install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_roundcube.sh: Change way to determin 'MYSQL_CREDENTIALS'.

Browse Source
This commit is contained in:
Christoph 2024-08-10 21:35:13 +02:00
parent 46ea239260
commit 8a9ea4141b
1 changed files with 185 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

262
install_roundcube.sh
View File

@ -108,6 +108,62 @@ is_number() {
#return $([[ ! -z "${1##*[!0-9]*}" ]])
}
detect_mysql_version () {
_MYSQLD_VERSION="$(mysqld -V 2>/dev/null)"
if [[ -z "$_MYSQLD_VERSION" ]]; then
fatal "No installed MySQL server or distribution found!"
elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ percona- ]]; then
MYSQL_CUR_DISTRIBUTION="Percona"
elif [[ "$_MYSQLD_VERSION" =~ MariaDB ]]; then
MYSQL_CUR_DISTRIBUTION="MariaDB"
elif [[ "$_MYSQLD_VERSION" =~ MySQL ]]; then
MYSQL_CUR_DISTRIBUTION="MySQL"
elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mysql- ]]; then
MYSQL_CUR_DISTRIBUTION="MySQL"
elif [[ -d "/usr/local/mysql" ]] && [[ "$(basename "$(realpath "/usr/local/mysql")")" =~ mariadb- ]]; then
MYSQL_CUR_DISTRIBUTION="MariaDB"
else
error "MySQL Instalation found, but cannot determin the distribution!"
MYSQL_CUR_DISTRIBUTION=
echo ""
echo " Select the installed MySQL distribution."
echo ""
echo " [1] MySQL (the original community edition)"
echo " [2] Percona Server for MySQL"
echo " [3] MariaDB"
echo ""
echononl " Eingabe [1/2/3]: "
while [ "$MYSQL_CUR_DISTRIBUTION" != "MySQL" -a "$MYSQL_CUR_DISTRIBUTION" != "MariaDB" -a "$MYSQL_CUR_DISTRIBUTION" != "Percona" ];do
read OPTION
case $OPTION in
1) MYSQL_CUR_DISTRIBUTION="MySQL"
;;
2) MYSQL_CUR_DISTRIBUTION="Percona"
;;
3) MYSQL_CUR_DISTRIBUTION="MariaDB"
;;
*) echo ""
echo -e "\tFalsche Eingabe ! [ 1 = MySQL ; 2 = Percona ; 3 = MariaDB ]"
echo ""
echononl " Eingabe:"
;;
esac
done
fi
MYSQL_VERSION="$(echo $_MYSQLD_VERSION | grep -o -E "[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?" | head -n 1)"
MYSQL_MAJOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1)"
MYSQL_MINOR_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f2)"
MYSQL_PATCH_LEVEL="$(echo $MYSQL_VERSION | cut -d '.' -f3)"
MYSQL_MAIN_VERSION="$(echo $MYSQL_VERSION | cut -d '.' -f1,2)"
}
trim() {
local var="$*"
var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters
@ -157,7 +213,7 @@ fi
while IFS='' read -r -d '' _conf_file ; do
WEBSITE_NAME="$(grep -E "^WEBSITE_NAME" "${_conf_file}" 2>/dev/null | cut -d"=" -f2)"
#Remove leading / trailling double quotes
@ -208,7 +264,7 @@ read _IN
conf_file=${_arr[1]}
_OK=true
else
echo ""
echo ""
echo -e "\tFalsche Eingabe !"
echo ""
echononl " Eingabe: "
@ -296,14 +352,6 @@ DEFAULT_APACHE_VHOST_DIR="/usr/local/apache2/conf/vhosts"
DEFAULT_DB_HOST="localhost"
DEFAULT_DB_NAME="roundcubemail"
DEFAULT_DB_USER="roundcube"
if [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
DEFAULT_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
else
DEFAULT_MYSQL_CREDENTIALS=""
fi
DEFAULT_DEBIAN_MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
[[ -n "$ROUNDCUBE_VERSION" ]] || fatal "Roundcube Version (ROUNDCUBE_VERSION) not present!"
[[ -n "$WEBSITE_NAME" ]] || fatal "Website's name (WEBSITE_NAME) not present!"
