1=$(sha1sum update.sh) +# git fetch origin #${BRANCH} +# git checkout origin/${BRANCH} update.sh +# SHA1_2=$(sha1sum update.sh) +# if [[ ${SHA1_1} != ${SHA1_2} ]]; then +# echo "update.sh changed, please run this script again, exiting." +# chmod +x update.sh +# exit 2 +# fi if [ ! $FORCE ]; then read -r -p "Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N] " response From e98a9844179e0808106d5a7f28c1eca800f2bf40 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Thu, 25 Aug 2022 11:16:55 +0200 Subject: [PATCH 32/40] Implemented correct app_info.php set in generate_config --- generate_config.sh | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/generate_config.sh b/generate_config.sh index 1ae76b21..a7f4a5a0 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -420,16 +420,42 @@ echo "Copying snake-oil certificate..." cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/ # Set app_info.inc.php -mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`) +if [ ${git_branch} == "master" ]; then + mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`) +elif [ ${git_branch} == "nightly" ]; then + mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream})) + mailcow_last_git_version="" +else + mailcow_git_version=$(git rev-parse --short HEAD) + mailcow_last_git_version="" +fi + +mailcow_git_commit=$(git rev-parse origin/${git_branch}) +mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} ) + if [ $? -eq 0 ]; then echo ' data/web/inc/app_info.inc.php echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_LAST_GIT_VERSION="";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_OWNER="mailcow";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_REPO="mailcow-dockerized";' >> data/web/inc/app_info.inc.php echo ' $MAILCOW_GIT_URL="https://github.com/mailcow/mailcow-dockerized";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_COMMIT="'$mailcow_git_commit'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_COMMIT_DATE="'$mailcow_git_commit_date'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_BRANCH="'$BRANCH'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php echo '?>' >> data/web/inc/app_info.inc.php else echo ' data/web/inc/app_info.inc.php - echo ' $MAILCOW_GIT_VERSION="";' >> data/web/inc/app_info.inc.php - echo ' $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_LAST_GIT_VERSION="";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_OWNER="mailcow";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_REPO="mailcow-dockerized";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_URL="https://github.com/mailcow/mailcow-dockerized";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_COMMIT="";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_GIT_COMMIT_DATE="";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_BRANCH="'$BRANCH'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php echo '?>' >> data/web/inc/app_info.inc.php echo -e "\e[33mCannot determine current git repository version...\e[0m" fi \ No newline at end of file From 3633766544d37ee74a96fc34d763885be5504f2e Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Thu, 25 Aug 2022 11:21:12 +0200 Subject: [PATCH 33/40] Fixed missing branch variable in app info.php (gen-config) --- generate_config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/generate_config.sh b/generate_config.sh index a7f4a5a0..6af24f28 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -442,7 +442,7 @@ if [ $? -eq 0 ]; then echo ' $MAILCOW_GIT_URL="https://github.com/mailcow/mailcow-dockerized";' >> data/web/inc/app_info.inc.php echo ' $MAILCOW_GIT_COMMIT="'$mailcow_git_commit'";' >> data/web/inc/app_info.inc.php echo ' $MAILCOW_GIT_COMMIT_DATE="'$mailcow_git_commit_date'";' >> data/web/inc/app_info.inc.php - echo ' $MAILCOW_BRANCH="'$BRANCH'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_BRANCH="'$git_branch'";' >> data/web/inc/app_info.inc.php echo ' $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php echo '?