From e1be9a5eeb6161b657fecc3ec7af87ce1084aeda Mon Sep 17 00:00:00 2001
From: David Duque <david@duqued.net>
Date: Thu, 8 Sep 2022 12:26:39 +0100
Subject: [PATCH] Ubuntu 22.04 support (#59)

* Vagrantfile: Add Ubuntu 22.04 image

* Recognize Ubuntu 22.04 as supported

* Bump nextcloud to v24.0.0

* Bump Roundcube to 1.6-beta

Still waiting for the final release to come out

* Fix version checking functions

* NextCloud fixes

* Update Roundcube config

* Bump roundcube to 1.6-rc

* FIx nextcloud installation step

* rcm: Update CardDAV plugin to v4.4.0 (Guzzle v7)

* Fix STORAGE_ROOT permissions

* Update RC CardDAV plugin to v4.4.1

* Unpin b2sdk for Ubuntu 22.04

* Comment fix

* Drop support for Debian 10 from this point forward

* Software Updates
* Nextcloud: 24.0.2
* Nextcloud Calendar: 3.4.2
* Roundcube CardDAV: 4.4.2

* Update Roundcube to v1.6.0

* Update Nextcloud to v24.0.3
* Contacts to v4.2.0

* Upgrade Nextcloud to v24.0.4
* Calendar to v3.5.0

Webmail:
* CardDAV to v4.4.3
---
 Vagrantfile                 |  8 +++++++-
 management/backup.py        | 11 ++--------
 management/status_checks.py |  2 +-
 management/utils.py         |  6 ++----
 setup/bootstrap.sh          | 37 ++++++++++++++++++++++++++++++----
 setup/functions.sh          | 10 +++++++---
 setup/mail-users.sh         |  2 +-
 setup/management.sh         | 11 +++++-----
 setup/nextcloud.sh          | 22 +++++++++++---------
 setup/preflight.sh          | 40 +++++++++++++++++++++++++------------
 setup/start.sh              |  2 ++
 setup/web.sh                |  6 +++---
 setup/webmail.sh            | 35 ++++++++++++++++----------------
 13 files changed, 120 insertions(+), 72 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index bcfdb2f..7f214a5 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -15,7 +15,11 @@ machines = [
   {
     'iso' => "debian/bullseye64",
     'host' => "bullseye"
-  }
+  },
+	{
+    'iso' => "generic/ubuntu2204",
+    'host' => "jammy"
+  },
 ]
 
 Vagrant.configure("2") do |config|
@@ -48,6 +52,8 @@ Vagrant.configure("2") do |config|
         # Make sure we have IPv6 loopback (::1)
         sysctl -w net.ipv6.conf.lo.disable_ipv6=0
         echo -e "fs.inotify.max_user_instances=1024\nnet.ipv6.conf.lo.disable_ipv6=0" > /etc/sysctl.conf
+				git config --global --add safe.directory /vagrant
+
         # Set environment variables so that the setup script does
         # not ask any questions during provisioning. We'll let the
         # machine figure out its own public IP.
diff --git a/management/backup.py b/management/backup.py
index 282ee65..dc516d6 100755
--- a/management/backup.py
+++ b/management/backup.py
@@ -536,15 +536,8 @@ def list_target_files(config):
 		B2Api = None
 		NonExistentBucket = None
 
-		if get_os_code() == "Debian10":
-			# WARNING: This is deprecated code using a legacy library.
-			# We need it because Debian 10 ships with an old version of Duplicity
-			from b2.account_info import InMemoryAccountInfo
-			from b2.api import B2Api
-			from b2.exception import NonExistentBucket
-		else:
-			from b2sdk.v1 import InMemoryAccountInfo, B2Api
-			from b2sdk.v1.exception import NonExistentBucket
+		from b2sdk.v1 import InMemoryAccountInfo, B2Api
+		from b2sdk.v1.exception import NonExistentBucket
 
 		info = InMemoryAccountInfo()
 		b2_api = B2Api(info)
diff --git a/management/status_checks.py b/management/status_checks.py
index bfe7c50..892740a 100755
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -1409,7 +1409,7 @@ def what_version_is_this(env):
 
 
 def get_latest_miab_version():
-	# This pings https://mailinabox.email/setup.sh and extracts the tag named in
+	# This pings https://power-mailinabox.net/setup.sh and extracts the tag named in
 	# the script to determine the current product version.
 	from urllib.request import urlopen, HTTPError, URLError
 	from socket import timeout
diff --git a/management/utils.py b/management/utils.py
index 45156da..0956a09 100644
--- a/management/utils.py
+++ b/management/utils.py
@@ -217,10 +217,6 @@ def get_php_version():
 	# Gets the version of PHP installed in the system.
 	return shell("check_output", ["/usr/bin/php", "-v"])[4:7]
 