@ -322,8 +370,8 @@ HOSTNAME_SHORT=${_tmp_string%%.*}
if [[ -z "$IPV4" ]] && [[ -z "$IPV6" ]] ; then
fatal "Neither an IPv4 nor an IPv6 address are given.!"
else
[[ -n "$IPV4" ]] || warn "IPv4 Address not present!"
[[ -n "$IPV6" ]] || warn "IPv6 Address not present!"
[[ -n "$IPV4" ]] || warn "IPv4 Address not present!"
[[ -n "$IPV6" ]] || warn "IPv6 Address not present!"
fi
[[ -n "$APACHE_DEBIAN_INSTALLATION" ]] || APACHE_DEBIAN_INSTALLATION=false
@ -355,12 +403,12 @@ if [ -x "$httpd_binary" ];then
IS_HTTPD_RUNNING=true
fi
fi
[[ -n "$HTTP_USER" ]] || HTTP_USER=$DEFAULT_HTTP_USER
[[ -n "$HTTP_GROUP" ]] || HTTP_GROUP=$DEFAULT_HTTP_GROUP
[[ -n "$WEBMASTER_EMAIL" ]] || fatal "E-Mail (WEBMASTER_EMAIL) for webmaster not present!"
[[ -n "$WEBSITE_BASEDIR" ]] || WEBSITE_BASEDIR=$DEFAULT_WEBSITE_BASEDIR
[[ -n "$WEBSITE_BASEDIR" ]] || WEBSITE_BASEDIR=$DEFAULT_WEBSITE_BASEDIR
if [[ -z "$APACHE_CERT_DIR" ]] ; then
if $APACHE_DEBIAN_INSTALLATION ; then
@ -401,16 +449,76 @@ fi
[[ -n "$MYSQL_DEBIAN_INSTALLATION" ]] || MYSQL_DEBIAN_INSTALLATION=false
if [[ "$DB_TYPE" = "mysql" ]]; then
if $MYSQL_DEBIAN_INSTALLATION ; then
[[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
else
[[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
if [ "$DB_TYPE" = "postgres" -o "$DB_TYPE" = "postgresql" -o "$DB_TYPE" = "pgsql" -o "$DB_TYPE" = "psql" ];then
DB_TYPE="pgsql"
fi
if [[ "$DB_TYPE" = "mysql" ]] ; then
if [[ -z ${MYSQL_CREDENTIALS} ]] ; then
detect_mysql_version
if [[ "$MYSQL_CUR_DISTRIBUTION" = "MariaDB" ]] && ([[ $MYSQL_MAJOR_VERSION -gt 10 ]] \
|| ( [[ $MYSQL_MAJOR_VERSION -eq 10 ]] && [[ $MYSQL_MINOR_VERSION -gt 3 ]] )) ; then
if [[ -S "/tmp/mysql.sock" ]]; then
MYSQL_CREDENTIALS="-u root -S /tmp/mysql.sock"
elif [[ -S "/run/mysqld/mysqld.sock" ]]; then
MYSQL_CREDENTIALS="-u root -S /run/mysqld/mysqld.sock"
elif [[ -S "/var/run/mysqld/mysqld.sock" ]]; then
MYSQL_CREDENTIALS="-u root -S /var/run/mysqld/mysqld.sock"
else
fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
Use configuration file "$conf_file" to set
parameter manually."
fi
else
echononl "\tGet MySQL command.."
mysql_command="$(which mysql)"
if [[ $? -eq 0 ]]; then
echo_ok
else
if [[ -x "/usr/local/mysql/bin/mysql" ]]; then
mysql_command="/usr/local/mysql/bin/mysql"
echo_ok
else
echo_failed
fatal "$(cat $tmp_log_file)"
fi
fi
if $(${mysql_command} --login-path=local -e ";" > /dev/null 2>&1) ; then
MYSQL_CREDENTIALS="--login-path=local"
elif [[ -f "/usr/local/mysql/sys-maint.cnf" ]] ; then
MYSQL_CREDENTIALS="--defaults-file=/usr/local/mysql/sys-maint.cnf"
elif [[ -f "/etc/mysql/debian.cnf" ]] ; then
MYSQL_CREDENTIALS="--defaults-file=/etc/mysql/debian.cnf"
else
fatal "Parameter 'MYSQL_CREDENTIALS' cannot be determined automated.