>' >> data/web/inc/app_info.inc.php else @@ -454,7 +454,7 @@ else echo ' $MAILCOW_GIT_URL="https://github.com/mailcow/mailcow-dockerized";' >> data/web/inc/app_info.inc.php echo ' $MAILCOW_GIT_COMMIT="";' >> data/web/inc/app_info.inc.php echo ' $MAILCOW_GIT_COMMIT_DATE="";' >> data/web/inc/app_info.inc.php - echo ' $MAILCOW_BRANCH="'$BRANCH'";' >> data/web/inc/app_info.inc.php + echo ' $MAILCOW_BRANCH="'$git_branch'";' >> data/web/inc/app_info.inc.php echo ' $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php echo '?>' >> data/web/inc/app_info.inc.php echo -e "\e[33mCannot determine current git repository version...\e[0m" From 555f4a8a6d300361985c8d4cb9aada97ea339483 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Thu, 25 Aug 2022 14:26:45 +0200 Subject: [PATCH 34/40] [Web] Mailbox TFA fix --- data/web/inc/functions.inc.php | 48 ++++++++++++++++-------------- data/web/inc/prerequisites.inc.php | 2 +- 2 files changed, 27 insertions(+), 23 deletions(-) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index ca371303..4f70b4c2 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -807,7 +807,7 @@ function verify_hash($hash, $password) { } return false; } -function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false) { +function check_login($user, $pass, $app_passwd_data = false) { global $pdo; global $redis; global $imap_server; @@ -834,7 +834,7 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false) if (verify_hash($row['password'], $pass)) { // check for tfa authenticators $authenticators = get_tfa($user); - if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$skip_tfa) { + if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { // active tfa authenticators found, set pending user login $_SESSION['pending_mailcow_cc_username'] = $user; $_SESSION['pending_mailcow_cc_role'] = "admin"; @@ -873,7 +873,7 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false) if (verify_hash($row['password'], $pass) !== false) { // check for tfa authenticators $authenticators = get_tfa($user); - if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$skip_tfa) { + if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { $_SESSION['pending_mailcow_cc_username'] = $user; $_SESSION['pending_mailcow_cc_role'] = "domainadmin"; $_SESSION['pending_tfa_methods'] = $authenticators['additional']; @@ -937,9 +937,8 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false) } foreach ($rows as $row) { // verify password - if (verify_hash($row['password'], $pass) !== false) { - - if ($app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true && !$skip_tfa){ + if ($app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true){ + if (verify_hash($row['password'], $pass) !== false) { // check for tfa authenticators $authenticators = get_tfa($user); if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { @@ -953,26 +952,31 @@ function check_login($user, $pass, $app_passwd_data = false, $skip_tfa = false) 'msg' => array('logged_in_as', $user) ); return "pending"; + } else { + // Reactivate TFA if it was set to "deactivate TFA for next login" + $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user"); + $stmt->execute(array(':user' => $user)); + + unset($_SESSION['ldelay']); + return "user"; } } + } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) { + if (array_key_exists("app_passwd_id", $row)){ + if (verify_hash($row['password'], $pass) !== false) { + $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV'; + $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)"); + $stmt->execute(array( + ':service' => $service, + ':app_id' => $row['app_passwd_id'], + ':username' => $user, + ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']) + )); - if ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) { - $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV'; - $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)"); - $stmt->execute(array( - ':service' => $service, - ':app_id' => $row['app_passwd_id'], - ':username' => $user, - ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']) - )); - } elseif (!