From a5bf692882f0d0bf50c5b8f6b19c2ded81a9c820 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 14 Jun 2016 10:14:58 -0400 Subject: [PATCH 001/416] Initial commit Signed-off-by: Kyle Fazzari --- .gitignore | 7 + CHANGELOG | 5 + CONTRIBUTING.md | 30 + LICENSE | 674 +++++++++ README.md | 54 + parts/plugins/x-apache.py | 309 ++++ setup/gui/icon.svg | 2 + snapcraft.yaml | 193 +++ src/delay-on-failure/delay-on-failure | 8 + src/mysql/my.cnf | 5 + src/mysql/mysql.server | 393 ++++++ src/mysql/start_mysql | 95 ++ src/nextcloud/apache_config | 31 + src/nextcloud/autoconfig.php | 20 + src/nextcloud/config.php | 53 + src/nextcloud/occ | 5 + src/nextcloud/setup_nextcloud | 68 + src/php/php.ini | 1873 +++++++++++++++++++++++++ 18 files changed, 3825 insertions(+) create mode 100644 .gitignore create mode 100644 CHANGELOG create mode 100644 CONTRIBUTING.md create mode 100644 LICENSE create mode 100644 README.md create mode 100644 parts/plugins/x-apache.py create mode 100644 setup/gui/icon.svg create mode 100644 snapcraft.yaml create mode 100755 src/delay-on-failure/delay-on-failure create mode 100644 src/mysql/my.cnf create mode 100755 src/mysql/mysql.server create mode 100755 src/mysql/start_mysql create mode 100644 src/nextcloud/apache_config create mode 100644 src/nextcloud/autoconfig.php create mode 100644 src/nextcloud/config.php create mode 100755 src/nextcloud/occ create mode 100755 src/nextcloud/setup_nextcloud create mode 100644 src/php/php.ini diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bba1c3e --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +*.snap +*.swp +parts/* +!parts/plugins/ +__pycache__/ +prime/ +stage/ diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 0000000..9a2a5ba --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,5 @@ +v 9.0.50snap1 + - Target series 16. + - Use the common directory for Nextcloud data. + - Use two app folders: the read-only in-snap apps, and user-installed ones in + $SNAP_DATA. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..c3f1173 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,30 @@ +# Snappy Nextcloud Contribution Guide + +Welcome! We're a pretty friendly community and we're thrilled that you want to +help make this snap even better. However, we do ask that you follow some general +guidelines while doing so, just so we can keep things organized around here. + +1. Make sure an [issue][1] is created for the bug you're about to fix, or + feature you're about to add. Keep them as small as possible. + +2. We use a forking, feature-based workflow. + + Make a fork of this repository, and create a branch based on `develop` named + specifically for the feature on which you'd like to work. Make your changes + there. Commit often. + +3. Squash commits into one, well-formatted commit. Mention the issue being + resolved in the commit message on a line all by itself like `Fixes #` + (refer to [closing issues via commit messages][2] for more keywords you can + use). + + If you really feel like there should be more than one commit in your branch, + then you're probably trying to introduce more than one feature and you should + make another branch (and issue) for it. + +4. Submit a pull request to get changes from your branch into `develop` (no + merge requests should be made into `master`). Mention which bug is being + resolved in the description. + +[1]: https://github.com/kyrofa/nextcloud-snap/issues/new +[2]: https://help.github.com/articles/closing-issues-via-commit-messages/ diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9cecc1d --- /dev/null +++ b/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + {one line to give the program's name and a brief idea of what it does.} + Copyright (C) {year} {name of author} + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + {project} Copyright (C) {year} {fullname} + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/README.md b/README.md new file mode 100644 index 0000000..d491915 --- /dev/null +++ b/README.md @@ -0,0 +1,54 @@ +# Snappy Nextcloud + +Nextcloud server packaged as a snap. It consists of: + +- Nextcloud 9.0.50 +- Apache 2.4 +- PHP 7 +- mysql 5.7 +- mDNS for network discovery + + +## How to install + +This Nextcloud snap is available in the store for release series 16 (e.g. Ubuntu +16.04). Install via: + + $ sudo snap install nextcloud + + +## How to use + +After install, assuming you and the device on which it was installed are on the +same network, you should be able to reach the Nextcloud installation by visiting +`.local` in your browser. If your hostname is `localhost` or +`localhost.localdomain`, like on an Ubuntu Core device, `nextcloud.local` will +be used instead. + +Upon visiting the Nextcloud installation for the first time, you'll be prompted +for an admin username and password. After you provide that information you'll be +logged in and able to create users, install apps, and upload files. + + +### Included CLI utilities + +There are a few CLI utilities included: + +- `nextcloud.occ`: + - Nextcloud's `occ` configuration tool. Note that it requires `sudo`. +- `nextcloud.mysql-client`: + - MySQL client preconfigured to communicate with Nextcloud MySQL server. + This may be useful in case you need to migrate Nextcloud installations. + Note that it requires `sudo`. + + +## Where is my stuff? + +- `$SNAP_DATA`: + - Apache and MySQL logs + - MySQL database + - Nextcloud config + - Any Nextcloud apps installed by the user +- `$SNAP_DATA/../common` (unversioned directory): + - Nextcloud data + - Nextcloud logs diff --git a/parts/plugins/x-apache.py b/parts/plugins/x-apache.py new file mode 100644 index 0000000..6c948d9 --- /dev/null +++ b/parts/plugins/x-apache.py @@ -0,0 +1,309 @@ +import os +import logging +import shutil +import re +import subprocess + +import snapcraft + +logger = logging.getLogger(__name__) + + +def _search_and_replace(directory, search_pattern, replacement): + for root, directories, files in os.walk(directory): + for file_name in files: + _search_and_replace_contents(os.path.join(root, file_name), + search_pattern, replacement) + +def _search_and_replace_contents(file_path, search_pattern, replacement): + try: + with open(file_path, 'r+') as f: + try: + original = f.read() + except UnicodeDecodeError: + # This was probably a binary file. Skip it. + return + + replaced = search_pattern.sub(replacement, original) + if replaced != original: + f.seek(0) + f.truncate() + f.write(replaced) + except PermissionError: + logger.warning('Unable to open {!r} for writing-- skipping...'.format( + file_path)) + +def _populate_options(options, properties, schema): + schema_properties = schema.get('properties', {}) + for key in schema_properties: + attr_name = key.replace('-', '_') + default_value = schema_properties[key].get('default') + attr_value = properties.get(key, default_value) + setattr(options, attr_name, attr_value) + +class ApachePlugin(snapcraft.BasePlugin): + + @classmethod + def schema(cls): + schema = super().schema() + schema['properties']['modules'] = { + 'type': 'array', + 'minitems': 1, + 'uniqueItems': True, + 'items': { + 'type': 'string' + }, + } + schema['properties']['third-party-modules'] = { + 'type': 'array', + 'minitems': 1, + 'uniqueItems': True, + 'default': [], + 'items': { + 'type': 'object', + 'properties': { + 'source': { + 'type': 'string' + }, + 'source-type': { + 'type': 'string' + }, + 'source-branch': { + 'type': 'string' + }, + 'source-subdir': { + 'type': 'string' + }, + 'configflags': { + 'type': 'array', + 'minitems': 1, + 'uniqueItems': True, + 'items': { + 'type': 'string', + }, + 'default': [], + } + } + } + } + schema['properties']['startup-script'] = { + 'type': 'string', + 'default': '', + } + schema['properties']['extra-configuration'] = { + 'type': 'string', + 'default': '', + } + + schema['required'].append('modules') + + return schema + + def __init__(self, name, options, project): + super().__init__(name, options, project) + + self.build_packages.extend( + ['pkg-config', 'libapr1-dev', 'libaprutil1-dev', 'libpcre3-dev', + 'libssl-dev']) + + self.apache_directory = os.path.join(self.partdir, 'apache') + self.third_party_modules_directory = os.path.join( + self.partdir, 'third-party-modules') + self.startup_file_path = os.path.join('bin', 'startup_script') + self.extra_configuration_file_path = os.path.join( + 'conf', 'extra_configuration') + + class Options(): + pass + + self.third_party_modules = [] + + schema = self.schema()['properties']['third-party-modules']['items'] + + for index, module in enumerate(self.options.third_party_modules): + options = Options() + _populate_options(options, module, schema) + options.module_directory = os.path.join( + self.third_party_modules_directory, 'module-{}'.format(index)) + self.third_party_modules.append(options) + + def pull(self): + super().pull() + + if self.options.startup_script and not os.path.isfile(self.options.startup_script): + raise RuntimeError( + 'startup-script file "{}" doesn\'t exist'.format( + self.options.startup_script)) + + if self.options.extra_configuration and not os.path.isfile(self.options.extra_configuration): + raise RuntimeError( + 'extra-configuration file "{}" doesn\'t exist'.format( + self.options.extra_configuration)) + + apache_source_directory = os.path.join(self.apache_directory, 'src') + apache_sources = snapcraft.sources.Tar('http://ftp.wayne.edu/apache/httpd/httpd-2.4.20.tar.gz', apache_source_directory) + + os.makedirs(apache_source_directory) + + logger.info('Downloading Apache sources...') + apache_sources.pull() + + self._pull_third_party_modules() + + def _pull_third_party_modules(self): + logger.info('Pulling third-party modules...') + for module in self.third_party_modules: + module_source_directory = os.path.join( + module.module_directory, 'src') + os.makedirs(module_source_directory) + snapcraft.sources.get(module_source_directory, None, module) + + def clean_pull(self): + super().clean_pull() + + if os.path.exists(self.apache_directory): + shutil.rmtree(self.apache_directory) + + if os.path.exists(self.third_party_modules_directory): + shutil.rmtree(self.third_party_modules_directory) + + def run(self, cmd, cwd=None, **kwargs): + env = os.environ.copy() + env['CFLAGS']='-O2' + + super().run(cmd, cwd=cwd, env=env, **kwargs) + + def build(self): + super().build() + + apache_source_directory = os.path.join(self.apache_directory, 'src') + apache_build_directory = os.path.join(self.apache_directory, 'build') + if os.path.exists(apache_build_directory): + shutil.rmtree(apache_build_directory) + + shutil.copytree(apache_source_directory, apache_build_directory) + + subprocess.check_call("./configure --prefix={} --enable-modules=none --enable-mods-shared='{}' ENABLED_DSO_MODULES='{}'".format(self.installdir, ' '.join(self.options.modules), ','.join(self.options.modules)), + cwd=apache_build_directory, shell=True) + + self.run( + ['make', '-j{}'.format( + self.project.parallel_build_count)], + cwd=apache_build_directory) + self.run(['make', 'install'], cwd=apache_build_directory) + + self._build_third_party_modules() + + # Blow away the htdocs shipped with Apache, and copy in the + # user-provided one. + htdocs = os.path.join(self.installdir, 'htdocs') + shutil.rmtree(htdocs) + shutil.copytree(self.builddir, htdocs) + + # Copy startup script, if provided + if self.options.startup_script: + + shutil.copyfile(self.options.startup_script, + os.path.join(self.installdir, + self.startup_file_path)) + + # Copy extra configuration file, if provided + if self.options.extra_configuration: + shutil.copyfile(self.options.extra_configuration, + os.path.join(self.installdir, + self.extra_configuration_file_path)) + + self._fixup_apachectl() + + # Crawl through the entire install directory, making sure the instances + # of the installation prefix are replaced with $SNAP. + _search_and_replace(self.installdir, re.compile(self.installdir), + '${SNAP}') + + # Put the Apache logs in $SNAP_DATA/apache/ + self._configure_logging_directory('${SNAP_DATA}/apache/logs') + + self._disable_running_as_user_or_group() + self._set_mutex_type() + + self._configure_httpd_conf() + + self._configure_startup_procedure() + + def _build_third_party_modules(self): + logger.info('Building third-party modules...') + for module in self.third_party_modules: + module_source_directory = os.path.join( + module.module_directory, 'src') + module_build_directory = os.path.join( + module.module_directory, 'build') + + if os.path.exists(module_build_directory): + shutil.rmtree(module_build_directory) + + shutil.copytree(module_source_directory, module_build_directory) + + configure_command = [ + './configure', '--prefix=' + self.installdir, + '--with-apxs2={}/bin/apxs'.format(self.installdir), + '--disable-rpath'] + + self.run(configure_command + module.configflags, + cwd=module_build_directory) + self.run(['make', '-j{}'.format( + self.project.parallel_build_count)], + cwd=module_build_directory) + self.run(['make', 'install'], cwd=module_build_directory) + + def _configure_startup_procedure(self): + # Setup startup script (piggybacking on envvars) + with open(os.path.join(self.installdir, 'bin', 'envvars'), 'w') as f: + f.write('# Make sure log directory exists\n') + f.write('mkdir -p -m 750 ${SNAP_DATA}/apache\n') + f.write('mkdir -p -m 750 ${SNAP_DATA}/apache/logs') + + if self.options.startup_script: + f.write('\n. ${{SNAP}}/{}'.format(self.startup_file_path)) + + def _fixup_apachectl(self): + # Make sure apachectl doesn't use single quotes, and make sure it runs + # out of $SNAP + _search_and_replace_contents( + os.path.join(self.installdir, 'bin', 'apachectl'), + re.compile(r'HTTPD=.*bin/httpd.*'), + 'HTTPD="${SNAP}/bin/httpd -d ${SNAP}"') + + def _configure_logging_directory(self, log_directory): + _search_and_replace_contents( + os.path.join(self.installdir, 'conf', 'httpd.conf'), + re.compile(r'CustomLog.*'), + 'CustomLog "{}/access_log" common'.format(log_directory)) + _search_and_replace_contents( + os.path.join(self.installdir, 'conf', 'httpd.conf'), + re.compile(r'ErrorLog.*'), + 'ErrorLog "{}/error_log"'.format(log_directory)) + + def _disable_running_as_user_or_group(self): + # Don't try to run under a dedicated user/group + _search_and_replace_contents( + os.path.join(self.installdir, 'conf', 'httpd.conf'), + re.compile(r'(User|Group)'), r'# \1') + + def _set_mutex_type(self): + # Using pthread here, since Apache tries to chown the file-based mutex + # which isn't allowed in Snappy, and Ubuntu supports robust pthread + # mutexes that can be recovered if the child process terminates + # abnormally. + _search_and_replace_contents( + os.path.join(self.installdir, 'conf', 'httpd.conf'), + re.compile(r'# Mutex default:logs'), r'Mutex pthread') + + def _configure_httpd_conf(self): + with open(os.path.join(self.installdir, 'conf', 'httpd.conf'), 'a') as f: + # Make sure the pidfile is in a writeable location + f.write('\nPidFile "${SNAP_DATA}/apache/httpd.pid"') + + # Include extra configuration (if provided) + if self.options.extra_configuration: + f.write('\nInclude ${{SNAP}}/{}'.format( + self.extra_configuration_file_path)) diff --git a/setup/gui/icon.svg b/setup/gui/icon.svg new file mode 100644 index 0000000..73f672b --- /dev/null +++ b/setup/gui/icon.svg @@ -0,0 +1,2 @@ + + diff --git a/snapcraft.yaml b/snapcraft.yaml new file mode 100644 index 0000000..594d140 --- /dev/null +++ b/snapcraft.yaml @@ -0,0 +1,193 @@ +name: nextcloud +version: 9.0.50snap1 +summary: Nextcloud +description: Nextcloud running on Apache with MySQL. This is currently in beta. +confinement: strict + +apps: + # Apache daemon + apache: + command: apachectl start -DFOREGROUND + stop-command: apachectl stop + daemon: simple + plugs: [network, network-bind] + + # MySQL daemon + mysql: + command: start_mysql + stop-command: support-files/mysql.server stop + daemon: simple + plugs: [network, network-bind] + + # MySQL client + mysql-client: + command: mysql --defaults-file=$SNAP_DATA/mysql/root.ini + plugs: [network, network-bind] + + # mDNS daemon + mdns-publisher: + command: delay-on-failure mdns-publisher nextcloud + daemon: simple + plugs: [network, network-bind] + + # Nextcloud occ command + occ: + command: occ + plugs: [network, network-bind] + +parts: + apache: + plugin: apache + source: https://github.com/kyrofa/nextcloud.git + source-tag: 9.0.50 + + # The built-in Apache modules to enable + modules: + - headers + - fcgid + - setenvif + - env + - rewrite + - mime + - dir + - authz_core + - unixd + - alias + + # Extra Apache configuration for Nextcloud (and PHP) + extra-configuration: src/nextcloud/apache_config + + # Script to run before bringing up Apache + startup-script: src/nextcloud/setup_nextcloud + + third-party-modules: + # Build PHP + - source: http://us1.php.net/get/php-7.0.2.tar.gz/from/this/mirror + source-type: tar + configflags: + - --enable-ctype + - --enable-mbstring + - --enable-zip + - --with-pdo-mysql + - --with-zlib + - --with-gd + - --with-curl + - --with-openssl + - --with-bz2 + - --with-mcrypt + - --enable-exif + stage: + - -htdocs/.git* + snap: + - -manual # No need to include the documentation in the .snap + - -htdocs/.git* + stage-packages: + # These are only included here until the OS snap stabilizes + - libxml2 + - libpng12-0 + build-packages: + - libxml2-dev + - libcurl4-openssl-dev + - libpng12-dev + - libbz2-dev + - libmcrypt-dev + + # Copy over our PHP configuration file. + php-config: + plugin: copy + files: + src/php/php.ini: php.ini + + # Copy over our Nextcloud configuration files + nextcloud-customizations: + plugin: copy + files: + src/nextcloud/*config.php: htdocs/config/ + src/nextcloud/occ: bin/ + + # Download the boost headers for MySQL. Note that the version used may need to + # be updated if the version of MySQL changes. + boost: + plugin: copy + source: http://sourceforge.net/projects/boost/files/boost/1.59.0/boost_1_59_0.tar.gz + files: + '*': boost/ + snap: + - -* + + mysql: + plugin: cmake + source: https://github.com/kyrofa/mysql-server.git + source-type: git + source-branch: feature/support_no_setpriority + after: [boost] + configflags: + - -DWITH_BOOST=$SNAPCRAFT_STAGE/boost + - -DWITH_INNODB_PAGE_CLEANER_PRIORITY=OFF + - -DCMAKE_INSTALL_PREFIX=/ + - -DBUILD_CONFIG=mysql_release + - -DWITH_UNIT_TESTS=OFF + - -DWITH_EMBEDDED_SERVER=OFF + - -DWITH_EMBEDDED_SHARED_LIBRARY=OFF + - -DWITH_ARCHIVE_STORAGE_ENGINE=OFF + - -DWITH_BLACKHOLE_STORAGE_ENGINE=OFF + - -DWITH_FEDERATED_STORAGE_ENGINE=OFF + - -DWITH_PARTITION_STORAGE_ENGINE=OFF + - -DINSTALL_MYSQLTESTDIR= + build-packages: + - wget + - g++ + - cmake + - bison + - libncurses5-dev + - libaio-dev + stage: + # Remove scripts that we'll be replacing with our own + - -support-files/mysql.server + snap: + # Remove scripts that we'll be replacing with our own + - -support-files/mysql.server + + # Remove unused binaries that waste space + - -bin/innochecksum + - -bin/lz4_decompress + - -bin/myisam* + - -bin/mysqladmin + - -bin/mysqlbinlog + - -bin/mysql_client_test + - -bin/mysql_config* + - -bin/mysqld_multi + - -bin/mysqldump* + - -bin/mysqlimport + - -bin/mysql_install_db + - -bin/mysql_plugin + - -bin/mysqlpump + - -bin/mysql_secure_installation + - -bin/mysqlshow + - -bin/mysqlslap + - -bin/mysql_ssl_rsa_setup + - -bin/mysqltest + - -bin/mysql_tzinfo_to_sql + - -bin/perror + - -bin/replace + - -bin/resolveip + - -bin/resolve_stack_dump + - -bin/zlib_decompress + + # Copy over our MySQL scripts + mysql-customizations: + plugin: copy + files: + # This one is what creates the initial database and account for Nextcloud. + src/mysql/start_mysql: bin/ + src/mysql/my.cnf: my.cnf + src/mysql/mysql.server: support-files/ + + mdns-publisher: + plugin: go + go-packages: [github.com/kyrofa/mdns-publisher] + + delay-on-failure: + plugin: copy + files: + src/delay-on-failure/delay-on-failure: bin/ diff --git a/src/delay-on-failure/delay-on-failure b/src/delay-on-failure/delay-on-failure new file mode 100755 index 0000000..ac93ce7 --- /dev/null +++ b/src/delay-on-failure/delay-on-failure @@ -0,0 +1,8 @@ +#!/bin/sh + +$* +if [ $? -ne 0 ]; then + sleep 10 # Don't exit right away, so we'll be respawned + exit 1 +fi +exit 0 diff --git a/src/mysql/my.cnf b/src/mysql/my.cnf new file mode 100644 index 0000000..f3daf8a --- /dev/null +++ b/src/mysql/my.cnf @@ -0,0 +1,5 @@ +[mysqld] +user=root +max_allowed_packet=100M +secure-file-priv=NULL +skip-networking diff --git a/src/mysql/mysql.server b/src/mysql/mysql.server new file mode 100755 index 0000000..d2ddae1 --- /dev/null +++ b/src/mysql/mysql.server @@ -0,0 +1,393 @@ +#!/bin/sh +# Copyright Abandoned 1996 TCX DataKonsult AB & Monty Program KB & Detron HB +# This file is public domain and comes with NO WARRANTY of any kind + +# MySQL daemon start/stop script. + +# Usually this is put in /etc/init.d (at least on machines SYSV R4 based +# systems) and linked to /etc/rc3.d/S99mysql and /etc/rc0.d/K01mysql. +# When this is done the mysql server will be started when the machine is +# started and shut down when the systems goes down. + +# Comments to support chkconfig on RedHat Linux +# chkconfig: 2345 64 36 +# description: A very fast and reliable SQL database engine. + +# Comments to support LSB init script conventions +### BEGIN INIT INFO +# Provides: mysql +# Required-Start: $local_fs $network $remote_fs +# Should-Start: ypbind nscd ldap ntpd xntpd +# Required-Stop: $local_fs $network $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop MySQL +# Description: MySQL is a very fast and reliable SQL database engine. +### END INIT INFO + +# If you install MySQL on some other places than /, then you +# have to do one of the following things for this script to work: +# +# - Run this script from within the MySQL installation directory +# - Create a /etc/my.cnf file with the following information: +# [mysqld] +# basedir= +# - Add the above to any other configuration file (for example ~/.my.ini) +# and copy my_print_defaults to /usr/bin +# - Add the path to the mysql-installation-directory to the basedir variable +# below. +# +# If you want to affect other MySQL variables, you should make your changes +# in the /etc/my.cnf, ~/.my.cnf or other MySQL configuration files. + +# If you change base dir, you must also change datadir. These may get +# overwritten by settings in the MySQL configuration files. + +basedir=$SNAP +datadir=$SNAP_DATA/mysql + +# Default value, in seconds, afterwhich the script should timeout waiting +# for server start. +# Value here is overriden by value in my.cnf. +# 0 means don't wait at all +# Negative numbers mean to wait indefinitely +service_startup_timeout=900 + +# Lock directory for RedHat / SuSE. +lockdir="$SNAP_DATA/mysql/lock" +lock_file_path="$lockdir/mysql" + +# The following variables are only set for letting mysql.server find things. + +# Set some defaults +mysqld_pid_file_path= +if test -z "$basedir" +then + basedir=/ + bindir=//bin + if test -z "$datadir" + then + datadir=//data + fi + sbindir=//bin + libexecdir=//bin +else + bindir="$basedir/bin" + if test -z "$datadir" + then + datadir="$basedir/data" + fi + sbindir="$basedir/sbin" + libexecdir="$basedir/libexec" +fi + +# datadir_set is used to determine if datadir was set (and so should be +# *not* set inside of the --basedir= handler.) +datadir_set= + +# +# Use LSB init script functions for printing messages, if possible +# +lsb_functions="/lib/lsb/init-functions" +if test -f $lsb_functions ; then + . $lsb_functions +else + log_success_msg() + { + echo " SUCCESS! $@" + } + log_failure_msg() + { + echo " ERROR! $@" + } +fi + +PATH="/sbin:/usr/sbin:/bin:/usr/bin:$basedir/bin" +export PATH + +mode=$1 # start or stop + +[ $# -ge 1 ] && shift + + +other_args="$*" # uncommon, but needed when called from an RPM upgrade action + # Expected: "--skip-networking --skip-grant-tables" + # They are not checked here, intentionally, as it is the resposibility + # of the "spec" file author to give correct arguments only. + +case `echo "testing\c"`,`echo -n testing` in + *c*,-n*) echo_n= echo_c= ;; + *c*,*) echo_n=-n echo_c= ;; + *) echo_n= echo_c='\c' ;; +esac + +parse_server_arguments() { + for arg do + case "$arg" in + --basedir=*) basedir=`echo "$arg" | sed -e 's/^[^=]*=//'` + bindir="$basedir/bin" + if test -z "$datadir_set"; then + datadir="$basedir/data" + fi + sbindir="$basedir/sbin" + libexecdir="$basedir/libexec" + ;; + --datadir=*) datadir=`echo "$arg" | sed -e 's/^[^=]*=//'` + datadir_set=1 + ;; + --pid-file=*) mysqld_pid_file_path=`echo "$arg" | sed -e 's/^[^=]*=//'` ;; + --service-startup-timeout=*) service_startup_timeout=`echo "$arg" | sed -e 's/^[^=]*=//'` ;; + esac + done +} + +wait_for_pid () { + verb="$1" # created | removed + pid="$2" # process ID of the program operating on the pid-file + pid_file_path="$3" # path to the PID file. + + i=0 + avoid_race_condition="by checking again" + + while test $i -ne $service_startup_timeout ; do + + case "$verb" in + 'created') + # wait for a PID-file to pop into existence. + test -s "$pid_file_path" && i='' && break + ;; + 'removed') + # wait for this PID-file to disappear + test ! -s "$pid_file_path" && i='' && break + ;; + *) + echo "wait_for_pid () usage: wait_for_pid created|removed pid pid_file_path" + exit 1 + ;; + esac + + # if server isn't running, then pid-file will never be updated + if test -n "$pid"; then + if kill -0 "$pid" 2>/dev/null; then + : # the server still runs + else + # The server may have exited between the last pid-file check and now. + if test -n "$avoid_race_condition"; then + avoid_race_condition="" + continue # Check again. + fi + + # there's nothing that will affect the file. + log_failure_msg "The server quit without updating PID file ($pid_file_path)." + return 1 # not waiting any more. + fi + fi + + echo $echo_n ".$echo_c" + i=`expr $i + 1` + sleep 1 + + done + + if test -z "$i" ; then + log_success_msg + return 0 + else + log_failure_msg + return 1 + fi +} + +# Get arguments from the my.cnf file, +# the only group, which is read from now on is [mysqld] +if test -x ./bin/my_print_defaults +then + print_defaults="./bin/my_print_defaults" +elif test -x $bindir/my_print_defaults +then + print_defaults="$bindir/my_print_defaults" +elif test -x $bindir/mysql_print_defaults +then + print_defaults="$bindir/mysql_print_defaults" +else + # Try to find basedir in /etc/my.cnf + conf=/etc/my.cnf + print_defaults= + if test -r $conf + then + subpat='^[^=]*basedir[^=]*=\(.*\)$' + dirs=`sed -e "/$subpat/!d" -e 's//\1/' $conf` + for d in $dirs + do + d=`echo $d | sed -e 's/[ ]//g'` + if test -x "$d/bin/my_print_defaults" + then + print_defaults="$d/bin/my_print_defaults" + break + fi + if test -x "$d/bin/mysql_print_defaults" + then + print_defaults="$d/bin/mysql_print_defaults" + break + fi + done + fi + + # Hope it's in the PATH ... but I doubt it + test -z "$print_defaults" && print_defaults="my_print_defaults" +fi + +# +# Read defaults file from 'basedir'. If there is no defaults file there +# check if it's in the old (depricated) place (datadir) and read it from there +# + +extra_args="" +if test -r "$basedir/my.cnf" +then + extra_args="-e $basedir/my.cnf" +else + if test -r "$datadir/my.cnf" + then + extra_args="-e $datadir/my.cnf" + fi +fi + +parse_server_arguments `$print_defaults $extra_args mysqld server mysql_server mysql.server` + +# +# Set pid file if not given +# +if test -z "$mysqld_pid_file_path" +then + mysqld_pid_file_path=$datadir/`hostname`.pid +else + case "$mysqld_pid_file_path" in + /* ) ;; + * ) mysqld_pid_file_path="$datadir/$mysqld_pid_file_path" ;; + esac +fi + +case "$mode" in + 'start') + # Start daemon + + # Safeguard (relative paths, core dumps..) + cd $basedir + + echo $echo_n "Starting MySQL" + if test -x $bindir/mysqld_safe + then + # Give extra arguments to mysqld with the my.cnf file. This script + # may be overwritten at next upgrade. + $bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --lc-messages-dir="$SNAP/share" --socket="$SNAP_DATA/mysql/mysql.sock" $other_args >/dev/null 2>&1 & + wait_for_pid created "$!" "$mysqld_pid_file_path"; return_value=$? + + # Make lock for RedHat / SuSE + if test -w "$lockdir" + then + touch "$lock_file_path" + fi + + exit $return_value + else + log_failure_msg "Couldn't find MySQL server ($bindir/mysqld_safe)" + fi + ;; + + 'stop') + # Stop daemon. We use a signal here to avoid having to know the + # root password. + + if test -s "$mysqld_pid_file_path" + then + # signal mysqld_safe that it needs to stop + touch "$mysqld_pid_file_path.shutdown" + + mysqld_pid=`cat "$mysqld_pid_file_path"` + + if (kill -0 $mysqld_pid 2>/dev/null) + then + echo $echo_n "Shutting down MySQL" + kill $mysqld_pid + # mysqld should remove the pid file when it exits, so wait for it. + wait_for_pid removed "$mysqld_pid" "$mysqld_pid_file_path"; return_value=$? + else + log_failure_msg "MySQL server process #$mysqld_pid is not running!" + rm "$mysqld_pid_file_path" + fi + + # Delete lock for RedHat / SuSE + if test -f "$lock_file_path" + then + rm -f "$lock_file_path" + fi + exit $return_value + else + log_failure_msg "MySQL server PID file could not be found!" + fi + ;; + + 'restart') + # Stop the service and regardless of whether it was + # running or not, start it again. + if $0 stop $other_args; then + $0 start $other_args + else + log_failure_msg "Failed to stop running server, so refusing to try to start." + exit 1 + fi + ;; + + 'reload'|'force-reload') + if test -s "$mysqld_pid_file_path" ; then + read mysqld_pid < "$mysqld_pid_file_path" + kill -HUP $mysqld_pid && log_success_msg "Reloading service MySQL" + touch "$mysqld_pid_file_path" + else + log_failure_msg "MySQL PID file could not be found!" + exit 1 + fi + ;; + 'status') + # First, check to see if pid file exists + if test -s "$mysqld_pid_file_path" ; then + read mysqld_pid < "$mysqld_pid_file_path" + if kill -0 $mysqld_pid 2>/dev/null ; then + log_success_msg "MySQL running ($mysqld_pid)" + exit 0 + else + log_failure_msg "MySQL is not running, but PID file exists" + exit 1 + fi + else + # Try to find appropriate mysqld process + mysqld_pid=`pidof $libexecdir/mysqld` + + # test if multiple pids exist + pid_count=`echo $mysqld_pid | wc -w` + if test $pid_count -gt 1 ; then + log_failure_msg "Multiple MySQL running but PID file could not be found ($mysqld_pid)" + exit 5 + elif test -z $mysqld_pid ; then + if test -f "$lock_file_path" ; then + log_failure_msg "MySQL is not running, but lock file ($lock_file_path) exists" + exit 2 + fi + log_failure_msg "MySQL is not running" + exit 3 + else + log_failure_msg "MySQL is running but PID file could not be found" + exit 4 + fi + fi + ;; + *) + # usage + basename=`basename "$0"` + echo "Usage: $basename {start|stop|restart|reload|force-reload|status} [ MySQL server options ]" + exit 1 + ;; +esac + +exit 0 diff --git a/src/mysql/start_mysql b/src/mysql/start_mysql new file mode 100755 index 0000000..dcfe5c1 --- /dev/null +++ b/src/mysql/start_mysql @@ -0,0 +1,95 @@ +#!/bin/sh + +root_option_file="$SNAP_DATA/mysql/root.ini" +nextcloud_password_file="$SNAP_DATA/mysql/nextcloud_password" +mysqld_pid_file_path=$SNAP_DATA/mysql/`hostname`.pid +mysql_socket_file_path=$SNAP_DATA/mysql/mysql.sock +new_install=false + +# Make sure the database is initialized (this is safe to run if already +# initialized) +mysqld --initialize-insecure --basedir="$SNAP" --datadir="$SNAP_DATA/mysql" --lc-messages-dir="$SNAP/share" + +# If the above command succeeded, it means this is a new installation. +if [ $? -eq 0 ]; then + new_install=true +fi + +# Start mysql +$SNAP/support-files/mysql.server start + +# Initialize new installation if necessary. +if [ $new_install = true ]; then + # Generate a password for the root mysql user. + echo -n "Generating root mysql password... " + root_password=$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c64) + echo "done." + + # Generate a password for the nextcloud mysql user. + echo -n "Generating nextcloud mysql password... " + nextcloud_password=$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c64) + echo "done." + + # Save root user information + echo "[client]" >> $root_option_file + echo "socket=$mysql_socket_file_path" >> $root_option_file + echo "user=root" >> $root_option_file + chmod 600 $root_option_file + + # Now set everything up in one step: + # 1) Set the root user's password + # 2) Create the nextcloud user + # 3) Create the nextcloud database + # 4) Grant the nextcloud user privileges on the nextcloud database + echo -n "Setting up users and nextcloud database... " + mysql --defaults-file=$root_option_file <> $root_option_file +fi + +# Wait here until mysql is running +echo "Waiting for server..." +while [ ! -f "$mysqld_pid_file_path" -o ! -S "$mysql_socket_file_path" ]; do + sleep 1 +done + +# Check and upgrade mysql tables if necessary. This will return 0 if the upgrade +# succeeded, in which case we need to restart mysql. +echo "Checking/upgrading mysql tables if necessary..." +mysql_upgrade --defaults-file=$root_option_file +if [ $? -eq 0 ]; then + echo "Restarting mysql server after upgrade..." + $SNAP/support-files/mysql.server restart + + echo "Waiting for server to come back after upgrade..." + while [ ! -f "$mysqld_pid_file_path" -o ! -S "$mysql_socket_file_path" ]; do + sleep 1 + done +fi + +# If this was a new installation, wait until the server is all up and running +# before saving off the nextcloud user's password. This way the presence of the +# file can be used as a signal that mysql is ready to be used. +if [ $new_install = true ]; then + echo "$nextcloud_password" > $nextcloud_password_file +fi + +# Wait here until mysql exits (turn a forking service into simple). This is +# only needed for Ubuntu Core 15.04, as 16.04 supports forking services. +mysqld_pid=$(cat "$mysqld_pid_file_path") +while kill -0 $mysqld_pid 2>/dev/null; do + sleep 1 +done diff --git a/src/nextcloud/apache_config b/src/nextcloud/apache_config new file mode 100644 index 0000000..29b139d --- /dev/null +++ b/src/nextcloud/apache_config @@ -0,0 +1,31 @@ + + SetHandler application/x-httpd-php + + +PHPIniDir "${SNAP}/php.ini" + +# Serve static assets for apps in a writable location. +Alias "/extra-apps" "${SNAP_DATA}/nextcloud/extra-apps" + + AllowOverride None + Require all granted + + + + # Include Nextcloud's .htaccess file directly. In a typical setup this would + # be dangerous since it increases the capability of the .htaccess file in + # case an attacker was able to modify it, but that's not actually possible + # on Snappy (since the .htaccess file is read-only) so we'll do it here so + # as to avoid manually copying it in and needing to maintain it. + Include ${SNAP}/htdocs/.htaccess + + # Increase the max upload size, and upload into a different tmp so we don't + # try to use that much RAM. + php_value upload_max_filesize 16G + php_value post_max_size 16G + # FIXME: Use common environment variable when it exists. + php_admin_value upload_tmp_dir ${SNAP_DATA}/../common/nextcloud/tmp + + # Note that nothing else is included here as this directive is merged with + # the one in the main configuration file. + diff --git a/src/nextcloud/autoconfig.php b/src/nextcloud/autoconfig.php new file mode 100644 index 0000000..2d0e3e9 --- /dev/null +++ b/src/nextcloud/autoconfig.php @@ -0,0 +1,20 @@ + $common_data_path.'/nextcloud/data', + +'dbtype' => 'mysql', + +'dbhost' => 'localhost:'.$data_path.'/mysql/mysql.sock', + +'dbname' => 'nextcloud', + +'dbuser' => 'nextcloud', + +'dbpass' => getenv('NEXTCLOUD_DATABASE_PASSWORD'), +); diff --git a/src/nextcloud/config.php b/src/nextcloud/config.php new file mode 100644 index 0000000..5d88af7 --- /dev/null +++ b/src/nextcloud/config.php @@ -0,0 +1,53 @@ + array( + /** + * These are the default apps shipped with Nextcloud. They are read-only. + */ + array( + 'path'=> '/snap/'.$snap_name.'/current/htdocs/apps', + 'url' => '/apps', + 'writable' => false, + ), + + /** + * This directory is writable, meant for apps installed by the user. + */ + array( + 'path'=> '/var/snap/'.$snap_name.'/current/nextcloud/extra-apps', + 'url' => '/extra-apps', + 'writable' => true, + ), +), + +/** + * Database types that are supported for installation. + * + * Available: + * - sqlite (SQLite3 - Not in Enterprise Edition) + * - mysql (MySQL) + * - pgsql (PostgreSQL) + * - oci (Oracle - Enterprise Edition Only) + */ +'supportedDatabases' => array( + 'mysql', +), + +/** + * Nextcloud doesn't support hosting the config file out of the application, so + * this version of Nextclout has been patched slightly to allow for it. As a + * result, we fail the integrity check, so we'll just disable it. + */ +'integrity.check.disabled' => true, +); diff --git a/src/nextcloud/occ b/src/nextcloud/occ new file mode 100755 index 0000000..a1f5b89 --- /dev/null +++ b/src/nextcloud/occ @@ -0,0 +1,5 @@ +#!/bin/sh + +export NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config + +php -c $SNAP $SNAP/htdocs/occ $* diff --git a/src/nextcloud/setup_nextcloud b/src/nextcloud/setup_nextcloud new file mode 100755 index 0000000..6e0556b --- /dev/null +++ b/src/nextcloud/setup_nextcloud @@ -0,0 +1,68 @@ +#!/bin/sh + +mysqld_pid_file_path=$SNAP_DATA/mysql/`hostname`.pid +# Wait for mysql to be up and running, since we need to make sure +# we run the upgrade process. +echo "Waiting for mysql..." +while [ ! -f "$mysqld_pid_file_path" ]; do + sleep 1 +done + +# Wait until we have an nextcloud mysql password +echo "Obtaining nextcloud mysql credentials..." +nextcloud_password_path=$SNAP_DATA/mysql/nextcloud_password +timeout=10 +while [ $timeout -gt 0 -a ! -e $nextcloud_password_path ]; do + timeout=$((timeout-1)) + sleep 1 +done +if [ -e $nextcloud_password_path ]; then + echo "nextcloud mysql credentials successfully obtained" + export NEXTCLOUD_DATABASE_PASSWORD=$(cat $nextcloud_password_path) +else + echo -n "Timed out while attempting to obtain nextcloud mysql password. " + echo -n "This isn't unusual when starting up for the first time after " + echo "an install or an upgrade. Will try again." + exit 1 +fi + +# Make sure nextcloud directory exists +# FIXME: Use common environment variable when it exists +mkdir -p -m 750 $SNAP_DATA/../common/nextcloud + +# Make sure nextcloud tmp directory exists +# FIXME: Use common environment variable when it exists +mkdir -p -m 750 $SNAP_DATA/../common/nextcloud/tmp + +# Make sure nextcloud extra-apps directory exists (for user apps) +mkdir -p -m 750 $SNAP_DATA/nextcloud/extra-apps + +# If this is a new install, make sure it's configured correctly +export NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config +if [ ! -d "$NEXTCLOUD_CONFIG_DIR" ]; then + echo "Configuring nextcloud..." + cp -r $SNAP/htdocs/config $NEXTCLOUD_CONFIG_DIR +fi + +# Finally, make sure nextcloud is up to date. The return code of the upgrade +# can be used to determine the outcome: +# succes = 0; +# not installed = 1; +# in maintenance mode = 2; +# already up to date = 3; +# invalid arguments = 4; +# other failure = 5; +echo "Making sure nextcloud is fully upgraded..." +occ upgrade --no-interaction +return_code=$? +if [ $return_code -eq 1 ]; then + echo "Nextcloud is not yet installed-- no upgrade necessary" +elif [ $return_code -eq 3 ]; then + echo "Nextclout is fully upgraded" +elif [ $return_code -ne 0 ]; then + echo "Unable to upgrade Nextcloud. Will try again." + # occ may have left it in maintenance mode, so turn that off + occ maintenance:mode --off + sleep 10 # Delaying here so systemd doesn't throttle us + exit 1 +fi diff --git a/src/php/php.ini b/src/php/php.ini new file mode 100644 index 0000000..b86542a --- /dev/null +++ b/src/php/php.ini @@ -0,0 +1,1873 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About php.ini ; +;;;;;;;;;;;;;;;;;;; +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. + +; PHP attempts to find and load this configuration from a number of locations. +; The following is a summary of its search order: +; 1. SAPI module specific location. +; 2. The PHPRC environment variable. (As of PHP 5.2.0) +; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) +; 4. Current working directory (except CLI) +; 5. The web server's directory (for SAPI modules), or directory of PHP +; (otherwise in Windows) +; 6. The directory from the --with-config-file-path compile time option, or the +; Windows directory (C:\windows or C:\winnt) +; See the PHP docs for more specific information. +; http://php.net/configuration.file + +; The syntax of the file is extremely simple. Whitespace and lines +; beginning with a semicolon are silently ignored (as you probably guessed). +; Section headers (e.g. [Foo]) are also silently ignored, even though +; they might mean something in the future. + +; Directives following the section heading [PATH=/www/mysite] only +; apply to PHP files in the /www/mysite directory. Directives +; following the section heading [HOST=www.example.com] only apply to +; PHP files served from www.example.com. Directives set in these +; special sections cannot be overridden by user-defined INI files or +; at runtime. Currently, [PATH=] and [HOST=] sections only work under +; CGI/FastCGI. +; http://php.net/ini.sections + +; Directives are specified using the following syntax: +; directive = value +; Directive names are *case sensitive* - foo=bar is different from FOO=bar. +; Directives are variables used to configure PHP or PHP extensions. +; There is no name validation. If PHP can't find an expected +; directive because it is not set or is mistyped, a default value will be used. + +; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one +; of the INI constants (On, Off, True, False, Yes, No and None) or an expression +; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a +; previously set variable or directive (e.g. ${foo}) + +; Expressions in the INI file are limited to bitwise operators and parentheses: +; | bitwise OR +; ^ bitwise XOR +; & bitwise AND +; ~ bitwise NOT +; ! boolean NOT + +; Boolean flags can be turned on using the values 1, On, True or Yes. +; They can be turned off using the values 0, Off, False or No. + +; An empty string can be denoted by simply not writing anything after the equal +; sign, or by using the None keyword: + +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' + +; If you use constants in your value, and these constants belong to a +; dynamically loaded extension (either a PHP extension or a Zend extension), +; you may only use these constants *after* the line that loads the extension. + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; PHP comes packaged with two INI files. One that is recommended to be used +; in production environments and one that is recommended to be used in +; development environments. + +; php.ini-production contains settings which hold security, performance and +; best practices at its core. But please be aware, these settings may break +; compatibility with older or less security conscience applications. We +; recommending using the production ini in production and testing environments. + +; php.ini-development is very similar to its production variant, except it is +; much more verbose when it comes to errors. We recommend using the +; development version only in development environments, as errors shown to +; application users can inadvertently leak otherwise secure information. + +; This is php.ini-production INI file. + +;;;;;;;;;;;;;;;;;;; +; Quick Reference ; +;;;;;;;;;;;;;;;;;;; +; The following are all the settings which are different in either the production +; or development versions of the INIs with respect to PHP's default behavior. +; Please see the actual settings later in the document for more details as to why +; we recommend these changes in PHP's behavior. + +; display_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; display_startup_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; error_reporting +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT + +; html_errors +; Default Value: On +; Development Value: On +; Production value: On + +; log_errors +; Default Value: Off +; Development Value: On +; Production Value: On + +; max_input_time +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) + +; output_buffering +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 + +; register_argc_argv +; Default Value: On +; Development Value: Off +; Production Value: Off + +; request_order +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" + +; session.gc_divisor +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 + +; session.hash_bits_per_character +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 + +; short_open_tag +; Default Value: On +; Development Value: Off +; Production Value: Off + +; track_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; url_rewriter.tags +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" + +; variables_order +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS" + +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +;user_ini.filename = ".user.ini" + +; To disable this feature set this option to empty value +;user_ini.filename = + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +; http://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the would work. +; http://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; http://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; http://php.net/realpath-cache-size +;realpath_cache_size = 16k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; http://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; http://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +; Default: Off +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +; Default: "" +;zend.script_encoding = + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = On + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 30 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; http://php.net/max-input-time +max_input_time = 60 + +; Maximum input variable nesting level +; http://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + +; Maximum amount of memory a script may consume (128MB) +; http://php.net/memory-limit +memory_limit = 128M + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it is automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; http://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. PHP's default behavior is to suppress those +; errors from clients. Turning the display of startup errors on can be useful in +; debugging configuration problems. We strongly recommend you +; set this to 'off' for production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +; http://php.net/log-errors-max-len +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; http://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; http://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This has only effect in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; http://php.net/report-memleaks +report_memleaks = On + +; This setting is on by default. +;report_zend_debug = 0 + +; Store the last error/warning message in $php_errormsg (boolean). Setting this value +; to On can assist in debugging and is appropriate for development servers. It should +; however be disabled on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/track-errors +track_errors = Off + +; Turn off normal error reporting and emit XML-RPC error XML +; http://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: On +; Development Value: On +; Production value: On +; http://php.net/html-errors +html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from http://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; http://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; http://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; http://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +;error_log = syslog +error_log = ${SNAP_DATA}/apache/logs/php_errors.log + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; http://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; http://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; http://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; http://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any affect. +; http://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; http://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; http://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a character encoding using +; the Content-type: header. To disable sending of the charset, simply +; set it to be empty. +; +; PHP's built-in default is text/html +; http://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to UTF-8. +; http://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; mbstring or iconv output handler is used. +; See also output_buffer. +; http://php.net/output-encoding +;output_encoding = + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/php/includes" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; http://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; http://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; http://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; http://php.net/extension-dir +; extension_dir = "./" +; On windows: +; extension_dir = "ext" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +; sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; http://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send +; RFC2616 compliant header. +; Default is zero. +; http://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; http://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; http://php.net/upload-tmp-dir +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = 2M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; http://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; http://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; http://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; http://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename.extension +; +; For example, on Windows: +; +; extension=msql.dll +; +; ... or under UNIX: +; +; extension=msql.so +; +; ... or with a path: +; +; extension=/path/to/extension/msql.so +; +; If you only provide the name of the extension, PHP will look for it in its +; default extension directory. +; +; Windows Extensions +; Note that ODBC support is built in, so no dll is needed for it. +; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5+) +; extension folders as well as the separate PECL DLL download (PHP 5+). +; Be sure to appropriately set the extension_dir directive. +; +;extension=php_bz2.dll +;extension=php_curl.dll +;extension=php_fileinfo.dll +;extension=php_gd2.dll +;extension=php_gettext.dll +;extension=php_gmp.dll +;extension=php_intl.dll +;extension=php_imap.dll +;extension=php_interbase.dll +;extension=php_ldap.dll +;extension=php_mbstring.dll +;extension=php_exif.dll ; Must be after mbstring as it depends on it +;extension=php_mysqli.dll +;extension=php_oci8_12c.dll ; Use with Oracle Database 12c Instant Client +;extension=php_openssl.dll +;extension=php_pdo_firebird.dll +;extension=php_pdo_mysql.dll +;extension=php_pdo_oci.dll +;extension=php_pdo_odbc.dll +;extension=php_pdo_pgsql.dll +;extension=php_pdo_sqlite.dll +;extension=php_pgsql.dll +;extension=php_shmop.dll + +; The MIBS data available in the PHP distribution must be installed. +; See http://www.php.net/manual/en/snmp.installation.php +;extension=php_snmp.dll + +;extension=php_soap.dll +;extension=php_sockets.dll +;extension=php_sqlite3.dll +;extension=php_tidy.dll +;extension=php_xmlrpc.dll +;extension=php_xsl.dll + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +;date.timezone = + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + +[filter] +; http://php.net/filter.default +;filter.default = unsafe_raw + +; http://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < intput_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING + +[sqlite3] +;sqlite3.extension_dir = + +[Pcre] +;PCRE library backtracking limit. +; http://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +;PCRE library recursion limit. +;Please note that if you set this value to a high number you may consume all +;the available process stack and eventually crash PHP (due to reaching the +;stack size limit imposed by the Operating System). +; http://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +;Enables or disables JIT compilation of patterns. This requires the PCRE +;library to be compiled with JIT support. +;pcre.jit=1 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; http://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +;pdo_odbc.db2_instance_name + +[Pdo_mysql] +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/pdo_mysql.cache_size +pdo_mysql.cache_size = 2000 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/pdo_mysql.default-socket +pdo_mysql.default_socket= + +[Phar] +; http://php.net/phar.readonly +;phar.readonly = On + +; http://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[mail function] +; For Win32 only. +; http://php.net/smtp +SMTP = localhost +; http://php.net/smtp-port +smtp_port = 25 + +; For Win32 only. +; http://php.net/sendmail-from +;sendmail_from = me@example.com + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +;sendmail_path = + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(). +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = On + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[SQL] +; http://php.net/sql.safe-mode +sql.safe_mode = Off + +[ODBC] +; http://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; http://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; http://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; http://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; http://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; http://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; http://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +;birdstep.max_links = -1 + +[Interbase] +; Allow or prevent persistent links. +ibase.allow_persistent = 1 + +; Maximum number of persistent links. -1 means no limit. +ibase.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +ibase.max_links = -1 + +; Default database name for ibase_connect(). +;ibase.default_db = + +; Default username for ibase_connect(). +;ibase.default_user = + +; Default password for ibase_connect(). +;ibase.default_password = + +; Default charset for ibase_connect(). +;ibase.default_charset = + +; Default timestamp format. +ibase.timestampformat = "%Y-%m-%d %H:%M:%S" + +; Default date format. +ibase.dateformat = "%Y-%m-%d" + +; Default time format. +ibase.timeformat = "%H:%M:%S" + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; http://php.net/mysqli.max-links +mysqli.max_links = -1 + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysqli.cache_size +mysqli.cache_size = 2000 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysqli.default-pw +mysqli.default_pw = + +; Allow or prevent reconnect +mysqli.reconnect = Off + +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_statistics +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_memory_statistics +mysqlnd.collect_memory_statistics = Off + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +; http://php.net/mysqlnd.net_cmd_buffer_size +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +; http://php.net/mysqlnd.net_read_buffer_size +;mysqlnd.net_read_buffer_size = 32768 + +[OCI8] + +; Connection: Enables privileged connections using external +; credentials (OCI_SYSOPER, OCI_SYSDBA) +; http://php.net/oci8.privileged-connect +;oci8.privileged_connect = Off + +; Connection: The maximum number of persistent OCI8 connections per +; process. Using -1 means no limit. +; http://php.net/oci8.max-persistent +;oci8.max_persistent = -1 + +; Connection: The maximum number of seconds a process is allowed to +; maintain an idle persistent connection. Using -1 means idle +; persistent connections will be maintained forever. +; http://php.net/oci8.persistent-timeout +;oci8.persistent_timeout = -1 + +; Connection: The number of seconds that must pass before issuing a +; ping during oci_pconnect() to check the connection validity. When +; set to 0, each oci_pconnect() will cause a ping. Using -1 disables +; pings completely. +; http://php.net/oci8.ping-interval +;oci8.ping_interval = 60 + +; Connection: Set this to a user chosen connection class to be used +; for all pooled server requests with Oracle 11g Database Resident +; Connection Pooling (DRCP). To use DRCP, this value should be set to +; the same string for all web servers running the same application, +; the database pool must be configured, and the connection string must +; specify to use a pooled server. +;oci8.connection_class = + +; High Availability: Using On lets PHP receive Fast Application +; Notification (FAN) events generated when a database node fails. The +; database must also be configured to post FAN events. +;oci8.events = Off + +; Tuning: This option enables statement caching, and specifies how +; many statements to cache. Using 0 disables statement caching. +; http://php.net/oci8.statement-cache-size +;oci8.statement_cache_size = 20 + +; Tuning: Enables statement prefetching and sets the default number of +; rows that will be fetched automatically after statement execution. +; http://php.net/oci8.default-prefetch +;oci8.default_prefetch = 100 + +; Compatibility. Using On means oci_close() will not close +; oci_connect() and oci_new_connect() connections. +; http://php.net/oci8.old-oci-close-semantics +;oci8.old_oci_close_semantics = Off + +[PostgreSQL] +; Allow or prevent persistent links. +; http://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; http://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; http://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; http://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; http://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[bcmath] +; Number of decimal digits for all bcmath functions. +; http://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; http://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; http://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; http://php.net/session.save-path +;session.save_path = "/tmp" + +; Whether to use strict session mode. +; Strict session mode does not accept uninitialized session ID and regenerate +; session ID if browser sends uninitialized session ID. Strict mode protects +; applications from session fixation via session adoption vulnerability. It is +; disabled by default for maximum compatibility, but enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + +; Whether to use cookies. +; http://php.net/session.use-cookies +session.use_cookies = 1 + +; http://php.net/session.cookie-secure +;session.cookie_secure = + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the be-all and end-all of session hijacking defense, but it's a good start. +; http://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; http://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; http://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; http://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; http://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; http://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. +; http://php.net/session.cookie-httponly +session.cookie_httponly = + +; Handler used to serialize data. php is the standard serializer of PHP. +; http://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started +; on every session initialization. The probability is calculated by using +; gc_probability/gc_divisor. Where session.gc_probability is the numerator +; and gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.gc-probability +session.gc_probability = 1 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using the following equation: +; gc_probability/gc_divisor. Where session.gc_probability is the numerator and +; session.gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. Increasing this value to 1000 will give you +; a 0.1% chance the gc will run on any give request. For high volume production servers, +; this is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; http://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; http://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script would is the equivalent of +; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; http://php.net/session.referer-check +session.referer_check = + +; How many bytes to read from the file. +; http://php.net/session.entropy-length +;session.entropy_length = 32 + +; Specified here to create the session id. +; http://php.net/session.entropy-file +; Defaults to /dev/urandom +; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom +; If neither are found at compile time, the default is no entropy file. +; On windows, setting the entropy_length setting will activate the +; Windows random source (using the CryptoAPI) +;session.entropy_file = /dev/urandom + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; http://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; http://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users' security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; http://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; Select a hash function for use in generating session ids. +; Possible Values +; 0 (MD5 128 bits) +; 1 (SHA-1 160 bits) +; This option may also be set to the name of any hash function supported by +; the hash extension. A list of available hashes is returned by the hash_algos() +; function. +; http://php.net/session.hash-function +session.hash_function = 0 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; http://php.net/session.hash-bits-per-character +session.hash_bits_per_character = 5 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +; form/fieldset are special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. If you want XHTML conformity, remove the form entry. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; http://php.net/url-rewriter.tags +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; http://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; http://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; http://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +; Only write session data when session data is changed. Enabled by default. +; http://php.net/session.lazy-write +;session.lazy_write = On + +[Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; http://php.net/zend.assertions +zend.assertions = -1 + +; Assert(expr); active by default. +; http://php.net/assert.active +;assert.active = On + +; Throw an AssertationException on failed assertions +; http://php.net/assert.exception +;assert.exception = On + +; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) +; http://php.net/assert.warning +;assert.warning = On + +; Don't bail out by default. +; http://php.net/assert.bail +;assert.bail = Off + +; User-function to be called if an assertion fails. +; http://php.net/assert.callback +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +; http://php.net/assert.quiet-eval +;assert.quiet_eval = 0 + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; http://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; http://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a components typlib on com_load() +; http://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; http://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; http://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +[mbstring] +; language for internal character representation. +; This affects mb_send_mail() and mbstring.detect_order. +; http://php.net/mbstring.language +;mbstring.language = Japanese + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; internal/script encoding. +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = + +; Use of this INI entry is deprecated, use global input_encoding instead. +; http input encoding. +; mbstring.encoding_traslation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < intput_encoding < mbsting.http_input +; http://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; http://php.net/mbstring.http-output +;mbstring.http_output = + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; http://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; "auto" detect order is changed according to mbstring.language +; http://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; http://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; overload(replace) single byte functions by mbstring functions. +; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), +; etc. Possible values are 0,1,2,4 or combination of them. +; For example, 7 for overload everything. +; 0: No overload +; 1: Overload mail() function +; 2: Overload str*() functions +; 4: Overload ereg*() functions +; http://php.net/mbstring.func-overload +;mbstring.func_overload = 0 + +; enable strict encoding detection. +; Default: Off +;mbstring.strict_detection = On + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetype= + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; http://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 0 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; http://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; http://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; http://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; http://php.net/exif.encode-jis +;exif.encode_jis = + +; http://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; http://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; http://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; http://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; http://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; http://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; http://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[mcrypt] +; For more information about mcrypt settings see http://php.net/mcrypt-module-open + +; Directory where to load mcrypt algorithms +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.algorithms_dir= + +; Directory where to load mcrypt modes +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.modes_dir= + +[dba] +;dba.default_handler= + +[opcache] +; Determines if Zend OPCache is enabled +;opcache.enable=0 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +;opcache.enable_cli=0 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=64 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=4 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 100000 are allowed. +;opcache.max_accelerated_files=2000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; If enabled, a fast shutdown sequence is used for the accelerated code +;opcache.fast_shutdown=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0xffffffff + +;opcache.inherited_hack=1 +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +;opcache.blacklist_filename= + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; Check the cache checksum each N requests. +; The default value of "0" means that the checks are disabled. +;opcache.consistency_checks=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Mapping base of shared memory segments (for Windows only). All the PHP +; processes have to map shared memory into the same address space. This +; directive allows to manually fix the "Unable to reattach to base address" +; errors. +;opcache.mmap_base= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; This should improve performance, but requires appropriate OS configuration. +;opcache.huge_code_pages=1 + +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= + +; Local Variables: +; tab-width: 4 +; End: From 7d994c956d71359f783dcd4078b5f398357c7717 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 18 Jun 2016 12:57:16 +0000 Subject: [PATCH 002/416] Use PHP FPM instead of PHP Apache module. Use pm=ondemand and determine max children by total RAM. Close #3. Signed-off-by: Kyle Fazzari --- parts/plugins/x-apache.py | 12 +- snapcraft.yaml | 66 +++-- src/nextcloud/apache_config | 14 +- src/nextcloud/autoconfig.php | 4 +- src/nextcloud/occ | 2 +- src/nextcloud/setup_nextcloud | 36 +-- src/php/config/php-fpm.conf | 125 +++++++++ src/php/config/php-fpm.d/www.conf | 420 ++++++++++++++++++++++++++++++ src/php/{ => config}/php.ini | 4 +- src/php/scripts/start-php-fpm | 33 +++ 10 files changed, 652 insertions(+), 64 deletions(-) create mode 100644 src/php/config/php-fpm.conf create mode 100644 src/php/config/php-fpm.d/www.conf rename src/php/{ => config}/php.ini (99%) create mode 100755 src/php/scripts/start-php-fpm diff --git a/parts/plugins/x-apache.py b/parts/plugins/x-apache.py index 6c948d9..eeb8156 100644 --- a/parts/plugins/x-apache.py +++ b/parts/plugins/x-apache.py @@ -54,6 +54,10 @@ def schema(cls): 'type': 'string' }, } + schema['properties']['mpm'] = { + 'type': 'string', + 'default': 'event', + } schema['properties']['third-party-modules'] = { 'type': 'array', 'minitems': 1, @@ -183,8 +187,12 @@ def build(self): shutil.copytree(apache_source_directory, apache_build_directory) - subprocess.check_call("./configure --prefix={} --enable-modules=none --enable-mods-shared='{}' ENABLED_DSO_MODULES='{}'".format(self.installdir, ' '.join(self.options.modules), ','.join(self.options.modules)), - cwd=apache_build_directory, shell=True) + subprocess.check_call( + "./configure --prefix={} --with-mpm={} --enable-modules=none --enable-mods-shared='{}' ENABLED_DSO_MODULES='{}'".format( + self.installdir, self.options.mpm, + ' '.join(self.options.modules), + ','.join(self.options.modules)), + cwd=apache_build_directory, shell=True) self.run( ['make', '-j{}'.format( diff --git a/snapcraft.yaml b/snapcraft.yaml index 594d140..0742234 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -19,9 +19,10 @@ apps: daemon: simple plugs: [network, network-bind] - # MySQL client - mysql-client: - command: mysql --defaults-file=$SNAP_DATA/mysql/root.ini + # PHP FPM daemon + php-fpm: + command: start-php-fpm + daemon: simple plugs: [network, network-bind] # mDNS daemon @@ -30,6 +31,11 @@ apps: daemon: simple plugs: [network, network-bind] + # MySQL client + mysql-client: + command: mysql --defaults-file=$SNAP_DATA/mysql/root.ini + plugs: [network, network-bind] + # Nextcloud occ command occ: command: occ @@ -44,7 +50,8 @@ parts: # The built-in Apache modules to enable modules: - headers - - fcgid + - proxy + - proxy_fcgi - setenvif - env - rewrite @@ -60,27 +67,35 @@ parts: # Script to run before bringing up Apache startup-script: src/nextcloud/setup_nextcloud - third-party-modules: - # Build PHP - - source: http://us1.php.net/get/php-7.0.2.tar.gz/from/this/mirror - source-type: tar - configflags: - - --enable-ctype - - --enable-mbstring - - --enable-zip - - --with-pdo-mysql - - --with-zlib - - --with-gd - - --with-curl - - --with-openssl - - --with-bz2 - - --with-mcrypt - - --enable-exif stage: - -htdocs/.git* snap: - -manual # No need to include the documentation in the .snap - -htdocs/.git* + + php: + plugin: autotools + source: http://us1.php.net/get/php-7.0.2.tar.gz/from/this/mirror + source-type: tar + install-via: prefix + configflags: + - --enable-fpm + - --disable-cgi + - --disable-phar + - --disable-phpdbg + - --enable-ctype + - --enable-mbstring + - --enable-zip + - --with-pdo-mysql + - --with-zlib + - --with-gd + - --with-curl + - --with-openssl + - --with-bz2 + - --with-mcrypt + - --enable-exif + - --enable-intl + - --disable-rpath stage-packages: # These are only included here until the OS snap stabilizes - libxml2 @@ -91,12 +106,19 @@ parts: - libpng12-dev - libbz2-dev - libmcrypt-dev + snap: + - -sbin/ + - -etc/ + organize: + # Put php-fpm in bin with everything else, not sbin. + sbin/php-fpm: bin/php-fpm # Copy over our PHP configuration file. - php-config: + php-customizations: plugin: copy files: - src/php/php.ini: php.ini + src/php/config/*: config/php/ + src/php/scripts/*: bin/ # Copy over our Nextcloud configuration files nextcloud-customizations: diff --git a/src/nextcloud/apache_config b/src/nextcloud/apache_config index 29b139d..2fbd04b 100644 --- a/src/nextcloud/apache_config +++ b/src/nextcloud/apache_config @@ -1,8 +1,11 @@ +# PHP-FPM +ProxyTimeout 900 - SetHandler application/x-httpd-php + SetHandler "proxy:unix:${SNAP_DATA}/php/php-fpm.sock|fcgi://localhost/" -PHPIniDir "${SNAP}/php.ini" + + # Serve static assets for apps in a writable location. Alias "/extra-apps" "${SNAP_DATA}/nextcloud/extra-apps" @@ -19,13 +22,6 @@ Alias "/extra-apps" "${SNAP_DATA}/nextcloud/extra-apps" # as to avoid manually copying it in and needing to maintain it. Include ${SNAP}/htdocs/.htaccess - # Increase the max upload size, and upload into a different tmp so we don't - # try to use that much RAM. - php_value upload_max_filesize 16G - php_value post_max_size 16G - # FIXME: Use common environment variable when it exists. - php_admin_value upload_tmp_dir ${SNAP_DATA}/../common/nextcloud/tmp - # Note that nothing else is included here as this directive is merged with # the one in the main configuration file. diff --git a/src/nextcloud/autoconfig.php b/src/nextcloud/autoconfig.php index 2d0e3e9..370160f 100644 --- a/src/nextcloud/autoconfig.php +++ b/src/nextcloud/autoconfig.php @@ -5,6 +5,8 @@ $data_path = '/var/snap/'.$snap_name.'/current'; $common_data_path = '/var/snap/'.$snap_name.'/common'; +$database_password = trim(file_get_contents($data_path . '/mysql/nextcloud_password')); + $AUTOCONFIG = array( 'directory' => $common_data_path.'/nextcloud/data', @@ -16,5 +18,5 @@ 'dbuser' => 'nextcloud', -'dbpass' => getenv('NEXTCLOUD_DATABASE_PASSWORD'), +'dbpass' => $database_password, ); diff --git a/src/nextcloud/occ b/src/nextcloud/occ index a1f5b89..78f4248 100755 --- a/src/nextcloud/occ +++ b/src/nextcloud/occ @@ -2,4 +2,4 @@ export NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config -php -c $SNAP $SNAP/htdocs/occ $* +php -c $SNAP/config/php $SNAP/htdocs/occ $* diff --git a/src/nextcloud/setup_nextcloud b/src/nextcloud/setup_nextcloud index 6e0556b..d556739 100755 --- a/src/nextcloud/setup_nextcloud +++ b/src/nextcloud/setup_nextcloud @@ -1,31 +1,5 @@ #!/bin/sh -mysqld_pid_file_path=$SNAP_DATA/mysql/`hostname`.pid -# Wait for mysql to be up and running, since we need to make sure -# we run the upgrade process. -echo "Waiting for mysql..." -while [ ! -f "$mysqld_pid_file_path" ]; do - sleep 1 -done - -# Wait until we have an nextcloud mysql password -echo "Obtaining nextcloud mysql credentials..." -nextcloud_password_path=$SNAP_DATA/mysql/nextcloud_password -timeout=10 -while [ $timeout -gt 0 -a ! -e $nextcloud_password_path ]; do - timeout=$((timeout-1)) - sleep 1 -done -if [ -e $nextcloud_password_path ]; then - echo "nextcloud mysql credentials successfully obtained" - export NEXTCLOUD_DATABASE_PASSWORD=$(cat $nextcloud_password_path) -else - echo -n "Timed out while attempting to obtain nextcloud mysql password. " - echo -n "This isn't unusual when starting up for the first time after " - echo "an install or an upgrade. Will try again." - exit 1 -fi - # Make sure nextcloud directory exists # FIXME: Use common environment variable when it exists mkdir -p -m 750 $SNAP_DATA/../common/nextcloud @@ -38,12 +12,20 @@ mkdir -p -m 750 $SNAP_DATA/../common/nextcloud/tmp mkdir -p -m 750 $SNAP_DATA/nextcloud/extra-apps # If this is a new install, make sure it's configured correctly -export NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config +NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config if [ ! -d "$NEXTCLOUD_CONFIG_DIR" ]; then echo "Configuring nextcloud..." cp -r $SNAP/htdocs/config $NEXTCLOUD_CONFIG_DIR fi +# Wait for PHP FPM to be up and running before continuing, since we need to make +# sure we can run the upgrade process below. +php_pid_file_path=$SNAP_DATA/php/php-fpm.pid +echo "Waiting for PHP..." +while [ ! -f "$php_pid_file_path" ]; do + sleep 1 +done + # Finally, make sure nextcloud is up to date. The return code of the upgrade # can be used to determine the outcome: # succes = 0; diff --git a/src/php/config/php-fpm.conf b/src/php/config/php-fpm.conf new file mode 100644 index 0000000..0ea4799 --- /dev/null +++ b/src/php/config/php-fpm.conf @@ -0,0 +1,125 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/home/ubuntu/src/nextcloud-snap/parts/php/install). This prefix can be dynamically changed by using the +; '-p' argument from the command line. + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /home/ubuntu/src/nextcloud-snap/parts/php/install/var +; Default Value: none +pid = ${SNAP_DATA}/php/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; in a local file. +; Note: the default prefix is /home/ubuntu/src/nextcloud-snap/parts/php/install/var +; Default Value: log/php-fpm.log +error_log = ${SNAP_DATA}/php/php-fpm.log + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +;syslog.facility = daemon + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +;syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +;log_level = notice + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +;emergency_restart_threshold = 0 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;emergency_restart_interval = 0 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been design to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +; process.max = 128 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) +; - /dev/poll (Solaris >= 7) +; - port (Solaris >= 10) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is build with systemd integration, specify the interval, +; in second, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /home/ubuntu/src/nextcloud-snap/parts/php/install otherwise +include=${SNAP}/config/php/php-fpm.d/*.conf diff --git a/src/php/config/php-fpm.d/www.conf b/src/php/config/php-fpm.d/www.conf new file mode 100644 index 0000000..8a005be --- /dev/null +++ b/src/php/config/php-fpm.d/www.conf @@ -0,0 +1,420 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /home/ubuntu/src/nextcloud-snap/parts/php/install) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = root +group = root + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = ${SNAP_DATA}/php/php-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +;listen.owner = nobody +;listen.group = nobody +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = ondemand + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = ${PHP_FPM_MAX_CHILDREN} + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /home/ubuntu/src/nextcloud-snap/parts/php/install/share/php/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +; Don't want to clear environment so we get snap's environment. +clear_env = no +env[NEXTCLOUD_CONFIG_DIR] = ${SNAP_DATA}/nextcloud/config + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /home/ubuntu/src/nextcloud-snap/parts/php/install) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M + +; Configure larger uploads than the default. +php_admin_value[upload_tmp_dir] = ${SNAP_DATA}/../common/nextcloud/tmp +php_value[upload_max_filesize] = 16G +php_value[post_max_size] = 16G diff --git a/src/php/php.ini b/src/php/config/php.ini similarity index 99% rename from src/php/php.ini rename to src/php/config/php.ini index b86542a..8696923 100644 --- a/src/php/php.ini +++ b/src/php/config/php.ini @@ -186,7 +186,7 @@ ; Enable the PHP scripting language engine under Apache. ; http://php.net/engine -engine = On +engine = Off ; This directive determines whether or not PHP will recognize code between ; tags as PHP source which should be processed as such. It is @@ -721,7 +721,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. ; http://php.net/extension-dir -; extension_dir = "./" +extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20151012" ; On windows: ; extension_dir = "ext" diff --git a/src/php/scripts/start-php-fpm b/src/php/scripts/start-php-fpm new file mode 100755 index 0000000..d762e41 --- /dev/null +++ b/src/php/scripts/start-php-fpm @@ -0,0 +1,33 @@ +#!/bin/sh + +mkdir -p -m 750 ${SNAP_DATA}/php + +mysqld_pid_file_path=$SNAP_DATA/mysql/`hostname`.pid +# Wait for mysql to be up and running, since we need to make sure +# we run the upgrade process. +echo "Waiting for mysql..." +while [ ! -f "$mysqld_pid_file_path" ]; do + sleep 1 +done + +# Wait until we have an nextcloud mysql password +echo "Obtaining nextcloud mysql credentials..." +nextcloud_password_path=$SNAP_DATA/mysql/nextcloud_password +timeout=10 +while [ $timeout -gt 0 -a ! -e $nextcloud_password_path ]; do + timeout=$((timeout-1)) + sleep 1 +done +if [ ! -e $nextcloud_password_path ]; then + echo -n "Timed out while attempting to obtain nextcloud mysql password. " + echo -n "This isn't unusual when starting up for the first time after " + echo "an install or an upgrade. Will try again." + exit 1 +fi + +# Tends to be between 30-50MB +average_php_memory_requirement=50 +total_memory=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo) +export PHP_FPM_MAX_CHILDREN=$(($total_memory/$average_php_memory_requirement)) + +php-fpm -R -F --fpm-config ${SNAP}/config/php/php-fpm.conf -c ${SNAP}/config/php From 085cc86bee948876651c3fd097aad4ca4c6d827b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 20 Jun 2016 00:48:21 +0000 Subject: [PATCH 003/416] Use redis for local and locking memcache. Close #2. Signed-off-by: Kyle Fazzari --- parts/plugins/x-php.py | 37 + parts/plugins/x-redis.py | 27 + snapcraft.yaml | 19 +- src/nextcloud/config.php | 7 + src/php/config/php.ini | 2 + src/redis/config/redis.conf | 1023 ++++++++++++++++++++++++++ src/redis/scripts/start-redis-server | 8 + 7 files changed, 1122 insertions(+), 1 deletion(-) create mode 100644 parts/plugins/x-php.py create mode 100644 parts/plugins/x-redis.py create mode 100644 src/redis/config/redis.conf create mode 100755 src/redis/scripts/start-redis-server diff --git a/parts/plugins/x-php.py b/parts/plugins/x-php.py new file mode 100644 index 0000000..f2df283 --- /dev/null +++ b/parts/plugins/x-php.py @@ -0,0 +1,37 @@ +import os +import logging +import shutil +import re +import subprocess + +import snapcraft +from snapcraft.plugins import autotools + +logger = logging.getLogger(__name__) + + +class PhpPlugin(autotools.AutotoolsPlugin): + + @classmethod + def schema(cls): + schema = super().schema() + schema['properties']['extensions'] = { + 'type': 'array', + 'minitems': 1, + 'uniqueItems': True, + 'items': { + 'type': 'string' + }, + 'default': [], + } + + return schema + + def __init__(self, name, options, project): + super().__init__(name, options, project) + + def build(self): + super().build() + + for extension in self.options.extensions: + self.run(['pecl', 'install', extension], cwd=os.path.join(self.installdir, 'bin')) diff --git a/parts/plugins/x-redis.py b/parts/plugins/x-redis.py new file mode 100644 index 0000000..9b8a922 --- /dev/null +++ b/parts/plugins/x-redis.py @@ -0,0 +1,27 @@ +import os +import logging +import shutil +import re +import subprocess + +import snapcraft +from snapcraft.plugins import make + +logger = logging.getLogger(__name__) + + +class RedisPlugin(make.MakePlugin): + + def build(self): + super(make.MakePlugin, self).build() + + command = ['make'] + + if self.options.makefile: + command.extend(['-f', self.options.makefile]) + + if self.options.make_parameters: + command.extend(self.options.make_parameters) + + self.run(command + ['-j{}'.format(self.project.parallel_build_count)]) + self.run(command + ['install', 'PREFIX=' + self.installdir]) diff --git a/snapcraft.yaml b/snapcraft.yaml index 0742234..b7cd04d 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -25,6 +25,12 @@ apps: daemon: simple plugs: [network, network-bind] + # redis server daemon + redis-server: + command: start-redis-server + daemon: simple + plugs: [network, network-bind] + # mDNS daemon mdns-publisher: command: delay-on-failure mdns-publisher nextcloud @@ -74,7 +80,7 @@ parts: - -htdocs/.git* php: - plugin: autotools + plugin: php source: http://us1.php.net/get/php-7.0.2.tar.gz/from/this/mirror source-type: tar install-via: prefix @@ -112,6 +118,17 @@ parts: organize: # Put php-fpm in bin with everything else, not sbin. sbin/php-fpm: bin/php-fpm + extensions: [redis] + + redis: + plugin: redis + source: http://download.redis.io/releases/redis-3.2.1.tar.gz + + redis-customizations: + plugin: copy + files: + src/redis/config/*: config/redis/ + src/redis/scripts/*: bin/ # Copy over our PHP configuration file. php-customizations: diff --git a/src/nextcloud/config.php b/src/nextcloud/config.php index 5d88af7..9342802 100644 --- a/src/nextcloud/config.php +++ b/src/nextcloud/config.php @@ -44,6 +44,13 @@ 'mysql', ), +'memcache.locking' => '\OC\Memcache\Redis', +'memcache.local' => '\OC\Memcache\Redis', +'redis' => array( + 'host' => '/var/snap/'.$snap_name.'/current/redis/redis.sock', + 'port' => 0, +), + /** * Nextcloud doesn't support hosting the config file out of the application, so * this version of Nextclout has been patched slightly to allow for it. As a diff --git a/src/php/config/php.ini b/src/php/config/php.ini index 8696923..fb7d84a 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -900,6 +900,8 @@ default_socket_timeout = 60 ;extension=php_xmlrpc.dll ;extension=php_xsl.dll +extension=redis.so + ;;;;;;;;;;;;;;;;;;; ; Module Settings ; ;;;;;;;;;;;;;;;;;;; diff --git a/src/redis/config/redis.conf b/src/redis/config/redis.conf new file mode 100644 index 0000000..78d5d14 --- /dev/null +++ b/src/redis/config/redis.conf @@ -0,0 +1,1023 @@ +# Redis configuration file example. +# +# Note that in order to read the configuration file, Redis must be +# started with the file path as first argument: +# +# ./redis-server /path/to/redis.conf + +# Note on units: when memory size is needed, it is possible to specify +# it in the usual form of 1k 5GB 4M and so forth: +# +# 1k => 1000 bytes +# 1kb => 1024 bytes +# 1m => 1000000 bytes +# 1mb => 1024*1024 bytes +# 1g => 1000000000 bytes +# 1gb => 1024*1024*1024 bytes +# +# units are case insensitive so 1GB 1Gb 1gB are all the same. + +################################## INCLUDES ################################### + +# Include one or more other config files here. This is useful if you +# have a standard template that goes to all Redis servers but also need +# to customize a few per-server settings. Include files can include +# other files, so use this wisely. +# +# Notice option "include" won't be rewritten by command "CONFIG REWRITE" +# from admin or Redis Sentinel. Since Redis always uses the last processed +# line as value of a configuration directive, you'd better put includes +# at the beginning of this file to avoid overwriting config change at runtime. +# +# If instead you are interested in using includes to override configuration +# options, it is better to use include as the last line. +# +# include /path/to/local.conf +# include /path/to/other.conf + +################################## NETWORK ##################################### + +# By default, if no "bind" configuration directive is specified, Redis listens +# for connections from all the network interfaces available on the server. +# It is possible to listen to just one or multiple selected interfaces using +# the "bind" configuration directive, followed by one or more IP addresses. +# +# Examples: +# +# bind 192.168.1.100 10.0.0.1 +# bind 127.0.0.1 ::1 +# +# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the +# internet, binding to all the interfaces is dangerous and will expose the +# instance to everybody on the internet. So by default we uncomment the +# following bind directive, that will force Redis to listen only into +# the IPv4 lookback interface address (this means Redis will be able to +# accept connections only from clients running into the same computer it +# is running). +# +# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES +# JUST COMMENT THE FOLLOWING LINE. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +bind 127.0.0.1 + +# Protected mode is a layer of security protection, in order to avoid that +# Redis instances left open on the internet are accessed and exploited. +# +# When protected mode is on and if: +# +# 1) The server is not binding explicitly to a set of addresses using the +# "bind" directive. +# 2) No password is configured. +# +# The server only accepts connections from clients connecting from the +# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain +# sockets. +# +# By default protected mode is enabled. You should disable it only if +# you are sure you want clients from other hosts to connect to Redis +# even if no authentication is configured, nor a specific set of interfaces +# are explicitly listed using the "bind" directive. +protected-mode yes + +# Accept connections on the specified port, default is 6379 (IANA #815344). +# If port 0 is specified Redis will not listen on a TCP socket. +port 0 + +# TCP listen() backlog. +# +# In high requests-per-second environments you need an high backlog in order +# to avoid slow clients connections issues. Note that the Linux kernel +# will silently truncate it to the value of /proc/sys/net/core/somaxconn so +# make sure to raise both the value of somaxconn and tcp_max_syn_backlog +# in order to get the desired effect. +tcp-backlog 511 + +# Unix socket. +# +# Specify the path for the Unix socket that will be used to listen for +# incoming connections. There is no default, so Redis will not listen +# on a unix socket when not specified. +# +unixsocket ${SNAP_DATA}/redis/redis.sock +# unixsocketperm 700 + +# Close the connection after a client is idle for N seconds (0 to disable) +timeout 0 + +# TCP keepalive. +# +# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence +# of communication. This is useful for two reasons: +# +# 1) Detect dead peers. +# 2) Take the connection alive from the point of view of network +# equipment in the middle. +# +# On Linux, the specified value (in seconds) is the period used to send ACKs. +# Note that to close the connection the double of the time is needed. +# On other kernels the period depends on the kernel configuration. +# +# A reasonable value for this option is 300 seconds, which is the new +# Redis default starting with Redis 3.2.1. +tcp-keepalive 300 + +################################# GENERAL ##################################### + +# By default Redis does not run as a daemon. Use 'yes' if you need it. +# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. +daemonize no + +# If you run Redis from upstart or systemd, Redis can interact with your +# supervision tree. Options: +# supervised no - no supervision interaction +# supervised upstart - signal upstart by putting Redis into SIGSTOP mode +# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET +# supervised auto - detect upstart or systemd method based on +# UPSTART_JOB or NOTIFY_SOCKET environment variables +# Note: these supervision methods only signal "process is ready." +# They do not enable continuous liveness pings back to your supervisor. +supervised no + +# If a pid file is specified, Redis writes it where specified at startup +# and removes it at exit. +# +# When the server runs non daemonized, no pid file is created if none is +# specified in the configuration. When the server is daemonized, the pid file +# is used even if not specified, defaulting to "/var/run/redis.pid". +# +# Creating a pid file is best effort: if Redis is not able to create it +# nothing bad happens, the server will start and run normally. +pidfile ${SNAP_DATA}/redis/redis.pid + +# Specify the server verbosity level. +# This can be one of: +# debug (a lot of information, useful for development/testing) +# verbose (many rarely useful info, but not a mess like the debug level) +# notice (moderately verbose, what you want in production probably) +# warning (only very important / critical messages are logged) +loglevel notice + +# Specify the log file name. Also the empty string can be used to force +# Redis to log on the standard output. Note that if you use standard +# output for logging but daemonize, logs will be sent to /dev/null +logfile ${SNAP_DATA}/redis/redis.log + +# To enable logging to the system logger, just set 'syslog-enabled' to yes, +# and optionally update the other syslog parameters to suit your needs. +# syslog-enabled no + +# Specify the syslog identity. +# syslog-ident redis + +# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. +# syslog-facility local0 + +# Set the number of databases. The default database is DB 0, you can select +# a different one on a per-connection basis using SELECT where +# dbid is a number between 0 and 'databases'-1 +databases 16 + +################################ SNAPSHOTTING ################################ +# +# Save the DB on disk: +# +# save +# +# Will save the DB if both the given number of seconds and the given +# number of write operations against the DB occurred. +# +# In the example below the behaviour will be to save: +# after 900 sec (15 min) if at least 1 key changed +# after 300 sec (5 min) if at least 10 keys changed +# after 60 sec if at least 10000 keys changed +# +# Note: you can disable saving completely by commenting out all "save" lines. +# +# It is also possible to remove all the previously configured save +# points by adding a save directive with a single empty string argument +# like in the following example: +# +# save "" + +save 900 1 +save 300 10 +save 60 10000 + +# By default Redis will stop accepting writes if RDB snapshots are enabled +# (at least one save point) and the latest background save failed. +# This will make the user aware (in a hard way) that data is not persisting +# on disk properly, otherwise chances are that no one will notice and some +# disaster will happen. +# +# If the background saving process will start working again Redis will +# automatically allow writes again. +# +# However if you have setup your proper monitoring of the Redis server +# and persistence, you may want to disable this feature so that Redis will +# continue to work as usual even if there are problems with disk, +# permissions, and so forth. +stop-writes-on-bgsave-error yes + +# Compress string objects using LZF when dump .rdb databases? +# For default that's set to 'yes' as it's almost always a win. +# If you want to save some CPU in the saving child set it to 'no' but +# the dataset will likely be bigger if you have compressible values or keys. +rdbcompression yes + +# Since version 5 of RDB a CRC64 checksum is placed at the end of the file. +# This makes the format more resistant to corruption but there is a performance +# hit to pay (around 10%) when saving and loading RDB files, so you can disable it +# for maximum performances. +# +# RDB files created with checksum disabled have a checksum of zero that will +# tell the loading code to skip the check. +rdbchecksum yes + +# The filename where to dump the DB +dbfilename dump.rdb + +# The working directory. +# +# The DB will be written inside this directory, with the filename specified +# above using the 'dbfilename' configuration directive. +# +# The Append Only File will also be created inside this directory. +# +# Note that you must specify a directory here, not a file name. +dir ${SNAP_DATA}/redis/ + +################################# REPLICATION ################################# + +# Master-Slave replication. Use slaveof to make a Redis instance a copy of +# another Redis server. A few things to understand ASAP about Redis replication. +# +# 1) Redis replication is asynchronous, but you can configure a master to +# stop accepting writes if it appears to be not connected with at least +# a given number of slaves. +# 2) Redis slaves are able to perform a partial resynchronization with the +# master if the replication link is lost for a relatively small amount of +# time. You may want to configure the replication backlog size (see the next +# sections of this file) with a sensible value depending on your needs. +# 3) Replication is automatic and does not need user intervention. After a +# network partition slaves automatically try to reconnect to masters +# and resynchronize with them. +# +# slaveof + +# If the master is password protected (using the "requirepass" configuration +# directive below) it is possible to tell the slave to authenticate before +# starting the replication synchronization process, otherwise the master will +# refuse the slave request. +# +# masterauth + +# When a slave loses its connection with the master, or when the replication +# is still in progress, the slave can act in two different ways: +# +# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will +# still reply to client requests, possibly with out of date data, or the +# data set may just be empty if this is the first synchronization. +# +# 2) if slave-serve-stale-data is set to 'no' the slave will reply with +# an error "SYNC with master in progress" to all the kind of commands +# but to INFO and SLAVEOF. +# +slave-serve-stale-data yes + +# You can configure a slave instance to accept writes or not. Writing against +# a slave instance may be useful to store some ephemeral data (because data +# written on a slave will be easily deleted after resync with the master) but +# may also cause problems if clients are writing to it because of a +# misconfiguration. +# +# Since Redis 2.6 by default slaves are read-only. +# +# Note: read only slaves are not designed to be exposed to untrusted clients +# on the internet. It's just a protection layer against misuse of the instance. +# Still a read only slave exports by default all the administrative commands +# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve +# security of read only slaves using 'rename-command' to shadow all the +# administrative / dangerous commands. +slave-read-only yes + +# Replication SYNC strategy: disk or socket. +# +# ------------------------------------------------------- +# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY +# ------------------------------------------------------- +# +# New slaves and reconnecting slaves that are not able to continue the replication +# process just receiving differences, need to do what is called a "full +# synchronization". An RDB file is transmitted from the master to the slaves. +# The transmission can happen in two different ways: +# +# 1) Disk-backed: The Redis master creates a new process that writes the RDB +# file on disk. Later the file is transferred by the parent +# process to the slaves incrementally. +# 2) Diskless: The Redis master creates a new process that directly writes the +# RDB file to slave sockets, without touching the disk at all. +# +# With disk-backed replication, while the RDB file is generated, more slaves +# can be queued and served with the RDB file as soon as the current child producing +# the RDB file finishes its work. With diskless replication instead once +# the transfer starts, new slaves arriving will be queued and a new transfer +# will start when the current one terminates. +# +# When diskless replication is used, the master waits a configurable amount of +# time (in seconds) before starting the transfer in the hope that multiple slaves +# will arrive and the transfer can be parallelized. +# +# With slow disks and fast (large bandwidth) networks, diskless replication +# works better. +repl-diskless-sync no + +# When diskless replication is enabled, it is possible to configure the delay +# the server waits in order to spawn the child that transfers the RDB via socket +# to the slaves. +# +# This is important since once the transfer starts, it is not possible to serve +# new slaves arriving, that will be queued for the next RDB transfer, so the server +# waits a delay in order to let more slaves arrive. +# +# The delay is specified in seconds, and by default is 5 seconds. To disable +# it entirely just set it to 0 seconds and the transfer will start ASAP. +repl-diskless-sync-delay 5 + +# Slaves send PINGs to server in a predefined interval. It's possible to change +# this interval with the repl_ping_slave_period option. The default value is 10 +# seconds. +# +# repl-ping-slave-period 10 + +# The following option sets the replication timeout for: +# +# 1) Bulk transfer I/O during SYNC, from the point of view of slave. +# 2) Master timeout from the point of view of slaves (data, pings). +# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings). +# +# It is important to make sure that this value is greater than the value +# specified for repl-ping-slave-period otherwise a timeout will be detected +# every time there is low traffic between the master and the slave. +# +# repl-timeout 60 + +# Disable TCP_NODELAY on the slave socket after SYNC? +# +# If you select "yes" Redis will use a smaller number of TCP packets and +# less bandwidth to send data to slaves. But this can add a delay for +# the data to appear on the slave side, up to 40 milliseconds with +# Linux kernels using a default configuration. +# +# If you select "no" the delay for data to appear on the slave side will +# be reduced but more bandwidth will be used for replication. +# +# By default we optimize for low latency, but in very high traffic conditions +# or when the master and slaves are many hops away, turning this to "yes" may +# be a good idea. +repl-disable-tcp-nodelay no + +# Set the replication backlog size. The backlog is a buffer that accumulates +# slave data when slaves are disconnected for some time, so that when a slave +# wants to reconnect again, often a full resync is not needed, but a partial +# resync is enough, just passing the portion of data the slave missed while +# disconnected. +# +# The bigger the replication backlog, the longer the time the slave can be +# disconnected and later be able to perform a partial resynchronization. +# +# The backlog is only allocated once there is at least a slave connected. +# +# repl-backlog-size 1mb + +# After a master has no longer connected slaves for some time, the backlog +# will be freed. The following option configures the amount of seconds that +# need to elapse, starting from the time the last slave disconnected, for +# the backlog buffer to be freed. +# +# A value of 0 means to never release the backlog. +# +# repl-backlog-ttl 3600 + +# The slave priority is an integer number published by Redis in the INFO output. +# It is used by Redis Sentinel in order to select a slave to promote into a +# master if the master is no longer working correctly. +# +# A slave with a low priority number is considered better for promotion, so +# for instance if there are three slaves with priority 10, 100, 25 Sentinel will +# pick the one with priority 10, that is the lowest. +# +# However a special priority of 0 marks the slave as not able to perform the +# role of master, so a slave with priority of 0 will never be selected by +# Redis Sentinel for promotion. +# +# By default the priority is 100. +slave-priority 100 + +# It is possible for a master to stop accepting writes if there are less than +# N slaves connected, having a lag less or equal than M seconds. +# +# The N slaves need to be in "online" state. +# +# The lag in seconds, that must be <= the specified value, is calculated from +# the last ping received from the slave, that is usually sent every second. +# +# This option does not GUARANTEE that N replicas will accept the write, but +# will limit the window of exposure for lost writes in case not enough slaves +# are available, to the specified number of seconds. +# +# For example to require at least 3 slaves with a lag <= 10 seconds use: +# +# min-slaves-to-write 3 +# min-slaves-max-lag 10 +# +# Setting one or the other to 0 disables the feature. +# +# By default min-slaves-to-write is set to 0 (feature disabled) and +# min-slaves-max-lag is set to 10. + +################################## SECURITY ################################### + +# Require clients to issue AUTH before processing any other +# commands. This might be useful in environments in which you do not trust +# others with access to the host running redis-server. +# +# This should stay commented out for backward compatibility and because most +# people do not need auth (e.g. they run their own servers). +# +# Warning: since Redis is pretty fast an outside user can try up to +# 150k passwords per second against a good box. This means that you should +# use a very strong password otherwise it will be very easy to break. +# +# requirepass foobared + +# Command renaming. +# +# It is possible to change the name of dangerous commands in a shared +# environment. For instance the CONFIG command may be renamed into something +# hard to guess so that it will still be available for internal-use tools +# but not available for general clients. +# +# Example: +# +# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 +# +# It is also possible to completely kill a command by renaming it into +# an empty string: +# +# rename-command CONFIG "" +# +# Please note that changing the name of commands that are logged into the +# AOF file or transmitted to slaves may cause problems. + +################################### LIMITS #################################### + +# Set the max number of connected clients at the same time. By default +# this limit is set to 10000 clients, however if the Redis server is not +# able to configure the process file limit to allow for the specified limit +# the max number of allowed clients is set to the current file limit +# minus 32 (as Redis reserves a few file descriptors for internal uses). +# +# Once the limit is reached Redis will close all the new connections sending +# an error 'max number of clients reached'. +# +# maxclients 10000 + +# Don't use more memory than the specified amount of bytes. +# When the memory limit is reached Redis will try to remove keys +# according to the eviction policy selected (see maxmemory-policy). +# +# If Redis can't remove keys according to the policy, or if the policy is +# set to 'noeviction', Redis will start to reply with errors to commands +# that would use more memory, like SET, LPUSH, and so on, and will continue +# to reply to read-only commands like GET. +# +# This option is usually useful when using Redis as an LRU cache, or to set +# a hard memory limit for an instance (using the 'noeviction' policy). +# +# WARNING: If you have slaves attached to an instance with maxmemory on, +# the size of the output buffers needed to feed the slaves are subtracted +# from the used memory count, so that network problems / resyncs will +# not trigger a loop where keys are evicted, and in turn the output +# buffer of slaves is full with DELs of keys evicted triggering the deletion +# of more keys, and so forth until the database is completely emptied. +# +# In short... if you have slaves attached it is suggested that you set a lower +# limit for maxmemory so that there is some free RAM on the system for slave +# output buffers (but this is not needed if the policy is 'noeviction'). +# +# maxmemory + +# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory +# is reached. You can select among five behaviors: +# +# volatile-lru -> remove the key with an expire set using an LRU algorithm +# allkeys-lru -> remove any key according to the LRU algorithm +# volatile-random -> remove a random key with an expire set +# allkeys-random -> remove a random key, any key +# volatile-ttl -> remove the key with the nearest expire time (minor TTL) +# noeviction -> don't expire at all, just return an error on write operations +# +# Note: with any of the above policies, Redis will return an error on write +# operations, when there are no suitable keys for eviction. +# +# At the date of writing these commands are: set setnx setex append +# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd +# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby +# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby +# getset mset msetnx exec sort +# +# The default is: +# +# maxmemory-policy noeviction + +# LRU and minimal TTL algorithms are not precise algorithms but approximated +# algorithms (in order to save memory), so you can tune it for speed or +# accuracy. For default Redis will check five keys and pick the one that was +# used less recently, you can change the sample size using the following +# configuration directive. +# +# The default of 5 produces good enough results. 10 Approximates very closely +# true LRU but costs a bit more CPU. 3 is very fast but not very accurate. +# +# maxmemory-samples 5 + +############################## APPEND ONLY MODE ############################### + +# By default Redis asynchronously dumps the dataset on disk. This mode is +# good enough in many applications, but an issue with the Redis process or +# a power outage may result into a few minutes of writes lost (depending on +# the configured save points). +# +# The Append Only File is an alternative persistence mode that provides +# much better durability. For instance using the default data fsync policy +# (see later in the config file) Redis can lose just one second of writes in a +# dramatic event like a server power outage, or a single write if something +# wrong with the Redis process itself happens, but the operating system is +# still running correctly. +# +# AOF and RDB persistence can be enabled at the same time without problems. +# If the AOF is enabled on startup Redis will load the AOF, that is the file +# with the better durability guarantees. +# +# Please check http://redis.io/topics/persistence for more information. + +appendonly no + +# The name of the append only file (default: "appendonly.aof") + +appendfilename "appendonly.aof" + +# The fsync() call tells the Operating System to actually write data on disk +# instead of waiting for more data in the output buffer. Some OS will really flush +# data on disk, some other OS will just try to do it ASAP. +# +# Redis supports three different modes: +# +# no: don't fsync, just let the OS flush the data when it wants. Faster. +# always: fsync after every write to the append only log. Slow, Safest. +# everysec: fsync only one time every second. Compromise. +# +# The default is "everysec", as that's usually the right compromise between +# speed and data safety. It's up to you to understand if you can relax this to +# "no" that will let the operating system flush the output buffer when +# it wants, for better performances (but if you can live with the idea of +# some data loss consider the default persistence mode that's snapshotting), +# or on the contrary, use "always" that's very slow but a bit safer than +# everysec. +# +# More details please check the following article: +# http://antirez.com/post/redis-persistence-demystified.html +# +# If unsure, use "everysec". + +# appendfsync always +appendfsync everysec +# appendfsync no + +# When the AOF fsync policy is set to always or everysec, and a background +# saving process (a background save or AOF log background rewriting) is +# performing a lot of I/O against the disk, in some Linux configurations +# Redis may block too long on the fsync() call. Note that there is no fix for +# this currently, as even performing fsync in a different thread will block +# our synchronous write(2) call. +# +# In order to mitigate this problem it's possible to use the following option +# that will prevent fsync() from being called in the main process while a +# BGSAVE or BGREWRITEAOF is in progress. +# +# This means that while another child is saving, the durability of Redis is +# the same as "appendfsync none". In practical terms, this means that it is +# possible to lose up to 30 seconds of log in the worst scenario (with the +# default Linux settings). +# +# If you have latency problems turn this to "yes". Otherwise leave it as +# "no" that is the safest pick from the point of view of durability. + +no-appendfsync-on-rewrite no + +# Automatic rewrite of the append only file. +# Redis is able to automatically rewrite the log file implicitly calling +# BGREWRITEAOF when the AOF log size grows by the specified percentage. +# +# This is how it works: Redis remembers the size of the AOF file after the +# latest rewrite (if no rewrite has happened since the restart, the size of +# the AOF at startup is used). +# +# This base size is compared to the current size. If the current size is +# bigger than the specified percentage, the rewrite is triggered. Also +# you need to specify a minimal size for the AOF file to be rewritten, this +# is useful to avoid rewriting the AOF file even if the percentage increase +# is reached but it is still pretty small. +# +# Specify a percentage of zero in order to disable the automatic AOF +# rewrite feature. + +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb + +# An AOF file may be found to be truncated at the end during the Redis +# startup process, when the AOF data gets loaded back into memory. +# This may happen when the system where Redis is running +# crashes, especially when an ext4 filesystem is mounted without the +# data=ordered option (however this can't happen when Redis itself +# crashes or aborts but the operating system still works correctly). +# +# Redis can either exit with an error when this happens, or load as much +# data as possible (the default now) and start if the AOF file is found +# to be truncated at the end. The following option controls this behavior. +# +# If aof-load-truncated is set to yes, a truncated AOF file is loaded and +# the Redis server starts emitting a log to inform the user of the event. +# Otherwise if the option is set to no, the server aborts with an error +# and refuses to start. When the option is set to no, the user requires +# to fix the AOF file using the "redis-check-aof" utility before to restart +# the server. +# +# Note that if the AOF file will be found to be corrupted in the middle +# the server will still exit with an error. This option only applies when +# Redis will try to read more data from the AOF file but not enough bytes +# will be found. +aof-load-truncated yes + +################################ LUA SCRIPTING ############################### + +# Max execution time of a Lua script in milliseconds. +# +# If the maximum execution time is reached Redis will log that a script is +# still in execution after the maximum allowed time and will start to +# reply to queries with an error. +# +# When a long running script exceeds the maximum execution time only the +# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be +# used to stop a script that did not yet called write commands. The second +# is the only way to shut down the server in the case a write command was +# already issued by the script but the user doesn't want to wait for the natural +# termination of the script. +# +# Set it to 0 or a negative value for unlimited execution without warnings. +lua-time-limit 5000 + +################################ REDIS CLUSTER ############################### +# +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however +# in order to mark it as "mature" we need to wait for a non trivial percentage +# of users to deploy it in production. +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +# +# Normal Redis instances can't be part of a Redis Cluster; only nodes that are +# started as cluster nodes can. In order to start a Redis instance as a +# cluster node enable the cluster support uncommenting the following: +# +# cluster-enabled yes + +# Every cluster node has a cluster configuration file. This file is not +# intended to be edited by hand. It is created and updated by Redis nodes. +# Every Redis Cluster node requires a different cluster configuration file. +# Make sure that instances running in the same system do not have +# overlapping cluster configuration file names. +# +# cluster-config-file nodes-6379.conf + +# Cluster node timeout is the amount of milliseconds a node must be unreachable +# for it to be considered in failure state. +# Most other internal time limits are multiple of the node timeout. +# +# cluster-node-timeout 15000 + +# A slave of a failing master will avoid to start a failover if its data +# looks too old. +# +# There is no simple way for a slave to actually have a exact measure of +# its "data age", so the following two checks are performed: +# +# 1) If there are multiple slaves able to failover, they exchange messages +# in order to try to give an advantage to the slave with the best +# replication offset (more data from the master processed). +# Slaves will try to get their rank by offset, and apply to the start +# of the failover a delay proportional to their rank. +# +# 2) Every single slave computes the time of the last interaction with +# its master. This can be the last ping or command received (if the master +# is still in the "connected" state), or the time that elapsed since the +# disconnection with the master (if the replication link is currently down). +# If the last interaction is too old, the slave will not try to failover +# at all. +# +# The point "2" can be tuned by user. Specifically a slave will not perform +# the failover if, since the last interaction with the master, the time +# elapsed is greater than: +# +# (node-timeout * slave-validity-factor) + repl-ping-slave-period +# +# So for example if node-timeout is 30 seconds, and the slave-validity-factor +# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the +# slave will not try to failover if it was not able to talk with the master +# for longer than 310 seconds. +# +# A large slave-validity-factor may allow slaves with too old data to failover +# a master, while a too small value may prevent the cluster from being able to +# elect a slave at all. +# +# For maximum availability, it is possible to set the slave-validity-factor +# to a value of 0, which means, that slaves will always try to failover the +# master regardless of the last time they interacted with the master. +# (However they'll always try to apply a delay proportional to their +# offset rank). +# +# Zero is the only value able to guarantee that when all the partitions heal +# the cluster will always be able to continue. +# +# cluster-slave-validity-factor 10 + +# Cluster slaves are able to migrate to orphaned masters, that are masters +# that are left without working slaves. This improves the cluster ability +# to resist to failures as otherwise an orphaned master can't be failed over +# in case of failure if it has no working slaves. +# +# Slaves migrate to orphaned masters only if there are still at least a +# given number of other working slaves for their old master. This number +# is the "migration barrier". A migration barrier of 1 means that a slave +# will migrate only if there is at least 1 other working slave for its master +# and so forth. It usually reflects the number of slaves you want for every +# master in your cluster. +# +# Default is 1 (slaves migrate only if their masters remain with at least +# one slave). To disable migration just set it to a very large value. +# A value of 0 can be set but is useful only for debugging and dangerous +# in production. +# +# cluster-migration-barrier 1 + +# By default Redis Cluster nodes stop accepting queries if they detect there +# is at least an hash slot uncovered (no available node is serving it). +# This way if the cluster is partially down (for example a range of hash slots +# are no longer covered) all the cluster becomes, eventually, unavailable. +# It automatically returns available as soon as all the slots are covered again. +# +# However sometimes you want the subset of the cluster which is working, +# to continue to accept queries for the part of the key space that is still +# covered. In order to do so, just set the cluster-require-full-coverage +# option to no. +# +# cluster-require-full-coverage yes + +# In order to setup your cluster make sure to read the documentation +# available at http://redis.io web site. + +################################## SLOW LOG ################################### + +# The Redis Slow Log is a system to log queries that exceeded a specified +# execution time. The execution time does not include the I/O operations +# like talking with the client, sending the reply and so forth, +# but just the time needed to actually execute the command (this is the only +# stage of command execution where the thread is blocked and can not serve +# other requests in the meantime). +# +# You can configure the slow log with two parameters: one tells Redis +# what is the execution time, in microseconds, to exceed in order for the +# command to get logged, and the other parameter is the length of the +# slow log. When a new command is logged the oldest one is removed from the +# queue of logged commands. + +# The following time is expressed in microseconds, so 1000000 is equivalent +# to one second. Note that a negative number disables the slow log, while +# a value of zero forces the logging of every command. +slowlog-log-slower-than 10000 + +# There is no limit to this length. Just be aware that it will consume memory. +# You can reclaim memory used by the slow log with SLOWLOG RESET. +slowlog-max-len 128 + +################################ LATENCY MONITOR ############################## + +# The Redis latency monitoring subsystem samples different operations +# at runtime in order to collect data related to possible sources of +# latency of a Redis instance. +# +# Via the LATENCY command this information is available to the user that can +# print graphs and obtain reports. +# +# The system only logs operations that were performed in a time equal or +# greater than the amount of milliseconds specified via the +# latency-monitor-threshold configuration directive. When its value is set +# to zero, the latency monitor is turned off. +# +# By default latency monitoring is disabled since it is mostly not needed +# if you don't have latency issues, and collecting data has a performance +# impact, that while very small, can be measured under big load. Latency +# monitoring can easily be enabled at runtime using the command +# "CONFIG SET latency-monitor-threshold " if needed. +latency-monitor-threshold 0 + +############################# EVENT NOTIFICATION ############################## + +# Redis can notify Pub/Sub clients about events happening in the key space. +# This feature is documented at http://redis.io/topics/notifications +# +# For instance if keyspace events notification is enabled, and a client +# performs a DEL operation on key "foo" stored in the Database 0, two +# messages will be published via Pub/Sub: +# +# PUBLISH __keyspace@0__:foo del +# PUBLISH __keyevent@0__:del foo +# +# It is possible to select the events that Redis will notify among a set +# of classes. Every class is identified by a single character: +# +# K Keyspace events, published with __keyspace@__ prefix. +# E Keyevent events, published with __keyevent@__ prefix. +# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... +# $ String commands +# l List commands +# s Set commands +# h Hash commands +# z Sorted set commands +# x Expired events (events generated every time a key expires) +# e Evicted events (events generated when a key is evicted for maxmemory) +# A Alias for g$lshzxe, so that the "AKE" string means all the events. +# +# The "notify-keyspace-events" takes as argument a string that is composed +# of zero or multiple characters. The empty string means that notifications +# are disabled. +# +# Example: to enable list and generic events, from the point of view of the +# event name, use: +# +# notify-keyspace-events Elg +# +# Example 2: to get the stream of the expired keys subscribing to channel +# name __keyevent@0__:expired use: +# +# notify-keyspace-events Ex +# +# By default all notifications are disabled because most users don't need +# this feature and the feature has some overhead. Note that if you don't +# specify at least one of K or E, no events will be delivered. +notify-keyspace-events "" + +############################### ADVANCED CONFIG ############################### + +# Hashes are encoded using a memory efficient data structure when they have a +# small number of entries, and the biggest entry does not exceed a given +# threshold. These thresholds can be configured using the following directives. +hash-max-ziplist-entries 512 +hash-max-ziplist-value 64 + +# Lists are also encoded in a special way to save a lot of space. +# The number of entries allowed per internal list node can be specified +# as a fixed maximum size or a maximum number of elements. +# For a fixed maximum size, use -5 through -1, meaning: +# -5: max size: 64 Kb <-- not recommended for normal workloads +# -4: max size: 32 Kb <-- not recommended +# -3: max size: 16 Kb <-- probably not recommended +# -2: max size: 8 Kb <-- good +# -1: max size: 4 Kb <-- good +# Positive numbers mean store up to _exactly_ that number of elements +# per list node. +# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size), +# but if your use case is unique, adjust the settings as necessary. +list-max-ziplist-size -2 + +# Lists may also be compressed. +# Compress depth is the number of quicklist ziplist nodes from *each* side of +# the list to *exclude* from compression. The head and tail of the list +# are always uncompressed for fast push/pop operations. Settings are: +# 0: disable all list compression +# 1: depth 1 means "don't start compressing until after 1 node into the list, +# going from either the head or tail" +# So: [head]->node->node->...->node->[tail] +# [head], [tail] will always be uncompressed; inner nodes will compress. +# 2: [head]->[next]->node->node->...->node->[prev]->[tail] +# 2 here means: don't compress head or head->next or tail->prev or tail, +# but compress all nodes between them. +# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail] +# etc. +list-compress-depth 0 + +# Sets have a special encoding in just one case: when a set is composed +# of just strings that happen to be integers in radix 10 in the range +# of 64 bit signed integers. +# The following configuration setting sets the limit in the size of the +# set in order to use this special memory saving encoding. +set-max-intset-entries 512 + +# Similarly to hashes and lists, sorted sets are also specially encoded in +# order to save a lot of space. This encoding is only used when the length and +# elements of a sorted set are below the following limits: +zset-max-ziplist-entries 128 +zset-max-ziplist-value 64 + +# HyperLogLog sparse representation bytes limit. The limit includes the +# 16 bytes header. When an HyperLogLog using the sparse representation crosses +# this limit, it is converted into the dense representation. +# +# A value greater than 16000 is totally useless, since at that point the +# dense representation is more memory efficient. +# +# The suggested value is ~ 3000 in order to have the benefits of +# the space efficient encoding without slowing down too much PFADD, +# which is O(N) with the sparse encoding. The value can be raised to +# ~ 10000 when CPU is not a concern, but space is, and the data set is +# composed of many HyperLogLogs with cardinality in the 0 - 15000 range. +hll-sparse-max-bytes 3000 + +# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in +# order to help rehashing the main Redis hash table (the one mapping top-level +# keys to values). The hash table implementation Redis uses (see dict.c) +# performs a lazy rehashing: the more operation you run into a hash table +# that is rehashing, the more rehashing "steps" are performed, so if the +# server is idle the rehashing is never complete and some more memory is used +# by the hash table. +# +# The default is to use this millisecond 10 times every second in order to +# actively rehash the main dictionaries, freeing memory when possible. +# +# If unsure: +# use "activerehashing no" if you have hard latency requirements and it is +# not a good thing in your environment that Redis can reply from time to time +# to queries with 2 milliseconds delay. +# +# use "activerehashing yes" if you don't have such hard requirements but +# want to free memory asap when possible. +activerehashing yes + +# The client output buffer limits can be used to force disconnection of clients +# that are not reading data from the server fast enough for some reason (a +# common reason is that a Pub/Sub client can't consume messages as fast as the +# publisher can produce them). +# +# The limit can be set differently for the three different classes of clients: +# +# normal -> normal clients including MONITOR clients +# slave -> slave clients +# pubsub -> clients subscribed to at least one pubsub channel or pattern +# +# The syntax of every client-output-buffer-limit directive is the following: +# +# client-output-buffer-limit +# +# A client is immediately disconnected once the hard limit is reached, or if +# the soft limit is reached and remains reached for the specified number of +# seconds (continuously). +# So for instance if the hard limit is 32 megabytes and the soft limit is +# 16 megabytes / 10 seconds, the client will get disconnected immediately +# if the size of the output buffers reach 32 megabytes, but will also get +# disconnected if the client reaches 16 megabytes and continuously overcomes +# the limit for 10 seconds. +# +# By default normal clients are not limited because they don't receive data +# without asking (in a push way), but just after a request, so only +# asynchronous clients may create a scenario where data is requested faster +# than it can read. +# +# Instead there is a default limit for pubsub and slave clients, since +# subscribers and slaves receive data in a push fashion. +# +# Both the hard or the soft limit can be disabled by setting them to zero. +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit slave 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 + +# Redis calls an internal function to perform many background tasks, like +# closing connections of clients in timeout, purging expired keys that are +# never requested, and so forth. +# +# Not all tasks are performed with the same frequency, but Redis checks for +# tasks to perform according to the specified "hz" value. +# +# By default "hz" is set to 10. Raising the value will use more CPU when +# Redis is idle, but at the same time will make Redis more responsive when +# there are many keys expiring at the same time, and timeouts may be +# handled with more precision. +# +# The range is between 1 and 500, however a value over 100 is usually not +# a good idea. Most users should use the default of 10 and raise this up to +# 100 only in environments where very low latency is required. +hz 10 + +# When a child rewrites the AOF file, if the following option is enabled +# the file will be fsync-ed every 32 MB of data generated. This is useful +# in order to commit the file to the disk more incrementally and avoid +# big latency spikes. +aof-rewrite-incremental-fsync yes diff --git a/src/redis/scripts/start-redis-server b/src/redis/scripts/start-redis-server new file mode 100755 index 0000000..87f4835 --- /dev/null +++ b/src/redis/scripts/start-redis-server @@ -0,0 +1,8 @@ +#!/bin/sh + +mkdir -p -m 750 ${SNAP_DATA}/redis + +# redis doesn't support environment variables in its config files. Thankfully +# it supports reading the config file from stdin though, so we'll rewrite the +# config file on the fly and pipe it in. +sed -e "s|\${SNAP_DATA}|$SNAP_DATA|" $SNAP/config/redis/redis.conf | redis-server - From 8c5cd13ef29dd38a70d386af6c0a19137f4b4772 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 20 Jun 2016 21:14:40 +0000 Subject: [PATCH 004/416] Update version to 9.0.50snap2. Also update CHANGELOG and README to reflect changes. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 6 ++++-- snapcraft.yaml | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 9a2a5ba..21f04b2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 9.0.50snap2 + - Use redis for local and locking memcache. + - Use PHP FPM instead of PHP Apache module. + v 9.0.50snap1 - Target series 16. - Use the common directory for Nextcloud data. diff --git a/README.md b/README.md index d491915..c9c76c7 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ Nextcloud server packaged as a snap. It consists of: - Nextcloud 9.0.50 - Apache 2.4 - PHP 7 -- mysql 5.7 +- MySQL 5.7 +- Redis 3.2 - mDNS for network discovery @@ -45,8 +46,9 @@ There are a few CLI utilities included: ## Where is my stuff? - `$SNAP_DATA`: - - Apache and MySQL logs + - Apache, MySQL, and Redis logs - MySQL database + - Redis database - Nextcloud config - Any Nextcloud apps installed by the user - `$SNAP_DATA/../common` (unversioned directory): diff --git a/snapcraft.yaml b/snapcraft.yaml index b7cd04d..aecb2e8 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 9.0.50snap1 +version: 9.0.50snap2 summary: Nextcloud description: Nextcloud running on Apache with MySQL. This is currently in beta. confinement: strict From b6a3fbdce5ea6de4ec349f8b92f5d0760b45112f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 21 Jun 2016 01:43:52 +0000 Subject: [PATCH 005/416] Pull PHP extensions in pull step. Signed-off-by: Kyle Fazzari --- parts/plugins/x-apache.py | 2 +- parts/plugins/x-php.py | 102 ++++++++++++++++++++++++++++++++++++-- snapcraft.yaml | 5 +- 3 files changed, 102 insertions(+), 7 deletions(-) diff --git a/parts/plugins/x-apache.py b/parts/plugins/x-apache.py index eeb8156..69d20fb 100644 --- a/parts/plugins/x-apache.py +++ b/parts/plugins/x-apache.py @@ -173,7 +173,7 @@ def clean_pull(self): def run(self, cmd, cwd=None, **kwargs): env = os.environ.copy() - env['CFLAGS']='-O2' + env['CFLAGS'] = '-O2' super().run(cmd, cwd=cwd, env=env, **kwargs) diff --git a/parts/plugins/x-php.py b/parts/plugins/x-php.py index f2df283..dd7edbb 100644 --- a/parts/plugins/x-php.py +++ b/parts/plugins/x-php.py @@ -10,6 +10,14 @@ logger = logging.getLogger(__name__) +def _populate_options(options, properties, schema): + schema_properties = schema.get('properties', {}) + for key in schema_properties: + attr_name = key.replace('-', '_') + default_value = schema_properties[key].get('default') + attr_value = properties.get(key, default_value) + setattr(options, attr_name, attr_value) + class PhpPlugin(autotools.AutotoolsPlugin): @classmethod @@ -19,10 +27,33 @@ def schema(cls): 'type': 'array', 'minitems': 1, 'uniqueItems': True, - 'items': { - 'type': 'string' - }, 'default': [], + 'items': { + 'type': 'object', + 'properties': { + 'source': { + 'type': 'string' + }, + 'source-type': { + 'type': 'string' + }, + 'source-branch': { + 'type': 'string' + }, + 'source-subdir': { + 'type': 'string' + }, + 'configflags': { + 'type': 'array', + 'minitems': 1, + 'uniqueItems': True, + 'items': { + 'type': 'string', + }, + 'default': [], + } + } + } } return schema @@ -30,8 +61,69 @@ def schema(cls): def __init__(self, name, options, project): super().__init__(name, options, project) + self.extensions_directory = os.path.join(self.partdir, 'extensions') + + class Options(): + pass + + self.extensions = [] + + schema = self.schema()['properties']['extensions']['items'] + + for index, extension in enumerate(self.options.extensions): + options = Options() + _populate_options(options, extension, schema) + options.extension_directory = os.path.join( + self.extensions_directory, 'extension-{}'.format(index)) + self.extensions.append(options) + + def pull(self): + super().pull() + + # Now pull extensions + if self.extensions: + logger.info('Pulling PHP extensions...') + + for extension in self.extensions: + extension_source_directory = os.path.join( + extension.extension_directory, 'src') + os.makedirs(extension_source_directory) + snapcraft.sources.get(extension_source_directory, None, extension) + + def clean_pull(self): + super().clean_pull() + + if os.path.exists(self.extensions_directory): + shutil.rmtree(self.extensions_directory) + + def run(self, cmd, cwd=None, **kwargs): + env = os.environ.copy() + env['CFLAGS'] = '-O2' + + super().run(cmd, cwd=cwd, env=env, **kwargs) + def build(self): super().build() - for extension in self.options.extensions: - self.run(['pecl', 'install', extension], cwd=os.path.join(self.installdir, 'bin')) + if self.extensions: + logger.info('Building PHP extensions...') + + for extension in self.extensions: + extension_source_directory = os.path.join( + extension.extension_directory, 'src') + extension_build_directory = os.path.join( + extension.extension_directory, 'build') + + if os.path.exists(extension_build_directory): + shutil.rmtree(extension_build_directory) + + shutil.copytree(extension_source_directory, extension_build_directory) + + self.run(['{}/phpize'.format(os.path.join(self.installdir, 'bin'))], + cwd=extension_build_directory) + self.run(['./configure'] + extension.configflags, + cwd=extension_build_directory) + self.run(['make', '-j{}'.format( + self.project.parallel_build_count)], + cwd=extension_build_directory) + self.run(['make', 'install'], cwd=extension_build_directory) diff --git a/snapcraft.yaml b/snapcraft.yaml index aecb2e8..efee7b5 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -118,7 +118,10 @@ parts: organize: # Put php-fpm in bin with everything else, not sbin. sbin/php-fpm: bin/php-fpm - extensions: [redis] + extensions: + # Build the redis PHP module + - source: https://github.com/phpredis/phpredis.git + source-branch: php7 redis: plugin: redis From faaf676f794cd3fa77969cf5360c318e47fc3367 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 21 Jun 2016 11:34:31 +0000 Subject: [PATCH 006/416] Use redis even if not a new installation. Signed-off-by: Kyle Fazzari --- src/nextcloud/setup_nextcloud | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/nextcloud/setup_nextcloud b/src/nextcloud/setup_nextcloud index d556739..bd00705 100755 --- a/src/nextcloud/setup_nextcloud +++ b/src/nextcloud/setup_nextcloud @@ -16,6 +16,14 @@ NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config if [ ! -d "$NEXTCLOUD_CONFIG_DIR" ]; then echo "Configuring nextcloud..." cp -r $SNAP/htdocs/config $NEXTCLOUD_CONFIG_DIR +else + # This is not a new installation, so we don't want to overwrite the config. + # We do, however, want to make sure we incorporate the new capabilities of + # this snap version, namely, using Redis for the memcache and file locking. + occ config:system:set redis host --value="/var/snap/$SNAP_NAME/current/redis/redis.sock" --type=string + occ config:system:set redis port --value=0 --type=integer + occ config:system:set memcache.locking --value="\OC\Memcache\Redis" --type=string + occ config:system:set memcache.local --value="\OC\Memcache\Redis" --type=string fi # Wait for PHP FPM to be up and running before continuing, since we need to make From a8f20559aefae7c8afa766bdef00292b6a561cca Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 22 Jun 2016 16:02:09 +0000 Subject: [PATCH 007/416] Bundle mawk. Otherwise LP: #1580018 allows the host system to mess with the awk found by snaps. Fix #11. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 1 + src/php/scripts/start-php-fpm | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index efee7b5..b68452c 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -139,6 +139,7 @@ parts: files: src/php/config/*: config/php/ src/php/scripts/*: bin/ + stage-packages: [mawk] # Copy over our Nextcloud configuration files nextcloud-customizations: diff --git a/src/php/scripts/start-php-fpm b/src/php/scripts/start-php-fpm index d762e41..31366bb 100755 --- a/src/php/scripts/start-php-fpm +++ b/src/php/scripts/start-php-fpm @@ -27,7 +27,7 @@ fi # Tends to be between 30-50MB average_php_memory_requirement=50 -total_memory=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo) +total_memory=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo) export PHP_FPM_MAX_CHILDREN=$(($total_memory/$average_php_memory_requirement)) php-fpm -R -F --fpm-config ${SNAP}/config/php/php-fpm.conf -c ${SNAP}/config/php From 2c0f884a636cc775eb16b5466dc24efcb983cf93 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 22 Jun 2016 16:31:44 +0000 Subject: [PATCH 008/416] Wait for PHP to be up before trying to use occ. Fix #10. Signed-off-by: Kyle Fazzari --- src/nextcloud/setup_nextcloud | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/src/nextcloud/setup_nextcloud b/src/nextcloud/setup_nextcloud index bd00705..febeebe 100755 --- a/src/nextcloud/setup_nextcloud +++ b/src/nextcloud/setup_nextcloud @@ -11,29 +11,29 @@ mkdir -p -m 750 $SNAP_DATA/../common/nextcloud/tmp # Make sure nextcloud extra-apps directory exists (for user apps) mkdir -p -m 750 $SNAP_DATA/nextcloud/extra-apps +# Wait for PHP FPM to be up and running before continuing, since we need to make +# sure we can use occ below. +php_pid_file_path=$SNAP_DATA/php/php-fpm.pid +echo "Waiting for PHP..." +while [ ! -f "$php_pid_file_path" ]; do + sleep 1 +done + # If this is a new install, make sure it's configured correctly NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config if [ ! -d "$NEXTCLOUD_CONFIG_DIR" ]; then echo "Configuring nextcloud..." cp -r $SNAP/htdocs/config $NEXTCLOUD_CONFIG_DIR else - # This is not a new installation, so we don't want to overwrite the config. - # We do, however, want to make sure we incorporate the new capabilities of - # this snap version, namely, using Redis for the memcache and file locking. - occ config:system:set redis host --value="/var/snap/$SNAP_NAME/current/redis/redis.sock" --type=string - occ config:system:set redis port --value=0 --type=integer - occ config:system:set memcache.locking --value="\OC\Memcache\Redis" --type=string - occ config:system:set memcache.local --value="\OC\Memcache\Redis" --type=string + # This is not a new installation, so we don't want to overwrite the config. + # We do, however, want to make sure we incorporate the new capabilities of + # this snap version, namely, using Redis for the memcache and file locking. + occ config:system:set redis host --value="/var/snap/$SNAP_NAME/current/redis/redis.sock" --type=string + occ config:system:set redis port --value=0 --type=integer + occ config:system:set memcache.locking --value="\OC\Memcache\Redis" --type=string + occ config:system:set memcache.local --value="\OC\Memcache\Redis" --type=string fi -# Wait for PHP FPM to be up and running before continuing, since we need to make -# sure we can run the upgrade process below. -php_pid_file_path=$SNAP_DATA/php/php-fpm.pid -echo "Waiting for PHP..." -while [ ! -f "$php_pid_file_path" ]; do - sleep 1 -done - # Finally, make sure nextcloud is up to date. The return code of the upgrade # can be used to determine the outcome: # succes = 0; From f85f29c6e6fd7252aad84fecd53355614375be22 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 22 Jun 2016 16:38:00 +0000 Subject: [PATCH 009/416] Update version to 9.0.50snap3. Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ snapcraft.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 21f04b2..d5b2942 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 9.0.50snap3 + - Wait for PHP to be up before trying to use occ. + - Bundle mawk. + v 9.0.50snap2 - Use redis for local and locking memcache. - Use PHP FPM instead of PHP Apache module. diff --git a/snapcraft.yaml b/snapcraft.yaml index b68452c..5d0da61 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 9.0.50snap2 +version: 9.0.50snap3 summary: Nextcloud description: Nextcloud running on Apache with MySQL. This is currently in beta. confinement: strict From 94255c2e1576a50bd5c122de93f63c80cc1cc822 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 1 Aug 2016 13:05:51 -0700 Subject: [PATCH 010/416] Upgrade Nextcloud to 9.0.53. This resolves #18. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 5d0da61..5ba9823 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 9.0.50snap3 +version: 9.0.53snap1 summary: Nextcloud description: Nextcloud running on Apache with MySQL. This is currently in beta. confinement: strict @@ -51,7 +51,7 @@ parts: apache: plugin: apache source: https://github.com/kyrofa/nextcloud.git - source-tag: 9.0.50 + source-tag: 9.0.53 # The built-in Apache modules to enable modules: From bf8606946dac03a3c7e08950fb8e06ad2c84919a Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 2 Aug 2016 15:08:00 -0700 Subject: [PATCH 011/416] Update version number to 9.0.53 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index d5b2942..a25d861 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 9.0.53snap1 + - Upgrade Nextcloud to 9.0.53. + v 9.0.50snap3 - Wait for PHP to be up before trying to use occ. - Bundle mawk. diff --git a/README.md b/README.md index c9c76c7..41674bd 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 9.0.50 +- Nextcloud 9.0.53 - Apache 2.4 - PHP 7 - MySQL 5.7 @@ -51,6 +51,6 @@ There are a few CLI utilities included: - Redis database - Nextcloud config - Any Nextcloud apps installed by the user -- `$SNAP_DATA/../common` (unversioned directory): +- `$SNAP_COMMON` - Nextcloud data - Nextcloud logs From b03d473e21880a22376487ba05ee2dc7ec9950bc Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 19 Aug 2016 16:15:56 +0000 Subject: [PATCH 012/416] Build PHP with jpeg support. This fixes #24. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/snapcraft.yaml b/snapcraft.yaml index 5ba9823..8cff257 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -101,6 +101,7 @@ parts: - --with-mcrypt - --enable-exif - --enable-intl + - --with-jpeg-dir=/usr/lib - --disable-rpath stage-packages: # These are only included here until the OS snap stabilizes @@ -110,6 +111,7 @@ parts: - libxml2-dev - libcurl4-openssl-dev - libpng12-dev + - libjpeg9-dev - libbz2-dev - libmcrypt-dev snap: From ea5b58ef0c0e4fba2a8f50030c0dffd2a1752a8a Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 28 Jul 2016 23:12:28 +0000 Subject: [PATCH 013/416] Add support for HTTPS. Add `enable-https` and `disable-https` commands. By default, HTTP-only. `enable-https` supports HTTPS via self-signed certificates or Let's Encrypt. In the latter case, HSTS is enabled and the snap obtains an A+ from SSL Labs. This should close #6. Signed-off-by: Kyle Fazzari --- parts/plugins/x-apache.py | 277 +---------------- snapcraft.yaml | 88 +++++- src/apache/conf/httpd.conf | 190 ++++++++++++ src/apache/conf/ssl.conf | 163 ++++++++++ src/apache/scripts/httpd-wrapper | 21 ++ src/apache/scripts/run-httpd | 14 + .../certbot_nextcloud_plugin/__init__.py | 0 src/https/certbot_nextcloud_plugin/webroot.py | 290 ++++++++++++++++++ src/https/scripts/disable-https | 18 ++ src/https/scripts/enable-https | 109 +++++++ src/https/scripts/renew-certs | 29 ++ src/https/setup.py | 16 + src/https/utilities/https-utilities | 91 ++++++ src/nextcloud/apache_config | 27 -- src/nextcloud/{ => config}/autoconfig.php | 0 src/nextcloud/{ => config}/config.php | 2 +- src/nextcloud/{ => scripts}/occ | 0 src/nextcloud/{ => scripts}/setup_nextcloud | 2 +- 18 files changed, 1021 insertions(+), 316 deletions(-) create mode 100644 src/apache/conf/httpd.conf create mode 100644 src/apache/conf/ssl.conf create mode 100755 src/apache/scripts/httpd-wrapper create mode 100755 src/apache/scripts/run-httpd create mode 100644 src/https/certbot_nextcloud_plugin/__init__.py create mode 100644 src/https/certbot_nextcloud_plugin/webroot.py create mode 100755 src/https/scripts/disable-https create mode 100755 src/https/scripts/enable-https create mode 100755 src/https/scripts/renew-certs create mode 100644 src/https/setup.py create mode 100755 src/https/utilities/https-utilities delete mode 100644 src/nextcloud/apache_config rename src/nextcloud/{ => config}/autoconfig.php (100%) rename src/nextcloud/{ => config}/config.php (96%) rename src/nextcloud/{ => scripts}/occ (100%) rename src/nextcloud/{ => scripts}/setup_nextcloud (98%) diff --git a/parts/plugins/x-apache.py b/parts/plugins/x-apache.py index 69d20fb..ff08d62 100644 --- a/parts/plugins/x-apache.py +++ b/parts/plugins/x-apache.py @@ -1,51 +1,13 @@ -import os -import logging -import shutil -import re import subprocess - import snapcraft -logger = logging.getLogger(__name__) - - -def _search_and_replace(directory, search_pattern, replacement): - for root, directories, files in os.walk(directory): - for file_name in files: - _search_and_replace_contents(os.path.join(root, file_name), - search_pattern, replacement) - -def _search_and_replace_contents(file_path, search_pattern, replacement): - try: - with open(file_path, 'r+') as f: - try: - original = f.read() - except UnicodeDecodeError: - # This was probably a binary file. Skip it. - return - - replaced = search_pattern.sub(replacement, original) - if replaced != original: - f.seek(0) - f.truncate() - f.write(replaced) - except PermissionError: - logger.warning('Unable to open {!r} for writing-- skipping...'.format( - file_path)) - -def _populate_options(options, properties, schema): - schema_properties = schema.get('properties', {}) - for key in schema_properties: - attr_name = key.replace('-', '_') - default_value = schema_properties[key].get('default') - attr_value = properties.get(key, default_value) - setattr(options, attr_name, attr_value) class ApachePlugin(snapcraft.BasePlugin): @classmethod def schema(cls): schema = super().schema() + schema['properties']['modules'] = { 'type': 'array', 'minitems': 1, @@ -54,50 +16,11 @@ def schema(cls): 'type': 'string' }, } + schema['properties']['mpm'] = { 'type': 'string', 'default': 'event', } - schema['properties']['third-party-modules'] = { - 'type': 'array', - 'minitems': 1, - 'uniqueItems': True, - 'default': [], - 'items': { - 'type': 'object', - 'properties': { - 'source': { - 'type': 'string' - }, - 'source-type': { - 'type': 'string' - }, - 'source-branch': { - 'type': 'string' - }, - 'source-subdir': { - 'type': 'string' - }, - 'configflags': { - 'type': 'array', - 'minitems': 1, - 'uniqueItems': True, - 'items': { - 'type': 'string', - }, - 'default': [], - } - } - } - } - schema['properties']['startup-script'] = { - 'type': 'string', - 'default': '', - } - schema['properties']['extra-configuration'] = { - 'type': 'string', - 'default': '', - } schema['required'].append('modules') @@ -110,208 +33,18 @@ def __init__(self, name, options, project): ['pkg-config', 'libapr1-dev', 'libaprutil1-dev', 'libpcre3-dev', 'libssl-dev']) - self.apache_directory = os.path.join(self.partdir, 'apache') - self.third_party_modules_directory = os.path.join( - self.partdir, 'third-party-modules') - self.startup_file_path = os.path.join('bin', 'startup_script') - self.extra_configuration_file_path = os.path.join( - 'conf', 'extra_configuration') - - class Options(): - pass - - self.third_party_modules = [] - - schema = self.schema()['properties']['third-party-modules']['items'] - - for index, module in enumerate(self.options.third_party_modules): - options = Options() - _populate_options(options, module, schema) - options.module_directory = os.path.join( - self.third_party_modules_directory, 'module-{}'.format(index)) - self.third_party_modules.append(options) - - def pull(self): - super().pull() - - if self.options.startup_script and not os.path.isfile(self.options.startup_script): - raise RuntimeError( - 'startup-script file "{}" doesn\'t exist'.format( - self.options.startup_script)) - - if self.options.extra_configuration and not os.path.isfile(self.options.extra_configuration): - raise RuntimeError( - 'extra-configuration file "{}" doesn\'t exist'.format( - self.options.extra_configuration)) - - apache_source_directory = os.path.join(self.apache_directory, 'src') - apache_sources = snapcraft.sources.Tar('http://ftp.wayne.edu/apache/httpd/httpd-2.4.20.tar.gz', apache_source_directory) - - os.makedirs(apache_source_directory) - - logger.info('Downloading Apache sources...') - apache_sources.pull() - - self._pull_third_party_modules() - - def _pull_third_party_modules(self): - logger.info('Pulling third-party modules...') - for module in self.third_party_modules: - module_source_directory = os.path.join( - module.module_directory, 'src') - os.makedirs(module_source_directory) - snapcraft.sources.get(module_source_directory, None, module) - - def clean_pull(self): - super().clean_pull() - - if os.path.exists(self.apache_directory): - shutil.rmtree(self.apache_directory) - - if os.path.exists(self.third_party_modules_directory): - shutil.rmtree(self.third_party_modules_directory) - - def run(self, cmd, cwd=None, **kwargs): - env = os.environ.copy() - env['CFLAGS'] = '-O2' - - super().run(cmd, cwd=cwd, env=env, **kwargs) - def build(self): super().build() - apache_source_directory = os.path.join(self.apache_directory, 'src') - apache_build_directory = os.path.join(self.apache_directory, 'build') - if os.path.exists(apache_build_directory): - shutil.rmtree(apache_build_directory) - - shutil.copytree(apache_source_directory, apache_build_directory) - subprocess.check_call( "./configure --prefix={} --with-mpm={} --enable-modules=none --enable-mods-shared='{}' ENABLED_DSO_MODULES='{}'".format( self.installdir, self.options.mpm, ' '.join(self.options.modules), ','.join(self.options.modules)), - cwd=apache_build_directory, shell=True) + cwd=self.builddir, shell=True) self.run( ['make', '-j{}'.format( self.project.parallel_build_count)], - cwd=apache_build_directory) - self.run(['make', 'install'], cwd=apache_build_directory) - - self._build_third_party_modules() - - # Blow away the htdocs shipped with Apache, and copy in the - # user-provided one. - htdocs = os.path.join(self.installdir, 'htdocs') - shutil.rmtree(htdocs) - shutil.copytree(self.builddir, htdocs) - - # Copy startup script, if provided - if self.options.startup_script: - - shutil.copyfile(self.options.startup_script, - os.path.join(self.installdir, - self.startup_file_path)) - - # Copy extra configuration file, if provided - if self.options.extra_configuration: - shutil.copyfile(self.options.extra_configuration, - os.path.join(self.installdir, - self.extra_configuration_file_path)) - - self._fixup_apachectl() - - # Crawl through the entire install directory, making sure the instances - # of the installation prefix are replaced with $SNAP. - _search_and_replace(self.installdir, re.compile(self.installdir), - '${SNAP}') - - # Put the Apache logs in $SNAP_DATA/apache/ - self._configure_logging_directory('${SNAP_DATA}/apache/logs') - - self._disable_running_as_user_or_group() - self._set_mutex_type() - - self._configure_httpd_conf() - - self._configure_startup_procedure() - - def _build_third_party_modules(self): - logger.info('Building third-party modules...') - for module in self.third_party_modules: - module_source_directory = os.path.join( - module.module_directory, 'src') - module_build_directory = os.path.join( - module.module_directory, 'build') - - if os.path.exists(module_build_directory): - shutil.rmtree(module_build_directory) - - shutil.copytree(module_source_directory, module_build_directory) - - configure_command = [ - './configure', '--prefix=' + self.installdir, - '--with-apxs2={}/bin/apxs'.format(self.installdir), - '--disable-rpath'] - - self.run(configure_command + module.configflags, - cwd=module_build_directory) - self.run(['make', '-j{}'.format( - self.project.parallel_build_count)], - cwd=module_build_directory) - self.run(['make', 'install'], cwd=module_build_directory) - - def _configure_startup_procedure(self): - # Setup startup script (piggybacking on envvars) - with open(os.path.join(self.installdir, 'bin', 'envvars'), 'w') as f: - f.write('# Make sure log directory exists\n') - f.write('mkdir -p -m 750 ${SNAP_DATA}/apache\n') - f.write('mkdir -p -m 750 ${SNAP_DATA}/apache/logs') - - if self.options.startup_script: - f.write('\n. ${{SNAP}}/{}'.format(self.startup_file_path)) - - def _fixup_apachectl(self): - # Make sure apachectl doesn't use single quotes, and make sure it runs - # out of $SNAP - _search_and_replace_contents( - os.path.join(self.installdir, 'bin', 'apachectl'), - re.compile(r'HTTPD=.*bin/httpd.*'), - 'HTTPD="${SNAP}/bin/httpd -d ${SNAP}"') - - def _configure_logging_directory(self, log_directory): - _search_and_replace_contents( - os.path.join(self.installdir, 'conf', 'httpd.conf'), - re.compile(r'CustomLog.*'), - 'CustomLog "{}/access_log" common'.format(log_directory)) - _search_and_replace_contents( - os.path.join(self.installdir, 'conf', 'httpd.conf'), - re.compile(r'ErrorLog.*'), - 'ErrorLog "{}/error_log"'.format(log_directory)) - - def _disable_running_as_user_or_group(self): - # Don't try to run under a dedicated user/group - _search_and_replace_contents( - os.path.join(self.installdir, 'conf', 'httpd.conf'), - re.compile(r'(User|Group)'), r'# \1') - - def _set_mutex_type(self): - # Using pthread here, since Apache tries to chown the file-based mutex - # which isn't allowed in Snappy, and Ubuntu supports robust pthread - # mutexes that can be recovered if the child process terminates - # abnormally. - _search_and_replace_contents( - os.path.join(self.installdir, 'conf', 'httpd.conf'), - re.compile(r'# Mutex default:logs'), r'Mutex pthread') - - def _configure_httpd_conf(self): - with open(os.path.join(self.installdir, 'conf', 'httpd.conf'), 'a') as f: - # Make sure the pidfile is in a writeable location - f.write('\nPidFile "${SNAP_DATA}/apache/httpd.pid"') - - # Include extra configuration (if provided) - if self.options.extra_configuration: - f.write('\nInclude ${{SNAP}}/{}'.format( - self.extra_configuration_file_path)) + cwd=self.builddir) + self.run(['make', 'install'], cwd=self.builddir) diff --git a/snapcraft.yaml b/snapcraft.yaml index 8cff257..05741a4 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -7,9 +7,10 @@ confinement: strict apps: # Apache daemon apache: - command: apachectl start -DFOREGROUND - stop-command: apachectl stop + command: run-httpd -k start -DFOREGROUND + stop-command: run-httpd -k stop daemon: simple + restart-condition: always plugs: [network, network-bind] # MySQL daemon @@ -17,24 +18,28 @@ apps: command: start_mysql stop-command: support-files/mysql.server stop daemon: simple + restart-condition: always plugs: [network, network-bind] # PHP FPM daemon php-fpm: command: start-php-fpm daemon: simple + restart-condition: always plugs: [network, network-bind] # redis server daemon redis-server: command: start-redis-server daemon: simple + restart-condition: always plugs: [network, network-bind] # mDNS daemon mdns-publisher: command: delay-on-failure mdns-publisher nextcloud daemon: simple + restart-condition: always plugs: [network, network-bind] # MySQL client @@ -47,11 +52,28 @@ apps: command: occ plugs: [network, network-bind] + enable-https: + command: enable-https + plugs: [network, network-bind] + + disable-https: + command: disable-https + plugs: [network, network-bind] + + certbot: + command: certbot + plugs: [network, network-bind] + + renew-certs: + command: renew-certs + daemon: simple + restart-condition: always + plugs: [network, network-bind] + parts: apache: plugin: apache - source: https://github.com/kyrofa/nextcloud.git - source-tag: 9.0.53 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.23.tar.bz2 # The built-in Apache modules to enable modules: @@ -66,18 +88,40 @@ parts: - authz_core - unixd - alias + - ssl + - socache_shmcb - # Extra Apache configuration for Nextcloud (and PHP) - extra-configuration: src/nextcloud/apache_config - - # Script to run before bringing up Apache - startup-script: src/nextcloud/setup_nextcloud - + filesets: + exclude: + - -man + - -manual + - -htdocs + - -include + - -build + - -conf/httpd.conf + - -conf/magic + - -conf/original + - -conf/extra + - -bin/apachectl + - -bin/envvars* stage: - - -htdocs/.git* + - $exclude snap: - - -manual # No need to include the documentation in the .snap - - -htdocs/.git* + - $exclude + + apache-customizations: + plugin: copy + files: + src/apache/scripts/*: bin/ + src/apache/conf/*: conf/ + + nextcloud: + plugin: copy + source: https://github.com/kyrofa/nextcloud.git + source-tag: 9.0.53 + files: + '*': htdocs/ + '.htaccess': htdocs/ php: plugin: php @@ -147,8 +191,8 @@ parts: nextcloud-customizations: plugin: copy files: - src/nextcloud/*config.php: htdocs/config/ - src/nextcloud/occ: bin/ + src/nextcloud/config/*: htdocs/config/ + src/nextcloud/scripts/*: bin/ # Download the boost headers for MySQL. Note that the version used may need to # be updated if the version of MySQL changes. @@ -236,3 +280,17 @@ parts: plugin: copy files: src/delay-on-failure/delay-on-failure: bin/ + + certbot-nextcloud-plugin: + plugin: python2 + source: src/https/ + build-packages: [python-dev, libffi-dev] + + setup-https: + plugin: copy + files: + src/https/scripts/*: bin/ + src/https/utilities/*: utilities/ + stage-packages: [openssl] + stage: [-etc/ssl] + snap: [-etc/ssl] diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf new file mode 100644 index 0000000..d5110bd --- /dev/null +++ b/src/apache/conf/httpd.conf @@ -0,0 +1,190 @@ +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot "${SNAP}" + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 80 + +# +# Mutex: Allows you to set the mutex mechanism and mutex file directory +# for individual mutexes, or change the global defaults +# +# Using pthread here, since Apache tries to chown the file-based mutex +# which isn't allowed in Snappy, and Ubuntu supports robust pthread +# mutexes that can be recovered if the child process terminates +# abnormally. +# +Mutex pthread + +# +# PidFile: Allows you to place the pidfile in a specific location. +PidFile "${SNAP_DATA}/apache/httpd.pid" + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule mime_module modules/mod_mime.so +LoadModule env_module modules/mod_env.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule proxy_module modules/mod_proxy.so +LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule dir_module modules/mod_dir.so +LoadModule alias_module modules/mod_alias.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride none + Require all denied + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "${SNAP}/htdocs" + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # AllowOverride FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# Serve static assets for apps in a writable location. +Alias "/extra-apps" "${SNAP_DATA}/nextcloud/extra-apps" + + AllowOverride None + Require all granted + + +# Serve ACME authentication data (Let's Encrypt). +Alias "/.well-known" "${SNAP_DATA}/certs/certbot/.well-known" + + AllowOverride None + Require all granted + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# Setup the proxy to PHP-FPM +ProxyTimeout 900 + + SetHandler "proxy:unix:${SNAP_DATA}/php/php-fpm.sock|fcgi://localhost/" + + + + + +# +# Default log location. If you define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog "${SNAP_DATA}/apache/logs/error_log" + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# +# TypesConfig points to the file containing the list of mappings from +# filename extension to MIME-type. +# +TypesConfig conf/mime.types + +# Only enable SSL if requested + + Include ${SNAP}/conf/ssl.conf + + + # In this case, we're HTTP only. + + # Include Nextcloud's .htaccess file directly. In a typical setup this would + # be dangerous since it increases the capability of the .htaccess file in + # case an attacker was able to modify it, but that's not actually possible + # on Snappy (since the .htaccess file is read-only) so we'll do it here so + # as to avoid manually copying it in and needing to maintain it. + Include ${SNAP}/htdocs/.htaccess + + diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf new file mode 100644 index 0000000..560aadc --- /dev/null +++ b/src/apache/conf/ssl.conf @@ -0,0 +1,163 @@ +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 443 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +LoadModule ssl_module modules/mod_ssl.so + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# SSL Protocol support: +# List the protocol versions which clients are allowed to connect with. +# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be +# disabled as quickly as practical. By the end of 2016, only the TLSv1.2 +# protocol or later should remain in use. +SSLProtocol all -SSLv3 +SSLProxyProtocol all -SSLv3 + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is an internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache "shmcb:${SNAP_DATA}/apache/ssl_scache(512000)" +SSLSessionCacheTimeout 300 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +# +SSLRandomSeed startup builtin +SSLRandomSeed startup file:/dev/urandom 512 +SSLRandomSeed connect builtin +SSLRandomSeed connect file:/dev/urandom 512 + +# Virtual host for HTTP. All it does it redirect to HTTPS. + + RewriteEngine on + RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] + + +# Virtual host for HTTPS. + + # Include Nextcloud's .htaccess file directly. In a typical setup this would + # be dangerous since it increases the capability of the .htaccess file in + # case an attacker was able to modify it, but that's not actually possible + # on Snappy (since the .htaccess file is read-only) so we'll do it here so + # as to avoid manually copying it in and needing to maintain it. + Include ${SNAP}/htdocs/.htaccess + + SSLEngine on + SSLHonorCipherOrder On + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; + + SSLCertificateFile ${SNAP_DATA}/certs/live/cert.pem + SSLCertificateKeyFile ${SNAP_DATA}/certs/live/privkey.pem + SSLCertificateChainFile ${SNAP_DATA}/certs/live/chain.pem + + # SSL Engine Options: + # Set various options for the SSL engine. + # o FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that + # the standard Auth/DBMAuth methods can be used for access control. The + # user name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + # o ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the + # server (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates + # into CGI scripts. + # o StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the + # exportation for CGI and SSI requests only. + # o StrictRequire: + # This denies access when "SSLRequireSSL" or "SSLRequire" applied even + # under a "Satisfy any" situation, i.e. when it applies access is denied + # and no other module can change it. + # o OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is sent or allowed to be received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + + # Enable HSTS only if requested + + Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" + + diff --git a/src/apache/scripts/httpd-wrapper b/src/apache/scripts/httpd-wrapper new file mode 100755 index 0000000..1f5cf1a --- /dev/null +++ b/src/apache/scripts/httpd-wrapper @@ -0,0 +1,21 @@ +#!/bin/sh + +. $SNAP/utilities/https-utilities + +params="" +if [ -e $LIVE_CERTS_DIRECTORY ]; then + echo "Certificates have been activated: using HTTPS only" + params="$params -DEnableHTTPS" + + # Only enable HSTS if the certificate is not self-signed. + if ! self_signed_certificates_are_active; then + echo "Certificates don't appear self-signed: enabling HSTS" + params="$params -DEnableHSTS" + else + echo "Certificates appear self-signed: disabling HSTS" + fi +else + echo "No certificates are active: using HTTP only" +fi + +httpd -d $SNAP $params $@ diff --git a/src/apache/scripts/run-httpd b/src/apache/scripts/run-httpd new file mode 100755 index 0000000..e858e63 --- /dev/null +++ b/src/apache/scripts/run-httpd @@ -0,0 +1,14 @@ +#!/bin/sh + +mkdir -p -m 750 $SNAP_DATA/apache/logs + +# Make sure Nextcloud is installed and running +echo "Making sure nextcloud is setup..." +setup_nextcloud +if [ $? -ne 0 ]; then + echo "Failed to setup nextcloud" + exit 1 +fi + +echo "All set! Running httpd..." +httpd-wrapper $@ diff --git a/src/https/certbot_nextcloud_plugin/__init__.py b/src/https/certbot_nextcloud_plugin/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/https/certbot_nextcloud_plugin/webroot.py b/src/https/certbot_nextcloud_plugin/webroot.py new file mode 100644 index 0000000..38e01ce --- /dev/null +++ b/src/https/certbot_nextcloud_plugin/webroot.py @@ -0,0 +1,290 @@ +"""Nextcloud webroot plugin.""" +import argparse +import collections +import errno +import json +import logging +import os + +import six +import zope.component +import zope.interface + +from acme import challenges + +from certbot import cli +from certbot import errors +from certbot import interfaces +from certbot.display import util as display_util +from certbot.plugins import common + + +logger = logging.getLogger(__name__) + + +@zope.interface.implementer(interfaces.IAuthenticator) +@zope.interface.provider(interfaces.IPluginFactory) +class Authenticator(common.Plugin): + """Nextcloud Webroot Authenticator.""" + + description = "Place files in webroot directory" + + MORE_INFO = """\ +Authenticator plugin that performs http-01 challenge by saving +necessary validation resources to appropriate paths on the file +system. It expects that there is some other HTTP server configured +to serve all files under specified web root ({0}). This differes +from the normal Webroot authenticator by the fact that this plugin +doesn't even attempt to use chown.""" + + def more_info(self): # pylint: disable=missing-docstring,no-self-use + return self.MORE_INFO.format(self.conf("path")) + + @classmethod + def add_parser_arguments(cls, add): + add("path", default=[], action=_WebrootPathAction, + help="public_html / webroot path. This can be specified multiple " + "times to handle different domains; each domain will have " + "the webroot path that preceded it. For instance: `-w " + "/var/www/example -d example.com -d www.example.com -w " + "/var/www/thing -d thing.net -d m.thing.net`") + add("map", default={}, action=_WebrootMapAction, + help="JSON dictionary mapping domains to webroot paths; this " + "implies -d for each entry. You may need to escape this from " + "your shell. E.g.: --webroot-map " + '\'{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}\' ' + "This option is merged with, but takes precedence over, -w / " + "-d entries. At present, if you put webroot-map in a config " + "file, it needs to be on a single line, like: webroot-map = " + '{"example.com":"/var/www"}.') + + def get_chall_pref(self, domain): # pragma: no cover + # pylint: disable=missing-docstring,no-self-use,unused-argument + return [challenges.HTTP01] + + def __init__(self, *args, **kwargs): + super(Authenticator, self).__init__(*args, **kwargs) + self.full_roots = {} + self.performed = collections.defaultdict(set) + + def prepare(self): # pylint: disable=missing-docstring + pass + + def perform(self, achalls): # pylint: disable=missing-docstring + self._set_webroots(achalls) + + self._create_challenge_dirs() + + return [self._perform_single(achall) for achall in achalls] + + def _set_webroots(self, achalls): + if self.conf("path"): + webroot_path = self.conf("path")[-1] + logger.info("Using the webroot path %s for all unmatched domains.", + webroot_path) + for achall in achalls: + self.conf("map").setdefault(achall.domain, webroot_path) + else: + known_webroots = list(set(six.itervalues(self.conf("map")))) + for achall in achalls: + if achall.domain not in self.conf("map"): + new_webroot = self._prompt_for_webroot(achall.domain, + known_webroots) + # Put the most recently input + # webroot first for easy selection + try: + known_webroots.remove(new_webroot) + except ValueError: + pass + known_webroots.insert(0, new_webroot) + self.conf("map")[achall.domain] = new_webroot + + def _prompt_for_webroot(self, domain, known_webroots): + webroot = None + + while webroot is None: + webroot = self._prompt_with_webroot_list(domain, known_webroots) + + if webroot is None: + webroot = self._prompt_for_new_webroot(domain) + + return webroot + + def _prompt_with_webroot_list(self, domain, known_webroots): + display = zope.component.getUtility(interfaces.IDisplay) + + while True: + code, index = display.menu( + "Select the webroot for {0}:".format(domain), + ["Enter a new webroot"] + known_webroots, + help_label="Help", cli_flag="--" + self.option_name("path")) + if code == display_util.CANCEL: + raise errors.PluginError( + "Every requested domain must have a " + "webroot when using the webroot plugin.") + elif code == display_util.HELP: + display.notification( + "To use the webroot plugin, you need to have an " + "HTTP server running on this system serving files " + "for the requested domain. Additionally, this " + "server should be serving all files contained in a " + "public_html or webroot directory. The webroot " + "plugin works by temporarily saving necessary " + "resources in the HTTP server's webroot directory " + "to pass domain validation challenges.") + else: # code == display_util.OK + return None if index == 0 else known_webroots[index - 1] + + def _prompt_for_new_webroot(self, domain): + display = zope.component.getUtility(interfaces.IDisplay) + + while True: + code, webroot = display.directory_select( + "Input the webroot for {0}:".format(domain)) + if code == display_util.HELP: + # Help can currently only be selected + # when using the ncurses interface + display.notification(display_util.DSELECT_HELP) + elif code == display_util.CANCEL: + return None + else: # code == display_util.OK + try: + return _validate_webroot(webroot) + except errors.PluginError as error: + display.notification(str(error), pause=False) + + def _create_challenge_dirs(self): + path_map = self.conf("map") + if not path_map: + raise errors.PluginError( + "Missing parts of webroot configuration; please set either " + "--webroot-path and --domains, or --webroot-map. Run with " + " --help webroot for examples.") + for name, path in path_map.items(): + self.full_roots[name] = os.path.join(path, challenges.HTTP01.URI_ROOT_PATH) + + logger.debug("Creating root challenges validation dir at %s", + self.full_roots[name]) + + # Change the permissions to be writable (GH #1389) + # Umask is used instead of chmod to ensure the client can also + # run as non-root (GH #1795) + old_umask = os.umask(0o022) + + try: + # This is coupled with the "umask" call above because + # os.makedirs's "mode" parameter may not always work: + # https://stackoverflow.com/questions/5231901/permission-problems-when-creating-a-dir-with-os-makedirs-python + os.makedirs(self.full_roots[name], 0o0755) + + # Set owner as parent directory if possible +# try: +# stat_path = os.stat(path) +# os.chown(self.full_roots[name], stat_path.st_uid, +# stat_path.st_gid) +# except OSError as exception: +# logger.info("Unable to change owner and uid of webroot directory") +# logger.debug("Error was: %s", exception) + + except OSError as exception: + if exception.errno != errno.EEXIST: + raise errors.PluginError( + "Couldn't create root for {0} http-01 " + "challenge responses: {1}", name, exception) + finally: + os.umask(old_umask) + + def _get_validation_path(self, root_path, achall): + return os.path.join(root_path, achall.chall.encode("token")) + + def _perform_single(self, achall): + response, validation = achall.response_and_validation() + + root_path = self.full_roots[achall.domain] + validation_path = self._get_validation_path(root_path, achall) + logger.debug("Attempting to save validation to %s", validation_path) + + # Change permissions to be world-readable, owner-writable (GH #1795) + old_umask = os.umask(0o022) + + try: + with open(validation_path, "w") as validation_file: + validation_file.write(validation.encode()) + finally: + os.umask(old_umask) + + self.performed[root_path].add(achall) + + return response + + def cleanup(self, achalls): # pylint: disable=missing-docstring + for achall in achalls: + root_path = self.full_roots.get(achall.domain, None) + if root_path is not None: + validation_path = self._get_validation_path(root_path, achall) + logger.debug("Removing %s", validation_path) + os.remove(validation_path) + self.performed[root_path].remove(achall) + + for root_path, achalls in six.iteritems(self.performed): + if not achalls: + try: + os.rmdir(root_path) + logger.debug("All challenges cleaned up, removing %s", + root_path) + except OSError as exc: + logger.info( + "Unable to clean up challenge directory %s", root_path) + logger.debug("Error was: %s", exc) + + +class _WebrootMapAction(argparse.Action): + """Action class for parsing webroot_map.""" + + def __call__(self, parser, namespace, webroot_map, option_string=None): + for domains, webroot_path in six.iteritems(json.loads(webroot_map)): + webroot_path = _validate_webroot(webroot_path) + namespace.webroot_map.update( + (d, webroot_path) for d in cli.add_domains(namespace, domains)) + + +class _WebrootPathAction(argparse.Action): + """Action class for parsing webroot_path.""" + + def __init__(self, *args, **kwargs): + super(_WebrootPathAction, self).