Use configuration file "$conf_file" to set
parameter manually."
fi
fi
#if $MYSQL_DEBIAN_INSTALLATION ; then
# [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_DEBIAN_MYSQL_CREDENTIALS"
#else
# [[ -n "$MYSQL_CREDENTIALS" ]] || MYSQL_CREDENTIALS="$DEFAULT_MYSQL_CREDENTIALS"
#fi
fi
else
[[ "$DB_TYPE" = "pgsql" ]] || fatal "Unknown Database Type '$DB_TYPE' (DB_TYPE)"
fi
[[ -n "$SPAM_FOLDER_NAME" ]] || SPAM_FOLDER_NAME=$DEFAULT_SPAM_FOLDER_NAME
[[ -n "$SUPPORT_URL" ]] || SUPPORT_URL="http://www.${MAIN_DOMAIN}.$TLD"
@ -604,7 +712,7 @@ _log_dir=${_src_base_dir}/log-roundcube-$_version
# - REQUIREMENTS
# - ============
# -
# -
# - * An IMAP, HTTP and SMTP server
# - * .htaccess support allowing overrides for DirectoryIndex
# - * PHP Version 5.4 or greater including:
@ -701,7 +809,7 @@ if $PHP_DEBIAN_INSTALLATION ; then
echo_skipped
fi
done
else
for _version in $php_major_versions ; do
@ -1001,7 +1109,7 @@ if $SKIN_LOGO_PRESENT ; then
cp -a "$(realpath "${tmp_dir}/${SKIN_LOGO_DIR}/${SKIN_LOGO_FILE}")" \
"${WEBSITE_BASEDIR}/htdocs/${SKIN_LOGO_DIR}/${SKIN_LOGO_FILE}" >> $log_file 2>&1
fi
fi
if [[ $? -ne 0 ]]; then
echo_failed
@ -1168,13 +1276,13 @@ if [[ "$PHP_TYPE" = "fcgid" ]] ; then
#!/bin/sh
export PHPRC="${WEBSITE_BASEDIR}/conf/"
export TMPDIR="${WEBSITE_BASEDIR}/tmp"
# PHP child process management (PHP_FCGI_CHILDREN) should
# always be disabled with mod_fcgid, which will only route one
# request at a time to application processes it has spawned;
# thus, any child processes created by PHP will not be used
# effectively. (Additionally, the PHP child processes may not
# be terminated properly.) By default, and with the environment
# variable setting PHP_FCGI_CHILDREN=0, PHP child process
# PHP child process management (PHP_FCGI_CHILDREN) should
# always be disabled with mod_fcgid, which will only route one
# request at a time to application processes it has spawned;
# thus, any child processes created by PHP will not be used
# effectively. (Additionally, the PHP child processes may not
# be terminated properly.) By default, and with the environment
# variable setting PHP_FCGI_CHILDREN=0, PHP child process
# management is disabled.
PHP_FCGI_CHILDREN=0
export PHP_FCGI_CHILDREN
@ -1252,7 +1360,7 @@ EOF
fi
echononl "\tCreate file '${WEBSITE_BASEDIR}/logs/php_errors.log'.."
if [[ ! -f "${WEBSITE_BASEDIR}/logs/php_errors.log" ]]; then
touch ${WEBSITE_BASEDIR}/logs/php_errors.log > $log_file 2>&1
if [[ $? -ne 0 ]]; then
@ -1339,7 +1447,7 @@ EOF
_failed=true
error "$(cat $log_file)"
fi
if ! $_failed ; then
echo_ok
fi
@ -1350,11 +1458,11 @@ fi
echo -e "\n\n\t\033[37m\033[1mConfigure Apache Webservice\033[m\n"
SSLCertificateChainFile=""
SSLCertificateChainFile=""
# - Create SSCertificateChainFile rule for apache vhost entry
# -
echononl "\tCreate SSCertificateChainFile rule for apache vhost entry"
if [ -n "$CERT_ChainFile" ];then
if [ -n "$CERT_ChainFile" ];then
SSLCertificateChainFile="SSLCertificateChainFile ${APACHE_CERT_DIR}/$CERT_ChainFile"