$skip_tfa) { - // Reactivate TFA if it was set to "deactivate TFA for next login" - $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user"); - $stmt->execute(array(':user' => $user)); + unset($_SESSION['ldelay']); + return "user"; + } } - - unset($_SESSION['ldelay']); - return "user"; } } diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php index cb02ba16..2897444b 100644 --- a/data/web/inc/prerequisites.inc.php +++ b/data/web/inc/prerequisites.inc.php @@ -131,7 +131,7 @@ class mailcowPdo extends OAuth2\Storage\Pdo { $this->config['user_table'] = 'mailbox'; } public function checkUserCredentials($username, $password) { - if (check_login($username, $password, false, true) == 'user') { + if (check_login($username, $password) == 'user') { return true; } return false; From 57cd5ec818b5872e91327990f92e9f69a96a2e19 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Thu, 25 Aug 2022 14:48:38 +0200 Subject: [PATCH 35/40] Readded update.sh new Version check :P --- update.sh | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/update.sh b/update.sh index a7664c67..a0ba0729 100755 --- a/update.sh +++ b/update.sh @@ -184,10 +184,10 @@ if ! [ "${DOCKER_COMPOSE_VERSION}" == "native" ] && ! [ "${DOCKER_COMPOSE_VERSIO echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m" echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m" sleep 2 - echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m" + echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m" else echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" - echo -e "\e[31mPlease update it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" exit 1 fi elif docker-compose > /dev/null 2>&1; then @@ -198,10 +198,10 @@ if ! [ "${DOCKER_COMPOSE_VERSION}" == "native" ] && ! [ "${DOCKER_COMPOSE_VERSIO echo -e "\e[31mFound Docker Compose Standalone.\e[0m" echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m" sleep 2 - echo -e "\e[33mNotice: You´ll have to update this Compose Version manually! Please see: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.[0m" else echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" - echo -e "\e[31mPlease update manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + echo -e "\e[31mPlease update/install regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" exit 1 fi fi @@ -735,16 +735,16 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then git checkout -f ${BRANCH} fi -# echo -e "\e[32mChecking for newer update script...\e[0m" -# SHA1_1=$(sha1sum update.sh) -# git fetch origin #${BRANCH} -# git checkout origin/${BRANCH} update.sh -# SHA1_2=$(sha1sum update.sh) -# if [[ ${SHA1_1} != ${SHA1_2} ]]; then -# echo "update.sh changed, please run this script again, exiting." -# chmod +x update.sh -# exit 2 -# fi +echo -e "\e[32mChecking for newer update script...\e[0m" +SHA1_1=$(sha1sum update.sh) +git fetch origin #${BRANCH} +git checkout origin/${BRANCH} update.sh +SHA1_2=$(sha1sum update.sh) +if [[ ${SHA1_1} != ${SHA1_2} ]]; then + echo "update.sh changed, please run this script again, exiting." + chmod +x update.sh + exit 2 +fi if [ ! $FORCE ]; then read -r -p "Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N] " response From fee6ff43bf1d65846cea58c727cd707905d6ae65 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Thu, 25 Aug 2022 14:51:49 +0200 Subject: [PATCH 36/40] Corrected compose standalone update message in generate config --- generate_config.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/generate_config.sh b/generate_config.sh index 6af24f28..afd1d892 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -34,7 +34,7 @@ if docker compose > /dev/null 2>&1; then echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m" else echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" - echo -e "\e[31mPlease update it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" exit 1 fi elif docker-compose > /dev/null 2>&1; then @@ -44,10 +44,10 @@ elif docker-compose > /dev/null 2>&1; then echo -e "\e[31mFound Docker Compose Standalone.