__init__(*args, **kwargs) + self._domain_before_webroot = False + + def __call__(self, parser, namespace, webroot_path, option_string=None): + if self._domain_before_webroot: + raise errors.PluginError( + "If you specify multiple webroot paths, " + "one of them must precede all domain flags") + + current_path = getattr(namespace, self.dest) + if current_path: + # Apply previous webroot to all matched + # domains before setting the new webroot path + prev_webroot = current_path[-1] + for domain in namespace.domains: + namespace.webroot_map.setdefault(domain, prev_webroot) + elif namespace.domains: + self._domain_before_webroot = True + + current_path.append(_validate_webroot(webroot_path)) + setattr(namespace, self.dest, current_path) + + +def _validate_webroot(webroot_path): + """Validates and returns the absolute path of webroot_path. + + :param str webroot_path: path to the webroot directory + + :returns: absolute path of webroot_path + :rtype: str + + """ + if not os.path.isdir(webroot_path): + raise errors.PluginError(webroot_path + " does not exist or is not a directory") + + return os.path.abspath(webroot_path) diff --git a/src/https/scripts/disable-https b/src/https/scripts/disable-https new file mode 100755 index 0000000..090f617 --- /dev/null +++ b/src/https/scripts/disable-https @@ -0,0 +1,18 @@ +#!/bin/sh + +. $SNAP/utilities/https-utilities + +if [ $(id -u) -ne 0 ]; then + echo "This utility needs to run as root" + exit 1 +fi + +if certificates_are_active; then + echo -n "Deactivating HTTPS... " + deactivate_certificates + echo "done" + restart_apache_if_running +else + echo "HTTPS doesn't seem enabled" + exit 1 +fi diff --git a/src/https/scripts/enable-https b/src/https/scripts/enable-https new file mode 100755 index 0000000..ab76207 --- /dev/null +++ b/src/https/scripts/enable-https @@ -0,0 +1,109 @@ +#!/bin/sh + +. $SNAP/utilities/https-utilities + +extra_params="" +cert_type="" + +while getopts ":dtsh" opt; do + case $opt in + d) extra_params="$extra_params --dry-run";; + t) extra_params="$extra_params --test-cert";; + s) cert_type="self-signed";; + h) + echo "Usage:" + echo " $0 [-h -t -d -s]" + echo "" + echo " -t: Obtain a test certificate. This is a valid Let's" + echo " Encrypt certificate, but is not signed by a" + echo " recognized CA, so browsers won't accept it." + echo " -d: Dry run: don't actually obtain/install certificates" + echo " from Let's Encrypt, but make sure it's possible." + echo " -s: Generate and use a self-signed certificate. This" + echo " is easier to setup than Let's Encrypt certificates," + echo " but will cause warnings in browsers." + exit 0 + ;; + \?) + echo "Invalid option: -$OPTARG" + exit 1 + ;; + esac +done + +if [ $(id -u) -ne 0 ]; then + echo "This utility needs to run as root" + exit 1 +fi + +if [ "$cert_type" = "self-signed" ]; then + echo -n "Generating key and self-signed certificate... " + output=$(generate_self_signed_certificate 2>&1) + if [ $? -ne 0 ]; then + echo "error:" + echo "$output" + exit 1 + fi + + echo "done" + activate_self_signed_certificate +else + echo "In order for Let's Encrypt to verify that you actually own the domain for" + echo "which you're requesting a certificate, there are a number of requirements" + echo "of which you need to be aware:" + echo "" + + echo "1. In order to register with the Let's Encrypt ACME server, you must agree" + echo " to the currently-in-effect Subscriber Agreement located here:" + echo "" + echo " https://letsencrypt.org/repository/" + echo "" + echo " By continuing to use this tool you agree to these terms. Please cancel" + echo " now if otherwise." + echo "" + + echo "2. You must have the domain name(s) for which you want certificates" + echo " pointing at the external IP address of this machine." + echo "" + + echo "3. Both ports 80 and 443 on the external IP address of this machine must" + echo " point to this machine (e.g. port forwarding might need to be setup on" + echo " your router)." + echo "" + + while true; do + read -p "Have you met these requirements? (y/n) " answer + case $answer in + [Yy]* ) break;; + [Nn]* ) exit;; + * ) echo "Please answer yes or no.";; + esac + done + + read -p "Please enter an email address (for urgent notices or key recovery): " email + + domains="" + read -p "Please enter your domain name(s) (space-separated): " answer + for domain in $answer; do + domains="$domains -d $domain" + done + + echo -n "Attempting to obtain certificates... " + output=$(run_certbot certonly $extra_params \ + --authenticator nextcloud:webroot \ + --nextcloud:webroot-path $CERTBOT_DIRECTORY \ + --rsa-key-size 4096 \ + --email $email \ + --non-interactive \ + --agree-tos \ + --force-renewal \ + $domains 2>&1) + if [ $? -eq 0 ]; then + echo "done" + activate_certbot_certificate + else + echo "error running certbot:" + echo "" + echo "$output" + fi +fi diff --git a/src/https/scripts/renew-certs b/src/https/scripts/renew-certs new file mode 100755 index 0000000..0359371 --- /dev/null +++ b/src/https/scripts/renew-certs @@ -0,0 +1,29 @@ +#!/bin/sh + +. $SNAP/utilities/https-utilities + +# The number of seconds remaining in the validity of the certificate +# before renewing it. 2592000 seconds is 30 days. +seconds_to_renew=2592000 + +while true; do + if [ -f $SELF_SIGNED_CERT ]; then + # Check the self-signed certificate. Does it need to be renewed? + cert_date=$(openssl x509 -noout -enddate -in $SELF_SIGNED_CERT | sed -e 's/.*=\(.*\)$/\1/') + cert_date=$(date -d "$cert_date" "+%s") + current_date=$(date "+%s") + difference=$(($cert_date-$current_date)) + if [ $difference -lt $seconds_to_renew ]; then + echo "Renewing self-signed certificate" + generate_self_signed_certificate + else + echo "Self-signed certificates aren't due for renewal" + fi + fi + + # No need to check the Let's Encrypt certificates-- they'll only + # renew if they're within 30 days of expiration. + run_certbot renew + + sleep 1d # Run once a day +done diff --git a/src/https/setup.py b/src/https/setup.py new file mode 100644 index 0000000..55603d6 --- /dev/null +++ b/src/https/setup.py @@ -0,0 +1,16 @@ +from setuptools import setup, find_packages + + +setup( + name='nextcloud', + packages=find_packages(), + install_requires=[ + 'certbot', + 'zope.interface', + ], + entry_points={ + 'certbot.plugins': [ + 'webroot = certbot_nextcloud_plugin.webroot:Authenticator', + ], + }, +) diff --git a/src/https/utilities/https-utilities b/src/https/utilities/https-utilities new file mode 100755 index 0000000..d74ab8f --- /dev/null +++ b/src/https/utilities/https-utilities @@ -0,0 +1,91 @@ +#!/bin/sh + +LIVE_CERTS_DIRECTORY=$SNAP_DATA/certs/live +LIVE_CERT=$LIVE_CERTS_DIRECTORY/cert.pem +LIVE_KEY=$LIVE_CERTS_DIRECTORY/privkey.pem +LIVE_CHAIN=$LIVE_CERTS_DIRECTORY/chain.pem + +SELF_SIGNED_DIRECTORY=$SNAP_DATA/certs/self-signed +SELF_SIGNED_KEY=$SELF_SIGNED_DIRECTORY/privkey.pem +SELF_SIGNED_CERT=$SELF_SIGNED_DIRECTORY/cert.pem +SELF_SIGNED_CHAIN=$SELF_SIGNED_DIRECTORY/chain.pem + +CERTBOT_DIRECTORY=$SNAP_DATA/certs/certbot +CERTBOT_LIVE_DIRECTORY=$CERTBOT_DIRECTORY/config/live + +APACHE_PIDFILE=$SNAP_DATA/apache/httpd.pid + +# If this function is run multiple times it will replace the certificate +# and key if they're already present. +generate_self_signed_certificate() +{ + mkdir -p -m 750 $(dirname $SELF_SIGNED_KEY) + mkdir -p -m 750 $(dirname $SELF_SIGNED_CERT) + mkdir -p -m 750 $(dirname $SELF_SIGNED_CHAIN) + + openssl req -newkey rsa:4096 -nodes -keyout $SELF_SIGNED_KEY \ + -x509 -days 90 -out $SELF_SIGNED_CERT -subj "/O=Nextcloud" + + rm -f $SELF_SIGNED_CHAIN + ln -s $SELF_SIGNED_CERT $SELF_SIGNED_CHAIN +} + +activate_self_signed_certificate() +{ + deactivate_certificates + ln -s $SELF_SIGNED_DIRECTORY $LIVE_CERTS_DIRECTORY + restart_apache_if_running +} + +self_signed_certificates_are_active() +{ + [ "$(realpath $LIVE_CERTS_DIRECTORY)" = "$SELF_SIGNED_DIRECTORY" ] +} + +certificates_are_active() +{ + [ -e $LIVE_CERTS_DIRECTORY ] +} + +deactivate_certificates() +{ + rm -rf $LIVE_CERTS_DIRECTORY +} + +activate_certbot_certificate() +{ + # There shouldn't be multiple domains here since we have no way to + # support them, but account for the possibility by simply taking the + # first domain's certificates. + certdir=$(ls $CERTBOT_LIVE_DIRECTORY | sort -n | head -1) + + deactivate_certificates + ln -s $CERTBOT_LIVE_DIRECTORY/$certdir $LIVE_CERTS_DIRECTORY + restart_apache_if_running +} + +# Run a certbot instance that writes to snap-writable data. +run_certbot() +{ + certbot --text --config-dir $CERTBOT_DIRECTORY/config \ + --work-dir $CERTBOT_DIRECTORY/work \ + --logs-dir $CERTBOT_DIRECTORY/logs $@ +} + +restart_apache_if_running() +{ + if [ -f $APACHE_PIDFILE ]; then + # Restart apache by stopping it and letting systemd start it again. + echo -n "Restarting apache... " + output=$(httpd-wrapper -k stop 2>&1) + if [ $? -eq 0 ]; then + while [ -f $APACHE_PIDFILE ]; do + sleep 1 + done + echo "done" + else + echo "error" + echo "$output" + fi + fi +} diff --git a/src/nextcloud/apache_config b/src/nextcloud/apache_config deleted file mode 100644 index 2fbd04b..0000000 --- a/src/nextcloud/apache_config +++ /dev/null @@ -1,27 +0,0 @@ -# PHP-FPM -ProxyTimeout 900 - - SetHandler "proxy:unix:${SNAP_DATA}/php/php-fpm.sock|fcgi://localhost/" - - - - - -# Serve static assets for apps in a writable location. -Alias "/extra-apps" "${SNAP_DATA}/nextcloud/extra-apps" - - AllowOverride None - Require all granted - - - - # Include Nextcloud's .htaccess file directly. In a typical setup this would - # be dangerous since it increases the capability of the .htaccess file in - # case an attacker was able to modify it, but that's not actually possible - # on Snappy (since the .htaccess file is read-only) so we'll do it here so - # as to avoid manually copying it in and needing to maintain it. - Include ${SNAP}/htdocs/.htaccess - - # Note that nothing else is included here as this directive is merged with - # the one in the main configuration file. - diff --git a/src/nextcloud/autoconfig.php b/src/nextcloud/config/autoconfig.php similarity index 100% rename from src/nextcloud/autoconfig.php rename to src/nextcloud/config/autoconfig.php diff --git a/src/nextcloud/config.php b/src/nextcloud/config/config.php similarity index 96% rename from src/nextcloud/config.php rename to src/nextcloud/config/config.php index 9342802..f1736ce 100644 --- a/src/nextcloud/config.php +++ b/src/nextcloud/config/config.php @@ -53,7 +53,7 @@ /** * Nextcloud doesn't support hosting the config file out of the application, so - * this version of Nextclout has been patched slightly to allow for it. As a + * this version of Nextcloud has been patched slightly to allow for it. As a * result, we fail the integrity check, so we'll just disable it. */ 'integrity.check.disabled' => true, diff --git a/src/nextcloud/occ b/src/nextcloud/scripts/occ similarity index 100% rename from src/nextcloud/occ rename to src/nextcloud/scripts/occ diff --git a/src/nextcloud/setup_nextcloud b/src/nextcloud/scripts/setup_nextcloud similarity index 98% rename from src/nextcloud/setup_nextcloud rename to src/nextcloud/scripts/setup_nextcloud index febeebe..3fd6d06 100755 --- a/src/nextcloud/setup_nextcloud +++ b/src/nextcloud/scripts/setup_nextcloud @@ -48,7 +48,7 @@ return_code=$? if [ $return_code -eq 1 ]; then echo "Nextcloud is not yet installed-- no upgrade necessary" elif [ $return_code -eq 3 ]; then - echo "Nextclout is fully upgraded" + echo "Nextcloud is fully upgraded" elif [ $return_code -ne 0 ]; then echo "Unable to upgrade Nextcloud. Will try again." # occ may have left it in maintenance mode, so turn that off From 5e5cb6847a9ce0daf260f051d360daae02bf04f2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 22 Aug 2016 18:41:57 -0700 Subject: [PATCH 014/416] Update version number to 9.0.53snap2. Also update README and CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 9 ++++++++- snapcraft.yaml | 6 +----- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a25d861..a5cc742 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 9.0.53snap2 + - Add support for HTTPS. + - Build PHP with jpeg support. + v 9.0.53snap1 - Upgrade Nextcloud to 9.0.53. diff --git a/README.md b/README.md index 41674bd..c6cbb7a 100644 --- a/README.md +++ b/README.md @@ -41,12 +41,19 @@ There are a few CLI utilities included: - MySQL client preconfigured to communicate with Nextcloud MySQL server. This may be useful in case you need to migrate Nextcloud installations. Note that it requires `sudo`. +- `nextcloud.enable-https`: + - Enable HTTPS, either via self-signed certificates or via Let's Encrypt. + HTTP will redirect to HTTPS. The certificates will automatically be kept + up-to-date. See `nextcloud.enable-https -h` for more information. +- `nextcloud.disable-https`: + - Disable HTTPS (does not remove certificates). ## Where is my stuff? - `$SNAP_DATA`: - - Apache, MySQL, and Redis logs + - Apache, PHP, MySQL, and Redis logs + - Keys and certificates - MySQL database - Redis database - Nextcloud config diff --git a/snapcraft.yaml b/snapcraft.yaml index 05741a4..81b6301 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 9.0.53snap1 +version: 9.0.53snap2 summary: Nextcloud description: Nextcloud running on Apache with MySQL. This is currently in beta. confinement: strict @@ -60,10 +60,6 @@ apps: command: disable-https plugs: [network, network-bind] - certbot: - command: certbot - plugs: [network, network-bind] - renew-certs: command: renew-certs daemon: simple From 057110771e4a15ab7924c03bdcc88618a83f660e Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 26 Aug 2016 16:00:01 -0700 Subject: [PATCH 015/416] Integrate with Travis CI for automatic deployment. --- .travis.yml | 18 ++++++++++++++++++ .travis/deploy_key.enc | Bin 0 -> 3248 bytes 2 files changed, 18 insertions(+) create mode 100644 .travis.yml create mode 100644 .travis/deploy_key.enc diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..492820b --- /dev/null +++ b/.travis.yml @@ -0,0 +1,18 @@ +language: generic + +env: +- GIT_SSH="/tmp/ssh" + +after_success: +- echo -e '#!/bin/sh\n\nssh -o StrictHostKeyChecking=no $*' >> /tmp/ssh +- chmod a+x /tmp/ssh + +- openssl aes-256-cbc -K $encrypted_9ace74c1b6ff_key -iv $encrypted_9ace74c1b6ff_iv + -in .travis/deploy_key.enc -out .travis/deploy_key -d +- chmod 600 .travis/deploy_key + +- eval "$(ssh-agent -s)" +- ssh-add .travis/deploy_key + +- git remote add deploy git+ssh://nextcloud-snappy-bot@git.launchpad.net/nextcloud-snap +- git push deploy $TRAVIS_BRANCH --force diff --git a/.travis/deploy_key.enc b/.travis/deploy_key.enc new file mode 100644 index 0000000000000000000000000000000000000000..e3e2b624a08bad2995d3c02db6fa903fc5a4aad3 GIT binary patch literal 3248 zcmV;h3{UeSXW$oS8n2tGlRaiYial+V?zNeC(cXED)cko%{83qX(!Ion1x2}6uxJNy zl5y!eXv6JwOM>*{3#>NPQz^&n99sX=g*N$j^^T|^JjU+cb0KM`)Nw8D{zZ_@wXm=3 zrwo6Tj!hq+i`PIL{{e7eybjsmNVgWdiGR;`WbaM3e6O3gKsS;BYm0AR6KR?8udse% z`;}kkgm*0ncJ#Z2?D;>Y1x9s3avy7w_kre(aId&wTP$rCrdU1hfx-amNN0gNkp=8) zzgtk2ax7Es?~may=-{>|m3Zxf`&tL6JDUPF=yu;9_D!+~7fL-U;3La>57dA>u)x#%YzE;aT-kXZ8zhl1H4YDpcpRc|u=X zPh?pVvYwMcf!D)roE~@b#{T{IL8S4(&aN=z;p-p-5&wBHnkdq@i$*5281^c%I`*~@ zh@5Lx5|b8dEwpFxiHPbkn(RH&M{0I+w-bvx`(RMiHY+&%A@u^UkEy&w;IdG6$LtO# z%~(aDK&)b=pi-7)=TDY8>E-EZ=uQE0WlDd!NcT=&&-Z>Sg0!j|N7h`cjGPiLgS*EA zF^hY>ehI;#`y_4WCi9MzbO&aX^2A=M3N$ z1sHAa8i`QBbkwH^6M7jIGcSH|22nVXo!L;uY+GIWqrNSNW@!d=6URo}Cz?)++b|Wm zeYAQ~QP;RJZW%`G25!~G5Cnl3Hq8br=X*^od{z?aLM#49XBx|!oz7BM&Unqjd6#@U zqap$LTyE>ctmO(t(dM8G%Fq-bYV|%NC-@jmqrQ&KDn{MEq9rO><0=K;kg zLe$N0mrsh5+$mAVRcSpO)gn)MaEmS%&>v-2xrZD1pqy3t>0o!GMvFsdjU;8;3uAc$ zXws3s9IuU3$sE|4WDeZs z0oUDH;5Y;coMAp5Ch85Y5fA(18+xXqC9YmO#5=78VrSRjnt>nvPFM#5(oxHWz&#*M zQ!YyDQ`wQDK3B6B)68BwNZU;DRO%;RPbWdPQsFX-=qCk2LKw^7 zLN3~?ugKO{34ilNmX@0Ei&@v307 zg_<-aC8@QeL8Y<87O9HejXgO~z8hCBU4mOi#Pcm)H1#`sZt0Zo&oq$yn45eEUNH}1 z6d(4RCM3}-{l^sH6rH{FuICWMN#iZhKC;pthQ5);qeFK&y0?J~IeH@2 zM}o81#^LUrC~uaZkeV;-Jfdui)8RS?wFObyiL zW}=3dDO#f}PQ}9PXv+^wSCO34TUKo`GMJk>r zQYc*oVn9594tWF>A7DgIv7oqhmyT@o{gxL=*gEK0k$K{Cpk(!@3@#lQ5^)b)hT1-N zD;cpC%=XBjJHVi3PY?8_df83R;K~XEA)it(o|?}9Qvw6j-P*Mr7CGB}XDy#1T%(OrL#dW7PJ>mMhE4;X0c9lktxCcz~2#VmtqW(%Ixm=$F@6Y4*x2oBU3>s9&(}zm| z>)5uoQF}%#G*<@5Og#g?AwzrvLEP5DwM3&zXJ()5uvRy@5YQ2R*@=9Jr|v)_h_1U##SrlnG^`dk!XLnaRj+~ty~k}dxs0}(jGRskBJL(P=m_Axq>r=aolYVUFqwH zvrh6{hU@zxO3E&asoVR8*ONdi(~1)Z#G2rKOz!xtWyMbqlhA2-H0;p8rU3u#CaL?7(zVFHv?KKeqphbs-gE;8RVu*%C4HaN4!xI22C>DSZ zEHkjdcaHWFA^DTX4^Tc|uO2@|g!=4AQY~os-O zQOH@p`qRAJ8iYe#HI8N>p+*lY$J^yw?dG(4&$2toc^-#vWJg-eH<(igd?3GKXj6-D zCAiWWR59rD<(vGH<`%hxL*3JE6f|gw2dvhho>JHsp zMR@HL@0wC9?Xl^bFI$PaH!0<>GRgdDP;Y#LL?zP#Sq_&Hy@UEaRe6~itc9xwlBp-4 zOSA+jqUPF&sc~!yKhw*2f#ylH<5{o80uTF!q(1*ca??z@G}sq|w-I|vK}(KoZN1B< zPz5|Nu5nCHF(H|%=GH9ZRomsrk|Xtxz^8XkGGCAJ@e;GO}xf{+}S0k(oHGe3;#)isE!Q|ad~fm_>zIr z1XJO5kUrfV;7%vC<~iWMV6p1xYlrFa5l+^C=7u8w5~xT zGga7N-%oP=h8!;9JLzpA(jO0c=2ika)`0zE0=V`Wy9Nn`#%*9!XH$=a$Ly?q!diHh zl1#=S_}l;%$RVi75{o$1=VQm_?-FnnImIfP_)e?i3TNVCI1rJ#mwS{S)Hw`@(7Z{* zl#;V@56-Zt9++NqHb32YHq0iRGjD^(Y#1fO5P&W!Y}BK@OYPqnRHFj=^~cRkZmtDd z%~4}fE^HU{5f*>~MAO-5zEai%FsegV`8$PMy;A40uHRF6|30fP4SSE7`wen0`cW!5 z4sLejj~lm#>4paZ@1ZuHDB*EnLRs7|!dz&)RiTLBw8&g)Gz*wViNCNFpwO<@s{H+M zMBY%My|2zAj;?U@^d1Y$^H_FcR#vUbaH$uG>?!^P(=Kc^X_Us3Pcg9AwNH`AyX#+ literal 0 HcmV?d00001 From 6ef5c1c4ea8d125fa90b8571e3f89e37b5aab857 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 29 Aug 2016 13:51:04 -0700 Subject: [PATCH 016/416] Fix versioned path in mysql credential file. Signed-off-by: Kyle Fazzari --- src/mysql/start_mysql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mysql/start_mysql b/src/mysql/start_mysql index dcfe5c1..1b7ea13 100755 --- a/src/mysql/start_mysql +++ b/src/mysql/start_mysql @@ -3,7 +3,7 @@ root_option_file="$SNAP_DATA/mysql/root.ini" nextcloud_password_file="$SNAP_DATA/mysql/nextcloud_password" mysqld_pid_file_path=$SNAP_DATA/mysql/`hostname`.pid -mysql_socket_file_path=$SNAP_DATA/mysql/mysql.sock +mysql_socket_file_path="/var/snap/$SNAP_NAME/current/mysql/mysql.sock" new_install=false # Make sure the database is initialized (this is safe to run if already From 17d5108ab59ad89382b39b444c4d4595dc372f4b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 29 Aug 2016 13:25:54 -0700 Subject: [PATCH 017/416] Increase PHP and Apache proxy timeout to 3600 seconds. Signed-off-by: Kyle Fazzari --- src/apache/conf/httpd.conf | 2 +- src/php/config/php.ini | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index d5110bd..21638df 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -146,7 +146,7 @@ Alias "/.well-known" "${SNAP_DATA}/certs/certbot/.well-known" # Setup the proxy to PHP-FPM -ProxyTimeout 900 +ProxyTimeout 3600 SetHandler "proxy:unix:${SNAP_DATA}/php/php-fpm.sock|fcgi://localhost/" diff --git a/src/php/config/php.ini b/src/php/config/php.ini index fb7d84a..3702523 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -365,7 +365,7 @@ expose_php = On ; Maximum execution time of each script, in seconds ; http://php.net/max-execution-time ; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 30 +max_execution_time = 3600 ; Maximum amount of time each script may spend parsing request data. It's a good ; idea to limit this time on productions servers in order to eliminate unexpectedly @@ -375,7 +375,7 @@ max_execution_time = 30 ; Development Value: 60 (60 seconds) ; Production Value: 60 (60 seconds) ; http://php.net/max-input-time -max_input_time = 60 +max_input_time = 3600 ; Maximum input variable nesting level ; http://php.net/max-input-nesting-level From 6f6dcdc8541d45432d136c2210a354a10009a362 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 29 Aug 2016 13:50:08 -0700 Subject: [PATCH 018/416] Use SNAP_COMMON now that it exists. Signed-off-by: Kyle Fazzari --- src/nextcloud/scripts/setup_nextcloud | 6 ++---- src/php/config/php-fpm.d/www.conf | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/src/nextcloud/scripts/setup_nextcloud b/src/nextcloud/scripts/setup_nextcloud index 3fd6d06..eea1303 100755 --- a/src/nextcloud/scripts/setup_nextcloud +++ b/src/nextcloud/scripts/setup_nextcloud @@ -1,12 +1,10 @@ #!/bin/sh # Make sure nextcloud directory exists -# FIXME: Use common environment variable when it exists -mkdir -p -m 750 $SNAP_DATA/../common/nextcloud +mkdir -p -m 750 $SNAP_COMMON/nextcloud # Make sure nextcloud tmp directory exists -# FIXME: Use common environment variable when it exists -mkdir -p -m 750 $SNAP_DATA/../common/nextcloud/tmp +mkdir -p -m 750 $SNAP_COMMON/nextcloud/tmp # Make sure nextcloud extra-apps directory exists (for user apps) mkdir -p -m 750 $SNAP_DATA/nextcloud/extra-apps diff --git a/src/php/config/php-fpm.d/www.conf b/src/php/config/php-fpm.d/www.conf index 8a005be..060c554 100644 --- a/src/php/config/php-fpm.d/www.conf +++ b/src/php/config/php-fpm.d/www.conf @@ -415,6 +415,6 @@ env[NEXTCLOUD_CONFIG_DIR] = ${SNAP_DATA}/nextcloud/config ;php_admin_value[memory_limit] = 32M ; Configure larger uploads than the default. -php_admin_value[upload_tmp_dir] = ${SNAP_DATA}/../common/nextcloud/tmp +php_admin_value[upload_tmp_dir] = ${SNAP_COMMON}/nextcloud/tmp php_value[upload_max_filesize] = 16G php_value[post_max_size] = 16G From 862910e9108de943a06478c68afa33af37a64e78 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 31 Aug 2016 13:55:43 -0700 Subject: [PATCH 019/416] Update version number to 9.0.53snap3. Also update CHANGELOG Signed-off-by: Kyle Fazzari --- CHANGELOG | 6 ++++++ snapcraft.yaml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index a5cc742..7e947e5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +v 9.0.53snap3 + - Use SNAP_COMMON now that it exists. + - Increase PHP and Apache proxy timeout to 3600 seconds. + - Fix versioned path in mysql credential file. + - Integrate with Travis CI for automatic deployment. + v 9.0.53snap2 - Add support for HTTPS. - Build PHP with jpeg support. diff --git a/snapcraft.yaml b/snapcraft.yaml index 81b6301..5019b2d 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 9.0.53snap2 +version: 9.0.53snap3 summary: Nextcloud description: Nextcloud running on Apache with MySQL. This is currently in beta. confinement: strict From 4e5010fd9e85fd649b8a9e47d66395d06a34fcda Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Tue, 13 Sep 2016 14:05:04 +0100 Subject: [PATCH 020/416] Updated help text for enable-https script Adds zero argument description of what the script does Fixes #43 --- src/https/scripts/enable-https | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/https/scripts/enable-https b/src/https/scripts/enable-https index ab76207..16de4e3 100755 --- a/src/https/scripts/enable-https +++ b/src/https/scripts/enable-https @@ -14,6 +14,10 @@ while getopts ":dtsh" opt; do echo "Usage:" echo " $0 [-h -t -d -s]" echo "" + echo " Run without any arguments this script will obtain a" + echo " certificate from Let's Encrypt and automatically keep" + echo " it up to date." + echo "" echo " -t: Obtain a test certificate. This is a valid Let's" echo " Encrypt certificate, but is not signed by a" echo " recognized CA, so browsers won't accept it." From 602b05f892869280007237c81f80810d61b0679c Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Thu, 15 Sep 2016 20:01:14 +0100 Subject: [PATCH 021/416] Added service that runs cron.php every 15 minutes Fixes #39 --- snapcraft.yaml | 6 ++++++ src/nextcloud/scripts/nextcloud-cron | 15 +++++++++++++++ 2 files changed, 21 insertions(+) create mode 100755 src/nextcloud/scripts/nextcloud-cron diff --git a/snapcraft.yaml b/snapcraft.yaml index 5019b2d..041b605 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -66,6 +66,12 @@ apps: restart-condition: always plugs: [network, network-bind] + nextcloud-cron: + command: nextcloud-cron + daemon: simple + restart-condition: always + plugs: [network, network-bind] + parts: apache: plugin: apache diff --git a/src/nextcloud/scripts/nextcloud-cron b/src/nextcloud/scripts/nextcloud-cron new file mode 100755 index 0000000..4ae7efe --- /dev/null +++ b/src/nextcloud/scripts/nextcloud-cron @@ -0,0 +1,15 @@ +#!/bin/sh + +export NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config + +echo -n "Waiting for Nextcloud config dir... " +while [ ! -d "$NEXTCLOUD_CONFIG_DIR" ]; do + sleep 1 +done + +echo "done" + +while true; do + php -c $SNAP/config/php $SNAP/htdocs/cron.php + sleep 15m +done From 41f5783fe079cdf75064df9f5f72c2443f06e390 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 26 Sep 2016 12:28:15 -0700 Subject: [PATCH 022/416] Update version to 9.0.53snap4. Also update CHANGELOG, and README to discuss the new cron.php service. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 6 ++++++ snapcraft.yaml | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 7e947e5..ce4d48a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 9.0.53snap4 + - Add service that runs cron.php every 15 minutes. + - Clarify help text for enable-https script. + v 9.0.53snap3 - Use SNAP_COMMON now that it exists. - Increase PHP and Apache proxy timeout to 3600 seconds. diff --git a/README.md b/README.md index c6cbb7a..b2a1ddc 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,12 @@ Upon visiting the Nextcloud installation for the first time, you'll be prompted for an admin username and password. After you provide that information you'll be logged in and able to create users, install apps, and upload files. +Note that this snap includes a service that runs cron.php every 15 minutes, but +Nextcloud doesn't currently expose the cron admin setting to autoconfig, so +there's no way for the snap to change the setting from Ajax to Cron for you. +You must do that manually in the admin interface if you want to take advantage +of the performance improvements. + ### Included CLI utilities diff --git a/snapcraft.yaml b/snapcraft.yaml index 041b605..a040718 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 9.0.53snap3 +version: 9.0.53snap4 summary: Nextcloud description: Nextcloud running on Apache with MySQL. This is currently in beta. confinement: strict From 6cc2e604b6e064c438c16576f31a6f741f43e90b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 3 Oct 2016 19:42:53 +0000 Subject: [PATCH 023/416] https: show better message when a dry-run succeeds. Fix #74 Signed-off-by: Kyle Fazzari --- src/https/scripts/enable-https | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/https/scripts/enable-https b/src/https/scripts/enable-https index 16de4e3..94a68c6 100755 --- a/src/https/scripts/enable-https +++ b/src/https/scripts/enable-https @@ -4,10 +4,14 @@ extra_params="" cert_type="" +dry_run=false while getopts ":dtsh" opt; do case $opt in - d) extra_params="$extra_params --dry-run";; + d) + extra_params="$extra_params --dry-run" + dry_run=true + ;; t) extra_params="$extra_params --test-cert";; s) cert_type="self-signed";; h) @@ -104,7 +108,11 @@ else $domains 2>&1) if [ $? -eq 0 ]; then echo "done" - activate_certbot_certificate + if [ "$dry_run" = true ]; then + echo "Looks like you're ready for HTTPS!" + else + activate_certbot_certificate + fi else echo "error running certbot:" echo "" From d6d98e3cee65e2a824ae6d57054b6d6b22920091 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 3 Oct 2016 18:18:26 +0000 Subject: [PATCH 024/416] Add certbot dependency. This is to work with new Python plugins within Snapcraft. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/snapcraft.yaml b/snapcraft.yaml index a040718..0209eb9 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -287,6 +287,7 @@ parts: plugin: python2 source: src/https/ build-packages: [python-dev, libffi-dev] + python-packages: [cffi] setup-https: plugin: copy From ecd466eae032f47a15686dda4db8f1414b2786ac Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 5 Oct 2016 15:08:04 -0700 Subject: [PATCH 025/416] Wait for apache in a less racy manner. Signed-off-by: Kyle Fazzari --- src/https/utilities/https-utilities | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/https/utilities/https-utilities b/src/https/utilities/https-utilities index d74ab8f..294acdc 100755 --- a/src/https/utilities/https-utilities +++ b/src/https/utilities/https-utilities @@ -74,12 +74,13 @@ run_certbot() restart_apache_if_running() { - if [ -f $APACHE_PIDFILE ]; then + if [ -f "$APACHE_PIDFILE" ]; then # Restart apache by stopping it and letting systemd start it again. + apache_pid=$(cat "$APACHE_PIDFILE") echo -n "Restarting apache... " output=$(httpd-wrapper -k stop 2>&1) if [ $? -eq 0 ]; then - while [ -f $APACHE_PIDFILE ]; do + while kill -0 $apache_pid 2>/dev/null; do sleep 1 done echo "done" From 6f2ce5c1fc6ca79814efa88d8554bf6d5cf38992 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 3 Oct 2016 18:57:07 +0000 Subject: [PATCH 026/416] Upgrade to Nextcloud 10. Also re-enable integrity check. Resolve #40. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 4 ++-- src/nextcloud/config/config.php | 7 ------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 041b605..87f4808 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -119,11 +119,11 @@ parts: nextcloud: plugin: copy - source: https://github.com/kyrofa/nextcloud.git - source-tag: 9.0.53 + source: https://download.nextcloud.com/server/releases/nextcloud-10.0.1.tar.bz2 files: '*': htdocs/ '.htaccess': htdocs/ + '.user.ini': htdocs/ php: plugin: php diff --git a/src/nextcloud/config/config.php b/src/nextcloud/config/config.php index f1736ce..9924e4d 100644 --- a/src/nextcloud/config/config.php +++ b/src/nextcloud/config/config.php @@ -50,11 +50,4 @@ 'host' => '/var/snap/'.$snap_name.'/current/redis/redis.sock', 'port' => 0, ), - -/** - * Nextcloud doesn't support hosting the config file out of the application, so - * this version of Nextcloud has been patched slightly to allow for it. As a - * result, we fail the integrity check, so we'll just disable it. - */ -'integrity.check.disabled' => true, ); From 72670c5e1d795181ebbe6ccfbbb1a76d93d2baa5 Mon Sep 17 00:00:00 2001 From: "Olivier Paroz (oparoz)" Date: Fri, 7 Oct 2016 01:00:05 +0200 Subject: [PATCH 027/416] Update PHP to 7.0.11 Fixes #57 Signed-off-by: Olivier Paroz (oparoz) --- snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 041b605..31d5569 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -127,7 +127,7 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.0.2.tar.gz/from/this/mirror + source: http://us1.php.net/get/php-7.0.11.tar.gz/from/this/mirror source-type: tar install-via: prefix configflags: From ddde7c94bb802638605ca7ab7cd8e2cbff74e0f4 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 11 Oct 2016 21:44:22 +0000 Subject: [PATCH 028/416] Instruct PHP not to load .user.ini files. Signed-off-by: Kyle Fazzari --- src/php/config/php.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/php/config/php.ini b/src/php/config/php.ini index 3702523..85236ff 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -175,7 +175,7 @@ ;user_ini.filename = ".user.ini" ; To disable this feature set this option to empty value -;user_ini.filename = +user_ini.filename = ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) ;user_ini.cache_ttl = 300 From 0b24cb7cfd32bc167e33ed96e8cffebac3e234c0 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 11 Oct 2016 23:58:34 +0000 Subject: [PATCH 029/416] Use current symlink for live certificates. Currently the snap uses $SNAP_DATA, which ends up eventually pointing to an invalid path once the snap is upgraded enough for the old revision to be pruned. Fix that by using the current symlink instead of $SNAP_DATA directly. Fix #91. Signed-off-by: Kyle Fazzari --- src/https/utilities/https-utilities | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/https/utilities/https-utilities b/src/https/utilities/https-utilities index 294acdc..9332765 100755 --- a/src/https/utilities/https-utilities +++ b/src/https/utilities/https-utilities @@ -1,16 +1,18 @@ #!/bin/sh -LIVE_CERTS_DIRECTORY=$SNAP_DATA/certs/live +SNAP_CURRENT=$(dirname $SNAP_DATA)/current + +LIVE_CERTS_DIRECTORY=$SNAP_CURRENT/certs/live LIVE_CERT=$LIVE_CERTS_DIRECTORY/cert.pem LIVE_KEY=$LIVE_CERTS_DIRECTORY/privkey.pem LIVE_CHAIN=$LIVE_CERTS_DIRECTORY/chain.pem -SELF_SIGNED_DIRECTORY=$SNAP_DATA/certs/self-signed +SELF_SIGNED_DIRECTORY=$SNAP_CURRENT/certs/self-signed SELF_SIGNED_KEY=$SELF_SIGNED_DIRECTORY/privkey.pem SELF_SIGNED_CERT=$SELF_SIGNED_DIRECTORY/cert.pem SELF_SIGNED_CHAIN=$SELF_SIGNED_DIRECTORY/chain.pem -CERTBOT_DIRECTORY=$SNAP_DATA/certs/certbot +CERTBOT_DIRECTORY=$SNAP_CURRENT/certs/certbot CERTBOT_LIVE_DIRECTORY=$CERTBOT_DIRECTORY/config/live APACHE_PIDFILE=$SNAP_DATA/apache/httpd.pid From d22f23c32b9256100488af39e5fb39dbc1f3477c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 14 Oct 2016 15:40:34 -0700 Subject: [PATCH 030/416] Update version to 10.0.1snap1. Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 6 ++++++ snapcraft.yaml | 8 +++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index ce4d48a..2b44a06 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +v 10.0.1snap1 + - Use current symlink for live certificates. + - Update PHP to 7.0.11. + - Upgrade to Nextcloud 10. + - https: show better message when a dry-run succeeds. + v 9.0.53snap4 - Add service that runs cron.php every 15 minutes. - Clarify help text for enable-https script. diff --git a/snapcraft.yaml b/snapcraft.yaml index 63975f2..845afaf 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,7 +1,9 @@ name: nextcloud -version: 9.0.53snap4 -summary: Nextcloud -description: Nextcloud running on Apache with MySQL. This is currently in beta. +version: 10.0.1snap1 +summary: Nextcloud Server +description: | + Access, share and protect your files, calendars, contacts, communication and + more at home and in your enterprise. confinement: strict apps: From 8d39ab26c0684e743d7ff1f4faaca36c2c0d391d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 14 Oct 2016 15:49:04 -0700 Subject: [PATCH 031/416] Make sure old cert links are fixed. Signed-off-by: Kyle Fazzari --- src/apache/scripts/httpd-wrapper | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/apache/scripts/httpd-wrapper b/src/apache/scripts/httpd-wrapper index 1f5cf1a..ba37e64 100755 --- a/src/apache/scripts/httpd-wrapper +++ b/src/apache/scripts/httpd-wrapper @@ -2,8 +2,19 @@ . $SNAP/utilities/https-utilities +# Rewrite live cert symlinks that aren't using the current symlink. +# FIXME: Remove this migration once epochs and upgrade hooks are available. +if certificates_are_active; then + self_signed_basename="$(basename $SELF_SIGNED_DIRECTORY)" + if [ "$(basename $(realpath $LIVE_CERTS_DIRECTORY))" = "$self_signed_basename" ]; then + activate_self_signed_certificate + else + activate_certbot_certificate + fi +fi + params="" -if [ -e $LIVE_CERTS_DIRECTORY ]; then +if certificates_are_active; then echo "Certificates have been activated: using HTTPS only" params="$params -DEnableHTTPS" From 9d9ffb430018f278604b95f96ae042cbf34c8950 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 17 Oct 2016 12:07:28 +0000 Subject: [PATCH 032/416] Upgrade PHP to 7.0.12. Fix #102. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 845afaf..a33dd41 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -129,7 +129,7 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.0.11.tar.gz/from/this/mirror + source: http://us1.php.net/get/php-7.0.12.tar.gz/from/this/mirror source-type: tar install-via: prefix configflags: From 7599ebabe83bb35bf607ab4da2d05752f0f50446 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 17 Oct 2016 16:23:06 +0200 Subject: [PATCH 033/416] Update Nextcloud version in README. Signed-off-by: Kyle Fazzari --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b2a1ddc..901ae62 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 9.0.53 +- Nextcloud 10.0.1 - Apache 2.4 - PHP 7 - MySQL 5.7 From 668dfb4fbf29c23491677c538ed6e6550cec36bd Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 17 Oct 2016 14:10:45 +0200 Subject: [PATCH 034/416] Move certificate migration to run-httpd. Currently the code that takes care of migrating old certificates actually gets in the way of generating new certificates by causing Apache to get restarted in a loop. Move that migration code up a level so it isn't involved when restarting Apache. Fix #103 Signed-off-by: Kyle Fazzari --- src/apache/scripts/httpd-wrapper | 11 ----------- src/apache/scripts/run-httpd | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/apache/scripts/httpd-wrapper b/src/apache/scripts/httpd-wrapper index ba37e64..68fdd5a 100755 --- a/src/apache/scripts/httpd-wrapper +++ b/src/apache/scripts/httpd-wrapper @@ -2,17 +2,6 @@ . $SNAP/utilities/https-utilities -# Rewrite live cert symlinks that aren't using the current symlink. -# FIXME: Remove this migration once epochs and upgrade hooks are available. -if certificates_are_active; then - self_signed_basename="$(basename $SELF_SIGNED_DIRECTORY)" - if [ "$(basename $(realpath $LIVE_CERTS_DIRECTORY))" = "$self_signed_basename" ]; then - activate_self_signed_certificate - else - activate_certbot_certificate - fi -fi - params="" if certificates_are_active; then echo "Certificates have been activated: using HTTPS only" diff --git a/src/apache/scripts/run-httpd b/src/apache/scripts/run-httpd index e858e63..7c8ba0f 100755 --- a/src/apache/scripts/run-httpd +++ b/src/apache/scripts/run-httpd @@ -11,4 +11,18 @@ if [ $? -ne 0 ]; then fi echo "All set! Running httpd..." + +. $SNAP/utilities/https-utilities + +# Rewrite live cert symlinks that aren't using the current symlink. +# FIXME: Remove this migration once epochs and upgrade hooks are available. +if certificates_are_active; then + self_signed_basename="$(basename $SELF_SIGNED_DIRECTORY)" + if [ "$(basename $(realpath $LIVE_CERTS_DIRECTORY))" = "$self_signed_basename" ]; then + activate_self_signed_certificate + else + activate_certbot_certificate + fi +fi + httpd-wrapper $@ From e76268a19f7b1e823fdb5dfdaddf958fd4d3c4a0 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 17 Oct 2016 16:42:13 +0200 Subject: [PATCH 035/416] Update version to 10.0.1snap2. Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ snapcraft.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 2b44a06..9a40522 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 10.0.1snap2 + - Move certificate migration to run-httpd. + - Upgrade PHP to 7.0.12. + v 10.0.1snap1 - Use current symlink for live certificates. - Update PHP to 7.0.11. diff --git a/snapcraft.yaml b/snapcraft.yaml index a33dd41..512a539 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 10.0.1snap1 +version: 10.0.1snap2 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From dd31e118508027e200f0199128acd0f5476749c0 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 19 Oct 2016 12:29:08 +0000 Subject: [PATCH 036/416] Add ability to access removable media. Done by adding the `removable-media` plug to the required apps. Resolve #66. Signed-off-by: Kyle Fazzari --- README.md | 7 +++++++ snapcraft.yaml | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 901ae62..86df99e 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,13 @@ there's no way for the snap to change the setting from Ajax to Cron for you. You must do that manually in the admin interface if you want to take advantage of the performance improvements. +Also note that the interface providing the ability to access removable media is +not automatically connected upon install, so if you'd like to use external +storage, you need to give the snap permission to access removable media by +connecting that interface: + + $ sudo snap connect nextcloud:removable-media ubuntu-core:removable-media + ### Included CLI utilities diff --git a/snapcraft.yaml b/snapcraft.yaml index 512a539..8838f35 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -28,7 +28,7 @@ apps: command: start-php-fpm daemon: simple restart-condition: always - plugs: [network, network-bind] + plugs: [network, network-bind, removable-media] # redis server daemon redis-server: @@ -52,7 +52,7 @@ apps: # Nextcloud occ command occ: command: occ - plugs: [network, network-bind] + plugs: [network, network-bind, removable-media] enable-https: command: enable-https @@ -72,7 +72,7 @@ apps: command: nextcloud-cron daemon: simple restart-condition: always - plugs: [network, network-bind] + plugs: [network, network-bind, removable-media] parts: apache: From 9678d48b40283302e37d217adaea0ac32a889537 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 26 Oct 2016 12:27:06 -0700 Subject: [PATCH 037/416] Use Travis cron jobs to spin off daily builds. This uses daily-master for edge, and daily-stable10 for beta. Signed-off-by: Kyle Fazzari --- .travis.yml | 3 +-- .travis/deploy.sh | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 2 deletions(-) create mode 100755 .travis/deploy.sh diff --git a/.travis.yml b/.travis.yml index 492820b..ccd0b73 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,5 +14,4 @@ after_success: - eval "$(ssh-agent -s)" - ssh-add .travis/deploy_key -- git remote add deploy git+ssh://nextcloud-snappy-bot@git.launchpad.net/nextcloud-snap -- git push deploy $TRAVIS_BRANCH --force +- .travis/deploy.sh diff --git a/.travis/deploy.sh b/.travis/deploy.sh new file mode 100755 index 0000000..0d5a8c0 --- /dev/null +++ b/.travis/deploy.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# Prepare to push to LP +echo "Setting up remote... " +git remote add deploy git+ssh://nextcloud-snappy-bot@git.launchpad.net/nextcloud-snap + +# Push our current branch up for normal releases +echo "Requesting build/deploy of $TRAVIS_BRANCH..." +git push deploy $TRAVIS_BRANCH --force + +# Spin off daily builds if Travis is running this as a cron event. +if [ "$TRAVIS_BRANCH" = "master" -a "$TRAVIS_EVENT_TYPE" = "cron" ]; then + latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" + latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable10.tar.bz2" + + echo "Requesting build of latest master..." + + # Rewrite the snapcraft.yaml to pull from the latest master. + sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$latest_master_url|" snapcraft.yaml + + # Commit the changes and push to edge to begin the edge build. + git add . + git commit -m 'From CI: Use Nextcloud latest master' + git push deploy $TRAVIS_BRANCH:edge --force + + + echo "Requesting build of latest stable..." + + # Now rewrite the snapcraft.yaml to pull from the latest stable v10. + sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$latest_stable_url|" snapcraft.yaml + + # Commit the changes and push to beta to begin the beta build. + git add . + git commit -m 'From CI: Use Nextcloud latest stable' + git push deploy $TRAVIS_BRANCH:beta --force +fi From 24fdd8549493e5caa4d1ad319fe07762b30a2ade Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 1 Nov 2016 10:10:59 -0700 Subject: [PATCH 038/416] Update version to 10.0.1snap3. Also update README and CHANGELOG, and revamp deployment a little. Signed-off-by: Kyle Fazzari --- .travis.yml | 5 ++++- .travis/cron.sh | 25 +++++++++++++++++++++++++ .travis/deploy.sh | 31 ------------------------------- CHANGELOG | 4 ++++ README.md | 4 ++-- snapcraft.yaml | 2 +- 6 files changed, 36 insertions(+), 35 deletions(-) create mode 100755 .travis/cron.sh diff --git a/.travis.yml b/.travis.yml index ccd0b73..eec393c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,4 +14,7 @@ after_success: - eval "$(ssh-agent -s)" - ssh-add .travis/deploy_key -- .travis/deploy.sh +- git remote add deploy git+ssh://nextcloud-snappy-bot@git.launchpad.net/nextcloud-snap + +- test "$TRAVIS_EVENT_TYPE" != "cron" && .travis/deploy.sh +- test "$TRAVIS_EVENT_TYPE" = "cron" && .travis/cron.sh diff --git a/.travis/cron.sh b/.travis/cron.sh new file mode 100755 index 0000000..f4e9540 --- /dev/null +++ b/.travis/cron.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" +latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable10.tar.bz2" + +echo "Requesting build of latest master..." + +# Rewrite the snapcraft.yaml to pull from the latest master. +sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$latest_master_url|" snapcraft.yaml + +# Commit the changes and push to edge to begin the edge build. +git add . +git commit -m 'From CI: Use Nextcloud latest master' +git push deploy $TRAVIS_BRANCH:edge --force + + +echo "Requesting build of latest stable..." + +# Now rewrite the snapcraft.yaml to pull from the latest stable v10. +sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$latest_stable_url|" snapcraft.yaml + +# Commit the changes and push to beta to begin the beta build. +git add . +git commit -m 'From CI: Use Nextcloud latest stable' +git push deploy $TRAVIS_BRANCH:beta --force diff --git a/.travis/deploy.sh b/.travis/deploy.sh index 0d5a8c0..5afd060 100755 --- a/.travis/deploy.sh +++ b/.travis/deploy.sh @@ -1,36 +1,5 @@ #!/bin/bash -# Prepare to push to LP -echo "Setting up remote... " -git remote add deploy git+ssh://nextcloud-snappy-bot@git.launchpad.net/nextcloud-snap - # Push our current branch up for normal releases echo "Requesting build/deploy of $TRAVIS_BRANCH..." git push deploy $TRAVIS_BRANCH --force - -# Spin off daily builds if Travis is running this as a cron event. -if [ "$TRAVIS_BRANCH" = "master" -a "$TRAVIS_EVENT_TYPE" = "cron" ]; then - latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" - latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable10.tar.bz2" - - echo "Requesting build of latest master..." - - # Rewrite the snapcraft.yaml to pull from the latest master. - sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$latest_master_url|" snapcraft.yaml - - # Commit the changes and push to edge to begin the edge build. - git add . - git commit -m 'From CI: Use Nextcloud latest master' - git push deploy $TRAVIS_BRANCH:edge --force - - - echo "Requesting build of latest stable..." - - # Now rewrite the snapcraft.yaml to pull from the latest stable v10. - sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$latest_stable_url|" snapcraft.yaml - - # Commit the changes and push to beta to begin the beta build. - git add . - git commit -m 'From CI: Use Nextcloud latest stable' - git push deploy $TRAVIS_BRANCH:beta --force -fi diff --git a/CHANGELOG b/CHANGELOG index 9a40522..859a35d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 10.0.1snap3 + - Use Travis cron jobs to spin off daily builds. + - Add ability to access removable media. + v 10.0.1snap2 - Move certificate migration to run-httpd. - Upgrade PHP to 7.0.12. diff --git a/README.md b/README.md index 86df99e..ff68a03 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,8 @@ of the performance improvements. Also note that the interface providing the ability to access removable media is not automatically connected upon install, so if you'd like to use external -storage, you need to give the snap permission to access removable media by -connecting that interface: +storage (or otherwise use a device in `/media` for data), you need to give the +snap permission to access removable media by connecting that interface: $ sudo snap connect nextcloud:removable-media ubuntu-core:removable-media diff --git a/snapcraft.yaml b/snapcraft.yaml index 8838f35..6f9caeb 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 10.0.1snap2 +version: 10.0.1snap3 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From f35253740803a7b3cbb45e1bd2fd19425d308fe8 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 18 Nov 2016 13:17:41 -0800 Subject: [PATCH 039/416] Update version to 10.0.1snap4. Fix Travis cron daily deployments. Signed-off-by: Kyle Fazzari --- .gitignore | 1 + .travis.yml | 4 +++- .travis/cron.sh | 15 +++++++++++---- .travis/deploy_key.enc | Bin 3248 -> 3248 bytes CHANGELOG | 3 +++ snapcraft.yaml | 2 +- 6 files changed, 19 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index bba1c3e..dfc240a 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ parts/* __pycache__/ prime/ stage/ +.travis/deploy_key diff --git a/.travis.yml b/.travis.yml index eec393c..c19a4e6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,13 +7,15 @@ after_success: - echo -e '#!/bin/sh\n\nssh -o StrictHostKeyChecking=no $*' >> /tmp/ssh - chmod a+x /tmp/ssh -- openssl aes-256-cbc -K $encrypted_9ace74c1b6ff_key -iv $encrypted_9ace74c1b6ff_iv +- openssl aes-256-cbc -K $encrypted_22fd8ae6a707_key -iv $encrypted_22fd8ae6a707_iv -in .travis/deploy_key.enc -out .travis/deploy_key -d - chmod 600 .travis/deploy_key - eval "$(ssh-agent -s)" - ssh-add .travis/deploy_key +- git config user.name "CI Bot" +- git config user.email "nextcloud-snappy-bot@git.launchpad.net" - git remote add deploy git+ssh://nextcloud-snappy-bot@git.launchpad.net/nextcloud-snap - test "$TRAVIS_EVENT_TYPE" != "cron" && .travis/deploy.sh diff --git a/.travis/cron.sh b/.travis/cron.sh index f4e9540..0df2e2e 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -3,23 +3,30 @@ latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable10.tar.bz2" +rewrite_snapcraft_yaml() +{ + sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$1|" snapcraft.yaml +} + echo "Requesting build of latest master..." +git checkout -b edge origin/${TRAVIS_BRANCH} # Rewrite the snapcraft.yaml to pull from the latest master. -sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$latest_master_url|" snapcraft.yaml +rewrite_snapcraft_yaml $latest_master_url # Commit the changes and push to edge to begin the edge build. git add . git commit -m 'From CI: Use Nextcloud latest master' -git push deploy $TRAVIS_BRANCH:edge --force +git push deploy edge --force echo "Requesting build of latest stable..." +git checkout -b beta origin/${TRAVIS_BRANCH} # Now rewrite the snapcraft.yaml to pull from the latest stable v10. -sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$latest_stable_url|" snapcraft.yaml +rewrite_snapcraft_yaml $latest_stable_url # Commit the changes and push to beta to begin the beta build. git add . git commit -m 'From CI: Use Nextcloud latest stable' -git push deploy $TRAVIS_BRANCH:beta --force +git push deploy beta --force diff --git a/.travis/deploy_key.enc b/.travis/deploy_key.enc index e3e2b624a08bad2995d3c02db6fa903fc5a4aad3..b1d23e585e7a22ca9e715fd794623ebf7d1c853b 100644 GIT binary patch literal 3248 zcmV;h3{UeaRbV%v=t)~(6t^j@QoxCn+#)tN34&AiW(mux%Ysbuc5i7%Z>;T`ccSPw zQt}bkmfRFCz%pDR9(bzgCp*yZIrb03H;yYemA11qF>3P4tY2T#YADz5Xm;5GeBaCa z2+yRP_L|&}Xc?>TUuI(`NX(BNX(1J;_&#vT=k3&+5x;vV@PA*b)R_{B23c86#+p?M z+uv;d!^78^vZ5M>pLBB##f-(X0-I^9fY4CyVf6pKk~&z7Q8fk7%LsLzSE{YPvi%Qg?3`pAOGHczc+DU z#fPJO!DdNm^<@(t%_Jc85w#*?|Hq$e8m+-O{9oTS@7FUAjrza|pHzzl+40f;{;o$t z$nMRSWK9Kyw0*(%tt}Ka=b6sa5pV`8_|8=EnyI#rpx!VmQv>jfI&kWDBSZ+*TwT*i zq=C2E&_R8sZqTF-##S=@H+yxN#@3a~__8BThM6OcS;?1-WDj)Fwl z_KV$b2$JW_VPMi=Sm&D9y}41esR=RXto>Rc4|9&}WlwRLto^_}%~FZR4_(s;e z-`+59bsCJr38T9BY-GPbAozr|@}?}Ji)aGKu7;VjyhSJo<}gbi)5T<8tkB2A zZP4C=|Ln8wuR=fDE4gb!hl@D?Rz*Xh-P$#Tla>?l38r#(nywW$$nyg<_B(&-{I808 zyKlEicMEqDjeIq;$eQMZ-IA811YR4L_viM4N0^{o$mDd8KPO`K^&zoTn0{IdGZ)xkDA!NNL9GVAwRqjYrl|eia~BmSRQnG6^K#RZR4|X0A-Ng1UP0 zR#qlWf|q*5Ml~A7G|$z4r19X8?(GE+i;mc#u|J&vGj1d+y|#7VXX9;vOE6@k`9(Na z&mPhGQbh@Kx9L>P|51{2y)ylTP4k;)oJmM5?_I+EKXl^@ZR%Seb$|S)Hwpd0m-gs+ zusUkpF~)Mg3ikR=LnHck{wR_*2X~I(r!qP0zgp$K(dY5;^_`Bi#RC3hS8~*v%N@!;&2c+@5_Sw%(>F_3Z$~2g)DO|_6<5(o+-3I-t-+8tL z&dX7ZACy$KGy;c{nVRkn&?bLB_P!$7-K0j1HLhN*#}1%cC`4qk!^0WmAxr1qPOMb>5_lMsdW&2ilz{}~dmd<%pk9mID+*di zhNqe~_D&hD@JBNSM%@rI07NI|BPV>3?+m?^>-#e6xF^PhxDF z1U_0F!u8l+0EOheU+8ds$BfvDPbuGj&bUm*@^l6Gt~|?~_+;UZL=ZeCH!V@ddnVU2 zt(fm?xM_RkUn_F9=Umx<(rHZg(}#UexF3fbMSoHCVO^mP_Zk0B+bj0+U6GxNXYfP% zcb13bTac|a0AKt;DJrGbA=Yg55Um>u8|EY92)KH$>Gq>ZzM3rOJ~`Fe8dU$V_bsZe zZe(vY3mEyYJ_o4U@(!-PNfabrc1*9;gz`BMVgS|I-|D#z*D@P<>0+j z0wI+w%)F%{lCiEtqG`Eek#_=Pc#vZ1N0wdz&su)4Oo&Lp<%zpcz)@sGB}OM_4?@-% zfX`EHr6{pn{?(a4l{f4HWq-i8O9G0*Tm^VAA-puwgOwkKrXTP{i~r}WXu31PTBlWZ zp=6SPy~$|GU&aHWhTG$plU1h3&I}~!mBJ8Q`norXlfr3~U5va}_qhC~LKg%+95GJ$ zn&D_KLbpxPPJ{w&wZ>GT-yk~-5lBOX$ZYn7#bp55 zgd2ph843JeO1)z;lk!n@>r5rw%_dJSzu*2q!j`!lbZc%z0lk8gNAUO4?@K;v=0QnU zGT)qE%ejR|2h*(9F!@H&;j7Y0^X8T>^FzILQ7Ih%ytM!}aBm--nvt!6XN8 z>}o*uXwM`c{246}mZ@U{+|w(}uOt&AJZR6DDFnffJ9h7XDh}tIJxZ{uwMp(~Wc!h~ zB+GPvNhdmRw`C`Tm0;HFJvFuuBRM}lpa$bXd%KGXymDDERWE`C%+y^YJOM044afT< zACs&sL4$zkt0dyCpq*g*)=Mr<+`Qsm3IHex!^c|V^}K)90kV!d${`e}^OLRd06Wtg zU%g0W32kgVj&cJ!`vC@C{N84Zkz$66^W<_f?GAeUO#%2c%h6PYBsEewosI}uyF_|^ z*lUCpD)N#?5Q{3=H>K)=pg#b7ZU zzltxNOBU&Xt=D9M1uI*;fB#DR3`mmm%Fw=ntyKd&x+~8 zj5GJ3SGx*gCJ2YOGS_wof+yh5f*5T7MQc>*;*%Ntq=hmNBN8d6Ei^@O73yTGR8682 zO>`Awh{R7UyncOyU?h7miPS0WFHxPVlc&Gu9`+x(m{{$lDe(TkP>))g>;lil%qxg! zeTseb@&C@n7N2St6CX&UA3nx$NxRzX4z8Tw5ij?+GQnE{i&Edw+xfoag0Rya5rHfR z;DvnvJG{l*ea98L&4-Pm7-J>Fxb1H)nv3$^t=nJK7a&J_Fx@v{uf#v4)GKlsOvTv3 zC^JX74b$oy#zP0fSr_IT*!>ZiqEEy=Mf}80Q6tg8j5OJ@B>dOWiuat!qWMbt-l&o6 zXk0cvOiuAu9GQpQ&+x{yCj-p73Vqgf(3g26^EZZtKugufX7?7l(5Ot<{7-VFiJ$=z zl-?BD6gq7MU(J?^zlAniYOwkaJFiV-$-sKXR{MC*k;8Kb~26#_1D1yTrRnj2|UlZ zbaK3HZ^$I-2*y_;(!yg9$jO#W6+hGux9BmH!;aORQOvQBZ|MRS{(>N{&;K=F*k79B zF0DE0=39$iI;<UbZ$cc literal 3248 zcmV;h3{UeSXW$oS8n2tGlRaiYial+V?zNeC(cXED)cko%{83qX(!Ion1x2}6uxJNy zl5y!eXv6JwOM>*{3#>NPQz^&n99sX=g*N$j^^T|^JjU+cb0KM`)Nw8D{zZ_@wXm=3 zrwo6Tj!hq+i`PIL{{e7eybjsmNVgWdiGR;`WbaM3e6O3gKsS;BYm0AR6KR?8udse% z`;}kkgm*0ncJ#Z2?D;>Y1x9s3avy7w_kre(aId&wTP$rCrdU1hfx-amNN0gNkp=8) zzgtk2ax7Es?~may=-{>|m3Zxf`&tL6JDUPF=yu;9_D!+~7fL-U;3La>57dA>u)x#%YzE;aT-kXZ8zhl1H4YDpcpRc|u=X zPh?pVvYwMcf!D)roE~@b#{T{IL8S4(&aN=z;p-p-5&wBHnkdq@i$*5281^c%I`*~@ zh@5Lx5|b8dEwpFxiHPbkn(RH&M{0I+w-bvx`(RMiHY+&%A@u^UkEy&w;IdG6$LtO# z%~(aDK&)b=pi-7)=TDY8>E-EZ=uQE0WlDd!NcT=&&-Z>Sg0!j|N7h`cjGPiLgS*EA zF^hY>ehI;#`y_4WCi9MzbO&aX^2A=M3N$ z1sHAa8i`QBbkwH^6M7jIGcSH|22nVXo!L;uY+GIWqrNSNW@!d=6URo}Cz?)++b|Wm zeYAQ~QP;RJZW%`G25!~G5Cnl3Hq8br=X*^od{z?aLM#49XBx|!oz7BM&Unqjd6#@U zqap$LTyE>ctmO(t(dM8G%Fq-bYV|%NC-@jmqrQ&KDn{MEq9rO><0=K;kg zLe$N0mrsh5+$mAVRcSpO)gn)MaEmS%&>v-2xrZD1pqy3t>0o!GMvFsdjU;8;3uAc$ zXws3s9IuU3$sE|4WDeZs z0oUDH;5Y;coMAp5Ch85Y5fA(18+xXqC9YmO#5=78VrSRjnt>nvPFM#5(oxHWz&#*M zQ!YyDQ`wQDK3B6B)68BwNZU;DRO%;RPbWdPQsFX-=qCk2LKw^7 zLN3~?ugKO{34ilNmX@0Ei&@v307 zg_<-aC8@QeL8Y<87O9HejXgO~z8hCBU4mOi#Pcm)H1#`sZt0Zo&oq$yn45eEUNH}1 z6d(4RCM3}-{l^sH6rH{FuICWMN#iZhKC;pthQ5);qeFK&y0?J~IeH@2 zM}o81#^LUrC~uaZkeV;-Jfdui)8RS?wFObyiL zW}=3dDO#f}PQ}9PXv+^wSCO34TUKo`GMJk>r zQYc*oVn9594tWF>A7DgIv7oqhmyT@o{gxL=*gEK0k$K{Cpk(!@3@#lQ5^)b)hT1-N zD;cpC%=XBjJHVi3PY?8_df83R;K~XEA)it(o|?}9Qvw6j-P*Mr7CGB}XDy#1T%(OrL#dW7PJ>mMhE4;X0c9lktxCcz~2#VmtqW(%Ixm=$F@6Y4*x2oBU3>s9&(}zm| z>)5uoQF}%#G*<@5Og#g?AwzrvLEP5DwM3&zXJ()5uvRy@5YQ2R*@=9Jr|v)_h_1U##SrlnG^`dk!XLnaRj+~ty~k}dxs0}(jGRskBJL(P=m_Axq>r=aolYVUFqwH zvrh6{hU@zxO3E&asoVR8*ONdi(~1)Z#G2rKOz!xtWyMbqlhA2-H0;p8rU3u#CaL?7(zVFHv?KKeqphbs-gE;8RVu*%C4HaN4!xI22C>DSZ zEHkjdcaHWFA^DTX4^Tc|uO2@|g!=4AQY~os-O zQOH@p`qRAJ8iYe#HI8N>p+*lY$J^yw?dG(4&$2toc^-#vWJg-eH<(igd?3GKXj6-D zCAiWWR59rD<(vGH<`%hxL*3JE6f|gw2dvhho>JHsp zMR@HL@0wC9?Xl^bFI$PaH!0<>GRgdDP;Y#LL?zP#Sq_&Hy@UEaRe6~itc9xwlBp-4 zOSA+jqUPF&sc~!yKhw*2f#ylH<5{o80uTF!q(1*ca??z@G}sq|w-I|vK}(KoZN1B< zPz5|Nu5nCHF(H|%=GH9ZRomsrk|Xtxz^8XkGGCAJ@e;GO}xf{+}S0k(oHGe3;#)isE!Q|ad~fm_>zIr z1XJO5kUrfV;7%vC<~iWMV6p1xYlrFa5l+^C=7u8w5~xT zGga7N-%oP=h8!;9JLzpA(jO0c=2ika)`0zE0=V`Wy9Nn`#%*9!XH$=a$Ly?q!diHh zl1#=S_}l;%$RVi75{o$1=VQm_?-FnnImIfP_)e?i3TNVCI1rJ#mwS{S)Hw`@(7Z{* zl#;V@56-Zt9++NqHb32YHq0iRGjD^(Y#1fO5P&W!Y}BK@OYPqnRHFj=^~cRkZmtDd z%~4}fE^HU{5f*>~MAO-5zEai%FsegV`8$PMy;A40uHRF6|30fP4SSE7`wen0`cW!5 z4sLejj~lm#>4paZ@1ZuHDB*EnLRs7|!dz&)RiTLBw8&g)Gz*wViNCNFpwO<@s{H+M zMBY%My|2zAj;?U@^d1Y$^H_FcR#vUbaH$uG>?!^P(=Kc^X_Us3Pcg9AwNH`AyX#+ diff --git a/CHANGELOG b/CHANGELOG index 859a35d..46321cc 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 10.0.1snap4 + - Fix Travis daily builds. + v 10.0.1snap3 - Use Travis cron jobs to spin off daily builds. - Add ability to access removable media. diff --git a/snapcraft.yaml b/snapcraft.yaml index 6f9caeb..5d7c05d 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 10.0.1snap3 +version: 10.0.1snap4 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 53dca41d07c00ad772f6e1a75e8752457d06bd1c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 21 Nov 2016 16:14:29 -0800 Subject: [PATCH 040/416] CI: Re-enable strict host checking. Trust git.launchpad.net. Signed-off-by: Kyle Fazzari --- .travis.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index c19a4e6..3ccc24b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,11 +1,7 @@ language: generic -env: -- GIT_SSH="/tmp/ssh" - after_success: -- echo -e '#!/bin/sh\n\nssh -o StrictHostKeyChecking=no $*' >> /tmp/ssh -- chmod a+x /tmp/ssh +- ssh-keyscan -t rsa -H git.launchpad.net > ~/.ssh/known_hosts - openssl aes-256-cbc -K $encrypted_22fd8ae6a707_key -iv $encrypted_22fd8ae6a707_iv -in .travis/deploy_key.enc -out .travis/deploy_key -d From d3de7f704e969c64ce1fa49b7a6e8a1d346831e2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 10 Dec 2016 01:55:37 -0800 Subject: [PATCH 041/416] Daily builds: use versions that indicate so. Fix #137. Signed-off-by: Kyle Fazzari --- .travis/cron.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis/cron.sh b/.travis/cron.sh index 0df2e2e..a39ec2a 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -6,13 +6,14 @@ latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable10.t rewrite_snapcraft_yaml() { sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$1|" snapcraft.yaml + sed -ri "s|(version:\s+).*$|\1$2|" snapcraft.yaml } echo "Requesting build of latest master..." git checkout -b edge origin/${TRAVIS_BRANCH} # Rewrite the snapcraft.yaml to pull from the latest master. -rewrite_snapcraft_yaml $latest_master_url +rewrite_snapcraft_yaml $latest_master_url "latest-master" # Commit the changes and push to edge to begin the edge build. git add . @@ -24,7 +25,7 @@ echo "Requesting build of latest stable..." git checkout -b beta origin/${TRAVIS_BRANCH} # Now rewrite the snapcraft.yaml to pull from the latest stable v10. -rewrite_snapcraft_yaml $latest_stable_url +rewrite_snapcraft_yaml $latest_stable_url "latest-stable10" # Commit the changes and push to beta to begin the beta build. git add . From 06dc74e8f1d0748317e562ba0ff732a99a93948b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 10 Dec 2016 02:05:40 -0800 Subject: [PATCH 042/416] Update Nextcloud to 10.0.2. Resolve #135. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 5d7c05d..2ea984f 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -121,7 +121,7 @@ parts: nextcloud: plugin: copy - source: https://download.nextcloud.com/server/releases/nextcloud-10.0.1.tar.bz2 + source: https://download.nextcloud.com/server/releases/nextcloud-10.0.2.tar.bz2 files: '*': htdocs/ '.htaccess': htdocs/ From e4cf21d6e40af0b1eec90a9a271d5c59009d855f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 10 Dec 2016 11:03:35 -0800 Subject: [PATCH 043/416] Update version to 10.0.2snap1. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- snapcraft.yaml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 46321cc..b2d5c6b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 10.0.2snap1 + - Update Nextcloud to 10.0.2. + - Daily builds: use versions that indicate so. + - CI: Re-enable strict host checking. + v 10.0.1snap4 - Fix Travis daily builds. diff --git a/README.md b/README.md index ff68a03..23ca2eb 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 10.0.1 +- Nextcloud 10.0.2 - Apache 2.4 - PHP 7 - MySQL 5.7 diff --git a/snapcraft.yaml b/snapcraft.yaml index 2ea984f..31f7362 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 10.0.1snap4 +version: 10.0.2snap1 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 31a623cc5d77f9ddbc1473076c027d13c0f6baeb Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 13 Dec 2016 09:00:11 -0800 Subject: [PATCH 044/416] Nextcloud: remove updater app. This does not result in an integrity check failure. Fix #32. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 31f7362..b58f53c 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -120,12 +120,17 @@ parts: src/apache/conf/*: conf/ nextcloud: - plugin: copy + plugin: dump source: https://download.nextcloud.com/server/releases/nextcloud-10.0.2.tar.bz2 - files: + organize: '*': htdocs/ - '.htaccess': htdocs/ - '.user.ini': htdocs/ + '.htaccess': htdocs/.htaccess + '.user.ini': htdocs/.user.ini + + # This snap automatically updates. No need to include the updater to nag + # users. This does not result in an integrity check failure. + snap: + - -htdocs/apps/updatenotification php: plugin: php From 48450ee920c7acea9823c0ea87724881c5d1ae7e Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 13 Dec 2016 08:56:52 -0800 Subject: [PATCH 045/416] Update Nextcloud to v11.0.0. Also change the daily beta to be stable11. Resolve #143. Signed-off-by: Kyle Fazzari --- .travis/cron.sh | 6 +++--- README.md | 2 +- snapcraft.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.travis/cron.sh b/.travis/cron.sh index a39ec2a..d0f9cdb 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -1,7 +1,7 @@ #!/bin/bash latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" -latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable10.tar.bz2" +latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable11.tar.bz2" rewrite_snapcraft_yaml() { @@ -24,8 +24,8 @@ git push deploy edge --force echo "Requesting build of latest stable..." git checkout -b beta origin/${TRAVIS_BRANCH} -# Now rewrite the snapcraft.yaml to pull from the latest stable v10. -rewrite_snapcraft_yaml $latest_stable_url "latest-stable10" +# Now rewrite the snapcraft.yaml to pull from the latest stable v11. +rewrite_snapcraft_yaml $latest_stable_url "latest-stable11" # Commit the changes and push to beta to begin the beta build. git add . diff --git a/README.md b/README.md index 23ca2eb..e82c8f9 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 10.0.2 +- Nextcloud 11.0.0 - Apache 2.4 - PHP 7 - MySQL 5.7 diff --git a/snapcraft.yaml b/snapcraft.yaml index b58f53c..72935bc 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -121,7 +121,7 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-10.0.2.tar.bz2 + source: https://download.nextcloud.com/server/releases/nextcloud-11.0.0.tar.bz2 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 4342d188b3ce774e7bd00e8880ce597dc49e6088 Mon Sep 17 00:00:00 2001 From: Leo Arias Date: Tue, 13 Dec 2016 11:36:51 -0600 Subject: [PATCH 046/416] Update to the new python plugin --- snapcraft.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 72935bc..8b8c86e 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -291,7 +291,8 @@ parts: src/delay-on-failure/delay-on-failure: bin/ certbot-nextcloud-plugin: - plugin: python2 + plugin: python + python-version: python2 source: src/https/ build-packages: [python-dev, libffi-dev] python-packages: [cffi] From d69e8ea435586a248858bf0458f5cbee9cf8b6cb Mon Sep 17 00:00:00 2001 From: Tom Cobb Date: Thu, 15 Dec 2016 08:12:14 +0000 Subject: [PATCH 047/416] Added mysqldump command Fixes #126 --- snapcraft.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 8b8c86e..cd051b7 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -49,6 +49,10 @@ apps: command: mysql --defaults-file=$SNAP_DATA/mysql/root.ini plugs: [network, network-bind] + mysqldump: + command: mysqldump --defaults-file=$SNAP_DATA/mysql/root.ini --lock-tables nextcloud + plugs: [network, network-bind] + # Nextcloud occ command occ: command: occ @@ -255,7 +259,6 @@ parts: - -bin/mysql_client_test - -bin/mysql_config* - -bin/mysqld_multi - - -bin/mysqldump* - -bin/mysqlimport - -bin/mysql_install_db - -bin/mysql_plugin From 27ab5d995743f9c10577e9fb4d7fb4dc920896d5 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 21 Dec 2016 14:56:23 -0800 Subject: [PATCH 048/416] Update Apache to v2.4.25. Resolve #152. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 8b8c86e..618831f 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -77,7 +77,7 @@ apps: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.23.tar.bz2 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.25.tar.bz2 # The built-in Apache modules to enable modules: From 8acd004c495d7ea0b40bb73b76e203bf6d72c796 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 21 Dec 2016 15:22:19 -0800 Subject: [PATCH 049/416] Update PHP to 7.1 Resolve #154. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 2 +- src/php/config/php.ini | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 8b8c86e..6a77492 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -134,7 +134,7 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.0.12.tar.gz/from/this/mirror + source: http://us1.php.net/get/php-7.1.0.tar.gz/from/this/mirror source-type: tar install-via: prefix configflags: diff --git a/src/php/config/php.ini b/src/php/config/php.ini index 85236ff..242b809 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -721,7 +721,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. ; http://php.net/extension-dir -extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20151012" +extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20160303" ; On windows: ; extension_dir = "ext" From 26b5b519be60fea439d281cb7d7e83ca6839f739 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 21 Dec 2016 16:10:56 -0800 Subject: [PATCH 050/416] Revert "Update PHP to 7.1" --- snapcraft.yaml | 2 +- src/php/config/php.ini | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 1103827..618831f 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -134,7 +134,7 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.1.0.tar.gz/from/this/mirror + source: http://us1.php.net/get/php-7.0.12.tar.gz/from/this/mirror source-type: tar install-via: prefix configflags: diff --git a/src/php/config/php.ini b/src/php/config/php.ini index 242b809..85236ff 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -721,7 +721,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. ; http://php.net/extension-dir -extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20160303" +extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20151012" ; On windows: ; extension_dir = "ext" From afe8a6f5852e0d931d0019fc3e03da54b4079979 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 4 Jan 2017 19:38:13 +0000 Subject: [PATCH 051/416] https: rewrite certbot plugin. Currently the certbot plugin used in the snap is a copy of the webroot plugin from upstream certbot with the chown bits commented out. However, it turns out that the webroot plugin as-written cannot be used as an external plugin. It's far more complicated than we needed anyway, so rewrite it to be exactly what we need. Fix #159. Signed-off-by: Kyle Fazzari --- src/https/certbot_nextcloud_plugin/webroot.py | 190 ++---------------- src/https/setup.py | 2 +- 2 files changed, 21 insertions(+), 171 deletions(-) diff --git a/src/https/certbot_nextcloud_plugin/webroot.py b/src/https/certbot_nextcloud_plugin/webroot.py index 38e01ce..3509f98 100644 --- a/src/https/certbot_nextcloud_plugin/webroot.py +++ b/src/https/certbot_nextcloud_plugin/webroot.py @@ -1,4 +1,4 @@ -"""Nextcloud webroot plugin.""" +"""Nextcloud Webroot plugin.""" import argparse import collections import errno @@ -27,36 +27,20 @@ class Authenticator(common.Plugin): """Nextcloud Webroot Authenticator.""" - description = "Place files in webroot directory" + description = "Place files in webroot directory without running chown" MORE_INFO = """\ Authenticator plugin that performs http-01 challenge by saving necessary validation resources to appropriate paths on the file system. It expects that there is some other HTTP server configured -to serve all files under specified web root ({0}). This differes -from the normal Webroot authenticator by the fact that this plugin -doesn't even attempt to use chown.""" +to serve all files under specified web root ({0}).""" def more_info(self): # pylint: disable=missing-docstring,no-self-use return self.MORE_INFO.format(self.conf("path")) @classmethod def add_parser_arguments(cls, add): - add("path", default=[], action=_WebrootPathAction, - help="public_html / webroot path. This can be specified multiple " - "times to handle different domains; each domain will have " - "the webroot path that preceded it. For instance: `-w " - "/var/www/example -d example.com -d www.example.com -w " - "/var/www/thing -d thing.net -d m.thing.net`") - add("map", default={}, action=_WebrootMapAction, - help="JSON dictionary mapping domains to webroot paths; this " - "implies -d for each entry. You may need to escape this from " - "your shell. E.g.: --webroot-map " - '\'{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}\' ' - "This option is merged with, but takes precedence over, -w / " - "-d entries. At present, if you put webroot-map in a config " - "file, it needs to be on a single line, like: webroot-map = " - '{"example.com":"/var/www"}.') + add("path", type=str, default='', help="public_html / webroot path") def get_chall_pref(self, domain): # pragma: no cover # pylint: disable=missing-docstring,no-self-use,unused-argument @@ -73,98 +57,25 @@ def prepare(self): # pylint: disable=missing-docstring def perform(self, achalls): # pylint: disable=missing-docstring self._set_webroots(achalls) - self._create_challenge_dirs() + self._create_challenge_dirs(achalls) return [self._perform_single(achall) for achall in achalls] def _set_webroots(self, achalls): - if self.conf("path"): - webroot_path = self.conf("path")[-1] - logger.info("Using the webroot path %s for all unmatched domains.", - webroot_path) - for achall in achalls: - self.conf("map").setdefault(achall.domain, webroot_path) - else: - known_webroots = list(set(six.itervalues(self.conf("map")))) - for achall in achalls: - if achall.domain not in self.conf("map"): - new_webroot = self._prompt_for_webroot(achall.domain, - known_webroots) - # Put the most recently input - # webroot first for easy selection - try: - known_webroots.remove(new_webroot) - except ValueError: - pass - known_webroots.insert(0, new_webroot) - self.conf("map")[achall.domain] = new_webroot - - def _prompt_for_webroot(self, domain, known_webroots): - webroot = None - - while webroot is None: - webroot = self._prompt_with_webroot_list(domain, known_webroots) - - if webroot is None: - webroot = self._prompt_for_new_webroot(domain) - - return webroot - - def _prompt_with_webroot_list(self, domain, known_webroots): - display = zope.component.getUtility(interfaces.IDisplay) - - while True: - code, index = display.menu( - "Select the webroot for {0}:".format(domain), - ["Enter a new webroot"] + known_webroots, - help_label="Help", cli_flag="--" + self.option_name("path")) - if code == display_util.CANCEL: - raise errors.PluginError( - "Every requested domain must have a " - "webroot when using the webroot plugin.") - elif code == display_util.HELP: - display.notification( - "To use the webroot plugin, you need to have an " - "HTTP server running on this system serving files " - "for the requested domain. Additionally, this " - "server should be serving all files contained in a " - "public_html or webroot directory. The webroot " - "plugin works by temporarily saving necessary " - "resources in the HTTP server's webroot directory " - "to pass domain validation challenges.") - else: # code == display_util.OK - return None if index == 0 else known_webroots[index - 1] - - def _prompt_for_new_webroot(self, domain): - display = zope.component.getUtility(interfaces.IDisplay) - - while True: - code, webroot = display.directory_select( - "Input the webroot for {0}:".format(domain)) - if code == display_util.HELP: - # Help can currently only be selected - # when using the ncurses interface - display.notification(display_util.DSELECT_HELP) - elif code == display_util.CANCEL: - return None - else: # code == display_util.OK - try: - return _validate_webroot(webroot) - except errors.PluginError as error: - display.notification(str(error), pause=False) - - def _create_challenge_dirs(self): - path_map = self.conf("map") - if not path_map: - raise errors.PluginError( - "Missing parts of webroot configuration; please set either " - "--webroot-path and --domains, or --webroot-map. Run with " - " --help webroot for examples.") - for name, path in path_map.items(): - self.full_roots[name] = os.path.join(path, challenges.HTTP01.URI_ROOT_PATH) + if not self.conf("path"): + raise errors.PluginError("Missing path") + + webroot_path = self.conf("path")[-1] + logger.info("Using the webroot path %s for all domains.", + webroot_path) + + def _create_challenge_dirs(self, achalls): + for achall in achalls: + self.full_roots[achall.domain] = os.path.join( + self.conf("path"), challenges.HTTP01.URI_ROOT_PATH) logger.debug("Creating root challenges validation dir at %s", - self.full_roots[name]) + self.conf("path")) # Change the permissions to be writable (GH #1389) # Umask is used instead of chmod to ensure the client can also @@ -175,22 +86,13 @@ def _create_challenge_dirs(self): # This is coupled with the "umask" call above because # os.makedirs's "mode" parameter may not always work: # https://stackoverflow.com/questions/5231901/permission-problems-when-creating-a-dir-with-os-makedirs-python - os.makedirs(self.full_roots[name], 0o0755) - - # Set owner as parent directory if possible -# try: -# stat_path = os.stat(path) -# os.chown(self.full_roots[name], stat_path.st_uid, -# stat_path.st_gid) -# except OSError as exception: -# logger.info("Unable to change owner and uid of webroot directory") -# logger.debug("Error was: %s", exception) + os.makedirs(self.full_roots[achall.domain], 0o0755) except OSError as exception: if exception.errno != errno.EEXIST: raise errors.PluginError( "Couldn't create root for {0} http-01 " - "challenge responses: {1}", name, exception) + "challenge responses: {1}", achall.domain, exception) finally: os.umask(old_umask) @@ -208,7 +110,7 @@ def _perform_single(self, achall): old_umask = os.umask(0o022) try: - with open(validation_path, "w") as validation_file: + with open(validation_path, "wb") as validation_file: validation_file.write(validation.encode()) finally: os.umask(old_umask) @@ -236,55 +138,3 @@ def cleanup(self, achalls): # pylint: disable=missing-docstring logger.info( "Unable to clean up challenge directory %s", root_path) logger.debug("Error was: %s", exc) - - -class _WebrootMapAction(argparse.Action): - """Action class for parsing webroot_map.""" - - def __call__(self, parser, namespace, webroot_map, option_string=None): - for domains, webroot_path in six.iteritems(json.loads(webroot_map)): - webroot_path = _validate_webroot(webroot_path) - namespace.webroot_map.update( - (d, webroot_path) for d in cli.add_domains(namespace, domains)) - - -class _WebrootPathAction(argparse.Action): - """Action class for parsing webroot_path.""" - - def __init__(self, *args, **kwargs): - super(_WebrootPathAction, self).__init__(*args, **kwargs) - self._domain_before_webroot = False - - def __call__(self, parser, namespace, webroot_path, option_string=None): - if self._domain_before_webroot: - raise errors.PluginError( - "If you specify multiple webroot paths, " - "one of them must precede all domain flags") - - current_path = getattr(namespace, self.dest) - if current_path: - # Apply previous webroot to all matched - # domains before setting the new webroot path - prev_webroot = current_path[-1] - for domain in namespace.domains: - namespace.webroot_map.setdefault(domain, prev_webroot) - elif namespace.domains: - self._domain_before_webroot = True - - current_path.append(_validate_webroot(webroot_path)) - setattr(namespace, self.dest, current_path) - - -def _validate_webroot(webroot_path): - """Validates and returns the absolute path of webroot_path. - - :param str webroot_path: path to the webroot directory - - :returns: absolute path of webroot_path - :rtype: str - - """ - if not os.path.isdir(webroot_path): - raise errors.PluginError(webroot_path + " does not exist or is not a directory") - - return os.path.abspath(webroot_path) diff --git a/src/https/setup.py b/src/https/setup.py index 55603d6..971f0ea 100644 --- a/src/https/setup.py +++ b/src/https/setup.py @@ -5,7 +5,7 @@ name='nextcloud', packages=find_packages(), install_requires=[ - 'certbot', + 'certbot==0.9.3', 'zope.interface', ], entry_points={ From 5ee8d6f0e3964c2b15a41d4067a4b236cd4783b9 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 5 Jan 2017 17:04:16 -0800 Subject: [PATCH 052/416] Update version to 11.0.0snap1. Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 7 +++++++ snapcraft.yaml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index b2d5c6b..b2daeae 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +v 11.0.0snap1 + - https: rewrite certbot plugin. + - apache: update to v2.4.25. + - snapcraft: start using new python plugin. + - nextcloud: update to v11.0.0. + - nextcloud: remove updater app. + v 10.0.2snap1 - Update Nextcloud to 10.0.2. - Daily builds: use versions that indicate so. diff --git a/snapcraft.yaml b/snapcraft.yaml index 618831f..a306ba2 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 10.0.2snap1 +version: 11.0.0snap1 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From f564958afea1d52e73233ea855ca4ba579bb0ede Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 6 Jan 2017 10:49:39 -0800 Subject: [PATCH 053/416] https: add 'map' parameter back to certbot plugin. Also restart apache if the certificates are renewed. Fix #159 again. Signed-off-by: Kyle Fazzari --- src/https/certbot_nextcloud_plugin/webroot.py | 19 ++++++++++--------- src/https/scripts/renew-certs | 3 ++- src/https/scripts/restart-apache | 5 +++++ 3 files changed, 17 insertions(+), 10 deletions(-) create mode 100755 src/https/scripts/restart-apache diff --git a/src/https/certbot_nextcloud_plugin/webroot.py b/src/https/certbot_nextcloud_plugin/webroot.py index 3509f98..97a41d0 100644 --- a/src/https/certbot_nextcloud_plugin/webroot.py +++ b/src/https/certbot_nextcloud_plugin/webroot.py @@ -41,6 +41,7 @@ def more_info(self): # pylint: disable=missing-docstring,no-self-use @classmethod def add_parser_arguments(cls, add): add("path", type=str, default='', help="public_html / webroot path") + add("map", default={}, help="Not used. Left for backward compatibility.") def get_chall_pref(self, domain): # pragma: no cover # pylint: disable=missing-docstring,no-self-use,unused-argument @@ -55,20 +56,20 @@ def prepare(self): # pylint: disable=missing-docstring pass def perform(self, achalls): # pylint: disable=missing-docstring - self._set_webroots(achalls) + webroot_path = self.conf("path") + if not webroot_path: + raise errors.PluginError("Missing path") + + # The previous version had this as an array, but it gets loaded as + # a string. Just strip off the braces and quotes. + setattr(self.config, self.dest("path"), webroot_path.strip("[]'")) + logger.info("Using the webroot path %s for all domains.", + self.conf("path")) self._create_challenge_dirs(achalls) return [self._perform_single(achall) for achall in achalls] - def _set_webroots(self, achalls): - if not self.conf("path"): - raise errors.PluginError("Missing path") - - webroot_path = self.conf("path")[-1] - logger.info("Using the webroot path %s for all domains.", - webroot_path) - def _create_challenge_dirs(self, achalls): for achall in achalls: self.full_roots[achall.domain] = os.path.join( diff --git a/src/https/scripts/renew-certs b/src/https/scripts/renew-certs index 0359371..83647b8 100755 --- a/src/https/scripts/renew-certs +++ b/src/https/scripts/renew-certs @@ -16,6 +16,7 @@ while true; do if [ $difference -lt $seconds_to_renew ]; then echo "Renewing self-signed certificate" generate_self_signed_certificate + restart_apache_if_running else echo "Self-signed certificates aren't due for renewal" fi @@ -23,7 +24,7 @@ while true; do # No need to check the Let's Encrypt certificates-- they'll only # renew if they're within 30 days of expiration. - run_certbot renew + run_certbot renew --post-hook "restart-apache" sleep 1d # Run once a day done diff --git a/src/https/scripts/restart-apache b/src/https/scripts/restart-apache new file mode 100755 index 0000000..95e8836 --- /dev/null +++ b/src/https/scripts/restart-apache @@ -0,0 +1,5 @@ +#!/bin/sh + +. $SNAP/utilities/https-utilities + +restart_apache_if_running From 84c1084b3ddcfb8b1237a9a64f499e45bdea7ec7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 6 Jan 2017 12:39:57 -0800 Subject: [PATCH 054/416] Update version to 11.0.0snap2. Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ snapcraft.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index b2daeae..9b5b339 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 11.0.0snap2 + - https: add 'map' parameter back to certbot plugin. + v 11.0.0snap1 - https: rewrite certbot plugin. - apache: update to v2.4.25. diff --git a/snapcraft.yaml b/snapcraft.yaml index a306ba2..b1205fd 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.0snap1 +version: 11.0.0snap2 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From d7c276d10f2a346ea3d3c15209b10964037d29d2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 6 Jan 2017 14:45:01 -0800 Subject: [PATCH 055/416] dailies: fix overly-fragile version regex. Fix #166. Signed-off-by: Kyle Fazzari --- .travis/cron.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis/cron.sh b/.travis/cron.sh index d0f9cdb..196f2c2 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -6,7 +6,7 @@ latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable11.t rewrite_snapcraft_yaml() { sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$1|" snapcraft.yaml - sed -ri "s|(version:\s+).*$|\1$2|" snapcraft.yaml + sed -ri "s|(^version:\s+).*$|\1$2|" snapcraft.yaml } echo "Requesting build of latest master..." From 96cc43f1a529cb17c35e03a95e07dbbd39f8e390 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 6 Jan 2017 15:17:26 -0800 Subject: [PATCH 056/416] Update version to 11.0.0snap3. Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ snapcraft.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 9b5b339..8ac7eef 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 11.0.0snap3 + - dailies: fix overly-fragile version regex. + v 11.0.0snap2 - https: add 'map' parameter back to certbot plugin. diff --git a/snapcraft.yaml b/snapcraft.yaml index b1205fd..52c07ef 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.0snap2 +version: 11.0.0snap3 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 6fe9ac21469314730341ab1865a4fc9d810b30d2 Mon Sep 17 00:00:00 2001 From: Neil McPhail Date: Fri, 20 Jan 2017 22:37:08 +0000 Subject: [PATCH 057/416] Allow standard .well-known paths to work Make the alias for acme-challenge less greedy. Include the rewrites from htaccess in the correct directory Fix #111 --- src/apache/conf/httpd.conf | 22 +++++++++------------- src/apache/conf/ssl.conf | 6 ------ 2 files changed, 9 insertions(+), 19 deletions(-) diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index 21638df..49aba8d 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -121,6 +121,13 @@ DocumentRoot "${SNAP}/htdocs" # Controls who can get stuff from this server. # Require all granted + + # Include Nextcloud's .htaccess file directly. In a typical setup this would + # be dangerous since it increases the capability of the .htaccess file in + # case an attacker was able to modify it, but that's not actually possible + # on Snappy (since the .htaccess file is read-only) so we'll do it here so + # as to avoid manually copying it in and needing to maintain it. + Include ${SNAP}/htdocs/.htaccess # Serve static assets for apps in a writable location. @@ -131,8 +138,8 @@ Alias "/extra-apps" "${SNAP_DATA}/nextcloud/extra-apps" # Serve ACME authentication data (Let's Encrypt). -Alias "/.well-known" "${SNAP_DATA}/certs/certbot/.well-known" - +Alias "/.well-known/acme-challenge" "${SNAP_DATA}/certs/certbot/.well-known/acme-challenge" + AllowOverride None Require all granted @@ -177,14 +184,3 @@ TypesConfig conf/mime.types Include ${SNAP}/conf/ssl.conf - - # In this case, we're HTTP only. - - # Include Nextcloud's .htaccess file directly. In a typical setup this would - # be dangerous since it increases the capability of the .htaccess file in - # case an attacker was able to modify it, but that's not actually possible - # on Snappy (since the .htaccess file is read-only) so we'll do it here so - # as to avoid manually copying it in and needing to maintain it. - Include ${SNAP}/htdocs/.htaccess - - diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index 560aadc..5d708c1 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -79,12 +79,6 @@ SSLRandomSeed connect file:/dev/urandom 512 # Virtual host for HTTPS. - # Include Nextcloud's .htaccess file directly. In a typical setup this would - # be dangerous since it increases the capability of the .htaccess file in - # case an attacker was able to modify it, but that's not actually possible - # on Snappy (since the .htaccess file is read-only) so we'll do it here so - # as to avoid manually copying it in and needing to maintain it. - Include ${SNAP}/htdocs/.htaccess SSLEngine on SSLHonorCipherOrder On From 3814f271fe4b6834242f072913e6d5e5cba56d67 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 20 Jan 2017 19:19:48 -0800 Subject: [PATCH 058/416] nextcloud: upgrade to 11.0.1. Resolve #177. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 657ecbd..7c34e55 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -125,7 +125,7 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.0.tar.bz2 + source: https://download.nextcloud.com/server/releases/nextcloud-11.0.1.tar.bz2 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 7269792e8529dd6842d84b1869a0e7cb750254a4 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 21 Jan 2017 09:42:32 -0800 Subject: [PATCH 059/416] php: upgrade to 7.1.1. Resolve #173. Signed-off-by: Kyle Fazzari --- README.md | 4 ++-- snapcraft.yaml | 2 +- src/php/config/php.ini | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e82c8f9..988312b 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 11.0.0 +- Nextcloud 11.0.1 - Apache 2.4 -- PHP 7 +- PHP 7.1 - MySQL 5.7 - Redis 3.2 - mDNS for network discovery diff --git a/snapcraft.yaml b/snapcraft.yaml index 7c34e55..c9ef279 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -138,7 +138,7 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.0.12.tar.gz/from/this/mirror + source: http://us1.php.net/get/php-7.1.1.tar.bz2/from/this/mirror source-type: tar install-via: prefix configflags: diff --git a/src/php/config/php.ini b/src/php/config/php.ini index 85236ff..242b809 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -721,7 +721,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. ; http://php.net/extension-dir -extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20151012" +extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20160303" ; On windows: ; extension_dir = "ext" From 55b60385f38c5063b0c231063367bbb830e05582 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 21 Jan 2017 11:23:19 -0800 Subject: [PATCH 060/416] redis: upgrade to 3.2.6. Resolve #95. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index c9ef279..56ecbfe 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -184,7 +184,7 @@ parts: redis: plugin: redis - source: http://download.redis.io/releases/redis-3.2.1.tar.gz + source: http://download.redis.io/releases/redis-3.2.6.tar.gz redis-customizations: plugin: copy From 090280246d432455bb9658e69531612958d8e4c8 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 21 Jan 2017 13:16:46 -0800 Subject: [PATCH 061/416] Update version to 11.0.1snap1. Also update README and CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 7 +++++++ README.md | 9 +++++++-- snapcraft.yaml | 2 +- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 8ac7eef..b0262e3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +v 11.0.1snap1 + - redis: upgrade to 3.2.6. + - php: upgrade to 7.1.1. + - nextcloud: upgrade to 11.0.1. + - apache: allow standard .well-known paths to work. + - mysql: add mysqldump command. + v 11.0.0snap3 - dailies: fix overly-fragile version regex. diff --git a/README.md b/README.md index 988312b..c2618e3 100644 --- a/README.md +++ b/README.md @@ -54,12 +54,17 @@ There are a few CLI utilities included: - MySQL client preconfigured to communicate with Nextcloud MySQL server. This may be useful in case you need to migrate Nextcloud installations. Note that it requires `sudo`. +- `nextcloud.mysqldump`: + - Dump Nextcloud database to stdout. You should probaby redirect its output + to a file. Note that it requires `sudo`. - `nextcloud.enable-https`: - Enable HTTPS, either via self-signed certificates or via Let's Encrypt. HTTP will redirect to HTTPS. The certificates will automatically be kept - up-to-date. See `nextcloud.enable-https -h` for more information. + up-to-date. See `nextcloud.enable-https -h` for more information. Note + that it requires `sudo`. - `nextcloud.disable-https`: - - Disable HTTPS (does not remove certificates). + - Disable HTTPS (does not remove certificates). Note that it requires + `sudo`. ## Where is my stuff? diff --git a/snapcraft.yaml b/snapcraft.yaml index 56ecbfe..7439f42 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.0snap3 +version: 11.0.1snap1 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 64e1894465a7b25d57910c49861d7e484d872e9d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 23 Jan 2017 13:13:15 -0800 Subject: [PATCH 062/416] php: downgrade to 7.0.15. Not all of Nextcloud and its apps work with PHP v7.1. Fix #194. Signed-off-by: Kyle Fazzari --- README.md | 2 +- parts/plugins/x-php.py | 6 ------ snapcraft.yaml | 14 +++++++------- src/php/config/php.ini | 2 +- 4 files changed, 9 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index c2618e3..1aa5f28 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Nextcloud server packaged as a snap. It consists of: - Nextcloud 11.0.1 - Apache 2.4 -- PHP 7.1 +- PHP 7 - MySQL 5.7 - Redis 3.2 - mDNS for network discovery diff --git a/parts/plugins/x-php.py b/parts/plugins/x-php.py index dd7edbb..1182b9b 100644 --- a/parts/plugins/x-php.py +++ b/parts/plugins/x-php.py @@ -96,12 +96,6 @@ def clean_pull(self): if os.path.exists(self.extensions_directory): shutil.rmtree(self.extensions_directory) - def run(self, cmd, cwd=None, **kwargs): - env = os.environ.copy() - env['CFLAGS'] = '-O2' - - super().run(cmd, cwd=cwd, env=env, **kwargs) - def build(self): super().build() diff --git a/snapcraft.yaml b/snapcraft.yaml index 7439f42..fff7556 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -114,7 +114,7 @@ parts: - -bin/envvars* stage: - $exclude - snap: + prime: - $exclude apache-customizations: @@ -133,12 +133,12 @@ parts: # This snap automatically updates. No need to include the updater to nag # users. This does not result in an integrity check failure. - snap: + prime: - -htdocs/apps/updatenotification php: plugin: php - source: http://us1.php.net/get/php-7.1.1.tar.bz2/from/this/mirror + source: http://us1.php.net/get/php-7.0.15.tar.bz2/from/this/mirror source-type: tar install-via: prefix configflags: @@ -171,7 +171,7 @@ parts: - libjpeg9-dev - libbz2-dev - libmcrypt-dev - snap: + prime: - -sbin/ - -etc/ organize: @@ -214,7 +214,7 @@ parts: source: http://sourceforge.net/projects/boost/files/boost/1.59.0/boost_1_59_0.tar.gz files: '*': boost/ - snap: + prime: - -* mysql: @@ -246,7 +246,7 @@ parts: stage: # Remove scripts that we'll be replacing with our own - -support-files/mysql.server - snap: + prime: # Remove scripts that we'll be replacing with our own - -support-files/mysql.server @@ -307,4 +307,4 @@ parts: src/https/utilities/*: utilities/ stage-packages: [openssl] stage: [-etc/ssl] - snap: [-etc/ssl] + prime: [-etc/ssl] diff --git a/src/php/config/php.ini b/src/php/config/php.ini index 242b809..85236ff 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -721,7 +721,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. ; http://php.net/extension-dir -extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20160303" +extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20151012" ; On windows: ; extension_dir = "ext" From c4c1a73ab6b6b9884e9136376dbdf55378f20181 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 23 Jan 2017 17:19:36 -0800 Subject: [PATCH 063/416] Update version to 11.0.1snap2. Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ snapcraft.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index b0262e3..a9f7cb4 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 11.0.1snap2 + - php: downgrade to 7.0.15. + v 11.0.1snap1 - redis: upgrade to 3.2.6. - php: upgrade to 7.1.1. diff --git a/snapcraft.yaml b/snapcraft.yaml index fff7556..c20fc4b 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.1snap1 +version: 11.0.1snap2 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 60e79bcbc73370a2abb7a5789ec837e3acccf255 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 26 Jan 2017 17:06:47 -0800 Subject: [PATCH 064/416] https: support custom certificates. This actually involved a bit of a rewrite of the `nextcloud.enable-https` script. Instead of using purely opaque options, it now uses subcommands with their own options and help output. This hopefully makes it easier to use. Fix #199. Signed-off-by: Kyle Fazzari --- src/apache/scripts/httpd-wrapper | 6 +- src/apache/scripts/run-httpd | 6 +- src/https/scripts/enable-https | 303 +++++++++++++++++++++------- src/https/utilities/https-utilities | 63 +++++- 4 files changed, 295 insertions(+), 83 deletions(-) diff --git a/src/apache/scripts/httpd-wrapper b/src/apache/scripts/httpd-wrapper index 68fdd5a..2592da0 100755 --- a/src/apache/scripts/httpd-wrapper +++ b/src/apache/scripts/httpd-wrapper @@ -7,9 +7,9 @@ if certificates_are_active; then echo "Certificates have been activated: using HTTPS only" params="$params -DEnableHTTPS" - # Only enable HSTS if the certificate is not self-signed. - if ! self_signed_certificates_are_active; then - echo "Certificates don't appear self-signed: enabling HSTS" + # Enable HSTS if possible + if should_enable_hsts; then + echo "Certificates look to be in order: enabling HSTS" params="$params -DEnableHSTS" else echo "Certificates appear self-signed: disabling HSTS" diff --git a/src/apache/scripts/run-httpd b/src/apache/scripts/run-httpd index 7c8ba0f..fbf858d 100755 --- a/src/apache/scripts/run-httpd +++ b/src/apache/scripts/run-httpd @@ -17,9 +17,13 @@ echo "All set! Running httpd..." # Rewrite live cert symlinks that aren't using the current symlink. # FIXME: Remove this migration once epochs and upgrade hooks are available. if certificates_are_active; then + live_basename="$(basename $(realpath $LIVE_CERTS_DIRECTORY))" self_signed_basename="$(basename $SELF_SIGNED_DIRECTORY)" - if [ "$(basename $(realpath $LIVE_CERTS_DIRECTORY))" = "$self_signed_basename" ]; then + custom_basename="$(basename $CUSTOM_DIRECTORY)" + if [ "$live_basename" = "$self_signed_basename" ]; then activate_self_signed_certificate + elif [ "$live_basename" = "$custom_basename" ]; then + activate_custom_certificate else activate_certbot_certificate fi diff --git a/src/https/scripts/enable-https b/src/https/scripts/enable-https index 94a68c6..5c3280e 100755 --- a/src/https/scripts/enable-https +++ b/src/https/scripts/enable-https @@ -2,81 +2,88 @@ . $SNAP/utilities/https-utilities -extra_params="" -cert_type="" -dry_run=false +COMMAND="nextcloud.enable-https" -while getopts ":dtsh" opt; do - case $opt in - d) - extra_params="$extra_params --dry-run" - dry_run=true - ;; - t) extra_params="$extra_params --test-cert";; - s) cert_type="self-signed";; - h) - echo "Usage:" - echo " $0 [-h -t -d -s]" - echo "" - echo " Run without any arguments this script will obtain a" - echo " certificate from Let's Encrypt and automatically keep" - echo " it up to date." - echo "" - echo " -t: Obtain a test certificate. This is a valid Let's" - echo " Encrypt certificate, but is not signed by a" - echo " recognized CA, so browsers won't accept it." - echo " -d: Dry run: don't actually obtain/install certificates" - echo " from Let's Encrypt, but make sure it's possible." - echo " -s: Generate and use a self-signed certificate. This" - echo " is easier to setup than Let's Encrypt certificates," - echo " but will cause warnings in browsers." - exit 0 - ;; - \?) - echo "Invalid option: -$OPTARG" - exit 1 - ;; - esac -done +print_usage() +{ + echo "Usage:" + echo " $COMMAND -h" + echo " Display this help message." + echo "" + echo " $COMMAND [OPTIONS]" + echo " Run the provided subcommand." + echo "" + echo "Available subcommands:" + echo " lets-encrypt [OPTIONS]" + echo " Obtain a certificate from Let's Encrypt and automatically keep it" + echo " up-to-date." + echo "" + echo " self-signed" + echo " Generate and use a self-signed certificate. This is easier to" + echo " setup than Let's Encrypt certificates, but will cause warnings in" + echo " browsers." + echo "" + echo " custom [OPTIONS]" + echo " Use certificates generated by other means." +} -if [ $(id -u) -ne 0 ]; then - echo "This utility needs to run as root" - exit 1 -fi +handle_lets_encrypt() +{ + extra_params="" + dry_run=false -if [ "$cert_type" = "self-signed" ]; then - echo -n "Generating key and self-signed certificate... " - output=$(generate_self_signed_certificate 2>&1) - if [ $? -ne 0 ]; then - echo "error:" - echo "$output" - exit 1 - fi + while getopts ":dth" opt; do + case $opt in + d) + extra_params="$extra_params --dry-run" + dry_run=true + ;; + t) extra_params="$extra_params --test-cert";; + h) + echo "Usage:" + echo " $COMMAND lets-encrypt [-h -t -d]" + echo "" + echo " Obtain a certificate from Let's Encrypt and" + echo " automatically keep it up to date." + echo "" + echo " -h: Display this help message" + echo " -t: Obtain a test certificate. This is a valid Let's" + echo " Encrypt certificate, but is not signed by a" + echo " recognized CA, so browsers will show a warning." + echo " -d: Dry run: don't actually obtain/install" + echo " certificates from Let's Encrypt, but make sure" + echo " it's possible." + exit 0 + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + esac + done - echo "done" - activate_self_signed_certificate -else - echo "In order for Let's Encrypt to verify that you actually own the domain for" - echo "which you're requesting a certificate, there are a number of requirements" - echo "of which you need to be aware:" + echo "In order for Let's Encrypt to verify that you actually own the" + echo "domain(s) for which you're requesting a certificate, there are a" + echo "number of requirements of which you need to be aware:" echo "" - echo "1. In order to register with the Let's Encrypt ACME server, you must agree" - echo " to the currently-in-effect Subscriber Agreement located here:" + echo "1. In order to register with the Let's Encrypt ACME server, you must" + echo " agree to the currently-in-effect Subscriber Agreement located" + echo " here:" echo "" echo " https://letsencrypt.org/repository/" echo "" - echo " By continuing to use this tool you agree to these terms. Please cancel" - echo " now if otherwise." + echo " By continuing to use this tool you agree to these terms. Please" + echo " cancel now if otherwise." echo "" echo "2. You must have the domain name(s) for which you want certificates" echo " pointing at the external IP address of this machine." echo "" - echo "3. Both ports 80 and 443 on the external IP address of this machine must" - echo " point to this machine (e.g. port forwarding might need to be setup on" - echo " your router)." + echo "3. Both ports 80 and 443 on the external IP address of this machine" + echo " must point to this machine (e.g. port forwarding might need to be" + echo " setup on your router)." echo "" while true; do @@ -98,24 +105,164 @@ else echo -n "Attempting to obtain certificates... " output=$(run_certbot certonly $extra_params \ - --authenticator nextcloud:webroot \ - --nextcloud:webroot-path $CERTBOT_DIRECTORY \ - --rsa-key-size 4096 \ - --email $email \ - --non-interactive \ - --agree-tos \ - --force-renewal \ - $domains 2>&1) - if [ $? -eq 0 ]; then - echo "done" - if [ "$dry_run" = true ]; then - echo "Looks like you're ready for HTTPS!" - else - activate_certbot_certificate - fi + --authenticator nextcloud:webroot \ + --nextcloud:webroot-path $CERTBOT_DIRECTORY \ + --rsa-key-size 4096 \ + --email $email \ + --non-interactive \ + --agree-tos \ + --force-renewal \ + $domains 2>&1) + if [ $? -ne 0 ]; then + echo "error running certbot:" >&2 + echo "" >&2 + echo "$output" >&2 + exit 1 + fi + + echo "done" + if [ "$dry_run" = true ]; then + echo "Looks like you're ready for HTTPS!" else - echo "error running certbot:" - echo "" - echo "$output" + activate_certbot_certificate fi +} + +handle_self_signed() +{ + while getopts ":h" opt; do + case $opt in + h) + echo "Usage:" + echo " $COMMAND self-signed [-h]" + echo "" + echo " Generate and use a self-signed certificate. This is" + echo " easier to setup than Let's Encrypt certificates, but" + echo " will cause warnings in browsers." + echo "" + echo " -h: Display this help message" + exit 0 + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + esac + done + + echo -n "Generating key and self-signed certificate... " + output=$(generate_self_signed_certificate 2>&1) + if [ $? -ne 0 ]; then + echo "error:" >&2 + echo "$output" >&2 + exit 1 + fi + + echo "done" + activate_self_signed_certificate +} + +handle_custom() +{ + enable_hsts=false + + while getopts ":hs" opt; do + case $opt in + h) + echo "Usage:" + echo " $COMMAND custom [-h -s] " + echo "" + echo " Use certificates generated by other means. Note that" + echo " the files provided to this command must be readable" + echo " by the snap, which means they must contained in one" + echo " of four directory trees:" + echo " - $SNAP_CURRENT" + echo " - $SNAP_COMMON" + echo " - $SNAP_USER_DATA" + echo " - $SNAP_USER_COMMON" + echo "" + echo " Also note that this command will create copies of the" + echo " files provided; if this command completes" + echo " successfully, they can be safely removed." + echo "" + echo " -h: Display this help message." + echo " -s: Enable HTTP Strict Transport Security (HSTS)" + echo " (default is off-- leave off if self-signed)." + exit 0 + ;; + s) + enable_hsts=true + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + esac + done + shift $((OPTIND-1)) + + if [ $# -ne 3 ]; then + echo -n "This subcommand requires three positional parameters: " >&2 + echo " " >&2 + exit 1 + fi + + certificate=$1 + private_key=$2 + chain=$3 + + echo -n "Installing custom certificate... " + output=$(install_custom_certificate \ + $certificate $private_key $chain $enable_hsts 2>&1) + if [ $? -ne 0 ]; then + echo "error:" >&2 + echo "$output" >&2 + exit 1 + fi + + echo "done" + activate_custom_certificate +} + +if [ $(id -u) -ne 0 ]; then + echo "This utility needs to run as root" + exit 1 fi + +# Parse options for the base command +while getopts ":h" opt; do + case $opt in + h) + print_usage + exit 0 + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + esac +done +shift $((OPTIND-1)) + +if [ $# = 0 ]; then + echo "Missing subcommand. Run '$COMMAND -h' for help." >&2 + exit 1 +fi + +subcommand=$1 +shift # Remove subcommand from args +case $subcommand in + lets-encrypt) + handle_lets_encrypt "$@" + ;; + self-signed) + handle_self_signed "$@" + ;; + custom) + handle_custom "$@" + ;; + *) + echo "No such subcommand: $subcommand. Run '$COMMAND -h' for help." >&2 + exit 1 + ;; +esac diff --git a/src/https/utilities/https-utilities b/src/https/utilities/https-utilities index 9332765..b32c5ce 100755 --- a/src/https/utilities/https-utilities +++ b/src/https/utilities/https-utilities @@ -12,6 +12,12 @@ SELF_SIGNED_KEY=$SELF_SIGNED_DIRECTORY/privkey.pem SELF_SIGNED_CERT=$SELF_SIGNED_DIRECTORY/cert.pem SELF_SIGNED_CHAIN=$SELF_SIGNED_DIRECTORY/chain.pem +CUSTOM_DIRECTORY=$SNAP_CURRENT/certs/custom +CUSTOM_KEY=$CUSTOM_DIRECTORY/privkey.pem +CUSTOM_CERT=$CUSTOM_DIRECTORY/cert.pem +CUSTOM_CHAIN=$CUSTOM_DIRECTORY/chain.pem +CUSTOM_ENABLE_HSTS=$CUSTOM_DIRECTORY/hsts + CERTBOT_DIRECTORY=$SNAP_CURRENT/certs/certbot CERTBOT_LIVE_DIRECTORY=$CERTBOT_DIRECTORY/config/live @@ -41,7 +47,46 @@ activate_self_signed_certificate() self_signed_certificates_are_active() { - [ "$(realpath $LIVE_CERTS_DIRECTORY)" = "$SELF_SIGNED_DIRECTORY" ] + live_path="$(realpath $LIVE_CERTS_DIRECTORY)" + self_signed_path="$(realpath $SELF_SIGNED_DIRECTORY)" + + [ "$live_path" = "$self_signed_path" ] +} + +# If this function is run multiple times it will replace the certificate +# and key if they're already present. +install_custom_certificate() +{ + enable_hsts=$4 + + mkdir -p -m 750 $(dirname $CUSTOM_KEY) + mkdir -p -m 750 $(dirname $CUSTOM_CERT) + mkdir -p -m 750 $(dirname $CUSTOM_CHAIN) + + cp $1 $CUSTOM_CERT + cp $2 $CUSTOM_KEY + cp $3 $CUSTOM_CHAIN + + if [ "$enable_hsts" = true ]; then + touch $CUSTOM_ENABLE_HSTS + else + rm -f $CUSTOM_ENABLE_HSTS + fi +} + +activate_custom_certificate() +{ + deactivate_certificates + ln -s $CUSTOM_DIRECTORY $LIVE_CERTS_DIRECTORY + restart_apache_if_running +} + +custom_certificates_are_active() +{ + live_path="$(realpath $LIVE_CERTS_DIRECTORY)" + custom_path="$(realpath $CUSTOM_DIRECTORY)" + + [ "$live_path" = "$custom_path" ] } certificates_are_active() @@ -66,6 +111,22 @@ activate_certbot_certificate() restart_apache_if_running } +should_enable_hsts() +{ + # Don't enable HSTS for self-signed certs + if self_signed_certificates_are_active; then + return 1 + fi + + # Don't enable HSTS for custom certificates unless requested + if custom_certificates_are_active && [ ! -f $CUSTOM_ENABLE_HSTS ]; then + return 1 + fi + + # For everything else (i.e. Let's Encrypt), enable it. + return 0 +} + # Run a certbot instance that writes to snap-writable data. run_certbot() { From 83f6eecf5c240c41782e12b8544f81305b6193cb Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 3 Feb 2017 10:19:00 -0800 Subject: [PATCH 065/416] Update version to 11.0.1snap3. Also update CHANGELOG and README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 8 ++++---- snapcraft.yaml | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a9f7cb4..9b7f7ee 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 11.0.1snap3 + - https: support custom certificates. + v 11.0.1snap2 - php: downgrade to 7.0.15. diff --git a/README.md b/README.md index 1aa5f28..7b63c10 100644 --- a/README.md +++ b/README.md @@ -58,10 +58,10 @@ There are a few CLI utilities included: - Dump Nextcloud database to stdout. You should probaby redirect its output to a file. Note that it requires `sudo`. - `nextcloud.enable-https`: - - Enable HTTPS, either via self-signed certificates or via Let's Encrypt. - HTTP will redirect to HTTPS. The certificates will automatically be kept - up-to-date. See `nextcloud.enable-https -h` for more information. Note - that it requires `sudo`. + - Enable HTTPS via self-signed certificates, Let's Encrypt, or custom + certificates. HTTP will redirect to HTTPS. Non-custom certificates will + automatically be kept up-to-date. See `nextcloud.enable-https -h` for more + information. Note that it requires `sudo`. - `nextcloud.disable-https`: - Disable HTTPS (does not remove certificates). Note that it requires `sudo`. diff --git a/snapcraft.yaml b/snapcraft.yaml index c20fc4b..923c187 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.1snap2 +version: 11.0.1snap3 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 3221d7aba9575607cc6d77df18af721105404a53 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 3 Mar 2017 12:35:57 -0800 Subject: [PATCH 066/416] many: place all pidfiles and sockets in /tmp. Until recently, /tmp within a snap was unique to the app in the snap. This meant that any sockets or pidfiles placed into /tmp in app A was not accessible from app B (as it saw a separate /tmp). As of snap-confine v1.0.43, this is no longer the case. /tmp is now unique snap-wide: /tmp for app A is the same /tmp as app B as long as both apps are contained within the same snap. This finally gives us a place accessible from confinement that's wiped on each boot. It's the place to put pidfiles and sockets so hard reboots don't cause future failures. Fix #151. Signed-off-by: Kyle Fazzari --- snapcraft.yaml | 5 ++++ src/apache/conf/httpd.conf | 4 +-- src/apache/scripts/httpd-wrapper | 2 ++ src/apache/utilities/apache-utilities | 24 +++++++++++++++ src/https/utilities/https-utilities | 23 ++------------ src/mysql/mysql.server | 6 ++-- src/mysql/start_mysql | 21 +++++-------- src/mysql/utilities/mysql-utilities | 33 +++++++++++++++++++++ src/nextcloud/config/autoconfig.php | 2 +- src/nextcloud/config/config.php | 2 +- src/nextcloud/scripts/nextcloud-cron | 2 +- src/nextcloud/scripts/occ | 11 ++++++- src/nextcloud/scripts/setup_nextcloud | 17 +++++------ src/nextcloud/utilities/nextcloud-utilities | 3 ++ src/php/config/php-fpm.conf | 2 +- src/php/config/php-fpm.d/www.conf | 2 +- src/php/scripts/start-php-fpm | 17 ++++++----- src/php/utilities/php-utilities | 33 +++++++++++++++++++++ src/redis/config/redis.conf | 4 +-- src/redis/scripts/start-redis-server | 4 ++- src/redis/utilities/redis-utilities | 33 +++++++++++++++++++++ 21 files changed, 186 insertions(+), 64 deletions(-) create mode 100755 src/apache/utilities/apache-utilities create mode 100755 src/mysql/utilities/mysql-utilities create mode 100644 src/nextcloud/utilities/nextcloud-utilities create mode 100755 src/php/utilities/php-utilities create mode 100755 src/redis/utilities/redis-utilities diff --git a/snapcraft.yaml b/snapcraft.yaml index 923c187..3563a17 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -122,6 +122,7 @@ parts: files: src/apache/scripts/*: bin/ src/apache/conf/*: conf/ + src/apache/utilities/*: utilities/ nextcloud: plugin: dump @@ -191,6 +192,7 @@ parts: files: src/redis/config/*: config/redis/ src/redis/scripts/*: bin/ + src/redis/utilities/*: utilities/ # Copy over our PHP configuration file. php-customizations: @@ -198,6 +200,7 @@ parts: files: src/php/config/*: config/php/ src/php/scripts/*: bin/ + src/php/utilities/*: utilities/ stage-packages: [mawk] # Copy over our Nextcloud configuration files @@ -206,6 +209,7 @@ parts: files: src/nextcloud/config/*: htdocs/config/ src/nextcloud/scripts/*: bin/ + src/nextcloud/utilities/*: utilities/ # Download the boost headers for MySQL. Note that the version used may need to # be updated if the version of MySQL changes. @@ -283,6 +287,7 @@ parts: src/mysql/start_mysql: bin/ src/mysql/my.cnf: my.cnf src/mysql/mysql.server: support-files/ + src/mysql/utilities/*: utilities/ mdns-publisher: plugin: go diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index 49aba8d..1077e27 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -33,7 +33,7 @@ Mutex pthread # # PidFile: Allows you to place the pidfile in a specific location. -PidFile "${SNAP_DATA}/apache/httpd.pid" +PidFile "${APACHE_PIDFILE}" # # Dynamic Shared Object (DSO) Support @@ -155,7 +155,7 @@ Alias "/.well-known/acme-challenge" "${SNAP_DATA}/certs/certbot/.well-known/acme # Setup the proxy to PHP-FPM ProxyTimeout 3600 - SetHandler "proxy:unix:${SNAP_DATA}/php/php-fpm.sock|fcgi://localhost/" + SetHandler "proxy:unix:${PHP_FPM_SOCKET}|fcgi://localhost/" diff --git a/src/apache/scripts/httpd-wrapper b/src/apache/scripts/httpd-wrapper index 2592da0..1e57e0d 100755 --- a/src/apache/scripts/httpd-wrapper +++ b/src/apache/scripts/httpd-wrapper @@ -1,6 +1,8 @@ #!/bin/sh . $SNAP/utilities/https-utilities +. $SNAP/utilities/apache-utilities +. $SNAP/utilities/php-utilities params="" if certificates_are_active; then diff --git a/src/apache/utilities/apache-utilities b/src/apache/utilities/apache-utilities new file mode 100755 index 0000000..3909412 --- /dev/null +++ b/src/apache/utilities/apache-utilities @@ -0,0 +1,24 @@ +#!/bin/sh + +export APACHE_PIDFILE="/tmp/pids/httpd.pid" + +mkdir -p -m 750 "$(dirname $APACHE_PIDFILE)" + +restart_apache_if_running() +{ + if [ -f "$APACHE_PIDFILE" ]; then + # Restart apache by stopping it and letting systemd start it again. + apache_pid=$(cat "$APACHE_PIDFILE") + echo -n "Restarting apache... " + output=$(httpd-wrapper -k stop 2>&1) + if [ $? -eq 0 ]; then + while kill -0 $apache_pid 2>/dev/null; do + sleep 1 + done + echo "done" + else + echo "error" + echo "$output" + fi + fi +} diff --git a/src/https/utilities/https-utilities b/src/https/utilities/https-utilities index b32c5ce..2cc62c1 100755 --- a/src/https/utilities/https-utilities +++ b/src/https/utilities/https-utilities @@ -1,5 +1,7 @@ #!/bin/sh +. $SNAP/utilities/apache-utilities + SNAP_CURRENT=$(dirname $SNAP_DATA)/current LIVE_CERTS_DIRECTORY=$SNAP_CURRENT/certs/live @@ -21,8 +23,6 @@ CUSTOM_ENABLE_HSTS=$CUSTOM_DIRECTORY/hsts CERTBOT_DIRECTORY=$SNAP_CURRENT/certs/certbot CERTBOT_LIVE_DIRECTORY=$CERTBOT_DIRECTORY/config/live -APACHE_PIDFILE=$SNAP_DATA/apache/httpd.pid - # If this function is run multiple times it will replace the certificate # and key if they're already present. generate_self_signed_certificate() @@ -133,23 +133,4 @@ run_certbot() certbot --text --config-dir $CERTBOT_DIRECTORY/config \ --work-dir $CERTBOT_DIRECTORY/work \ --logs-dir $CERTBOT_DIRECTORY/logs $@ -} - -restart_apache_if_running() -{ - if [ -f "$APACHE_PIDFILE" ]; then - # Restart apache by stopping it and letting systemd start it again. - apache_pid=$(cat "$APACHE_PIDFILE") - echo -n "Restarting apache... " - output=$(httpd-wrapper -k stop 2>&1) - if [ $? -eq 0 ]; then - while kill -0 $apache_pid 2>/dev/null; do - sleep 1 - done - echo "done" - else - echo "error" - echo "$output" - fi - fi } diff --git a/src/mysql/mysql.server b/src/mysql/mysql.server index d2ddae1..a81f680 100755 --- a/src/mysql/mysql.server +++ b/src/mysql/mysql.server @@ -43,6 +43,8 @@ # If you change base dir, you must also change datadir. These may get # overwritten by settings in the MySQL configuration files. +. $SNAP/utilities/mysql-utilities + basedir=$SNAP datadir=$SNAP_DATA/mysql @@ -60,7 +62,7 @@ lock_file_path="$lockdir/mysql" # The following variables are only set for letting mysql.server find things. # Set some defaults -mysqld_pid_file_path= +mysqld_pid_file_path="$MYSQL_PIDFILE" if test -z "$basedir" then basedir=/ @@ -280,7 +282,7 @@ case "$mode" in then # Give extra arguments to mysqld with the my.cnf file. This script # may be overwritten at next upgrade. - $bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --lc-messages-dir="$SNAP/share" --socket="$SNAP_DATA/mysql/mysql.sock" $other_args >/dev/null 2>&1 & + $bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --lc-messages-dir="$SNAP/share" --socket="$MYSQL_SOCKET" $other_args >/dev/null 2>&1 & wait_for_pid created "$!" "$mysqld_pid_file_path"; return_value=$? # Make lock for RedHat / SuSE diff --git a/src/mysql/start_mysql b/src/mysql/start_mysql index 1b7ea13..7b7d2b8 100755 --- a/src/mysql/start_mysql +++ b/src/mysql/start_mysql @@ -1,9 +1,9 @@ #!/bin/sh +. $SNAP/utilities/mysql-utilities + root_option_file="$SNAP_DATA/mysql/root.ini" nextcloud_password_file="$SNAP_DATA/mysql/nextcloud_password" -mysqld_pid_file_path=$SNAP_DATA/mysql/`hostname`.pid -mysql_socket_file_path="/var/snap/$SNAP_NAME/current/mysql/mysql.sock" new_install=false # Make sure the database is initialized (this is safe to run if already @@ -32,7 +32,7 @@ if [ $new_install = true ]; then # Save root user information echo "[client]" >> $root_option_file - echo "socket=$mysql_socket_file_path" >> $root_option_file + echo "socket=$MYSQL_SOCKET" >> $root_option_file echo "user=root" >> $root_option_file chmod 600 $root_option_file @@ -61,10 +61,7 @@ SQL fi # Wait here until mysql is running -echo "Waiting for server..." -while [ ! -f "$mysqld_pid_file_path" -o ! -S "$mysql_socket_file_path" ]; do - sleep 1 -done +wait_for_mysql # Check and upgrade mysql tables if necessary. This will return 0 if the upgrade # succeeded, in which case we need to restart mysql. @@ -74,10 +71,8 @@ if [ $? -eq 0 ]; then echo "Restarting mysql server after upgrade..." $SNAP/support-files/mysql.server restart - echo "Waiting for server to come back after upgrade..." - while [ ! -f "$mysqld_pid_file_path" -o ! -S "$mysql_socket_file_path" ]; do - sleep 1 - done + # Wait for server to come back after upgrade + wait_for_mysql fi # If this was a new installation, wait until the server is all up and running @@ -89,7 +84,7 @@ fi # Wait here until mysql exits (turn a forking service into simple). This is # only needed for Ubuntu Core 15.04, as 16.04 supports forking services. -mysqld_pid=$(cat "$mysqld_pid_file_path") -while kill -0 $mysqld_pid 2>/dev/null; do +pid=$(mysql_pid) +while kill -0 "$pid" 2>/dev/null; do sleep 1 done diff --git a/src/mysql/utilities/mysql-utilities b/src/mysql/utilities/mysql-utilities new file mode 100755 index 0000000..2a463fa --- /dev/null +++ b/src/mysql/utilities/mysql-utilities @@ -0,0 +1,33 @@ +#!/bin/sh + +export MYSQL_PIDFILE="/tmp/pids/mysql.pid" +export MYSQL_SOCKET="/tmp/sockets/mysql.sock" + +mkdir -p -m 750 "$(dirname $MYSQL_PIDFILE)" +mkdir -p -m 750 "$(dirname $MYSQL_SOCKET)" + +mysql_is_running() +{ + [ -f "$MYSQL_PIDFILE" -a -S "$MYSQL_SOCKET" ] +} + +wait_for_mysql() +{ + if ! mysql_is_running; then + echo -n "Waiting for MySQL... " + while ! mysql_is_running; do + sleep 1 + done + echo "done" + fi +} + +mysql_pid() +{ + if mysql_is_running; then + cat "$MYSQL_PIDFILE" + else + echo "Unable to get MySQL PID as it's not yet running" >&2 + echo "" + fi +} diff --git a/src/nextcloud/config/autoconfig.php b/src/nextcloud/config/autoconfig.php index 370160f..92483cb 100644 --- a/src/nextcloud/config/autoconfig.php +++ b/src/nextcloud/config/autoconfig.php @@ -12,7 +12,7 @@ 'dbtype' => 'mysql', -'dbhost' => 'localhost:'.$data_path.'/mysql/mysql.sock', +'dbhost' => 'localhost:'.getenv('MYSQL_SOCKET'), 'dbname' => 'nextcloud', diff --git a/src/nextcloud/config/config.php b/src/nextcloud/config/config.php index 9924e4d..61847b5 100644 --- a/src/nextcloud/config/config.php +++ b/src/nextcloud/config/config.php @@ -47,7 +47,7 @@ 'memcache.locking' => '\OC\Memcache\Redis', 'memcache.local' => '\OC\Memcache\Redis', 'redis' => array( - 'host' => '/var/snap/'.$snap_name.'/current/redis/redis.sock', + 'host' => getenv('REDIS_SOCKET'), 'port' => 0, ), ); diff --git a/src/nextcloud/scripts/nextcloud-cron b/src/nextcloud/scripts/nextcloud-cron index 4ae7efe..603fd99 100755 --- a/src/nextcloud/scripts/nextcloud-cron +++ b/src/nextcloud/scripts/nextcloud-cron @@ -1,6 +1,6 @@ #!/bin/sh -export NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config +. $SNAP/utilities/nextcloud-utilities echo -n "Waiting for Nextcloud config dir... " while [ ! -d "$NEXTCLOUD_CONFIG_DIR" ]; do diff --git a/src/nextcloud/scripts/occ b/src/nextcloud/scripts/occ index 78f4248..f8bfe98 100755 --- a/src/nextcloud/scripts/occ +++ b/src/nextcloud/scripts/occ @@ -1,5 +1,14 @@ #!/bin/sh -export NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config +. $SNAP/utilities/php-utilities +. $SNAP/utilities/nextcloud-utilities + +if [ $(id -u) -ne 0 ]; then + echo "This utility needs to run as root" + exit 1 +fi + +# occ can't do much before PHP FPM is up and running +wait_for_php php -c $SNAP/config/php $SNAP/htdocs/occ $* diff --git a/src/nextcloud/scripts/setup_nextcloud b/src/nextcloud/scripts/setup_nextcloud index eea1303..3681749 100755 --- a/src/nextcloud/scripts/setup_nextcloud +++ b/src/nextcloud/scripts/setup_nextcloud @@ -1,5 +1,9 @@ #!/bin/sh +. $SNAP/utilities/php-utilities +. $SNAP/utilities/nextcloud-utilities +. $SNAP/utilities/redis-utilities + # Make sure nextcloud directory exists mkdir -p -m 750 $SNAP_COMMON/nextcloud @@ -9,16 +13,11 @@ mkdir -p -m 750 $SNAP_COMMON/nextcloud/tmp # Make sure nextcloud extra-apps directory exists (for user apps) mkdir -p -m 750 $SNAP_DATA/nextcloud/extra-apps -# Wait for PHP FPM to be up and running before continuing, since we need to make -# sure we can use occ below. -php_pid_file_path=$SNAP_DATA/php/php-fpm.pid -echo "Waiting for PHP..." -while [ ! -f "$php_pid_file_path" ]; do - sleep 1 -done +# We need both PHP and redis up and running before we can use occ +wait_for_php +wait_for_redis # If this is a new install, make sure it's configured correctly -NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config if [ ! -d "$NEXTCLOUD_CONFIG_DIR" ]; then echo "Configuring nextcloud..." cp -r $SNAP/htdocs/config $NEXTCLOUD_CONFIG_DIR @@ -26,7 +25,7 @@ else # This is not a new installation, so we don't want to overwrite the config. # We do, however, want to make sure we incorporate the new capabilities of # this snap version, namely, using Redis for the memcache and file locking. - occ config:system:set redis host --value="/var/snap/$SNAP_NAME/current/redis/redis.sock" --type=string + occ config:system:set redis host --value="$REDIS_SOCKET" --type=string occ config:system:set redis port --value=0 --type=integer occ config:system:set memcache.locking --value="\OC\Memcache\Redis" --type=string occ config:system:set memcache.local --value="\OC\Memcache\Redis" --type=string diff --git a/src/nextcloud/utilities/nextcloud-utilities b/src/nextcloud/utilities/nextcloud-utilities new file mode 100644 index 0000000..202ffc2 --- /dev/null +++ b/src/nextcloud/utilities/nextcloud-utilities @@ -0,0 +1,3 @@ +#!/bin/sh + +export NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config diff --git a/src/php/config/php-fpm.conf b/src/php/config/php-fpm.conf index 0ea4799..465c35c 100644 --- a/src/php/config/php-fpm.conf +++ b/src/php/config/php-fpm.conf @@ -14,7 +14,7 @@ ; Pid file ; Note: the default prefix is /home/ubuntu/src/nextcloud-snap/parts/php/install/var ; Default Value: none -pid = ${SNAP_DATA}/php/php-fpm.pid +pid = ${PHP_FPM_PIDFILE} ; Error log file ; If it's set to "syslog", log is sent to syslogd instead of being written diff --git a/src/php/config/php-fpm.d/www.conf b/src/php/config/php-fpm.d/www.conf index 060c554..9f357e0 100644 --- a/src/php/config/php-fpm.d/www.conf +++ b/src/php/config/php-fpm.d/www.conf @@ -33,7 +33,7 @@ group = root ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = ${SNAP_DATA}/php/php-fpm.sock +listen = ${PHP_FPM_SOCKET} ; Set listen(2) backlog. ; Default Value: 511 (-1 on FreeBSD and OpenBSD) diff --git a/src/php/scripts/start-php-fpm b/src/php/scripts/start-php-fpm index 31366bb..eccfc15 100755 --- a/src/php/scripts/start-php-fpm +++ b/src/php/scripts/start-php-fpm @@ -1,17 +1,16 @@ #!/bin/sh +. $SNAP/utilities/mysql-utilities +. $SNAP/utilities/php-utilities +. $SNAP/utilities/redis-utilities + mkdir -p -m 750 ${SNAP_DATA}/php -mysqld_pid_file_path=$SNAP_DATA/mysql/`hostname`.pid -# Wait for mysql to be up and running, since we need to make sure -# we run the upgrade process. -echo "Waiting for mysql..." -while [ ! -f "$mysqld_pid_file_path" ]; do - sleep 1 -done +# We need to make sure mysql is running so we can run the migration process +wait_for_mysql # Wait until we have an nextcloud mysql password -echo "Obtaining nextcloud mysql credentials..." +echo -n "Obtaining nextcloud mysql credentials... " nextcloud_password_path=$SNAP_DATA/mysql/nextcloud_password timeout=10 while [ $timeout -gt 0 -a ! -e $nextcloud_password_path ]; do @@ -19,11 +18,13 @@ while [ $timeout -gt 0 -a ! -e $nextcloud_password_path ]; do sleep 1 done if [ ! -e $nextcloud_password_path ]; then + echo "" echo -n "Timed out while attempting to obtain nextcloud mysql password. " echo -n "This isn't unusual when starting up for the first time after " echo "an install or an upgrade. Will try again." exit 1 fi +echo "done" # Tends to be between 30-50MB average_php_memory_requirement=50 diff --git a/src/php/utilities/php-utilities b/src/php/utilities/php-utilities new file mode 100755 index 0000000..bf1ef31 --- /dev/null +++ b/src/php/utilities/php-utilities @@ -0,0 +1,33 @@ +#!/bin/sh + +export PHP_FPM_PIDFILE="/tmp/pids/php-fpm.pid" +export PHP_FPM_SOCKET="/tmp/sockets/php-fpm.sock" + +mkdir -p -m 750 "$(dirname $PHP_FPM_PIDFILE)" +mkdir -p -m 750 "$(dirname $PHP_FPM_SOCKET)" + +php_is_running() +{ + [ -f "$PHP_FPM_PIDFILE" -a -S "$PHP_FPM_SOCKET" ] +} + +wait_for_php() +{ + if ! php_is_running; then + echo -n "Waiting for PHP... " + while ! php_is_running; do + sleep 1 + done + echo "done" + fi +} + +php_pid() +{ + if php_is_running; then + cat "$PHP_FPM_PIDFILE" + else + echo "Unable to get PHP PID as it's not yet running" >&2 + echo "" + fi +} diff --git a/src/redis/config/redis.conf b/src/redis/config/redis.conf index 78d5d14..ddeddc6 100644 --- a/src/redis/config/redis.conf +++ b/src/redis/config/redis.conf @@ -98,7 +98,7 @@ tcp-backlog 511 # incoming connections. There is no default, so Redis will not listen # on a unix socket when not specified. # -unixsocket ${SNAP_DATA}/redis/redis.sock +unixsocket ${REDIS_SOCKET} # unixsocketperm 700 # Close the connection after a client is idle for N seconds (0 to disable) @@ -147,7 +147,7 @@ supervised no # # Creating a pid file is best effort: if Redis is not able to create it # nothing bad happens, the server will start and run normally. -pidfile ${SNAP_DATA}/redis/redis.pid +pidfile ${REDIS_PIDFILE} # Specify the server verbosity level. # This can be one of: diff --git a/src/redis/scripts/start-redis-server b/src/redis/scripts/start-redis-server index 87f4835..c779847 100755 --- a/src/redis/scripts/start-redis-server +++ b/src/redis/scripts/start-redis-server @@ -1,8 +1,10 @@ #!/bin/sh +. $SNAP/utilities/redis-utilities + mkdir -p -m 750 ${SNAP_DATA}/redis # redis doesn't support environment variables in its config files. Thankfully # it supports reading the config file from stdin though, so we'll rewrite the # config file on the fly and pipe it in. -sed -e "s|\${SNAP_DATA}|$SNAP_DATA|" $SNAP/config/redis/redis.conf | redis-server - +sed -e "s|\${SNAP_DATA}|$SNAP_DATA|;s|\${REDIS_PIDFILE}|$REDIS_PIDFILE|;s|\${REDIS_SOCKET}|$REDIS_SOCKET|" $SNAP/config/redis/redis.conf | redis-server - diff --git a/src/redis/utilities/redis-utilities b/src/redis/utilities/redis-utilities new file mode 100755 index 0000000..4590cdf --- /dev/null +++ b/src/redis/utilities/redis-utilities @@ -0,0 +1,33 @@ +#!/bin/sh + +export REDIS_PIDFILE="/tmp/pids/redis.pid" +export REDIS_SOCKET="/tmp/sockets/redis.sock" + +mkdir -p -m 750 "$(dirname $REDIS_PIDFILE)" +mkdir -p -m 750 "$(dirname $REDIS_SOCKET)" + +redis_is_running() +{ + [ -f "$REDIS_PIDFILE" -a -S "$REDIS_SOCKET" ] +} + +wait_for_redis() +{ + if ! redis_is_running; then + echo -n "Waiting for redis... " + while ! redis_is_running; do + sleep 1 + done + echo "done" + fi +} + +redis_pid() +{ + if redis_is_running; then + cat "$REDIS_PIDFILE" + else + echo "Unable to get redis PID as it's not yet running" >&2 + echo "" + fi +} From 35ea61f3139cefc2ec7821735c082500bdcf3024 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 3 Mar 2017 10:32:31 -0800 Subject: [PATCH 067/416] Begin using snapcraft's snap/ directory. Resolves #203. Signed-off-by: Kyle Fazzari --- {setup => snap}/gui/icon.svg | 0 {parts => snap}/plugins/x-apache.py | 0 {parts => snap}/plugins/x-php.py | 0 {parts => snap}/plugins/x-redis.py | 0 snapcraft.yaml => snap/snapcraft.yaml | 2 ++ 5 files changed, 2 insertions(+) rename {setup => snap}/gui/icon.svg (100%) rename {parts => snap}/plugins/x-apache.py (100%) rename {parts => snap}/plugins/x-php.py (100%) rename {parts => snap}/plugins/x-redis.py (100%) rename snapcraft.yaml => snap/snapcraft.yaml (99%) diff --git a/setup/gui/icon.svg b/snap/gui/icon.svg similarity index 100% rename from setup/gui/icon.svg rename to snap/gui/icon.svg diff --git a/parts/plugins/x-apache.py b/snap/plugins/x-apache.py similarity index 100% rename from parts/plugins/x-apache.py rename to snap/plugins/x-apache.py diff --git a/parts/plugins/x-php.py b/snap/plugins/x-php.py similarity index 100% rename from parts/plugins/x-php.py rename to snap/plugins/x-php.py diff --git a/parts/plugins/x-redis.py b/snap/plugins/x-redis.py similarity index 100% rename from parts/plugins/x-redis.py rename to snap/plugins/x-redis.py diff --git a/snapcraft.yaml b/snap/snapcraft.yaml similarity index 99% rename from snapcraft.yaml rename to snap/snapcraft.yaml index 3563a17..3b714d6 100644 --- a/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -4,6 +4,8 @@ summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and more at home and in your enterprise. + +grade: stable confinement: strict apps: From 5aecabb2568c74d6bc830a27bded6c569a853f72 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 3 Mar 2017 12:35:57 -0800 Subject: [PATCH 068/416] Add new command for manually installing. This allows for the admin user to be created from the CLI instead of requiring one to use their browser. Resolve #208 Signed-off-by: Kyle Fazzari --- README.md | 4 ++ snap/snapcraft.yaml | 5 ++ src/mysql/start_mysql | 3 +- src/mysql/utilities/mysql-utilities | 17 ++++++ src/nextcloud/config/autoconfig.php | 3 +- src/nextcloud/scripts/manual-install | 64 +++++++++++++++++++++ src/nextcloud/scripts/occ | 3 + src/nextcloud/utilities/nextcloud-utilities | 17 ++++++ src/php/scripts/start-php-fpm | 1 + 9 files changed, 113 insertions(+), 4 deletions(-) create mode 100755 src/nextcloud/scripts/manual-install diff --git a/README.md b/README.md index 7b63c10..7adaa5a 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,10 @@ There are a few CLI utilities included: - `nextcloud.disable-https`: - Disable HTTPS (does not remove certificates). Note that it requires `sudo`. +- `nextcloud.manual-install`: + - Manually install Nextcloud instead of visiting it in your browser. This + allows you to create the admin user via the CLI. Note that it requires + `sudo`. ## Where is my stuff? diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3b714d6..a4b44b8 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -80,6 +80,11 @@ apps: restart-condition: always plugs: [network, network-bind, removable-media] + # Command for manually installing instead of visiting site to create admin. + manual-install: + command: manual-install + plugs: [network, network-bind, removable-media] + parts: apache: plugin: apache diff --git a/src/mysql/start_mysql b/src/mysql/start_mysql index 7b7d2b8..3c41dc9 100755 --- a/src/mysql/start_mysql +++ b/src/mysql/start_mysql @@ -3,7 +3,6 @@ . $SNAP/utilities/mysql-utilities root_option_file="$SNAP_DATA/mysql/root.ini" -nextcloud_password_file="$SNAP_DATA/mysql/nextcloud_password" new_install=false # Make sure the database is initialized (this is safe to run if already @@ -79,7 +78,7 @@ fi # before saving off the nextcloud user's password. This way the presence of the # file can be used as a signal that mysql is ready to be used. if [ $new_install = true ]; then - echo "$nextcloud_password" > $nextcloud_password_file + mysql_set_nextcloud_password "$nextcloud_password" fi # Wait here until mysql exits (turn a forking service into simple). This is diff --git a/src/mysql/utilities/mysql-utilities b/src/mysql/utilities/mysql-utilities index 2a463fa..eb38ded 100755 --- a/src/mysql/utilities/mysql-utilities +++ b/src/mysql/utilities/mysql-utilities @@ -2,6 +2,7 @@ export MYSQL_PIDFILE="/tmp/pids/mysql.pid" export MYSQL_SOCKET="/tmp/sockets/mysql.sock" +export NEXTCLOUD_PASSWORD_FILE="$SNAP_DATA/mysql/nextcloud_password" mkdir -p -m 750 "$(dirname $MYSQL_PIDFILE)" mkdir -p -m 750 "$(dirname $MYSQL_SOCKET)" @@ -31,3 +32,19 @@ mysql_pid() echo "" fi } + +mysql_set_nextcloud_password() +{ + echo "$1" > "$NEXTCLOUD_PASSWORD_FILE" + chmod 600 "$NEXTCLOUD_PASSWORD_FILE" +} + +mysql_get_nextcloud_password() +{ + if [ -f "$NEXTCLOUD_PASSWORD_FILE" ]; then + cat "$NEXTCLOUD_PASSWORD_FILE" + else + echo "MySQL Nextcloud password has not yet been generated" >&2 + echo "" + fi +} diff --git a/src/nextcloud/config/autoconfig.php b/src/nextcloud/config/autoconfig.php index 92483cb..6422d3c 100644 --- a/src/nextcloud/config/autoconfig.php +++ b/src/nextcloud/config/autoconfig.php @@ -3,12 +3,11 @@ $snap_name = getenv('SNAP_NAME'); $data_path = '/var/snap/'.$snap_name.'/current'; -$common_data_path = '/var/snap/'.$snap_name.'/common'; $database_password = trim(file_get_contents($data_path . '/mysql/nextcloud_password')); $AUTOCONFIG = array( -'directory' => $common_data_path.'/nextcloud/data', +'directory' => getenv('NEXTCLOUD_DATA_DIR'), 'dbtype' => 'mysql', diff --git a/src/nextcloud/scripts/manual-install b/src/nextcloud/scripts/manual-install new file mode 100755 index 0000000..b604b70 --- /dev/null +++ b/src/nextcloud/scripts/manual-install @@ -0,0 +1,64 @@ +#!/bin/sh + +. $SNAP/utilities/php-utilities +. $SNAP/utilities/mysql-utilities +. $SNAP/utilities/nextcloud-utilities + +COMMAND="nextcloud.manual-install" + +print_usage() +{ + echo "Usage:" + echo " $COMMAND -h" + echo " Display this help message." + echo "" + echo " $COMMAND " + echo " Install Nextcloud, creating the admin user with the provided" + echo " credentials." +} + +while getopts ":h" opt; do + case $opt in + h) + print_usage + exit 0 + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + esac +done +shift $((OPTIND-1)) + +if [ $# != 2 ]; then + echo "Expected two parameters. Run '$COMMAND -h' for help." >&2 + exit 1 +fi + +if [ $(id -u) -ne 0 ]; then + echo "This utility needs to run as root" + exit 1 +fi + +username=$1 +password=$2 + +# We can't do anything until PHP and MySQL are up and running +wait_for_php +wait_for_mysql + +# Now we can use 'occ maintenance:install' + +mysql_nextcloud_password="$(mysql_get_nextcloud_password)" +if [ -n "$mysql_nextcloud_password" ]; then + occ maintenance:install \ + --database="mysql" \ + --database-name="nextcloud" \ + --database-user="nextcloud" \ + --database-host="localhost:$MYSQL_SOCKET" \ + --database-pass="$mysql_nextcloud_password" \ + --data-dir="$NEXTCLOUD_DATA_DIR" \ + --admin-user="$username" \ + --admin-pass="$password" +fi diff --git a/src/nextcloud/scripts/occ b/src/nextcloud/scripts/occ index f8bfe98..13c1326 100755 --- a/src/nextcloud/scripts/occ +++ b/src/nextcloud/scripts/occ @@ -1,6 +1,8 @@ #!/bin/sh +. $SNAP/utilities/mysql-utilities . $SNAP/utilities/php-utilities +. $SNAP/utilities/redis-utilities . $SNAP/utilities/nextcloud-utilities if [ $(id -u) -ne 0 ]; then @@ -10,5 +12,6 @@ fi # occ can't do much before PHP FPM is up and running wait_for_php +wait_for_nextcloud_to_be_configured php -c $SNAP/config/php $SNAP/htdocs/occ $* diff --git a/src/nextcloud/utilities/nextcloud-utilities b/src/nextcloud/utilities/nextcloud-utilities index 202ffc2..fad798c 100644 --- a/src/nextcloud/utilities/nextcloud-utilities +++ b/src/nextcloud/utilities/nextcloud-utilities @@ -1,3 +1,20 @@ #!/bin/sh export NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config +export NEXTCLOUD_DATA_DIR=$SNAP_COMMON/nextcloud/data + +nextcloud_is_configured() +{ + [ -d "$NEXTCLOUD_CONFIG_DIR" ] +} + +wait_for_nextcloud_to_be_configured() +{ + if ! nextcloud_is_configured; then + echo -n "Waiting for Nextcloud to be configured... " + while ! nextcloud_is_configured; do + sleep 1 + done + echo "done" + fi +} diff --git a/src/php/scripts/start-php-fpm b/src/php/scripts/start-php-fpm index eccfc15..4e8073c 100755 --- a/src/php/scripts/start-php-fpm +++ b/src/php/scripts/start-php-fpm @@ -3,6 +3,7 @@ . $SNAP/utilities/mysql-utilities . $SNAP/utilities/php-utilities . $SNAP/utilities/redis-utilities +. $SNAP/utilities/nextcloud-utilities mkdir -p -m 750 ${SNAP_DATA}/php From ab6bece9beed1528937f68fe7b8109875bee2980 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 6 Mar 2017 08:45:33 -0800 Subject: [PATCH 069/416] nextcloud: update to 11.0.2. Resolve #211. Signed-off-by: Kyle Fazzari --- README.md | 4 ++-- snap/snapcraft.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7adaa5a..fdb093d 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 11.0.1 +- Nextcloud 11.0.2 - Apache 2.4 - PHP 7 - MySQL 5.7 @@ -41,7 +41,7 @@ not automatically connected upon install, so if you'd like to use external storage (or otherwise use a device in `/media` for data), you need to give the snap permission to access removable media by connecting that interface: - $ sudo snap connect nextcloud:removable-media ubuntu-core:removable-media + $ sudo snap connect nextcloud:removable-media ### Included CLI utilities diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index a4b44b8..68038f9 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -133,7 +133,7 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.1.tar.bz2 + source: https://download.nextcloud.com/server/releases/nextcloud-11.0.2.tar.bz2 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 21823b67ae5f0ea49cfc78527b38763b6671bbff Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 8 Mar 2017 14:51:34 -0800 Subject: [PATCH 070/416] nextcloud: migrate old config to new use sockets. Finish off the fix to #151. Signed-off-by: Kyle Fazzari --- src/nextcloud/scripts/setup_nextcloud | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/nextcloud/scripts/setup_nextcloud b/src/nextcloud/scripts/setup_nextcloud index 3681749..f7bcde5 100755 --- a/src/nextcloud/scripts/setup_nextcloud +++ b/src/nextcloud/scripts/setup_nextcloud @@ -1,6 +1,7 @@ #!/bin/sh . $SNAP/utilities/php-utilities +. $SNAP/utilities/mysql-utilities . $SNAP/utilities/nextcloud-utilities . $SNAP/utilities/redis-utilities @@ -23,8 +24,12 @@ if [ ! -d "$NEXTCLOUD_CONFIG_DIR" ]; then cp -r $SNAP/htdocs/config $NEXTCLOUD_CONFIG_DIR else # This is not a new installation, so we don't want to overwrite the config. - # We do, however, want to make sure we incorporate the new capabilities of - # this snap version, namely, using Redis for the memcache and file locking. + # However, we recently changed the location of sockets in the snap, so we + # need to make sure the config is using the new location. + sed -ri "s|('host'\s*=>\s*)'/var/snap/nextcloud/.*redis.sock'|\1'$REDIS_SOCKET'|" $NEXTCLOUD_CONFIG_DIR/config.php + sed -ri "s|('dbhost'\s*=>\s*)'localhost:/var/snap/nextcloud/.*mysql.sock'|\1'localhost:$MYSQL_SOCKET'|" $NEXTCLOUD_CONFIG_DIR/config.php + + # Also make sure we're using Redis for the memcache and file locking. occ config:system:set redis host --value="$REDIS_SOCKET" --type=string occ config:system:set redis port --value=0 --type=integer occ config:system:set memcache.locking --value="\OC\Memcache\Redis" --type=string From 99b69ce7adb0b74256b17889ec07054e4d602af9 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 8 Mar 2017 16:59:58 -0800 Subject: [PATCH 071/416] boost: pull from github instead of sourceforge. The latter is far too slow. Resolve #224. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 68038f9..2b6acd4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -222,7 +222,7 @@ parts: # be updated if the version of MySQL changes. boost: plugin: copy - source: http://sourceforge.net/projects/boost/files/boost/1.59.0/boost_1_59_0.tar.gz + source: https://github.com/kyrofa/boost_tarball/raw/master/boost_1_59_0.tar.gz files: '*': boost/ prime: From 53dda4fcec83d6fb71615e2119041b9abf56b73f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 8 Mar 2017 18:42:08 -0800 Subject: [PATCH 072/416] Update version to 11.0.2snap1. Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 8 ++++++++ snap/snapcraft.yaml | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 9b7f7ee..470ffd9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,11 @@ +v 11.0.2snap2 + - boost: pull from github instead of sourceforge. + - nextcloud: migrate old config to use new sockets. + - nextcloud: update to 11.0.2. + - Add new command for manually installing. + - Begin using snapcraft's snap/ directory. + - many: place all pidfiles and sockets in /tmp. + v 11.0.1snap3 - https: support custom certificates. diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 2b6acd4..e6a96ff 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.1snap3 +version: 11.0.2snap1 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 2f994fc9e5a0bedb27828d479acbbbcd75e5ee84 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 10 Mar 2017 11:32:53 -0800 Subject: [PATCH 073/416] mysql: fix socket location in root.ini. In v11.0.2snap1, the location of the sockets in the snap changed to be in /tmp. However, it neglected to migrate the socket path specified in MySQL's root.ini, which is used by the MySQL client. Fix that path. Fix #228. Signed-off-by: Kyle Fazzari --- src/mysql/start_mysql | 5 +++++ src/nextcloud/scripts/setup_nextcloud | 8 ++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/mysql/start_mysql b/src/mysql/start_mysql index 3c41dc9..3767b98 100755 --- a/src/mysql/start_mysql +++ b/src/mysql/start_mysql @@ -57,6 +57,11 @@ SQL # Now the root mysql user has a password. Save that as well. echo "password=$root_password" >> $root_option_file +else + # Okay, this isn't a new installation. However, we recently changed + # the location of MySQL's socket (11.0.2snap1). Make sure the root + # option file is updated to look there instead of the old location. + sed -ri "s|(socket\s*=\s*)/var/snap/.*mysql.sock|\1$MYSQL_SOCKET|" $root_option_file fi # Wait here until mysql is running diff --git a/src/nextcloud/scripts/setup_nextcloud b/src/nextcloud/scripts/setup_nextcloud index f7bcde5..538d0ca 100755 --- a/src/nextcloud/scripts/setup_nextcloud +++ b/src/nextcloud/scripts/setup_nextcloud @@ -26,8 +26,12 @@ else # This is not a new installation, so we don't want to overwrite the config. # However, we recently changed the location of sockets in the snap, so we # need to make sure the config is using the new location. - sed -ri "s|('host'\s*=>\s*)'/var/snap/nextcloud/.*redis.sock'|\1'$REDIS_SOCKET'|" $NEXTCLOUD_CONFIG_DIR/config.php - sed -ri "s|('dbhost'\s*=>\s*)'localhost:/var/snap/nextcloud/.*mysql.sock'|\1'localhost:$MYSQL_SOCKET'|" $NEXTCLOUD_CONFIG_DIR/config.php + sed -ri "s|('host'\s*=>\s*)'/var/snap/.*redis.sock'|\1'$REDIS_SOCKET'|" $NEXTCLOUD_CONFIG_DIR/config.php + sed -ri "s|('dbhost'\s*=>\s*)'localhost:/var/snap/.*mysql.sock'|\1'localhost:$MYSQL_SOCKET'|" $NEXTCLOUD_CONFIG_DIR/config.php + + # We'll also always copy over the autoconfig.php, since it's only used + # upon installation. Just in case they haven't done that yet. + cp -r $SNAP/htdocs/config/autoconfig.php $NEXTCLOUD_CONFIG_DIR/ # Also make sure we're using Redis for the memcache and file locking. occ config:system:set redis host --value="$REDIS_SOCKET" --type=string From dcb1855a21df0cbc62dfff1fd2c7260094762f39 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 10 Mar 2017 13:41:20 -0800 Subject: [PATCH 074/416] Update version to 11.0.2snap2. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ snap/snapcraft.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 470ffd9..af4f8df 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,7 @@ v 11.0.2snap2 + - mysql: fix socket location in root.ini. + +v 11.0.2snap1 - boost: pull from github instead of sourceforge. - nextcloud: migrate old config to use new sockets. - nextcloud: update to 11.0.2. diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index e6a96ff..7b7eff8 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.2snap1 +version: 11.0.2snap2 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From f1191ae5480230a0154fa9f13972e31b462dd25b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 31 Mar 2017 17:58:52 -0700 Subject: [PATCH 075/416] CI: make daily builds use snap/snapcraft.yaml Without this, daily builds are unable to modify the YAML and end up just being normal releases. Fix #239. Signed-off-by: Kyle Fazzari --- .travis/cron.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis/cron.sh b/.travis/cron.sh index 196f2c2..15719bd 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -5,8 +5,8 @@ latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable11.t rewrite_snapcraft_yaml() { - sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$1|" snapcraft.yaml - sed -ri "s|(^version:\s+).*$|\1$2|" snapcraft.yaml + sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$1|" snap/snapcraft.yaml + sed -ri "s|(^version:\s+).*$|\1$2|" snap/snapcraft.yaml } echo "Requesting build of latest master..." From 1e32117747899a953635d17c0cb78fe9e2a8d656 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 25 Apr 2017 07:56:38 -0700 Subject: [PATCH 076/416] php: upgrade to 7.0.18. Fix #241. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 7b7eff8..557fda3 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -146,7 +146,7 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.0.15.tar.bz2/from/this/mirror + source: http://us1.php.net/get/php-7.0.18.tar.bz2/from/this/mirror source-type: tar install-via: prefix configflags: From 9d5b876aef00039b06eee63395349b93d891d864 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 25 Apr 2017 09:53:34 -0700 Subject: [PATCH 077/416] Update version to 11.0.2snap3. Also update CHANGELOG and README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 7 ++----- snap/snapcraft.yaml | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index af4f8df..b67f64d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 11.0.2snap3 + - php: upgrade to 7.0.18 + - CI: make daily builds use snap/snapcraft.yaml + v 11.0.2snap2 - mysql: fix socket location in root.ini. diff --git a/README.md b/README.md index fdb093d..8d33794 100644 --- a/README.md +++ b/README.md @@ -30,11 +30,8 @@ Upon visiting the Nextcloud installation for the first time, you'll be prompted for an admin username and password. After you provide that information you'll be logged in and able to create users, install apps, and upload files. -Note that this snap includes a service that runs cron.php every 15 minutes, but -Nextcloud doesn't currently expose the cron admin setting to autoconfig, so -there's no way for the snap to change the setting from Ajax to Cron for you. -You must do that manually in the admin interface if you want to take advantage -of the performance improvements. +Note that this snap includes a service that runs cron.php every 15 minutes, +which will automatically change the cron admin setting to Cron for you. Also note that the interface providing the ability to access removable media is not automatically connected upon install, so if you'd like to use external diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 557fda3..8f5e3b0 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.2snap2 +version: 11.0.2snap3 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 733cebd78174f7ad2e230be5392c7d165fa32de4 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 26 Apr 2017 13:09:06 -0700 Subject: [PATCH 078/416] yaml: verify integrity of components. Use the digests provided by the upstreams. Resolve #247. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 8f5e3b0..80d99ac 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -89,6 +89,7 @@ parts: apache: plugin: apache source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.25.tar.bz2 + source-checksum: sha1/bd6d138c31c109297da2346c6e7b93b9283993d2 # The built-in Apache modules to enable modules: @@ -134,6 +135,7 @@ parts: nextcloud: plugin: dump source: https://download.nextcloud.com/server/releases/nextcloud-11.0.2.tar.bz2 + source-checksum: sha256/5d1ef19d8f1f340b46c05ba3741dcb043dfc84fc3b9e2cfce1409c71a89b8700 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess @@ -147,6 +149,7 @@ parts: php: plugin: php source: http://us1.php.net/get/php-7.0.18.tar.bz2/from/this/mirror + source-checksum: sha256/b20cc63d507032b39d8bb14cb64784e460b0e47997e90a8704b703bcbb233fd1 source-type: tar install-via: prefix configflags: @@ -193,6 +196,7 @@ parts: redis: plugin: redis source: http://download.redis.io/releases/redis-3.2.6.tar.gz + source-checksum: sha1/0c7bc5c751bdbc6fabed178db9cdbdd948915d1b redis-customizations: plugin: copy @@ -223,6 +227,7 @@ parts: boost: plugin: copy source: https://github.com/kyrofa/boost_tarball/raw/master/boost_1_59_0.tar.gz + source-checksum: sha1/5123209db194d66d69a9cfa5af8ff473d5941d97 files: '*': boost/ prime: From 923cd3c031e4859fd6d99eb6cedee56bd79b8bec Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 26 Apr 2017 13:33:01 -0700 Subject: [PATCH 079/416] nextcloud: upgrade to 11.0.3. Resolve #246. Signed-off-by: Kyle Fazzari --- README.md | 2 +- snap/snapcraft.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8d33794..87739d7 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 11.0.2 +- Nextcloud 11.0.3 - Apache 2.4 - PHP 7 - MySQL 5.7 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 80d99ac..880596a 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -134,8 +134,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.2.tar.bz2 - source-checksum: sha256/5d1ef19d8f1f340b46c05ba3741dcb043dfc84fc3b9e2cfce1409c71a89b8700 + source: https://download.nextcloud.com/server/releases/nextcloud-11.0.3.tar.bz2 + source-checksum: sha256/28d5ee39f31c6be20f037ad2eb300272ad9bb72a7d428eb0152c7a3fde87d545 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 59a48c1f3cea31cb718c894e51282945cafca219 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 27 Apr 2017 13:51:01 -0700 Subject: [PATCH 080/416] apache: disable HTTP methods TRACE and TRACK TRACE and TRACK are HTTP debugging methods, and it has been shown that they can be used for cross-site-scripting attacks. These methods are not necessary for a properly-functioning Nextcloud install, so disable them. Resolve #250. Signed-off-by: Kyle Fazzari --- src/apache/conf/httpd.conf | 8 ++++++++ src/apache/conf/ssl.conf | 9 +++++++++ 2 files changed, 17 insertions(+) diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index 1077e27..a61e143 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -180,6 +180,14 @@ LogLevel warn # TypesConfig conf/mime.types +# Disable HTTP TRACE method. +TraceEnable off + +# Disable HTTP TRACK method. +RewriteEngine On +RewriteCond %{REQUEST_METHOD} ^TRACK +RewriteRule .* - [R=405,L] + # Only enable SSL if requested Include ${SNAP}/conf/ssl.conf diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index 5d708c1..9e60875 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -74,12 +74,21 @@ SSLRandomSeed connect file:/dev/urandom 512 # Virtual host for HTTP. All it does it redirect to HTTPS. RewriteEngine on + # Disable HTTP TRACK method. + RewriteCond %{REQUEST_METHOD} ^TRACK + RewriteRule .* - [R=405,L] + # Redirect everything else to HTTPS RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] # Virtual host for HTTPS. + # Disable HTTP TRACK method. + RewriteEngine On + RewriteCond %{REQUEST_METHOD} ^TRACK + RewriteRule .* - [R=405,L] + SSLEngine on SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; From d1c1ce865244b4fdf392a2934dfb6f243e1ca4d8 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 30 Apr 2017 00:26:16 -0700 Subject: [PATCH 081/416] Update version to 11.0.3snap1 Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ snap/snapcraft.yaml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index b67f64d..c0d2b9b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 11.0.3snap1 + - apache: disable HTTP methods TRACE and TRACK + - nextcloud: upgrade to 11.0.3 + - yaml: verify integrity of components + v 11.0.2snap3 - php: upgrade to 7.0.18 - CI: make daily builds use snap/snapcraft.yaml diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 880596a..f4007b6 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.2snap3 +version: 11.0.3snap1 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From b6d51067d6fa39aa982599716571f9ebe0e18df1 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 5 May 2017 10:31:16 -0700 Subject: [PATCH 082/416] Don't verify checksum for daily builds. Fix #255. Signed-off-by: Kyle Fazzari --- .travis/cron.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis/cron.sh b/.travis/cron.sh index 15719bd..0acb943 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -5,7 +5,8 @@ latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable11.t rewrite_snapcraft_yaml() { - sed -ri "s|(source:\s+).*download.nextcloud.com.*$|\1$1|" snap/snapcraft.yaml + # Since we're rewriting the source, we need to also remove the source-checksum. + perl -0777 -i -pe "s|(.*source:\s+).*download.nextcloud.com.*?(\n.*?source-checksum:).*?\n|\1$1\2 ''\n|igs" snap/snapcraft.yaml sed -ri "s|(^version:\s+).*$|\1$2|" snap/snapcraft.yaml } From 629f9e55f67dfa60cfcd3a14ca3f6083957a54e9 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 5 May 2017 10:37:40 -0700 Subject: [PATCH 083/416] Remove weak 3DES SSL algorithms. Reported by both Nessus and SSL Labs to be weak. Resolve #258. Signed-off-by: Kyle Fazzari --- src/apache/conf/ssl.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index 9e60875..620df5e 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -91,7 +91,7 @@ SSLRandomSeed connect file:/dev/urandom 512 SSLEngine on SSLHonorCipherOrder On - SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS; SSLCertificateFile ${SNAP_DATA}/certs/live/cert.pem SSLCertificateKeyFile ${SNAP_DATA}/certs/live/privkey.pem From 4a2d2f4174a1c099eb40bb7638ef73a0b2f5418e Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 9 May 2017 16:02:14 -0700 Subject: [PATCH 084/416] redis: upgrade to 3.2.8 Resolve #267. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f4007b6..a63874e 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -195,8 +195,8 @@ parts: redis: plugin: redis - source: http://download.redis.io/releases/redis-3.2.6.tar.gz - source-checksum: sha1/0c7bc5c751bdbc6fabed178db9cdbdd948915d1b + source: http://download.redis.io/releases/redis-3.2.8.tar.gz + source-checksum: sha1/6780d1abb66f33a97aad0edbe020403d0a15b67f redis-customizations: plugin: copy From 7ddf70aa7df2eef7aaee444ffb20bd19532f99c8 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 8 May 2017 17:00:35 -0700 Subject: [PATCH 085/416] apache: support changing ports Currently, Apache listens on port 80. If HTTPS is enabled, it listens on both 80 and 443. This is inflexible, especially if one wants to put the snap behind a proxy of some kind. Support changing HTTP and HTTPS ports via the `configure` hook. Expose these configurations via the `ports.http` and `ports.https` options, respectively. Fix #134. Signed-off-by: Kyle Fazzari --- README.md | 24 ++++++++++ snap/snapcraft.yaml | 10 +++++ src/apache/conf/httpd.conf | 2 +- src/apache/conf/ssl.conf | 8 ++-- src/apache/scripts/httpd-wrapper | 3 ++ src/apache/utilities/apache-utilities | 65 +++++++++++++++++++++++++-- src/hooks/configure | 59 ++++++++++++++++++++++++ 7 files changed, 163 insertions(+), 8 deletions(-) create mode 100755 src/hooks/configure diff --git a/README.md b/README.md index 87739d7..a1a2696 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,9 @@ logged in and able to create users, install apps, and upload files. Note that this snap includes a service that runs cron.php every 15 minutes, which will automatically change the cron admin setting to Cron for you. + +### Removable media + Also note that the interface providing the ability to access removable media is not automatically connected upon install, so if you'd like to use external storage (or otherwise use a device in `/media` for data), you need to give the @@ -41,6 +44,27 @@ snap permission to access removable media by connecting that interface: $ sudo snap connect nextcloud:removable-media +### HTTP/HTTPS port configuration + +By default, the snap will listen on port 80. If you enable HTTPS, it will listen +on both 80 and 443, and HTTP traffic will be redirected to HTTPS. But perhaps +you're putting the snap behind a proxy of some kind, in which case you probably +want to change those ports. + +If you'd like to change the HTTP port (say, to port 81), run: + + $ sudo snap set nextcloud ports.http=81 + +To change the HTTPS port (say, to port 444), run: + + $ sudo snap set nextcloud ports.https=444 + +Note that, assuming HTTPS is enabled, this will cause HTTP traffic to be +redirected to port 444. You can specify both of these simultaneously as well: + + $ sudo snap set nextcloud ports.http=81 ports.https=444 + + ### Included CLI utilities There are a few CLI utilities included: diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f4007b6..d86d643 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -85,6 +85,10 @@ apps: command: manual-install plugs: [network, network-bind, removable-media] +hooks: + configure: + plugs: [network, network-bind] + parts: apache: plugin: apache @@ -325,3 +329,9 @@ parts: stage-packages: [openssl] stage: [-etc/ssl] prime: [-etc/ssl] + + hooks: + plugin: dump + source: src/hooks + organize: + '*': snap/hooks/ diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index a61e143..1bed00c 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -18,7 +18,7 @@ ServerRoot "${SNAP}" # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 -Listen 80 +Listen ${HTTP_PORT} # # Mutex: Allows you to set the mutex mechanism and mutex file directory diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index 620df5e..b350ece 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -7,7 +7,7 @@ # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 -Listen 443 +Listen ${HTTPS_PORT} # # Dynamic Shared Object (DSO) Support @@ -72,17 +72,17 @@ SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 # Virtual host for HTTP. All it does it redirect to HTTPS. - + RewriteEngine on # Disable HTTP TRACK method. RewriteCond %{REQUEST_METHOD} ^TRACK RewriteRule .* - [R=405,L] # Redirect everything else to HTTPS - RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] + RewriteRule ^ https://%{SERVER_NAME}:${HTTPS_PORT}%{REQUEST_URI} [END,QSA,R=permanent] # Virtual host for HTTPS. - + # Disable HTTP TRACK method. RewriteEngine On diff --git a/src/apache/scripts/httpd-wrapper b/src/apache/scripts/httpd-wrapper index 1e57e0d..11c9057 100755 --- a/src/apache/scripts/httpd-wrapper +++ b/src/apache/scripts/httpd-wrapper @@ -20,4 +20,7 @@ else echo "No certificates are active: using HTTP only" fi +export HTTP_PORT="$(apache_http_port)" +export HTTPS_PORT="$(apache_https_port)" + httpd -d $SNAP $params $@ diff --git a/src/apache/utilities/apache-utilities b/src/apache/utilities/apache-utilities index 3909412..d23c61e 100755 --- a/src/apache/utilities/apache-utilities +++ b/src/apache/utilities/apache-utilities @@ -1,24 +1,83 @@ #!/bin/sh +APACHE_HTTP_PORT_FILE="$SNAP_DATA/apache/data/http_port" +APACHE_HTTPS_PORT_FILE="$SNAP_DATA/apache/data/https_port" export APACHE_PIDFILE="/tmp/pids/httpd.pid" +mkdir -p -m 750 "$(dirname $APACHE_HTTP_PORT_FILE)" +mkdir -p -m 750 "$(dirname $APACHE_HTTPS_PORT_FILE)" mkdir -p -m 750 "$(dirname $APACHE_PIDFILE)" restart_apache_if_running() { - if [ -f "$APACHE_PIDFILE" ]; then + if apache_is_running; then # Restart apache by stopping it and letting systemd start it again. - apache_pid=$(cat "$APACHE_PIDFILE") + pid="$(apache_pid)" echo -n "Restarting apache... " output=$(httpd-wrapper -k stop 2>&1) if [ $? -eq 0 ]; then - while kill -0 $apache_pid 2>/dev/null; do + while kill -0 $pid 2>/dev/null; do sleep 1 done echo "done" else echo "error" echo "$output" + return 1 fi fi } + +apache_is_running() +{ + [ -f "$APACHE_PIDFILE" ] +} + +wait_for_apache() +{ + if ! apache_is_running; then + echo -n "Waiting for Apache... " + while ! apache_is_running; do + sleep 1 + done + echo "done" + fi +} + +apache_pid() +{ + if apache_is_running; then + cat "$APACHE_PIDFILE" + else + echo "Unable to get Apache PID as it's not yet running" >&2 + echo "" + fi +} + +apache_http_port() +{ + if [ ! -f "$APACHE_HTTP_PORT_FILE" ]; then + apache_set_http_port "80" + fi + + cat "$APACHE_HTTP_PORT_FILE" +} + +apache_set_http_port() +{ + echo "$1" > "$APACHE_HTTP_PORT_FILE" +} + +apache_https_port() +{ + if [ ! -f "$APACHE_HTTPS_PORT_FILE" ]; then + apache_set_https_port "443" + fi + + cat "$APACHE_HTTPS_PORT_FILE" +} + +apache_set_https_port() +{ + echo "$1" > "$APACHE_HTTPS_PORT_FILE" +} diff --git a/src/hooks/configure b/src/hooks/configure new file mode 100755 index 0000000..7bc302d --- /dev/null +++ b/src/hooks/configure @@ -0,0 +1,59 @@ +#!/bin/sh + +# Supported keys: +# - ports.http (integer) +# Port on which the snap will listen for HTTP traffic. +# +# - ports.https (integer) +# Port on which the snap will listen for HTTPS traffic (only applies if HTTPS +# is enabled). + +. $SNAP/utilities/apache-utilities + +handle_apache_port_config() +{ + old_http_port="$(apache_http_port)" + old_https_port="$(apache_https_port)" + + http_port="$(snapctl get ports.http)" + if [ -z "$http_port" ]; then + http_port="$old_http_port" + snapctl set ports.http="$http_port" + fi + + https_port="$(snapctl get ports.https)" + if [ -z "$https_port" ]; then + https_port="$old_https_port" + snapctl set ports.https="$https_port" + fi + + # If no changes were requested, then there's nothing to do here. + if [ "$http_port" = "$old_http_port" -a "$https_port" = "$old_https_port" ]; then + return 0 + fi + + # Validate HTTP port + if ! expr "$http_port" : '^[0-9]*$' > /dev/null; then + echo "\"$http_port\" is not a valid HTTP port" >&2 + return 1 + fi + + # Validate HTTPS port + if ! expr "$https_port" : '^[0-9]*$' > /dev/null; then + echo "\"$https_port\" is not a valid HTTPS port" >&2 + return 2 + fi + + apache_set_http_port "$http_port" + apache_set_https_port "$https_port" + + # If restarting ran into problems, revert the change before erroring out. + if ! restart_apache_if_running; then + apache_set_http_port "$old_http_port" + apache_set_https_port "$old_https_port" + restart_apache_if_running + return 3 + fi +} + +handle_apache_port_config From 9acd46f314cc036bd06aa8a74365ef847cd6623b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sat, 6 May 2017 08:01:12 +0000 Subject: [PATCH 086/416] Add samba client support. With libsmbclient-php and libsmbclient. Fixes #60 Note: We had to install libsmbclient from the python plugin, as it's python dependency conflicted with the python pulled by the certbot part when directly staged. See: https://bugs.launchpad.net/snapcraft/+bug/1630996 --- snap/snapcraft.yaml | 13 +++++++++++++ src/php/config/php.ini | 1 + 2 files changed, 14 insertions(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 003a7be..2ecdbeb 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -150,6 +150,15 @@ parts: prime: - -htdocs/apps/updatenotification + # libsmbclient is needed by the SMB PHP module but it depends upon python. + # Pulling in python via stage-packages conflicts with the python from the + # python plugin used in certbot, so we'll use the python plugin too to + # install libsmbclient. + libsmbclient: + plugin: python + python-version: python2 + stage-packages: [libsmbclient] + php: plugin: php source: http://us1.php.net/get/php-7.0.18.tar.bz2/from/this/mirror @@ -186,6 +195,7 @@ parts: - libjpeg9-dev - libbz2-dev - libmcrypt-dev + - libsmbclient-dev prime: - -sbin/ - -etc/ @@ -196,6 +206,9 @@ parts: # Build the redis PHP module - source: https://github.com/phpredis/phpredis.git source-branch: php7 + # Build the php-smbclient module + - source: https://github.com/eduardok/libsmbclient-php.git + source-tag: 0.9.0 redis: plugin: redis diff --git a/src/php/config/php.ini b/src/php/config/php.ini index 85236ff..d7d483c 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -901,6 +901,7 @@ default_socket_timeout = 60 ;extension=php_xsl.dll extension=redis.so +extension=smbclient.so ;;;;;;;;;;;;;;;;;;; ; Module Settings ; From 835bfe3d112f694cd98dc7418a5483332d0a4c4b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 15 May 2017 14:08:45 -0700 Subject: [PATCH 087/416] Revert "Add samba client support." This reverts commit 9acd46f314cc036bd06aa8a74365ef847cd6623b. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 13 ------------- src/php/config/php.ini | 1 - 2 files changed, 14 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 2ecdbeb..003a7be 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -150,15 +150,6 @@ parts: prime: - -htdocs/apps/updatenotification - # libsmbclient is needed by the SMB PHP module but it depends upon python. - # Pulling in python via stage-packages conflicts with the python from the - # python plugin used in certbot, so we'll use the python plugin too to - # install libsmbclient. - libsmbclient: - plugin: python - python-version: python2 - stage-packages: [libsmbclient] - php: plugin: php source: http://us1.php.net/get/php-7.0.18.tar.bz2/from/this/mirror @@ -195,7 +186,6 @@ parts: - libjpeg9-dev - libbz2-dev - libmcrypt-dev - - libsmbclient-dev prime: - -sbin/ - -etc/ @@ -206,9 +196,6 @@ parts: # Build the redis PHP module - source: https://github.com/phpredis/phpredis.git source-branch: php7 - # Build the php-smbclient module - - source: https://github.com/eduardok/libsmbclient-php.git - source-tag: 0.9.0 redis: plugin: redis diff --git a/src/php/config/php.ini b/src/php/config/php.ini index d7d483c..85236ff 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -901,7 +901,6 @@ default_socket_timeout = 60 ;extension=php_xsl.dll extension=redis.so -extension=smbclient.so ;;;;;;;;;;;;;;;;;;; ; Module Settings ; From 7e10758b47e6ab6c8f92c3bd9d01b94c91b37ba7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 15 May 2017 14:30:06 -0700 Subject: [PATCH 088/416] Revert "apache: support changing ports" This reverts commit 7ddf70aa7df2eef7aaee444ffb20bd19532f99c8. Reverting because LP: #1690906 will cause all subsequent upgrades to fail for snaps installed within lxc containers. Signed-off-by: Kyle Fazzari --- README.md | 24 ---------- snap/snapcraft.yaml | 10 ----- src/apache/conf/httpd.conf | 2 +- src/apache/conf/ssl.conf | 8 ++-- src/apache/scripts/httpd-wrapper | 3 -- src/apache/utilities/apache-utilities | 65 ++------------------------- src/hooks/configure | 59 ------------------------ 7 files changed, 8 insertions(+), 163 deletions(-) delete mode 100755 src/hooks/configure diff --git a/README.md b/README.md index a1a2696..87739d7 100644 --- a/README.md +++ b/README.md @@ -33,9 +33,6 @@ logged in and able to create users, install apps, and upload files. Note that this snap includes a service that runs cron.php every 15 minutes, which will automatically change the cron admin setting to Cron for you. - -### Removable media - Also note that the interface providing the ability to access removable media is not automatically connected upon install, so if you'd like to use external storage (or otherwise use a device in `/media` for data), you need to give the @@ -44,27 +41,6 @@ snap permission to access removable media by connecting that interface: $ sudo snap connect nextcloud:removable-media -### HTTP/HTTPS port configuration - -By default, the snap will listen on port 80. If you enable HTTPS, it will listen -on both 80 and 443, and HTTP traffic will be redirected to HTTPS. But perhaps -you're putting the snap behind a proxy of some kind, in which case you probably -want to change those ports. - -If you'd like to change the HTTP port (say, to port 81), run: - - $ sudo snap set nextcloud ports.http=81 - -To change the HTTPS port (say, to port 444), run: - - $ sudo snap set nextcloud ports.https=444 - -Note that, assuming HTTPS is enabled, this will cause HTTP traffic to be -redirected to port 444. You can specify both of these simultaneously as well: - - $ sudo snap set nextcloud ports.http=81 ports.https=444 - - ### Included CLI utilities There are a few CLI utilities included: diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 003a7be..a63874e 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -85,10 +85,6 @@ apps: command: manual-install plugs: [network, network-bind, removable-media] -hooks: - configure: - plugs: [network, network-bind] - parts: apache: plugin: apache @@ -329,9 +325,3 @@ parts: stage-packages: [openssl] stage: [-etc/ssl] prime: [-etc/ssl] - - hooks: - plugin: dump - source: src/hooks - organize: - '*': snap/hooks/ diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index 1bed00c..a61e143 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -18,7 +18,7 @@ ServerRoot "${SNAP}" # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 -Listen ${HTTP_PORT} +Listen 80 # # Mutex: Allows you to set the mutex mechanism and mutex file directory diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index b350ece..620df5e 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -7,7 +7,7 @@ # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 -Listen ${HTTPS_PORT} +Listen 443 # # Dynamic Shared Object (DSO) Support @@ -72,17 +72,17 @@ SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 # Virtual host for HTTP. All it does it redirect to HTTPS. - + RewriteEngine on # Disable HTTP TRACK method. RewriteCond %{REQUEST_METHOD} ^TRACK RewriteRule .* - [R=405,L] # Redirect everything else to HTTPS - RewriteRule ^ https://%{SERVER_NAME}:${HTTPS_PORT}%{REQUEST_URI} [END,QSA,R=permanent] + RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] # Virtual host for HTTPS. - + # Disable HTTP TRACK method. RewriteEngine On diff --git a/src/apache/scripts/httpd-wrapper b/src/apache/scripts/httpd-wrapper index 11c9057..1e57e0d 100755 --- a/src/apache/scripts/httpd-wrapper +++ b/src/apache/scripts/httpd-wrapper @@ -20,7 +20,4 @@ else echo "No certificates are active: using HTTP only" fi -export HTTP_PORT="$(apache_http_port)" -export HTTPS_PORT="$(apache_https_port)" - httpd -d $SNAP $params $@ diff --git a/src/apache/utilities/apache-utilities b/src/apache/utilities/apache-utilities index d23c61e..3909412 100755 --- a/src/apache/utilities/apache-utilities +++ b/src/apache/utilities/apache-utilities @@ -1,83 +1,24 @@ #!