echo_ok
else
@ -1502,17 +1610,17 @@ EOF
# - X-Frame-Options
# -
# - The X-Frame-Options header (RFC), or XFO header, protects your visitors
# - against clickjacking attacks. An attacker can load up an iframe on their
# - site and set your site as the source, it's quite easy:
# - The X-Frame-Options header (RFC), or XFO header, protects your visitors
# - against clickjacking attacks. An attacker can load up an iframe on their
# - site and set your site as the source, it's quite easy:
# -
# - <iframe src="https://scotthelme.co.uk"></iframe>
# -
# - Using some crafty CSS they can hide your site in the background and create some
# - genuine looking overlays. When your visitors click on what they think is a harmless
# - link, they're actually clicking on links on your website in the background. That
# - might not seem so bad until we realise that the browser will execute those requests
# - in the context of the user, which could include them being logged in and authenticated
# - Using some crafty CSS they can hide your site in the background and create some
# - genuine looking overlays. When your visitors click on what they think is a harmless
# - link, they're actually clicking on links on your website in the background. That
# - might not seem so bad until we realise that the browser will execute those requests
# - in the context of the user, which could include them being logged in and authenticated
# - to your site!
# -
# - Troy Hunt has a great blog on 'Clickjack attack the hidden threat right in front :
@ -1520,49 +1628,49 @@ EOF
# -
# - http://www.troyhunt.com/2013/05/clickjack-attack-hidden-threat-right-in.html
# -
# - Valid values include DENY meaning your site can't be framed, SAMEORIGIN which allows
# - you to frame your own site or ALLOW-FROM https://example.com/ which lets you specify
# - Valid values include DENY meaning your site can't be framed, SAMEORIGIN which allows
# - you to frame your own site or ALLOW-FROM https://example.com/ which lets you specify
# -sites that are permitted to frame your own site.
# -
Header always set X-Frame-Options "SAMEORIGIN"
# - X-Xss-Protection
# -
# - This header is used to configure the built in reflective XSS protection found
# - in Internet Explorer, Chrome and Safari (Webkit). Valid settings for the header
# - are 0, which disables the protection, 1 which enables the protection
# - and 1; mode=block which tells the browser to block the response if it
# - This header is used to configure the built in reflective XSS protection found
# - in Internet Explorer, Chrome and Safari (Webkit). Valid settings for the header
# - are 0, which disables the protection, 1 which enables the protection
# - and 1; mode=block which tells the browser to block the response if it
# - detects an attack rather than sanitising the script.
# -
Header always set X-Xss-Protection "1; mode=block"
# - X-Content-Type-Options
# -
# - Nice and easy to configure, this header only has one valid value, nosniff.
# - It prevents Google Chrome and Internet Explorer from trying to mime-sniff
# - the content-type of a response away from the one being declared by the server.
# - It reduces exposure to drive-by downloads and the risks of user uploaded content
# - that, with clever naming, could be treated as a different content-type, like
# - Nice and easy to configure, this header only has one valid value, nosniff.
# - It prevents Google Chrome and Internet Explorer from trying to mime-sniff
# - the content-type of a response away from the one being declared by the server.
# - It reduces exposure to drive-by downloads and the risks of user uploaded content
# - that, with clever naming, could be treated as a different content-type, like
# - an executable.
# -
Header always set X-Content-Type-Options "nosniff"
# - Content Security Policy
# -
# - The CSP header allows you to define a whitelist of approved sources of content
# - for your site. By restricting the assets that a browser can load for your site,
# - like js and css, CSP can act as an effective countermeasure to XSS attacks. I
# - have covered CSP in a lot more detail in my blog Content Security Policy - An
# - Introduction (https://scotthelme.co.uk/content-security-policy-an-introduction/).
# - The CSP header allows you to define a whitelist of approved sources of content
# - for your site. By restricting the assets that a browser can load for your site,
# - like js and css, CSP can act as an effective countermeasure to XSS attacks. I
# - have covered CSP in a lot more detail in my blog Content Security Policy - An
# - Introduction (https://scotthelme.co.uk/content-security-policy-an-introduction/).
# -
# - Here is a basic policy to enforce TLS on all assets and prevent
# - Here is a basic policy to enforce TLS on all assets and prevent
# - mixed content warnings.
# -
# - Allow Google Analytics, Google AJAX CDN and Same Origin
# - script-src 'self' www.google-analytics.com ajax.googleapis.com;
# -
# - Emmbedding Google Fonts
# - style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
# - style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
# -
# - Allow YouTube Videos (iframe embedded)
# - frame-src 'self' https://www.youtube.com
@ -1572,9 +1680,9 @@ EOF
# - Referrer-Policy
# -
# - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header
# - field that identifies the address of the webpage (i.e. the URI or IRI) that
# - linked to the resource being requested. By checking the referrer, the new
# - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header
# - field that identifies the address of the webpage (i.e. the URI or IRI) that
# - linked to the resource being requested. By checking the referrer, the new
# - webpage can see where the request originated.
# -
Header set Referrer-Policy "strict-origin-when-cross-origin"
@ -1781,7 +1889,7 @@ if ! $database_exists ; then
else
echo_failed
fi
elif [[ "$DB_TYPE" = "pgsql" ]]; then
elif [[ "$DB_TYPE" = "pgsql" ]]; then
echo -n " (PostgreSQL).."