\e[0m" echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m" sleep 2 - echo -e "\e[33mNotice: You´ll have to update this Compose Version manually! Please see: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m" else echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" - echo -e "\e[31mPlease update manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" + echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m" exit 1 fi fi From 0c11cf747a1eb353aaddeeb8d2d6578dfd88df2c Mon Sep 17 00:00:00 2001 From: milkmaker Date: Thu, 25 Aug 2022 18:15:27 +0200 Subject: [PATCH 37/40] Translations update from Weblate (#4722) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Web] Updated lang.cs.json [CI SKIP] Co-authored-by: Vojtěch Kaizr Co-authored-by: milkmaker * [Web] Updated lang.fr.json [CI SKIP] Co-authored-by: milkmaker Co-authored-by: ppelleti2 * [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Updated lang.tr.json [CI SKIP] [Web] Added lang.tr.json [CI SKIP] Co-authored-by: Peter Co-authored-by: milkmaker Co-authored-by: therudeboy * [Web] Updated lang.ro.json [CI SKIP] Co-authored-by: Vlad M Co-authored-by: milkmaker * [Web] Updated lang.it.json [CI SKIP] Co-authored-by: Peter * [Web] Turkish translation * [Web] Turkish translation Co-authored-by: Vojtěch Kaizr Co-authored-by: ppelleti2 Co-authored-by: Peter Co-authored-by: therudeboy Co-authored-by: Vlad M --- data/web/inc/vars.inc.php | 1 + data/web/lang/lang.cs.json | 2 +- data/web/lang/lang.fr.json | 7 +++- data/web/lang/lang.it.json | 3 +- data/web/lang/lang.ro.json | 5 ++- data/web/lang/lang.tr.json | 85 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 97 insertions(+), 6 deletions(-) create mode 100644 data/web/lang/lang.tr.json diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php index 02366c75..87684b7a 100644 --- a/data/web/inc/vars.inc.php +++ b/data/web/inc/vars.inc.php @@ -100,6 +100,7 @@ $AVAILABLE_LANGUAGES = array( 'ru' => 'Pусский (Russian)', 'sk' => 'Slovenčina (Slovak)', 'sv' => 'Svenska (Swedish)', + 'tr' => 'Türkçe (Turkish)', 'uk' => 'Українська (Ukrainian)', 'zh' => '中文 (Chinese)' ); diff --git a/data/web/lang/lang.cs.json b/data/web/lang/lang.cs.json index 309331aa..e8b70b4a 100644 --- a/data/web/lang/lang.cs.json +++ b/data/web/lang/lang.cs.json @@ -839,7 +839,7 @@ "confirm_delete": "Potvrdit smazání prvku.", "danger": "Nebezpečí", "deliver_inbox": "Doručit do schránky", - "disabled_by_config": "Funkce karanténa je momentálně vypnuta v nastavení systému.", + "disabled_by_config": "Funkce karanténa je momentálně vypnuta v nastavení systému. Nastavte, prosím, prvkům karantény hodnoty \"počet zadržených zpráv\" a \"maximální velikost\".", "download_eml": "Stáhnout (.eml)", "empty": "Žádné výsledky", "high_danger": "Vysoké nebezpečí", diff --git a/data/web/lang/lang.fr.json b/data/web/lang/lang.fr.json index 02d35d35..f3ff355c 100644 --- a/data/web/lang/lang.fr.json +++ b/data/web/lang/lang.fr.json @@ -102,7 +102,8 @@ "timeout2": "Délai d'expiration pour la connexion à l'hôte local", "username": "Nom d'utilisateur", "validate": "Valider", - "validation_success": "Validation réussie" + "validation_success": "Validation réussie", + "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.
Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici." }, "admin": { "access": "Accès", @@ -322,7 +323,9 @@ "yes": "✓", "api_read_write": "Accès Lecture-Écriture", "oauth2_add_client": "Ajouter un client OAuth2", - "password_policy": "Politique de mots de passe" + "password_policy": "Politique de mots de passe", + "admins": "Administrateurs", + "api_read_only": "Accès lecture-seule" }, "danger": { "access_denied": "Accès refusé ou données de formulaire non valides", diff --git a/data/web/lang/lang.it.json b/data/web/lang/lang.it.json index 569951e0..a4a636a9 100644 --- a/data/web/lang/lang.it.json +++ b/data/web/lang/lang.it.json @@ -973,7 +973,8 @@ "verified_fido2_login": "Verified FIDO2 login", "verified_totp_login": "Verified TOTP login", "verified_webauthn_login": "Verified WebAuthn login", - "verified_yotp_login": "Verified Yubico OTP login" + "verified_yotp_login": "Verified Yubico OTP login", + "domain_add_dkim_available": "Esisteva già una chiave DKIM" }, "tfa": { "api_register": "%s usa le API Yubico Cloud. Richiedi una chiave API qui", diff --git