-
-os_codes = {None, "Debian10", "Ubuntu2004"}
-
-
 def get_os_code():
 	# Massive mess incoming
 	dist = shell("check_output", ["/usr/bin/lsb_release", "-is"]).strip()
@@ -234,6 +230,8 @@ def get_os_code():
 	elif dist == "Ubuntu":
 		if version == "20.04":
 			return "Ubuntu2004"
+		elif version == "22.04":
+			return "Ubuntu2204"
 
 	return None
 
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index 5d2ca70..7b9c3f0 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -20,6 +20,7 @@ if [ ! -f /usr/bin/lsb_release ]; then
 		echo "* Debian 10 (buster)"
 		echo "* Debian 11 (bullseye)"
 		echo "* Ubuntu 20.04 LTS (Focal Fossa)"
+		echo "* Ubuntu 22.04 LTS (Jammy Jellyfish)"
 		exit 1
 	fi
 
@@ -31,16 +32,44 @@ fi
 if [ -z "$TAG" ]; then
 	# Make sure we're running on the correct operating system
 	OS=$(lsb_release -d | sed 's/.*:\s*//')
-	if  [ "$OS" == "Debian GNU/Linux 10 (buster)" ] ||
-		[ "$OS" == "Debian GNU/Linux 11 (bullseye)" ] ||
-		[ "$(echo $OS | grep -o 'Ubuntu 20.04')" == "Ubuntu 20.04" ]
+	if  [ "$OS" == "Debian GNU/Linux 11 (bullseye)" ] ||
+		[ "$(echo $OS | grep -o 'Ubuntu 20.04')" == "Ubuntu 20.04" ] ||
+		[ "$(echo $OS | grep -o 'Ubuntu 22.04')" == "Ubuntu 22.04" ]
 	then
+		TAG=v56.5
+	elif [ "$OS" == "Debian GNU/Linux 10 (buster)" ]; then
+		echo "We are going to install the last version of Power Mail-in-a-Box supporting Debian 10 (buster)."
+		echo "IF THIS IS A NEW INSTALLATION, STOP NOW, AND USE A SUPPORTED DISTRIBUTION INSTEAD (ONE OF THESE):"
+		echo "* Debian 11 (bullseye)"
+		echo "* Ubuntu 20.04 LTS (Focal Fossa)"
+		echo "* Ubuntu 22.04 LTS (Jammy Jellyfish)"
+		echo
+		echo "IF YOU'RE UPGRADING THE BOX TO THE LATEST VERSION, PLEASE VISIT THIS PAGE FOR NOTES ON HOW TO"
+		echo "UPGRADE YOUR SISTEM TO DEBIAN 11 (bullseye)"
+		echo "https://power-mailinabox.net/buster-eol"
+
+		while true; do
+			read -p "Do you want to proceed? ([Y]es/[N]o) " yn
+
+			case $yn in
+				Yes | Y | yes | y )
+					break
+					;;
+				No | N | no | n )
+					echo "Installation cancelled."
+					exit 1
+					;;
+				* )
+					;;
+			esac
+		done
+
 		TAG=v56.5
 	else
 		echo "This script must be run on a system running one of the following OS-es:"
-		echo "* Debian 10 (buster)"
 		echo "* Debian 11 (bullseye)"
 		echo "* Ubuntu 20.04 LTS (Focal Fossa)"
+		echo "* Ubuntu 22.04 LTS (Jammy Jellyfish)"
 		exit 1
 	fi
 fi
diff --git a/setup/functions.sh b/setup/functions.sh
index b64b227..b054a40 100644
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -222,17 +222,18 @@ function git_clone {
 }
 
 function php_version {
-	php --version | head -n 1 | cut -d " " -f 2 | cut -c 1-3
+	php --version | head -n 1 | cut -d " " -f 2 | cut -d "." -f 1,2
 }
 
 function python_version {
-	python3 --version | cut -d " " -f 2 | cut -c 1-3
+	python3 --version | cut -d " " -f 2 | cut -d "." -f 1,2
 }
 