/bin/sh -APACHE_HTTP_PORT_FILE="$SNAP_DATA/apache/data/http_port" -APACHE_HTTPS_PORT_FILE="$SNAP_DATA/apache/data/https_port" export APACHE_PIDFILE="/tmp/pids/httpd.pid" -mkdir -p -m 750 "$(dirname $APACHE_HTTP_PORT_FILE)" -mkdir -p -m 750 "$(dirname $APACHE_HTTPS_PORT_FILE)" mkdir -p -m 750 "$(dirname $APACHE_PIDFILE)" restart_apache_if_running() { - if apache_is_running; then + if [ -f "$APACHE_PIDFILE" ]; then # Restart apache by stopping it and letting systemd start it again. - pid="$(apache_pid)" + apache_pid=$(cat "$APACHE_PIDFILE") echo -n "Restarting apache... " output=$(httpd-wrapper -k stop 2>&1) if [ $? -eq 0 ]; then - while kill -0 $pid 2>/dev/null; do + while kill -0 $apache_pid 2>/dev/null; do sleep 1 done echo "done" else echo "error" echo "$output" - return 1 fi fi } - -apache_is_running() -{ - [ -f "$APACHE_PIDFILE" ] -} - -wait_for_apache() -{ - if ! apache_is_running; then - echo -n "Waiting for Apache... " - while ! apache_is_running; do - sleep 1 - done - echo "done" - fi -} - -apache_pid() -{ - if apache_is_running; then - cat "$APACHE_PIDFILE" - else - echo "Unable to get Apache PID as it's not yet running" >&2 - echo "" - fi -} - -apache_http_port() -{ - if [ ! -f "$APACHE_HTTP_PORT_FILE" ]; then - apache_set_http_port "80" - fi - - cat "$APACHE_HTTP_PORT_FILE" -} - -apache_set_http_port() -{ - echo "$1" > "$APACHE_HTTP_PORT_FILE" -} - -apache_https_port() -{ - if [ ! -f "$APACHE_HTTPS_PORT_FILE" ]; then - apache_set_https_port "443" - fi - - cat "$APACHE_HTTPS_PORT_FILE" -} - -apache_set_https_port() -{ - echo "$1" > "$APACHE_HTTPS_PORT_FILE" -} diff --git a/src/hooks/configure b/src/hooks/configure deleted file mode 100755 index 7bc302d..0000000 --- a/src/hooks/configure +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -# Supported keys: -# - ports.http (integer) -# Port on which the snap will listen for HTTP traffic. -# -# - ports.https (integer) -# Port on which the snap will listen for HTTPS traffic (only applies if HTTPS -# is enabled). - -. $SNAP/utilities/apache-utilities - -handle_apache_port_config() -{ - old_http_port="$(apache_http_port)" - old_https_port="$(apache_https_port)" - - http_port="$(snapctl get ports.http)" - if [ -z "$http_port" ]; then - http_port="$old_http_port" - snapctl set ports.http="$http_port" - fi - - https_port="$(snapctl get ports.https)" - if [ -z "$https_port" ]; then - https_port="$old_https_port" - snapctl set ports.https="$https_port" - fi - - # If no changes were requested, then there's nothing to do here. - if [ "$http_port" = "$old_http_port" -a "$https_port" = "$old_https_port" ]; then - return 0 - fi - - # Validate HTTP port - if ! expr "$http_port" : '^[0-9]*$' > /dev/null; then - echo "\"$http_port\" is not a valid HTTP port" >&2 - return 1 - fi - - # Validate HTTPS port - if ! expr "$https_port" : '^[0-9]*$' > /dev/null; then - echo "\"$https_port\" is not a valid HTTPS port" >&2 - return 2 - fi - - apache_set_http_port "$http_port" - apache_set_https_port "$https_port" - - # If restarting ran into problems, revert the change before erroring out. - if ! restart_apache_if_running; then - apache_set_http_port "$old_http_port" - apache_set_https_port "$old_https_port" - restart_apache_if_running - return 3 - fi -} - -handle_apache_port_config From f2f5e2bdb90e9ac3669e73544bbbe58555138faf Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 12 May 2017 02:29:51 -0700 Subject: [PATCH 089/416] Update version to 11.0.3snap2 Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ snap/snapcraft.yaml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index c0d2b9b..e0bdef2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 11.0.3snap2 + - redis: upgrade to 3.2.8 + - apache: remove weak 3DES SSL algorithms + - ci: don't verify checksum for daily builds + v 11.0.3snap1 - apache: disable HTTP methods TRACE and TRACK - nextcloud: upgrade to 11.0.3 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index a63874e..adaa034 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.3snap1 +version: 11.0.3snap2 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 2ad7c842d98cfc34167e6e55b871993022406bb9 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 23 May 2017 10:49:03 -0700 Subject: [PATCH 090/416] mysql: update to 5.7.18 Resolve #94. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index adaa034..78942b5 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -237,7 +237,7 @@ parts: plugin: cmake source: https://github.com/kyrofa/mysql-server.git source-type: git - source-branch: feature/support_no_setpriority + source-branch: mysql-5.7.18_support_no_setpriority after: [boost] configflags: - -DWITH_BOOST=$SNAPCRAFT_STAGE/boost From c05967e5583c26eaafdcdc00c9cd9216d4e29954 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 23 May 2017 12:13:50 -0700 Subject: [PATCH 091/416] certbot: update to 0.14.1 The recent release of configargparse broke certbot, which made getting Let's Encrypt certificates in the snap impossible. Certbot fixed it in a later version, so we just need to update the version of certbot used in the snap. Fix #279. Signed-off-by: Kyle Fazzari --- src/https/setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/https/setup.py b/src/https/setup.py index 971f0ea..36e6652 100644 --- a/src/https/setup.py +++ b/src/https/setup.py @@ -5,7 +5,7 @@ name='nextcloud', packages=find_packages(), install_requires=[ - 'certbot==0.9.3', + 'certbot==0.14.1', 'zope.interface', ], entry_points={ From c81af3922b0217d2a5675755c087012e54b9a8d5 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 24 May 2017 09:35:00 -0700 Subject: [PATCH 092/416] Update version to 11.0.3snap3 Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ snap/snapcraft.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index e0bdef2..24be3cb 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 11.0.3snap3 + - certbot: update to 0.14.1 + - mysql: update to 5.7.18 + v 11.0.3snap2 - redis: upgrade to 3.2.8 - apache: remove weak 3DES SSL algorithms diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 78942b5..6eb0255 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.3snap2 +version: 11.0.3snap3 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 92e86afa5c4dff5ad9fc71d11f13da74b45e9aa5 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 31 May 2017 13:53:31 +0100 Subject: [PATCH 093/416] ci: integrate with Circle CI Build the snap, then install it, and run some acceptance tests against it. The acceptance tests are written in capybara and rspec. Resolve #292. Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 21 ++++++ README.md | 23 +++++++ tests/.rspec | 1 + tests/Gemfile | 16 +++++ tests/Gemfile.lock | 57 ++++++++++++++++ tests/Rakefile | 7 ++ tests/spec/login_spec.rb | 17 +++++ tests/spec/spec_helper.rb | 138 ++++++++++++++++++++++++++++++++++++++ 8 files changed, 280 insertions(+) create mode 100644 .circleci/config.yml create mode 100644 tests/.rspec create mode 100644 tests/Gemfile create mode 100644 tests/Gemfile.lock create mode 100644 tests/Rakefile create mode 100644 tests/spec/login_spec.rb create mode 100644 tests/spec/spec_helper.rb diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..c0fb184 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,21 @@ +version: 2 +jobs: + build: + working_directory: ~/nextcloud-snap + machine: true + steps: + - checkout + - run: + command: | + sudo apt update + sudo apt install -y snapd + docker run -v $(pwd):$(pwd) -t ubuntu:xenial sh -c "apt update -qq && apt install snapcraft -y && cd $(pwd) && snapcraft" + - run: + command: | + sudo snap install *.snap --dangerous + sudo apt install gcc g++ make qt5-default libqt5webkit5-dev ruby-dev zlib1g-dev -y + sudo gem install bundle + cd tests + bundle install --deployment + sudo nextcloud.manual-install admin admin + bundle exec rake test diff --git a/README.md b/README.md index 87739d7..a14b6c2 100644 --- a/README.md +++ b/README.md @@ -80,3 +80,26 @@ There are a few CLI utilities included: - `$SNAP_COMMON` - Nextcloud data - Nextcloud logs + + +## Hacking + +If you change something in the snap, build it, install it, and you can run a +suite of acceptance tests against it. The tests are written in ruby, using +capybara and rspec. To run the tests, you first need to install a few +dependencies: + + $ sudo apt install gcc g++ make qt5-default libqt5webkit5-dev ruby-dev zlib1g-dev + $ gem install bundle + $ cd tests/ + $ bundle install + +Make sure the snap has a user called "admin" with password "admin" (used for +login tests): + + $ sudo nextcloud.manual-install admin admin + +And finally, run the tests: + + $ cd tests/ + $ rake test diff --git a/tests/.rspec b/tests/.rspec new file mode 100644 index 0000000..c99d2e7 --- /dev/null +++ b/tests/.rspec @@ -0,0 +1 @@ +--require spec_helper diff --git a/tests/Gemfile b/tests/Gemfile new file mode 100644 index 0000000..9b80303 --- /dev/null +++ b/tests/Gemfile @@ -0,0 +1,16 @@ +source 'https://rubygems.org' + +# Test driver +gem 'capybara' + +# Webdriver +gem 'capybara-webkit' + +# Create xvfb from ruby +gem 'headless' + +# Use nice acceptance tests DSL +gem 'rspec' + +# Run tests nicely +gem 'rake' diff --git a/tests/Gemfile.lock b/tests/Gemfile.lock new file mode 100644 index 0000000..5af88ff --- /dev/null +++ b/tests/Gemfile.lock @@ -0,0 +1,57 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.5.1) + public_suffix (~> 2.0, >= 2.0.2) + capybara (2.13.0) + addressable + mime-types (>= 1.16) + nokogiri (>= 1.3.3) + rack (>= 1.0.0) + rack-test (>= 0.5.4) + xpath (~> 2.0) + capybara-webkit (1.14.0) + capybara (>= 2.3.0, < 2.14.0) + json + diff-lcs (1.3) + headless (2.3.1) + json (2.1.0) + mime-types (3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0521) + mini_portile2 (2.1.0) + nokogiri (1.7.2) + mini_portile2 (~> 2.1.0) + public_suffix (2.0.5) + rack (2.0.3) + rack-test (0.6.3) + rack (>= 1.0) + rake (10.5.0) + rspec (3.6.0) + rspec-core (~> 3.6.0) + rspec-expectations (~> 3.6.0) + rspec-mocks (~> 3.6.0) + rspec-core (3.6.0) + rspec-support (~> 3.6.0) + rspec-expectations (3.6.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.6.0) + rspec-mocks (3.6.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.6.0) + rspec-support (3.6.0) + xpath (2.1.0) + nokogiri (~> 1.3) + +PLATFORMS + ruby + +DEPENDENCIES + capybara + capybara-webkit + headless + rake + rspec + +BUNDLED WITH + 1.15.0 diff --git a/tests/Rakefile b/tests/Rakefile new file mode 100644 index 0000000..4d2f2d1 --- /dev/null +++ b/tests/Rakefile @@ -0,0 +1,7 @@ +require 'rake' +require 'rspec/core/rake_task' + +RSpec::Core::RakeTask.new(:test) do |t| + t.pattern = Dir.glob('spec/**/*_spec.rb') +end +task :default => :test diff --git a/tests/spec/login_spec.rb b/tests/spec/login_spec.rb new file mode 100644 index 0000000..59caaef --- /dev/null +++ b/tests/spec/login_spec.rb @@ -0,0 +1,17 @@ +feature "Logging in" do + scenario "Logging in with correct credentials" do + visit "/" + fill_in "User", with: "admin" + fill_in "Password", with: "admin" + click_button "Log in" + expect(page).to have_content "Documents" + end + + scenario "Loggin in with incorrect credentials" do + visit "/" + fill_in "User", with: "wronguser" + fill_in "Password", with: "wrongpassword" + click_button "Log in" + expect(page).to have_content "Wrong password" + end +end diff --git a/tests/spec/spec_helper.rb b/tests/spec/spec_helper.rb new file mode 100644 index 0000000..043d599 --- /dev/null +++ b/tests/spec/spec_helper.rb @@ -0,0 +1,138 @@ +require 'capybara' +require 'capybara/dsl' +require 'capybara/rspec' +require 'capybara-webkit' +require 'headless' + +include Capybara::DSL + +Capybara.configure do | config | + # Set javascript driver to webkit (selenium is the default) + config.default_driver = :webkit + config.app_host = 'http://localhost' + config.run_server = false +end + +Capybara::Webkit.configure do |config| + # Enable debug mode. Prints a log of everything the driver is doing. + #config.debug = true + + # Don't raise errors when SSL certificates can't be validated + config.ignore_ssl_errors + + # Raise JavaScript errors as exceptions + config.raise_javascript_errors = true + + # Allow pages to make requests to any URL without issuing a warning. + config.allow_unknown_urls +end + +# This file was generated by the `rspec --init` command. Conventionally, all +# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`. +# The generated `.rspec` file contains `--require spec_helper` which will cause +# this file to always be loaded, without a need to explicitly require it in any +# files. +# +# Given that it is always loaded, you are encouraged to keep this file as +# light-weight as possible. Requiring heavyweight dependencies from this file +# will add to the boot time of your test suite on EVERY test run, even for an +# individual file that may not need all of that loaded. Instead, consider making +# a separate helper file that requires the additional dependencies and performs +# the additional setup, and require it from the spec files that actually need +# it. +# +# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration +RSpec.configure do |config| + # rspec-expectations config goes here. You can use an alternate + # assertion/expectation library such as wrong or the stdlib/minitest + # assertions if you prefer. + config.expect_with :rspec do |expectations| + # This option will default to `true` in RSpec 4. It makes the `description` + # and `failure_message` of custom matchers include text for helper methods + # defined using `chain`, e.g.: + # be_bigger_than(2).and_smaller_than(4).description + # # => "be bigger than 2 and smaller than 4" + # ...rather than: + # # => "be bigger than 2" + expectations.include_chain_clauses_in_custom_matcher_descriptions = true + end + + # rspec-mocks config goes here. You can use an alternate test double + # library (such as bogus or mocha) by changing the `mock_with` option here. + config.mock_with :rspec do |mocks| + # Prevents you from mocking or stubbing a method that does not exist on + # a real object. This is generally recommended, and will default to + # `true` in RSpec 4. + mocks.verify_partial_doubles = true + end + + # This option will default to `:apply_to_host_groups` in RSpec 4 (and will + # have no way to turn it off -- the option exists only for backwards + # compatibility in RSpec 3). It causes shared context metadata to be + # inherited by the metadata hash of host groups and examples, rather than + # triggering implicit auto-inclusion in groups with matching metadata. + config.shared_context_metadata_behavior = :apply_to_host_groups + +# The settings below are suggested to provide a good initial experience +# with RSpec, but feel free to customize to your heart's content. +=begin + # This allows you to limit a spec run to individual examples or groups + # you care about by tagging them with `:focus` metadata. When nothing + # is tagged with `:focus`, all examples get run. RSpec also provides + # aliases for `it`, `describe`, and `context` that include `:focus` + # metadata: `fit`, `fdescribe` and `fcontext`, respectively. + config.filter_run_when_matching :focus + + # Allows RSpec to persist some state between runs in order to support + # the `--only-failures` and `--next-failure` CLI options. We recommend + # you configure your source control system to ignore this file. + config.example_status_persistence_file_path = "spec/examples.txt" + + # Limits the available syntax to the non-monkey patched syntax that is + # recommended. For more details, see: + # - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/ + # - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/ + # - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode + config.disable_monkey_patching! + + # This setting enables warnings. It's recommended, but in some cases may + # be too noisy due to issues in dependencies. + config.warnings = true + + # Many RSpec users commonly either run the entire suite or an individual + # file, and it's useful to allow more verbose output when running an + # individual spec file. + if config.files_to_run.one? + # Use the documentation formatter for detailed output, + # unless a formatter has already been configured + # (e.g. via a command-line flag). + config.default_formatter = "doc" + end + + # Print the 10 slowest examples and example groups at the + # end of the spec run, to help surface which specs are running + # particularly slow. + config.profile_examples = 10 + + # Run specs in random order to surface order dependencies. If you find an + # order dependency and want to debug it, you can fix the order by providing + # the seed, which is printed after each run. + # --seed 1234 + config.order = :random + + # Seed global randomization in this process using the `--seed` CLI option. + # Setting this allows you to use `--seed` to deterministically reproduce + # test failures related to randomization by passing the same `--seed` value + # as the one that triggered the failure. + Kernel.srand config.seed +=end + + config.before(:all) do + @headless = Headless.new + @headless.start + end + + config.after(:all) do + @headless.destroy + end +end From ce47a86fb4aa6e6a9ad1186188b82c005c45a16c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 31 May 2017 11:14:52 +0100 Subject: [PATCH 094/416] php: update to 7.0.19 7.0.18 has multiple security vulnerabilities. Fix #290. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 6eb0255..c67d81f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -148,8 +148,8 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.0.18.tar.bz2/from/this/mirror - source-checksum: sha256/b20cc63d507032b39d8bb14cb64784e460b0e47997e90a8704b703bcbb233fd1 + source: http://us1.php.net/get/php-7.0.19.tar.bz2/from/this/mirror + source-checksum: sha256/0f3ac0afc02aec22f6b1659045da9287453e9309439d0499622bc8e94a7f7d59 source-type: tar install-via: prefix configflags: From 494f30cee5d13b3fd03b59f5acd0d4f106d33bb6 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 31 May 2017 16:28:45 +0100 Subject: [PATCH 095/416] Update version to 11.0.3snap4 Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ snap/snapcraft.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 24be3cb..86449a3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 11.0.3snap4 + - php: update to 7.0.19 + - ci: integrate with Circle CI + v 11.0.3snap3 - certbot: update to 0.14.1 - mysql: update to 5.7.18 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c67d81f..abb5116 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.3snap3 +version: 11.0.3snap4 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From d3bf49bb9768a6a622fc3e35d33b7158c0f86bc2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 31 May 2017 18:52:45 +0100 Subject: [PATCH 096/416] Start building daily 12 Signed-off-by: Kyle Fazzari --- .travis/cron.sh | 49 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 17 deletions(-) diff --git a/.travis/cron.sh b/.travis/cron.sh index 0acb943..6312251 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -1,7 +1,8 @@ #!/bin/bash latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" -latest_stable_url="https://download.nextcloud.com/server/daily/latest-stable11.tar.bz2" +latest_stable11_url="https://download.nextcloud.com/server/daily/latest-stable11.tar.bz2" +latest_stable12_url="https://download.nextcloud.com/server/daily/latest-stable12.tar.bz2" rewrite_snapcraft_yaml() { @@ -10,25 +11,39 @@ rewrite_snapcraft_yaml() sed -ri "s|(^version:\s+).*$|\1$2|" snap/snapcraft.yaml } -echo "Requesting build of latest master..." -git checkout -b edge origin/${TRAVIS_BRANCH} +request_build() +{ + branch_name="$1" + url="$2" + version="$3" + commit_message="$4" -# Rewrite the snapcraft.yaml to pull from the latest master. -rewrite_snapcraft_yaml $latest_master_url "latest-master" + git checkout -b "$1" "origin/${TRAVIS_BRANCH}" -# Commit the changes and push to edge to begin the edge build. -git add . -git commit -m 'From CI: Use Nextcloud latest master' -git push deploy edge --force + # Rewrite the snapcraft.yaml to pull the requested source + rewrite_snapcraft_yaml "$url" "$version" + + # Commit the changes and push to begin the build. + git add . + git commit -m "$commit_message" + git push deploy "$branch_name" --force +} + +today="$(date +%F)" + +echo "Requesting build of latest master..." +request_build \ + "latest-master" "$latest_master_url" "master-$today" \ + "From CI: Use Nextcloud latest master" -echo "Requesting build of latest stable..." -git checkout -b beta origin/${TRAVIS_BRANCH} +echo "Requesting build of latest 11..." +request_build \ + "latest-11" "$latest_stable11_url" "11-$today" \ + "From CI: Use Nextcloud latest 11" -# Now rewrite the snapcraft.yaml to pull from the latest stable v11. -rewrite_snapcraft_yaml $latest_stable_url "latest-stable11" -# Commit the changes and push to beta to begin the beta build. -git add . -git commit -m 'From CI: Use Nextcloud latest stable' -git push deploy beta --force +echo "Requesting build of latest 12..." +request_build \ + "latest-12" "$latest_stable12_url" "12-$today" \ + "From CI: Use Nextcloud latest 12" From bb2b8b0f3bf19f1d53d2fc2d2c38384e4ac7f487 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Thu, 8 Jun 2017 19:37:03 +0000 Subject: [PATCH 097/416] php: update to 7.0.20 Resolve #303. --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index abb5116..9db1226 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -148,8 +148,8 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.0.19.tar.bz2/from/this/mirror - source-checksum: sha256/0f3ac0afc02aec22f6b1659045da9287453e9309439d0499622bc8e94a7f7d59 + source: http://us1.php.net/get/php-7.0.20.tar.bz2/from/this/mirror + source-checksum: sha256/cdfddfe01cc615218e333e34a1c761c9ef8fdf5199b27617264a02705eda7fc3 source-type: tar install-via: prefix configflags: From 8afd859e1db58ae44607e0b3276a9130a89b9fff Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 17 Jun 2017 07:41:23 -0700 Subject: [PATCH 098/416] Update version to 11.0.3snap5 Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ snap/snapcraft.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 86449a3..770ed84 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 11.0.3snap5 + - php: update to 7.0.20 + - start building daily v12 in 12/edge channel + v 11.0.3snap4 - php: update to 7.0.19 - ci: integrate with Circle CI diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 9db1226..7839a12 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.3snap4 +version: 11.0.3snap5 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From 4d19e1222ea1759cb4f0bd203612e661973d56a4 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 25 Jun 2017 05:43:47 -0700 Subject: [PATCH 099/416] apache: update to 2.4.26 Resolve #311. Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 2 +- snap/snapcraft.yaml | 4 ++-- src/apache/conf/httpd.conf | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c0fb184..b39df78 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,7 +9,7 @@ jobs: command: | sudo apt update sudo apt install -y snapd - docker run -v $(pwd):$(pwd) -t ubuntu:xenial sh -c "apt update -qq && apt install snapcraft -y && cd $(pwd) && snapcraft" + docker run -v $(pwd):$(pwd) -e LC_ALL=C.UTF-8 -e LANG=C.UTF-8 -t ubuntu:xenial sh -c "apt update -qq && apt install snapcraft -y && cd $(pwd) && snapcraft" - run: command: | sudo snap install *.snap --dangerous diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 7839a12..5b5832d 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -88,8 +88,8 @@ apps: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.25.tar.bz2 - source-checksum: sha1/bd6d138c31c109297da2346c6e7b93b9283993d2 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.26.tar.bz2 + source-checksum: sha1/b10b0f569a0e5adfef61d8c7f0813d42046e399a # The built-in Apache modules to enable modules: diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index a61e143..8a9430f 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -154,6 +154,7 @@ Alias "/.well-known/acme-challenge" "${SNAP_DATA}/certs/certbot/.well-known/acme # Setup the proxy to PHP-FPM ProxyTimeout 3600 +ProxyFCGIBackendType GENERIC SetHandler "proxy:unix:${PHP_FPM_SOCKET}|fcgi://localhost/" From 3be445efcb753415edb3f5a9078f564a83e0a2c0 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 3 Jul 2017 12:37:11 -0700 Subject: [PATCH 100/416] mdns-publisher: use godeps to manage dependencies Resolve #317. Signed-off-by: Kyle Fazzari --- .gitignore | 1 + snap/snapcraft.yaml | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index dfc240a..ce86442 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ __pycache__/ prime/ stage/ .travis/deploy_key +snap/.snapcraft/ diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 5b5832d..c924845 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -302,8 +302,9 @@ parts: src/mysql/utilities/*: utilities/ mdns-publisher: - plugin: go - go-packages: [github.com/kyrofa/mdns-publisher] + plugin: godeps + source: https://github.com/kyrofa/mdns-publisher.git + go-importpath: github.com/kyrofa/mdns-publisher delay-on-failure: plugin: copy From 261e3caf40d5b184030d07c59327e7da13b5bd76 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 3 Jul 2017 12:03:11 -0700 Subject: [PATCH 101/416] Update version to 11.0.3snap6 Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ snap/snapcraft.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 770ed84..7a03a69 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 11.0.3snap6 + - mdns-publisher: use godeps to manage dependencies + - apache: update to 2.4.26 + v 11.0.3snap5 - php: update to 7.0.20 - start building daily v12 in 12/edge channel diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c924845..ba24faf 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.3snap5 +version: 11.0.3snap6 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From a0ebddb43346b6da1b0759dc2ca951dbcf53335f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 14 Jul 2017 10:19:32 -0700 Subject: [PATCH 102/416] apache: update to 2.4.27 Also change checksum to sha256. Resolve #319. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index ba24faf..1f7e047 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -88,8 +88,8 @@ apps: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.26.tar.bz2 - source-checksum: sha1/b10b0f569a0e5adfef61d8c7f0813d42046e399a + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.27.tar.bz2 + source-checksum: sha256/71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a # The built-in Apache modules to enable modules: From 85e00593a5bebddedb21f782bd6f17d996583c0c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 19 Jul 2017 08:04:18 -0700 Subject: [PATCH 103/416] php: update to 7.0.21 Resolve #321. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 1f7e047..8681887 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -148,8 +148,8 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.0.20.tar.bz2/from/this/mirror - source-checksum: sha256/cdfddfe01cc615218e333e34a1c761c9ef8fdf5199b27617264a02705eda7fc3 + source: http://us1.php.net/get/php-7.0.21.tar.bz2/from/this/mirror + source-checksum: sha256/2ba133c392de6f86aacced8c54e0adefd1c81d3840ac323b9926b8ed3dc6231f source-type: tar install-via: prefix configflags: From b4aed7504490f2c2d19ed496b9f188da00860bfe Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 20 Jul 2017 11:36:38 -0700 Subject: [PATCH 104/416] Update version to 11.0.3snap7 Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ snap/snapcraft.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 7a03a69..498620c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 11.0.3snap7 + - php: update to 7.0.21 + - apache: update to 2.4.27 + v 11.0.3snap6 - mdns-publisher: use godeps to manage dependencies - apache: update to 2.4.26 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 8681887..3687a50 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.3snap6 +version: 11.0.3snap7 summary: Nextcloud Server description: | Access, share and protect your files, calendars, contacts, communication and From ad60d560284d7016fa01925d5370fcc01326ad94 Mon Sep 17 00:00:00 2001 From: Alan Pope Date: Fri, 11 Aug 2017 14:31:02 +0100 Subject: [PATCH 105/416] Update snapcraft.yaml Update the description for the snap, which is more appealing when discovered via "snap list" or "snap find". Note that due to a store limitation, the text will need to be directly updated in the store dashboard, as changes to the yaml do not override the store. --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3687a50..aa93283 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,6 +1,6 @@ name: nextcloud version: 11.0.3snap7 -summary: Nextcloud Server +summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and more at home and in your enterprise. From 254ba8657807fc18acfa32a3f3619649ce6a321c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 11 Aug 2017 07:34:33 -0700 Subject: [PATCH 106/416] nextcloud: update to 11.0.4 Resolve #335. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index aa93283..50a2118 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -134,8 +134,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.3.tar.bz2 - source-checksum: sha256/28d5ee39f31c6be20f037ad2eb300272ad9bb72a7d428eb0152c7a3fde87d545 + source: https://download.nextcloud.com/server/releases/nextcloud-11.0.4.tar.bz2 + source-checksum: sha256/68b89f1d0068728f76d89519c7d0a57396f2d216d048cc970346d436ec61999e organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From d79028673e5a882566af731a2ac060fe2e7dbed5 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 17 Aug 2017 15:44:54 -0700 Subject: [PATCH 107/416] php: update to 7.0.22 Resolve #339. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 50a2118..f3d3604 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -148,8 +148,8 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.0.21.tar.bz2/from/this/mirror - source-checksum: sha256/2ba133c392de6f86aacced8c54e0adefd1c81d3840ac323b9926b8ed3dc6231f + source: http://us1.php.net/get/php-7.0.22.tar.bz2/from/this/mirror + source-checksum: sha256/88e0b27f69abdd12ecde81f000c5a9ea479af7218456ea7f6557edb43c6dfdde source-type: tar install-via: prefix configflags: From cabade4c15a42e52923e41fa45a41328ea0f80cd Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 22 Aug 2017 10:21:42 -0700 Subject: [PATCH 108/416] Update version to 11.0.4snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- snap/snapcraft.yaml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 498620c..9f064d1 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 11.0.4snap1 + - php: update to 7.0.22 + - nextcloud: update to 11.0.4 + - snapcraft.yaml: update summary + v 11.0.3snap7 - php: update to 7.0.21 - apache: update to 2.4.27 diff --git a/README.md b/README.md index a14b6c2..1fa9d5f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 11.0.3 +- Nextcloud 11.0.4 - Apache 2.4 - PHP 7 - MySQL 5.7 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f3d3604..53940e4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.3snap7 +version: 11.0.4snap1 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From 397d361549774e1e232517706dc4bfd4457aaf5f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 12 Sep 2017 09:38:20 -0700 Subject: [PATCH 109/416] apache: support changing ports Currently, Apache listens on port 80. If HTTPS is enabled, it listens on both 80 and 443. This is inflexible, especially if one wants to put the snap behind a proxy of some kind. Support changing HTTP and HTTPS ports via the `configure` hook. Expose these configurations via the `ports.http` and `ports.https` options, respectively. Also add a set of tests verifying this capability. Fix #134. Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 26 ++++++-- README.md | 35 ++++++++++ snap/snapcraft.yaml | 10 +++ src/apache/conf/httpd.conf | 2 +- src/apache/conf/ssl.conf | 8 +-- src/apache/scripts/httpd-wrapper | 3 + src/apache/utilities/apache-utilities | 89 ++++++++++++++++++++++++- src/hooks/configure | 50 ++++++++++++++ tests/.ruby-gemset | 1 + tests/.ruby-version | 1 + tests/spec/change_port_spec.rb | 94 +++++++++++++++++++++++++++ tests/spec/enable_https_spec.rb | 11 ++++ tests/spec/spec_helper.rb | 73 +++++++++++++++++++-- 13 files changed, 384 insertions(+), 19 deletions(-) create mode 100755 src/hooks/configure create mode 100644 tests/.ruby-gemset create mode 100644 tests/.ruby-version create mode 100644 tests/spec/change_port_spec.rb create mode 100644 tests/spec/enable_https_spec.rb diff --git a/.circleci/config.yml b/.circleci/config.yml index b39df78..159c04f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,17 +5,33 @@ jobs: machine: true steps: - checkout + - run: + # Build the snap command: | sudo apt update sudo apt install -y snapd docker run -v $(pwd):$(pwd) -e LC_ALL=C.UTF-8 -e LANG=C.UTF-8 -t ubuntu:xenial sh -c "apt update -qq && apt install snapcraft -y && cd $(pwd) && snapcraft" + - run: + # Install the snap and create an admin user command: | sudo snap install *.snap --dangerous - sudo apt install gcc g++ make qt5-default libqt5webkit5-dev ruby-dev zlib1g-dev -y - sudo gem install bundle - cd tests - bundle install --deployment sudo nextcloud.manual-install admin admin - bundle exec rake test + + - run: + # Install the test gems and run the tests + command: | + # Install dependencies for the gems + sudo apt install qt5-default libqt5webkit5-dev xvfb -y + # In order to use rvm, we need a login shell. We need to install + # Ruby v2.4.0 (the older version that is the default doesn't handle + # the redirection that we test) + bash --login -c ' + rvm install 2.4.0 + rvm use 2.4.0 + cd tests + gem install bundler + bundle install --deployment + bundle exec rake test + ' diff --git a/README.md b/README.md index 1fa9d5f..a564d8c 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,9 @@ logged in and able to create users, install apps, and upload files. Note that this snap includes a service that runs cron.php every 15 minutes, which will automatically change the cron admin setting to Cron for you. + +### Removable media + Also note that the interface providing the ability to access removable media is not automatically connected upon install, so if you'd like to use external storage (or otherwise use a device in `/media` for data), you need to give the @@ -41,6 +44,38 @@ snap permission to access removable media by connecting that interface: $ sudo snap connect nextcloud:removable-media +### HTTP/HTTPS port configuration + +By default, the snap will listen on port 80. If you enable HTTPS, it will listen +on both 80 and 443, and HTTP traffic will be redirected to HTTPS. But perhaps +you're putting the snap behind a proxy of some kind, in which case you probably +want to change those ports. + +If you'd like to change the HTTP port (say, to port 81), run: + + $ sudo snap set nextcloud ports.http=81 + +To change the HTTPS port (say, to port 444), run: + + $ sudo snap set nextcloud ports.https=444 + +Note that, assuming HTTPS is enabled, this will cause HTTP traffic to be +redirected to port 444. You can specify both of these simultaneously as well: + + $ sudo snap set nextcloud ports.http=81 ports.https=444 + +**Note:** Let's Encrypt will expect that Nextcloud is exposed on ports 80 and +443. If you change ports and _don't_ put Nextcloud behind a proxy such that +ports 80 and 443 are sent to Nextcloud for that domain name, Let's Encrypt will +be unable to verify ownership of your domain and will not grant certificates. + +**Also note:** Nextcloud's automatic hostname detection can fail when behind +a proxy; you might notice it redirecting incorrectly. If this happens, override +the automatic detection (including the port if necessary), e.g.: + + $ sudo nextcloud.occ config:set overwritehost --value="example.com:81" + + ### Included CLI utilities There are a few CLI utilities included: diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 53940e4..43c98e8 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -85,6 +85,10 @@ apps: command: manual-install plugs: [network, network-bind, removable-media] +hooks: + configure: + plugs: [network, network-bind] + parts: apache: plugin: apache @@ -326,3 +330,9 @@ parts: stage-packages: [openssl] stage: [-etc/ssl] prime: [-etc/ssl] + + hooks: + plugin: dump + source: src/hooks + organize: + '*': snap/hooks/ diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index 8a9430f..1da4e9b 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -18,7 +18,7 @@ ServerRoot "${SNAP}" # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 -Listen 80 +Listen ${HTTP_PORT} # # Mutex: Allows you to set the mutex mechanism and mutex file directory diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index 620df5e..b350ece 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -7,7 +7,7 @@ # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 -Listen 443 +Listen ${HTTPS_PORT} # # Dynamic Shared Object (DSO) Support @@ -72,17 +72,17 @@ SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 # Virtual host for HTTP. All it does it redirect to HTTPS. - + RewriteEngine on # Disable HTTP TRACK method. RewriteCond %{REQUEST_METHOD} ^TRACK RewriteRule .* - [R=405,L] # Redirect everything else to HTTPS - RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] + RewriteRule ^ https://%{SERVER_NAME}:${HTTPS_PORT}%{REQUEST_URI} [END,QSA,R=permanent] # Virtual host for HTTPS. - + # Disable HTTP TRACK method. RewriteEngine On diff --git a/src/apache/scripts/httpd-wrapper b/src/apache/scripts/httpd-wrapper index 1e57e0d..11c9057 100755 --- a/src/apache/scripts/httpd-wrapper +++ b/src/apache/scripts/httpd-wrapper @@ -20,4 +20,7 @@ else echo "No certificates are active: using HTTP only" fi +export HTTP_PORT="$(apache_http_port)" +export HTTPS_PORT="$(apache_https_port)" + httpd -d $SNAP $params $@ diff --git a/src/apache/utilities/apache-utilities b/src/apache/utilities/apache-utilities index 3909412..7e6e865 100755 --- a/src/apache/utilities/apache-utilities +++ b/src/apache/utilities/apache-utilities @@ -1,24 +1,107 @@ #!/bin/sh +DEFAULT_HTTP_PORT="80" +DEFAULT_HTTPS_PORT="443" export APACHE_PIDFILE="/tmp/pids/httpd.pid" mkdir -p -m 750 "$(dirname $APACHE_PIDFILE)" restart_apache_if_running() { - if [ -f "$APACHE_PIDFILE" ]; then + if apache_is_running; then # Restart apache by stopping it and letting systemd start it again. - apache_pid=$(cat "$APACHE_PIDFILE") + pid="$(apache_pid)" echo -n "Restarting apache... " output=$(httpd-wrapper -k stop 2>&1) if [ $? -eq 0 ]; then - while kill -0 $apache_pid 2>/dev/null; do + while kill -0 $pid 2>/dev/null; do sleep 1 done echo "done" else echo "error" echo "$output" + return 1 fi fi } + +apache_is_running() +{ + [ -f "$APACHE_PIDFILE" ] +} + +wait_for_apache() +{ + if ! apache_is_running; then + echo -n "Waiting for Apache... " + while ! apache_is_running; do + sleep 1 + done + echo "done" + fi +} + +apache_pid() +{ + if apache_is_running; then + cat "$APACHE_PIDFILE" + else + echo "Unable to get Apache PID as it's not yet running" >&2 + echo "" + fi +} + +apache_http_port() +{ + port="$(snapctl get ports.http)" + if [ -z "$port" ]; then + port="$DEFAULT_HTTP_PORT" + apache_set_http_port $port + apache_set_previous_http_port $port + fi + + echo "$port" +} + +apache_set_http_port() +{ + snapctl set ports.http="$1" +} + +apache_https_port() +{ + port="$(snapctl get ports.https)" + if [ -z "$port" ]; then + port="$DEFAULT_HTTPS_PORT" + apache_set_https_port $port + apache_set_previous_https_port $port + fi + + echo "$port" +} + +apache_set_https_port() +{ + snapctl set ports.https="$1" +} + +apache_previous_http_port() +{ + echo "$(snapctl get private.ports.http)" +} + +apache_set_previous_http_port() +{ + snapctl set private.ports.http="$1" +} + +apache_previous_https_port() +{ + echo "$(snapctl get private.ports.https)" +} + +apache_set_previous_https_port() +{ + snapctl set private.ports.https="$1" +} diff --git a/src/hooks/configure b/src/hooks/configure new file mode 100755 index 0000000..9643a48 --- /dev/null +++ b/src/hooks/configure @@ -0,0 +1,50 @@ +#!/bin/sh + +# Supported keys: +# - ports.http (integer) +# Port on which the snap will listen for HTTP traffic. +# +# - ports.https (integer) +# Port on which the snap will listen for HTTPS traffic (only applies if HTTPS +# is enabled). + +. $SNAP/utilities/apache-utilities + +handle_apache_port_config() +{ + http_port="$(apache_http_port)" + https_port="$(apache_https_port)" + previous_http_port="$(apache_previous_http_port)" + previous_https_port="$(apache_previous_https_port)" + + # If no changes were requested, then there's nothing to do here. + if [ "$http_port" = "$previous_http_port" -a "$https_port" = "$previous_https_port" ]; then + return 0 + fi + + # Validate HTTP port + if ! expr "$http_port" : '^[0-9]*$' > /dev/null; then + echo "\"$http_port\" is not a valid HTTP port" >&2 + return 1 + fi + + # Validate HTTPS port + if ! expr "$https_port" : '^[0-9]*$' > /dev/null; then + echo "\"$https_port\" is not a valid HTTPS port" >&2 + return 2 + fi + + apache_set_http_port "$http_port" + apache_set_https_port "$https_port" + + if ! restart_apache_if_running; then + return 3 + fi + + # Since snapctl only gives us new values, keep track of the current + # values so we know when they change. + apache_set_previous_http_port "$http_port" + apache_set_previous_https_port "$https_port" +} + +handle_apache_port_config diff --git a/tests/.ruby-gemset b/tests/.ruby-gemset new file mode 100644 index 0000000..c6812f4 --- /dev/null +++ b/tests/.ruby-gemset @@ -0,0 +1 @@ +nextcloud-test diff --git a/tests/.ruby-version b/tests/.ruby-version new file mode 100644 index 0000000..262714f --- /dev/null +++ b/tests/.ruby-version @@ -0,0 +1 @@ +ruby-2.4.0 diff --git a/tests/spec/change_port_spec.rb b/tests/spec/change_port_spec.rb new file mode 100644 index 0000000..1feecad --- /dev/null +++ b/tests/spec/change_port_spec.rb @@ -0,0 +1,94 @@ +feature "Change ports" do + scenario "http" do + `sudo snap set nextcloud ports.http=81` + expect($?.to_i).to eq 0 + wait_for_nextcloud(port: 81) + Capybara.app_host = 'http://localhost:81' + + assert_login + assert_uri(https: false, port: 81) + + # Also assert that we can change it back to the default + `sudo snap set nextcloud ports.http=80` + expect($?.to_i).to eq 0 + wait_for_nextcloud + Capybara.app_host = 'http://localhost' + + assert_logged_in + assert_uri(https: false, port: 80) + end + + scenario "https" do + enable_https + + `sudo snap set nextcloud ports.https=444` + expect($?.to_i).to eq 0 + wait_for_nextcloud(https: true, port: 444) + Capybara.app_host = 'https://localhost:444' + + assert_login + assert_uri(https: true, port: 444) + + # Also assert that we can change it back to the default + `sudo snap set nextcloud ports.https=443` + expect($?.to_i).to eq 0 + wait_for_nextcloud(https: true) + Capybara.app_host = 'https://localhost' + + assert_logged_in + assert_uri(https: true, port: 443) + end + + + scenario "http still redirects to unchanged https" do + enable_https + + `sudo snap set nextcloud ports.http=81` + expect($?.to_i).to eq 0 + wait_for_nextcloud(port: 81) + Capybara.app_host = 'http://localhost:81' + + assert_login + assert_uri(https: true, port: 443) + end + + + scenario "http redirects to changed https" do + enable_https + + `sudo snap set nextcloud ports.http=81 ports.https=444` + expect($?.to_i).to eq 0 + wait_for_nextcloud(port: 81) + Capybara.app_host = 'http://localhost:81' + + assert_login + assert_uri(https: true, port: 444) + end + + protected + + def assert_uri(https:, port:) + uri = URI.parse(current_url) + if https + expect(uri.scheme).to eq 'https' + else + expect(uri.scheme).to eq 'http' + end + + expect(uri.host).to eq 'localhost' + expect(uri.port).to eq port + end + + def assert_login + visit "/" + fill_in "User", with: "admin" + fill_in "Password", with: "admin" + click_button "Log in" + expect(page).to have_content "Documents" + end + + def assert_logged_in + visit "/" + expect(page).to have_content "Documents" + end +end diff --git a/tests/spec/enable_https_spec.rb b/tests/spec/enable_https_spec.rb new file mode 100644 index 0000000..3e3ca4b --- /dev/null +++ b/tests/spec/enable_https_spec.rb @@ -0,0 +1,11 @@ +feature "Enabling HTTPS" do + scenario "self-signed" do + enable_https + + visit "/" + fill_in "User", with: "admin" + fill_in "Password", with: "admin" + click_button "Log in" + expect(page).to have_content "Documents" + end +end diff --git a/tests/spec/spec_helper.rb b/tests/spec/spec_helper.rb index 043d599..6066b21 100644 --- a/tests/spec/spec_helper.rb +++ b/tests/spec/spec_helper.rb @@ -1,11 +1,13 @@ +require 'open-uri' +require 'openssl' +require 'timeout' + require 'capybara' require 'capybara/dsl' require 'capybara/rspec' require 'capybara-webkit' require 'headless' -include Capybara::DSL - Capybara.configure do | config | # Set javascript driver to webkit (selenium is the default) config.default_driver = :webkit @@ -127,12 +129,71 @@ Kernel.srand config.seed =end - config.before(:all) do - @headless = Headless.new - @headless.start + config.include Capybara::DSL, :type => :feature + + config.add_setting :headless + + config.before(:suite) do + RSpec.configuration.headless = Headless.new + RSpec.configuration.headless.start + end + + config.after(:suite) do + RSpec.configuration.headless.destroy end config.after(:all) do - @headless.destroy + # After each test, make sure the ports are reset + `sudo snap set nextcloud ports.http=80 ports.https=443` + expect($?.to_i).to eq 0 + + # Also make sure HTTPS is disabled + disable_https + + # Make sure we're usin the normal, HTTP host again + Capybara.app_host = 'http://localhost' + end + + def enable_https(port: nil) + `sudo nextcloud.enable-https self-signed` + expect($?.to_i).to eq 0 + wait_for_nextcloud(https: true, port: port) + end + + def disable_https + # Don't verify the output of this command: it will fail if + # HTTPS wasn't enabled, which will be the case sometimes. + `sudo nextcloud.disable-https` + wait_for_nextcloud + end + + def wait_for_nextcloud(https: false, port: nil) + url = 'http://localhost' + if https + url = 'https://localhost' + end + + uri = URI.parse(url) + if port + uri.port = port + end + + success = false + + begin + Timeout.timeout(30) do + while not success + begin + output = open(uri, {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE}) + success = output.readlines.join('').include? 'Nextcloud' + rescue Errno::ECONNREFUSED + # Do nothing: try again + end + sleep 1 + end + end + rescue Timeout::Error + fail "Timed out trying to access Nextcloud: #{uri.to_s}" + end end end From 45e56962fc86e9570c1f10befa6660baea949ccc Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 24 Sep 2017 23:50:15 -0400 Subject: [PATCH 110/416] php: update to v7.0.23 Resolve #358. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 43c98e8..050bb30 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -152,8 +152,8 @@ parts: php: plugin: php - source: http://us1.php.net/get/php-7.0.22.tar.bz2/from/this/mirror - source-checksum: sha256/88e0b27f69abdd12ecde81f000c5a9ea479af7218456ea7f6557edb43c6dfdde + source: http://us2.php.net/get/php-7.0.23.tar.bz2/from/this/mirror + source-checksum: sha256/6fe94cefc7d2c60ee2c1648b977beed756ad9cd0a7e4ea8bb8cf521d9355a09c source-type: tar install-via: prefix configflags: From 0015c1e6e03ecd9ef49cac06d499bff4dfad0176 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 24 Sep 2017 23:56:38 -0400 Subject: [PATCH 111/416] nextcloud: update to v11.0.5 Resolve #357. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 050bb30..5a93f25 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -138,8 +138,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.4.tar.bz2 - source-checksum: sha256/68b89f1d0068728f76d89519c7d0a57396f2d216d048cc970346d436ec61999e + source: https://download.nextcloud.com/server/releases/nextcloud-11.0.5.tar.bz2 + source-checksum: sha256/47261211384e63b1d4816be60817b0315029d018b5568ac3aeb3181be5fb98a4 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 260cfca435e9c72142d38415fc49d726b2b19060 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 28 Sep 2017 15:03:15 -0400 Subject: [PATCH 112/416] redis: update to 4.0.2 Fix #361 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 5a93f25..8a2de96 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -195,12 +195,12 @@ parts: extensions: # Build the redis PHP module - source: https://github.com/phpredis/phpredis.git - source-branch: php7 + source-tag: 3.1.4 redis: plugin: redis - source: http://download.redis.io/releases/redis-3.2.8.tar.gz - source-checksum: sha1/6780d1abb66f33a97aad0edbe020403d0a15b67f + source: http://download.redis.io/releases/redis-4.0.2.tar.gz + source-checksum: sha256/b1a0915dbc91b979d06df1977fe594c3fa9b189f1f3d38743a2948c9f7634813 redis-customizations: plugin: copy From e57837566936f5f24b5d42cb7db9d7098eeb55a3 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 25 Sep 2017 15:31:02 -0400 Subject: [PATCH 113/416] Update version to 11.0.5snap1 Also update CHANGELOG and README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 6 ++++++ README.md | 4 ++-- snap/snapcraft.yaml | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 9f064d1..2f88da9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +v 11.0.5snap1 + - redis: update to 4.0.2 + - nextcloud: update to v11.0.5 + - php: update to v7.0.23 + - apache: support changing ports + v 11.0.4snap1 - php: update to 7.0.22 - nextcloud: update to 11.0.4 diff --git a/README.md b/README.md index a564d8c..8794ea4 100644 --- a/README.md +++ b/README.md @@ -2,11 +2,11 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 11.0.4 +- Nextcloud 11.0.5 - Apache 2.4 - PHP 7 - MySQL 5.7 -- Redis 3.2 +- Redis 4.0 - mDNS for network discovery diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 8a2de96..038edcd 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.4snap1 +version: 11.0.5snap1 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From 262520a4c8630220d8e33455e91652ba43b546f9 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 17 Oct 2017 17:08:55 -0700 Subject: [PATCH 114/416] phpredis: use 3.1.4 tarball and checksum The tag somehow changed such that the version was `develop` instead of `3.1.4`. Use the tarball and make sure it can't change without us noticing by verifying the checksum. Fix #370 Signed-off-by: Kyle Fazzari --- snap/plugins/x-php.py | 3 +++ snap/snapcraft.yaml | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/snap/plugins/x-php.py b/snap/plugins/x-php.py index 1182b9b..6ee9473 100644 --- a/snap/plugins/x-php.py +++ b/snap/plugins/x-php.py @@ -43,6 +43,9 @@ def schema(cls): 'source-subdir': { 'type': 'string' }, + 'source-checksum': { + 'type': 'string' + }, 'configflags': { 'type': 'array', 'minitems': 1, diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 038edcd..25d927c 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -194,8 +194,8 @@ parts: sbin/php-fpm: bin/php-fpm extensions: # Build the redis PHP module - - source: https://github.com/phpredis/phpredis.git - source-tag: 3.1.4 + - source: https://github.com/phpredis/phpredis/archive/3.1.4.tar.gz + source-checksum: sha256/656cab2eb93bd30f30701c1280707c60e5736c5420212d5d547ebe0d3f4baf71 redis: plugin: redis From f64e06eb2abca685c7ae322de131a76f2a7096a7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 18 Oct 2017 08:15:55 -0700 Subject: [PATCH 115/416] apache: update to 2.4.28 Fix #372 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 25d927c..2c26193 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -92,8 +92,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.27.tar.bz2 - source-checksum: sha256/71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.28.tar.bz2 + source-checksum: sha256/c1197a3a62a4ab5c584ab89b249af38cf28b4adee9c0106b62999fd29f920666 # The built-in Apache modules to enable modules: From 5f6ed14df1c766fa399d2e8e79f3d6bfad059f15 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 18 Oct 2017 07:29:32 -0700 Subject: [PATCH 116/416] php: support changing memory limit Currently PHP uses the default memory limit of 128M. However, the gallery can require more than this for generating previews of large images. Support changing the memory limit via the `configure` hook-- the `php.memory-limit` option, specifically. Also add a set of tests verifying this capability. Resolve #374 Signed-off-by: Kyle Fazzari --- README.md | 26 ++++++- snap/snapcraft.yaml | 2 +- src/apache/scripts/run-httpd | 6 ++ src/hooks/bin/configure | 88 ++++++++++++++++++++++ src/hooks/configure | 50 ------------ src/hooks/utilities/hook-utilities | 31 ++++++++ src/php/config/php-fpm.d/www.conf | 5 +- src/php/scripts/start-php-fpm | 6 ++ src/php/utilities/php-utilities | 48 ++++++++++++ tests/Rakefile | 1 + tests/spec/change_php_memory_limit_spec.rb | 55 ++++++++++++++ tests/spec/spec_helper.rb | 9 +++ 12 files changed, 273 insertions(+), 54 deletions(-) create mode 100755 src/hooks/bin/configure delete mode 100755 src/hooks/configure create mode 100755 src/hooks/utilities/hook-utilities create mode 100644 tests/spec/change_php_memory_limit_spec.rb diff --git a/README.md b/README.md index 8794ea4..5e92593 100644 --- a/README.md +++ b/README.md @@ -42,9 +42,16 @@ storage (or otherwise use a device in `/media` for data), you need to give the snap permission to access removable media by connecting that interface: $ sudo snap connect nextcloud:removable-media + + +### Configuration +Beyond the typical Nextcloud configuration (either by using `nextcloud.occ` or +editing `/var/snap/nextcloud/current/nextcloud/config/config.php`), the snap +exposes extra configuration options via the `snap set` command. -### HTTP/HTTPS port configuration + +#### HTTP/HTTPS port configuration By default, the snap will listen on port 80. If you enable HTTPS, it will listen on both 80 and 443, and HTTP traffic will be redirected to HTTPS. But perhaps @@ -74,6 +81,21 @@ a proxy; you might notice it redirecting incorrectly. If this happens, override the automatic detection (including the port if necessary), e.g.: $ sudo nextcloud.occ config:set overwritehost --value="example.com:81" + + +#### PHP Memory limit configuration + +By default, PHP will use 128M as the memory limit. If you notice images not +getting previews generated, or errors about memory exhaustion in your Nextcloud +log, you may need to set this to a higher value. + +If you'd like to set the memory limit to a higher value (say, 512M), run: + + $ sudo snap set nextcloud php.memory-limit=512M + +To set it to be unlimited (not recommended), use -1: + + $ sudo snap set nextcloud php.memory-limit=-1 ### Included CLI utilities @@ -125,7 +147,7 @@ capybara and rspec. To run the tests, you first need to install a few dependencies: $ sudo apt install gcc g++ make qt5-default libqt5webkit5-dev ruby-dev zlib1g-dev - $ gem install bundle + $ sudo gem install bundle $ cd tests/ $ bundle install diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 2c26193..2a91615 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -335,4 +335,4 @@ parts: plugin: dump source: src/hooks organize: - '*': snap/hooks/ + 'bin/': snap/hooks/ diff --git a/src/apache/scripts/run-httpd b/src/apache/scripts/run-httpd index fbf858d..aaa0dd1 100755 --- a/src/apache/scripts/run-httpd +++ b/src/apache/scripts/run-httpd @@ -1,5 +1,11 @@ #!/bin/sh +. $SNAP/utilities/hook-utilities + +# Make sure the configure hook isn't running (otherwise we'll run on old +# configuration data) +wait_for_configure_hook + mkdir -p -m 750 $SNAP_DATA/apache/logs # Make sure Nextcloud is installed and running diff --git a/src/hooks/bin/configure b/src/hooks/bin/configure new file mode 100755 index 0000000..a8e6eb3 --- /dev/null +++ b/src/hooks/bin/configure @@ -0,0 +1,88 @@ +#!/bin/sh + +# Supported keys: +# - ports.http (integer) +# Port on which the snap will listen for HTTP traffic. +# +# - ports.https (integer) +# Port on which the snap will listen for HTTPS traffic (only applies if HTTPS +# is enabled). +# +# - php.memory-limit (string) +# Memory limit for PHP workers. String can include units, e.g. 32M is 32 +# megabytes. + +. $SNAP/utilities/apache-utilities +. $SNAP/utilities/php-utilities +. $SNAP/utilities/hook-utilities + +handle_apache_port_config() +{ + http_port="$(apache_http_port)" + https_port="$(apache_https_port)" + previous_http_port="$(apache_previous_http_port)" + previous_https_port="$(apache_previous_https_port)" + + # If no changes were requested, then there's nothing to do here. + if [ "$http_port" = "$previous_http_port" -a "$https_port" = "$previous_https_port" ]; then + return 0 + fi + + # Validate HTTP port + if ! expr "$http_port" : '^[0-9]\+$' > /dev/null; then + echo "\"$http_port\" is not a valid HTTP port" >&2 + return 1 + fi + + # Validate HTTPS port + if ! expr "$https_port" : '^[0-9]\+$' > /dev/null; then + echo "\"$https_port\" is not a valid HTTPS port" >&2 + return 2 + fi + + apache_set_http_port "$http_port" + apache_set_https_port "$https_port" + + if ! restart_apache_if_running; then + return 3 + fi + + # Since snapctl only gives us new values, keep track of the current values + # so we know when they change. + apache_set_previous_http_port "$http_port" + apache_set_previous_https_port "$https_port" +} + +handle_php_memory_limit() +{ + memory_limit="$(php_memory_limit)" + previous_memory_limit="$(php_previous_memory_limit)" + + # If no changes were requested, then there's nothing to do here. + if [ "$memory_limit" = "$previous_memory_limit" ]; then + return 0 + fi + + # Validate memory limit. -1, raw bytes, and K/M/G shorthand allowed. + if ! expr "$memory_limit" : '^-\?[0-9]\+[KMG]\?$' > /dev/null; then + echo "\"$memory_limit\" is not a valid PHP memory limit" >&2 + return 4 + fi + + php_set_memory_limit "$memory_limit" + + if ! restart_php_if_running; then + return 5 + fi + + # Since snapctl only gives us new values, keep track of the current values + # so we know when they change. + php_set_previous_memory_limit "$memory_limit" +} + +# Signal to services that the configure hook is running. Useful to ensure +# services don't restart until the configuration transaction has completed. +set_configure_hook_running +trap 'set_configure_hook_not_running' EXIT + +handle_apache_port_config && handle_php_memory_limit diff --git a/src/hooks/configure b/src/hooks/configure deleted file mode 100755 index 9643a48..0000000 --- a/src/hooks/configure +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh - -# Supported keys: -# - ports.http (integer) -# Port on which the snap will listen for HTTP traffic. -# -# - ports.https (integer) -# Port on which the snap will listen for HTTPS traffic (only applies if HTTPS -# is enabled). - -. $SNAP/utilities/apache-utilities - -handle_apache_port_config() -{ - http_port="$(apache_http_port)" - https_port="$(apache_https_port)" - previous_http_port="$(apache_previous_http_port)" - previous_https_port="$(apache_previous_https_port)" - - # If no changes were requested, then there's nothing to do here. - if [ "$http_port" = "$previous_http_port" -a "$https_port" = "$previous_https_port" ]; then - return 0 - fi - - # Validate HTTP port - if ! expr "$http_port" : '^[0-9]*$' > /dev/null; then - echo "\"$http_port\" is not a valid HTTP port" >&2 - return 1 - fi - - # Validate HTTPS port - if ! expr "$https_port" : '^[0-9]*$' > /dev/null; then - echo "\"$https_port\" is not a valid HTTPS port" >&2 - return 2 - fi - - apache_set_http_port "$http_port" - apache_set_https_port "$https_port" - - if ! restart_apache_if_running; then - return 3 - fi - - # Since snapctl only gives us new values, keep track of the current - # values so we know when they change. - apache_set_previous_http_port "$http_port" - apache_set_previous_https_port "$https_port" -} - -handle_apache_port_config diff --git a/src/hooks/utilities/hook-utilities b/src/hooks/utilities/hook-utilities new file mode 100755 index 0000000..1a479ea --- /dev/null +++ b/src/hooks/utilities/hook-utilities @@ -0,0 +1,31 @@ +#!/bin/sh + +CONFIGURE_LOCKFILE="/tmp/locks/configure-hook" + +mkdir -p -m 750 "$(dirname $CONFIGURE_LOCKFILE)" + +configure_hook_running() +{ + [ -f "$CONFIGURE_LOCKFILE" ] +} + +set_configure_hook_running() +{ + touch "$CONFIGURE_LOCKFILE" +} + +set_configure_hook_not_running() +{ + rm -f "$CONFIGURE_LOCKFILE" +} + +wait_for_configure_hook() +{ + if configure_hook_running; then + echo -n "Waiting for configure hook... " + while configure_hook_running; do + sleep 1 + done + echo "done" + fi +} diff --git a/src/php/config/php-fpm.d/www.conf b/src/php/config/php-fpm.d/www.conf index 9f357e0..1b44951 100644 --- a/src/php/config/php-fpm.d/www.conf +++ b/src/php/config/php-fpm.d/www.conf @@ -414,7 +414,10 @@ env[NEXTCLOUD_CONFIG_DIR] = ${SNAP_DATA}/nextcloud/config ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M -; Configure larger uploads than the default. +; Configure larger uploads than the default php_admin_value[upload_tmp_dir] = ${SNAP_COMMON}/nextcloud/tmp php_value[upload_max_filesize] = 16G php_value[post_max_size] = 16G + +; Allow for a dynamic PHP memory limit +php_admin_value[memory_limit] = ${PHP_MEMORY_LIMIT} diff --git a/src/php/scripts/start-php-fpm b/src/php/scripts/start-php-fpm index 4e8073c..1cad901 100755 --- a/src/php/scripts/start-php-fpm +++ b/src/php/scripts/start-php-fpm @@ -4,9 +4,14 @@ . $SNAP/utilities/php-utilities . $SNAP/utilities/redis-utilities . $SNAP/utilities/nextcloud-utilities +. $SNAP/utilities/hook-utilities mkdir -p -m 750 ${SNAP_DATA}/php +# Make sure the configure hook isn't running (otherwise we'll run on old +# configuration data) +wait_for_configure_hook + # We need to make sure mysql is running so we can run the migration process wait_for_mysql @@ -31,5 +36,6 @@ echo "done" average_php_memory_requirement=50 total_memory=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo) export PHP_FPM_MAX_CHILDREN=$(($total_memory/$average_php_memory_requirement)) +export PHP_MEMORY_LIMIT="$(php_memory_limit)" php-fpm -R -F --fpm-config ${SNAP}/config/php/php-fpm.conf -c ${SNAP}/config/php diff --git a/src/php/utilities/php-utilities b/src/php/utilities/php-utilities index bf1ef31..42a4f85 100755 --- a/src/php/utilities/php-utilities +++ b/src/php/utilities/php-utilities @@ -1,11 +1,32 @@ #!/bin/sh +DEFAULT_MEMORY_LIMIT="128M" export PHP_FPM_PIDFILE="/tmp/pids/php-fpm.pid" export PHP_FPM_SOCKET="/tmp/sockets/php-fpm.sock" mkdir -p -m 750 "$(dirname $PHP_FPM_PIDFILE)" mkdir -p -m 750 "$(dirname $PHP_FPM_SOCKET)" +restart_php_if_running() +{ + if php_is_running; then + # Restart PHP by stopping it and letting systemd start it again. + pid="$(php_pid)" + echo -n "Restarting PHP... " + output=$(kill -15 $pid 2>&1) + if [ $? -eq 0 ]; then + while kill -0 $pid 2>/dev/null; do + sleep 1 + done + echo "done" + else + echo "error" + echo "$output" + return 1 + fi + fi +} + php_is_running() { [ -f "$PHP_FPM_PIDFILE" -a -S "$PHP_FPM_SOCKET" ] @@ -31,3 +52,30 @@ php_pid() echo "" fi } + +php_memory_limit() +{ + memory_limit="$(snapctl get php.memory-limit)" + if [ -z "$memory_limit" ]; then + memory_limit="$DEFAULT_MEMORY_LIMIT" + php_set_memory_limit "$memory_limit" + php_set_previous_memory_limit "$memory_limit" + fi + + echo "$memory_limit" +} + +php_set_memory_limit() +{ + snapctl set php.memory-limit="$1" +} + +php_previous_memory_limit() +{ + echo "$(snapctl get private.php.memory-limit)" +} + +php_set_previous_memory_limit() +{ + snapctl set private.php.memory-limit="$1" +} diff --git a/tests/Rakefile b/tests/Rakefile index 4d2f2d1..716fd93 100644 --- a/tests/Rakefile +++ b/tests/Rakefile @@ -3,5 +3,6 @@ require 'rspec/core/rake_task' RSpec::Core::RakeTask.new(:test) do |t| t.pattern = Dir.glob('spec/**/*_spec.rb') + t.rspec_opts = "--format documentation" end task :default => :test diff --git a/tests/spec/change_php_memory_limit_spec.rb b/tests/spec/change_php_memory_limit_spec.rb new file mode 100644 index 0000000..1279f69 --- /dev/null +++ b/tests/spec/change_php_memory_limit_spec.rb @@ -0,0 +1,55 @@ +feature "Change PHP memory limit" do + scenario "unlimited" do + `sudo snap set nextcloud php.memory-limit=-1` + expect($?.to_i).to eq 0 + wait_for_nextcloud + + assert_login + + # Also assert that we can change it back to the default + `sudo snap set nextcloud php.memory-limit=128M` + expect($?.to_i).to eq 0 + wait_for_nextcloud + + assert_logged_in + end + + scenario "bytes" do + `sudo snap set nextcloud php.memory-limit=536870912` + expect($?.to_i).to eq 0 + wait_for_nextcloud + + assert_login + + # Also assert that we can change it back to the default + `sudo snap set nextcloud php.memory-limit=128M` + expect($?.to_i).to eq 0 + wait_for_nextcloud + + assert_logged_in + end + + scenario "invalid" do + # This will print to stderr. Hide it. + `sudo snap set nextcloud php.memory-limit=invalid 2>&1` + expect($?.to_i).to_not eq 0 + wait_for_nextcloud + + assert_login + end + + protected + + def assert_login + visit "/" + fill_in "User", with: "admin" + fill_in "Password", with: "admin" + click_button "Log in" + expect(page).to have_content "Documents" + end + + def assert_logged_in + visit "/" + expect(page).to have_content "Documents" + end +end diff --git a/tests/spec/spec_helper.rb b/tests/spec/spec_helper.rb index 6066b21..596e3f3 100644 --- a/tests/spec/spec_helper.rb +++ b/tests/spec/spec_helper.rb @@ -147,6 +147,10 @@ `sudo snap set nextcloud ports.http=80 ports.https=443` expect($?.to_i).to eq 0 + # After each test, make sure the PHP memory limit is reset + `sudo snap set nextcloud php.memory-limit=128M` + expect($?.to_i).to eq 0 + # Also make sure HTTPS is disabled disable_https @@ -188,6 +192,11 @@ def wait_for_nextcloud(https: false, port: nil) success = output.readlines.join('').include? 'Nextcloud' rescue Errno::ECONNREFUSED # Do nothing: try again + rescue OpenURI::HTTPError => error + # Ignore 503s, wait for PHP to come up and try again + if error.io.status[0] != '503' + raise + end end sleep 1 end From 11fadf8007f093081ca2356f1945b8fa57e71295 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 23 Oct 2017 15:07:05 -0700 Subject: [PATCH 117/416] Update version to 11.0.5snap2 Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ snap/snapcraft.yaml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 2f88da9..a61f1dd 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 11.0.5snap2 + - php: support changing memory limit + - apache: update to 2.4.28 + - phpredis: use 3.1.4 tarball and checksum + v 11.0.5snap1 - redis: update to 4.0.2 - nextcloud: update to v11.0.5 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 2a91615..2cefb0f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.5snap1 +version: 11.0.5snap2 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From f81ef2c42ccc41b539c36b6e657cd9b98eaaaefc Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 3 Nov 2017 15:59:54 -0700 Subject: [PATCH 118/416] CI: test daily snaps on a daily basis This will help us catch regressions coming down the pipe from upstream Nextcloud. Resolve #379 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 109 ++++++++++++++++++++++++++++++++++++------ .circleci/runtests.sh | 16 +++++++ 2 files changed, 110 insertions(+), 15 deletions(-) create mode 100755 .circleci/runtests.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 159c04f..a0d39cf 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -20,18 +20,97 @@ jobs: sudo nextcloud.manual-install admin admin - run: - # Install the test gems and run the tests - command: | - # Install dependencies for the gems - sudo apt install qt5-default libqt5webkit5-dev xvfb -y - # In order to use rvm, we need a login shell. We need to install - # Ruby v2.4.0 (the older version that is the default doesn't handle - # the redirection that we test) - bash --login -c ' - rvm install 2.4.0 - rvm use 2.4.0 - cd tests - gem install bundler - bundle install --deployment - bundle exec rake test - ' + # Run the tests + command: ./.circleci/runtests.sh + + test-daily-master: + working_directory: ~/nextcloud-snap + machine: true + steps: + - checkout + + - run: + # Install the snap and create an admin user + command: | + sudo apt update + sudo apt install -y snapd + sudo snap install --edge nextcloud + sudo nextcloud.manual-install admin admin + + - run: + # Run the tests + command: ./.circleci/runtests.sh + + test-daily-v12: + working_directory: ~/nextcloud-snap + machine: true + steps: + - checkout + + - run: + # Install the snap and create an admin user + command: | + sudo apt update + sudo apt install -y snapd + sudo snap install nextcloud --channel=12/edge + sudo nextcloud.manual-install admin admin + + - run: + # Run the tests + command: ./.circleci/runtests.sh + + test-daily-v11: + working_directory: ~/nextcloud-snap + machine: true + steps: + - checkout + + - run: + # Install the snap and create an admin user + command: | + sudo apt update + sudo apt install -y snapd + sudo snap install nextcloud --channel=11/edge + sudo nextcloud.manual-install admin admin + + - run: + # Run the tests + command: ./.circleci/runtests.sh + +workflows: + version: 2 + commit: + jobs: [build] + + daily-master: + triggers: + - schedule: + # 0700 UTC == 0000 PSC + cron: "0 7 * * *" + filters: + branches: + only: develop + + jobs: [test-daily-master] + + daily-v12: + triggers: + - schedule: + # 0700 UTC == 0000 PSC + cron: "0 7 * * *" + filters: + branches: + only: develop + + jobs: [test-daily-v12] + + daily-v11: + triggers: + - schedule: + # 0700 UTC == 0000 PSC + cron: "0 7 * * *" + filters: + branches: + only: develop + + jobs: [test-daily-v11] diff --git a/.circleci/runtests.sh b/.circleci/runtests.sh new file mode 100755 index 0000000..3dbdf8b --- /dev/null +++ b/.circleci/runtests.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +# Install dependencies for the gems +sudo apt install qt5-default libqt5webkit5-dev xvfb -y + +# In order to use rvm, we need a login shell. We need to install +# Ruby v2.4.0 (the older version that is the default doesn't handle +# the redirection that we test) +bash --login -c ' + rvm install 2.4.0 + rvm use 2.4.0 + cd tests + gem install bundler + bundle install --deployment + bundle exec rake test +' From 10c7db174decc75e42b6834fec160d970aaded8d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 20 Nov 2017 08:42:21 -0800 Subject: [PATCH 119/416] php: update to 7.0.25 Fix #385 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 2cefb0f..560c731 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -152,8 +152,8 @@ parts: php: plugin: php - source: http://us2.php.net/get/php-7.0.23.tar.bz2/from/this/mirror - source-checksum: sha256/6fe94cefc7d2c60ee2c1648b977beed756ad9cd0a7e4ea8bb8cf521d9355a09c + source: http://us2.php.net/get/php-7.0.25.tar.bz2/from/this/mirror + source-checksum: sha256/95a24d96d126a196e1550e394182b43a6460cdd2026f1a77bef01e422415cc25 source-type: tar install-via: prefix configflags: From 1e26c911718110e18738045592ac48e094825a85 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 4 Dec 2017 07:40:30 -0800 Subject: [PATCH 120/416] nextcloud: update to 12.0.4 All known blocking regressions have finally been fixed. Also enable opcache. Resolve #280 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- src/php/config/php.ini | 18 ++++++++++-------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 560c731..351d960 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -138,8 +138,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.5.tar.bz2 - source-checksum: sha256/47261211384e63b1d4816be60817b0315029d018b5568ac3aeb3181be5fb98a4 + source: https://download.nextcloud.com/server/releases/nextcloud-12.0.4.tar.bz2 + source-checksum: sha256/654161a74ceaf9a60c7731d7d6702e6710a972633a97955d16f01abeb09d09b6 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess diff --git a/src/php/config/php.ini b/src/php/config/php.ini index 85236ff..e97c3e2 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -1732,21 +1732,23 @@ ldap.max_links = -1 ;dba.default_handler= [opcache] +zend_extension=opcache.so + ; Determines if Zend OPCache is enabled -;opcache.enable=0 +opcache.enable=1 ; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 +opcache.enable_cli=1 ; The OPcache shared memory storage size. -;opcache.memory_consumption=64 +opcache.memory_consumption=128 ; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=4 +opcache.interned_strings_buffer=8 ; The maximum number of keys (scripts) in the OPcache hash table. ; Only numbers between 200 and 100000 are allowed. -;opcache.max_accelerated_files=2000 +opcache.max_accelerated_files=10000 ; The maximum percentage of "wasted" memory until a restart is scheduled. ;opcache.max_wasted_percentage=5 @@ -1759,19 +1761,19 @@ ldap.max_links = -1 ; When disabled, you must reset the OPcache manually or restart the ; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 +opcache.validate_timestamps=0 ; How often (in seconds) to check file timestamps for changes to the shared ; memory storage allocation. ("1" means validate once per second, but only ; once per request. "0" means always validate) -;opcache.revalidate_freq=2 +opcache.revalidate_freq=1 ; Enables or disables file search in include_path optimization ;opcache.revalidate_path=0 ; If disabled, all PHPDoc comments are dropped from the code to reduce the ; size of the optimized code. -;opcache.save_comments=1 +opcache.save_comments=1 ; If enabled, a fast shutdown sequence is used for the accelerated code ;opcache.fast_shutdown=0 From 0e6ac2d5d357ec4c728065d061f8073f5af0bb9c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 8 Dec 2017 12:12:04 -0800 Subject: [PATCH 121/416] Update version to 12.0.4snap1 Also update README and CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- snap/snapcraft.yaml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a61f1dd..7130ce0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 12.0.4snap1 + - nextcloud: update to 12.0.4 + - php: update to 7.0.25 + - CI: test daily snaps on a daily basis + v 11.0.5snap2 - php: support changing memory limit - apache: update to 2.4.28 diff --git a/README.md b/README.md index 5e92593..aed6800 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 11.0.5 +- Nextcloud 12.0.4 - Apache 2.4 - PHP 7 - MySQL 5.7 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 351d960..8a6a29c 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 11.0.5snap2 +version: 12.0.4snap1 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From 71c79e254cacfae39ed912e4a10c0560fcbc225f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 14 Dec 2017 08:48:14 -0800 Subject: [PATCH 122/416] php: enable pcntl This gets rid of warnings when using `occ`, which were annoying and often misled people into thinking something was wrong. Resolve #396 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 8a6a29c..8405625 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -173,6 +173,7 @@ parts: - --with-mcrypt - --enable-exif - --enable-intl + - --enable-pcntl - --with-jpeg-dir=/usr/lib - --disable-rpath stage-packages: From 249d5575f838c607ff9924903a7974609e04f030 Mon Sep 17 00:00:00 2001 From: adhami03 Date: Thu, 4 Jan 2018 12:12:38 -0500 Subject: [PATCH 123/416] php: enable ldap support Enable the LDAP module in PHP, allowing the LDAP app to be enabled. This requires a slight hack to replace ARCH_TRIPLET in the flags. This is similar to how Snapcraft v2.36 works, so once that's released we can remove this small hack and start using SNAPCRAFT_ARCH_TRIPLET instead. Fix #117 Signed-off-by: Kyle Fazzari --- snap/plugins/x-php.py | 12 ++++++++++++ snap/snapcraft.yaml | 5 +++++ 2 files changed, 17 insertions(+) diff --git a/snap/plugins/x-php.py b/snap/plugins/x-php.py index 6ee9473..83f66d7 100644 --- a/snap/plugins/x-php.py +++ b/snap/plugins/x-php.py @@ -99,7 +99,19 @@ def clean_pull(self): if os.path.exists(self.extensions_directory): shutil.rmtree(self.extensions_directory) + def _replace_arch_triplet(self): + pattern = re.compile(r'ARCH_TRIPLET') + + old_configflags = self.options.configflags + self.options.configflags = [] + for flag in old_configflags: + self.options.configflags.append( + pattern.sub(self.project.arch_triplet, flag)) + def build(self): + # Replace ARCH_TRIPLET in options + self._replace_arch_triplet() + super().build() if self.extensions: diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 8405625..ff7b9c1 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -176,6 +176,10 @@ parts: - --enable-pcntl - --with-jpeg-dir=/usr/lib - --disable-rpath + + # Enable ldap. + - --with-libdir=lib/ARCH_TRIPLET + - --with-ldap stage-packages: # These are only included here until the OS snap stabilizes - libxml2 @@ -187,6 +191,7 @@ parts: - libjpeg9-dev - libbz2-dev - libmcrypt-dev + - libldap2-dev prime: - -sbin/ - -etc/ From 51a1e743bc30894172a0b67dc65880050a90b3cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Mon, 18 Dec 2017 21:16:46 +0100 Subject: [PATCH 124/416] php: update to 7.1.13 Resolve #154 Signed-off-by: Kyle Fazzari --- README.md | 2 +- snap/snapcraft.yaml | 4 ++-- src/php/config/php.ini | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index aed6800..8e4acd3 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Nextcloud server packaged as a snap. It consists of: - Nextcloud 12.0.4 - Apache 2.4 -- PHP 7 +- PHP 7.1 - MySQL 5.7 - Redis 4.0 - mDNS for network discovery diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index ff7b9c1..f3a470c 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -152,8 +152,8 @@ parts: php: plugin: php - source: http://us2.php.net/get/php-7.0.25.tar.bz2/from/this/mirror - source-checksum: sha256/95a24d96d126a196e1550e394182b43a6460cdd2026f1a77bef01e422415cc25 + source: http://us2.php.net/get/php-7.1.13.tar.bz2/from/this/mirror + source-checksum: sha256/35fda51d2d44600940185fd5818d336a79e77ab3c98e2bd075091f2f91cf98a1 source-type: tar install-via: prefix configflags: diff --git a/src/php/config/php.ini b/src/php/config/php.ini index e97c3e2..c4f3cd0 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -721,7 +721,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. ; http://php.net/extension-dir -extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20151012" +extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20160303" ; On windows: ; extension_dir = "ext" From a37a47bda0e81a4539dde347740eeb93e2c6b07e Mon Sep 17 00:00:00 2001 From: bn4t <17193640+bn4t@users.noreply.github.com> Date: Wed, 24 Jan 2018 19:39:06 +0100 Subject: [PATCH 125/416] apache: remove extra semicolon from hsts header Solves #426 --- src/apache/conf/ssl.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index b350ece..e588c32 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -161,6 +161,6 @@ SSLRandomSeed connect file:/dev/urandom 512 # Enable HSTS only if requested - Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" + Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains" From a741cf43d41631580cc8d6bc48356d6c9033a4cb Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 15 Jan 2018 08:10:28 -0800 Subject: [PATCH 126/416] php: add freetype support This is a requirement for Nextcloud v13. Resolve #61 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f3a470c..58c0212 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -175,6 +175,7 @@ parts: - --enable-intl - --enable-pcntl - --with-jpeg-dir=/usr/lib + - --with-freetype-dir=/usr/lib - --disable-rpath # Enable ldap. @@ -192,6 +193,7 @@ parts: - libbz2-dev - libmcrypt-dev - libldap2-dev + - libfreetype6-dev prime: - -sbin/ - -etc/ From fdc0992c580c379d953303c8e92a52e31a8ce355 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 24 Jan 2018 14:04:12 -0800 Subject: [PATCH 127/416] Update version to 12.0.4snap2 Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 7 +++++++ snap/snapcraft.yaml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 7130ce0..83885c2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +v 12.0.4snap2 + - php: add freetype support + - apache: remove extra semicolon from hsts header + - php: update to 7.1.13 + - php: enable ldap support + - php: enable pcntl + v 12.0.4snap1 - nextcloud: update to 12.0.4 - php: update to 7.0.25 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 58c0212..ade6076 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 12.0.4snap1 +version: 12.0.4snap2 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From 57929dab388c9fd4dc3700e357fc787cc8d31a08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sun, 28 Jan 2018 02:36:02 +0100 Subject: [PATCH 128/416] Update nextcloud to 12.0.5 Fix #431 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 58c0212..a7b6ccb 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -138,8 +138,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-12.0.4.tar.bz2 - source-checksum: sha256/654161a74ceaf9a60c7731d7d6702e6710a972633a97955d16f01abeb09d09b6 + source: https://download.nextcloud.com/server/releases/nextcloud-12.0.5.tar.bz2 + source-checksum: sha256/c8be29ace6821079e881818266fe49d28812b5aa0c7d2e76511173d48828ca43 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 26a3b1a891265eab0a66645b1fa265f522a51450 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 7 Feb 2018 11:58:35 -0800 Subject: [PATCH 129/416] Update version to 12.0.5snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 2 +- snap/snapcraft.yaml | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 83885c2..b4637cf 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 12.0.5snap1 + - nextcloud: update to 12.0.5 + v 12.0.4snap2 - php: add freetype support - apache: remove extra semicolon from hsts header diff --git a/README.md b/README.md index 8e4acd3..fe15e81 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 12.0.4 +- Nextcloud 12.0.5 - Apache 2.4 - PHP 7.1 - MySQL 5.7 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 19b43b6..3c1d3f0 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 12.0.4snap2 +version: 12.0.5snap1 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From fb1be7876a8b429506a5572a3612b491f250080c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 12 Feb 2018 07:34:23 -0800 Subject: [PATCH 130/416] tests: update all gems Signed-off-by: Kyle Fazzari --- tests/Gemfile.lock | 60 ++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/tests/Gemfile.lock b/tests/Gemfile.lock index 5af88ff..12d7414 100644 --- a/tests/Gemfile.lock +++ b/tests/Gemfile.lock @@ -1,47 +1,45 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.5.1) - public_suffix (~> 2.0, >= 2.0.2) - capybara (2.13.0) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) + capybara (2.17.0) addressable - mime-types (>= 1.16) + mini_mime (>= 0.1.3) nokogiri (>= 1.3.3) rack (>= 1.0.0) rack-test (>= 0.5.4) - xpath (~> 2.0) - capybara-webkit (1.14.0) - capybara (>= 2.3.0, < 2.14.0) + xpath (>= 2.0, < 4.0) + capybara-webkit (1.15.0) + capybara (>= 2.3, < 4.0) json diff-lcs (1.3) headless (2.3.1) json (2.1.0) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - nokogiri (1.7.2) - mini_portile2 (~> 2.1.0) - public_suffix (2.0.5) - rack (2.0.3) - rack-test (0.6.3) - rack (>= 1.0) - rake (10.5.0) - rspec (3.6.0) - rspec-core (~> 3.6.0) - rspec-expectations (~> 3.6.0) - rspec-mocks (~> 3.6.0) - rspec-core (3.6.0) - rspec-support (~> 3.6.0) - rspec-expectations (3.6.0) + mini_mime (1.0.0) + mini_portile2 (2.3.0) + nokogiri (1.8.2) + mini_portile2 (~> 2.3.0) + public_suffix (3.0.2) + rack (2.0.4) + rack-test (0.8.2) + rack (>= 1.0, < 3) + rake (12.3.0) + rspec (3.7.0) + rspec-core (~> 3.7.0) + rspec-expectations (~> 3.7.0) + rspec-mocks (~> 3.7.0) + rspec-core (3.7.1) + rspec-support (~> 3.7.0) + rspec-expectations (3.7.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.6.0) - rspec-mocks (3.6.0) + rspec-support (~> 3.7.0) + rspec-mocks (3.7.