a/data/web/lang/lang.ro.json b/data/web/lang/lang.ro.json index e769e041..65030ea4 100644 --- a/data/web/lang/lang.ro.json +++ b/data/web/lang/lang.ro.json @@ -979,7 +979,8 @@ "verified_totp_login": "Autentificarea TOTP verificată", "verified_webauthn_login": "Autentificarea WebAuthn verificată", "verified_fido2_login": "Conectare FIDO2 verificată", - "verified_yotp_login": "Autentificarea Yubico OTP verificată" + "verified_yotp_login": "Autentificarea Yubico OTP verificată", + "domain_add_dkim_available": "O cheie DKIM deja a existat" }, "tfa": { "api_register": "%s utilizează API-ul Yubico Cloud. Obțineți o cheie API pentru cheia dvs. de aici", @@ -990,7 +991,7 @@ "enter_qr_code": "Codul tău TOTP dacă dispozitivul tău nu poate scana codurile QR", "error_code": "Cod de eroare", "init_webauthn": "Inițializare, vă rugăm așteptați...", - "key_id": "Un identificator pentru YubiKey", + "key_id": "Un identificator pentru dispozitiv", "key_id_totp": "Un identificator pentru cheia ta", "none": "Dezactivează", "reload_retry": "- (reîncărcați browserul dacă eroarea persistă)", diff --git a/data/web/lang/lang.tr.json b/data/web/lang/lang.tr.json new file mode 100644 index 00000000..697c7483 --- /dev/null +++ b/data/web/lang/lang.tr.json @@ -0,0 +1,85 @@ +{ + "acl": { + "alias_domains": "Takma alan adı ekle", + "app_passwds": "Uygulama şifrelerini yönet", + "delimiter_action": "Sınırlama işlemi", + "domain_relayhost": "Bir alan adı için relayhost sunucusunu değiştir", + "eas_reset": "EAS cihazlarını sıfırla", + "mailbox_relayhost": "Bir posta kutusunun relayhost sunucularını değiştir", + "pushover": "Bildirim", + "quarantine": "Karantina işlemleri", + "quarantine_attachments": "Ekleri karantinaya al", + "quarantine_notification": "Karantina bildirimlerini değiştir", + "smtp_ip_access": "SMTP sunucularının değiştirilmesine izin ver", + "sogo_access": "SOGo erişiminin yönetilmesine izin ver", + "domain_desc": "Alan adı açıklamasını değiştir", + "extend_sender_acl": "Gönderenin acl'sini harici adreslere göre genişletmeye izin ver", + "spam_policy": "Engellenenler / İzin verilenler" + }, + "add": { + "activate_filter_warn": "Aktif edilirse diğer tüm filtreler devre dışı bırakılacak.", + "add_domain_only": "Sadece alan adı ekle", + "alias_address": "Takma ad adres(leri)", + "alias_domain": "Takma alan adı", + "alias_domain_info": "Sadece geçerli alan adları (virgülle ayırın).", + "backup_mx_options": "İletme ayarları", + "delete2": "Kaynakta olmayan hedefteki mesajları sil", + "delete2duplicates": "Hedefteki kopyaları sil", + "disable_login": "Giriş yapmaya izin verme ( Gelen mailler yine de kabul edilir)", + "domain": "Alan adı", + "domain_matches_hostname": "Alan adı %s ana bilgisayar adıyla eşleşiyor", + "add_domain_restart": "Alan adı ekleyin ve SOGo'yu yeniden başlatın", + "alias_address_info": "Bir alan adına ilişkin tüm iletileri yakalamak için tam e-posta adresi veya @example.com olacak şeklinde girin (virgülle ayırın).sadece mailcow alan adları.", + "domain_quota_m": "Toplam alan adı kotası (MiB)", + "generate": "oluştur", + "goto_ham": "Ham olarakişaretle", + "goto_null": "Postaları sessizce çöpe at", + "goto_spam": "Spam olarakişaretle", + "hostname": "Ana sunucu", + "kind": "Tür", + "mailbox_quota_m": "Posta kutusu başına maksimum kota (MiB)", + "max_aliases": "Maksimum olası takma adı", + "max_mailboxes": "Maksimum olası posta kutusu", + "nexthop": "Sonraki atlama", + "port": "Port", + "public_comment": "Genel yorum", + "relay_all": "Tüm alıcılara ilet", + "relay_all_info": "Eğer hiçbir alıcıya iletilmemesini seçerseniz, aktarılması gereken her alıcı için bir (\"kör\") posta kutusu eklemeniz gerekecektir.", + "relay_domain": "Bu alan adını ilet", + "relay_transport_info": "
Bilgi
Bu etki alanı için özel bir hedef için aktarım eşlemeleri tanımlayabilirsiniz. Ayarlanmazsa, bir MX araması yapılacaktır.", + "relay_unknown_only": "Yalnızca mevcut olmayan posta kutularını ilet. Mevcut posta kutuları yerel olarak teslim edilecektir.", + "relayhost_wrapped_tls_info": "Lütfen TLS ile örtülmüş portları kullanmayın (çoğu 465 portunda çalışır).