 export OS_UNSUPPORTED=0
 export OS_DEBIAN_10=1
 export OS_UBUNTU_2004=2
 export OS_DEBIAN_11=3
+export OS_UBUNTU_2204=4
 
 function get_os_code {
 	# A lot of if-statements here - dirty code looking tasting today
@@ -251,8 +252,11 @@ function get_os_code {
 		if [[ $VER == "20.04" ]]; then
 			echo $OS_UBUNTU_2004
 			return 0
+		elif [[ $VER == "22.04" ]]; then
+			echo $OS_UBUNTU_2204
+			return 0
 		fi
 	fi
 
 	echo $OS_UNSUPPORTED
-}
\ No newline at end of file
+}
diff --git a/setup/mail-users.sh b/setup/mail-users.sh
index 5c0582d..9a9b6ae 100755
--- a/setup/mail-users.sh
+++ b/setup/mail-users.sh
@@ -158,7 +158,7 @@ EOF
 
 # SQL statement to check if we're sending to a noreply address.
 cat > /etc/postfix/noreply-addresses.cf << EOF;
-dbpath=/home/user-data/mail/users.sqlite
+dbpath=~$STORAGE_ROOT/mail/users.sqlite
 query = SELECT 'REJECT This address is not ready to receive email.' FROM noreply WHERE email='%s'
 EOF
 
diff --git a/setup/management.sh b/setup/management.sh
index 0f841f2..c1b34e1 100755
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -65,17 +65,16 @@ hide_output $venv/bin/pip install --upgrade \
 # Depending on the OS, Duplicity may require different dependencies.
 case $(get_os_code) in
 
-	$OS_DEBIAN_10)
-		apt_install python-pip python-backports.functools-lru-cache
-		hide_output pip2 install --upgrade "b2<2.0.0" "logfury<1.0.0"
-		hide_output $venv/bin/pip install --upgrade "b2<2.0.0"
-		;;
-
 	$OS_UBUNTU_2004 | $OS_DEBIAN_11)
 		hide_output pip3 install --upgrade "b2sdk==1.7.0"
 		hide_output $venv/bin/pip install --upgrade "b2sdk==1.7.0"
 		;;
 
+	$OS_UBUNTU_2204)
+		hide_output pip3 install --upgrade b2sdk
+		hide_output $venv/bin/pip install --upgrade b2sdk
+		;;
+
 esac
 
 # Make the venv use the packaged gpgme bindings (the ones pip provides are severely out-of-date)
diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh
index eaa1c6a..b2b8537 100755
--- a/setup/nextcloud.sh
+++ b/setup/nextcloud.sh
@@ -21,8 +21,8 @@ echo "Installing Nextcloud (contacts/calendar)..."
 #   we automatically install intermediate versions as needed.
 # * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and
 #   copying it from the error message when it doesn't match what is below.
-nextcloud_ver=23.0.5
-nextcloud_hash=0559d1ec0a8b128442dbceee5441f2ad7d0f17e8
+nextcloud_ver=24.0.4
+nextcloud_hash=8084f314e4d7ec2928f30eabe6c75d8e31bdaeb9
 
 # Nextcloud apps
 # --------------
@@ -33,10 +33,10 @@ nextcloud_hash=0559d1ec0a8b128442dbceee5441f2ad7d0f17e8
 #   https://github.com/nextcloud-releases/user_external/blob/master/appinfo/info.xml
 # * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and
 #   copying it from the error message when it doesn't match what is below.
-contacts_ver=4.1.1
-contacts_hash=7508069a6d2b46d216df5333e3295c19151dcc50
-calendar_ver=3.3.1
-calendar_hash=56188728a80fe8239952ce692a9ea14f7bd0074e
+contacts_ver=4.2.0
+contacts_hash=ffe65f50ed95c4931b9f4fab71e66a6aa709c6d5
+calendar_ver=3.5.0
+calendar_hash=0938ffc4880cfdd74dd2e281eed96aa1f13fd065
 user_external_ver=3.0.0
 user_external_hash=0df781b261f55bbde73d8c92da3f99397000972f
 