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.6.0) - rspec-support (3.6.0) - xpath (2.1.0) - nokogiri (~> 1.3) + rspec-support (~> 3.7.0) + rspec-support (3.7.1) + xpath (3.0.0) + nokogiri (~> 1.8) PLATFORMS ruby From 7ee0ee46afa7ca501c218538d409e5d6707278e6 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 27 Feb 2018 10:11:22 -0800 Subject: [PATCH 131/416] CI: build daily v13 snaps Also add v13 to the list of daily snaps that are tested on a daily basis. Resolve #458 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 37 +++++++++++++++++++++++++++++++++---- .travis/cron.sh | 6 ++++++ 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a0d39cf..f764736 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -41,6 +41,24 @@ jobs: # Run the tests command: ./.circleci/runtests.sh + test-daily-v11: + working_directory: ~/nextcloud-snap + machine: true + steps: + - checkout + + - run: + # Install the snap and create an admin user + command: | + sudo apt update + sudo apt install -y snapd + sudo snap install nextcloud --channel=11/edge + sudo nextcloud.manual-install admin admin + + - run: + # Run the tests + command: ./.circleci/runtests.sh + test-daily-v12: working_directory: ~/nextcloud-snap machine: true @@ -59,7 +77,7 @@ jobs: # Run the tests command: ./.circleci/runtests.sh - test-daily-v11: + test-daily-v13: working_directory: ~/nextcloud-snap machine: true steps: @@ -70,7 +88,7 @@ jobs: command: | sudo apt update sudo apt install -y snapd - sudo snap install nextcloud --channel=11/edge + sudo snap install nextcloud --channel=13/edge sudo nextcloud.manual-install admin admin - run: @@ -93,6 +111,17 @@ workflows: jobs: [test-daily-master] + daily-v11: + triggers: + - schedule: + # 0700 UTC == 0000 PSC + cron: "0 7 * * *" + filters: + branches: + only: develop + + jobs: [test-daily-v11] + daily-v12: triggers: - schedule: @@ -104,7 +133,7 @@ workflows: jobs: [test-daily-v12] - daily-v11: + daily-v13: triggers: - schedule: # 0700 UTC == 0000 PSC @@ -113,4 +142,4 @@ workflows: branches: only: develop - jobs: [test-daily-v11] + jobs: [test-daily-v13] diff --git a/.travis/cron.sh b/.travis/cron.sh index 6312251..c8998ac 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -3,6 +3,7 @@ latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" latest_stable11_url="https://download.nextcloud.com/server/daily/latest-stable11.tar.bz2" latest_stable12_url="https://download.nextcloud.com/server/daily/latest-stable12.tar.bz2" +latest_stable13_url="https://download.nextcloud.com/server/daily/latest-stable13.tar.bz2" rewrite_snapcraft_yaml() { @@ -47,3 +48,8 @@ echo "Requesting build of latest 12..." request_build \ "latest-12" "$latest_stable12_url" "12-$today" \ "From CI: Use Nextcloud latest 12" + +echo "Requesting build of latest 13..." +request_build \ + "latest-13" "$latest_stable13_url" "13-$today" \ + "From CI: Use Nextcloud latest 13" From ffdb8b30e035604204a85bf442026c4985a30feb Mon Sep 17 00:00:00 2001 From: Simon Hollenbach Date: Thu, 1 Mar 2018 07:29:06 +0100 Subject: [PATCH 132/416] fix: Add xvfb to test dependencies in README Tests could not be run as described in README.md under Hacking, as a dependency, xvfb, was missing. This happens when no X server is available in the testing environment. Add a paragraph to advice people to install xvfb if they do not have X configured. Closes nextcloud/nextcloud-snap#460 --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index fe15e81..0020474 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,11 @@ dependencies: $ cd tests/ $ bundle install +Additionally, if you do not have X configured, install the following for a +'fake' X server. + + $ sudo apt install xvfb + Make sure the snap has a user called "admin" with password "admin" (used for login tests): From 119159a2faff385a1efc15028130fe2f09302252 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Mon, 5 Mar 2018 20:53:28 +0100 Subject: [PATCH 133/416] PHP: update to 7.1.15 Resolve #465 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3c1d3f0..9687232 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -152,8 +152,8 @@ parts: php: plugin: php - source: http://us2.php.net/get/php-7.1.13.tar.bz2/from/this/mirror - source-checksum: sha256/35fda51d2d44600940185fd5818d336a79e77ab3c98e2bd075091f2f91cf98a1 + source: http://us2.php.net/get/php-7.1.15.tar.bz2/from/this/mirror + source-checksum: sha256/e117a54738e9485de5fc75673d39dbe937dd87f0f9cc9e281960ef9b961adcbd source-type: tar install-via: prefix configflags: From 2b90059a8e5e1854a460abd32892b8a28dda4654 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 9 Mar 2018 07:40:56 -0800 Subject: [PATCH 134/416] Update version to 12.0.5snap2 Also update CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 6 ++++++ snap/snapcraft.yaml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index b4637cf..5464d56 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +v 12.0.5snap2 + - php: update to 7.1.15 + - docs: add xvfb to test dependencies in README + - ci: build daily v13 snaps + - tests: update all gems + v 12.0.5snap1 - nextcloud: update to 12.0.5 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 9687232..656522d 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 12.0.5snap1 +version: 12.0.5snap2 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From aee7db50e36c3ec8c174681b7ec34268f697b0c4 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 14 Mar 2018 12:28:15 -0700 Subject: [PATCH 135/416] apache: update to 2.4.29 Resolve #477 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 656522d..dad5e8f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -92,8 +92,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.28.tar.bz2 - source-checksum: sha256/c1197a3a62a4ab5c584ab89b249af38cf28b4adee9c0106b62999fd29f920666 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.29.tar.bz2 + source-checksum: sha256/777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00 # The built-in Apache modules to enable modules: From dd1ea88b5712fa93ed7bfdfcb3fb46a4f711221a Mon Sep 17 00:00:00 2001 From: Marco Trevisan Date: Wed, 21 Mar 2018 16:00:21 +0100 Subject: [PATCH 136/416] occ: add apices and use use $@ to pass arguments Without this we end up in this issue: - https://github.com/nextcloud/server/issues/4291 --- src/nextcloud/scripts/occ | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nextcloud/scripts/occ b/src/nextcloud/scripts/occ index 13c1326..9674cf4 100755 --- a/src/nextcloud/scripts/occ +++ b/src/nextcloud/scripts/occ @@ -14,4 +14,4 @@ fi wait_for_php wait_for_nextcloud_to_be_configured -php -c $SNAP/config/php $SNAP/htdocs/occ $* +php -c $SNAP/config/php $SNAP/htdocs/occ "$@" From 97ac7df54605de0f7b640a1869ed7f17c026f144 Mon Sep 17 00:00:00 2001 From: Simon Hollenbach Date: Thu, 22 Mar 2018 07:41:52 +0100 Subject: [PATCH 137/416] Drop all copy plugin calls and replace with dump, simplify organize For the boost part, we only stage the 'boost/' subdirectory of the source archive and modify the DWITH_BOOST config flag accordingly. The dump calls were simplified by reorganizing the src/ folder of the repository: * Rename scripts/ subfolder to bin/ * Move custom scripts residing in root of src// to bin/ * Move custom support files to support-files/ And drop corresponding organize lines. Closes nextcloud/nextcloud-snap#59 --- snap/snapcraft.yaml | 73 ++++++++----------- src/apache/{scripts => bin}/httpd-wrapper | 0 src/apache/{scripts => bin}/run-httpd | 0 .../{ => bin}/delay-on-failure | 0 src/https/{scripts => bin}/disable-https | 0 src/https/{scripts => bin}/enable-https | 0 src/https/{scripts => bin}/renew-certs | 0 src/https/{scripts => bin}/restart-apache | 0 src/mysql/{ => bin}/start_mysql | 0 src/mysql/{ => support-files}/mysql.server | 0 src/nextcloud/{scripts => bin}/manual-install | 0 src/nextcloud/{scripts => bin}/nextcloud-cron | 0 src/nextcloud/{scripts => bin}/occ | 0 .../{scripts => bin}/setup_nextcloud | 0 src/php/{scripts => bin}/start-php-fpm | 0 src/redis/{scripts => bin}/start-redis-server | 0 16 files changed, 32 insertions(+), 41 deletions(-) rename src/apache/{scripts => bin}/httpd-wrapper (100%) rename src/apache/{scripts => bin}/run-httpd (100%) rename src/delay-on-failure/{ => bin}/delay-on-failure (100%) rename src/https/{scripts => bin}/disable-https (100%) rename src/https/{scripts => bin}/enable-https (100%) rename src/https/{scripts => bin}/renew-certs (100%) rename src/https/{scripts => bin}/restart-apache (100%) rename src/mysql/{ => bin}/start_mysql (100%) rename src/mysql/{ => support-files}/mysql.server (100%) rename src/nextcloud/{scripts => bin}/manual-install (100%) rename src/nextcloud/{scripts => bin}/nextcloud-cron (100%) rename src/nextcloud/{scripts => bin}/occ (100%) rename src/nextcloud/{scripts => bin}/setup_nextcloud (100%) rename src/php/{scripts => bin}/start-php-fpm (100%) rename src/redis/{scripts => bin}/start-redis-server (100%) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index dad5e8f..f850f43 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -130,11 +130,8 @@ parts: - $exclude apache-customizations: - plugin: copy - files: - src/apache/scripts/*: bin/ - src/apache/conf/*: conf/ - src/apache/utilities/*: utilities/ + plugin: dump + source: src/apache/ nextcloud: plugin: dump @@ -211,48 +208,50 @@ parts: source-checksum: sha256/b1a0915dbc91b979d06df1977fe594c3fa9b189f1f3d38743a2948c9f7634813 redis-customizations: - plugin: copy - files: - src/redis/config/*: config/redis/ - src/redis/scripts/*: bin/ - src/redis/utilities/*: utilities/ + plugin: dump + source: src/redis/ + organize: + config/*: config/redis/ # Copy over our PHP configuration file. php-customizations: - plugin: copy - files: - src/php/config/*: config/php/ - src/php/scripts/*: bin/ - src/php/utilities/*: utilities/ + plugin: dump + source: src/php/ + organize: + config/*: config/php/ stage-packages: [mawk] # Copy over our Nextcloud configuration files nextcloud-customizations: - plugin: copy - files: - src/nextcloud/config/*: htdocs/config/ - src/nextcloud/scripts/*: bin/ - src/nextcloud/utilities/*: utilities/ + plugin: dump + source: src/nextcloud/ + organize: + config/: htdocs/config/ # Download the boost headers for MySQL. Note that the version used may need to # be updated if the version of MySQL changes. boost: - plugin: copy + plugin: dump source: https://github.com/kyrofa/boost_tarball/raw/master/boost_1_59_0.tar.gz source-checksum: sha1/5123209db194d66d69a9cfa5af8ff473d5941d97 - files: - '*': boost/ + # When building MySQL, the headers in the source directory 'boost/' are + # required. Previously, using the 'copy' plugin, the whole archive was put + # under 'boost/', making the headers reside in 'boost/boost/'. Due to a bug, + # we now only stage the 'boost/' directory without moving it. + # + # Bug: https://bugs.launchpad.net/snapcraft/+bug/1757093 + stage: + - boost/ prime: - -* mysql: plugin: cmake source: https://github.com/kyrofa/mysql-server.git - source-type: git source-branch: mysql-5.7.18_support_no_setpriority after: [boost] configflags: - - -DWITH_BOOST=$SNAPCRAFT_STAGE/boost + - -DWITH_BOOST=$SNAPCRAFT_STAGE - -DWITH_INNODB_PAGE_CLEANER_PRIORITY=OFF - -DCMAKE_INSTALL_PREFIX=/ - -DBUILD_CONFIG=mysql_release @@ -305,13 +304,8 @@ parts: # Copy over our MySQL scripts mysql-customizations: - plugin: copy - files: - # This one is what creates the initial database and account for Nextcloud. - src/mysql/start_mysql: bin/ - src/mysql/my.cnf: my.cnf - src/mysql/mysql.server: support-files/ - src/mysql/utilities/*: utilities/ + plugin: dump + source: src/mysql/ mdns-publisher: plugin: godeps @@ -319,9 +313,8 @@ parts: go-importpath: github.com/kyrofa/mdns-publisher delay-on-failure: - plugin: copy - files: - src/delay-on-failure/delay-on-failure: bin/ + plugin: dump + source: src/delay-on-failure/ certbot-nextcloud-plugin: plugin: python @@ -331,16 +324,14 @@ parts: python-packages: [cffi] setup-https: - plugin: copy - files: - src/https/scripts/*: bin/ - src/https/utilities/*: utilities/ + plugin: dump + source: src/https/ stage-packages: [openssl] stage: [-etc/ssl] prime: [-etc/ssl] hooks: plugin: dump - source: src/hooks + source: src/hooks/ organize: - 'bin/': snap/hooks/ + bin/: snap/hooks/ diff --git a/src/apache/scripts/httpd-wrapper b/src/apache/bin/httpd-wrapper similarity index 100% rename from src/apache/scripts/httpd-wrapper rename to src/apache/bin/httpd-wrapper diff --git a/src/apache/scripts/run-httpd b/src/apache/bin/run-httpd similarity index 100% rename from src/apache/scripts/run-httpd rename to src/apache/bin/run-httpd diff --git a/src/delay-on-failure/delay-on-failure b/src/delay-on-failure/bin/delay-on-failure similarity index 100% rename from src/delay-on-failure/delay-on-failure rename to src/delay-on-failure/bin/delay-on-failure diff --git a/src/https/scripts/disable-https b/src/https/bin/disable-https similarity index 100% rename from src/https/scripts/disable-https rename to src/https/bin/disable-https diff --git a/src/https/scripts/enable-https b/src/https/bin/enable-https similarity index 100% rename from src/https/scripts/enable-https rename to src/https/bin/enable-https diff --git a/src/https/scripts/renew-certs b/src/https/bin/renew-certs similarity index 100% rename from src/https/scripts/renew-certs rename to src/https/bin/renew-certs diff --git a/src/https/scripts/restart-apache b/src/https/bin/restart-apache similarity index 100% rename from src/https/scripts/restart-apache rename to src/https/bin/restart-apache diff --git a/src/mysql/start_mysql b/src/mysql/bin/start_mysql similarity index 100% rename from src/mysql/start_mysql rename to src/mysql/bin/start_mysql diff --git a/src/mysql/mysql.server b/src/mysql/support-files/mysql.server similarity index 100% rename from src/mysql/mysql.server rename to src/mysql/support-files/mysql.server diff --git a/src/nextcloud/scripts/manual-install b/src/nextcloud/bin/manual-install similarity index 100% rename from src/nextcloud/scripts/manual-install rename to src/nextcloud/bin/manual-install diff --git a/src/nextcloud/scripts/nextcloud-cron b/src/nextcloud/bin/nextcloud-cron similarity index 100% rename from src/nextcloud/scripts/nextcloud-cron rename to src/nextcloud/bin/nextcloud-cron diff --git a/src/nextcloud/scripts/occ b/src/nextcloud/bin/occ similarity index 100% rename from src/nextcloud/scripts/occ rename to src/nextcloud/bin/occ diff --git a/src/nextcloud/scripts/setup_nextcloud b/src/nextcloud/bin/setup_nextcloud similarity index 100% rename from src/nextcloud/scripts/setup_nextcloud rename to src/nextcloud/bin/setup_nextcloud diff --git a/src/php/scripts/start-php-fpm b/src/php/bin/start-php-fpm similarity index 100% rename from src/php/scripts/start-php-fpm rename to src/php/bin/start-php-fpm diff --git a/src/redis/scripts/start-redis-server b/src/redis/bin/start-redis-server similarity index 100% rename from src/redis/scripts/start-redis-server rename to src/redis/bin/start-redis-server From a45456c067f26e85fe5520d7919d5b88f5906439 Mon Sep 17 00:00:00 2001 From: Simon Hollenbach Date: Fri, 23 Mar 2018 11:27:59 +0100 Subject: [PATCH 138/416] Clean up trailing whitespace Throw away trailing whitespace that git complained about. Files containing trailing whitespace were identified using ``` grep -r '\s$' . ``` in the root of the repository. Closes nextcloud/nextcloud-snap#487 --- README.md | 8 ++++---- src/apache/conf/httpd.conf | 8 ++++---- src/apache/conf/ssl.conf | 8 ++++---- src/mysql/support-files/mysql.server | 18 +++++++++--------- tests/Rakefile | 2 +- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 0020474..a408429 100644 --- a/README.md +++ b/README.md @@ -42,8 +42,8 @@ storage (or otherwise use a device in `/media` for data), you need to give the snap permission to access removable media by connecting that interface: $ sudo snap connect nextcloud:removable-media - - + + ### Configuration Beyond the typical Nextcloud configuration (either by using `nextcloud.occ` or @@ -81,7 +81,7 @@ a proxy; you might notice it redirecting incorrectly. If this happens, override the automatic detection (including the port if necessary), e.g.: $ sudo nextcloud.occ config:set overwritehost --value="example.com:81" - + #### PHP Memory limit configuration @@ -92,7 +92,7 @@ log, you may need to set this to a higher value. If you'd like to set the memory limit to a higher value (say, 512M), run: $ sudo snap set nextcloud php.memory-limit=512M - + To set it to be unlimited (not recommended), use -1: $ sudo snap set nextcloud php.memory-limit=-1 diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index 1da4e9b..ba56a18 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -14,7 +14,7 @@ ServerRoot "${SNAP}" # ports, instead of the default. See also the # directive. # -# Change this to Listen on specific IP addresses as shown below to +# Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 @@ -74,7 +74,7 @@ LoadModule socache_shmcb_module modules/mod_socache_shmcb.so # # Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other +# explicitly permit access to web content directories in other # blocks below. # @@ -145,8 +145,8 @@ Alias "/.well-known/acme-challenge" "${SNAP_DATA}/certs/certbot/.well-known/acme # -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. # Require all denied diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index e588c32..95c22e8 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -3,7 +3,7 @@ # ports, instead of the default. See also the # directive. # -# Change this to Listen on specific IP addresses as shown below to +# Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 @@ -50,7 +50,7 @@ SSLProxyProtocol all -SSLv3 SSLPassPhraseDialog builtin # Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism +# Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). SSLSessionCache "shmcb:${SNAP_DATA}/apache/ssl_scache(512000)" SSLSessionCacheTimeout 300 @@ -123,7 +123,7 @@ SSLRandomSeed connect file:/dev/urandom 512 # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. + # directives are used in per-directory context. SSLOptions +StdEnvVars @@ -148,7 +148,7 @@ SSLRandomSeed connect file:/dev/urandom 512 # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation - # works correctly. + # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. diff --git a/src/mysql/support-files/mysql.server b/src/mysql/support-files/mysql.server index a81f680..4224a10 100755 --- a/src/mysql/support-files/mysql.server +++ b/src/mysql/support-files/mysql.server @@ -24,7 +24,7 @@ # Short-Description: start and stop MySQL # Description: MySQL is a very fast and reliable SQL database engine. ### END INIT INFO - + # If you install MySQL on some other places than /, then you # have to do one of the following things for this script to work: # @@ -49,8 +49,8 @@ basedir=$SNAP datadir=$SNAP_DATA/mysql # Default value, in seconds, afterwhich the script should timeout waiting -# for server start. -# Value here is overriden by value in my.cnf. +# for server start. +# Value here is overriden by value in my.cnf. # 0 means don't wait at all # Negative numbers mean to wait indefinitely service_startup_timeout=900 @@ -173,7 +173,7 @@ wait_for_pid () { if kill -0 "$pid" 2>/dev/null; then : # the server still runs else - # The server may have exited between the last pid-file check and now. + # The server may have exited between the last pid-file check and now. if test -n "$avoid_race_condition"; then avoid_race_condition="" continue # Check again. @@ -353,9 +353,9 @@ case "$mode" in ;; 'status') # First, check to see if pid file exists - if test -s "$mysqld_pid_file_path" ; then + if test -s "$mysqld_pid_file_path" ; then read mysqld_pid < "$mysqld_pid_file_path" - if kill -0 $mysqld_pid 2>/dev/null ; then + if kill -0 $mysqld_pid 2>/dev/null ; then log_success_msg "MySQL running ($mysqld_pid)" exit 0 else @@ -371,11 +371,11 @@ case "$mode" in if test $pid_count -gt 1 ; then log_failure_msg "Multiple MySQL running but PID file could not be found ($mysqld_pid)" exit 5 - elif test -z $mysqld_pid ; then - if test -f "$lock_file_path" ; then + elif test -z $mysqld_pid ; then + if test -f "$lock_file_path" ; then log_failure_msg "MySQL is not running, but lock file ($lock_file_path) exists" exit 2 - fi + fi log_failure_msg "MySQL is not running" exit 3 else diff --git a/tests/Rakefile b/tests/Rakefile index 716fd93..8ba8901 100644 --- a/tests/Rakefile +++ b/tests/Rakefile @@ -1,6 +1,6 @@ require 'rake' require 'rspec/core/rake_task' - + RSpec::Core::RakeTask.new(:test) do |t| t.pattern = Dir.glob('spec/**/*_spec.rb') t.rspec_opts = "--format documentation" From 15260616cb0aa2a26ce5c2498f179e1eae2eac14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Thu, 19 Apr 2018 20:29:44 +0200 Subject: [PATCH 139/416] php: update to 7.1.16 This PR resolves #507 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f850f43..7459e8f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -149,8 +149,8 @@ parts: php: plugin: php - source: http://us2.php.net/get/php-7.1.15.tar.bz2/from/this/mirror - source-checksum: sha256/e117a54738e9485de5fc75673d39dbe937dd87f0f9cc9e281960ef9b961adcbd + source: http://us2.php.net/get/php-7.1.16.tar.bz2/from/this/mirror + source-checksum: sha256/348e2af9c7c0f327a57a972674078777dfde189e2598acbcb8618b9645b0e7e5 source-type: tar install-via: prefix configflags: From 5e73307d8d6c47e0b596f4f0889eb5610750cca7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 28 Apr 2018 21:36:13 -0700 Subject: [PATCH 140/416] apache: stop waiting for services when stopping Fix #526 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 7459e8f..e4ede07 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -12,7 +12,7 @@ apps: # Apache daemon apache: command: run-httpd -k start -DFOREGROUND - stop-command: run-httpd -k stop + stop-command: httpd-wrapper -k stop daemon: simple restart-condition: always plugs: [network, network-bind] From c29f40fc36d76e5ec16fb1d5670021ee491cff6c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 2 Apr 2018 08:05:01 -0700 Subject: [PATCH 141/416] apache: upgrade to 2.4.33 Resolve #495 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 7459e8f..58372c2 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -92,8 +92,15 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.29.tar.bz2 - source-checksum: sha256/777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.33.tar.bz2 + source-checksum: sha256/de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 + + override-build: | + # For some reason, all directories in (and after) 2.4.32 are setgid. + # Reported as https://bz.apache.org/bugzilla/show_bug.cgi?id=62298 + # Work around by unsetting setgid. FIXME: Remove when bug is fixed. + find . -perm -g+s -exec chmod g-s {} \; + snapcraftctl build # The built-in Apache modules to enable modules: @@ -273,6 +280,7 @@ parts: stage: # Remove scripts that we'll be replacing with our own - -support-files/mysql.server + - -COPYING prime: # Remove scripts that we'll be replacing with our own - -support-files/mysql.server From 881522d4f6fb1b1f8d42100afd6ceb63d552a08a Mon Sep 17 00:00:00 2001 From: James Bream Date: Sun, 29 Apr 2018 14:54:08 +0100 Subject: [PATCH 142/416] Redis: Update to 4.0.9 Resolve #522 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index e4ede07..422bfef 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -204,8 +204,8 @@ parts: redis: plugin: redis - source: http://download.redis.io/releases/redis-4.0.2.tar.gz - source-checksum: sha256/b1a0915dbc91b979d06df1977fe594c3fa9b189f1f3d38743a2948c9f7634813 + source: http://download.redis.io/releases/redis-4.0.9.tar.gz + source-checksum: sha256/df4f73bc318e2f9ffb2d169a922dec57ec7c73dd07bccf875695dbeecd5ec510 redis-customizations: plugin: dump From e0aebc5f725d85b03decae8126784fd47f3aa328 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 30 Apr 2018 14:17:42 -0700 Subject: [PATCH 143/416] Update version to 12.0.5snap3 Also update CHANGELOG and README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 8 ++++++++ README.md | 7 ++++++- snap/snapcraft.yaml | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 5464d56..21aac55 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,11 @@ +v 12.0.5snap3 + - apache: upgrade to 2.4.33 + - apache: stop waiting for services when stopping + - php: update to 7.1.16 + - Clean up trailing whitespace + - Drop all copy plugin calls and replace with dump + - occ: add apices and use "$@" to pass arguments + v 12.0.5snap2 - php: update to 7.1.15 - docs: add xvfb to test dependencies in README diff --git a/README.md b/README.md index a408429..adfea3a 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,9 @@ This Nextcloud snap is available in the store for release series 16 (e.g. Ubuntu $ sudo snap install nextcloud +There are a [number of releases available][1]. By default you'll get the newest +stable one, but you may be interested in others. + ## How to use @@ -80,7 +83,7 @@ be unable to verify ownership of your domain and will not grant certificates. a proxy; you might notice it redirecting incorrectly. If this happens, override the automatic detection (including the port if necessary), e.g.: - $ sudo nextcloud.occ config:set overwritehost --value="example.com:81" + $ sudo nextcloud.occ config:system:set overwritehost --value="example.com:81" #### PHP Memory limit configuration @@ -165,3 +168,5 @@ And finally, run the tests: $ cd tests/ $ rake test + +[1]: https://github.com/nextcloud/nextcloud-snap/wiki/Release-strategy diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 5fe9637..714ccfd 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 12.0.5snap2 +version: 12.0.5snap3 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From 7616d81499b4d4ff1aef165b5e1459f03b08536f Mon Sep 17 00:00:00 2001 From: bn4t Date: Wed, 2 May 2018 20:22:47 +0200 Subject: [PATCH 144/416] Update PHP version to 7.1.17. Fixes #537 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 714ccfd..41b7e91 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -156,8 +156,8 @@ parts: php: plugin: php - source: http://us2.php.net/get/php-7.1.16.tar.bz2/from/this/mirror - source-checksum: sha256/348e2af9c7c0f327a57a972674078777dfde189e2598acbcb8618b9645b0e7e5 + source: https://php.net/get/php-7.1.17.tar.bz2/from/this/mirror + source-checksum: sha256/e124e3ac552c50f3890ed981d07b2ee473cac961885e75186ded0bbb5b78dbcf source-type: tar install-via: prefix configflags: From 46d6cb3ed649176e0549376e7c59cf2702159fed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sun, 6 May 2018 12:37:50 +0200 Subject: [PATCH 145/416] nextcloud: update to 12.0.7 This PR resolves #536 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index aa9934b..168fc84 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -142,8 +142,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-12.0.5.tar.bz2 - source-checksum: sha256/c8be29ace6821079e881818266fe49d28812b5aa0c7d2e76511173d48828ca43 + source: https://download.nextcloud.com/server/releases/nextcloud-12.0.7.tar.bz2 + source-checksum: sha256/24d769fb49741fb19da42ca90af8465ceacb6f7d45f2dfd90efe1c5f06028f0a organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 76b2dab9b6ac31d28a7f8f13becb402f33f55936 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 7 May 2018 14:12:51 -0700 Subject: [PATCH 146/416] php: use configured memory limit for PHP CLI utilities PHP-FPM currently supports configuring a memory limit using `snap set`. However, CLI utilities (specifically `occ` and the cron job) use a different configuration file, and don't support changing the memory limit. Add support for the same memory limit configuration to CLI utilities. Fix #550 Signed-off-by: Kyle Fazzari --- src/nextcloud/bin/nextcloud-cron | 2 +- src/nextcloud/bin/occ | 2 +- src/php/bin/run-php | 7 +++++++ src/php/config/php.ini | 4 +++- 4 files changed, 12 insertions(+), 3 deletions(-) create mode 100755 src/php/bin/run-php diff --git a/src/nextcloud/bin/nextcloud-cron b/src/nextcloud/bin/nextcloud-cron index 603fd99..643716c 100755 --- a/src/nextcloud/bin/nextcloud-cron +++ b/src/nextcloud/bin/nextcloud-cron @@ -10,6 +10,6 @@ done echo "done" while true; do - php -c $SNAP/config/php $SNAP/htdocs/cron.php + run-php $SNAP/htdocs/cron.php sleep 15m done diff --git a/src/nextcloud/bin/occ b/src/nextcloud/bin/occ index 9674cf4..5b0dcc6 100755 --- a/src/nextcloud/bin/occ +++ b/src/nextcloud/bin/occ @@ -14,4 +14,4 @@ fi wait_for_php wait_for_nextcloud_to_be_configured -php -c $SNAP/config/php $SNAP/htdocs/occ "$@" +run-php $SNAP/htdocs/occ "$@" diff --git a/src/php/bin/run-php b/src/php/bin/run-php new file mode 100755 index 0000000..3f28f07 --- /dev/null +++ b/src/php/bin/run-php @@ -0,0 +1,7 @@ +#!/bin/sh + +. $SNAP/utilities/php-utilities + +export PHP_MEMORY_LIMIT="$(php_memory_limit)" + +php -c $SNAP/config/php "$@" diff --git a/src/php/config/php.ini b/src/php/config/php.ini index c4f3cd0..a0a4161 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -386,7 +386,9 @@ max_input_time = 3600 ; Maximum amount of memory a script may consume (128MB) ; http://php.net/memory-limit -memory_limit = 128M +;memory_limit = 128M +; Allow for a dynamic PHP memory limit +memory_limit = ${PHP_MEMORY_LIMIT} ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; From f5c5b0f03e0bf1de1df55fdb891e4fcac37f61e4 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 7 Feb 2018 12:28:25 -0800 Subject: [PATCH 147/416] nextcloud: update to 13.0.2 Resolve #439 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 168fc84..6a7e12f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -15,7 +15,7 @@ apps: stop-command: httpd-wrapper -k stop daemon: simple restart-condition: always - plugs: [network, network-bind] + plugs: [network, network-bind, removable-media] # MySQL daemon mysql: @@ -142,8 +142,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-12.0.7.tar.bz2 - source-checksum: sha256/24d769fb49741fb19da42ca90af8465ceacb6f7d45f2dfd90efe1c5f06028f0a + source: https://download.nextcloud.com/server/releases/nextcloud-13.0.2.tar.bz2 + source-checksum: sha256/7396f98a1a53a9f4b144f55360d87c89cb6ee899feef1cfbf29a736219f9c47d organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From ab92f5471dc6723aac14134a48806b7b816f5d87 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 8 May 2018 07:41:38 -0700 Subject: [PATCH 148/416] Update version to 13.0.2snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 6 ++++++ README.md | 2 +- snap/snapcraft.yaml | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 21aac55..e75e088 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +v 13.0.2snap1 + - nextcloud: update to 13.0.2 + - php: use configured memory limit for PHP CLI utilities + - php: update to 7.1.17 + - redis: update to 4.0.9 + v 12.0.5snap3 - apache: upgrade to 2.4.33 - apache: stop waiting for services when stopping diff --git a/README.md b/README.md index adfea3a..fa627f4 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 12.0.5 +- Nextcloud 13.0.2 - Apache 2.4 - PHP 7.1 - MySQL 5.7 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 6a7e12f..aaf9702 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 12.0.5snap3 +version: 13.0.2snap1 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From fb290a7280dd701423e328b4088dda64e821de2f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 8 May 2018 08:24:33 -0700 Subject: [PATCH 149/416] Disable v11 daily builds and tests Resolve #559 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 29 ----------------------------- .travis/cron.sh | 8 -------- 2 files changed, 37 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f764736..8a08c4f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -41,24 +41,6 @@ jobs: # Run the tests command: ./.circleci/runtests.sh - test-daily-v11: - working_directory: ~/nextcloud-snap - machine: true - steps: - - checkout - - - run: - # Install the snap and create an admin user - command: | - sudo apt update - sudo apt install -y snapd - sudo snap install nextcloud --channel=11/edge - sudo nextcloud.manual-install admin admin - - - run: - # Run the tests - command: ./.circleci/runtests.sh - test-daily-v12: working_directory: ~/nextcloud-snap machine: true @@ -111,17 +93,6 @@ workflows: jobs: [test-daily-master] - daily-v11: - triggers: - - schedule: - # 0700 UTC == 0000 PSC - cron: "0 7 * * *" - filters: - branches: - only: develop - - jobs: [test-daily-v11] - daily-v12: triggers: - schedule: diff --git a/.travis/cron.sh b/.travis/cron.sh index c8998ac..4efe7a8 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -1,7 +1,6 @@ #!/bin/bash latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" -latest_stable11_url="https://download.nextcloud.com/server/daily/latest-stable11.tar.bz2" latest_stable12_url="https://download.nextcloud.com/server/daily/latest-stable12.tar.bz2" latest_stable13_url="https://download.nextcloud.com/server/daily/latest-stable13.tar.bz2" @@ -37,13 +36,6 @@ request_build \ "latest-master" "$latest_master_url" "master-$today" \ "From CI: Use Nextcloud latest master" - -echo "Requesting build of latest 11..." -request_build \ - "latest-11" "$latest_stable11_url" "11-$today" \ - "From CI: Use Nextcloud latest 11" - - echo "Requesting build of latest 12..." request_build \ "latest-12" "$latest_stable12_url" "12-$today" \ From 9e63386d7e221e5d886cc71bf373383281d866e0 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 12 May 2018 10:19:22 -0700 Subject: [PATCH 150/416] https: patch certbot to ignore system config If the machine running the snap happens to contain a cerbot config in `/etc/letsencrypt/cli.ini`, certbot in the snap will be useless. AppArmor doesn't mediate lookups and stats, so certbot knows the file exists, it just can't access it, which breaks it terribly. Patch certbot to no longer look for system-wide configs. Also update certbot to the latest available version. Fix #569 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 15 +++++++--- .../patches/remove_default_config_files.patch | 17 +++++++++++ src/https/requirements.txt | 28 +++++++++++++++++++ src/https/setup.py | 2 +- 4 files changed, 57 insertions(+), 5 deletions(-) create mode 100644 src/https/patches/remove_default_config_files.patch create mode 100644 src/https/requirements.txt diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index aaf9702..3d130ed 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -328,15 +328,22 @@ parts: plugin: python python-version: python2 source: src/https/ - build-packages: [python-dev, libffi-dev] - python-packages: [cffi] + requirements: requirements.txt + build-packages: [libffi-dev] + + fix-certbot: + plugin: nil + source: src/https/patches + after: [certbot-nextcloud-plugin] + override-pull: | + snapcraftctl pull + patch -p1 -d $SNAPCRAFT_STAGE/lib/python2.7/site-packages/certbot < remove_default_config_files.patch setup-https: plugin: dump source: src/https/ stage-packages: [openssl] - stage: [-etc/ssl] - prime: [-etc/ssl] + stage: [-etc/ssl, -patches] hooks: plugin: dump diff --git a/src/https/patches/remove_default_config_files.patch b/src/https/patches/remove_default_config_files.patch new file mode 100644 index 0000000..d2929d8 --- /dev/null +++ b/src/https/patches/remove_default_config_files.patch @@ -0,0 +1,17 @@ +diff -Naur a/constants.py b/constants.py +--- a/constants.py 2018-05-12 22:08:50.233116726 +0000 ++++ b/constants.py 2018-05-12 21:54:54.127861465 +0000 +@@ -13,12 +13,7 @@ + """Plugins Setuptools entry point before rename.""" + + CLI_DEFAULTS = dict( +- config_files=[ +- "/etc/letsencrypt/cli.ini", +- # http://freedesktop.org/wiki/Software/xdg-user-dirs/ +- os.path.join(os.environ.get("XDG_CONFIG_HOME", "~/.config"), +- "letsencrypt", "cli.ini"), +- ], ++ config_files=[], + + # Main parser + verbose_count=-int(logging.INFO / 10), diff --git a/src/https/requirements.txt b/src/https/requirements.txt new file mode 100644 index 0000000..1c0c99d --- /dev/null +++ b/src/https/requirements.txt @@ -0,0 +1,28 @@ +acme==0.24.0 +asn1crypto==0.24.0 +certbot==0.24.0 +certifi==2018.4.16 +cffi==1.11.5 +chardet==3.0.4 +ConfigArgParse==0.13.0 +configobj==5.0.6 +cryptography==2.2.2 +enum34==1.1.6 +funcsigs==1.0.2 +future==0.16.0 +idna==2.6 +ipaddress==1.0.22 +josepy==1.1.0 +mock==2.0.0 +parsedatetime==2.4 +pbr==4.0.2 +pycparser==2.18 +pyOpenSSL==17.5.0 +pyRFC3339==1.0 +pytz==2018.4 +requests==2.18.4 +six==1.11.0 +urllib3==1.22 +zope.component==4.4.1 +zope.event==4.3.0 +zope.interface==4.5.0 diff --git a/src/https/setup.py b/src/https/setup.py index 36e6652..55603d6 100644 --- a/src/https/setup.py +++ b/src/https/setup.py @@ -5,7 +5,7 @@ name='nextcloud', packages=find_packages(), install_requires=[ - 'certbot==0.14.1', + 'certbot', 'zope.interface', ], entry_points={ From db5df43d2fdbaa9c89994fc4746aaba852278db9 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 8 May 2018 10:50:03 -0700 Subject: [PATCH 151/416] many: implement static checks Add a static test that runs shellcheck on all shell scripts in the src/ directory, and fix them all to pass. Resolve #561 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 18 +++- src/apache/bin/httpd-wrapper | 20 ++-- src/apache/bin/run-httpd | 17 ++-- src/apache/utilities/apache-utilities | 22 ++--- src/delay-on-failure/bin/delay-on-failure | 3 +- src/hooks/bin/configure | 11 ++- src/hooks/utilities/hook-utilities | 7 +- src/https/bin/disable-https | 9 +- src/https/bin/enable-https | 64 +++++++------ src/https/bin/renew-certs | 11 ++- src/https/bin/restart-apache | 3 +- src/https/utilities/https-utilities | 100 ++++++++++---------- src/mysql/bin/start_mysql | 63 ++++++------ src/mysql/support-files/mysql.server | 84 ++++++++-------- src/mysql/utilities/mysql-utilities | 12 ++- src/nextcloud/bin/manual-install | 11 ++- src/nextcloud/bin/nextcloud-cron | 9 +- src/nextcloud/bin/occ | 16 ++-- src/nextcloud/bin/setup_nextcloud | 29 +++--- src/nextcloud/utilities/nextcloud-utilities | 8 +- src/php/bin/run-php | 8 +- src/php/bin/start-php-fpm | 41 ++++---- src/php/utilities/php-utilities | 25 ++--- src/redis/bin/start-redis-server | 8 +- src/redis/utilities/redis-utilities | 12 ++- tests/static.sh | 30 ++++++ 26 files changed, 369 insertions(+), 272 deletions(-) create mode 100755 tests/static.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 8a08c4f..d00f75d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,5 +1,19 @@ version: 2 jobs: + static-tests: + working_directory: ~/nextcloud-snap + docker: + - image: ubuntu:bionic + steps: + - checkout + + - run: + # Run the static tests + command: | + apt update -qq + apt install shellcheck -y + ./tests/static.sh + build: working_directory: ~/nextcloud-snap machine: true @@ -20,7 +34,7 @@ jobs: sudo nextcloud.manual-install admin admin - run: - # Run the tests + # Run the integration tests command: ./.circleci/runtests.sh test-daily-master: @@ -80,7 +94,7 @@ jobs: workflows: version: 2 commit: - jobs: [build] + jobs: [static-tests, build] daily-master: triggers: diff --git a/src/apache/bin/httpd-wrapper b/src/apache/bin/httpd-wrapper index 11c9057..f181812 100755 --- a/src/apache/bin/httpd-wrapper +++ b/src/apache/bin/httpd-wrapper @@ -1,8 +1,11 @@ #!/bin/sh -. $SNAP/utilities/https-utilities -. $SNAP/utilities/apache-utilities -. $SNAP/utilities/php-utilities +# shellcheck source=src/https/utilities/https-utilities +. "$SNAP/utilities/https-utilities" +# shellcheck source=src/apache/utilities/apache-utilities +. "$SNAP/utilities/apache-utilities" +# shellcheck source=src/php/utilities/php-utilities +. "$SNAP/utilities/php-utilities" params="" if certificates_are_active; then @@ -20,7 +23,12 @@ else echo "No certificates are active: using HTTP only" fi -export HTTP_PORT="$(apache_http_port)" -export HTTPS_PORT="$(apache_https_port)" +HTTP_PORT="$(apache_http_port)" +HTTPS_PORT="$(apache_https_port)" +export HTTP_PORT +export HTTPS_PORT -httpd -d $SNAP $params $@ +# Disable shellcheck for quoting params, since we're building a command line +# and these need to be separated by spaces +# shellcheck disable=SC2086 +httpd -d "$SNAP" $params "$@" diff --git a/src/apache/bin/run-httpd b/src/apache/bin/run-httpd index aaa0dd1..a94a70a 100755 --- a/src/apache/bin/run-httpd +++ b/src/apache/bin/run-httpd @@ -1,17 +1,18 @@ #!/bin/sh -. $SNAP/utilities/hook-utilities +# shellcheck source=src/hooks/utilities/hook-utilities +. "$SNAP/utilities/hook-utilities" # Make sure the configure hook isn't running (otherwise we'll run on old # configuration data) wait_for_configure_hook -mkdir -p -m 750 $SNAP_DATA/apache/logs +mkdir -p "$SNAP_DATA/apache/logs" +chmod 750 "$SNAP_DATA/apache/logs" # Make sure Nextcloud is installed and running echo "Making sure nextcloud is setup..." -setup_nextcloud -if [ $? -ne 0 ]; then +if ! setup_nextcloud; then echo "Failed to setup nextcloud" exit 1 fi @@ -23,9 +24,9 @@ echo "All set! Running httpd..." # Rewrite live cert symlinks that aren't using the current symlink. # FIXME: Remove this migration once epochs and upgrade hooks are available. if certificates_are_active; then - live_basename="$(basename $(realpath $LIVE_CERTS_DIRECTORY))" - self_signed_basename="$(basename $SELF_SIGNED_DIRECTORY)" - custom_basename="$(basename $CUSTOM_DIRECTORY)" + live_basename="$(basename "$(realpath "$LIVE_CERTS_DIRECTORY")")" + self_signed_basename="$(basename "$SELF_SIGNED_DIRECTORY")" + custom_basename="$(basename "$CUSTOM_DIRECTORY")" if [ "$live_basename" = "$self_signed_basename" ]; then activate_self_signed_certificate elif [ "$live_basename" = "$custom_basename" ]; then @@ -35,4 +36,4 @@ if certificates_are_active; then fi fi -httpd-wrapper $@ +httpd-wrapper "$@" diff --git a/src/apache/utilities/apache-utilities b/src/apache/utilities/apache-utilities index 7e6e865..18042b4 100755 --- a/src/apache/utilities/apache-utilities +++ b/src/apache/utilities/apache-utilities @@ -4,22 +4,22 @@ DEFAULT_HTTP_PORT="80" DEFAULT_HTTPS_PORT="443" export APACHE_PIDFILE="/tmp/pids/httpd.pid" -mkdir -p -m 750 "$(dirname $APACHE_PIDFILE)" +mkdir -p "$(dirname $APACHE_PIDFILE)" +chmod 750 "$(dirname $APACHE_PIDFILE)" restart_apache_if_running() { if apache_is_running; then # Restart apache by stopping it and letting systemd start it again. pid="$(apache_pid)" - echo -n "Restarting apache... " - output=$(httpd-wrapper -k stop 2>&1) - if [ $? -eq 0 ]; then - while kill -0 $pid 2>/dev/null; do + printf "Restarting apache... " + if output="$(httpd-wrapper -k stop 2>&1)"; then + while kill -0 "$pid" 2>/dev/null; do sleep 1 done - echo "done" + printf "done\n" else - echo "error" + printf "error\n" echo "$output" return 1 fi @@ -34,11 +34,11 @@ apache_is_running() wait_for_apache() { if ! apache_is_running; then - echo -n "Waiting for Apache... " + printf "Waiting for Apache... " while ! apache_is_running; do sleep 1 done - echo "done" + printf "done\n" fi } @@ -88,7 +88,7 @@ apache_set_https_port() apache_previous_http_port() { - echo "$(snapctl get private.ports.http)" + snapctl get private.ports.http } apache_set_previous_http_port() @@ -98,7 +98,7 @@ apache_set_previous_http_port() apache_previous_https_port() { - echo "$(snapctl get private.ports.https)" + snapctl get private.ports.https } apache_set_previous_https_port() diff --git a/src/delay-on-failure/bin/delay-on-failure b/src/delay-on-failure/bin/delay-on-failure index ac93ce7..d4ed00a 100755 --- a/src/delay-on-failure/bin/delay-on-failure +++ b/src/delay-on-failure/bin/delay-on-failure @@ -1,7 +1,6 @@ #!/bin/sh -$* -if [ $? -ne 0 ]; then +if ! "$@"; then sleep 10 # Don't exit right away, so we'll be respawned exit 1 fi diff --git a/src/hooks/bin/configure b/src/hooks/bin/configure index a8e6eb3..2c54223 100755 --- a/src/hooks/bin/configure +++ b/src/hooks/bin/configure @@ -12,9 +12,12 @@ # Memory limit for PHP workers. String can include units, e.g. 32M is 32 # megabytes. -. $SNAP/utilities/apache-utilities -. $SNAP/utilities/php-utilities -. $SNAP/utilities/hook-utilities +# shellcheck source=src/apache/utilities/apache-utilities +. "$SNAP/utilities/apache-utilities" +# shellcheck source=src/php/utilities/php-utilities +. "$SNAP/utilities/php-utilities" +# shellcheck source=src/hooks/utilities/hook-utilities +. "$SNAP/utilities/hook-utilities" handle_apache_port_config() { @@ -24,7 +27,7 @@ handle_apache_port_config() previous_https_port="$(apache_previous_https_port)" # If no changes were requested, then there's nothing to do here. - if [ "$http_port" = "$previous_http_port" -a "$https_port" = "$previous_https_port" ]; then + if [ "$http_port" = "$previous_http_port" ] && [ "$https_port" = "$previous_https_port" ]; then return 0 fi diff --git a/src/hooks/utilities/hook-utilities b/src/hooks/utilities/hook-utilities index 1a479ea..c1edbe2 100755 --- a/src/hooks/utilities/hook-utilities +++ b/src/hooks/utilities/hook-utilities @@ -2,7 +2,8 @@ CONFIGURE_LOCKFILE="/tmp/locks/configure-hook" -mkdir -p -m 750 "$(dirname $CONFIGURE_LOCKFILE)" +mkdir -p "$(dirname $CONFIGURE_LOCKFILE)" +chmod 750 "$(dirname $CONFIGURE_LOCKFILE)" configure_hook_running() { @@ -22,10 +23,10 @@ set_configure_hook_not_running() wait_for_configure_hook() { if configure_hook_running; then - echo -n "Waiting for configure hook... " + printf "Waiting for configure hook... " while configure_hook_running; do sleep 1 done - echo "done" + printf "done\n" fi } diff --git a/src/https/bin/disable-https b/src/https/bin/disable-https index 090f617..66b9d6a 100755 --- a/src/https/bin/disable-https +++ b/src/https/bin/disable-https @@ -1,16 +1,17 @@ #!/bin/sh -. $SNAP/utilities/https-utilities +# shellcheck source=src/https/utilities/https-utilities +. "$SNAP/utilities/https-utilities" -if [ $(id -u) -ne 0 ]; then +if [ "$(id -u)" -ne 0 ]; then echo "This utility needs to run as root" exit 1 fi if certificates_are_active; then - echo -n "Deactivating HTTPS... " + printf "Deactivating HTTPS... " deactivate_certificates - echo "done" + printf "done\n" restart_apache_if_running else echo "HTTPS doesn't seem enabled" diff --git a/src/https/bin/enable-https b/src/https/bin/enable-https index 5c3280e..a9f57b4 100755 --- a/src/https/bin/enable-https +++ b/src/https/bin/enable-https @@ -1,6 +1,7 @@ #!/bin/sh -. $SNAP/utilities/https-utilities +# shellcheck source=src/https/utilities/https-utilities +. "$SNAP/utilities/https-utilities" COMMAND="nextcloud.enable-https" @@ -87,7 +88,8 @@ handle_lets_encrypt() echo "" while true; do - read -p "Have you met these requirements? (y/n) " answer + printf "Have you met these requirements? (y/n) " + read -r answer case $answer in [Yy]* ) break;; [Nn]* ) exit;; @@ -95,27 +97,30 @@ handle_lets_encrypt() esac done - read -p "Please enter an email address (for urgent notices or key recovery): " email + printf "Please enter an email address (for urgent notices or key recovery): " + read -r email domains="" - read -p "Please enter your domain name(s) (space-separated): " answer + printf "Please enter your domain name(s) (space-separated): " + read -r answer for domain in $answer; do domains="$domains -d $domain" done - echo -n "Attempting to obtain certificates... " - output=$(run_certbot certonly $extra_params \ - --authenticator nextcloud:webroot \ - --nextcloud:webroot-path $CERTBOT_DIRECTORY \ - --rsa-key-size 4096 \ - --email $email \ - --non-interactive \ - --agree-tos \ - --force-renewal \ - $domains 2>&1) - if [ $? -ne 0 ]; then - echo "error running certbot:" >&2 - echo "" >&2 + printf "Attempting to obtain certificates... " + # Building CLI commands, so we don't WANT to quote some of these (they need + # to be separated by whitespace): disable the check + # shellcheck disable=SC2086 + if ! output="$(run_certbot certonly $extra_params \ + --authenticator nextcloud:webroot \ + --nextcloud:webroot-path "$CERTBOT_DIRECTORY" \ + --rsa-key-size 4096 \ + --email "$email" \ + --non-interactive \ + --agree-tos \ + --force-renewal \ + $domains 2>&1)"; then + printf "error running certbot:\n\n" >&2 echo "$output" >&2 exit 1 fi @@ -150,15 +155,14 @@ handle_self_signed() esac done - echo -n "Generating key and self-signed certificate... " - output=$(generate_self_signed_certificate 2>&1) - if [ $? -ne 0 ]; then - echo "error:" >&2 + printf "Generating key and self-signed certificate... " + if ! output="$(generate_self_signed_certificate 2>&1)"; then + printf "error:\n" >&2 echo "$output" >&2 exit 1 fi - echo "done" + printf "done\n" activate_self_signed_certificate } @@ -202,8 +206,8 @@ handle_custom() shift $((OPTIND-1)) if [ $# -ne 3 ]; then - echo -n "This subcommand requires three positional parameters: " >&2 - echo " " >&2 + printf "This subcommand requires three positional parameters: " >&2 + printf " \n" >&2 exit 1 fi @@ -211,20 +215,20 @@ handle_custom() private_key=$2 chain=$3 - echo -n "Installing custom certificate... " - output=$(install_custom_certificate \ - $certificate $private_key $chain $enable_hsts 2>&1) - if [ $? -ne 0 ]; then + printf "Installing custom certificate... " + if ! output="$(install_custom_certificate \ + "$certificate" "$private_key" "$chain" \ + "$enable_hsts" 2>&1)"; then echo "error:" >&2 echo "$output" >&2 exit 1 fi - echo "done" + printf "done\n" activate_custom_certificate } -if [ $(id -u) -ne 0 ]; then +if [ "$(id -u)" -ne 0 ]; then echo "This utility needs to run as root" exit 1 fi diff --git a/src/https/bin/renew-certs b/src/https/bin/renew-certs index 83647b8..fc52bd3 100755 --- a/src/https/bin/renew-certs +++ b/src/https/bin/renew-certs @@ -1,18 +1,19 @@ #!/bin/sh -. $SNAP/utilities/https-utilities +# shellcheck source=src/https/utilities/https-utilities +. "$SNAP/utilities/https-utilities" # The number of seconds remaining in the validity of the certificate # before renewing it. 2592000 seconds is 30 days. seconds_to_renew=2592000 while true; do - if [ -f $SELF_SIGNED_CERT ]; then + if [ -f "$SELF_SIGNED_CERT" ]; then # Check the self-signed certificate. Does it need to be renewed? - cert_date=$(openssl x509 -noout -enddate -in $SELF_SIGNED_CERT | sed -e 's/.*=\(.*\)$/\1/') - cert_date=$(date -d "$cert_date" "+%s") + cert_date="$(openssl x509 -noout -enddate -in "$SELF_SIGNED_CERT" | sed -e 's/.*=\(.*\)$/\1/')" + cert_date="$(date -d "$cert_date" "+%s")" current_date=$(date "+%s") - difference=$(($cert_date-$current_date)) + difference=$((cert_date-current_date)) if [ $difference -lt $seconds_to_renew ]; then echo "Renewing self-signed certificate" generate_self_signed_certificate diff --git a/src/https/bin/restart-apache b/src/https/bin/restart-apache index 95e8836..e106321 100755 --- a/src/https/bin/restart-apache +++ b/src/https/bin/restart-apache @@ -1,5 +1,6 @@ #!/bin/sh -. $SNAP/utilities/https-utilities +# shellcheck source=src/https/utilities/https-utilities +. "$SNAP/utilities/https-utilities" restart_apache_if_running diff --git a/src/https/utilities/https-utilities b/src/https/utilities/https-utilities index 2cc62c1..1b1ee06 100755 --- a/src/https/utilities/https-utilities +++ b/src/https/utilities/https-utilities @@ -1,54 +1,55 @@ #!/bin/sh -. $SNAP/utilities/apache-utilities +# shellcheck source=src/apache/utilities/apache-utilities +. "$SNAP/utilities/apache-utilities" -SNAP_CURRENT=$(dirname $SNAP_DATA)/current +SNAP_CURRENT="$(dirname "$SNAP_DATA")/current" -LIVE_CERTS_DIRECTORY=$SNAP_CURRENT/certs/live -LIVE_CERT=$LIVE_CERTS_DIRECTORY/cert.pem -LIVE_KEY=$LIVE_CERTS_DIRECTORY/privkey.pem -LIVE_CHAIN=$LIVE_CERTS_DIRECTORY/chain.pem +LIVE_CERTS_DIRECTORY="$SNAP_CURRENT/certs/live" -SELF_SIGNED_DIRECTORY=$SNAP_CURRENT/certs/self-signed -SELF_SIGNED_KEY=$SELF_SIGNED_DIRECTORY/privkey.pem -SELF_SIGNED_CERT=$SELF_SIGNED_DIRECTORY/cert.pem -SELF_SIGNED_CHAIN=$SELF_SIGNED_DIRECTORY/chain.pem +SELF_SIGNED_DIRECTORY="$SNAP_CURRENT/certs/self-signed" +SELF_SIGNED_KEY="$SELF_SIGNED_DIRECTORY/privkey.pem" +SELF_SIGNED_CERT="$SELF_SIGNED_DIRECTORY/cert.pem" +SELF_SIGNED_CHAIN="$SELF_SIGNED_DIRECTORY/chain.pem" -CUSTOM_DIRECTORY=$SNAP_CURRENT/certs/custom -CUSTOM_KEY=$CUSTOM_DIRECTORY/privkey.pem -CUSTOM_CERT=$CUSTOM_DIRECTORY/cert.pem -CUSTOM_CHAIN=$CUSTOM_DIRECTORY/chain.pem -CUSTOM_ENABLE_HSTS=$CUSTOM_DIRECTORY/hsts +CUSTOM_DIRECTORY="$SNAP_CURRENT/certs/custom" +CUSTOM_KEY="$CUSTOM_DIRECTORY/privkey.pem" +CUSTOM_CERT="$CUSTOM_DIRECTORY/cert.pem" +CUSTOM_CHAIN="$CUSTOM_DIRECTORY/chain.pem" +CUSTOM_ENABLE_HSTS="$CUSTOM_DIRECTORY/hsts" -CERTBOT_DIRECTORY=$SNAP_CURRENT/certs/certbot -CERTBOT_LIVE_DIRECTORY=$CERTBOT_DIRECTORY/config/live +CERTBOT_DIRECTORY="$SNAP_CURRENT/certs/certbot" +CERTBOT_LIVE_DIRECTORY="$CERTBOT_DIRECTORY/config/live" # If this function is run multiple times it will replace the certificate # and key if they're already present. generate_self_signed_certificate() { - mkdir -p -m 750 $(dirname $SELF_SIGNED_KEY) - mkdir -p -m 750 $(dirname $SELF_SIGNED_CERT) - mkdir -p -m 750 $(dirname $SELF_SIGNED_CHAIN) - - openssl req -newkey rsa:4096 -nodes -keyout $SELF_SIGNED_KEY \ - -x509 -days 90 -out $SELF_SIGNED_CERT -subj "/O=Nextcloud" - - rm -f $SELF_SIGNED_CHAIN - ln -s $SELF_SIGNED_CERT $SELF_SIGNED_CHAIN + mkdir -p "$(dirname "$SELF_SIGNED_KEY")" + mkdir -p "$(dirname "$SELF_SIGNED_CERT")" + mkdir -p "$(dirname "$SELF_SIGNED_CHAIN")" + chmod 750 "$(dirname "$SELF_SIGNED_KEY")" + chmod 750 "$(dirname "$SELF_SIGNED_CERT")" + chmod 750 "$(dirname "$SELF_SIGNED_CHAIN")" + + openssl req -newkey rsa:4096 -nodes -keyout "$SELF_SIGNED_KEY" \ + -x509 -days 90 -out "$SELF_SIGNED_CERT" -subj "/O=Nextcloud" + + rm -f "$SELF_SIGNED_CHAIN" + ln -s "$SELF_SIGNED_CERT" "$SELF_SIGNED_CHAIN" } activate_self_signed_certificate() { deactivate_certificates - ln -s $SELF_SIGNED_DIRECTORY $LIVE_CERTS_DIRECTORY + ln -s "$SELF_SIGNED_DIRECTORY" "$LIVE_CERTS_DIRECTORY" restart_apache_if_running } self_signed_certificates_are_active() { - live_path="$(realpath $LIVE_CERTS_DIRECTORY)" - self_signed_path="$(realpath $SELF_SIGNED_DIRECTORY)" + live_path="$(realpath "$LIVE_CERTS_DIRECTORY")" + self_signed_path="$(realpath "$SELF_SIGNED_DIRECTORY")" [ "$live_path" = "$self_signed_path" ] } @@ -59,44 +60,47 @@ install_custom_certificate() { enable_hsts=$4 - mkdir -p -m 750 $(dirname $CUSTOM_KEY) - mkdir -p -m 750 $(dirname $CUSTOM_CERT) - mkdir -p -m 750 $(dirname $CUSTOM_CHAIN) + mkdir -p "$(dirname "$CUSTOM_KEY")" + mkdir -p "$(dirname "$CUSTOM_CERT")" + mkdir -p "$(dirname "$CUSTOM_CHAIN")" + chmod 750 "$(dirname "$CUSTOM_KEY")" + chmod 750 "$(dirname "$CUSTOM_CERT")" + chmod 750 "$(dirname "$CUSTOM_CHAIN")" - cp $1 $CUSTOM_CERT - cp $2 $CUSTOM_KEY - cp $3 $CUSTOM_CHAIN + cp "$1" "$CUSTOM_CERT" + cp "$2" "$CUSTOM_KEY" + cp "$3" "$CUSTOM_CHAIN" if [ "$enable_hsts" = true ]; then - touch $CUSTOM_ENABLE_HSTS + touch "$CUSTOM_ENABLE_HSTS" else - rm -f $CUSTOM_ENABLE_HSTS + rm -f "$CUSTOM_ENABLE_HSTS" fi } activate_custom_certificate() { deactivate_certificates - ln -s $CUSTOM_DIRECTORY $LIVE_CERTS_DIRECTORY + ln -s "$CUSTOM_DIRECTORY" "$LIVE_CERTS_DIRECTORY" restart_apache_if_running } custom_certificates_are_active() { - live_path="$(realpath $LIVE_CERTS_DIRECTORY)" - custom_path="$(realpath $CUSTOM_DIRECTORY)" + live_path="$(realpath "$LIVE_CERTS_DIRECTORY")" + custom_path="$(realpath "$CUSTOM_DIRECTORY")" [ "$live_path" = "$custom_path" ] } certificates_are_active() { - [ -e $LIVE_CERTS_DIRECTORY ] + [ -e "$LIVE_CERTS_DIRECTORY" ] } deactivate_certificates() { - rm -rf $LIVE_CERTS_DIRECTORY + rm -rf "$LIVE_CERTS_DIRECTORY" } activate_certbot_certificate() @@ -104,10 +108,10 @@ activate_certbot_certificate() # There shouldn't be multiple domains here since we have no way to # support them, but account for the possibility by simply taking the # first domain's certificates. - certdir=$(ls $CERTBOT_LIVE_DIRECTORY | sort -n | head -1) + certdir="$(find "$CERTBOT_LIVE_DIRECTORY" -maxdepth 1 -mindepth 1 -printf "%P\n" | sort -n | head -1)" deactivate_certificates - ln -s $CERTBOT_LIVE_DIRECTORY/$certdir $LIVE_CERTS_DIRECTORY + ln -s "$CERTBOT_LIVE_DIRECTORY/$certdir" "$LIVE_CERTS_DIRECTORY" restart_apache_if_running } @@ -119,7 +123,7 @@ should_enable_hsts() fi # Don't enable HSTS for custom certificates unless requested - if custom_certificates_are_active && [ ! -f $CUSTOM_ENABLE_HSTS ]; then + if custom_certificates_are_active && [ ! -f "$CUSTOM_ENABLE_HSTS" ]; then return 1 fi @@ -130,7 +134,7 @@ should_enable_hsts() # Run a certbot instance that writes to snap-writable data. run_certbot() { - certbot --text --config-dir $CERTBOT_DIRECTORY/config \ - --work-dir $CERTBOT_DIRECTORY/work \ - --logs-dir $CERTBOT_DIRECTORY/logs $@ + certbot --text --config-dir "$CERTBOT_DIRECTORY/config" \ + --work-dir "$CERTBOT_DIRECTORY/work" \ + --logs-dir "$CERTBOT_DIRECTORY/logs" "$@" } diff --git a/src/mysql/bin/start_mysql b/src/mysql/bin/start_mysql index 3767b98..274a32a 100755 --- a/src/mysql/bin/start_mysql +++ b/src/mysql/bin/start_mysql @@ -1,67 +1,67 @@ #!/bin/sh -. $SNAP/utilities/mysql-utilities +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" root_option_file="$SNAP_DATA/mysql/root.ini" new_install=false # Make sure the database is initialized (this is safe to run if already # initialized) -mysqld --initialize-insecure --basedir="$SNAP" --datadir="$SNAP_DATA/mysql" --lc-messages-dir="$SNAP/share" - -# If the above command succeeded, it means this is a new installation. -if [ $? -eq 0 ]; then +if mysqld --initialize-insecure --basedir="$SNAP" --datadir="$SNAP_DATA/mysql" --lc-messages-dir="$SNAP/share"; then new_install=true fi # Start mysql -$SNAP/support-files/mysql.server start +"$SNAP/support-files/mysql.server" start # Initialize new installation if necessary. if [ $new_install = true ]; then # Generate a password for the root mysql user. - echo -n "Generating root mysql password... " - root_password=$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c64) - echo "done." + printf "Generating root mysql password... " + root_password="$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c64)" + printf "done\n" # Generate a password for the nextcloud mysql user. - echo -n "Generating nextcloud mysql password... " - nextcloud_password=$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c64) - echo "done." + printf "Generating nextcloud mysql password... " + nextcloud_password="$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c64)" + printf "done\n" # Save root user information - echo "[client]" >> $root_option_file - echo "socket=$MYSQL_SOCKET" >> $root_option_file - echo "user=root" >> $root_option_file - chmod 600 $root_option_file + cat <<-EOF > "$root_option_file" + [client] + socket=$MYSQL_SOCKET + user=root + EOF + chmod 600 "$root_option_file" # Now set everything up in one step: # 1) Set the root user's password # 2) Create the nextcloud user # 3) Create the nextcloud database # 4) Grant the nextcloud user privileges on the nextcloud database - echo -n "Setting up users and nextcloud database... " - mysql --defaults-file=$root_option_file <> $root_option_file + echo "password=$root_password" >> "$root_option_file" else # Okay, this isn't a new installation. However, we recently changed # the location of MySQL's socket (11.0.2snap1). Make sure the root # option file is updated to look there instead of the old location. - sed -ri "s|(socket\s*=\s*)/var/snap/.*mysql.sock|\1$MYSQL_SOCKET|" $root_option_file + sed -ri "s|(socket\s*=\s*)/var/snap/.*mysql.sock|\1$MYSQL_SOCKET|" "$root_option_file" fi # Wait here until mysql is running @@ -70,10 +70,9 @@ wait_for_mysql # Check and upgrade mysql tables if necessary. This will return 0 if the upgrade # succeeded, in which case we need to restart mysql. echo "Checking/upgrading mysql tables if necessary..." -mysql_upgrade --defaults-file=$root_option_file -if [ $? -eq 0 ]; then +if mysql_upgrade --defaults-file="$root_option_file"; then echo "Restarting mysql server after upgrade..." - $SNAP/support-files/mysql.server restart + "$SNAP/support-files/mysql.server" restart # Wait for server to come back after upgrade wait_for_mysql diff --git a/src/mysql/support-files/mysql.server b/src/mysql/support-files/mysql.server index 4224a10..cd6975c 100755 --- a/src/mysql/support-files/mysql.server +++ b/src/mysql/support-files/mysql.server @@ -43,10 +43,11 @@ # If you change base dir, you must also change datadir. These may get # overwritten by settings in the MySQL configuration files. -. $SNAP/utilities/mysql-utilities +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" -basedir=$SNAP -datadir=$SNAP_DATA/mysql +basedir="$SNAP" +datadir="$SNAP_DATA/mysql" # Default value, in seconds, afterwhich the script should timeout waiting # for server start. @@ -71,7 +72,6 @@ then then datadir=//data fi - sbindir=//bin libexecdir=//bin else bindir="$basedir/bin" @@ -79,7 +79,6 @@ else then datadir="$basedir/data" fi - sbindir="$basedir/sbin" libexecdir="$basedir/libexec" fi @@ -96,11 +95,11 @@ if test -f $lsb_functions ; then else log_success_msg() { - echo " SUCCESS! $@" + echo " SUCCESS! $*" } log_failure_msg() { - echo " ERROR! $@" + echo " ERROR! $*" } fi @@ -117,28 +116,29 @@ other_args="$*" # uncommon, but needed when called from an RPM upgrade action # They are not checked here, intentionally, as it is the resposibility # of the "spec" file author to give correct arguments only. -case `echo "testing\c"`,`echo -n testing` in - *c*,-n*) echo_n= echo_c= ;; - *c*,*) echo_n=-n echo_c= ;; - *) echo_n= echo_c='\c' ;; +# Upstream mysql stuff, no need to fix this +# shellcheck disable=SC2116,SC2039 +case "$(echo "testing\c")","$(echo -n testing)" in + *c*,-n*) echo_n="" echo_c="" ;; + *c*,*) echo_n=-n echo_c="" ;; + *) echo_n="" echo_c='\c' ;; esac parse_server_arguments() { for arg do case "$arg" in - --basedir=*) basedir=`echo "$arg" | sed -e 's/^[^=]*=//'` + --basedir=*) basedir="$(echo "$arg" | sed -e 's/^[^=]*=//')" bindir="$basedir/bin" if test -z "$datadir_set"; then datadir="$basedir/data" fi - sbindir="$basedir/sbin" libexecdir="$basedir/libexec" ;; - --datadir=*) datadir=`echo "$arg" | sed -e 's/^[^=]*=//'` + --datadir=*) datadir="$(echo "$arg" | sed -e 's/^[^=]*=//')" datadir_set=1 ;; - --pid-file=*) mysqld_pid_file_path=`echo "$arg" | sed -e 's/^[^=]*=//'` ;; - --service-startup-timeout=*) service_startup_timeout=`echo "$arg" | sed -e 's/^[^=]*=//'` ;; + --pid-file=*) mysqld_pid_file_path="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;; + --service-startup-timeout=*) service_startup_timeout="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;; esac done } @@ -151,7 +151,7 @@ wait_for_pid () { i=0 avoid_race_condition="by checking again" - while test $i -ne $service_startup_timeout ; do + while test "$i" -ne "$service_startup_timeout" ; do case "$verb" in 'created') @@ -186,7 +186,7 @@ wait_for_pid () { fi echo $echo_n ".$echo_c" - i=`expr $i + 1` + i=$((i + 1)) sleep 1 done @@ -205,23 +205,23 @@ wait_for_pid () { if test -x ./bin/my_print_defaults then print_defaults="./bin/my_print_defaults" -elif test -x $bindir/my_print_defaults +elif test -x "$bindir/my_print_defaults" then print_defaults="$bindir/my_print_defaults" -elif test -x $bindir/mysql_print_defaults +elif test -x "$bindir/mysql_print_defaults" then print_defaults="$bindir/mysql_print_defaults" else # Try to find basedir in /etc/my.cnf conf=/etc/my.cnf print_defaults= - if test -r $conf + if test -r "$conf" then subpat='^[^=]*basedir[^=]*=\(.*\)$' - dirs=`sed -e "/$subpat/!d" -e 's//\1/' $conf` + dirs="$(sed -e "/$subpat/!d" -e 's//\1/' "$conf")" for d in $dirs do - d=`echo $d | sed -e 's/[ ]//g'` + d="$(echo "$d" | sed -e 's/[ ]//g')" if test -x "$d/bin/my_print_defaults" then print_defaults="$d/bin/my_print_defaults" @@ -255,14 +255,14 @@ else fi fi -parse_server_arguments `$print_defaults $extra_args mysqld server mysql_server mysql.server` +parse_server_arguments "$("$print_defaults" "$extra_args" mysqld server mysql_server mysql.server)" # # Set pid file if not given # if test -z "$mysqld_pid_file_path" then - mysqld_pid_file_path=$datadir/`hostname`.pid + mysqld_pid_file_path="$datadir"/"$(hostname)".pid else case "$mysqld_pid_file_path" in /* ) ;; @@ -275,14 +275,14 @@ case "$mode" in # Start daemon # Safeguard (relative paths, core dumps..) - cd $basedir + cd "$basedir" || exit echo $echo_n "Starting MySQL" - if test -x $bindir/mysqld_safe + if test -x "$bindir/mysqld_safe" then # Give extra arguments to mysqld with the my.cnf file. This script # may be overwritten at next upgrade. - $bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --lc-messages-dir="$SNAP/share" --socket="$MYSQL_SOCKET" $other_args >/dev/null 2>&1 & + "$bindir/mysqld_safe" --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --lc-messages-dir="$SNAP/share" --socket="$MYSQL_SOCKET" "$other_args" >/dev/null 2>&1 & wait_for_pid created "$!" "$mysqld_pid_file_path"; return_value=$? # Make lock for RedHat / SuSE @@ -306,12 +306,12 @@ case "$mode" in # signal mysqld_safe that it needs to stop touch "$mysqld_pid_file_path.shutdown" - mysqld_pid=`cat "$mysqld_pid_file_path"` + mysqld_pid="$(cat "$mysqld_pid_file_path")" - if (kill -0 $mysqld_pid 2>/dev/null) + if (kill -0 "$mysqld_pid" 2>/dev/null) then echo $echo_n "Shutting down MySQL" - kill $mysqld_pid + kill "$mysqld_pid" # mysqld should remove the pid file when it exits, so wait for it. wait_for_pid removed "$mysqld_pid" "$mysqld_pid_file_path"; return_value=$? else @@ -333,8 +333,8 @@ case "$mode" in 'restart') # Stop the service and regardless of whether it was # running or not, start it again. - if $0 stop $other_args; then - $0 start $other_args + if $0 stop "$other_args"; then + $0 start "$other_args" else log_failure_msg "Failed to stop running server, so refusing to try to start." exit 1 @@ -343,8 +343,8 @@ case "$mode" in 'reload'|'force-reload') if test -s "$mysqld_pid_file_path" ; then - read mysqld_pid < "$mysqld_pid_file_path" - kill -HUP $mysqld_pid && log_success_msg "Reloading service MySQL" + read -r mysqld_pid < "$mysqld_pid_file_path" + kill -HUP "$mysqld_pid" && log_success_msg "Reloading service MySQL" touch "$mysqld_pid_file_path" else log_failure_msg "MySQL PID file could not be found!" @@ -354,8 +354,8 @@ case "$mode" in 'status') # First, check to see if pid file exists if test -s "$mysqld_pid_file_path" ; then - read mysqld_pid < "$mysqld_pid_file_path" - if kill -0 $mysqld_pid 2>/dev/null ; then + read -r mysqld_pid < "$mysqld_pid_file_path" + if kill -0 "$mysqld_pid" 2>/dev/null ; then log_success_msg "MySQL running ($mysqld_pid)" exit 0 else @@ -364,14 +364,14 @@ case "$mode" in fi else # Try to find appropriate mysqld process - mysqld_pid=`pidof $libexecdir/mysqld` + mysqld_pid="$(pidof "$libexecdir/mysqld")" # test if multiple pids exist - pid_count=`echo $mysqld_pid | wc -w` - if test $pid_count -gt 1 ; then + pid_count="$(echo "$mysqld_pid" | wc -w)" + if test "$pid_count" -gt 1 ; then log_failure_msg "Multiple MySQL running but PID file could not be found ($mysqld_pid)" exit 5 - elif test -z $mysqld_pid ; then + elif test -z "$mysqld_pid" ; then if test -f "$lock_file_path" ; then log_failure_msg "MySQL is not running, but lock file ($lock_file_path) exists" exit 2 @@ -386,7 +386,7 @@ case "$mode" in ;; *) # usage - basename=`basename "$0"` + basename="$(basename "$0")" echo "Usage: $basename {start|stop|restart|reload|force-reload|status} [ MySQL server options ]" exit 1 ;; diff --git a/src/mysql/utilities/mysql-utilities b/src/mysql/utilities/mysql-utilities index eb38ded..efd6692 100755 --- a/src/mysql/utilities/mysql-utilities +++ b/src/mysql/utilities/mysql-utilities @@ -4,22 +4,24 @@ export MYSQL_PIDFILE="/tmp/pids/mysql.pid" export MYSQL_SOCKET="/tmp/sockets/mysql.sock" export NEXTCLOUD_PASSWORD_FILE="$SNAP_DATA/mysql/nextcloud_password" -mkdir -p -m 750 "$(dirname $MYSQL_PIDFILE)" -mkdir -p -m 750 "$(dirname $MYSQL_SOCKET)" +mkdir -p "$(dirname "$MYSQL_PIDFILE")" +mkdir -p "$(dirname "$MYSQL_SOCKET")" +chmod 750 "$(dirname "$MYSQL_PIDFILE")" +chmod 750 "$(dirname "$MYSQL_SOCKET")" mysql_is_running() { - [ -f "$MYSQL_PIDFILE" -a -S "$MYSQL_SOCKET" ] + [ -f "$MYSQL_PIDFILE" ] && [ -S "$MYSQL_SOCKET" ] } wait_for_mysql() { if ! mysql_is_running; then - echo -n "Waiting for MySQL... " + printf "Waiting for MySQL... " while ! mysql_is_running; do sleep 1 done - echo "done" + printf "done\n" fi } diff --git a/src/nextcloud/bin/manual-install b/src/nextcloud/bin/manual-install index b604b70..c3caf8d 100755 --- a/src/nextcloud/bin/manual-install +++ b/src/nextcloud/bin/manual-install @@ -1,8 +1,11 @@ #!/bin/sh -. $SNAP/utilities/php-utilities -. $SNAP/utilities/mysql-utilities -. $SNAP/utilities/nextcloud-utilities +# shellcheck source=src/php/utilities/php-utilities +. "$SNAP/utilities/php-utilities" +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" COMMAND="nextcloud.manual-install" @@ -36,7 +39,7 @@ if [ $# != 2 ]; then exit 1 fi -if [ $(id -u) -ne 0 ]; then +if [ "$(id -u)" -ne 0 ]; then echo "This utility needs to run as root" exit 1 fi diff --git a/src/nextcloud/bin/nextcloud-cron b/src/nextcloud/bin/nextcloud-cron index 643716c..058b732 100755 --- a/src/nextcloud/bin/nextcloud-cron +++ b/src/nextcloud/bin/nextcloud-cron @@ -1,15 +1,16 @@ #!/bin/sh -. $SNAP/utilities/nextcloud-utilities +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" -echo -n "Waiting for Nextcloud config dir... " +printf "Waiting for Nextcloud config dir... " while [ ! -d "$NEXTCLOUD_CONFIG_DIR" ]; do sleep 1 done -echo "done" +printf "done\n" while true; do - run-php $SNAP/htdocs/cron.php + run-php "$SNAP/htdocs/cron.php" sleep 15m done diff --git a/src/nextcloud/bin/occ b/src/nextcloud/bin/occ index 5b0dcc6..6e5ddc7 100755 --- a/src/nextcloud/bin/occ +++ b/src/nextcloud/bin/occ @@ -1,11 +1,15 @@ #!/bin/sh -. $SNAP/utilities/mysql-utilities -. $SNAP/utilities/php-utilities -. $SNAP/utilities/redis-utilities -. $SNAP/utilities/nextcloud-utilities +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" +# shellcheck source=src/php/utilities/php-utilities +. "$SNAP/utilities/php-utilities" +# shellcheck source=src/redis/utilities/redis-utilities +. "$SNAP/utilities/redis-utilities" +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" -if [ $(id -u) -ne 0 ]; then +if [ "$(id -u)" -ne 0 ]; then echo "This utility needs to run as root" exit 1 fi @@ -14,4 +18,4 @@ fi wait_for_php wait_for_nextcloud_to_be_configured -run-php $SNAP/htdocs/occ "$@" +run-php "$SNAP/htdocs/occ" "$@" diff --git a/src/nextcloud/bin/setup_nextcloud b/src/nextcloud/bin/setup_nextcloud index 538d0ca..dcf685b 100755 --- a/src/nextcloud/bin/setup_nextcloud +++ b/src/nextcloud/bin/setup_nextcloud @@ -1,18 +1,25 @@ #!/bin/sh -. $SNAP/utilities/php-utilities -. $SNAP/utilities/mysql-utilities -. $SNAP/utilities/nextcloud-utilities -. $SNAP/utilities/redis-utilities +# shellcheck source=src/php/utilities/php-utilities +. "$SNAP/utilities/php-utilities" +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" +# shellcheck source=src/redis/utilities/redis-utilities +. "$SNAP/utilities/redis-utilities" # Make sure nextcloud directory exists -mkdir -p -m 750 $SNAP_COMMON/nextcloud +mkdir -p "$SNAP_COMMON/nextcloud" +chmod 750 "$SNAP_COMMON/nextcloud" # Make sure nextcloud tmp directory exists -mkdir -p -m 750 $SNAP_COMMON/nextcloud/tmp +mkdir -p "$SNAP_COMMON/nextcloud/tmp" +chmod 750 "$SNAP_COMMON/nextcloud/tmp" # Make sure nextcloud extra-apps directory exists (for user apps) -mkdir -p -m 750 $SNAP_DATA/nextcloud/extra-apps +mkdir -p "$SNAP_DATA/nextcloud/extra-apps" +chmod 750 "$SNAP_DATA/nextcloud/extra-apps" # We need both PHP and redis up and running before we can use occ wait_for_php @@ -21,17 +28,17 @@ wait_for_redis # If this is a new install, make sure it's configured correctly if [ ! -d "$NEXTCLOUD_CONFIG_DIR" ]; then echo "Configuring nextcloud..." - cp -r $SNAP/htdocs/config $NEXTCLOUD_CONFIG_DIR + cp -r "$SNAP/htdocs/config" "$NEXTCLOUD_CONFIG_DIR" else # This is not a new installation, so we don't want to overwrite the config. # However, we recently changed the location of sockets in the snap, so we # need to make sure the config is using the new location. - sed -ri "s|('host'\s*=>\s*)'/var/snap/.*redis.sock'|\1'$REDIS_SOCKET'|" $NEXTCLOUD_CONFIG_DIR/config.php - sed -ri "s|('dbhost'\s*=>\s*)'localhost:/var/snap/.*mysql.sock'|\1'localhost:$MYSQL_SOCKET'|" $NEXTCLOUD_CONFIG_DIR/config.php + sed -ri "s|('host'\s*=>\s*)'/var/snap/.*redis.sock'|\1'$REDIS_SOCKET'|" "$NEXTCLOUD_CONFIG_DIR/config.php" + sed -ri "s|('dbhost'\s*=>\s*)'localhost:/var/snap/.*mysql.sock'|\1'localhost:$MYSQL_SOCKET'|" "$NEXTCLOUD_CONFIG_DIR/config.php" # We'll also always copy over the autoconfig.php, since it's only used # upon installation. Just in case they haven't done that yet. - cp -r $SNAP/htdocs/config/autoconfig.php $NEXTCLOUD_CONFIG_DIR/ + cp -r "$SNAP/htdocs/config/autoconfig.php" "$NEXTCLOUD_CONFIG_DIR/" # Also make sure we're using Redis for the memcache and file locking. occ config:system:set redis host --value="$REDIS_SOCKET" --type=string diff --git a/src/nextcloud/utilities/nextcloud-utilities b/src/nextcloud/utilities/nextcloud-utilities index fad798c..6e03e19 100644 --- a/src/nextcloud/utilities/nextcloud-utilities +++ b/src/nextcloud/utilities/nextcloud-utilities @@ -1,7 +1,7 @@ #!/bin/sh -export NEXTCLOUD_CONFIG_DIR=$SNAP_DATA/nextcloud/config -export NEXTCLOUD_DATA_DIR=$SNAP_COMMON/nextcloud/data +export NEXTCLOUD_CONFIG_DIR="$SNAP_DATA/nextcloud/config" +export NEXTCLOUD_DATA_DIR="$SNAP_COMMON/nextcloud/data" nextcloud_is_configured() { @@ -11,10 +11,10 @@ nextcloud_is_configured() wait_for_nextcloud_to_be_configured() { if ! nextcloud_is_configured; then - echo -n "Waiting for Nextcloud to be configured... " + printf "Waiting for Nextcloud to be configured... " while ! nextcloud_is_configured; do sleep 1 done - echo "done" + printf "done\n" fi } diff --git a/src/php/bin/run-php b/src/php/bin/run-php index 3f28f07..fd43c95 100755 --- a/src/php/bin/run-php +++ b/src/php/bin/run-php @@ -1,7 +1,9 @@ #!/bin/sh -. $SNAP/utilities/php-utilities +# shellcheck source=src/php/utilities/php-utilities +. "$SNAP/utilities/php-utilities" -export PHP_MEMORY_LIMIT="$(php_memory_limit)" +PHP_MEMORY_LIMIT="$(php_memory_limit)" +export PHP_MEMORY_LIMIT -php -c $SNAP/config/php "$@" +php -c "$SNAP/config/php" "$@" diff --git a/src/php/bin/start-php-fpm b/src/php/bin/start-php-fpm index 1cad901..c120bab 100755 --- a/src/php/bin/start-php-fpm +++ b/src/php/bin/start-php-fpm @@ -1,12 +1,18 @@ #!/bin/sh -. $SNAP/utilities/mysql-utilities -. $SNAP/utilities/php-utilities -. $SNAP/utilities/redis-utilities -. $SNAP/utilities/nextcloud-utilities -. $SNAP/utilities/hook-utilities +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" +# shellcheck source=src/php/utilities/php-utilities +. "$SNAP/utilities/php-utilities" +# shellcheck source=src/redis/utilities/redis-utilities +. "$SNAP/utilities/redis-utilities" +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" +# shellcheck source=src/hooks/utilities/hook-utilities +. "$SNAP/utilities/hook-utilities" -mkdir -p -m 750 ${SNAP_DATA}/php +mkdir -p "${SNAP_DATA}/php" +chmod 750 "${SNAP_DATA}/php" # Make sure the configure hook isn't running (otherwise we'll run on old # configuration data) @@ -16,26 +22,27 @@ wait_for_configure_hook wait_for_mysql # Wait until we have an nextcloud mysql password -echo -n "Obtaining nextcloud mysql credentials... " +printf "Obtaining nextcloud mysql credentials... " nextcloud_password_path=$SNAP_DATA/mysql/nextcloud_password timeout=10 -while [ $timeout -gt 0 -a ! -e $nextcloud_password_path ]; do +while [ $timeout -gt 0 ] && [ ! -e "$nextcloud_password_path" ]; do timeout=$((timeout-1)) sleep 1 done -if [ ! -e $nextcloud_password_path ]; then - echo "" - echo -n "Timed out while attempting to obtain nextcloud mysql password. " - echo -n "This isn't unusual when starting up for the first time after " - echo "an install or an upgrade. Will try again." +if [ ! -e "$nextcloud_password_path" ]; then + printf "\nTimed out while attempting to obtain nextcloud mysql password. " + printf "This isn't unusual when starting up for the first time after " + printf "an install or an upgrade. Will try again.\n" exit 1 fi -echo "done" +printf "done\n" # Tends to be between 30-50MB average_php_memory_requirement=50 total_memory=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo) -export PHP_FPM_MAX_CHILDREN=$(($total_memory/$average_php_memory_requirement)) -export PHP_MEMORY_LIMIT="$(php_memory_limit)" +PHP_FPM_MAX_CHILDREN=$((total_memory/average_php_memory_requirement)) +PHP_MEMORY_LIMIT="$(php_memory_limit)" +export PHP_FPM_MAX_CHILDREN +export PHP_MEMORY_LIMIT -php-fpm -R -F --fpm-config ${SNAP}/config/php/php-fpm.conf -c ${SNAP}/config/php +php-fpm -R -F --fpm-config "${SNAP}/config/php/php-fpm.conf" -c "${SNAP}/config/php" diff --git a/src/php/utilities/php-utilities b/src/php/utilities/php-utilities index 42a4f85..a3149fb 100755 --- a/src/php/utilities/php-utilities +++ b/src/php/utilities/php-utilities @@ -4,23 +4,24 @@ DEFAULT_MEMORY_LIMIT="128M" export PHP_FPM_PIDFILE="/tmp/pids/php-fpm.pid" export PHP_FPM_SOCKET="/tmp/sockets/php-fpm.sock" -mkdir -p -m 750 "$(dirname $PHP_FPM_PIDFILE)" -mkdir -p -m 750 "$(dirname $PHP_FPM_SOCKET)" +mkdir -p "$(dirname "$PHP_FPM_PIDFILE")" +mkdir -p "$(dirname "$PHP_FPM_SOCKET")" +chmod 750 "$(dirname "$PHP_FPM_PIDFILE")" +chmod 750 "$(dirname "$PHP_FPM_SOCKET")" restart_php_if_running() { if php_is_running; then # Restart PHP by stopping it and letting systemd start it again. pid="$(php_pid)" - echo -n "Restarting PHP... " - output=$(kill -15 $pid 2>&1) - if [ $? -eq 0 ]; then - while kill -0 $pid 2>/dev/null; do + printf "Restarting PHP... " + if output="$(kill -15 "$pid" 2>&1)"; then + while kill -0 "$pid" 2>/dev/null; do sleep 1 done - echo "done" + printf "done\n" else - echo "error" + printf "error\n" echo "$output" return 1 fi @@ -29,17 +30,17 @@ restart_php_if_running() php_is_running() { - [ -f "$PHP_FPM_PIDFILE" -a -S "$PHP_FPM_SOCKET" ] + [ -f "$PHP_FPM_PIDFILE" ] && [ -S "$PHP_FPM_SOCKET" ] } wait_for_php() { if ! php_is_running; then - echo -n "Waiting for PHP... " + printf "Waiting for PHP... " while ! php_is_running; do sleep 1 done - echo "done" + printf "done\n" fi } @@ -72,7 +73,7 @@ php_set_memory_limit() php_previous_memory_limit() { - echo "$(snapctl get private.php.memory-limit)" + snapctl get private.php.memory-limit } php_set_previous_memory_limit() diff --git a/src/redis/bin/start-redis-server b/src/redis/bin/start-redis-server index c779847..5cbc923 100755 --- a/src/redis/bin/start-redis-server +++ b/src/redis/bin/start-redis-server @@ -1,10 +1,12 @@ #!/bin/sh -. $SNAP/utilities/redis-utilities +# shellcheck source=src/redis/utilities/redis-utilities +. "$SNAP/utilities/redis-utilities" -mkdir -p -m 750 ${SNAP_DATA}/redis +mkdir -p "${SNAP_DATA}/redis" +chmod 750 "${SNAP_DATA}/redis" # redis doesn't support environment variables in its config files. Thankfully # it supports reading the config file from stdin though, so we'll rewrite the # config file on the fly and pipe it in. -sed -e "s|\${SNAP_DATA}|$SNAP_DATA|;s|\${REDIS_PIDFILE}|$REDIS_PIDFILE|;s|\${REDIS_SOCKET}|$REDIS_SOCKET|" $SNAP/config/redis/redis.conf | redis-server - +sed -e "s|\${SNAP_DATA}|$SNAP_DATA|;s|\${REDIS_PIDFILE}|$REDIS_PIDFILE|;s|\${REDIS_SOCKET}|$REDIS_SOCKET|" "$SNAP/config/redis/redis.conf" | redis-server - diff --git a/src/redis/utilities/redis-utilities b/src/redis/utilities/redis-utilities index 4590cdf..0964542 100755 --- a/src/redis/utilities/redis-utilities +++ b/src/redis/utilities/redis-utilities @@ -3,22 +3,24 @@ export REDIS_PIDFILE="/tmp/pids/redis.pid" export REDIS_SOCKET="/tmp/sockets/redis.sock" -mkdir -p -m 750 "$(dirname $REDIS_PIDFILE)" -mkdir -p -m 750 "$(dirname $REDIS_SOCKET)" +mkdir -p "$(dirname "$REDIS_PIDFILE")" +mkdir -p "$(dirname "$REDIS_SOCKET")" +chmod 750 "$(dirname "$REDIS_PIDFILE")" +chmod 750 "$(dirname "$REDIS_SOCKET")" redis_is_running() { - [ -f "$REDIS_PIDFILE" -a -S "$REDIS_SOCKET" ] + [ -f "$REDIS_PIDFILE" ] && [ -S "$REDIS_SOCKET" ] } wait_for_redis() { if ! redis_is_running; then - echo -n "Waiting for redis... " + printf "Waiting for redis... " while ! redis_is_running; do sleep 1 done - echo "done" + printf "done\n" fi } diff --git a/tests/static.sh b/tests/static.sh new file mode 100755 index 0000000..7999705 --- /dev/null +++ b/tests/static.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +tests_dir=$(CDPATH="" cd -- "$(dirname -- "$0")" && pwd) + +run_shellcheck() +{ + checks=0 + failures=0 + while IFS= read -r file; do + # Skip hidden files + if expr "$(basename "$file")" : '^\.' > /dev/null; then + continue + fi + + checks=$((checks+1)) + if ! shellcheck -x "$file"; then + failures=$((failures+1)) + fi + done + + echo "Checked $checks files ($failures failed)" + + if [ $failures -gt 0 ]; then + return 1 + fi + + return 0 +} + +grep -rl "^#!/bin/sh" "$tests_dir/../src/" | run_shellcheck From 575a70de0f32d19fd10d4985a022addb64e88ca2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sat, 29 Jul 2017 18:24:28 +0000 Subject: [PATCH 152/416] mysql: update to 5.7.22 Also start using directly from upstream and applying kyrofa's patch instead of using a fork. Resolve #329 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 17 +++- src/mysql/support-files/mysql.server | 80 ---------------- ...ompile-time-disabling-of-setpriority.patch | 92 +++++++++++++++++++ 3 files changed, 105 insertions(+), 84 deletions(-) create mode 100644 src/patches/support-compile-time-disabling-of-setpriority.patch diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3d130ed..02e63f8 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -254,9 +254,13 @@ parts: mysql: plugin: cmake - source: https://github.com/kyrofa/mysql-server.git - source-branch: mysql-5.7.18_support_no_setpriority - after: [boost] + source: https://github.com/mysql/mysql-server.git + source-tag: mysql-5.7.22 + source-depth: 1 + override-pull: | + snapcraftctl pull + git apply $SNAPCRAFT_STAGE/support-compile-time-disabling-of-setpriority.patch + after: [boost, patches] configflags: - -DWITH_BOOST=$SNAPCRAFT_STAGE - -DWITH_INNODB_PAGE_CLEANER_PRIORITY=OFF @@ -264,7 +268,6 @@ parts: - -DBUILD_CONFIG=mysql_release - -DWITH_UNIT_TESTS=OFF - -DWITH_EMBEDDED_SERVER=OFF - - -DWITH_EMBEDDED_SHARED_LIBRARY=OFF - -DWITH_ARCHIVE_STORAGE_ENGINE=OFF - -DWITH_BLACKHOLE_STORAGE_ENGINE=OFF - -DWITH_FEDERATED_STORAGE_ENGINE=OFF @@ -315,6 +318,12 @@ parts: plugin: dump source: src/mysql/ + patches: + source: src/patches + plugin: dump + prime: + - -* + mdns-publisher: plugin: godeps source: https://github.com/kyrofa/mdns-publisher.git diff --git a/src/mysql/support-files/mysql.server b/src/mysql/support-files/mysql.server index cd6975c..d6fb637 100755 --- a/src/mysql/support-files/mysql.server +++ b/src/mysql/support-files/mysql.server @@ -82,10 +82,6 @@ else libexecdir="$basedir/libexec" fi -# datadir_set is used to determine if datadir was set (and so should be -# *not* set inside of the --basedir= handler.) -datadir_set= - # # Use LSB init script functions for printing messages, if possible # @@ -124,25 +120,6 @@ case "$(echo "testing\c")","$(echo -n testing)" in *) echo_n="" echo_c='\c' ;; esac -parse_server_arguments() { - for arg do - case "$arg" in - --basedir=*) basedir="$(echo "$arg" | sed -e 's/^[^=]*=//')" - bindir="$basedir/bin" - if test -z "$datadir_set"; then - datadir="$basedir/data" - fi - libexecdir="$basedir/libexec" - ;; - --datadir=*) datadir="$(echo "$arg" | sed -e 's/^[^=]*=//')" - datadir_set=1 - ;; - --pid-file=*) mysqld_pid_file_path="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;; - --service-startup-timeout=*) service_startup_timeout="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;; - esac - done -} - wait_for_pid () { verb="$1" # created | removed pid="$2" # process ID of the program operating on the pid-file @@ -200,63 +177,6 @@ wait_for_pid () { fi } -# Get arguments from the my.cnf file, -# the only group, which is read from now on is [mysqld] -if test -x ./bin/my_print_defaults -then - print_defaults="./bin/my_print_defaults" -elif test -x "$bindir/my_print_defaults" -then - print_defaults="$bindir/my_print_defaults" -elif test -x "$bindir/mysql_print_defaults" -then - print_defaults="$bindir/mysql_print_defaults" -else - # Try to find basedir in /etc/my.cnf - conf=/etc/my.cnf - print_defaults= - if test -r "$conf" - then - subpat='^[^=]*basedir[^=]*=\(.*\)$' - dirs="$(sed -e "/$subpat/!d" -e 's//\1/' "$conf")" - for d in $dirs - do - d="$(echo "$d" | sed -e 's/[ ]//g')" - if test -x "$d/bin/my_print_defaults" - then - print_defaults="$d/bin/my_print_defaults" - break - fi - if test -x "$d/bin/mysql_print_defaults" - then - print_defaults="$d/bin/mysql_print_defaults" - break - fi - done - fi - - # Hope it's in the PATH ... but I doubt it - test -z "$print_defaults" && print_defaults="my_print_defaults" -fi - -# -# Read defaults file from 'basedir'. If there is no defaults file there -# check if it's in the old (depricated) place (datadir) and read it from there -# - -extra_args="" -if test -r "$basedir/my.cnf" -then - extra_args="-e $basedir/my.cnf" -else - if test -r "$datadir/my.cnf" - then - extra_args="-e $datadir/my.cnf" - fi -fi - -parse_server_arguments "$("$print_defaults" "$extra_args" mysqld server mysql_server mysql.server)" - # # Set pid file if not given # diff --git a/src/patches/support-compile-time-disabling-of-setpriority.patch b/src/patches/support-compile-time-disabling-of-setpriority.patch new file mode 100644 index 0000000..569a01b --- /dev/null +++ b/src/patches/support-compile-time-disabling-of-setpriority.patch @@ -0,0 +1,92 @@ +From bb6c86ca997b2ca1b052cb83e91152220fe149ad Mon Sep 17 00:00:00 2001 +From: Kyle Fazzari +Date: Fri, 25 Mar 2016 15:03:38 +0000 +Subject: [PATCH] Support compile-time disabling of setpriority(). + +This is to support running on systems such as Snappy Ubuntu Core, +e.g. heavily confined using seccomp filters. In such a situation, +without this commit, MySQL is aborted as soon as it tries to call +setpriority(). With this commit, MySQL can be built without +setpriority() by using -DWITH_INNODB_PAGE_CLEANER_PRIORITY=OFF, +thus supporting such systems. + +Signed-off-by: Kyle Fazzari +--- + storage/innobase/buf/buf0flu.cc | 12 ++++++------ + storage/innobase/innodb.cmake | 5 +++++ + 2 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/storage/innobase/buf/buf0flu.cc b/storage/innobase/buf/buf0flu.cc +index 5a8a3567e0f..0961f757b1a 100644 +--- a/storage/innobase/buf/buf0flu.cc ++++ b/storage/innobase/buf/buf0flu.cc +@@ -2952,7 +2952,7 @@ pc_wait_finished( + return(all_succeeded); + } + +-#ifdef UNIV_LINUX ++#if defined(UNIV_LINUX) && defined(SET_PAGE_CLEANER_PRIORITY) + /** + Set priority for page_cleaner threads. + @param[in] priority priority intended to set +@@ -2967,7 +2967,7 @@ buf_flush_page_cleaner_set_priority( + return(getpriority(PRIO_PROCESS, (pid_t)syscall(SYS_gettid)) + == priority); + } +-#endif /* UNIV_LINUX */ ++#endif /* UNIV_LINUX && SET_PAGE_CLEANER_PRIORITY */ + + #ifdef UNIV_DEBUG + /** Loop used to disable page cleaner threads. */ +@@ -3113,7 +3113,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_coordinator)( + << os_thread_pf(os_thread_get_curr_id()); + #endif /* UNIV_DEBUG_THREAD_CREATION */ + +-#ifdef UNIV_LINUX ++#if defined(UNIV_LINUX) && defined(SET_PAGE_CLEANER_PRIORITY) + /* linux might be able to set different setting for each thread. + worth to try to set high priority for page cleaner threads */ + if (buf_flush_page_cleaner_set_priority( +@@ -3126,7 +3126,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_coordinator)( + " page cleaner thread priority can be changed." + " See the man page of setpriority()."; + } +-#endif /* UNIV_LINUX */ ++#endif /* UNIV_LINUX && SET_PAGE_CLEANER_PRIORITY */ + + buf_page_cleaner_is_active = true; + +@@ -3481,7 +3481,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_worker)( + page_cleaner->n_workers++; + mutex_exit(&page_cleaner->mutex); + +-#ifdef UNIV_LINUX ++#if defined(UNIV_LINUX) && defined(SET_PAGE_CLEANER_PRIORITY) + /* linux might be able to set different setting for each thread + worth to try to set high priority for page cleaner threads */ + if (buf_flush_page_cleaner_set_priority( +@@ -3490,7 +3490,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_worker)( + ib::info() << "page_cleaner worker priority: " + << buf_flush_page_cleaner_priority; + } +-#endif /* UNIV_LINUX */ ++#endif /* UNIV_LINUX && SET_PAGE_CLEANER_PRIORITY */ + + while (true) { + os_event_wait(page_cleaner->is_requested); +diff --git a/storage/innobase/innodb.cmake b/storage/innobase/innodb.cmake +index a90fe67f492..0d0a3ad7e3b 100644 +--- a/storage/innobase/innodb.cmake ++++ b/storage/innobase/innodb.cmake +@@ -38,6 +38,11 @@ IF(UNIX) + LINK_LIBRARIES(aio) + ENDIF() + ++ OPTION(WITH_INNODB_PAGE_CLEANER_PRIORITY "Set a high priority for page cleaner threads" ON) ++ IF(WITH_INNODB_PAGE_CLEANER_PRIORITY) ++ ADD_DEFINITIONS("-DSET_PAGE_CLEANER_PRIORITY") ++ ENDIF() ++ + ELSEIF(CMAKE_SYSTEM_NAME STREQUAL "SunOS") + ADD_DEFINITIONS("-DUNIV_SOLARIS") + ENDIF() From af48a04c33dbaf59b37c472539bbf81940802b90 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 12 Jun 2018 13:09:19 -0700 Subject: [PATCH 153/416] mysql: don't consider mysql available until after restart The process of actually firing MySQL up includes upgrading its schema, after which it's restarted. If other daemons fire up at the right time, they could already be relying on MySQL's presence when it restarts out from under them. Other daemons shouldn't consider MySQL ready until after it has completed this logic. Fix #607 Signed-off-by: Kyle Fazzari --- src/mysql/bin/start_mysql | 8 ++++++-- src/mysql/utilities/mysql-utilities | 26 +++++++++++++++++++++++--- src/nextcloud/bin/manual-install | 2 ++ src/php/bin/start-php-fpm | 1 + 4 files changed, 32 insertions(+), 5 deletions(-) diff --git a/src/mysql/bin/start_mysql b/src/mysql/bin/start_mysql index 274a32a..9fca60f 100755 --- a/src/mysql/bin/start_mysql +++ b/src/mysql/bin/start_mysql @@ -12,6 +12,8 @@ if mysqld --initialize-insecure --basedir="$SNAP" --datadir="$SNAP_DATA/mysql" - new_install=true fi +set_mysql_setup_running + # Start mysql "$SNAP/support-files/mysql.server" start @@ -65,7 +67,7 @@ else fi # Wait here until mysql is running -wait_for_mysql +wait_for_mysql -f # Check and upgrade mysql tables if necessary. This will return 0 if the upgrade # succeeded, in which case we need to restart mysql. @@ -75,7 +77,7 @@ if mysql_upgrade --defaults-file="$root_option_file"; then "$SNAP/support-files/mysql.server" restart # Wait for server to come back after upgrade - wait_for_mysql + wait_for_mysql -f fi # If this was a new installation, wait until the server is all up and running @@ -85,6 +87,8 @@ if [ $new_install = true ]; then mysql_set_nextcloud_password "$nextcloud_password" fi +set_mysql_setup_not_running + # Wait here until mysql exits (turn a forking service into simple). This is # only needed for Ubuntu Core 15.04, as 16.04 supports forking services. pid=$(mysql_pid) diff --git a/src/mysql/utilities/mysql-utilities b/src/mysql/utilities/mysql-utilities index efd6692..5ae2c82 100755 --- a/src/mysql/utilities/mysql-utilities +++ b/src/mysql/utilities/mysql-utilities @@ -3,6 +3,7 @@ export MYSQL_PIDFILE="/tmp/pids/mysql.pid" export MYSQL_SOCKET="/tmp/sockets/mysql.sock" export NEXTCLOUD_PASSWORD_FILE="$SNAP_DATA/mysql/nextcloud_password" +MYSQL_SETUP_LOCKFILE="/tmp/locks/mysql-setup" mkdir -p "$(dirname "$MYSQL_PIDFILE")" mkdir -p "$(dirname "$MYSQL_SOCKET")" @@ -11,20 +12,39 @@ chmod 750 "$(dirname "$MYSQL_SOCKET")" mysql_is_running() { - [ -f "$MYSQL_PIDFILE" ] && [ -S "$MYSQL_SOCKET" ] + # Arguments: + # -f: Force the check, i.e. ignore if it's currently in setup + [ -f "$MYSQL_PIDFILE" ] && [ -S "$MYSQL_SOCKET" ] && (! mysql_setup_running || [ "$1" = "-f" ]) } wait_for_mysql() { - if ! mysql_is_running; then + # Arguments: + # -f: Force the check, i.e. ignore if it's currently in setup + if ! mysql_is_running "$@"; then printf "Waiting for MySQL... " - while ! mysql_is_running; do + while ! mysql_is_running "$@"; do sleep 1 done printf "done\n" fi } +mysql_setup_running() +{ + [ -f "$MYSQL_SETUP_LOCKFILE" ] +} + +set_mysql_setup_running() +{ + touch "$MYSQL_SETUP_LOCKFILE" +} + +set_mysql_setup_not_running() +{ + rm -f "$MYSQL_SETUP_LOCKFILE" +} + mysql_pid() { if mysql_is_running; then diff --git a/src/nextcloud/bin/manual-install b/src/nextcloud/bin/manual-install index c3caf8d..24a4adc 100755 --- a/src/nextcloud/bin/manual-install +++ b/src/nextcloud/bin/manual-install @@ -49,6 +49,8 @@ password=$2 # We can't do anything until PHP and MySQL are up and running wait_for_php + +# shellcheck disable=SC2119 wait_for_mysql # Now we can use 'occ maintenance:install' diff --git a/src/php/bin/start-php-fpm b/src/php/bin/start-php-fpm index c120bab..cc78c05 100755 --- a/src/php/bin/start-php-fpm +++ b/src/php/bin/start-php-fpm @@ -19,6 +19,7 @@ chmod 750 "${SNAP_DATA}/php" wait_for_configure_hook # We need to make sure mysql is running so we can run the migration process +# shellcheck disable=SC2119 wait_for_mysql # Wait until we have an nextcloud mysql password From de8345bd705aa09789000c8718b80c768c0425bb Mon Sep 17 00:00:00 2001 From: bn4t Date: Sun, 3 Jun 2018 17:13:33 +0200 Subject: [PATCH 154/416] nextcloud: make cron interval adjustable Fix #350 Signed-off-by: Kyle Fazzari --- README.md | 15 ++++++++++ snap/snapcraft.yaml | 2 +- src/hooks/bin/configure | 31 ++++++++++++++++++++- src/nextcloud/bin/nextcloud-cron | 7 ++++- src/nextcloud/utilities/nextcloud-utilities | 28 +++++++++++++++++++ 5 files changed, 80 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index fa627f4..8fe7a56 100644 --- a/README.md +++ b/README.md @@ -101,6 +101,21 @@ To set it to be unlimited (not recommended), use -1: $ sudo snap set nextcloud php.memory-limit=-1 +#### Cronjob interval configuration + +By default the cronjob interval is 15 minutes. + +To adjust it (say, 10 minutes) simply run: + + $ sudo snap set nextcloud nextcloud.cron-interval=10m + +If you want to disable the cronjob completely, run: + + $ sudo snap set nextcloud nextcloud.cron-interval=-1 + +To reenable it again simply set the `nextcloud.cron-interval` snap variable to a value that isn't `-1` + + ### Included CLI utilities There are a few CLI utilities included: diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 02e63f8..10d2282 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -77,7 +77,7 @@ apps: nextcloud-cron: command: nextcloud-cron daemon: simple - restart-condition: always + restart-condition: on-failure plugs: [network, network-bind, removable-media] # Command for manually installing instead of visiting site to create admin. diff --git a/src/hooks/bin/configure b/src/hooks/bin/configure index 2c54223..a543cf8 100755 --- a/src/hooks/bin/configure +++ b/src/hooks/bin/configure @@ -11,6 +11,10 @@ # - php.memory-limit (string) # Memory limit for PHP workers. String can include units, e.g. 32M is 32 # megabytes. +# +# - nextcloud.cron-interval (string) +# Interval of the internal Nextcloud cronjob +# # shellcheck source=src/apache/utilities/apache-utilities . "$SNAP/utilities/apache-utilities" @@ -18,6 +22,8 @@ . "$SNAP/utilities/php-utilities" # shellcheck source=src/hooks/utilities/hook-utilities . "$SNAP/utilities/hook-utilities" +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. $SNAP/utilities/nextcloud-utilities handle_apache_port_config() { @@ -83,9 +89,32 @@ handle_php_memory_limit() php_set_previous_memory_limit "$memory_limit" } +handle_cronjob_interval() +{ + interval="$(cronjob_interval)" + previous_interval="$(previous_cronjob_interval)" + + # If no changes were requested, then there's nothing to do here. + if [ "$interval" = "$previous_interval" ]; then + return 0 + fi + + # Validate time interval seconds (s), minutes (m), hours (h), "-1" or no specified type(by default seconds) are allowed + if ! expr "$interval" : '^\(\(\([0-9]*\.