\nÖrtülmemiş port kullan ve STARTTLS üzerinden yayınla. TLS'yi zorlamak için bir TLS ilkesi \"TLS ilke eşlemeleri\" sayfası içinde oluşturulabilir.", + "skipcrossduplicates": "Klasörler arasında yinelenen mesajları atlayın (ilk mesaj seçilir)", + "target_address": "Adreslere git", + "target_address_info": "Tam e-posta adres(leri) girin ( virgülle ayırın).", + "target_domain": "Hedef alan adı", + "timeout1": "Uzak ana bilgisayara bağlantısı zaman aşımına uğradı", + "timeout2": "Yerel ana bilgisayara bağlantı zaman aşımına uğradı" + }, + "admin": { + "action": "İşlem", + "add_forwarding_host": "Yönlendirme sunucusu ekle", + "add_transport": "İletim ekle", + "admin_details": "Yönetici detaylarını düzenle", + "admin_domains": "Alan adı atamaları", + "add_domain_admin": "Alan adı yöneticisi ekle", + "api_info": "API üzerinde çalışmalar devam etmektedir. Belgeler /apiadresinde bulunabilir", + "apps_name": "\"mailcow Uygulamaları\" adı", + "authed_user": "Yetkili kullanıcı", + "ban_list_info": "Aşağıdaki yasaklı IP'lerin listesine bakın: ağ (kalan yasak süresi) - [işlemler].
Yasağı kaldırılmak üzere sıraya alınan IP'ler birkaç saniye içinde aktif yasak listesinden kaldırılacaktır.
Kırmızı etiketler, kara listeye alınarak aktif kalıcı yasakları gösterir.", + "configuration": "Yapılandırma", + "dkim_from_title": "Verilerin kopyalanacağı kaynak alan adı", + "dkim_to": "Kime", + "dkim_to_title": "Hedef alan ad(ları) üzerinde yazılacak", + "dkim_domains_wo_keys": "Eksik anahtarları olan alan adlarını seçin", + "domain": "Alan adı", + "domain_admin": "Alan adı yöneticisi", + "domain_admins": "Alan adı yöneticileri", + "domain_s": "Alan ad(ları)", + "duplicate": "Çift", + "duplicate_dkim": "Çift DKIM kayıtları", + "f2b_ban_time": "Yasaklama süresi (saniye)", + "f2b_max_attempts": "Maksimum giriş denemesi", + "f2b_retry_window": "Maksimum girişim için deneme pencere(leri)" + } +} From 2ed453a400d26d514715cc0dfdfb33f1fcfba793 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Wed, 31 Aug 2022 11:31:55 +0200 Subject: [PATCH 38/40] fix mailbox tfa --- data/web/inc/functions.inc.php | 36 +++++++++++++++++----------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 4f70b4c2..98f8075e 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -937,11 +937,13 @@ function check_login($user, $pass, $app_passwd_data = false) { } foreach ($rows as $row) { // verify password - if ($app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true){ - if (verify_hash($row['password'], $pass) !== false) { + if (verify_hash($row['password'], $pass) !== false) { + if (!array_key_exists("app_passwd_id", $row)){ + // password is not a app password // check for tfa authenticators $authenticators = get_tfa($user); if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { + // authenticators found, init TFA flow $_SESSION['pending_mailcow_cc_username'] = $user; $_SESSION['pending_mailcow_cc_role'] = "user"; $_SESSION['pending_tfa_methods'] = $authenticators['additional']; @@ -953,6 +955,7 @@ function check_login($user, $pass, $app_passwd_data = false) { ); return "pending"; } else { + // no authenticators found, login successfull // Reactivate TFA if it was set to "deactivate TFA for next login" $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user"); $stmt->execute(array(':user' => $user)); @@ -960,22 +963,19 @@ function check_login($user, $pass, $app_passwd_data = false) { unset($_SESSION['ldelay']); return "user"; } - } - } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) { - if (array_key_exists("app_passwd_id", $row)){ - if (verify_hash($row['password'], $pass) !