Update push actions

.github/workflows/docker-hub.yml

@@ -0,0 +1,53 @@
+name: Build and Push to Docker Hub
+
+on:
+  push:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Calculate Tags
+        env:
+          ref: ${{ github.ref }}
+          repo: ${{ github.repository }}
+        run: |
+          ref=${ref##*/}
+          if [[ $ref == master ]]; then
+            tags=$repo:unstable
+          elif [[ $ref =~ ^([0-9.]+)-((([0-9]+[.])[0-9]+[.])([.][0-9+])*)$ ]]; then
+            upstream=${BASH_REMATCH[1]}
+            minor=${BASH_REMATCH[3]}x
+            major=${BASH_REMATCH[4]}x
+            tags=$repo:latest,$repo:$ref,$repo:$upstream-$minor,$repo:$upstream-$major,$repo:$upstream
+          else
+            echo "Bad tag: $ref"
+            exit 1
+          fi
+
+          echo "$tags"
+          echo "build_tags=$tags" >> $GITHUB_ENV
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build and push
+        id: build
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: true
+          tags: ${{ env.build_tags }}
+
+      - name: Update repo description
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ github.repository }}

Dockerfile

@@ -1,4 +1,4 @@
-ARG UPSTREAM=2.2.19
+ARG UPSTREAM=2.3.10
 FROM analogic/poste.io:$UPSTREAM
 RUN apt-get update && apt-get install less  # 'less' is Useful for debugging
 

files/etc/cont-init.d/25-bind-hostname.sh

@@ -2,13 +2,21 @@
 
 # Given a variable name and setting, get the matching IP addresses as a comma-delimited list
 function ip_list() {
-	local -n ips=$1
+	local -n ips=$1 v6=${1}_b
 	case $2 in
 		host) ips=$(hostname -i) ;;
 		'*')  ips='* ::' ;;
 		*)    read -ra ips <<<"$2"; ips=("${ips[*]}") ;;  # trim/normalize whitespace
 	esac
 	ips="${ips// /,}"; ips=${ips:-*,::}  # handle empty list
+
+	# Create a bracketed version for configs that need [host]:port for IPv6 addrs
+	local addr i
+	IFS=, read -ra addr <<<"$ips"
+	for i in "${!addr[@]}"; do
+		case ${addr[i]} in *:*) addr[i]="[${addr[i]}]" ;; esac
+	done
+	v6=("${addr[*]}"); v6="${v6// /,}"
 }
 
 # Expand LISTEN_ON and SEND_ON into comma-delimited IP lists in `listen` and `send`
@@ -27,6 +35,11 @@ bindhost=$(hostname)
 
 # We only care about the hostname for connnecting to the submission port
 sub 'submission_host = .*:587$' "submission_host = $bindhost:587" /etc/dovecot/conf.d/15-lda.conf
+sub '^host.*' "host $bindhost" /etc/msmtprc
+
+# Admin emails should go to the bindhost as well
+sub "%env(MAILER_DSN)%" "smtp://$bindhost:25?verify_peer=0"        /opt/admin/config/packages/mailer.yaml
+sub "MAILER_DSN=.*" "MAILER_DSN=smtp://$bindhost:25?verify_peer=0" /opt/admin/.env
 
 if [[ "$LISTEN_ON" == host ]]; then
 	# No IPs given, just use the hostname
@@ -36,9 +49,8 @@ else
 	# We have explicit listening IPs (or wildcards): give them to dovecot and nginx
 	sub '^#\?listen = .*' "listen = ${listen}"        /etc/dovecot/dovecot.conf
 
-	IFS=, read -ra ipaddrs <<<"$listen"
+	IFS=, read -ra ipaddrs <<<"$listen_b"
 	for addr in "${ipaddrs[@]}"; do
-		if [[ "$addr" == *:* ]]; then addr="[${addr}]"; fi  # nginx needs IPv6 addresses to be in '[]'
 		# Add listen lines above the default ones, for the specified address, port and options
 		ins "__HOST__:$HTTP_PORT"  "    listen $addr:$HTTP_PORT;"      /etc/nginx/sites-enabled/administration
 		ins "__HOST__:$HTTPS_PORT" "    listen $addr:$HTTPS_PORT ssl;" /etc/nginx/sites-enabled/administration
@@ -52,8 +64,8 @@ fi
 # === Haraka needs each IP address to be listed explicitly, unless you're using wildcards ===
 
 if [[ $listen != *'*'* ]]; then
-	sub '^listen=.*:25$'         "listen=${listen//,/:25,}:25"                          /opt/haraka-smtp/config/smtp.ini
-	sub '^listen=.*:587,.*:465$' "listen=${listen//,/:587,}:587,${listen//,/:465,}:465" /opt/haraka-submission/config/smtp.ini
+	sub '^listen=.*:25$'         "listen=${listen_b//,/:25,}:25"                            /opt/haraka-smtp/config/smtp.ini
+	sub '^listen=.*:587,.*:465$' "listen=${listen_b//,/:587,}:587,${listen_b//,/:465,}:465" /opt/haraka-submission/config/smtp.ini
 else
 	listen=::0
 fi

files/patches

@@ -14,9 +14,10 @@
 # loopback interface.
 