\)\?[0-9]\+[smhd]\?\)\|\(\-1\)\)$' > /dev/null; then + echo "\"$interval\" is not a valid timespan" >&2 + return 4 + fi + + set_cronjob_interval "$interval" + set_previous_cronjob_interval "$interval" + + # restart cronjob + snapctl restart nextcloud.nextcloud-cron +} + # Signal to services that the configure hook is running. Useful to ensure # services don't restart until the configuration transaction has completed. set_configure_hook_running trap 'set_configure_hook_not_running' EXIT -handle_apache_port_config && handle_php_memory_limit +handle_apache_port_config && handle_php_memory_limit && handle_cronjob_interval diff --git a/src/nextcloud/bin/nextcloud-cron b/src/nextcloud/bin/nextcloud-cron index 058b732..f0448e9 100755 --- a/src/nextcloud/bin/nextcloud-cron +++ b/src/nextcloud/bin/nextcloud-cron @@ -11,6 +11,11 @@ done printf "done\n" while true; do + # Exit the entire job if the requested interval is -1 + if [ "$(cronjob_interval)" = "-1" ]; then + exit 0 + fi + run-php "$SNAP/htdocs/cron.php" - sleep 15m + sleep "$(cronjob_interval)" done diff --git a/src/nextcloud/utilities/nextcloud-utilities b/src/nextcloud/utilities/nextcloud-utilities index 6e03e19..d2a9e42 100644 --- a/src/nextcloud/utilities/nextcloud-utilities +++ b/src/nextcloud/utilities/nextcloud-utilities @@ -2,6 +2,7 @@ export NEXTCLOUD_CONFIG_DIR="$SNAP_DATA/nextcloud/config" export NEXTCLOUD_DATA_DIR="$SNAP_COMMON/nextcloud/data" +DEFAULT_CRONJOB_INTERVAL="15m" nextcloud_is_configured() { @@ -18,3 +19,30 @@ wait_for_nextcloud_to_be_configured() printf "done\n" fi } + +cronjob_interval() +{ + interval="$(snapctl get nextcloud.cron-interval)" + if [ -z "$interval" ]; then + interval="$DEFAULT_CRONJOB_INTERVAL" + set_cronjob_interval "$interval" + set_previous_cronjob_interval "$interval" + fi + + echo "$interval" +} + +previous_cronjob_interval() +{ + snapctl get private.nextcloud.cron-interval +} + +set_cronjob_interval() +{ + snapctl set nextcloud.cron-interval="$1" +} + +set_previous_cronjob_interval() +{ + snapctl set private.nextcloud.cron-interval="$1" +} From ff3c991adf80494c1f2cd897e79d2e0a8488ca96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Fri, 8 Jun 2018 20:36:11 +0200 Subject: [PATCH 155/416] nextcloud: update to 13.0.4 Resolve #594 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 10d2282..f26ab74 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -142,8 +142,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-13.0.2.tar.bz2 - source-checksum: sha256/7396f98a1a53a9f4b144f55360d87c89cb6ee899feef1cfbf29a736219f9c47d + source: https://download.nextcloud.com/server/releases/nextcloud-13.0.4.tar.bz2 + source-checksum: sha256/18d514145fcddc86f48d0a5fa4a0d4b07617135a1b23107137a6ea3ed519bd54 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 3a8b3dcbe5f4843b92d41586001b75fc10a0bb78 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 17 Jun 2018 08:43:05 -0700 Subject: [PATCH 156/416] Update version to 13.0.4snap1 Also update CHANGELOG and README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 8 ++++++++ README.md | 2 +- snap/snapcraft.yaml | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index e75e088..adee2e0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,11 @@ +v 13.0.4snap1 + - nextcloud: update to 13.0.4 + - nextcloud: make cron interval adjustable + - mysql: don't consider mysql available until after restart + - mysql: update to 5.7.22 + - many: implement static checks + - https: patch certbot to ignore system config + v 13.0.2snap1 - nextcloud: update to 13.0.2 - php: use configured memory limit for PHP CLI utilities diff --git a/README.md b/README.md index 8fe7a56..1bd5102 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 13.0.2 +- Nextcloud 13.0.4 - Apache 2.4 - PHP 7.1 - MySQL 5.7 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f26ab74..3e2c5e3 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 13.0.2snap1 +version: 13.0.4snap1 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From 57598c8988307c0a1cdba4379214c99a411b6993 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sun, 1 Jul 2018 11:36:37 +0200 Subject: [PATCH 157/416] Add FTP support in PHP for external storage. Fixes #503 --- snap/snapcraft.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3e2c5e3..baca20c 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -181,6 +181,7 @@ parts: - --with-jpeg-dir=/usr/lib - --with-freetype-dir=/usr/lib - --disable-rpath + - --enable-ftp # Enable ldap. - --with-libdir=lib/ARCH_TRIPLET From 9867f324d5693c15edff55d1e90237aad8f5e1e1 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 24 Jul 2018 13:48:22 -0700 Subject: [PATCH 158/416] apache: update to 2.4.34 Resolve #643 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3e2c5e3..105276b 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -92,15 +92,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.33.tar.bz2 - source-checksum: sha256/de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 - - override-build: | - # For some reason, all directories in (and after) 2.4.32 are setgid. - # Reported as https://bz.apache.org/bugzilla/show_bug.cgi?id=62298 - # Work around by unsetting setgid. FIXME: Remove when bug is fixed. - find . -perm -g+s -exec chmod g-s {} \; - snapcraftctl build + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.34.tar.bz2 + source-checksum: sha256/fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0 # The built-in Apache modules to enable modules: From e25bd36ecfb6ebdedc7f9398a6e1fd159c8cb4a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sat, 28 Jul 2018 16:45:53 +0200 Subject: [PATCH 159/416] nextcloud: update to 13.0.5 Resolve #644 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c011b0b..ec40e60 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -135,8 +135,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-13.0.4.tar.bz2 - source-checksum: sha256/18d514145fcddc86f48d0a5fa4a0d4b07617135a1b23107137a6ea3ed519bd54 + source: https://download.nextcloud.com/server/releases/nextcloud-13.0.5.tar.bz2 + source-checksum: sha256/a110d32849259ab79813af3078123a09057fc659ee414e5f3ed75451ec9e80ea organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From e3b4cbb61193da235fe4e11a753a9e56cf66b6f7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 29 Jul 2018 08:47:05 -0700 Subject: [PATCH 160/416] php: update to 7.1.20 Resolve #652 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c011b0b..aac05d4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -149,8 +149,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.1.17.tar.bz2/from/this/mirror - source-checksum: sha256/e124e3ac552c50f3890ed981d07b2ee473cac961885e75186ded0bbb5b78dbcf + source: https://php.net/get/php-7.1.20.tar.bz2/from/this/mirror + source-checksum: sha256/3a1b476c88fb81254ea572e891a1d65053ab54068348e00c75e8b54fae691d45 source-type: tar install-via: prefix configflags: From d1a012230e3213520f37dcb8d4e2aefa71ceff6f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 29 Jul 2018 15:23:32 -0700 Subject: [PATCH 161/416] Update version to 13.0.5snap1 Also update README and CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 6 ++++++ README.md | 2 +- snap/snapcraft.yaml | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index adee2e0..e96f126 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +v 13.0.5snap1 + - php: update to 7.1.20 + - nextcloud: update to 13.0.5 + - apache: update to 2.4.34 + - php: enable FTP support + v 13.0.4snap1 - nextcloud: update to 13.0.4 - nextcloud: make cron interval adjustable diff --git a/README.md b/README.md index 1bd5102..1f35ef3 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 13.0.4 +- Nextcloud 13.0.5 - Apache 2.4 - PHP 7.1 - MySQL 5.7 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 64c645d..930d847 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 13.0.4snap1 +version: 13.0.5snap1 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From 538ba6d380f845055baf1fdf6374e06a56fa1823 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 3 Aug 2018 10:37:12 -0700 Subject: [PATCH 162/416] certbot: update to 0.26.1 Resolve #665 Signed-off-by: Kyle Fazzari --- src/https/requirements.txt | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/https/requirements.txt b/src/https/requirements.txt index 1c0c99d..9ef6a91 100644 --- a/src/https/requirements.txt +++ b/src/https/requirements.txt @@ -1,28 +1,29 @@ -acme==0.24.0 +acme==0.26.1 asn1crypto==0.24.0 -certbot==0.24.0 +certbot==0.26.1 certifi==2018.4.16 cffi==1.11.5 chardet==3.0.4 ConfigArgParse==0.13.0 configobj==5.0.6 -cryptography==2.2.2 +cryptography==2.3 enum34==1.1.6 funcsigs==1.0.2 future==0.16.0 -idna==2.6 +idna==2.7 ipaddress==1.0.22 josepy==1.1.0 mock==2.0.0 parsedatetime==2.4 -pbr==4.0.2 +pbr==4.2.0 pycparser==2.18 -pyOpenSSL==17.5.0 -pyRFC3339==1.0 -pytz==2018.4 -requests==2.18.4 +pyOpenSSL==18.0.0 +pyRFC3339==1.1 +pytz==2018.5 +requests==2.19.1 +requests-toolbelt==0.8.0 six==1.11.0 -urllib3==1.22 +urllib3==1.23 zope.component==4.4.1 zope.event==4.3.0 zope.interface==4.5.0 From b1fc4b700e6ca99b5f79c7c8dc7b2d0c69a07278 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 25 Aug 2018 20:37:58 -0700 Subject: [PATCH 163/416] occ: don't require PHP restart for maintenance mode The `nextcloud.occ` command is often used to alter the Nextcloud config, which is a .php file. As such, it's subject to the same opcache settings as the rest of PHP, which doesn't even look at the tree to see if files have changed (`opcache.validate_timestamps=0`). As a result, any change made to `config.php` without restarting PHP goes unnoticed, which includes changes like enabling maintenance mode. When using `nextcloud.occ`, assume the config has changed, and invalidate the opcache for the config so that it's reloaded. Fix #486 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- src/nextcloud/bin/occ | 4 ++++ src/php/utilities/php-utilities | 15 +++++++++++++++ tests/spec/maintenance_mode_spec.rb | 24 ++++++++++++++++++++++++ 4 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 tests/spec/maintenance_mode_spec.rb diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 930d847..f268366 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -220,7 +220,7 @@ parts: source: src/php/ organize: config/*: config/php/ - stage-packages: [mawk] + stage-packages: [mawk, libfcgi0ldbl] # Copy over our Nextcloud configuration files nextcloud-customizations: diff --git a/src/nextcloud/bin/occ b/src/nextcloud/bin/occ index 6e5ddc7..3f3dafb 100755 --- a/src/nextcloud/bin/occ +++ b/src/nextcloud/bin/occ @@ -19,3 +19,7 @@ wait_for_php wait_for_nextcloud_to_be_configured run-php "$SNAP/htdocs/occ" "$@" + +# occ may have modified the config. Invalidate its cache just in case, otherwise +# PHP won't see the changes. +php_invalidate_opcache "$NEXTCLOUD_CONFIG_DIR/config.php" diff --git a/src/php/utilities/php-utilities b/src/php/utilities/php-utilities index a3149fb..107f7c7 100755 --- a/src/php/utilities/php-utilities +++ b/src/php/utilities/php-utilities @@ -80,3 +80,18 @@ php_set_previous_memory_limit() { snapctl set private.php.memory-limit="$1" } + +php_invalidate_opcache() +{ + tmpfile="$(mktemp --tmpdir tmp_XXXXXXXXXX.php)" + echo "" > "$tmpfile" + + export SCRIPT_FILENAME="$tmpfile" + export REQUEST_METHOD="GET" + if ! output="$(cgi-fcgi -bind -connect "$PHP_FPM_SOCKET")"; then + echo "Unable to invalidate opcache: $output" >&2 + fi + + # Dash doesn't support trap RETURN + rm -f "$tmpfile" +} diff --git a/tests/spec/maintenance_mode_spec.rb b/tests/spec/maintenance_mode_spec.rb new file mode 100644 index 0000000..fd1b76a --- /dev/null +++ b/tests/spec/maintenance_mode_spec.rb @@ -0,0 +1,24 @@ +feature "Maintenance mode" do + # Regression test for #486. + scenario "enable/disable" do + # First, verify that maintenance mode is not active + visit "/" + expect(page).not_to have_content('maintenance mode') + + # Enable maintenance mode + `sudo nextcloud.occ maintenance:mode --on` + expect($?.to_i).to eq 0 + + # Now verify that maintenance mode is active + visit "/" + expect(page).to have_content('maintenance mode') + + # Now disable maintenance mode + `sudo nextcloud.occ maintenance:mode --off` + expect($?.to_i).to eq 0 + + # Finally, verify that maintenance mode is not active again + visit "/" + expect(page).not_to have_content('maintenance mode') + end +end From cc92247fff4c11395d621cfe5f2e4850f9e0de11 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 4 Sep 2018 13:32:54 -0700 Subject: [PATCH 164/416] ci: use snapcraft docker images Also ensure tracebacks are always shown. Resolve #697 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d00f75d..8fc1af6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -23,13 +23,16 @@ jobs: - run: # Build the snap command: | - sudo apt update - sudo apt install -y snapd - docker run -v $(pwd):$(pwd) -e LC_ALL=C.UTF-8 -e LANG=C.UTF-8 -t ubuntu:xenial sh -c "apt update -qq && apt install snapcraft -y && cd $(pwd) && snapcraft" + docker run -v $(pwd):$(pwd) \ + -e SNAPCRAFT_MANAGED_HOST=yes \ + -t snapcore/snapcraft:stable \ + sh -c "cd $(pwd) && snapcraft" - run: # Install the snap and create an admin user command: | + sudo apt update -qq + sudo apt install -y snapd sudo snap install *.snap --dangerous sudo nextcloud.manual-install admin admin From 52e312668a121125873bf6925c53f3b22038e1ea Mon Sep 17 00:00:00 2001 From: bn4t <17193640+bn4t@users.noreply.github.com> Date: Mon, 3 Sep 2018 16:12:23 +0000 Subject: [PATCH 165/416] nextcloud: update to 13.0.6 Fixes #695 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f268366..cf2cba8 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -135,8 +135,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-13.0.5.tar.bz2 - source-checksum: sha256/a110d32849259ab79813af3078123a09057fc659ee414e5f3ed75451ec9e80ea + source: https://download.nextcloud.com/server/releases/nextcloud-13.0.6.tar.bz2 + source-checksum: sha256/90fc9e960b6a477bb14ee87042b3d158bde95c3f0157677cb4547ca7649968d4 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 89b05e2d4c3876e50078dfad24f58670f04d1909 Mon Sep 17 00:00:00 2001 From: Simon Hollenbach Date: Sat, 15 Sep 2018 20:37:30 +0200 Subject: [PATCH 166/416] php: Update to 7.1.22 Update php to version 7.1.22, fixing security issues. Fixes: nextcloud/nextcloud-snap:#711 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f268366..d1376e5 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -149,8 +149,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.1.20.tar.bz2/from/this/mirror - source-checksum: sha256/3a1b476c88fb81254ea572e891a1d65053ab54068348e00c75e8b54fae691d45 + source: https://php.net/get/php-7.1.22.tar.bz2/from/this/mirror + source-checksum: sha256/c8e91f19c8aa810ae95f228ff31cf0e4805cb89f4c10870ee12c85491b26e763 source-type: tar install-via: prefix configflags: From 5d131346697b43e93d919bf01dfc297d0392d51c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 17 Sep 2018 20:48:16 +0200 Subject: [PATCH 167/416] Update version to 13.0.6snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 7 +++++++ README.md | 2 +- snap/snapcraft.yaml | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index e96f126..958a047 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +v 13.0.6snap1 + - php: update to 7.1.22 + - nextcloud: update to 13.0.6 + - ci: use snapcraft docker images + - occ: don't require PHP restart for maintenance mode + - certbot: update to 0.26.1 + v 13.0.5snap1 - php: update to 7.1.20 - nextcloud: update to 13.0.5 diff --git a/README.md b/README.md index 1f35ef3..1c6e289 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 13.0.5 +- Nextcloud 13.0.6 - Apache 2.4 - PHP 7.1 - MySQL 5.7 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index d6c54a6..465837d 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 13.0.5snap1 +version: 13.0.6snap1 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From b695380537d3f002c6002e73e6ef3922ddbc2fc5 Mon Sep 17 00:00:00 2001 From: bn4t <17193640+bn4t@users.noreply.github.com> Date: Wed, 19 Sep 2018 16:58:58 +0200 Subject: [PATCH 168/416] redis: update to 4.0.11 Fixes #691 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 465837d..7ace5d3 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -205,8 +205,8 @@ parts: redis: plugin: redis - source: http://download.redis.io/releases/redis-4.0.9.tar.gz - source-checksum: sha256/df4f73bc318e2f9ffb2d169a922dec57ec7c73dd07bccf875695dbeecd5ec510 + source: http://download.redis.io/releases/redis-4.0.11.tar.gz + source-checksum: sha256/fc53e73ae7586bcdacb4b63875d1ff04f68c5474c1ddeda78f00e5ae2eed1bbb redis-customizations: plugin: dump From df73ca8dd4f04be8bca667c3f6ef7a37fdb29274 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 23 Sep 2018 17:56:26 +0200 Subject: [PATCH 169/416] apache, php: add debug mode By default, both Apache and PHP provide detailed version information in the HTTP headers and error pages. Make the default behavior hide this information, but allow them to optionally be enabled by adding a new configuration value named `mode` which can contain two possible values: "debug" and "production". Resolve #612 Signed-off-by: Kyle Fazzari --- src/apache/bin/httpd-wrapper | 6 ++ src/apache/bin/run-httpd | 10 +-- src/apache/conf/httpd.conf | 8 +++ src/hooks/bin/configure | 69 ++++++++++++-------- src/hooks/utilities/configuration-utilities | 55 ++++++++++++++++ src/hooks/utilities/hook-utilities | 32 --------- src/php/bin/run-php | 8 +++ src/php/bin/start-php-fpm | 14 ++-- src/php/config/php.ini | 2 +- tests/Rakefile | 6 +- tests/spec/change_mode_spec.rb | 72 +++++++++++++++++++++ tests/spec/maintenance_mode_spec.rb | 4 +- tests/spec/spec_helper.rb | 10 ++- 13 files changed, 219 insertions(+), 77 deletions(-) create mode 100755 src/hooks/utilities/configuration-utilities delete mode 100755 src/hooks/utilities/hook-utilities create mode 100644 tests/spec/change_mode_spec.rb diff --git a/src/apache/bin/httpd-wrapper b/src/apache/bin/httpd-wrapper index f181812..2935681 100755 --- a/src/apache/bin/httpd-wrapper +++ b/src/apache/bin/httpd-wrapper @@ -6,6 +6,8 @@ . "$SNAP/utilities/apache-utilities" # shellcheck source=src/php/utilities/php-utilities . "$SNAP/utilities/php-utilities" +# shellcheck source=src/hooks/utilities/configuration-utilities +. "$SNAP/utilities/configuration-utilities" params="" if certificates_are_active; then @@ -23,6 +25,10 @@ else echo "No certificates are active: using HTTP only" fi +if debug_mode_enabled; then + params="$params -DDebug" +fi + HTTP_PORT="$(apache_http_port)" HTTPS_PORT="$(apache_https_port)" export HTTP_PORT diff --git a/src/apache/bin/run-httpd b/src/apache/bin/run-httpd index a94a70a..6f6e841 100755 --- a/src/apache/bin/run-httpd +++ b/src/apache/bin/run-httpd @@ -1,11 +1,7 @@ #!/bin/sh -# shellcheck source=src/hooks/utilities/hook-utilities -. "$SNAP/utilities/hook-utilities" - -# Make sure the configure hook isn't running (otherwise we'll run on old -# configuration data) -wait_for_configure_hook +# shellcheck source=src/https/utilities/https-utilities +. "$SNAP/utilities/https-utilities" mkdir -p "$SNAP_DATA/apache/logs" chmod 750 "$SNAP_DATA/apache/logs" @@ -19,8 +15,6 @@ fi echo "All set! Running httpd..." -. $SNAP/utilities/https-utilities - # Rewrite live cert symlinks that aren't using the current symlink. # FIXME: Remove this migration once epochs and upgrade hooks are available. if certificates_are_active; then diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index ba56a18..43dac3c 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -189,6 +189,14 @@ RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACK RewriteRule .* - [R=405,L] +# Disable debug tokens and signature unless debug mode is requested +ServerTokens Prod +ServerSignature Off + + ServerTokens Full + ServerSignature On + + # Only enable SSL if requested Include ${SNAP}/conf/ssl.conf diff --git a/src/hooks/bin/configure b/src/hooks/bin/configure index a543cf8..fe60a4b 100755 --- a/src/hooks/bin/configure +++ b/src/hooks/bin/configure @@ -20,10 +20,10 @@ . "$SNAP/utilities/apache-utilities" # shellcheck source=src/php/utilities/php-utilities . "$SNAP/utilities/php-utilities" -# shellcheck source=src/hooks/utilities/hook-utilities -. "$SNAP/utilities/hook-utilities" # shellcheck source=src/nextcloud/utilities/nextcloud-utilities -. $SNAP/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" +# shellcheck source=src/hooks/utilities/configuration-utilities +. "$SNAP/utilities/configuration-utilities" handle_apache_port_config() { @@ -46,20 +46,18 @@ handle_apache_port_config() # Validate HTTPS port if ! expr "$https_port" : '^[0-9]\+$' > /dev/null; then echo "\"$https_port\" is not a valid HTTPS port" >&2 - return 2 + return 1 fi + # Set new values. Since snapctl only gives us new values, also keep track + # of the current values so we know when they change. apache_set_http_port "$http_port" apache_set_https_port "$https_port" - - if ! restart_apache_if_running; then - return 3 - fi - - # Since snapctl only gives us new values, keep track of the current values - # so we know when they change. apache_set_previous_http_port "$http_port" apache_set_previous_https_port "$https_port" + + # Restart Apache to apply new config + snapctl restart nextcloud.apache } handle_php_memory_limit() @@ -75,18 +73,16 @@ handle_php_memory_limit() # Validate memory limit. -1, raw bytes, and K/M/G shorthand allowed. if ! expr "$memory_limit" : '^-\?[0-9]\+[KMG]\?$' > /dev/null; then echo "\"$memory_limit\" is not a valid PHP memory limit" >&2 - return 4 + return 1 fi + # Set new value. Since snapctl only gives us new values, also keep track of + # the current value so we know when it changes. php_set_memory_limit "$memory_limit" - - if ! restart_php_if_running; then - return 5 - fi - - # Since snapctl only gives us new values, keep track of the current values - # so we know when they change. php_set_previous_memory_limit "$memory_limit" + + # Restart PHP to apply new config + snapctl restart nextcloud.php-fpm } handle_cronjob_interval() @@ -102,19 +98,40 @@ handle_cronjob_interval() # Validate time interval seconds (s), minutes (m), hours (h), "-1" or no specified type(by default seconds) are allowed if ! expr "$interval" : '^\(\(\([0-9]*\.\)\?[0-9]\+[smhd]\?\)\|\(\-1\)\)$' > /dev/null; then echo "\"$interval\" is not a valid timespan" >&2 - return 4 + return 1 fi + # Set new value. Since snapctl only gives us new values, also keep track of + # the current value so we know when it changes. set_cronjob_interval "$interval" set_previous_cronjob_interval "$interval" - # restart cronjob + # Restart cronjob to apply new config snapctl restart nextcloud.nextcloud-cron } -# Signal to services that the configure hook is running. Useful to ensure -# services don't restart until the configuration transaction has completed. -set_configure_hook_running -trap 'set_configure_hook_not_running' EXIT +handle_mode() +{ + # If no changes were requested, then there's nothing to do here. + if ! mode_has_changed; then + return 0 + fi + + if debug_mode_enabled; then + enable_debug_mode + elif production_mode_enabled; then + enable_production_mode + else + echo "mode must be either 'debug' or 'production'" + return 1 + fi + + # Restart all affected services. As of now that's Apache and PHP. + snapctl restart nextcloud.apache + snapctl restart nextcloud.php-fpm +} -handle_apache_port_config && handle_php_memory_limit && handle_cronjob_interval +handle_apache_port_config && \ +handle_php_memory_limit && \ +handle_cronjob_interval && \ +handle_mode \ No newline at end of file diff --git a/src/hooks/utilities/configuration-utilities b/src/hooks/utilities/configuration-utilities new file mode 100755 index 0000000..c6f04c1 --- /dev/null +++ b/src/hooks/utilities/configuration-utilities @@ -0,0 +1,55 @@ +#!/bin/sh + +DEFAULT_MODE="production" + +debug_mode_enabled() +{ + [ "$(_get_mode)" = "debug" ] +} + +enable_debug_mode() +{ + _set_mode "debug" +} + +production_mode_enabled() +{ + [ "$(_get_mode)" = "production" ] +} + +enable_production_mode() +{ + _set_mode "production" +} + +mode_has_changed() +{ + [ "$(_get_mode)" != "$(_get_previous_mode)" ] +} + +_get_mode() +{ + mode="$(snapctl get mode)" + if [ -z "$mode" ]; then + mode="$DEFAULT_MODE" + _set_mode "$mode" + fi + + echo "$mode" +} + +_set_mode() +{ + snapctl set mode="$1" + _set_previous_mode "$1" +} + +_get_previous_mode() +{ + snapctl get private.mode +} + +_set_previous_mode() +{ + snapctl set private.mode="$1" +} \ No newline at end of file diff --git a/src/hooks/utilities/hook-utilities b/src/hooks/utilities/hook-utilities deleted file mode 100755 index c1edbe2..0000000 --- a/src/hooks/utilities/hook-utilities +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -CONFIGURE_LOCKFILE="/tmp/locks/configure-hook" - -mkdir -p "$(dirname $CONFIGURE_LOCKFILE)" -chmod 750 "$(dirname $CONFIGURE_LOCKFILE)" - -configure_hook_running() -{ - [ -f "$CONFIGURE_LOCKFILE" ] -} - -set_configure_hook_running() -{ - touch "$CONFIGURE_LOCKFILE" -} - -set_configure_hook_not_running() -{ - rm -f "$CONFIGURE_LOCKFILE" -} - -wait_for_configure_hook() -{ - if configure_hook_running; then - printf "Waiting for configure hook... " - while configure_hook_running; do - sleep 1 - done - printf "done\n" - fi -} diff --git a/src/php/bin/run-php b/src/php/bin/run-php index fd43c95..6753d4f 100755 --- a/src/php/bin/run-php +++ b/src/php/bin/run-php @@ -1,9 +1,17 @@ #!/bin/sh +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/configuration-utilities" # shellcheck source=src/php/utilities/php-utilities . "$SNAP/utilities/php-utilities" PHP_MEMORY_LIMIT="$(php_memory_limit)" export PHP_MEMORY_LIMIT +PHP_EXPOSE_PHP="Off" +if debug_mode_enabled; then + PHP_EXPOSE_PHP="On" +fi +export PHP_EXPOSE_PHP + php -c "$SNAP/config/php" "$@" diff --git a/src/php/bin/start-php-fpm b/src/php/bin/start-php-fpm index cc78c05..81fd83e 100755 --- a/src/php/bin/start-php-fpm +++ b/src/php/bin/start-php-fpm @@ -8,16 +8,12 @@ . "$SNAP/utilities/redis-utilities" # shellcheck source=src/nextcloud/utilities/nextcloud-utilities . "$SNAP/utilities/nextcloud-utilities" -# shellcheck source=src/hooks/utilities/hook-utilities -. "$SNAP/utilities/hook-utilities" +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/configuration-utilities" mkdir -p "${SNAP_DATA}/php" chmod 750 "${SNAP_DATA}/php" -# Make sure the configure hook isn't running (otherwise we'll run on old -# configuration data) -wait_for_configure_hook - # We need to make sure mysql is running so we can run the migration process # shellcheck disable=SC2119 wait_for_mysql @@ -46,4 +42,10 @@ PHP_MEMORY_LIMIT="$(php_memory_limit)" export PHP_FPM_MAX_CHILDREN export PHP_MEMORY_LIMIT +PHP_EXPOSE_PHP="Off" +if debug_mode_enabled; then + PHP_EXPOSE_PHP="On" +fi +export PHP_EXPOSE_PHP + php-fpm -R -F --fpm-config "${SNAP}/config/php/php-fpm.conf" -c "${SNAP}/config/php" diff --git a/src/php/config/php.ini b/src/php/config/php.ini index a0a4161..56e62a1 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -356,7 +356,7 @@ zend.enable_gc = On ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. ; http://php.net/expose-php -expose_php = On +expose_php = ${PHP_EXPOSE_PHP} ;;;;;;;;;;;;;;;;;;; ; Resource Limits ; diff --git a/tests/Rakefile b/tests/Rakefile index 8ba8901..b7e5090 100644 --- a/tests/Rakefile +++ b/tests/Rakefile @@ -2,7 +2,11 @@ require 'rake' require 'rspec/core/rake_task' RSpec::Core::RakeTask.new(:test) do |t| - t.pattern = Dir.glob('spec/**/*_spec.rb') + if ENV['TEST'].nil? or ENV['TEST'].empty? + t.pattern = Dir.glob('spec/**/*_spec.rb') + else + t.pattern = Dir.glob(ENV['TEST']) + end t.rspec_opts = "--format documentation" end task :default => :test diff --git a/tests/spec/change_mode_spec.rb b/tests/spec/change_mode_spec.rb new file mode 100644 index 0000000..030b2ab --- /dev/null +++ b/tests/spec/change_mode_spec.rb @@ -0,0 +1,72 @@ +require 'net/http' + +feature "Change operating mode" do + scenario "production" do + `sudo snap set nextcloud mode=production` + expect($?.to_i).to eq 0 + wait_for_nextcloud + + assert_apache_prod_tokens + assert_apache_no_signature + assert_php_no_signature + end + + scenario "debug" do + `sudo snap set nextcloud mode=debug` + expect($?.to_i).to eq 0 + wait_for_nextcloud + + assert_apache_full_tokens + assert_apache_signature + assert_php_signature + end + + scenario "invalid" do + # This will print to stderr. Redirect so we can capture it easily. + output=`sudo snap set nextcloud mode=invalid 2>&1` + expect($?.to_i).to_not eq 0 + expect(output).to include "mode must be either 'debug' or 'production'" + end + + protected + + def assert_apache_prod_tokens + # Verify that Apache clamps down on the server string and stops sending + # version and OS information. + expect(nextcloud_response["server"]).to eq "Apache" + end + + def assert_apache_full_tokens + # Verify that Apache opens up the server string and sends version and + # OS information. + expect(nextcloud_response["server"]).to match /Apache\/2\.4\.\d+ \(Unix\)/ + end + + def assert_apache_no_signature + # Verify that no signature is shown on e.g. 404 pages + response = nextcloud_response(url: "http://localhost/give-me-a-404") + expect(response.body.downcase).to_not include "apache" + end + + def assert_apache_signature + # Verify that a signature is shown on e.g. 404 pages + response = nextcloud_response(url: "http://localhost/give-me-a-404") + expect(response.body.downcase).to include "apache" + end + + def assert_php_no_signature + # Verify that PHP doesn't add an X-Powered-By header + expect(nextcloud_response.to_hash).to_not include "x-powered-by" + end + + def assert_php_signature + # Verify that PHP adds an X-Powered-By header + response = nextcloud_response + expect(response.to_hash).to include "x-powered-by" + expect(response["x-powered-by"]).to match /PHP\/7\.1\.\d+/ + end + + def nextcloud_response(url: "http://localhost") + return Net::HTTP.get_response(URI(url)) + end +end diff --git a/tests/spec/maintenance_mode_spec.rb b/tests/spec/maintenance_mode_spec.rb index fd1b76a..14456a3 100644 --- a/tests/spec/maintenance_mode_spec.rb +++ b/tests/spec/maintenance_mode_spec.rb @@ -6,7 +6,7 @@ expect(page).not_to have_content('maintenance mode') # Enable maintenance mode - `sudo nextcloud.occ maintenance:mode --on` + `sudo nextcloud.occ maintenance:mode --on 2>&1` expect($?.to_i).to eq 0 # Now verify that maintenance mode is active @@ -14,7 +14,7 @@ expect(page).to have_content('maintenance mode') # Now disable maintenance mode - `sudo nextcloud.occ maintenance:mode --off` + `sudo nextcloud.occ maintenance:mode --off 2>&1` expect($?.to_i).to eq 0 # Finally, verify that maintenance mode is not active again diff --git a/tests/spec/spec_helper.rb b/tests/spec/spec_helper.rb index 596e3f3..e1bea78 100644 --- a/tests/spec/spec_helper.rb +++ b/tests/spec/spec_helper.rb @@ -149,7 +149,15 @@ # After each test, make sure the PHP memory limit is reset `sudo snap set nextcloud php.memory-limit=128M` - expect($?.to_i).to eq 0 + expect($?.to_i).to eq 0 + + # After each test, make sure maintenance mode is reset + `sudo nextcloud.occ maintenance:mode --off 2>&1` + expect($?.to_i).to eq 0 + + # After each test, make sure the snap operating mode is reset + `sudo snap set nextcloud mode=production` + expect($?.to_i).to eq 0 # Also make sure HTTPS is disabled disable_https From a994024e7976ec3a6fb16f95bb1631f3e625091c Mon Sep 17 00:00:00 2001 From: bn4t <17193640+bn4t@users.noreply.github.com> Date: Tue, 2 Oct 2018 15:52:56 +0200 Subject: [PATCH 170/416] apache: update to 2.4.35 Fixes #738 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 7ace5d3..1035421 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -92,8 +92,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.34.tar.bz2 - source-checksum: sha256/fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.35.tar.bz2 + source-checksum: sha256/2607c6fdd4d12ac3f583127629291e9432b247b782396a563bec5678aae69b56 # The built-in Apache modules to enable modules: From 0ee098ac193fb0cd7e661a25b2e4f0a3cff1885f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sun, 14 Oct 2018 00:18:16 +0200 Subject: [PATCH 171/416] nextcloud: update to 13.0.7 Fixes #748 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 1035421..43025d1 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -135,8 +135,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-13.0.6.tar.bz2 - source-checksum: sha256/90fc9e960b6a477bb14ee87042b3d158bde95c3f0157677cb4547ca7649968d4 + source: https://download.nextcloud.com/server/releases/nextcloud-13.0.7.tar.bz2 + source-checksum: sha256/be7adaa9d1ade58f221cdabd093bdc7ddfe614d936f43f59f5311f6e904841ef organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 7d717cee1056c3de6ba03f1c90d32dc25dda712e Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 21 Oct 2018 15:17:19 -0700 Subject: [PATCH 172/416] apache: work around setgid directories This bug (logged as https://bz.apache.org/bugzilla/show_bug.cgi?id=62298) wasn't present in the last release or two, but Apache seems to have re-introduced it, which means we need to work around it again. Also add a test that runs the snap review tools so that this won't bite us in the future. Fix #757 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 14 ++++++++++---- snap/snapcraft.yaml | 8 ++++++++ 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8fc1af6..c8ce2bb 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -29,10 +29,16 @@ jobs: sh -c "cd $(pwd) && snapcraft" - run: - # Install the snap and create an admin user + # Install and run the review tools on the resulting snap command: | sudo apt update -qq sudo apt install -y snapd + sudo snap install --beta review-tools + sudo /snap/bin/review-tools.snap-review *.snap + + - run: + # Install the snap and create an admin user + command: | sudo snap install *.snap --dangerous sudo nextcloud.manual-install admin admin @@ -49,7 +55,7 @@ jobs: - run: # Install the snap and create an admin user command: | - sudo apt update + sudo apt update -qq sudo apt install -y snapd sudo snap install --edge nextcloud sudo nextcloud.manual-install admin admin @@ -67,7 +73,7 @@ jobs: - run: # Install the snap and create an admin user command: | - sudo apt update + sudo apt update -qq sudo apt install -y snapd sudo snap install nextcloud --channel=12/edge sudo nextcloud.manual-install admin admin @@ -85,7 +91,7 @@ jobs: - run: # Install the snap and create an admin user command: | - sudo apt update + sudo apt update -qq sudo apt install -y snapd sudo snap install nextcloud --channel=13/edge sudo nextcloud.manual-install admin admin diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 43025d1..4faf1eb 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -95,6 +95,14 @@ parts: source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.35.tar.bz2 source-checksum: sha256/2607c6fdd4d12ac3f583127629291e9432b247b782396a563bec5678aae69b56 + override-pull: | + snapcraftctl pull + + # For some reason, all directories in (and after) 2.4.32 are setgid. + # Reported as https://bz.apache.org/bugzilla/show_bug.cgi?id=62298 + # Work around by unsetting setgid. FIXME: Remove when bug is fixed. + find . -perm -g+s -exec chmod g-s {} \; + # The built-in Apache modules to enable modules: - headers From be910b1a9b0cef4d93d2d2e36de88391a1f12f1c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 25 Feb 2018 07:11:02 -0800 Subject: [PATCH 173/416] Add the ability to import/export install Only cover Nextcloud-specific stuff: apps, database, config, and raw data. Add a simple test to ensure functionality. Resolve #185 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 15 ++- src/import-export/bin/export-data | 181 ++++++++++++++++++++++++++++ src/import-export/bin/import-data | 191 ++++++++++++++++++++++++++++++ src/mysql/bin/run-mysql | 3 + tests/spec/import_export_spec.rb | 42 +++++++ tests/spec/spec_helper.rb | 3 + 6 files changed, 434 insertions(+), 1 deletion(-) create mode 100755 src/import-export/bin/export-data create mode 100755 src/import-export/bin/import-data create mode 100755 src/mysql/bin/run-mysql create mode 100644 tests/spec/import_export_spec.rb diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 43025d1..d848b4c 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -48,7 +48,7 @@ apps: # MySQL client mysql-client: - command: mysql --defaults-file=$SNAP_DATA/mysql/root.ini + command: run-mysql plugs: [network, network-bind] mysqldump: @@ -85,6 +85,14 @@ apps: command: manual-install plugs: [network, network-bind, removable-media] + import: + command: import-data + plugs: [network, network-bind, removable-media] + + export: + command: export-data + plugs: [network, network-bind, removable-media] + hooks: configure: plugs: [network, network-bind] @@ -348,6 +356,11 @@ parts: stage-packages: [openssl] stage: [-etc/ssl, -patches] + import-export: + plugin: dump + source: src/import-export + stage-packages: [rsync] + hooks: plugin: dump source: src/hooks/ diff --git a/src/import-export/bin/export-data b/src/import-export/bin/export-data new file mode 100755 index 0000000..94d3270 --- /dev/null +++ b/src/import-export/bin/export-data @@ -0,0 +1,181 @@ +#!/bin/sh + +if [ "$(id -u)" -ne 0 ]; then + echo "This utility needs to run as root" + exit 1 +fi + +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" + +# shellcheck disable=SC2119 +wait_for_mysql + +COMMAND="nextcloud.export" +BACKUP_DIRECTORY="${SNAP_COMMON}/backups" +FORMAT="1" + +print_usage() +{ + echo "Usage:" + echo " $COMMAND [OPTIONS]" + echo " Export data suitable for migrating servers. By default this" + echo " includes the Nextcloud database, configuration, and data" + echo " (equivalent to running $COMMAND -abcd)." + echo "" + echo "Available options:" + echo " -h: Display this help message" + echo " -a: Include the (non-default) apps" + echo " -b: Include the database" + echo " -c: Include the config" + echo " -d: Include the data (can be quite large)" +} + +export_apps() +{ + backup="$1" + echo "Exporting apps..." + if ! rsync -ah --info=progress2 "$SNAP_DATA/nextcloud/extra-apps/" "${backup}/apps"; then + echo "Unable to export apps" + exit 1 + fi +} + +export_database() +{ + backup="$1" + echo "Exporting database..." + if ! mysqldump --defaults-file="$SNAP_DATA/mysql/root.ini" \ + --lock-tables nextcloud > "${backup}/database.sql"; then + echo "Unable to export database" + exit 1 + fi +} + +export_config() +{ + backup="$1" + config_backup="${backup}/config.php" + + # Mask out the config password. We don't need it when restoring. + echo "Exporting config..." + if ! sed "s/\(dbpassword.*=>\s*\).*,/\1'DBPASSWORD',/" \ + "${SNAP_DATA}/nextcloud/config/config.php" > "$config_backup"; then + echo "Unable to export config" + exit 1 + fi +} + +export_data() +{ + backup="$1" + echo "Exporting data..." + if ! rsync -ah --info=progress2 "${NEXTCLOUD_DATA_DIR%/}/" "${backup}/data"; then + echo "Unable to export data" + exit 1 + fi +} + +run_command() +{ + printf "%s... " "$2" + if output="$(eval "$1" 2>&1)"; then + echo "done" + return 0; + else + echo "error" + echo "$output" + return 1; + fi +} + +enable_maintenance_mode() +{ + run_command "occ maintenance:mode --on" "Enabling maintenance mode" +} + +disable_maintenance_mode() +{ + run_command "occ maintenance:mode --off" "Disabling maintenance mode" +} + +do_export_apps=false +do_export_database=false +do_export_config=false +do_export_data=false + +# If no parameters are specified, default to exporting everything +if [ $# -eq 0 ]; then + do_export_apps=true + do_export_database=true + do_export_config=true + do_export_data=true +fi + +while getopts ":abcdh" opt; do + case $opt in + a) + do_export_apps=true + ;; + b) + do_export_database=true + ;; + c) + do_export_config=true + ;; + d) + do_export_data=true + ;; + h) + print_usage + exit 0 + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + esac +done + +# Clear options +shift "$((OPTIND-1))" + +echo "WARNING: This functionality is still experimental and under" >&2 +echo "development, use at your own risk. Note that the CLI interface is" >&2 +echo "unstable, so beware if using from within scripts." >&2 +echo "" >&2 + +backup="${BACKUP_DIRECTORY}/$(date +%Y%m%d-%H%M%S)" + +mkdir -p "$backup" +chmod 750 "$backup" + +echo "$FORMAT" > "${backup}/format" + +# Enable maintenance mode so data can't change out from under us +if ! enable_maintenance_mode; then + echo "Unable to enter maintenance mode" + exit 1 +fi +trap 'disable_maintenance_mode' EXIT + +if [ "$do_export_apps" = true ]; then + export_apps "$backup" +fi + +if [ "$do_export_database" = true ]; then + export_database "$backup" +fi + +if [ "$do_export_config" = true ]; then + export_config "$backup" +fi + +if [ "$do_export_data" = true ]; then + export_data "$backup" +fi + +echo "" +echo "Successfully exported $backup" diff --git a/src/import-export/bin/import-data b/src/import-export/bin/import-data new file mode 100755 index 0000000..d2cdaee --- /dev/null +++ b/src/import-export/bin/import-data @@ -0,0 +1,191 @@ +#!/bin/sh + +if [ "$(id -u)" -ne 0 ]; then + echo "This utility needs to run as root" + exit 1 +fi + +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" + +# shellcheck disable=SC2119 +wait_for_mysql + +COMMAND="nextcloud.import" + +print_usage() +{ + echo "Usage:" + echo " $COMMAND [OPTIONS] " + echo " Import data exported from another Nextcloud snap instance." + echo " By default this imports the database, config, and data" + echo " (equivalent to running $COMMAND -abcd)." + echo "" + echo "Available options:" + echo " -h: Display this help message" + echo " -a: Import the (non-default) apps" + echo " -b: Import the database" + echo " -c: Import the config" + echo " -d: Import the data" +} + +import_apps() +{ + backup_dir="${1%/}" + apps_backup="${backup_dir}/apps" + run_command "rm -rf \"$SNAP_DATA/nextcloud/extra-apps\"" "Clearing existing non-default apps" + echo "Importing apps..." + if ! rsync -ah --info=progress2 "$apps_backup/" "$SNAP_DATA/nextcloud/extra-apps"; then + echo "Unable to import apps" + exit 1 + fi +} + +import_database() +{ + backup_dir="$1" + database_backup="${backup_dir}/database.sql" + + # First, drop the database (if any) + run_command "run-mysql -e \"DROP DATABASE nextcloud\"" \ + "Dropping existing database" + run_command "run-mysql -e \"CREATE DATABASE nextcloud\"" \ + "Creating new database" + run_command "run-mysql -e \"GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost'\"" \ + "Granting database privileges to existing user" + + # Now restore the database + echo "Importing database..." + if ! run-mysql nextcloud < "$database_backup"; then + echo "Unable to import database" + exit 1 + fi +} + +import_config() +{ + backup_dir="$1" + config_backup="${backup_dir}/config.php" + database_password="$(mysql_get_nextcloud_password)" + + # Import the config, but set our new database password + echo "Importing config..." + if ! sed "s/DBPASSWORD/$database_password/" \ + "$config_backup" > "${SNAP_DATA}/nextcloud/config/config.php"; then + echo "Unable to import config" + exit 1 + fi +} + +import_data() +{ + backup_dir="${1%/}" + data_backup="${backup_dir}/data" + run_command "rm -rf \"$NEXTCLOUD_DATA_DIR\"" "Clearing existing data" + echo "Importing data..." + if ! rsync -ah --info=progress2 "$data_backup/" "$NEXTCLOUD_DATA_DIR"; then + echo "Unable to import data" + exit 1 + fi +} + +run_command() +{ + printf "%s... " "$2" + if output="$(eval "$1" 2>&1)"; then + echo "done" + return 0; + else + echo "error" + echo "$output" + return 1; + fi +} + +enable_maintenance_mode() +{ + run_command "occ maintenance:mode --on" "Enabling maintenance mode" +} + +disable_maintenance_mode() +{ + run_command "occ maintenance:mode --off" "Disabling maintenance mode" +} + +do_import_apps=false +do_import_database=false +do_import_config=false +do_import_data=false + +# If no parameters are specified, default to importing everything +if [ $# -eq 1 ]; then + do_import_apps=true + do_import_database=true + do_import_config=true + do_import_data=true +fi + +while getopts ":abcdh" opt; do + case $opt in + a) + do_import_apps=true + ;; + b) + do_import_database=true + ;; + c) + do_import_config=true + ;; + d) + do_import_data=true + ;; + h) + print_usage + exit 0 + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + esac +done + +# Clear options +shift "$((OPTIND-1))" + +echo "WARNING: This functionality is still experimental and under" >&2 +echo "development, use at your own risk. Note that the CLI interface is" >&2 +echo "unstable, so beware if using from within scripts." >&2 +echo "" >&2 + +# Enable maintenance mode so data can't change out from under us +if ! enable_maintenance_mode; then + echo "Unable to enter maintenance mode" + exit 1 +fi +trap 'disable_maintenance_mode' EXIT + +backup_dir="$1" +if [ -z "$backup_dir" ]; then + echo "Missing parameter " + print_usage + exit 1 +fi + +if [ "$do_import_apps" = true ]; then + import_apps "$backup_dir" +fi + +if [ "$do_import_database" = true ]; then + import_database "$backup_dir" +fi + +if [ "$do_import_config" = true ]; then + import_config "$backup_dir" +fi + +if [ "$do_import_data" = true ]; then + import_data "$backup_dir" +fi diff --git a/src/mysql/bin/run-mysql b/src/mysql/bin/run-mysql new file mode 100755 index 0000000..ccd4dd1 --- /dev/null +++ b/src/mysql/bin/run-mysql @@ -0,0 +1,3 @@ +#!/bin/sh + +mysql --defaults-file="$SNAP_DATA/mysql/root.ini" "$@" diff --git a/tests/spec/import_export_spec.rb b/tests/spec/import_export_spec.rb new file mode 100644 index 0000000..d339e16 --- /dev/null +++ b/tests/spec/import_export_spec.rb @@ -0,0 +1,42 @@ +feature "Import and export data" do + scenario "export then import" do + `sudo nextcloud.export` + expect($?.to_i).to eq 0 + + backups = Dir.glob("/var/snap/nextcloud/common/backups/*") + expect(backups.length).to eq 1 + backup = backups[0] + + # Move backup out of the snap's dirs + moved_backup = File.join(Dir.tmpdir, File.basename(backup)) + `sudo mv "#{backup}" "#{moved_backup}"` + + snap_paths = Dir.glob("/var/lib/snapd/snaps/nextcloud_*.snap") + expect(snap_paths.length).to eq 1 + snap_path = snap_paths[0] + + # Create a backup of the snap that's currently installed + moved_snap_path = File.join(Dir.tmpdir, File.basename(snap_path)) + `sudo cp "#{snap_path}" "#{moved_snap_path}"` + + # Now completely uninstall/reinstall the snap + `sudo snap remove nextcloud` + `sudo snap install "#{moved_snap_path}" --dangerous` + + # Now restore the backup, and verify we can still login like normal + `sudo mkdir -p "$(dirname "#{backup}")"` + `sudo mv "#{moved_backup}" "#{backup}"` + `sudo nextcloud.import "#{backup}"` + assert_loginable + end + + protected + + def assert_loginable + visit "/" + fill_in "User", with: "admin" + fill_in "Password", with: "admin" + click_button "Log in" + expect(page).to have_content "Documents" + end +end diff --git a/tests/spec/spec_helper.rb b/tests/spec/spec_helper.rb index e1bea78..70ad120 100644 --- a/tests/spec/spec_helper.rb +++ b/tests/spec/spec_helper.rb @@ -162,6 +162,9 @@ # Also make sure HTTPS is disabled disable_https + # Make sure any and all backups are removed + `sudo rm -rf /var/snap/nextcloud/common/backups` + # Make sure we're usin the normal, HTTP host again Capybara.app_host = 'http://localhost' end From 9035f3a46671347b2c1e382eb101bc87227e7d9b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 24 Oct 2018 14:18:26 -0700 Subject: [PATCH 174/416] apache: update to 2.4.37 Resolve #762 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 2 +- snap/snapcraft.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c8ce2bb..729cb93 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -26,7 +26,7 @@ jobs: docker run -v $(pwd):$(pwd) \ -e SNAPCRAFT_MANAGED_HOST=yes \ -t snapcore/snapcraft:stable \ - sh -c "cd $(pwd) && snapcraft" + sh -c "cd $(pwd) && apt update -qq && snapcraft" - run: # Install and run the review tools on the resulting snap diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 80e2b22..e261bcd 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -100,8 +100,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.35.tar.bz2 - source-checksum: sha256/2607c6fdd4d12ac3f583127629291e9432b247b782396a563bec5678aae69b56 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.37.tar.bz2 + source-checksum: sha256/3498dc5c6772fac2eb7307dc7963122ffe243b5e806e0be4fb51974ff759d726 override-pull: | snapcraftctl pull From d658e35563be836b59a018666bacf661ca41f9d0 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 24 Oct 2018 19:40:42 -0700 Subject: [PATCH 175/416] Update version to 13.0.7snap1 Also update README and CHANGELOG. Signed-off-by: Kyle Fazzari --- CHANGELOG | 8 ++++++++ README.md | 22 +++++++++++++++++++++- snap/snapcraft.yaml | 2 +- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 958a047..36c48b4 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,11 @@ +v 13.0.7snap1 + - apache: update to 2.4.37 + - Add the ability to import/export install + - apache: work around setgid directories + - nextcloud: update to 13.0.7 + - apache, php: add debug mode + - redis: update to 4.0.11 + v 13.0.6snap1 - php: update to 7.1.22 - nextcloud: update to 13.0.6 diff --git a/README.md b/README.md index 1c6e289..436d421 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 13.0.6 +- Nextcloud 13.0.7 - Apache 2.4 - PHP 7.1 - MySQL 5.7 @@ -116,6 +116,17 @@ If you want to disable the cronjob completely, run: To reenable it again simply set the `nextcloud.cron-interval` snap variable to a value that isn't `-1` +#### Debug mode + +By default, the snap installs itself in production mode, which prevents Apache +and PHP from providing any detailed version or library information in the HTTP +headers and error pages. Debug mode can be enabled with: + + $ sudo snap set nextcloud mode=debug + +"debug" and "production" are the only valid modes. + + ### Included CLI utilities There are a few CLI utilities included: @@ -141,6 +152,15 @@ There are a few CLI utilities included: - Manually install Nextcloud instead of visiting it in your browser. This allows you to create the admin user via the CLI. Note that it requires `sudo`. +- `nextcloud.export`: + - Export data suitable for migrating servers. By default this includes the + Nextcloud database, configuration, and data. See `nextcloud.export -h` for + more information. Note that it requires `sudo`. +- `nextcloud.import`: + - Import data exported from another Nextcloud snap instance (via + `nextcloud.export`). By default this imports the database, config, and + data. See `nextcloud.import -h` for more information. Note that it + requires `sudo`. ## Where is my stuff? diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index e261bcd..53df53e 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 13.0.6snap1 +version: 13.0.7snap1 summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From 46f86fd931f53e9eea24c23a47f0e1c96fcccc24 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 30 Oct 2018 10:43:21 -0700 Subject: [PATCH 176/416] snapcraft.yaml: use git version instead of hard-coding This makes the version more useful for non-stable snaps. Resolve #768 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 53df53e..96785e8 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 13.0.7snap1 +version: git summary: Nextcloud Server - A safe home for all your data description: | Access, share and protect your files, calendars, contacts, communication and From 80e7aefd9cfe9cd798f7259d5b9b15378e470f84 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 15 Nov 2018 13:04:56 -0800 Subject: [PATCH 177/416] README: add link to snap store Signed-off-by: Kyle Fazzari --- README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/README.md b/README.md index 436d421..630cfc2 100644 --- a/README.md +++ b/README.md @@ -12,10 +12,7 @@ Nextcloud server packaged as a snap. It consists of: ## How to install -This Nextcloud snap is available in the store for release series 16 (e.g. Ubuntu -16.04). Install via: - - $ sudo snap install nextcloud +[![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-white.svg)](https://snapcraft.io/nextcloud) There are a [number of releases available][1]. By default you'll get the newest stable one, but you may be interested in others. From 4f9c770f1362129cf001aa42bc9a646e226da115 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 15 Nov 2018 13:30:41 -0800 Subject: [PATCH 178/416] tests: update all gems to latest Resolve #784 Signed-off-by: Kyle Fazzari --- tests/Gemfile.lock | 52 ++++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/tests/Gemfile.lock b/tests/Gemfile.lock index 12d7414..1171356 100644 --- a/tests/Gemfile.lock +++ b/tests/Gemfile.lock @@ -3,42 +3,44 @@ GEM specs: addressable (2.5.2) public_suffix (>= 2.0.2, < 4.0) - capybara (2.17.0) + capybara (3.11.0) addressable mini_mime (>= 0.1.3) - nokogiri (>= 1.3.3) - rack (>= 1.0.0) - rack-test (>= 0.5.4) - xpath (>= 2.0, < 4.0) - capybara-webkit (1.15.0) + nokogiri (~> 1.8) + rack (>= 1.6.0) + rack-test (>= 0.6.3) + regexp_parser (~> 1.2) + xpath (~> 3.2) + capybara-webkit (1.15.1) capybara (>= 2.3, < 4.0) json diff-lcs (1.3) headless (2.3.1) json (2.1.0) - mini_mime (1.0.0) + mini_mime (1.0.1) mini_portile2 (2.3.0) - nokogiri (1.8.2) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) - public_suffix (3.0.2) - rack (2.0.4) - rack-test (0.8.2) + public_suffix (3.0.3) + rack (2.0.6) + rack-test (1.1.0) rack (>= 1.0, < 3) - rake (12.3.0) - rspec (3.7.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-core (3.7.1) - rspec-support (~> 3.7.0) - rspec-expectations (3.7.0) + rake (12.3.1) + regexp_parser (1.3.0) + rspec (3.8.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-core (3.8.0) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-mocks (3.7.0) + rspec-support (~> 3.8.0) + rspec-mocks (3.8.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-support (3.7.1) - xpath (3.0.0) + rspec-support (~> 3.8.0) + rspec-support (3.8.0) + xpath (3.2.0) nokogiri (~> 1.8) PLATFORMS @@ -52,4 +54,4 @@ DEPENDENCIES rspec BUNDLED WITH - 1.15.0 + 1.16.4 From c4524960832603a31e181e6390fc06d7fa00728e Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 15 Nov 2018 13:38:36 -0800 Subject: [PATCH 179/416] certbot: update to 0.28.0 This also updates requests to the latest. Resolve #786 Signed-off-by: Kyle Fazzari --- src/https/requirements.txt | 33 +++++++++++++++-------------- src/https/utilities/https-utilities | 4 ++-- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/src/https/requirements.txt b/src/https/requirements.txt index 9ef6a91..b686121 100644 --- a/src/https/requirements.txt +++ b/src/https/requirements.txt @@ -1,29 +1,30 @@ -acme==0.26.1 +acme==0.28.0 asn1crypto==0.24.0 -certbot==0.26.1 -certifi==2018.4.16 +certbot==0.28.0 +certifi==2018.10.15 cffi==1.11.5 chardet==3.0.4 ConfigArgParse==0.13.0 configobj==5.0.6 -cryptography==2.3 -enum34==1.1.6 -funcsigs==1.0.2 -future==0.16.0 +cryptography==2.4.1 +future==0.17.1 idna==2.7 -ipaddress==1.0.22 josepy==1.1.0 mock==2.0.0 parsedatetime==2.4 -pbr==4.2.0 -pycparser==2.18 +pbr==5.1.1 +pycparser==2.19 pyOpenSSL==18.0.0 pyRFC3339==1.1 -pytz==2018.5 -requests==2.19.1 +pytz==2018.7 +requests==2.20.1 requests-toolbelt==0.8.0 six==1.11.0 -urllib3==1.23 -zope.component==4.4.1 -zope.event==4.3.0 -zope.interface==4.5.0 +urllib3==1.24.1 +zope.component==4.5 +zope.deferredimport==4.3 +zope.deprecation==4.3.0 +zope.event==4.4 +zope.hookable==4.2.0 +zope.interface==4.6.0 +zope.proxy==4.3.1 diff --git a/src/https/utilities/https-utilities b/src/https/utilities/https-utilities index 1b1ee06..7591bc8 100755 --- a/src/https/utilities/https-utilities +++ b/src/https/utilities/https-utilities @@ -107,8 +107,8 @@ activate_certbot_certificate() { # There shouldn't be multiple domains here since we have no way to # support them, but account for the possibility by simply taking the - # first domain's certificates. - certdir="$(find "$CERTBOT_LIVE_DIRECTORY" -maxdepth 1 -mindepth 1 -printf "%P\n" | sort -n | head -1)" + # first domain's certificates. Ignore any READMEs. + certdir="$(find "$CERTBOT_LIVE_DIRECTORY" -maxdepth 1 -mindepth 1 -not -iname readme -printf "%P\n" | sort -n | head -1)" deactivate_certificates ln -s "$CERTBOT_LIVE_DIRECTORY/$certdir" "$LIVE_CERTS_DIRECTORY" From c94bb7d5886d76e4fb2f85005cf578c5e28b66cc Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 19 Nov 2018 09:24:35 -0800 Subject: [PATCH 180/416] CHANGELOG: update for 13.0.7snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 36c48b4..a636aac 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +v 13.0.7snap2 + - certbot: update to 0.28.0 + - tests: update all gems to latest + - README: add link to snap store + - snapcraft.yaml: use git version instead of hard-coding + v 13.0.7snap1 - apache: update to 2.4.37 - Add the ability to import/export install From 7ae344ff4a803fc44a3cef0f9ba24ccf70abe5c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sun, 25 Nov 2018 00:45:55 +0100 Subject: [PATCH 181/416] This PR resolves #794 by updating nextcloud to the latest stable version: 13.0.8. --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 96785e8..5a57ad8 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -151,8 +151,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-13.0.7.tar.bz2 - source-checksum: sha256/be7adaa9d1ade58f221cdabd093bdc7ddfe614d936f43f59f5311f6e904841ef + source: https://download.nextcloud.com/server/releases/nextcloud-13.0.8.tar.bz2 + source-checksum: sha256/984a5464aab423262cb3272a602e3f6b0ff5148e41b737ab29687eff71d4dc81 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 8326e02150d7b93156b1257f9ae9a937c38be978 Mon Sep 17 00:00:00 2001 From: bn4t <17193640+bn4t@users.noreply.github.com> Date: Sun, 9 Dec 2018 16:12:46 +0000 Subject: [PATCH 182/416] php: update to 7.1.25 Fixes #808 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 96785e8..8c4d181 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -165,8 +165,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.1.22.tar.bz2/from/this/mirror - source-checksum: sha256/c8e91f19c8aa810ae95f228ff31cf0e4805cb89f4c10870ee12c85491b26e763 + source: https://php.net/get/php-7.1.25.tar.bz2/from/this/mirror + source-checksum: sha256/002cdc880ac7cfaede2c389204d366108847db0f3ac72edf1ba95c0577f9aaac source-type: tar install-via: prefix configflags: From 2e18ca61a245f53f7ab63d583913119e9646de7b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 15 Dec 2018 16:21:16 -0800 Subject: [PATCH 183/416] CHANGELOG: update for 13.0.8snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index a636aac..6404243 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 13.0.8snap1 + - nextcloud: update to 13.0.8 + - php: update to 7.1.25 + v 13.0.7snap2 - certbot: update to 0.28.0 - tests: update all gems to latest diff --git a/README.md b/README.md index 630cfc2..61c0fa3 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 13.0.7 +- Nextcloud 13.0.8 - Apache 2.4 - PHP 7.1 - MySQL 5.7 From 5a4bf72ca950ec04b98488efd9dbf1822bbeedd2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 3 Jan 2019 09:07:29 -0800 Subject: [PATCH 184/416] ci: enable daily v14 and v15 Also disable daily v12 (it's no longer supported). Resolve #825. Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 45 ++++++++++++++++++++++++++++++++++++-------- .travis/cron.sh | 18 ++++++++++++------ 2 files changed, 49 insertions(+), 14 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 729cb93..e2ebfed 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -64,7 +64,7 @@ jobs: # Run the tests command: ./.circleci/runtests.sh - test-daily-v12: + test-daily-v13: working_directory: ~/nextcloud-snap machine: true steps: @@ -75,14 +75,14 @@ jobs: command: | sudo apt update -qq sudo apt install -y snapd - sudo snap install nextcloud --channel=12/edge + sudo snap install nextcloud --channel=13/edge sudo nextcloud.manual-install admin admin - run: # Run the tests command: ./.circleci/runtests.sh - test-daily-v13: + test-daily-v14: working_directory: ~/nextcloud-snap machine: true steps: @@ -93,7 +93,25 @@ jobs: command: | sudo apt update -qq sudo apt install -y snapd - sudo snap install nextcloud --channel=13/edge + sudo snap install nextcloud --channel=14/edge + sudo nextcloud.manual-install admin admin + + - run: + # Run the tests + command: ./.circleci/runtests.sh + + test-daily-v15: + working_directory: ~/nextcloud-snap + machine: true + steps: + - checkout + + - run: + # Install the snap and create an admin user + command: | + sudo apt update -qq + sudo apt install -y snapd + sudo snap install nextcloud --channel=15/edge sudo nextcloud.manual-install admin admin - run: @@ -116,7 +134,7 @@ workflows: jobs: [test-daily-master] - daily-v12: + daily-v13: triggers: - schedule: # 0700 UTC == 0000 PSC @@ -125,9 +143,9 @@ workflows: branches: only: develop - jobs: [test-daily-v12] + jobs: [test-daily-v13] - daily-v13: + daily-v14: triggers: - schedule: # 0700 UTC == 0000 PSC @@ -136,4 +154,15 @@ workflows: branches: only: develop - jobs: [test-daily-v13] + jobs: [test-daily-v14] + + daily-v15: + triggers: + - schedule: + # 0700 UTC == 0000 PSC + cron: "0 7 * * *" + filters: + branches: + only: develop + + jobs: [test-daily-v15] diff --git a/.travis/cron.sh b/.travis/cron.sh index 4efe7a8..d11d564 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -1,8 +1,9 @@ #!/bin/bash latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" -latest_stable12_url="https://download.nextcloud.com/server/daily/latest-stable12.tar.bz2" latest_stable13_url="https://download.nextcloud.com/server/daily/latest-stable13.tar.bz2" +latest_stable14_url="https://download.nextcloud.com/server/daily/latest-stable14.tar.bz2" +latest_stable15_url="https://download.nextcloud.com/server/daily/latest-stable15.tar.bz2" rewrite_snapcraft_yaml() { @@ -36,12 +37,17 @@ request_build \ "latest-master" "$latest_master_url" "master-$today" \ "From CI: Use Nextcloud latest master" -echo "Requesting build of latest 12..." -request_build \ - "latest-12" "$latest_stable12_url" "12-$today" \ - "From CI: Use Nextcloud latest 12" - echo "Requesting build of latest 13..." request_build \ "latest-13" "$latest_stable13_url" "13-$today" \ "From CI: Use Nextcloud latest 13" + +echo "Requesting build of latest 14..." +request_build \ + "latest-14" "$latest_stable14_url" "14-$today" \ + "From CI: Use Nextcloud latest 14" + +echo "Requesting build of latest 15..." +request_build \ + "latest-15" "$latest_stable15_url" "15-$today" \ + "From CI: Use Nextcloud latest 15" From e1a26e05dd9964fa622aef9fe9d5cdeba90fdd70 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 3 Jan 2019 10:55:49 -0800 Subject: [PATCH 185/416] ci: update rubygems for tests Resolve #827 Signed-off-by: Kyle Fazzari --- .circleci/runtests.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/runtests.sh b/.circleci/runtests.sh index 3dbdf8b..ce4d9cd 100755 --- a/.circleci/runtests.sh +++ b/.circleci/runtests.sh @@ -10,6 +10,7 @@ bash --login -c ' rvm install 2.4.0 rvm use 2.4.0 cd tests + gem update --system gem install bundler bundle install --deployment bundle exec rake test From 23e3ae29a59e6f56b74962661c03cb9a239a940d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 25 Nov 2018 12:43:35 -0800 Subject: [PATCH 186/416] nextcloud: update to 14.0.5 Also add service to add missing indices without user intervention. Resolve #706 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 11 +++++++++-- src/apache/bin/run-httpd | 2 +- src/nextcloud/bin/nextcloud-fixer | 10 ++++++++++ .../bin/{setup_nextcloud => setup-nextcloud} | 2 +- src/php/utilities/php-utilities | 2 +- 5 files changed, 22 insertions(+), 5 deletions(-) create mode 100755 src/nextcloud/bin/nextcloud-fixer rename src/nextcloud/bin/{setup_nextcloud => setup-nextcloud} (99%) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 283cea7..d82b5dd 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -93,6 +93,13 @@ apps: command: export-data plugs: [network, network-bind, removable-media] + # Service for automatically fixing Nextcloud indices, etc. + nextcloud-fixer: + command: nextcloud-fixer + daemon: simple + restart-condition: on-failure + plugs: [network, network-bind, removable-media] + hooks: configure: plugs: [network, network-bind] @@ -151,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-13.0.8.tar.bz2 - source-checksum: sha256/984a5464aab423262cb3272a602e3f6b0ff5148e41b737ab29687eff71d4dc81 + source: https://download.nextcloud.com/server/releases/nextcloud-14.0.5.tar.bz2 + source-checksum: sha256/af997a251bc9403a81ba161cf06df9caa71a42faf4557ddcd8f5d2974811745a organize: '*': htdocs/ '.htaccess': htdocs/.htaccess diff --git a/src/apache/bin/run-httpd b/src/apache/bin/run-httpd index 6f6e841..2cf89dd 100755 --- a/src/apache/bin/run-httpd +++ b/src/apache/bin/run-httpd @@ -8,7 +8,7 @@ chmod 750 "$SNAP_DATA/apache/logs" # Make sure Nextcloud is installed and running echo "Making sure nextcloud is setup..." -if ! setup_nextcloud; then +if ! setup-nextcloud; then echo "Failed to setup nextcloud" exit 1 fi diff --git a/src/nextcloud/bin/nextcloud-fixer b/src/nextcloud/bin/nextcloud-fixer new file mode 100755 index 0000000..b0a4a9e --- /dev/null +++ b/src/nextcloud/bin/nextcloud-fixer @@ -0,0 +1,10 @@ +#!/bin/sh + +# shellcheck source=src/apache/utilities/apache-utilities +. "$SNAP/utilities/apache-utilities" + +# By waiting for Apache we ensure that Nextcloud is setup and fully-updated +wait_for_apache + +# This command can be run without putting Nextcloud into maintenance mode +occ db:add-missing-indices diff --git a/src/nextcloud/bin/setup_nextcloud b/src/nextcloud/bin/setup-nextcloud similarity index 99% rename from src/nextcloud/bin/setup_nextcloud rename to src/nextcloud/bin/setup-nextcloud index dcf685b..3fc601f 100755 --- a/src/nextcloud/bin/setup_nextcloud +++ b/src/nextcloud/bin/setup-nextcloud @@ -49,7 +49,7 @@ fi # Finally, make sure nextcloud is up to date. The return code of the upgrade # can be used to determine the outcome: -# succes = 0; +# success = 0; # not installed = 1; # in maintenance mode = 2; # already up to date = 3; diff --git a/src/php/utilities/php-utilities b/src/php/utilities/php-utilities index 107f7c7..93d0067 100755 --- a/src/php/utilities/php-utilities +++ b/src/php/utilities/php-utilities @@ -1,6 +1,6 @@ #!/bin/sh -DEFAULT_MEMORY_LIMIT="128M" +DEFAULT_MEMORY_LIMIT="512M" export PHP_FPM_PIDFILE="/tmp/pids/php-fpm.pid" export PHP_FPM_SOCKET="/tmp/sockets/php-fpm.sock" From 3af96cef3da6631cfb18726baedf51b2e2c13245 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 10 Jan 2019 13:57:45 -0800 Subject: [PATCH 187/416] php: update to 7.1.26 Resolve #835 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index d82b5dd..9c76109 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.1.25.tar.bz2/from/this/mirror - source-checksum: sha256/002cdc880ac7cfaede2c389204d366108847db0f3ac72edf1ba95c0577f9aaac + source: https://php.net/get/php-7.1.26.tar.bz2/from/this/mirror + source-checksum: sha256/5b351ca86bc7e4600778aaf1d61ab9e4e38864efa86ab4cc4d5b02ea7f542ae6 source-type: tar install-via: prefix configflags: From cc07731df54930a8252b01d26482da4e1e1dd462 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 10 Jan 2019 13:54:48 -0800 Subject: [PATCH 188/416] CHANGELOG: update for 14.0.5snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 6 ++++++ README.md | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 6404243..351b30c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +v 14.0.5snap1 + - php: update to 7.1.26 + - nextcloud: update to 14.0.5 + - ci: update rubygems for tests + - ci: enable daily v14 and v15 + v 13.0.8snap1 - nextcloud: update to 13.0.8 - php: update to 7.1.25 diff --git a/README.md b/README.md index 61c0fa3..f74c233 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 13.0.8 +- Nextcloud 14.0.5 - Apache 2.4 - PHP 7.1 - MySQL 5.7 From 0983659e81d3764e9754ac0580400fd6df2e01a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Fri, 11 Jan 2019 23:20:07 +0100 Subject: [PATCH 189/416] This PR resolves #617 by updating PHP to the latest 7.2 release. --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 9c76109..13ea373 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.1.26.tar.bz2/from/this/mirror - source-checksum: sha256/5b351ca86bc7e4600778aaf1d61ab9e4e38864efa86ab4cc4d5b02ea7f542ae6 + source: https://php.net/get/php-7.2.14.tar.bz2/from/this/mirror + source-checksum: sha256/f56132d248c7bf1e0efc8a680a4b598d6ff73fc6b9c84b5d7b539ad8db7a6597 source-type: tar install-via: prefix configflags: From d3f49f9a24b1978e47e0a349b2d1d12b3164e23d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 12 Jan 2019 14:52:41 +0000 Subject: [PATCH 190/416] nextcloud: disable updatenotification before upgrade It seems that the updatenotification app is still installed for some folks even though it's been disabled in the snap since v10. It prevents the upgrade to v14: disable it before attempting the upgrade. Fix #838 Signed-off-by: Kyle Fazzari --- src/nextcloud/bin/setup-nextcloud | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/nextcloud/bin/setup-nextcloud b/src/nextcloud/bin/setup-nextcloud index 3fc601f..22bbed4 100755 --- a/src/nextcloud/bin/setup-nextcloud +++ b/src/nextcloud/bin/setup-nextcloud @@ -45,6 +45,11 @@ else occ config:system:set redis port --value=0 --type=integer occ config:system:set memcache.locking --value="\OC\Memcache\Redis" --type=string occ config:system:set memcache.local --value="\OC\Memcache\Redis" --type=string + + # It's possible for the updatenotification app to be installed (see + # https://github.com/nextcloud/nextcloud-snap/issues/838), and it'll + # interfere with the upgrade to v14. Disable it now. + occ app:disable updatenotification fi # Finally, make sure nextcloud is up to date. The return code of the upgrade From 4632e250c45ef45d278a34a00e56797cd97b0dbb Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 12 Jan 2019 16:23:50 +0000 Subject: [PATCH 191/416] CHANGELOG: update for 14.0.5snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 351b30c..598ec5e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 14.0.5snap2 + - nextcloud: disable updatenotification before upgrade + v 14.0.5snap1 - php: update to 7.1.26 - nextcloud: update to 14.0.5 From 05e1b853011676998bb2fd8fb5ae84540a9dc0f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sun, 13 Jan 2019 10:07:37 +0100 Subject: [PATCH 192/416] Modify the API date to 20170718 --- src/php/config/php.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/php/config/php.ini b/src/php/config/php.ini index 56e62a1..a211dc9 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -723,7 +723,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. ; http://php.net/extension-dir -extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20160303" +extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20170718" ; On windows: ; extension_dir = "ext" From 5d4d98109309f130188f583225ff0121f8062fb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sun, 13 Jan 2019 16:02:28 +0100 Subject: [PATCH 193/416] Fix debug mode test --- tests/spec/change_mode_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/spec/change_mode_spec.rb b/tests/spec/change_mode_spec.rb index 030b2ab..c2bb9de 100644 --- a/tests/spec/change_mode_spec.rb +++ b/tests/spec/change_mode_spec.rb @@ -63,7 +63,7 @@ def assert_php_signature # Verify that PHP adds an X-Powered-By header response = nextcloud_response expect(response.to_hash).to include "x-powered-by" - expect(response["x-powered-by"]).to match /PHP\/7\.1\.\d+/ + expect(response["x-powered-by"]).to match /PHP\/7\.2\.\d+/ end def nextcloud_response(url: "http://localhost") From 91f93dff05b885ba4ebc2c3fc658babab7d37df2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Sun, 13 Jan 2019 17:17:41 +0100 Subject: [PATCH 194/416] nextcloud: update to 14.0.6 Resolve #848 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 9c76109..7af968b 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-14.0.5.tar.bz2 - source-checksum: sha256/af997a251bc9403a81ba161cf06df9caa71a42faf4557ddcd8f5d2974811745a + source: https://download.nextcloud.com/server/releases/nextcloud-14.0.6.tar.bz2 + source-checksum: sha256/1a739b5c4a633d15e68d1db31f785c2e5926b877e165af62f740837077e2f45f organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From a2ff8670de01e05873ac4889c870396f2eaaf7db Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 24 Jan 2019 10:28:16 -0800 Subject: [PATCH 195/416] php: enable large file support on 32-bit systems Also enable it for any extensions. Do not enable it for 64-bit systems. Fix #792 Signed-off-by: Kyle Fazzari --- snap/plugins/x-php.py | 24 ++++++++++++------------ snap/snapcraft.yaml | 3 +-- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/snap/plugins/x-php.py b/snap/plugins/x-php.py index 83f66d7..3292b92 100644 --- a/snap/plugins/x-php.py +++ b/snap/plugins/x-php.py @@ -99,19 +99,7 @@ def clean_pull(self): if os.path.exists(self.extensions_directory): shutil.rmtree(self.extensions_directory) - def _replace_arch_triplet(self): - pattern = re.compile(r'ARCH_TRIPLET') - - old_configflags = self.options.configflags - self.options.configflags = [] - for flag in old_configflags: - self.options.configflags.append( - pattern.sub(self.project.arch_triplet, flag)) - def build(self): - # Replace ARCH_TRIPLET in options - self._replace_arch_triplet() - super().build() if self.extensions: @@ -136,3 +124,15 @@ def build(self): self.project.parallel_build_count)], cwd=extension_build_directory) self.run(['make', 'install'], cwd=extension_build_directory) + + def env(self, root): + env = super().env(root) + + if root == self.installdir or root == self.project.stage_dir: + largefile_cflags = self.run_output(['getconf', 'LFS_CFLAGS']) + if largefile_cflags: + env.append( + 'CFLAGS="$CFLAGS {}"'.format(largefile_cflags) + ) + + return env diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index d972116..ec2da24 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -190,7 +190,6 @@ parts: - --with-curl - --with-openssl - --with-bz2 - - --with-mcrypt - --enable-exif - --enable-intl - --enable-pcntl @@ -200,7 +199,7 @@ parts: - --enable-ftp # Enable ldap. - - --with-libdir=lib/ARCH_TRIPLET + - --with-libdir=lib/$SNAPCRAFT_ARCH_TRIPLET - --with-ldap stage-packages: # These are only included here until the OS snap stabilizes From 177e0f01794ad9b2cf678a57a1f549b4130a1342 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 25 Jan 2019 08:19:33 -0800 Subject: [PATCH 196/416] CHANGELOG: update for 14.0.6snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 598ec5e..f6cc25d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 14.0.6snap1 + - php: enable large file support on 32-bit systems + - nextcloud: update to 14.0.6 + - php: update to 7.2.14 + v 14.0.5snap2 - nextcloud: disable updatenotification before upgrade diff --git a/README.md b/README.md index f74c233..950cb33 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 14.0.5 +- Nextcloud 14.0.6 - Apache 2.4 -- PHP 7.1 +- PHP 7.2 - MySQL 5.7 - Redis 4.0 - mDNS for network discovery From 169976facc30edf2a878ffd1d2f0622103e880ac Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 29 Jan 2019 12:27:00 -0800 Subject: [PATCH 197/416] nextcloud: update to 15.0.2 Also add logic to nextcloud-fixer to run the `convert-filecache-bigint` job automatically. Resolve #812 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 9 ++- src/apache/utilities/apache-utilities | 11 ++-- src/common/utilities/common-utilities | 61 +++++++++++++++++++++ src/import-export/bin/export-data | 25 +-------- src/import-export/bin/import-data | 40 +++----------- src/mysql/utilities/mysql-utilities | 15 +++-- src/nextcloud/bin/nextcloud-fixer | 29 +++++++++- src/nextcloud/utilities/nextcloud-utilities | 24 +++++--- src/php/utilities/php-utilities | 11 ++-- src/redis/utilities/redis-utilities | 11 ++-- 10 files changed, 142 insertions(+), 94 deletions(-) create mode 100755 src/common/utilities/common-utilities diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index ec2da24..af9bcbc 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-14.0.6.tar.bz2 - source-checksum: sha256/1a739b5c4a633d15e68d1db31f785c2e5926b877e165af62f740837077e2f45f + source: https://download.nextcloud.com/server/releases/nextcloud-15.0.2.tar.bz2 + source-checksum: sha256/c1f4cc33e39994ddbe6777370b62c30b7ae52136a0530c0b9922770803ca0fea organize: '*': htdocs/ '.htaccess': htdocs/.htaccess @@ -250,6 +250,7 @@ parts: source: src/nextcloud/ organize: config/: htdocs/config/ + stage-packages: [jq] # Download the boost headers for MySQL. Note that the version used may need to # be updated if the version of MySQL changes. @@ -375,6 +376,10 @@ parts: source: src/import-export stage-packages: [rsync] + common: + plugin: dump + source: src/common/ + hooks: plugin: dump source: src/hooks/ diff --git a/src/apache/utilities/apache-utilities b/src/apache/utilities/apache-utilities index 18042b4..b21c3dd 100755 --- a/src/apache/utilities/apache-utilities +++ b/src/apache/utilities/apache-utilities @@ -1,5 +1,8 @@ #!/bin/sh +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" + DEFAULT_HTTP_PORT="80" DEFAULT_HTTPS_PORT="443" export APACHE_PIDFILE="/tmp/pids/httpd.pid" @@ -33,13 +36,7 @@ apache_is_running() wait_for_apache() { - if ! apache_is_running; then - printf "Waiting for Apache... " - while ! apache_is_running; do - sleep 1 - done - printf "done\n" - fi + wait_for_command "Waiting for Apache" apache_is_running } apache_pid() diff --git a/src/common/utilities/common-utilities b/src/common/utilities/common-utilities new file mode 100755 index 0000000..1fb33e7 --- /dev/null +++ b/src/common/utilities/common-utilities @@ -0,0 +1,61 @@ +#!/bin/sh + +stdout_is_a_terminal() +{ + [ -t 1 ] +} + +stderr_is_a_terminal() +{ + [ -t 2 ] +} + +run_command() +{ + # Ideally we could output these all on one line, but that only works with a + # terminal. Support both. + if stdout_is_a_terminal; then + printf "%s... " "$1" + else + echo "$1..." + fi + + shift + if output="$("$@" 2>&1)"; then + echo "done" + return 0 + else + echo "error" + echo "$output" + return 1 + fi +} + +wait_for_command() +{ + message="$1" + shift + if ! "$@"; then + # Ideally we could output these all on one line, but that only works with a + # terminal. Support both. + if stdout_is_a_terminal; then + printf "%s... " "$message" + else + echo "$message..." + fi + while ! "$@"; do + sleep 1 + done + echo "done" + fi +} + +enable_maintenance_mode() +{ + run_command "Enabling maintenance mode" occ maintenance:mode --on +} + +disable_maintenance_mode() +{ + run_command "Disabling maintenance mode" occ maintenance:mode --off +} diff --git a/src/import-export/bin/export-data b/src/import-export/bin/export-data index 94d3270..7ac5868 100755 --- a/src/import-export/bin/export-data +++ b/src/import-export/bin/export-data @@ -9,6 +9,8 @@ fi . "$SNAP/utilities/nextcloud-utilities" # shellcheck source=src/mysql/utilities/mysql-utilities . "$SNAP/utilities/mysql-utilities" +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" # shellcheck disable=SC2119 wait_for_mysql @@ -78,29 +80,6 @@ export_data() fi } -run_command() -{ - printf "%s... " "$2" - if output="$(eval "$1" 2>&1)"; then - echo "done" - return 0; - else - echo "error" - echo "$output" - return 1; - fi -} - -enable_maintenance_mode() -{ - run_command "occ maintenance:mode --on" "Enabling maintenance mode" -} - -disable_maintenance_mode() -{ - run_command "occ maintenance:mode --off" "Disabling maintenance mode" -} - do_export_apps=false do_export_database=false do_export_config=false diff --git a/src/import-export/bin/import-data b/src/import-export/bin/import-data index d2cdaee..e6388cb 100755 --- a/src/import-export/bin/import-data +++ b/src/import-export/bin/import-data @@ -9,6 +9,8 @@ fi . "$SNAP/utilities/nextcloud-utilities" # shellcheck source=src/mysql/utilities/mysql-utilities . "$SNAP/utilities/mysql-utilities" +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" # shellcheck disable=SC2119 wait_for_mysql @@ -35,7 +37,7 @@ import_apps() { backup_dir="${1%/}" apps_backup="${backup_dir}/apps" - run_command "rm -rf \"$SNAP_DATA/nextcloud/extra-apps\"" "Clearing existing non-default apps" + run_command "Clearing existing non-default apps" rm -rf "$SNAP_DATA/nextcloud/extra-apps" echo "Importing apps..." if ! rsync -ah --info=progress2 "$apps_backup/" "$SNAP_DATA/nextcloud/extra-apps"; then echo "Unable to import apps" @@ -49,12 +51,11 @@ import_database() database_backup="${backup_dir}/database.sql" # First, drop the database (if any) - run_command "run-mysql -e \"DROP DATABASE nextcloud\"" \ - "Dropping existing database" - run_command "run-mysql -e \"CREATE DATABASE nextcloud\"" \ - "Creating new database" - run_command "run-mysql -e \"GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost'\"" \ - "Granting database privileges to existing user" + run_command "Dropping existing database" run-mysql -e "DROP DATABASE nextcloud" + run_command "Creating new database" run-mysql -e "CREATE DATABASE nextcloud" + run_command "Granting database privileges to existing user" \ + run-mysql -e "GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost'" + # Now restore the database echo "Importing database..." @@ -83,7 +84,7 @@ import_data() { backup_dir="${1%/}" data_backup="${backup_dir}/data" - run_command "rm -rf \"$NEXTCLOUD_DATA_DIR\"" "Clearing existing data" + run_command "Clearing existing data" rm -rf "$NEXTCLOUD_DATA_DIR" echo "Importing data..." if ! rsync -ah --info=progress2 "$data_backup/" "$NEXTCLOUD_DATA_DIR"; then echo "Unable to import data" @@ -91,29 +92,6 @@ import_data() fi } -run_command() -{ - printf "%s... " "$2" - if output="$(eval "$1" 2>&1)"; then - echo "done" - return 0; - else - echo "error" - echo "$output" - return 1; - fi -} - -enable_maintenance_mode() -{ - run_command "occ maintenance:mode --on" "Enabling maintenance mode" -} - -disable_maintenance_mode() -{ - run_command "occ maintenance:mode --off" "Disabling maintenance mode" -} - do_import_apps=false do_import_database=false do_import_config=false diff --git a/src/mysql/utilities/mysql-utilities b/src/mysql/utilities/mysql-utilities index 5ae2c82..a03e3ed 100755 --- a/src/mysql/utilities/mysql-utilities +++ b/src/mysql/utilities/mysql-utilities @@ -1,5 +1,8 @@ #!