== false) { - $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV'; - $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)"); - $stmt->execute(array( - ':service' => $service, - ':app_id' => $row['app_passwd_id'], - ':username' => $user, - ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']) - )); + } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) { + // password is a app password + $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV'; + $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)"); + $stmt->execute(array( + ':service' => $service, + ':app_id' => $row['app_passwd_id'], + ':username' => $user, + ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']) + )); - unset($_SESSION['ldelay']); - return "user"; - } + unset($_SESSION['ldelay']); + return "user"; } } } @@ -994,7 +994,7 @@ function check_login($user, $pass, $app_passwd_data = false) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $user, '*'), - 'msg' => 'login_failed' + 'msg' => array('login_failed', $pass, $rows, $app_passwd_data, array_key_exists("app_passwd_id", $row)) ); sleep($_SESSION['ldelay']); From a161aa2c925008de927a7a62fad1576be2e69b3b Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Wed, 31 Aug 2022 11:37:45 +0200 Subject: [PATCH 39/40] remove testing debug log --- data/web/inc/functions.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 98f8075e..9c7a7894 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -994,7 +994,7 @@ function check_login($user, $pass, $app_passwd_data = false) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $user, '*'), - 'msg' => array('login_failed', $pass, $rows, $app_passwd_data, array_key_exists("app_passwd_id", $row)) + 'msg' => 'login_failed' ); sleep($_SESSION['ldelay']); From a40df1ff87a5ff7bf263fa2dbfb0326007a739fc Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Thu, 1 Sep 2022 09:53:08 +0200 Subject: [PATCH 40/40] fix tfa modal trigger from dav/eas login --- data/web/inc/functions.inc.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 9c7a7894..c26682c6 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -935,14 +935,15 @@ function check_login($user, $pass, $app_passwd_data = false) { $stmt->execute(array(':user' => $user)); $rows = array_merge($rows, $stmt->fetchAll(PDO::FETCH_ASSOC)); } - foreach ($rows as $row) { + foreach ($rows as $row) { // verify password if (verify_hash($row['password'], $pass) !== false) { if (!array_key_exists("app_passwd_id", $row)){ // password is not a app password // check for tfa authenticators $authenticators = get_tfa($user); - if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { + if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && + $app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true) { // authenticators found, init TFA flow $_SESSION['pending_mailcow_cc_username'] = $user; $_SESSION['pending_mailcow_cc_role'] = "user"; @@ -954,7 +955,7 @@ function check_login($user, $pass, $app_passwd_data = false) { 'msg' => array('logged_in_as', $user) ); return "pending"; - } else { + } else if (!isset($authenticators['additional']) || !is_array($authenticators['additional']) || count($authenticators['additional']) == 0) { // no authenticators found, login successfull // Reactivate TFA if it was set to "deactivate TFA for next login" $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");