@@ -47,8 +47,8 @@ apt-get purge -qq -y owncloud* 2> /dev/null || /bin/true
 
 apt_install php php-fpm \
 	php-cli php-sqlite3 php-gd php-imap php-curl php-pear curl \
-	php-dev php-gd php-xml php-mbstring php-zip php-apcu php-json \
-	php-intl php-imagick php-gmp php-bcmath php-apcu
+	php-dev php-xml php-mbstring php-zip php-apcu php-json \
+	php-intl php-imagick php-gmp php-bcmath
 
 phpenmod apcu
 management/editconf.py /etc/php/$(php_version)/cli/php.ini -c ';' \
@@ -224,6 +224,10 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc
 			InstallNextcloud 22.2.6 9d39741f051a8da42ff7df46ceef2653a1dc70d9 4.1.0 38653b507bd7d953816bbc5e8bea7855867eb1cd 3.2.2 54e9a836adc739be4a2a9301b8d6d2e9d88e02f4 3.0.0 0df781b261f55bbde73d8c92da3f99397000972f
 			CURRENT_NEXTCLOUD_VER="22.2.6"
 		fi
+		if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^22 ]]; then
+			InstallNextcloud 23.0.4 87afec0bf90b3c66289e6fedd851867bc5a58f01 4.1.0 38653b507bd7d953816bbc5e8bea7855867eb1cd 3.2.2 54e9a836adc739be4a2a9301b8d6d2e9d88e02f4 3.0.0 0df781b261f55bbde73d8c92da3f99397000972f
+			CURRENT_NEXTCLOUD_VER="23.0.4"
+		fi
 	fi
 
 	InstallNextcloud $nextcloud_ver $nextcloud_hash $contacts_ver $contacts_hash $calendar_ver $calendar_hash $user_external_ver $user_external_hash
@@ -282,6 +286,7 @@ EOF
   # storage/database
   'directory' => '$STORAGE_ROOT/owncloud',
   'dbtype' => 'sqlite3',
+  'dbname' => 'owncloud',
 
   # create an administrator account with a random password so that
   # the user does not have to enter anything on first load of Nextcloud
@@ -316,7 +321,6 @@ CONFIG_TEMP=$(/bin/mktemp)
 php <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php;
 <?php
 include("$STORAGE_ROOT/owncloud/config.php");
-
 \$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME');
 
 \$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
diff --git a/setup/preflight.sh b/setup/preflight.sh
index 9bf5b4e..e0041b8 100644
--- a/setup/preflight.sh
+++ b/setup/preflight.sh
@@ -9,19 +9,33 @@ if [[ $EUID -ne 0 ]]; then
 	exit 1
 fi
 
-# Check that we are running on Debian GNU/Linux, or Ubuntu 20.04
-if [ $(get_os_code) = $OS_UNSUPPORTED ]; then
-	echo "Mail-in-a-Box only supports being installed on one of these operating systems:"
-	echo "* Debian 10 (buster)"
-	echo "* Debian 11 (bullseye)"
-	echo "* Ubuntu 20.04 LTS (Focal Fossa)"
-	echo
-	echo "You're running:"
-	lsb_release -ds
-	echo
-	echo "We can't write scripts that run on every possible setup, sorry."
-	exit 1
-fi
+# Check that we are running on Debian GNU/Linux, or Ubuntu 20.04/22.04
+case $(get_os_code) in
+	$OS_UNSUPPORTED)
+		echo "This version of Power Mail-in-a-Box only supports being installed on one of these operating systems:"
+		# echo "* Debian 10 (buster)"
+		echo "* Debian 11 (bullseye)"
+		echo "* Ubuntu 20.04 LTS (Focal Fossa)"
+		echo "* Ubuntu 22.04 LTS (Jammy Jellyfish)"
+		echo
+		echo "You're running:"
+		lsb_release -ds
+		echo
+		echo "We can't write scripts that run on every possible setup, sorry."
+		exit 1
+		;;
+
+	$OS_DEBIAN_10)
+		echo "You're trying to install Power Mail-in-a-Box on Debian 10 (buster), which is no longer supported."
+		echo "You can install the latest version of Power Mail-in-a-Box supporting Debian 10 by running the following command:"
+		echo
+		echo "curl -L https://power-mailinabox.net/setup.sh | sudo bash"
+		echo
+		echo "Then upgrade to Debian 11 (bullseye). A short guide on how to do so is available here:"
+		echo "https://power-mailinabox.net/buster-eol"
+		exit 1
+		;;
+esac
 
 # Check that we have enough memory.
 #
diff --git a/setup/start.sh b/setup/start.sh
index 13446c0..38ab472 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -87,6 +87,8 @@ if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
 	chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version
 fi
 