echo "CREATE ROLE $DB_USER WITH LOGIN NOCREATEDB NOCREATEROLE NOSUPERUSER ENCRYPTED PASSWORD '$DB_PASS'" \
| su - postgres -c "psql" > /dev/null
@ -1832,7 +1940,7 @@ info "Now browse to the intaller site and continue installation.\n$(cat <<EOF
Browse to site: \033[1mhttps://${WEBSITE_NAME}/installer\033[m
Maybe you want to change some values as follows
Maybe you want to change some values as follows
General configuration:
product_name...........: $PRODUCT_NAME
@ -1858,7 +1966,7 @@ info "Now browse to the intaller site and continue installation.\n$(cat <<EOF
SMTP Settings:
smtp_host..............: tls://$(hostname -f):587
smtp_user/smtp_pass....:
smtp_user/smtp_pass....:
[x] Use the current IMAP username and password for SMTP authentication
Display settings & user prefs:
@ -1928,7 +2036,7 @@ echononl "\tSet.. 'des_key', 'login_autocomplete', and more.."
cat <<EOF >>$WEBSITE_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.inc.php 2> $log_file
// ==================================
// Added after basic installation
// Added after basic installation
// ==================================
\$config['skin_logo'] = '${SKIN_LOGO}';
@ -2092,7 +2200,7 @@ cat <<EOF >>$WEBSITE_BASEDIR/roundcubemail-${ROUNDCUBE_VERSION}/config/config.in
// - 'pspell' - requires the PHP Pspell module and aspell installed
// - 'enchant' - requires the PHP Enchant module
// - 'atd' - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API
// Since Google shut down their public spell checking service, you need to
// Since Google shut down their public spell checking service, you need to
// connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri'
\$config['spellcheck_engine'] = 'pspell';
@ -2170,7 +2278,7 @@ if $INCLUDE_ACL_PLUGIN ; then
fi
echo -e "\tNothing more to do here. Plugin '$_plugin' will be added to array plugins later.."
fi
@ -2217,7 +2325,7 @@ else
fi
echo -e "\tNothing more to do here. Plugin '$_plugin' will be added to array plugins later.."
# - jqueryui
# -
@ -2808,12 +2916,12 @@ if $VACATION_PLUGIN ; then
echo "$_line" >> $_config_file
echo "*/" >> $_config_file
echo "\$config['${_key}'] = array(" >> $_config_file
if [[ "$POSTFIX_DB_TYPE" = "pgsql" ]]; then
cat <<EOF >> $_config_file 2>> $log_file
"SELECT
subject AS vacation_subject,
body AS vacation_message,
subject AS vacation_subject,
body AS vacation_message,
date(activefrom) AS vacation_start,
date(activeuntil) AS vacation_end,
CASE WHEN vacation.active = TRUE THEN true ELSE false END AS vacation_enable,
@ -2886,7 +2994,7 @@ EOF
echo "$_line" >> $_config_file
echo "*/" >> $_config_file
echo "\$config['${_key}'] = array(" >> $_config_file
if [[ "$POSTFIX_DB_TYPE" = "pgsql" ]]; then
if $VAC_GUI_FORWARDER ; then
@ -3148,7 +3256,7 @@ EOF
else
echo_ok
fi
fi
fi
# - Create postfix trigger function udf_set_active
@ -3247,7 +3355,7 @@ EOF
else
echo_ok
fi
fi
fi
# - Create postfix trigger function udf_forwarders_in
@ -3346,7 +3454,7 @@ EOF
else
echo_ok
fi
fi
fi
else
echononl "\tCreate function 'FORWARDERS_OUT'"
@ -3430,5 +3538,5 @@ else
fi
echo ""
clean_up 0
clean_up 0