 set -eu  # fail on any errors or undefined variables
+shopt -s nullglob
 
 # A tiny DSL for editing files with sed: `~ edit files...; {{ commands }}`
-edit() { local sed; ::block sed-dsl; sed -i -e "$sed" "$@"; }
+edit() { local sed; ::block sed-dsl; if (($#)); then sed -i -e "$sed" "$@"; fi; }
 sed-dsl()    { sed."$@"; }
 sed.sub()    { sed+="s~$1~$2~${3-}"$'\n'; }
 sed.del()    { sed+="${1+/$1/}d"$'\n'; }
@@ -29,11 +30,12 @@ __sedline()  { sed+="${*/#/\\$'\n'}"; }
 shopt -q expand_aliases||{ unalias -a;shopt -s expand_aliases;};builtin alias +='{ ::__;::(){ ((!$#))||{ shift;"${__dsl__[@]-::no-dsl}" ' ~='{ ::__;::(){ ((!$#))||{ shift; ' -='"${__dsl__[@]-::no-dsl}" ' '{{=return;return;};__blk__=;set -- "${__blarg__[@]:1}"; ' '}}=};__:: 0 "$@";}';::block(){ ((!$#))||local __dsl__=("$@");${__blk__:+::};};__bsp__=0;::__(){ __bstk__[__bsp__++]="${__blk__:+__blk__=1;$(declare -f ::)}";};__::(){ local __blarg__=("$@");__blk__=1;:: "$@"||set -- $?;__blk__=;local REPLY;${__bstk__[--__bsp__]:+eval "${__bstk__[__bsp__]}"}||:;return $1;}
 
 
-# === UI bug fix for 2.2.19 ===
+# === Upstream bug fixes ===
 
-~ edit /opt/admin/app/Resources/views/base.html.twig; {{
-  # Fix missing hostnames on IP stats
-  - sub "on('load'," "on('load change',"
+# Remove this when 2.3.x is stable
+~ edit opt/admin/src/AppBundle/Resources/views/Box/edit.html[.]twig; {{
+  # Fix typo
+  - sub "refereneId" "referenceId"
 }}
 
 
@@ -55,7 +57,10 @@ shopt -q expand_aliases||{ unalias -a;shopt -s expand_aliases;};builtin alias +=
 }}
 
 
-~ edit /opt/admin/src/AppBundle/CommandInternal/DeliverQuarantineCommand.php; {{
+~ edit \
+    /opt/admin/src/AppBundle/CommandInternal/DeliverQuarantineCommand[.]php \
+    /opt/admin/src/Base/CommandInternal/DeliverQuarantineCommand[.]php ;
+{{
   # Quarantine "deliver" / deliver:quarantine should send to host, not localhost
   - sub "\['msmtp', '-f'.*" "['msmtp', '--host', gethostname(), '-f', \$meta['from']];"
 }}
@@ -112,13 +117,13 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
 
 # The rspamc command needs to reference the web socket explicitly
 
-~ edit /opt/admin/src/AppBundle/Server/System.php; {{
+~ edit /opt/admin/src/AppBundle/Server/System[.]php /opt/admin/src/Base/Server/System[.]php; {{
   - sub "rspamc stat" \
         "rspamc -h $rspam_web stat"
 }}
 ~ edit /etc/dovecot/sieve/report-{spam,ham}.sieve; {{
   - sub '"rspamc" \[' \
-        '"rspamc" ["-h" "'"$rspam_web"'" '
+        '"rspamc" ["--connect='"$rspam_web"'", '
 }}
 
 # Disable dovecot quota service on localhost
@@ -136,6 +141,12 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
         "socket.connect('$quota');"
 }}
 
+# Haraka logs should show the redis socket
+~ edit /usr/lib/node_modules/Haraka/node_modules/haraka-plugin-redis/index.js; {{
+  - sub 'redis://\${opts.host}:\${opts.port}' \
+        'redis://${opts.path}'
+}}
+
 # Haraka web servers need to listen on unix sockets
 
 ~ edit /opt/haraka-smtp/config/http.ini; {{
@@ -156,7 +167,7 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
 
 ~ edit /etc/redis/redis.conf; {{
   - sub "^port 6379" "port 0"  # disable the localhost port
-  - append "" "unixsocket $redis" "unixsocketperm 777"
+  - append "" "unixsocket $redis" "unixsocketperm 777"  # can be removed as of 2.3.7
 }}
 
 ~ edit /etc/rspamd/local.d/{redis,statistic}.conf; {{
@@ -168,7 +179,15 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
   - sub '-h "127.0.0.1"' "-s '$redis'";
 }}
 
-~ edit /opt/admin/src/AppBundle/Resources/config/services.yml; {{
+~ edit /bin/clear[-]idle-connections; {{  # can be removed as of 2.3.7
+  - sub "redis-cli'" "redis-cli', '-s', '$redis'"
+}}
+
+~ edit /bin/poste-redis-statistics; {{
+  - sub "redis-cli" "redis-cli -s '$redis'"
+}}
+
+~ edit /opt/admin/src/AppBundle/Resources/config/services[.]yml /opt/admin/config/services_base[.]yaml; {{
   - sub '^  Predis\\Client: .*$' \
          '  Predis\\Client: { arguments: [ "unix:'"$redis"'" ] }'
 
@@ -179,8 +198,10 @@ haraka_sub_web=$sockdir/haraka/web-11381.sock
 # === Support Roundcube plugins and persistent encryption key
 
 # Load 48-digit hex des_key from DES_KEY
-~ edit /etc/cont-init.d/20-apply-server-config; {{
-  - sub '[$]key = bin2hex' '$key = getenv("DES_KEY") ?: bin2hex'
+~ edit /etc/cont-init.d/{20-apply-server-config,97[-]randoms}; {{
+  + range 'roundcube' 'preg_replace'; {{
+    - sub '[$]key = bin2hex' '$key = getenv("DES_KEY") ?: bin2hex'
+  }}
 }}
 
 # Autoload roundcube plugins from /data/roundcube/installed-plugins