+chmod 751 $STORAGE_ROOT
+
 # Save the global options in /etc/mailinabox.conf so that standalone
 # tools know where to look for data. The default MTA_STS_MODE setting
 # is blank unless set by an environment variable, but see web.sh for
diff --git a/setup/web.sh b/setup/web.sh
index be708fd..c3b0934 100755
--- a/setup/web.sh
+++ b/setup/web.sh
@@ -95,7 +95,7 @@ else
                 pm.max_spare_servers=18
 fi
 
-# Duplicate the socket to isolate MiaB apps from user apps that happen to run php 
+# Duplicate the socket to isolate MiaB apps from user apps that happen to run php
 cp /etc/php/$(php_version)/fpm/pool.d/www.conf /etc/php/$(php_version)/fpm/pool.d/miab.conf
 
 management/editconf.py /etc/php/$(php_version)/fpm/pool.d/miab.conf -c ';' \
@@ -132,7 +132,7 @@ chmod a+r /var/lib/mailinabox/mozilla-autoconfig.xml
 
 # Create a generic mta-sts.txt file which is exposed via the
 # nginx configuration at /.well-known/mta-sts.txt
-# more documentation is available on: 
+# more documentation is available on:
 # https://www.uriports.com/blog/mta-sts-explained/
 # default mode is "enforce". In /etc/mailinabox.conf change
 # "MTA_STS_MODE=testing" which means "Messages will be delivered
@@ -162,4 +162,4 @@ ufw_allow http
 ufw_allow https
 
 # Allow the webserver to access directories group-owned by user-data
-usermod -a -G user-data www-data
\ No newline at end of file
+usermod -a -G user-data www-data
diff --git a/setup/webmail.sh b/setup/webmail.sh
index 0fb2162..ef8f28e 100755
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -35,12 +35,12 @@ apt_install \
 #   https://github.com/mstilkerich/rcmcarddav/releases
 # The easiest way to get the package hashes is to run this script and get the hash from
 # the error message.
-VERSION=1.5.2
-HASH=208ce4ca0be423cc0f7070ff59bd03588b4439bf
+VERSION=1.6.0
+HASH=fd84b4fac74419bb73e7a3bcae1978d5589c52de
 PERSISTENT_LOGIN_VERSION=version-5.3.0
 HTML5_NOTIFIER_VERSION=68d9ca194212e15b3c7225eb6085dbcf02fd13d7 # version 0.6.4+
-CARDDAV_VERSION=4.3.0
-CARDDAV_HASH=4ad7df8843951062878b1375f77c614f68bc5c61
+CARDDAV_VERSION=4.4.3
+CARDDAV_HASH=74f8ba7aee33e78beb9de07f7f44b81f6071b644
 
 UPDATE_KEY=$VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:$CARDDAV_VERSION
 
@@ -115,23 +115,22 @@ cat > $RCM_CONFIG <<EOF;
 \$config['log_dir'] = '/var/log/roundcubemail/';
 \$config['temp_dir'] = '/var/tmp/roundcubemail/';
 \$config['db_dsnw'] = 'sqlite:///$STORAGE_ROOT/mail/roundcube/roundcube.sqlite?mode=0640';
-\$config['default_host'] = 'ssl://localhost';
-\$config['default_port'] = 993;
+\$config['imap_host'] = 'ssl://localhost:993';
 \$config['imap_conn_options'] = array(
-  'ssl'         => array(
-     'verify_peer'  => false,
-     'verify_peer_name'  => false,
-   ),
- );
+	'ssl'=> array(
+		'verify_peer'  => false,
+		'verify_peer_name'  => false,
+	),
+);
 \$config['imap_timeout'] = 15;
-\$config['smtp_server'] = 'tls://127.0.0.1';
+\$config['smtp_host'] = 'tls://127.0.0.1:587';
 \$config['smtp_conn_options'] = array(
-  'ssl'         => array(
-     'verify_peer'  => false,
-     'verify_peer_name'  => false,
-   ),
- );
-\$config['support_url'] = 'https://mailinabox.email/';
+	'ssl'=> array(
+		'verify_peer'  => false,
+		'verify_peer_name'  => false,
+	),
+);
+\$config['support_url'] = 'https://power-mailinabox.net/';
 \$config['product_name'] = '$PRIMARY_HOSTNAME Webmail';
 \$config['plugins'] = array('html5_notifier', 'archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'persistent_login', 'carddav', 'enigma');
 \$config['cipher_method'] = 'AES-256-CBC'; # persistent login cookie and potentially other things