/bin/sh +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" + export MYSQL_PIDFILE="/tmp/pids/mysql.pid" export MYSQL_SOCKET="/tmp/sockets/mysql.sock" export NEXTCLOUD_PASSWORD_FILE="$SNAP_DATA/mysql/nextcloud_password" @@ -7,8 +10,10 @@ MYSQL_SETUP_LOCKFILE="/tmp/locks/mysql-setup" mkdir -p "$(dirname "$MYSQL_PIDFILE")" mkdir -p "$(dirname "$MYSQL_SOCKET")" +mkdir -p "$(dirname "$MYSQL_SETUP_LOCKFILE")" chmod 750 "$(dirname "$MYSQL_PIDFILE")" chmod 750 "$(dirname "$MYSQL_SOCKET")" +chmod 750 "$(dirname "$MYSQL_SETUP_LOCKFILE")" mysql_is_running() { @@ -21,13 +26,7 @@ wait_for_mysql() { # Arguments: # -f: Force the check, i.e. ignore if it's currently in setup - if ! mysql_is_running "$@"; then - printf "Waiting for MySQL... " - while ! mysql_is_running "$@"; do - sleep 1 - done - printf "done\n" - fi + wait_for_command "Waiting for MySQL" mysql_is_running "$@" } mysql_setup_running() @@ -47,7 +46,7 @@ set_mysql_setup_not_running() mysql_pid() { - if mysql_is_running; then + if mysql_is_running ""; then cat "$MYSQL_PIDFILE" else echo "Unable to get MySQL PID as it's not yet running" >&2 diff --git a/src/nextcloud/bin/nextcloud-fixer b/src/nextcloud/bin/nextcloud-fixer index b0a4a9e..de47484 100755 --- a/src/nextcloud/bin/nextcloud-fixer +++ b/src/nextcloud/bin/nextcloud-fixer @@ -2,9 +2,34 @@ # shellcheck source=src/apache/utilities/apache-utilities . "$SNAP/utilities/apache-utilities" +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" # By waiting for Apache we ensure that Nextcloud is setup and fully-updated wait_for_apache -# This command can be run without putting Nextcloud into maintenance mode -occ db:add-missing-indices +if nextcloud_is_installed; then + # This command can be run without putting Nextcloud into maintenance mode + occ db:add-missing-indices --no-interaction + + # Unfortunately convert-filecache-bigint requires that Nextcloud be in maintenance + # mode, and can take some time. + if ! enable_maintenance_mode; then + echo "Unable to enter maintenance mode" >&2 + sleep 10 # Give it a few seconds before bailing so systemd doesn't throttle + exit 1 + fi + trap 'disable_maintenance_mode' EXIT + + occ db:convert-filecache-bigint --no-interaction +else + wait_for_nextcloud_to_be_installed + + # Technically convert-filecache-bigint should be run under maintenance mode, but + # there really isn't anything to go wrong on a fresh install, and the UX of enabling + # maintenance mode as soon as an admin account is created is awful. + occ db:add-missing-indices --no-interaction + occ db:convert-filecache-bigint --no-interaction +fi diff --git a/src/nextcloud/utilities/nextcloud-utilities b/src/nextcloud/utilities/nextcloud-utilities index d2a9e42..679efc5 100644 --- a/src/nextcloud/utilities/nextcloud-utilities +++ b/src/nextcloud/utilities/nextcloud-utilities @@ -1,5 +1,8 @@ #!/bin/sh +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" + export NEXTCLOUD_CONFIG_DIR="$SNAP_DATA/nextcloud/config" export NEXTCLOUD_DATA_DIR="$SNAP_COMMON/nextcloud/data" DEFAULT_CRONJOB_INTERVAL="15m" @@ -11,13 +14,20 @@ nextcloud_is_configured() wait_for_nextcloud_to_be_configured() { - if ! nextcloud_is_configured; then - printf "Waiting for Nextcloud to be configured... " - while ! nextcloud_is_configured; do - sleep 1 - done - printf "done\n" - fi + wait_for_command "Waiting for Nextcloud to be configured" nextcloud_is_configured +} + +# Nextcloud doesn't consider itself "installed" until the admin account has been created +nextcloud_is_installed() +{ + # Urgh, occ still prints text warnings even with JSON output. Thus fromjson?. + installed="$(occ status --output=json | jq -R 'fromjson? | .installed')" + [ "$installed" = "true" ] +} + +wait_for_nextcloud_to_be_installed() +{ + wait_for_command "Waiting for Nextcloud to be installed" nextcloud_is_installed } cronjob_interval() diff --git a/src/php/utilities/php-utilities b/src/php/utilities/php-utilities index 93d0067..d52cab1 100755 --- a/src/php/utilities/php-utilities +++ b/src/php/utilities/php-utilities @@ -1,5 +1,8 @@ #!/bin/sh +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" + DEFAULT_MEMORY_LIMIT="512M" export PHP_FPM_PIDFILE="/tmp/pids/php-fpm.pid" export PHP_FPM_SOCKET="/tmp/sockets/php-fpm.sock" @@ -35,13 +38,7 @@ php_is_running() wait_for_php() { - if ! php_is_running; then - printf "Waiting for PHP... " - while ! php_is_running; do - sleep 1 - done - printf "done\n" - fi + wait_for_command "Waiting for PHP" php_is_running } php_pid() diff --git a/src/redis/utilities/redis-utilities b/src/redis/utilities/redis-utilities index 0964542..e6283f4 100755 --- a/src/redis/utilities/redis-utilities +++ b/src/redis/utilities/redis-utilities @@ -1,5 +1,8 @@ #!/bin/sh +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" + export REDIS_PIDFILE="/tmp/pids/redis.pid" export REDIS_SOCKET="/tmp/sockets/redis.sock" @@ -15,13 +18,7 @@ redis_is_running() wait_for_redis() { - if ! redis_is_running; then - printf "Waiting for redis... " - while ! redis_is_running; do - sleep 1 - done - printf "done\n" - fi + wait_for_command "Waiting for redis" redis_is_running } redis_pid() From 0adf89c3df94a0501e35dbe6937845c958e08735 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 30 Jan 2019 16:09:14 -0800 Subject: [PATCH 198/416] apache: update to 2.4.38 Resolve #869 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index af9bcbc..be47f53 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -107,8 +107,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.37.tar.bz2 - source-checksum: sha256/3498dc5c6772fac2eb7307dc7963122ffe243b5e806e0be4fb51974ff759d726 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.38.tar.bz2 + source-checksum: sha256/7dc65857a994c98370dc4334b260101a7a04be60e6e74a5c57a6dee1bc8f394a override-pull: | snapcraftctl pull From 2f2e1529e79b7ff0cd96f2dce949cee8f5c3d895 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 30 Jan 2019 20:56:12 -0800 Subject: [PATCH 199/416] CHANGELOG: update for 15.0.2snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index f6cc25d..f382167 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 15.0.2snap1 + - apache: update to 2.4.38 + - nextcloud: update to 15.0.2 + v 14.0.6snap1 - php: enable large file support on 32-bit systems - nextcloud: update to 14.0.6 diff --git a/README.md b/README.md index 950cb33..653e191 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 14.0.6 +- Nextcloud 15.0.2 - Apache 2.4 - PHP 7.2 - MySQL 5.7 From 4f52accd08138db32744ddff5c4a1ea4d61d28b2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 2 Feb 2019 09:57:35 -0800 Subject: [PATCH 200/416] nextcloud-fixer: disable theming app on new installs This prevents the warning about imagick being required unless someone requires and enables the theming app. Resolve #875 Signed-off-by: Kyle Fazzari --- src/nextcloud/bin/nextcloud-fixer | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/nextcloud/bin/nextcloud-fixer b/src/nextcloud/bin/nextcloud-fixer index de47484..b66006e 100755 --- a/src/nextcloud/bin/nextcloud-fixer +++ b/src/nextcloud/bin/nextcloud-fixer @@ -27,6 +27,11 @@ if nextcloud_is_installed; then else wait_for_nextcloud_to_be_installed + # Disable the theming app. It requires imagick (which the snap doesn't ship) and + # displays a warning if it's not installed. This way, the warning is only shown if + # someone needs and enables the theming app. + run_command "Disabling theming by default" occ app:disable theming + # Technically convert-filecache-bigint should be run under maintenance mode, but # there really isn't anything to go wrong on a fresh install, and the UX of enabling # maintenance mode as soon as an admin account is created is awful. From 086a1b78c91093786713374e398e1db857058012 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 2 Feb 2019 15:11:04 -0800 Subject: [PATCH 201/416] CHANGELOG: update for 15.0.2snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index f382167..de2ea59 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 15.0.2snap2 + - nextcloud-fixer: disable theming app on new installs + v 15.0.2snap1 - apache: update to 2.4.38 - nextcloud: update to 15.0.2 From eb71ff28c582eaef2c61ad6b3c75ce1552ee6557 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 8 Feb 2019 10:59:55 -0800 Subject: [PATCH 202/416] nextcloud: update to 15.0.4 Resolve #889 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index be47f53..c6b7bf7 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-15.0.2.tar.bz2 - source-checksum: sha256/c1f4cc33e39994ddbe6777370b62c30b7ae52136a0530c0b9922770803ca0fea + source: https://download.nextcloud.com/server/releases/nextcloud-15.0.4.tar.bz2 + source-checksum: sha256/f87db047c174f563e391a22c959d9ace767ca14ef0f97fc394f3061fc63d8f77 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 0dd4149f685001c1355c1ff4f1073b970fcb805f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 18 Feb 2019 15:13:54 -0500 Subject: [PATCH 203/416] CHANGELOG: update for 15.0.4snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index de2ea59..45edd6e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 15.0.4snap1 + - nextcloud: update to 15.0.4 + v 15.0.2snap2 - nextcloud-fixer: disable theming app on new installs diff --git a/README.md b/README.md index 653e191..1f7da8c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 15.0.2 +- Nextcloud 15.0.4 - Apache 2.4 - PHP 7.2 - MySQL 5.7 From 9aff25504bbd230e753affdc0a3a0576e6b654d7 Mon Sep 17 00:00:00 2001 From: James Bream Date: Sat, 23 Feb 2019 17:03:41 +0000 Subject: [PATCH 204/416] Redis: Update to 4.0.13 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c6b7bf7..6d4dff1 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -227,8 +227,8 @@ parts: redis: plugin: redis - source: http://download.redis.io/releases/redis-4.0.11.tar.gz - source-checksum: sha256/fc53e73ae7586bcdacb4b63875d1ff04f68c5474c1ddeda78f00e5ae2eed1bbb + source: http://download.redis.io/releases/redis-4.0.13.tar.gz + source-checksum: sha256/17d955227966dcd68590be6139e5fe7f2d19fc4fb7334248a904ea9cdd30c1d4 redis-customizations: plugin: dump From c64a1d213c46d62ceffccce1aeb40faf7ccc697d Mon Sep 17 00:00:00 2001 From: James Bream Date: Sat, 23 Feb 2019 18:03:02 +0000 Subject: [PATCH 205/416] MySQL: Update to 5.7.25 --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c6b7bf7..78389b7 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -272,7 +272,7 @@ parts: mysql: plugin: cmake source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.22 + source-tag: mysql-5.7.25 source-depth: 1 override-pull: | snapcraftctl pull From 7df1a611e68f52030cd08f7b8521e1345b9b0015 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 1 Mar 2019 07:51:11 -0800 Subject: [PATCH 206/416] nextcloud: update to 15.0.5 Resolve #916 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c6b7bf7..5d86d44 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-15.0.4.tar.bz2 - source-checksum: sha256/f87db047c174f563e391a22c959d9ace767ca14ef0f97fc394f3061fc63d8f77 + source: https://download.nextcloud.com/server/releases/nextcloud-15.0.5.tar.bz2 + source-checksum: sha256/4661869b797a340cd967abb3dbe6931b375434e0a44480346a27ccd73250b988 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 9e130aa27b83365b5ac219dc58f4ab5d8a31c501 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 1 Mar 2019 22:15:47 -0800 Subject: [PATCH 207/416] CHANGELOG: update for 15.0.5snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 45edd6e..e621797 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 15.0.5snap1 + - nextcloud: update to 15.0.5 + - mysql: update to 5.7.25 + - redis: update to 4.0.13 + v 15.0.4snap1 - nextcloud: update to 15.0.4 diff --git a/README.md b/README.md index 1f7da8c..bd591e9 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 15.0.4 +- Nextcloud 15.0.5 - Apache 2.4 - PHP 7.2 - MySQL 5.7 From 31832059e365d6ef041eeb58820ed41597990811 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 12 Mar 2019 08:56:26 -0700 Subject: [PATCH 208/416] php: update to 7.2.16 Resolve #925 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 40e4946..9e25743 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.2.14.tar.bz2/from/this/mirror - source-checksum: sha256/f56132d248c7bf1e0efc8a680a4b598d6ff73fc6b9c84b5d7b539ad8db7a6597 + source: https://php.net/get/php-7.2.16.tar.bz2/from/this/mirror + source-checksum: sha256/2c0ad10053d58694cd14323248ecd6d9ba71d2733d160973c356ad01d09e7f38 source-type: tar install-via: prefix configflags: From c1e4a641e22943947f0f06eac504d3338e8281c2 Mon Sep 17 00:00:00 2001 From: Mitch Spradlin Date: Thu, 14 Feb 2019 19:41:29 -0800 Subject: [PATCH 209/416] apache: don't redirect Let's Encrypt to HTTPS Fix #896 Signed-off-by: Kyle Fazzari --- src/apache/conf/ssl.conf | 2 ++ tests/spec/change_port_spec.rb | 21 +++++++++++++++++++++ tests/spec/spec_helper.rb | 4 ++-- 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index 95c22e8..ab2dfc5 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -77,6 +77,8 @@ SSLRandomSeed connect file:/dev/urandom 512 # Disable HTTP TRACK method. RewriteCond %{REQUEST_METHOD} ^TRACK RewriteRule .* - [R=405,L] + # Do not redirect Let's Encrypt challenge requests + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.* # Redirect everything else to HTTPS RewriteRule ^ https://%{SERVER_NAME}:${HTTPS_PORT}%{REQUEST_URI} [END,QSA,R=permanent] diff --git a/tests/spec/change_port_spec.rb b/tests/spec/change_port_spec.rb index 1feecad..0d954fe 100644 --- a/tests/spec/change_port_spec.rb +++ b/tests/spec/change_port_spec.rb @@ -65,6 +65,17 @@ assert_uri(https: true, port: 444) end + scenario "Let's Encrypt challenge request" do + enable_https + + # Assert we do not redirect under the four possibilities for + # changing or not changing ports + assert_lets_encrypt_challenge(http_port: 80, https_port: 443) + assert_lets_encrypt_challenge(http_port: 80, https_port: 444) + assert_lets_encrypt_challenge(http_port: 81, https_port: 443) + assert_lets_encrypt_challenge(http_port: 81, https_port: 444) + end + protected def assert_uri(https:, port:) @@ -91,4 +102,14 @@ def assert_logged_in visit "/" expect(page).to have_content "Documents" end + + def assert_lets_encrypt_challenge(http_port:, https_port:) + `sudo snap set nextcloud ports.http=#{http_port} ports.https=#{https_port}` + expect($?.to_i).to eq 0 + wait_for_nextcloud(https: false, port: http_port) + Capybara.app_host = "http://localhost:#{http_port}" + + visit "/.well-known/acme-challenge/a-challenge-path" + assert_uri(https: false, port: http_port) + end end diff --git a/tests/spec/spec_helper.rb b/tests/spec/spec_helper.rb index 70ad120..37b376a 100644 --- a/tests/spec/spec_helper.rb +++ b/tests/spec/spec_helper.rb @@ -142,7 +142,7 @@ RSpec.configuration.headless.destroy end - config.after(:all) do + config.after(:each) do # After each test, make sure the ports are reset `sudo snap set nextcloud ports.http=80 ports.https=443` expect($?.to_i).to eq 0 @@ -165,7 +165,7 @@ # Make sure any and all backups are removed `sudo rm -rf /var/snap/nextcloud/common/backups` - # Make sure we're usin the normal, HTTP host again + # Make sure we're using the normal, HTTP host again Capybara.app_host = 'http://localhost' end From e880e723ce8e25d5221b21ae27b51edf09962300 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 16 Mar 2019 12:39:39 -0700 Subject: [PATCH 210/416] apache: disable TLS 1.0 and 1.1 and strengthen ciphers Balancing client support and security, now seems a good time to disable TLS 1.0 and 1.1 and update the cipher list in such a way that both SSL Labs and testssl.sh are happy: - Limit ciphers to those that support forward secrecy - Get rid of CBC ciphers Resolve #616 Resolve #737 Signed-off-by: Kyle Fazzari --- src/apache/conf/ssl.conf | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index ab2dfc5..4728c16 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -40,8 +40,8 @@ LoadModule ssl_module modules/mod_ssl.so # Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be # disabled as quickly as practical. By the end of 2016, only the TLSv1.2 # protocol or later should remain in use. -SSLProtocol all -SSLv3 -SSLProxyProtocol all -SSLv3 +SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 +SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1 # Pass Phrase Dialog: # Configure the pass phrase gathering process. @@ -93,7 +93,11 @@ SSLRandomSeed connect file:/dev/urandom 512 SSLEngine on SSLHonorCipherOrder On - SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS; + SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384 + + # Ensure perfect forward secrecy isn't compromised; the server doesn't + # necessarily restart regularly. + SSLSessionTickets off SSLCertificateFile ${SNAP_DATA}/certs/live/cert.pem SSLCertificateKeyFile ${SNAP_DATA}/certs/live/privkey.pem From 8d8420abda74dc740a049eeec2c5104e6d439da9 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 23 Mar 2019 15:46:49 -0700 Subject: [PATCH 211/416] CHANGELOG: update for 15.0.5snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index e621797..38e388b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 15.0.5snap2 + - apache: disable TLS 1.0 and 1.1 and strengthen ciphers + - apache: don't redirect Let's Encrypt to HTTPS + - php: update to 7.2.16 + v 15.0.5snap1 - nextcloud: update to 15.0.5 - mysql: update to 5.7.25 From 5aace797f45651cb9f45659456b533cab6e0376e Mon Sep 17 00:00:00 2001 From: stondino00 <47676943+stondino00@users.noreply.github.com> Date: Tue, 2 Apr 2019 21:21:06 -0500 Subject: [PATCH 212/416] apache: update to 2.4.39 Resolve #952 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 9e25743..3a0307c 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -107,8 +107,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.38.tar.bz2 - source-checksum: sha256/7dc65857a994c98370dc4334b260101a7a04be60e6e74a5c57a6dee1bc8f394a + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.39.tar.bz2 + source-checksum: sha256/b4ca9d05773aa59b54d66cd8f4744b945289f084d3be17d7981d1783a5decfa2 override-pull: | snapcraftctl pull From dbaa751a5c1ff87343e6a9285e7b3dd3cc541b8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Thu, 4 Apr 2019 23:16:33 +0200 Subject: [PATCH 213/416] php: update to 7.2.17 Resolve #956 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3a0307c..4bf095f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.2.16.tar.bz2/from/this/mirror - source-checksum: sha256/2c0ad10053d58694cd14323248ecd6d9ba71d2733d160973c356ad01d09e7f38 + source: https://php.net/get/php-7.2.17.tar.bz2/from/this/mirror + source-checksum: sha256/91a811ab6f6d7acb312159cf6b0a3cffe968676fdebf042e9253245cc6094f75 source-type: tar install-via: prefix configflags: From fd6149a4993e172cf5e3e6a6d42c81e16d0d6ac5 Mon Sep 17 00:00:00 2001 From: stondino00 <47676943+stondino00@users.noreply.github.com> Date: Thu, 4 Apr 2019 07:05:13 -0500 Subject: [PATCH 214/416] nextcloud: update to 15.0.7 Resolve #958 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 4bf095f..1ad20a4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-15.0.5.tar.bz2 - source-checksum: sha256/4661869b797a340cd967abb3dbe6931b375434e0a44480346a27ccd73250b988 + source: https://download.nextcloud.com/server/releases/nextcloud-15.0.7.tar.bz2 + source-checksum: sha256/3e6158951fa72010ccd50dbeac05d8df162183f7bbc62a1c6c89ed7081fa9d49 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 757206f6a15d1f1aa0d5fa22c180425c65576805 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 9 Apr 2019 15:41:23 -0700 Subject: [PATCH 215/416] CHANGELOG: update for 15.0.7snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 38e388b..f93db29 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 15.0.7snap1 + - nextcloud: update to 15.0.7 + - php: update to 7.2.17 + - apache: update to 2.4.39 + v 15.0.5snap2 - apache: disable TLS 1.0 and 1.1 and strengthen ciphers - apache: don't redirect Let's Encrypt to HTTPS diff --git a/README.md b/README.md index bd591e9..60f2ac8 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 15.0.5 +- Nextcloud 15.0.7 - Apache 2.4 - PHP 7.2 - MySQL 5.7 From dfc84b3a86869071810622ebd44e1fde5960fd65 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 11 Apr 2019 16:12:00 -0500 Subject: [PATCH 216/416] ci: disable v13 dailies Resolve #964 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 29 ----------------------------- .travis/cron.sh | 6 ------ 2 files changed, 35 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e2ebfed..71333a5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -64,24 +64,6 @@ jobs: # Run the tests command: ./.circleci/runtests.sh - test-daily-v13: - working_directory: ~/nextcloud-snap - machine: true - steps: - - checkout - - - run: - # Install the snap and create an admin user - command: | - sudo apt update -qq - sudo apt install -y snapd - sudo snap install nextcloud --channel=13/edge - sudo nextcloud.manual-install admin admin - - - run: - # Run the tests - command: ./.circleci/runtests.sh - test-daily-v14: working_directory: ~/nextcloud-snap machine: true @@ -134,17 +116,6 @@ workflows: jobs: [test-daily-master] - daily-v13: - triggers: - - schedule: - # 0700 UTC == 0000 PSC - cron: "0 7 * * *" - filters: - branches: - only: develop - - jobs: [test-daily-v13] - daily-v14: triggers: - schedule: diff --git a/.travis/cron.sh b/.travis/cron.sh index d11d564..22c83f6 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -1,7 +1,6 @@ #!/bin/bash latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" -latest_stable13_url="https://download.nextcloud.com/server/daily/latest-stable13.tar.bz2" latest_stable14_url="https://download.nextcloud.com/server/daily/latest-stable14.tar.bz2" latest_stable15_url="https://download.nextcloud.com/server/daily/latest-stable15.tar.bz2" @@ -37,11 +36,6 @@ request_build \ "latest-master" "$latest_master_url" "master-$today" \ "From CI: Use Nextcloud latest master" -echo "Requesting build of latest 13..." -request_build \ - "latest-13" "$latest_stable13_url" "13-$today" \ - "From CI: Use Nextcloud latest 13" - echo "Requesting build of latest 14..." request_build \ "latest-14" "$latest_stable14_url" "14-$today" \ From 901c0a7f57f2ccbc951bb10873f857aa4847f87c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 17 Apr 2019 11:13:19 -0700 Subject: [PATCH 217/416] README: add file paths to "where is my stuff" Signed-off-by: Kyle Fazzari --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 60f2ac8..fdb3355 100644 --- a/README.md +++ b/README.md @@ -162,14 +162,14 @@ There are a few CLI utilities included: ## Where is my stuff? -- `$SNAP_DATA`: +- `$SNAP_DATA` (`/var/snap/nextcloud/current/` by default) - Apache, PHP, MySQL, and Redis logs - Keys and certificates - MySQL database - Redis database - Nextcloud config - Any Nextcloud apps installed by the user -- `$SNAP_COMMON` +- `$SNAP_COMMON` (`/var/snap/nextcloud/common/` by default) - Nextcloud data - Nextcloud logs From 7675add4e4d95da1c0f40dfe25d5fc7ae3c20771 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 17 Apr 2019 11:24:07 -0700 Subject: [PATCH 218/416] README: add config file path to tool section Signed-off-by: Kyle Fazzari --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fdb3355..a333cd5 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,10 @@ headers and error pages. Debug mode can be enabled with: There are a few CLI utilities included: - `nextcloud.occ`: - - Nextcloud's `occ` configuration tool. Note that it requires `sudo`. + - Nextcloud's `occ` configuration tool. You can always edit the config file + directly (`/var/snap/nextcloud/current/nextcloud/config/config.php`) but + the configuration tool provides a CLI interface for it. See + `nextcloud.occ -h` for more information. Note that it requires `sudo`. - `nextcloud.mysql-client`: - MySQL client preconfigured to communicate with Nextcloud MySQL server. This may be useful in case you need to migrate Nextcloud installations. From 7973f9be94e3aa72b4f5d7fed15ab327f462ee73 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 25 Apr 2019 11:49:02 -0700 Subject: [PATCH 219/416] certbot: update to 0.33.1 Resolve #974 Signed-off-by: Kyle Fazzari --- .../patches/remove_default_config_files.patch | 9 +++--- src/https/requirements.txt | 30 +++++++++---------- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/src/https/patches/remove_default_config_files.patch b/src/https/patches/remove_default_config_files.patch index d2929d8..e129406 100644 --- a/src/https/patches/remove_default_config_files.patch +++ b/src/https/patches/remove_default_config_files.patch @@ -1,12 +1,11 @@ -diff -Naur a/constants.py b/constants.py ---- a/constants.py 2018-05-12 22:08:50.233116726 +0000 -+++ b/constants.py 2018-05-12 21:54:54.127861465 +0000 -@@ -13,12 +13,7 @@ +--- a/constants.py 2019-04-25 13:54:51.740610037 -0700 ++++ b/constants.py 2019-04-25 13:55:14.996430304 -0700 +@@ -15,12 +15,7 @@ """Plugins Setuptools entry point before rename.""" CLI_DEFAULTS = dict( - config_files=[ -- "/etc/letsencrypt/cli.ini", +- os.path.join(misc.get_default_folder('config'), 'cli.ini'), - # http://freedesktop.org/wiki/Software/xdg-user-dirs/ - os.path.join(os.environ.get("XDG_CONFIG_HOME", "~/.config"), - "letsencrypt", "cli.ini"), diff --git a/src/https/requirements.txt b/src/https/requirements.txt index b686121..9504c54 100644 --- a/src/https/requirements.txt +++ b/src/https/requirements.txt @@ -1,29 +1,29 @@ -acme==0.28.0 +acme==0.33.1 asn1crypto==0.24.0 -certbot==0.28.0 -certifi==2018.10.15 -cffi==1.11.5 +certbot==0.33.1 +certifi==2019.3.9 +cffi==1.12.3 chardet==3.0.4 -ConfigArgParse==0.13.0 +ConfigArgParse==0.14.0 configobj==5.0.6 -cryptography==2.4.1 +cryptography==2.6.1 future==0.17.1 -idna==2.7 +idna==2.8 josepy==1.1.0 mock==2.0.0 parsedatetime==2.4 -pbr==5.1.1 +pbr==5.1.3 pycparser==2.19 -pyOpenSSL==18.0.0 +pyOpenSSL==19.0.0 pyRFC3339==1.1 -pytz==2018.7 -requests==2.20.1 -requests-toolbelt==0.8.0 -six==1.11.0 -urllib3==1.24.1 +pytz==2019.1 +requests==2.21.0 +requests-toolbelt==0.9.1 +six==1.12.0 +urllib3==1.24.2 zope.component==4.5 zope.deferredimport==4.3 -zope.deprecation==4.3.0 +zope.deprecation==4.4.0 zope.event==4.4 zope.hookable==4.2.0 zope.interface==4.6.0 From 6e85fc11c28d6aa1e1dfa1be63b75722f43896e7 Mon Sep 17 00:00:00 2001 From: stondino00 <47676943+stondino00@users.noreply.github.com> Date: Thu, 25 Apr 2019 08:35:35 -0500 Subject: [PATCH 220/416] mysql: update to 5.7.26 Signed-off-by: stondino00 <47676943+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 1ad20a4..e7c99cd 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -272,7 +272,7 @@ parts: mysql: plugin: cmake source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.25 + source-tag: mysql-5.7.26 source-depth: 1 override-pull: | snapcraftctl pull From 6948b1236b18fb073f5967afbb06aa2db73af6af Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 25 Apr 2019 09:29:42 -0700 Subject: [PATCH 221/416] tests: move from webkit to chrome Also ensure `occ` is always called with the non-interactive flag so that it doesn't prompt (something that started happening in v16 and master). Resolve #976 Signed-off-by: Kyle Fazzari --- .circleci/runtests.sh | 4 +- src/common/utilities/common-utilities | 4 +- src/nextcloud/bin/nextcloud-fixer | 10 +- src/nextcloud/bin/setup-nextcloud | 16 ++- src/nextcloud/utilities/nextcloud-utilities | 2 +- tests/Gemfile | 7 +- tests/Gemfile.lock | 34 ++--- tests/spec/change_mode_spec.rb | 95 ++++++------- tests/spec/change_php_memory_limit_spec.rb | 21 +-- tests/spec/change_port_spec.rb | 142 ++++++++++---------- tests/spec/enable_https_spec.rb | 6 +- tests/spec/import_export_spec.rb | 3 +- tests/spec/login_spec.rb | 6 +- tests/spec/spec_helper.rb | 66 ++++----- 14 files changed, 204 insertions(+), 212 deletions(-) diff --git a/.circleci/runtests.sh b/.circleci/runtests.sh index ce4d9cd..8569010 100755 --- a/.circleci/runtests.sh +++ b/.circleci/runtests.sh @@ -1,7 +1,7 @@ #!/bin/sh -# Install dependencies for the gems -sudo apt install qt5-default libqt5webkit5-dev xvfb -y +# Note that the tests require chrome and chromedriver, but the CircleCI machine +# executor image already contains both. # In order to use rvm, we need a login shell. We need to install # Ruby v2.4.0 (the older version that is the default doesn't handle diff --git a/src/common/utilities/common-utilities b/src/common/utilities/common-utilities index 1fb33e7..4698ac6 100755 --- a/src/common/utilities/common-utilities +++ b/src/common/utilities/common-utilities @@ -52,10 +52,10 @@ wait_for_command() enable_maintenance_mode() { - run_command "Enabling maintenance mode" occ maintenance:mode --on + run_command "Enabling maintenance mode" occ -n maintenance:mode --on } disable_maintenance_mode() { - run_command "Disabling maintenance mode" occ maintenance:mode --off + run_command "Disabling maintenance mode" occ -n maintenance:mode --off } diff --git a/src/nextcloud/bin/nextcloud-fixer b/src/nextcloud/bin/nextcloud-fixer index b66006e..c87b112 100755 --- a/src/nextcloud/bin/nextcloud-fixer +++ b/src/nextcloud/bin/nextcloud-fixer @@ -12,7 +12,7 @@ wait_for_apache if nextcloud_is_installed; then # This command can be run without putting Nextcloud into maintenance mode - occ db:add-missing-indices --no-interaction + occ -n db:add-missing-indices # Unfortunately convert-filecache-bigint requires that Nextcloud be in maintenance # mode, and can take some time. @@ -23,18 +23,18 @@ if nextcloud_is_installed; then fi trap 'disable_maintenance_mode' EXIT - occ db:convert-filecache-bigint --no-interaction + occ -n db:convert-filecache-bigint else wait_for_nextcloud_to_be_installed # Disable the theming app. It requires imagick (which the snap doesn't ship) and # displays a warning if it's not installed. This way, the warning is only shown if # someone needs and enables the theming app. - run_command "Disabling theming by default" occ app:disable theming + run_command "Disabling theming by default" occ -n app:disable theming # Technically convert-filecache-bigint should be run under maintenance mode, but # there really isn't anything to go wrong on a fresh install, and the UX of enabling # maintenance mode as soon as an admin account is created is awful. - occ db:add-missing-indices --no-interaction - occ db:convert-filecache-bigint --no-interaction + occ -n db:add-missing-indices + occ -n db:convert-filecache-bigint fi diff --git a/src/nextcloud/bin/setup-nextcloud b/src/nextcloud/bin/setup-nextcloud index 22bbed4..3750b8f 100755 --- a/src/nextcloud/bin/setup-nextcloud +++ b/src/nextcloud/bin/setup-nextcloud @@ -8,6 +8,8 @@ . "$SNAP/utilities/nextcloud-utilities" # shellcheck source=src/redis/utilities/redis-utilities . "$SNAP/utilities/redis-utilities" +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" # Make sure nextcloud directory exists mkdir -p "$SNAP_COMMON/nextcloud" @@ -41,15 +43,15 @@ else cp -r "$SNAP/htdocs/config/autoconfig.php" "$NEXTCLOUD_CONFIG_DIR/" # Also make sure we're using Redis for the memcache and file locking. - occ config:system:set redis host --value="$REDIS_SOCKET" --type=string - occ config:system:set redis port --value=0 --type=integer - occ config:system:set memcache.locking --value="\OC\Memcache\Redis" --type=string - occ config:system:set memcache.local --value="\OC\Memcache\Redis" --type=string + occ -n config:system:set redis host --value="$REDIS_SOCKET" --type=string + occ -n config:system:set redis port --value=0 --type=integer + occ -n config:system:set memcache.locking --value="\OC\Memcache\Redis" --type=string + occ -n config:system:set memcache.local --value="\OC\Memcache\Redis" --type=string # It's possible for the updatenotification app to be installed (see # https://github.com/nextcloud/nextcloud-snap/issues/838), and it'll # interfere with the upgrade to v14. Disable it now. - occ app:disable updatenotification + occ -n app:disable updatenotification fi # Finally, make sure nextcloud is up to date. The return code of the upgrade @@ -61,7 +63,7 @@ fi # invalid arguments = 4; # other failure = 5; echo "Making sure nextcloud is fully upgraded..." -occ upgrade --no-interaction +occ -n upgrade return_code=$? if [ $return_code -eq 1 ]; then echo "Nextcloud is not yet installed-- no upgrade necessary" @@ -70,7 +72,7 @@ elif [ $return_code -eq 3 ]; then elif [ $return_code -ne 0 ]; then echo "Unable to upgrade Nextcloud. Will try again." # occ may have left it in maintenance mode, so turn that off - occ maintenance:mode --off + disable_maintenance_mode sleep 10 # Delaying here so systemd doesn't throttle us exit 1 fi diff --git a/src/nextcloud/utilities/nextcloud-utilities b/src/nextcloud/utilities/nextcloud-utilities index 679efc5..70c6d38 100644 --- a/src/nextcloud/utilities/nextcloud-utilities +++ b/src/nextcloud/utilities/nextcloud-utilities @@ -21,7 +21,7 @@ wait_for_nextcloud_to_be_configured() nextcloud_is_installed() { # Urgh, occ still prints text warnings even with JSON output. Thus fromjson?. - installed="$(occ status --output=json | jq -R 'fromjson? | .installed')" + installed="$(occ -n status --output=json | jq -R 'fromjson? | .installed')" [ "$installed" = "true" ] } diff --git a/tests/Gemfile b/tests/Gemfile index 9b80303..ac4ad38 100644 --- a/tests/Gemfile +++ b/tests/Gemfile @@ -3,11 +3,8 @@ source 'https://rubygems.org' # Test driver gem 'capybara' -# Webdriver -gem 'capybara-webkit' - -# Create xvfb from ruby -gem 'headless' +# Webdriver for chrome headless +gem 'selenium-webdriver' # Use nice acceptance tests DSL gem 'rspec' diff --git a/tests/Gemfile.lock b/tests/Gemfile.lock index 1171356..5508589 100644 --- a/tests/Gemfile.lock +++ b/tests/Gemfile.lock @@ -1,9 +1,9 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.5.2) + addressable (2.6.0) public_suffix (>= 2.0.2, < 4.0) - capybara (3.11.0) + capybara (3.18.0) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) @@ -11,35 +11,36 @@ GEM rack-test (>= 0.6.3) regexp_parser (~> 1.2) xpath (~> 3.2) - capybara-webkit (1.15.1) - capybara (>= 2.3, < 4.0) - json + childprocess (1.0.1) + rake (< 13.0) diff-lcs (1.3) - headless (2.3.1) - json (2.1.0) mini_mime (1.0.1) - mini_portile2 (2.3.0) - nokogiri (1.8.5) - mini_portile2 (~> 2.3.0) + mini_portile2 (2.4.0) + nokogiri (1.10.3) + mini_portile2 (~> 2.4.0) public_suffix (3.0.3) - rack (2.0.6) + rack (2.0.7) rack-test (1.1.0) rack (>= 1.0, < 3) - rake (12.3.1) - regexp_parser (1.3.0) + rake (12.3.2) + regexp_parser (1.4.0) rspec (3.8.0) rspec-core (~> 3.8.0) rspec-expectations (~> 3.8.0) rspec-mocks (~> 3.8.0) rspec-core (3.8.0) rspec-support (~> 3.8.0) - rspec-expectations (3.8.2) + rspec-expectations (3.8.3) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.8.0) rspec-mocks (3.8.0) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.8.0) rspec-support (3.8.0) + rubyzip (1.2.2) + selenium-webdriver (3.142.0) + childprocess (>= 0.5, < 2.0) + rubyzip (~> 1.2, >= 1.2.2) xpath (3.2.0) nokogiri (~> 1.8) @@ -48,10 +49,9 @@ PLATFORMS DEPENDENCIES capybara - capybara-webkit - headless rake rspec + selenium-webdriver BUNDLED WITH - 1.16.4 + 2.0.1 diff --git a/tests/spec/change_mode_spec.rb b/tests/spec/change_mode_spec.rb index c2bb9de..39d2c83 100644 --- a/tests/spec/change_mode_spec.rb +++ b/tests/spec/change_mode_spec.rb @@ -1,72 +1,75 @@ require 'net/http' feature "Change operating mode" do + after(:all) do + set_config mode: "production" + wait_for_nextcloud + end + scenario "production" do - `sudo snap set nextcloud mode=production` - expect($?.to_i).to eq 0 + set_config mode: "production" wait_for_nextcloud assert_apache_prod_tokens - assert_apache_no_signature - assert_php_no_signature - end + assert_apache_no_signature + assert_php_no_signature + end - scenario "debug" do - `sudo snap set nextcloud mode=debug` - expect($?.to_i).to eq 0 + scenario "debug" do + set_config mode: "debug" wait_for_nextcloud assert_apache_full_tokens - assert_apache_signature - assert_php_signature - end + assert_apache_signature + assert_php_signature + end - scenario "invalid" do - # This will print to stderr. Redirect so we can capture it easily. + scenario "invalid" do + # This will print to stderr. Redirect so we can capture it easily. output=`sudo snap set nextcloud mode=invalid 2>&1` expect($?.to_i).to_not eq 0 expect(output).to include "mode must be either 'debug' or 'production'" end - protected + protected - def assert_apache_prod_tokens - # Verify that Apache clamps down on the server string and stops sending - # version and OS information. - expect(nextcloud_response["server"]).to eq "Apache" - end + def assert_apache_prod_tokens + # Verify that Apache clamps down on the server string and stops sending + # version and OS information. + expect(nextcloud_response["server"]).to eq "Apache" + end - def assert_apache_full_tokens - # Verify that Apache opens up the server string and sends version and - # OS information. - expect(nextcloud_response["server"]).to match /Apache\/2\.4\.\d+ \(Unix\)/ - end + def assert_apache_full_tokens + # Verify that Apache opens up the server string and sends version and + # OS information. + expect(nextcloud_response["server"]).to match /Apache\/2\.4\.\d+ \(Unix\)/ + end - def assert_apache_no_signature - # Verify that no signature is shown on e.g. 404 pages - response = nextcloud_response(url: "http://localhost/give-me-a-404") - expect(response.body.downcase).to_not include "apache" - end + def assert_apache_no_signature + # Verify that no signature is shown on e.g. 404 pages + response = nextcloud_response(url: "http://localhost/give-me-a-404") + expect(response.body.downcase).to_not include "apache" + end - def assert_apache_signature - # Verify that a signature is shown on e.g. 404 pages - response = nextcloud_response(url: "http://localhost/give-me-a-404") - expect(response.body.downcase).to include "apache" - end + def assert_apache_signature + # Verify that a signature is shown on e.g. 404 pages + response = nextcloud_response(url: "http://localhost/give-me-a-404") + expect(response.body.downcase).to include "apache" + end - def assert_php_no_signature - # Verify that PHP doesn't add an X-Powered-By header - expect(nextcloud_response.to_hash).to_not include "x-powered-by" - end + def assert_php_no_signature + # Verify that PHP doesn't add an X-Powered-By header + expect(nextcloud_response.to_hash).to_not include "x-powered-by" + end - def assert_php_signature - # Verify that PHP adds an X-Powered-By header - response = nextcloud_response - expect(response.to_hash).to include "x-powered-by" - expect(response["x-powered-by"]).to match /PHP\/7\.2\.\d+/ - end + def assert_php_signature + # Verify that PHP adds an X-Powered-By header + response = nextcloud_response + expect(response.to_hash).to include "x-powered-by" + expect(response["x-powered-by"]).to match /PHP\/7\.2\.\d+/ + end - def nextcloud_response(url: "http://localhost") - return Net::HTTP.get_response(URI(url)) + def nextcloud_response(url: "http://localhost") + return Net::HTTP.get_response(URI(url)) end end diff --git a/tests/spec/change_php_memory_limit_spec.rb b/tests/spec/change_php_memory_limit_spec.rb index 1279f69..941ae20 100644 --- a/tests/spec/change_php_memory_limit_spec.rb +++ b/tests/spec/change_php_memory_limit_spec.rb @@ -1,29 +1,30 @@ feature "Change PHP memory limit" do + after(:all) do + set_config "php.memory-limit": "512M" + wait_for_nextcloud + end + scenario "unlimited" do - `sudo snap set nextcloud php.memory-limit=-1` - expect($?.to_i).to eq 0 + set_config "php.memory-limit": -1 wait_for_nextcloud assert_login # Also assert that we can change it back to the default - `sudo snap set nextcloud php.memory-limit=128M` - expect($?.to_i).to eq 0 + set_config "php.memory-limit": "512M" wait_for_nextcloud assert_logged_in end scenario "bytes" do - `sudo snap set nextcloud php.memory-limit=536870912` - expect($?.to_i).to eq 0 + set_config "php.memory-limit": 536870912 wait_for_nextcloud assert_login # Also assert that we can change it back to the default - `sudo snap set nextcloud php.memory-limit=128M` - expect($?.to_i).to eq 0 + set_config "php.memory-limit": "512M" wait_for_nextcloud assert_logged_in @@ -45,11 +46,11 @@ def assert_login fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "Documents" + expect(page).to have_content "All files" end def assert_logged_in visit "/" - expect(page).to have_content "Documents" + expect(page).to have_content "All files" end end diff --git a/tests/spec/change_port_spec.rb b/tests/spec/change_port_spec.rb index 0d954fe..2939c79 100644 --- a/tests/spec/change_port_spec.rb +++ b/tests/spec/change_port_spec.rb @@ -1,79 +1,90 @@ feature "Change ports" do - scenario "http" do - `sudo snap set nextcloud ports.http=81` - expect($?.to_i).to eq 0 - wait_for_nextcloud(port: 81) - Capybara.app_host = 'http://localhost:81' - - assert_login - assert_uri(https: false, port: 81) + feature "http" do + after(:all) do + set_config "ports.http": 80, "ports.https": 443 + wait_for_nextcloud + end - # Also assert that we can change it back to the default - `sudo snap set nextcloud ports.http=80` - expect($?.to_i).to eq 0 - wait_for_nextcloud - Capybara.app_host = 'http://localhost' + scenario "http" do + set_config "ports.http": 81 + expect($?.to_i).to eq 0 + wait_for_nextcloud(port: 81) + Capybara.app_host = 'http://localhost:81' - assert_logged_in - assert_uri(https: false, port: 80) - end + visit "/" + assert_uri(https: false, port: 81) - scenario "https" do - enable_https + # Also assert that we can change it back to the default + set_config "ports.http": 80 + expect($?.to_i).to eq 0 + wait_for_nextcloud + Capybara.app_host = 'http://localhost' - `sudo snap set nextcloud ports.https=444` - expect($?.to_i).to eq 0 - wait_for_nextcloud(https: true, port: 444) - Capybara.app_host = 'https://localhost:444' + visit "/" + assert_uri(https: false, port: 80) + end + end - assert_login - assert_uri(https: true, port: 444) + feature "https" do + before(:all) do + enable_https + end - # Also assert that we can change it back to the default - `sudo snap set nextcloud ports.https=443` - expect($?.to_i).to eq 0 - wait_for_nextcloud(https: true) - Capybara.app_host = 'https://localhost' + after(:all) do + set_config "ports.http": 80, "ports.https": 443 + wait_for_nextcloud + disable_https + end - assert_logged_in - assert_uri(https: true, port: 443) - end + scenario "https" do + set_config "ports.https": 444 + expect($?.to_i).to eq 0 + wait_for_nextcloud(https: true, port: 444) + Capybara.app_host = 'https://localhost:444' + visit "/" + assert_uri(https: true, port: 444) - scenario "http still redirects to unchanged https" do - enable_https + # Also assert that we can change it back to the default + set_config "ports.https": 443 + expect($?.to_i).to eq 0 + wait_for_nextcloud(https: true) + Capybara.app_host = 'https://localhost' - `sudo snap set nextcloud ports.http=81` - expect($?.to_i).to eq 0 - wait_for_nextcloud(port: 81) - Capybara.app_host = 'http://localhost:81' + visit "/" + assert_uri(https: true, port: 443) + end - assert_login - assert_uri(https: true, port: 443) - end + scenario "http still redirects to unchanged https" do + set_config "ports.http": 81 + expect($?.to_i).to eq 0 + wait_for_nextcloud(port: 81) + Capybara.app_host = 'http://localhost:81' - scenario "http redirects to changed https" do - enable_https + visit "/" + assert_uri(https: true, port: 443) + end - `sudo snap set nextcloud ports.http=81 ports.https=444` - expect($?.to_i).to eq 0 - wait_for_nextcloud(port: 81) - Capybara.app_host = 'http://localhost:81' - assert_login - assert_uri(https: true, port: 444) - end + scenario "http redirects to changed https" do + set_config "ports.http": 81, "ports.https": 444 + expect($?.to_i).to eq 0 + wait_for_nextcloud(port: 81) + Capybara.app_host = 'http://localhost:81' - scenario "Let's Encrypt challenge request" do - enable_https + visit "/" + assert_uri(https: true, port: 444) + end - # Assert we do not redirect under the four possibilities for - # changing or not changing ports - assert_lets_encrypt_challenge(http_port: 80, https_port: 443) - assert_lets_encrypt_challenge(http_port: 80, https_port: 444) - assert_lets_encrypt_challenge(http_port: 81, https_port: 443) - assert_lets_encrypt_challenge(http_port: 81, https_port: 444) + scenario "Let's Encrypt challenge request" do + # Assert we do not redirect under the four possibilities for + # changing or not changing ports + assert_lets_encrypt_challenge(http_port: 80, https_port: 443) + assert_lets_encrypt_challenge(http_port: 80, https_port: 444) + assert_lets_encrypt_challenge(http_port: 81, https_port: 443) + assert_lets_encrypt_challenge(http_port: 81, https_port: 444) + end end protected @@ -90,21 +101,8 @@ def assert_uri(https:, port:) expect(uri.port).to eq port end - def assert_login - visit "/" - fill_in "User", with: "admin" - fill_in "Password", with: "admin" - click_button "Log in" - expect(page).to have_content "Documents" - end - - def assert_logged_in - visit "/" - expect(page).to have_content "Documents" - end - def assert_lets_encrypt_challenge(http_port:, https_port:) - `sudo snap set nextcloud ports.http=#{http_port} ports.https=#{https_port}` + set_config "ports.http": http_port, "ports.https": https_port expect($?.to_i).to eq 0 wait_for_nextcloud(https: false, port: http_port) Capybara.app_host = "http://localhost:#{http_port}" diff --git a/tests/spec/enable_https_spec.rb b/tests/spec/enable_https_spec.rb index 3e3ca4b..fb20f34 100644 --- a/tests/spec/enable_https_spec.rb +++ b/tests/spec/enable_https_spec.rb @@ -1,4 +1,8 @@ feature "Enabling HTTPS" do + after(:all) do + disable_https + end + scenario "self-signed" do enable_https @@ -6,6 +10,6 @@ fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "Documents" + expect(page).to have_content "All files" end end diff --git a/tests/spec/import_export_spec.rb b/tests/spec/import_export_spec.rb index d339e16..2a0f3c3 100644 --- a/tests/spec/import_export_spec.rb +++ b/tests/spec/import_export_spec.rb @@ -27,6 +27,7 @@ `sudo mkdir -p "$(dirname "#{backup}")"` `sudo mv "#{moved_backup}" "#{backup}"` `sudo nextcloud.import "#{backup}"` + wait_for_nextcloud assert_loginable end @@ -37,6 +38,6 @@ def assert_loginable fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "Documents" + expect(page).to have_content "All files" end end diff --git a/tests/spec/login_spec.rb b/tests/spec/login_spec.rb index 59caaef..4ef572f 100644 --- a/tests/spec/login_spec.rb +++ b/tests/spec/login_spec.rb @@ -4,14 +4,14 @@ fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "Documents" + expect(page).to have_content "All files" end - scenario "Loggin in with incorrect credentials" do + scenario "Logging in with incorrect credentials" do visit "/" fill_in "User", with: "wronguser" fill_in "Password", with: "wrongpassword" click_button "Log in" - expect(page).to have_content "Wrong password" + expect(page).to have_content /Wrong.*password/ end end diff --git a/tests/spec/spec_helper.rb b/tests/spec/spec_helper.rb index 37b376a..09e4caf 100644 --- a/tests/spec/spec_helper.rb +++ b/tests/spec/spec_helper.rb @@ -5,30 +5,21 @@ require 'capybara' require 'capybara/dsl' require 'capybara/rspec' -require 'capybara-webkit' -require 'headless' +require 'selenium-webdriver' + +Capybara.register_driver :chrome do |app| + options = Selenium::WebDriver::Chrome::Options.new( + args: %w[headless disable-gpu no-sandbox] + ) + Capybara::Selenium::Driver.new(app, browser: :chrome, options: options) +end Capybara.configure do | config | - # Set javascript driver to webkit (selenium is the default) - config.default_driver = :webkit + config.default_driver = :chrome config.app_host = 'http://localhost' config.run_server = false end -Capybara::Webkit.configure do |config| - # Enable debug mode. Prints a log of everything the driver is doing. - #config.debug = true - - # Don't raise errors when SSL certificates can't be validated - config.ignore_ssl_errors - - # Raise JavaScript errors as exceptions - config.raise_javascript_errors = true - - # Allow pages to make requests to any URL without issuing a warning. - config.allow_unknown_urls -end - # This file was generated by the `rspec --init` command. Conventionally, all # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`. # The generated `.rspec` file contains `--require spec_helper` which will cause @@ -131,37 +122,20 @@ config.include Capybara::DSL, :type => :feature - config.add_setting :headless - config.before(:suite) do - RSpec.configuration.headless = Headless.new - RSpec.configuration.headless.start - end - - config.after(:suite) do - RSpec.configuration.headless.destroy + # Ensure the first run wizard is disabled, just in case + `sudo nextcloud.occ app:disable firstrunwizard` end config.after(:each) do - # After each test, make sure the ports are reset - `sudo snap set nextcloud ports.http=80 ports.https=443` - expect($?.to_i).to eq 0 - - # After each test, make sure the PHP memory limit is reset - `sudo snap set nextcloud php.memory-limit=128M` - expect($?.to_i).to eq 0 + # Chrome has an aggresive cache (including redirects). The easiest way to get + # around it is to close it after each test + Capybara.current_session.driver.quit # After each test, make sure maintenance mode is reset `sudo nextcloud.occ maintenance:mode --off 2>&1` expect($?.to_i).to eq 0 - # After each test, make sure the snap operating mode is reset - `sudo snap set nextcloud mode=production` - expect($?.to_i).to eq 0 - - # Also make sure HTTPS is disabled - disable_https - # Make sure any and all backups are removed `sudo rm -rf /var/snap/nextcloud/common/backups` @@ -216,4 +190,16 @@ def wait_for_nextcloud(https: false, port: nil) fail "Timed out trying to access Nextcloud: #{uri.to_s}" end end + + def set_config(options) + options_string = "" + options.each do |key, value| + options_string += "#{key}=#{value} " + end + + `sudo snap set nextcloud #{options_string}` + expect($?.to_i).to eq 0 + `snap watch --last=configure-snap` + expect($?.to_i).to eq 0 + end end From bfccbed088036fc1f822706598a2d99a23936920 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 2 May 2019 09:02:21 -0700 Subject: [PATCH 222/416] php: update to 7.2.18 Resolve #982 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index e7c99cd..1e94702 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.2.17.tar.bz2/from/this/mirror - source-checksum: sha256/91a811ab6f6d7acb312159cf6b0a3cffe968676fdebf042e9253245cc6094f75 + source: https://php.net/get/php-7.2.18.tar.bz2/from/this/mirror + source-checksum: sha256/fa1a27b12d1173207e81e798a48d4a7f77ba897f5c5200ac0b5d62aa8b4c4b72 source-type: tar install-via: prefix configflags: From 2cdfea167dee52e5d196d3794b8a1a6619e182bb Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 2 May 2019 10:14:53 -0700 Subject: [PATCH 223/416] CHANGELOG: update for 15.0.7snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index f93db29..8e25bf6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,12 @@ +v 15.0.7snap2 + - php: update to 7.2.18 + - tests: move from webkit to chrome + - mysql: update to 5.7.26 + - certbot: update to 0.33.1 + - README: add config file path to tool section + - README: add file paths to "where is my stuff" + - ci: disable v13 dailies + v 15.0.7snap1 - nextcloud: update to 15.0.7 - php: update to 7.2.17 From a8354e148b22eb921bbab36c6357936723fe81e7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 15 May 2019 14:28:09 +0200 Subject: [PATCH 224/416] ci: enable daily v16 Resolve #998 Signed-off-by: Kyle Fazzari --- .travis/cron.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.travis/cron.sh b/.travis/cron.sh index 22c83f6..14c9ea7 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -3,6 +3,7 @@ latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" latest_stable14_url="https://download.nextcloud.com/server/daily/latest-stable14.tar.bz2" latest_stable15_url="https://download.nextcloud.com/server/daily/latest-stable15.tar.bz2" +latest_stable16_url="https://download.nextcloud.com/server/daily/latest-stable16.tar.bz2" rewrite_snapcraft_yaml() { @@ -45,3 +46,8 @@ echo "Requesting build of latest 15..." request_build \ "latest-15" "$latest_stable15_url" "15-$today" \ "From CI: Use Nextcloud latest 15" + +echo "Requesting build of latest 16..." +request_build \ + "latest-16" "$latest_stable16_url" "16-$today" \ + "From CI: Use Nextcloud latest 16" From 25492dd814c7ac023a34765383ea03be08cd3c65 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 16 May 2019 13:45:16 +0200 Subject: [PATCH 225/416] nextcloud: update to 15.0.8 Resolve #1003 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 1e94702..6dfe98e 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-15.0.7.tar.bz2 - source-checksum: sha256/3e6158951fa72010ccd50dbeac05d8df162183f7bbc62a1c6c89ed7081fa9d49 + source: https://download.nextcloud.com/server/releases/nextcloud-15.0.8.tar.bz2 + source-checksum: sha256/b782599fa39919ecd96d93cfb6374f4d42cd6de22a9a2d12ec11ed38a2e5f2f0 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From ca75cbdf9b176cf06db61b1b2044f4a6f9fef192 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 18 May 2019 17:26:20 -0700 Subject: [PATCH 226/416] certbot: patch out untested chown calls This bug was introduced in the new certbot upgraded in 7973f9be94e3aa72b4f5d7fed15ab327f462ee73. Fix #1001 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 19 +-- src/https/bin/enable-https | 4 +- .../certbot_nextcloud_plugin/__init__.py | 0 src/https/certbot_nextcloud_plugin/webroot.py | 141 ------------------ src/https/setup.py | 16 -- ...certbot-remove-default-config-files.patch} | 0 .../certbot-remove-storage-chown.patch | 11 ++ ...mpile-time-disabling-of-setpriority.patch} | 0 8 files changed, 21 insertions(+), 170 deletions(-) delete mode 100644 src/https/certbot_nextcloud_plugin/__init__.py delete mode 100644 src/https/certbot_nextcloud_plugin/webroot.py delete mode 100644 src/https/setup.py rename src/{https/patches/remove_default_config_files.patch => patches/certbot-remove-default-config-files.patch} (100%) create mode 100644 src/patches/certbot-remove-storage-chown.patch rename src/patches/{support-compile-time-disabling-of-setpriority.patch => mysql-support-compile-time-disabling-of-setpriority.patch} (100%) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 6dfe98e..15091b4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -276,7 +276,7 @@ parts: source-depth: 1 override-pull: | snapcraftctl pull - git apply $SNAPCRAFT_STAGE/support-compile-time-disabling-of-setpriority.patch + git apply $SNAPCRAFT_STAGE/mysql-support-compile-time-disabling-of-setpriority.patch after: [boost, patches] configflags: - -DWITH_BOOST=$SNAPCRAFT_STAGE @@ -350,26 +350,23 @@ parts: plugin: dump source: src/delay-on-failure/ - certbot-nextcloud-plugin: + certbot: plugin: python python-version: python2 source: src/https/ requirements: requirements.txt build-packages: [libffi-dev] - - fix-certbot: - plugin: nil - source: src/https/patches - after: [certbot-nextcloud-plugin] - override-pull: | - snapcraftctl pull - patch -p1 -d $SNAPCRAFT_STAGE/lib/python2.7/site-packages/certbot < remove_default_config_files.patch + after: [patches] + override-build: | + snapcraftctl build + patch -p1 -d $SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages/certbot < $SNAPCRAFT_STAGE/certbot-remove-default-config-files.patch + patch -p1 -d $SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages/certbot < $SNAPCRAFT_STAGE/certbot-remove-storage-chown.patch setup-https: plugin: dump source: src/https/ stage-packages: [openssl] - stage: [-etc/ssl, -patches] + stage: [-etc/ssl, -requirements.txt] import-export: plugin: dump diff --git a/src/https/bin/enable-https b/src/https/bin/enable-https index a9f57b4..dd923ba 100755 --- a/src/https/bin/enable-https +++ b/src/https/bin/enable-https @@ -112,8 +112,8 @@ handle_lets_encrypt() # to be separated by whitespace): disable the check # shellcheck disable=SC2086 if ! output="$(run_certbot certonly $extra_params \ - --authenticator nextcloud:webroot \ - --nextcloud:webroot-path "$CERTBOT_DIRECTORY" \ + --authenticator webroot \ + --webroot-path "$CERTBOT_DIRECTORY" \ --rsa-key-size 4096 \ --email "$email" \ --non-interactive \ diff --git a/src/https/certbot_nextcloud_plugin/__init__.py b/src/https/certbot_nextcloud_plugin/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/src/https/certbot_nextcloud_plugin/webroot.py b/src/https/certbot_nextcloud_plugin/webroot.py deleted file mode 100644 index 97a41d0..0000000 --- a/src/https/certbot_nextcloud_plugin/webroot.py +++ /dev/null @@ -1,141 +0,0 @@ -"""Nextcloud Webroot plugin.""" -import argparse -import collections -import errno -import json -import logging -import os - -import six -import zope.component -import zope.interface - -from acme import challenges - -from certbot import cli -from certbot import errors -from certbot import interfaces -from certbot.display import util as display_util -from certbot.plugins import common - - -logger = logging.getLogger(__name__) - - -@zope.interface.implementer(interfaces.IAuthenticator) -@zope.interface.provider(interfaces.IPluginFactory) -class Authenticator(common.Plugin): - """Nextcloud Webroot Authenticator.""" - - description = "Place files in webroot directory without running chown" - - MORE_INFO = """\ -Authenticator plugin that performs http-01 challenge by saving -necessary validation resources to appropriate paths on the file -system. It expects that there is some other HTTP server configured -to serve all files under specified web root ({0}).""" - - def more_info(self): # pylint: disable=missing-docstring,no-self-use - return self.MORE_INFO.format(self.conf("path")) - - @classmethod - def add_parser_arguments(cls, add): - add("path", type=str, default='', help="public_html / webroot path") - add("map", default={}, help="Not used. Left for backward compatibility.") - - def get_chall_pref(self, domain): # pragma: no cover - # pylint: disable=missing-docstring,no-self-use,unused-argument - return [challenges.HTTP01] - - def __init__(self, *args, **kwargs): - super(Authenticator, self).__init__(*args, **kwargs) - self.full_roots = {} - self.performed = collections.defaultdict(set) - - def prepare(self): # pylint: disable=missing-docstring - pass - - def perform(self, achalls): # pylint: disable=missing-docstring - webroot_path = self.conf("path") - if not webroot_path: - raise errors.PluginError("Missing path") - - # The previous version had this as an array, but it gets loaded as - # a string. Just strip off the braces and quotes. - setattr(self.config, self.dest("path"), webroot_path.strip("[]'")) - logger.info("Using the webroot path %s for all domains.", - self.conf("path")) - - self._create_challenge_dirs(achalls) - - return [self._perform_single(achall) for achall in achalls] - - def _create_challenge_dirs(self, achalls): - for achall in achalls: - self.full_roots[achall.domain] = os.path.join( - self.conf("path"), challenges.HTTP01.URI_ROOT_PATH) - - logger.debug("Creating root challenges validation dir at %s", - self.conf("path")) - - # Change the permissions to be writable (GH #1389) - # Umask is used instead of chmod to ensure the client can also - # run as non-root (GH #1795) - old_umask = os.umask(0o022) - - try: - # This is coupled with the "umask" call above because - # os.makedirs's "mode" parameter may not always work: - # https://stackoverflow.com/questions/5231901/permission-problems-when-creating-a-dir-with-os-makedirs-python - os.makedirs(self.full_roots[achall.domain], 0o0755) - - except OSError as exception: - if exception.errno != errno.EEXIST: - raise errors.PluginError( - "Couldn't create root for {0} http-01 " - "challenge responses: {1}", achall.domain, exception) - finally: - os.umask(old_umask) - - def _get_validation_path(self, root_path, achall): - return os.path.join(root_path, achall.chall.encode("token")) - - def _perform_single(self, achall): - response, validation = achall.response_and_validation() - - root_path = self.full_roots[achall.domain] - validation_path = self._get_validation_path(root_path, achall) - logger.debug("Attempting to save validation to %s", validation_path) - - # Change permissions to be world-readable, owner-writable (GH #1795) - old_umask = os.umask(0o022) - - try: - with open(validation_path, "wb") as validation_file: - validation_file.write(validation.encode()) - finally: - os.umask(old_umask) - - self.performed[root_path].add(achall) - - return response - - def cleanup(self, achalls): # pylint: disable=missing-docstring - for achall in achalls: - root_path = self.full_roots.get(achall.domain, None) - if root_path is not None: - validation_path = self._get_validation_path(root_path, achall) - logger.debug("Removing %s", validation_path) - os.remove(validation_path) - self.performed[root_path].remove(achall) - - for root_path, achalls in six.iteritems(self.performed): - if not achalls: - try: - os.rmdir(root_path) - logger.debug("All challenges cleaned up, removing %s", - root_path) - except OSError as exc: - logger.info( - "Unable to clean up challenge directory %s", root_path) - logger.debug("Error was: %s", exc) diff --git a/src/https/setup.py b/src/https/setup.py deleted file mode 100644 index 55603d6..0000000 --- a/src/https/setup.py +++ /dev/null @@ -1,16 +0,0 @@ -from setuptools import setup, find_packages - - -setup( - name='nextcloud', - packages=find_packages(), - install_requires=[ - 'certbot', - 'zope.interface', - ], - entry_points={ - 'certbot.plugins': [ - 'webroot = certbot_nextcloud_plugin.webroot:Authenticator', - ], - }, -) diff --git a/src/https/patches/remove_default_config_files.patch b/src/patches/certbot-remove-default-config-files.patch similarity index 100% rename from src/https/patches/remove_default_config_files.patch rename to src/patches/certbot-remove-default-config-files.patch diff --git a/src/patches/certbot-remove-storage-chown.patch b/src/patches/certbot-remove-storage-chown.patch new file mode 100644 index 0000000..a813801 --- /dev/null +++ b/src/patches/certbot-remove-storage-chown.patch @@ -0,0 +1,11 @@ +--- a/storage.py 2019-05-18 10:01:00.196684342 +0000 ++++ b/storage.py 2019-05-18 10:01:04.352539257 +0000 +@@ -1108,8 +1108,7 @@ + (stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP | \ + stat.S_IROTH) + mode = BASE_PRIVKEY_MODE | old_mode +- os.chown(target["privkey"], -1, os.stat(old_privkey).st_gid) + os.chmod(target["privkey"], mode) + + # Save everything else + with open(target["cert"], "wb") as f: diff --git a/src/patches/support-compile-time-disabling-of-setpriority.patch b/src/patches/mysql-support-compile-time-disabling-of-setpriority.patch similarity index 100% rename from src/patches/support-compile-time-disabling-of-setpriority.patch rename to src/patches/mysql-support-compile-time-disabling-of-setpriority.patch From 4a142b25b7bfb6a2e0ac8c0b56339f0589fa27d7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 19 May 2019 13:24:17 -0700 Subject: [PATCH 227/416] CHANGELOG: update for 15.0.8snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 8e25bf6..230b924 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 15.0.8snap1 + - certbot: patch out untested chown calls + - nextcloud: update to 15.0.8 + - ci: enable daily v16 + v 15.0.7snap2 - php: update to 7.2.18 - tests: move from webkit to chrome diff --git a/README.md b/README.md index a333cd5..f0b8fb3 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 15.0.7 +- Nextcloud 15.0.8 - Apache 2.4 - PHP 7.2 - MySQL 5.7 From 4fce55795606a7312542179c5332a75e21bc4feb Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 19 May 2019 18:44:58 -0700 Subject: [PATCH 228/416] certbot: re-introduce custom webroot plugin This is for backward compatibility for older clients still using it for renewal. Certbot's built-in webroot plugin is used for new certificates. Fix #1012 Signed-off-by: Kyle Fazzari --- .../certbot_nextcloud_plugin/__init__.py | 0 src/https/certbot_nextcloud_plugin/webroot.py | 141 ++++++++++++++++++ src/https/setup.py | 16 ++ 3 files changed, 157 insertions(+) create mode 100644 src/https/certbot_nextcloud_plugin/__init__.py create mode 100644 src/https/certbot_nextcloud_plugin/webroot.py create mode 100644 src/https/setup.py diff --git a/src/https/certbot_nextcloud_plugin/__init__.py b/src/https/certbot_nextcloud_plugin/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/https/certbot_nextcloud_plugin/webroot.py b/src/https/certbot_nextcloud_plugin/webroot.py new file mode 100644 index 0000000..97a41d0 --- /dev/null +++ b/src/https/certbot_nextcloud_plugin/webroot.py @@ -0,0 +1,141 @@ +"""Nextcloud Webroot plugin.""" +import argparse +import collections +import errno +import json +import logging +import os + +import six +import zope.component +import zope.interface + +from acme import challenges + +from certbot import cli +from certbot import errors +from certbot import interfaces +from certbot.display import util as display_util +from certbot.plugins import common + + +logger = logging.getLogger(__name__) + + +@zope.interface.implementer(interfaces.IAuthenticator) +@zope.interface.provider(interfaces.IPluginFactory) +class Authenticator(common.Plugin): + """Nextcloud Webroot Authenticator.""" + + description = "Place files in webroot directory without running chown" + + MORE_INFO = """\ +Authenticator plugin that performs http-01 challenge by saving +necessary validation resources to appropriate paths on the file +system. It expects that there is some other HTTP server configured +to serve all files under specified web root ({0}).""" + + def more_info(self): # pylint: disable=missing-docstring,no-self-use + return self.MORE_INFO.format(self.conf("path")) + + @classmethod + def add_parser_arguments(cls, add): + add("path", type=str, default='', help="public_html / webroot path") + add("map", default={}, help="Not used. Left for backward compatibility.") + + def get_chall_pref(self, domain): # pragma: no cover + # pylint: disable=missing-docstring,no-self-use,unused-argument + return [challenges.HTTP01] + + def __init__(self, *args, **kwargs): + super(Authenticator, self).__init__(*args, **kwargs) + self.full_roots = {} + self.performed = collections.defaultdict(set) + + def prepare(self): # pylint: disable=missing-docstring + pass + + def perform(self, achalls): # pylint: disable=missing-docstring + webroot_path = self.conf("path") + if not webroot_path: + raise errors.PluginError("Missing path") + + # The previous version had this as an array, but it gets loaded as + # a string. Just strip off the braces and quotes. + setattr(self.config, self.dest("path"), webroot_path.strip("[]'")) + logger.info("Using the webroot path %s for all domains.", + self.conf("path")) + + self._create_challenge_dirs(achalls) + + return [self._perform_single(achall) for achall in achalls] + + def _create_challenge_dirs(self, achalls): + for achall in achalls: + self.full_roots[achall.domain] = os.path.join( + self.conf("path"), challenges.HTTP01.URI_ROOT_PATH) + + logger.debug("Creating root challenges validation dir at %s", + self.conf("path")) + + # Change the permissions to be writable (GH #1389) + # Umask is used instead of chmod to ensure the client can also + # run as non-root (GH #1795) + old_umask = os.umask(0o022) + + try: + # This is coupled with the "umask" call above because + # os.makedirs's "mode" parameter may not always work: + # https://stackoverflow.com/questions/5231901/permission-problems-when-creating-a-dir-with-os-makedirs-python + os.makedirs(self.full_roots[achall.domain], 0o0755) + + except OSError as exception: + if exception.errno != errno.EEXIST: + raise errors.PluginError( + "Couldn't create root for {0} http-01 " + "challenge responses: {1}", achall.domain, exception) + finally: + os.umask(old_umask) + + def _get_validation_path(self, root_path, achall): + return os.path.join(root_path, achall.chall.encode("token")) + + def _perform_single(self, achall): + response, validation = achall.response_and_validation() + + root_path = self.full_roots[achall.domain] + validation_path = self._get_validation_path(root_path, achall) + logger.debug("Attempting to save validation to %s", validation_path) + + # Change permissions to be world-readable, owner-writable (GH #1795) + old_umask = os.umask(0o022) + + try: + with open(validation_path, "wb") as validation_file: + validation_file.write(validation.encode()) + finally: + os.umask(old_umask) + + self.performed[root_path].add(achall) + + return response + + def cleanup(self, achalls): # pylint: disable=missing-docstring + for achall in achalls: + root_path = self.full_roots.get(achall.domain, None) + if root_path is not None: + validation_path = self._get_validation_path(root_path, achall) + logger.debug("Removing %s", validation_path) + os.remove(validation_path) + self.performed[root_path].remove(achall) + + for root_path, achalls in six.iteritems(self.performed): + if not achalls: + try: + os.rmdir(root_path) + logger.debug("All challenges cleaned up, removing %s", + root_path) + except OSError as exc: + logger.info( + "Unable to clean up challenge directory %s", root_path) + logger.debug("Error was: %s", exc) diff --git a/src/https/setup.py b/src/https/setup.py new file mode 100644 index 0000000..55603d6 --- /dev/null +++ b/src/https/setup.py @@ -0,0 +1,16 @@ +from setuptools import setup, find_packages + + +setup( + name='nextcloud', + packages=find_packages(), + install_requires=[ + 'certbot', + 'zope.interface', + ], + entry_points={ + 'certbot.plugins': [ + 'webroot = certbot_nextcloud_plugin.webroot:Authenticator', + ], + }, +) From 64adbd09d169f5890d7d6ef5f4ecb13f138acd93 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 19 May 2019 20:04:56 -0700 Subject: [PATCH 229/416] CHANGELOG: update for 15.0.8snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 230b924..3e30905 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 15.0.8snap2 + - certbot: re-introduce custom webroot plugin + v 15.0.8snap1 - certbot: patch out untested chown calls - nextcloud: update to 15.0.8 From 8fac7092707ac8d8c15a17701d8c55db4a329a1d Mon Sep 17 00:00:00 2001 From: stondino00 <47676943+stondino00@users.noreply.github.com> Date: Mon, 3 Jun 2019 12:48:17 -0500 Subject: [PATCH 230/416] php: update to 7.2.19 Resolve #1034 Signed-off-by: Z <47676943+stondino00@users.noreply.github.com> Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 15091b4..4a4effb 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.2.18.tar.bz2/from/this/mirror - source-checksum: sha256/fa1a27b12d1173207e81e798a48d4a7f77ba897f5c5200ac0b5d62aa8b4c4b72 + source: https://php.net/get/php-7.2.19.tar.bz2/from/this/mirror + source-checksum: sha256/ebd0b1f375fe07ed4925acc213d2f5ef76a61bd5de174e7b666b98421a90a099 source-type: tar install-via: prefix configflags: From a8aaa802a2482d0f4f2b86054ab6c1b7c6a07b9d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 12 Jun 2019 22:46:19 -0400 Subject: [PATCH 231/416] CHANGELOG: update for 15.0.8snap3 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 3e30905..e7cb401 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 15.0.8snap3 + - php: update to 7.2.19 + v 15.0.8snap2 - certbot: re-introduce custom webroot plugin From 1086a31c64b71258a09fd03e3fb8ce5e4ddfaa34 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 9 Jul 2019 08:04:10 -0700 Subject: [PATCH 232/416] Add issue template Signed-off-by: Kyle Fazzari --- .github/ISSUE_TEMPLATE/bug_report.md | 39 ++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..d6b0e66 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,39 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +#### Describe the bug +A clear and concise description of the bug. + +#### To Reproduce +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +#### Expected behavior +A clear and concise description of what you expected to happen. + +#### Screenshots +If applicable, add screenshots to help explain your problem. + +#### OS/snapd/snap version +What OS and version are you running? Please also include the output of the +following commands: + + $ snap list nextcloud + +and: + + $ snap version + +#### Logs +Please paste in the output from +[this script](https://github.com/nextcloud/nextcloud-snap/wiki/Issue-Debugging-Scripts) +to assist in debugging (note that it's pre-formatted). From 388df2e8d6995f8b0ff8c7d07036efd0aeee81ed Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 9 Jul 2019 07:51:44 -0700 Subject: [PATCH 233/416] nextcloud: update to 15.0.10 Resolve #1059 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 4a4effb..3d72ab7 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-15.0.8.tar.bz2 - source-checksum: sha256/b782599fa39919ecd96d93cfb6374f4d42cd6de22a9a2d12ec11ed38a2e5f2f0 + source: https://download.nextcloud.com/server/releases/nextcloud-15.0.10.tar.bz2 + source-checksum: sha256/494511fcda6e823e8dfb571fcf3b9ddc433148449acb080104f4165d2f2f4d43 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 4f32a4b41f208ea4031d5e383bdd543aee21e8c0 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 10 Jul 2019 07:26:37 -0700 Subject: [PATCH 234/416] CHANGELOG: Update for 15.0.10snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index e7cb401..28443a6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 15.0.10snap1 + - nextcloud: update to 15.0.10 + v 15.0.8snap3 - php: update to 7.2.19 diff --git a/README.md b/README.md index f0b8fb3..868b68e 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 15.0.8 +- Nextcloud 15.0.10 - Apache 2.4 - PHP 7.2 - MySQL 5.7 From a35fc99e03403eb394d6414c2359d711e1330893 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 23 Jul 2019 09:04:05 -0700 Subject: [PATCH 235/416] mysql: update to 5.7.27 Resolve #1068 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3d72ab7..0e24233 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -272,7 +272,7 @@ parts: mysql: plugin: cmake source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.26 + source-tag: mysql-5.7.27 source-depth: 1 override-pull: | snapcraftctl pull From 0195eeb26d5a8fa8b823f95417342d7ad50db280 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 23 Jul 2019 12:16:19 -0700 Subject: [PATCH 236/416] php: update to 7.2.20 Resolve #1072 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 0e24233..f497792 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.2.19.tar.bz2/from/this/mirror - source-checksum: sha256/ebd0b1f375fe07ed4925acc213d2f5ef76a61bd5de174e7b666b98421a90a099 + source: https://php.net/get/php-7.2.20.tar.bz2/from/this/mirror + source-checksum: sha256/9fb829e54e54c483ae8892d1db0f7d79115cc698f2f3591a8a5e58d9410dca84 source-type: tar install-via: prefix configflags: From aef30b3d47faa3f498593c9300635179a3ca03c2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 23 Jul 2019 17:17:11 -0700 Subject: [PATCH 237/416] CHANGELOG: update for 15.0.10snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 28443a6..f860cce 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 15.0.10snap2 + - php: update to 7.2.20 + - mysql: update to 5.7.27 + v 15.0.10snap1 - nextcloud: update to 15.0.10 From 6fd5593c960ffcfcb438a8650d1aaae65d36379d Mon Sep 17 00:00:00 2001 From: Tore Anderson Date: Tue, 30 Jul 2019 18:21:50 +0200 Subject: [PATCH 238/416] mysql: only write root password to root.ini if successfully set Ensure that the generated MySQL root password is only written to `$SNAP_DATA/mysql/root.ini` if the root password was successfully set in the database itself. Signed-off-by: Tore Anderson --- src/mysql/bin/start_mysql | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/mysql/bin/start_mysql b/src/mysql/bin/start_mysql index 9fca60f..560a47e 100755 --- a/src/mysql/bin/start_mysql +++ b/src/mysql/bin/start_mysql @@ -50,15 +50,14 @@ if [ $new_install = true ]; then GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY '$nextcloud_password'; SQL then + # Now the root mysql user has a password. Save that as well. + echo "password=$root_password" >> "$root_option_file" printf "done\n" else echo "Failed to initialize-- reverting..." "$SNAP/support-files/mysql.server" stop rm -rf "$SNAP_DATA"/mysql/* fi - - # Now the root mysql user has a password. Save that as well. - echo "password=$root_password" >> "$root_option_file" else # Okay, this isn't a new installation. However, we recently changed # the location of MySQL's socket (11.0.2snap1). Make sure the root From e6c47ddae2f5726260b652c5e0d1ef1fa874698d Mon Sep 17 00:00:00 2001 From: Tore Anderson Date: Wed, 31 Jul 2019 20:50:48 +0200 Subject: [PATCH 239/416] mysql: explicitly configure error log file name This ensures that the error log will be stored within MySQL's data directory, which can be relied on to always exist. Fixes #1000. Signed-off-by: Tore Anderson --- src/mysql/my.cnf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/mysql/my.cnf b/src/mysql/my.cnf index f3daf8a..4971e69 100644 --- a/src/mysql/my.cnf +++ b/src/mysql/my.cnf @@ -3,3 +3,6 @@ user=root max_allowed_packet=100M secure-file-priv=NULL skip-networking + +[mysqld_safe] +log_error=error.log From d6e4d1be3435038d43dbc1e418c73cf801bddb67 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 5 Aug 2019 13:51:19 -0700 Subject: [PATCH 240/416] Add liberapay Signed-off-by: Kyle Fazzari --- .github/FUNDING.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..656dd76 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +liberapay: kyrofa From 7cd2a39334d546e430e977b37be55a998647244f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 5 Aug 2019 16:12:44 -0700 Subject: [PATCH 241/416] php: update to 7.2.21 Resolve #1081 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f497792..d8953c8 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.2.20.tar.bz2/from/this/mirror - source-checksum: sha256/9fb829e54e54c483ae8892d1db0f7d79115cc698f2f3591a8a5e58d9410dca84 + source: https://php.net/get/php-7.2.21.tar.bz2/from/this/mirror + source-checksum: sha256/343183a1be8336670171885c761d57ffcae99cbbcf1db43da7cb5565056b14ef source-type: tar install-via: prefix configflags: From 17cc7b5078ecca7b4d6d4c1614104310c82f4c1b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 6 Aug 2019 12:03:50 -0700 Subject: [PATCH 242/416] CHANGELOG: update for 15.0.10snap3 Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index f860cce..01d2491 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 15.0.10snap3 + - php: update to 7.2.21 + - mysql: explicitly configure error log file name + - mysql: only write root password to root.ini if successfully set + v 15.0.10snap2 - php: update to 7.2.20 - mysql: update to 5.7.27 From 630c1a42d7ae68f3876eaf65dc8a71ea2d7fbee7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 15 Aug 2019 10:44:34 -0700 Subject: [PATCH 243/416] apache: update to 2.4.41 Resolve #1091 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index d8953c8..5c9a3b4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -107,8 +107,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.39.tar.bz2 - source-checksum: sha256/b4ca9d05773aa59b54d66cd8f4744b945289f084d3be17d7981d1783a5decfa2 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.41.tar.bz2 + source-checksum: sha256/133d48298fe5315ae9366a0ec66282fa4040efa5d566174481077ade7d18ea40 override-pull: | snapcraftctl pull From 3c41ad1501714c3133284ec62a9d65c380abe19b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 16 Aug 2019 08:10:18 -0700 Subject: [PATCH 244/416] nextcloud: update to 15.0.11 Resolve #1095 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 5c9a3b4..be28ff1 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-15.0.10.tar.bz2 - source-checksum: sha256/494511fcda6e823e8dfb571fcf3b9ddc433148449acb080104f4165d2f2f4d43 + source: https://download.nextcloud.com/server/releases/nextcloud-15.0.11.tar.bz2 + source-checksum: sha256/59cdde8e7a4a15606efc246e37adf6401b0b4a60f33289be8725d675b9c2ae26 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From e1bfd3aa988cfb6818b21a7a0fe0414a66369c64 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 16 Aug 2019 08:17:50 -0700 Subject: [PATCH 245/416] Add dependency update issue template Signed-off-by: Kyle Fazzari --- .github/ISSUE_TEMPLATE/dependency_update.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/dependency_update.md diff --git a/.github/ISSUE_TEMPLATE/dependency_update.md b/.github/ISSUE_TEMPLATE/dependency_update.md new file mode 100644 index 0000000..382172a --- /dev/null +++ b/.github/ISSUE_TEMPLATE/dependency_update.md @@ -0,0 +1,14 @@ +--- +name: Dependency update +about: Report an out-of-date dependency +title: '' +labels: '' +assignees: '' + +--- + +#### What dependency/component is out of date? +Make sure to specify the version to which you'd like to update, as well as +provide justification for the update. "X is out of date" tends to not be the +best reason to update. Are there security updates or bugfixes/features you +need? From f3246dd3b38a0421da27f8d5e752a9e3ed6ea75c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 22 Aug 2019 07:28:53 -0700 Subject: [PATCH 246/416] CHANGELOG: update for 15.0.11snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 01d2491..0b9baf5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 15.0.11snap1 + - nextcloud: update to 15.0.11 + - apache: update to 2.4.41 + v 15.0.10snap3 - php: update to 7.2.21 - mysql: explicitly configure error log file name diff --git a/README.md b/README.md index 868b68e..312ffd6 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 15.0.10 +- Nextcloud 15.0.11 - Apache 2.4 - PHP 7.2 - MySQL 5.7 From 259b01a3d3d26a0fbb7659a736152ee160b9d5d7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 4 Sep 2019 10:41:48 -0700 Subject: [PATCH 247/416] php: update to 7.2.22 Resolve #1110 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index be28ff1..8bdb1dd 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.2.21.tar.bz2/from/this/mirror - source-checksum: sha256/343183a1be8336670171885c761d57ffcae99cbbcf1db43da7cb5565056b14ef + source: https://php.net/get/php-7.2.22.tar.bz2/from/this/mirror + source-checksum: sha256/c10a9883b586ada5ef1149f2571625b27efdcc3e70a04fbb9121979633b0f08a source-type: tar install-via: prefix configflags: From b9db4d52e23a9d4ccbc80f16e587d0b3cd8fc584 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 10 Sep 2019 16:30:14 -0700 Subject: [PATCH 248/416] php: enable gmp This is required for SFTP (a core feature) as well as the bookmarks app. Resolve #1112 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 8bdb1dd..d6abbe2 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -198,9 +198,12 @@ parts: - --disable-rpath - --enable-ftp - # Enable ldap. + # Enable ldap - --with-libdir=lib/$SNAPCRAFT_ARCH_TRIPLET - --with-ldap + + # Enable gmp + - --with-gmp stage-packages: # These are only included here until the OS snap stabilizes - libxml2 @@ -214,6 +217,7 @@ parts: - libmcrypt-dev - libldap2-dev - libfreetype6-dev + - libgmp-dev prime: - -sbin/ - -etc/ From 379fd430eed2cc32684ddc8e44aca435e77c0375 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 11 Sep 2019 15:50:44 -0700 Subject: [PATCH 249/416] php plugin: set GMP_DIR for all architectures PHP can't find the libgmp headers on i386 as it uses `gcc -dumpmachine` to find them, which returns i686-linux-gnu instead of i386-linux-gnu. Work around this by explicitly setting the `GMP_DIR` environment variable for all architectures to ensure it can be found. Updates #1112 Signed-off-by: Kyle Fazzari --- snap/plugins/x-php.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/snap/plugins/x-php.py b/snap/plugins/x-php.py index 3292b92..24ec9d3 100644 --- a/snap/plugins/x-php.py +++ b/snap/plugins/x-php.py @@ -129,6 +129,11 @@ def env(self, root): env = super().env(root) if root == self.installdir or root == self.project.stage_dir: + # gmp is installed into i386-linux-gnu on 32-bit, but the PHP gmp + # extension looks in i686-linux-gnu and can't find it. Set it + # explicitly. There should be no downside for doing this on all + # architectures. + env.append('GMP_DIR="{}"'.format(self.project.arch_triplet)) largefile_cflags = self.run_output(['getconf', 'LFS_CFLAGS']) if largefile_cflags: env.append( From 136f01e676a2e06fe83a19183c717dddd4c611ac Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 12 Sep 2019 11:24:51 -0700 Subject: [PATCH 250/416] tests: update ruby version and gems Signed-off-by: Kyle Fazzari --- .circleci/runtests.sh | 4 ++-- tests/.ruby-version | 2 +- tests/Gemfile.lock | 36 ++++++++++++++++++------------------ 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.circleci/runtests.sh b/.circleci/runtests.sh index 8569010..b558a50 100755 --- a/.circleci/runtests.sh +++ b/.circleci/runtests.sh @@ -7,8 +7,8 @@ # Ruby v2.4.0 (the older version that is the default doesn't handle # the redirection that we test) bash --login -c ' - rvm install 2.4.0 - rvm use 2.4.0 + rvm install 2.6.2 + rvm use 2.6.2 cd tests gem update --system gem install bundler diff --git a/tests/.ruby-version b/tests/.ruby-version index 262714f..91a625a 100644 --- a/tests/.ruby-version +++ b/tests/.ruby-version @@ -1 +1 @@ -ruby-2.4.0 +ruby-2.6.2 diff --git a/tests/Gemfile.lock b/tests/Gemfile.lock index 5508589..a68cfbb 100644 --- a/tests/Gemfile.lock +++ b/tests/Gemfile.lock @@ -1,45 +1,45 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.6.0) - public_suffix (>= 2.0.2, < 4.0) - capybara (3.18.0) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) + capybara (3.29.0) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) - regexp_parser (~> 1.2) + regexp_parser (~> 1.5) xpath (~> 3.2) - childprocess (1.0.1) + childprocess (2.0.0) rake (< 13.0) diff-lcs (1.3) - mini_mime (1.0.1) + mini_mime (1.0.2) mini_portile2 (2.4.0) - nokogiri (1.10.3) + nokogiri (1.10.4) mini_portile2 (~> 2.4.0) - public_suffix (3.0.3) + public_suffix (4.0.1) rack (2.0.7) rack-test (1.1.0) rack (>= 1.0, < 3) - rake (12.3.2) - regexp_parser (1.4.0) + rake (12.3.3) + regexp_parser (1.6.0) rspec (3.8.0) rspec-core (~> 3.8.0) rspec-expectations (~> 3.8.0) rspec-mocks (~> 3.8.0) - rspec-core (3.8.0) + rspec-core (3.8.2) rspec-support (~> 3.8.0) - rspec-expectations (3.8.3) + rspec-expectations (3.8.4) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.8.0) - rspec-mocks (3.8.0) + rspec-mocks (3.8.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.8.0) - rspec-support (3.8.0) - rubyzip (1.2.2) - selenium-webdriver (3.142.0) - childprocess (>= 0.5, < 2.0) + rspec-support (3.8.2) + rubyzip (1.2.4) + selenium-webdriver (3.142.4) + childprocess (>= 0.5, < 3.0) rubyzip (~> 1.2, >= 1.2.2) xpath (3.2.0) nokogiri (~> 1.8) @@ -54,4 +54,4 @@ DEPENDENCIES selenium-webdriver BUNDLED WITH - 2.0.1 + 2.0.2 From 751278af05dec9105b7fbfeb8c077848a59ef8e4 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 12 Sep 2019 10:31:23 -0700 Subject: [PATCH 251/416] CHANGELOG: update for 15.0.11snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 0b9baf5..03c81b7 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 15.0.11snap2 + - tests: update ruby version and gems + - php: enable gmp + - php: update to 7.2.22 + v 15.0.11snap1 - nextcloud: update to 15.0.11 - apache: update to 2.4.41 From 764be4962697184129c1b434749d3d6afc3135ad Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 17 May 2019 13:14:16 +0200 Subject: [PATCH 252/416] nextcloud: update to 16.0.5 Resolve #972 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index d6abbe2..1dc106c 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-15.0.11.tar.bz2 - source-checksum: sha256/59cdde8e7a4a15606efc246e37adf6401b0b4a60f33289be8725d675b9c2ae26 + source: https://download.nextcloud.com/server/releases/nextcloud-16.0.5.tar.bz2 + source-checksum: sha256/8709c64fa776fd731c8e5f1ab25d592a2e690e5e18a81601cccf363795fae551 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From ff0b6fa8cb18ec0be825ddae4568ca675dbdff93 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 27 Sep 2019 08:40:46 -0700 Subject: [PATCH 253/416] CHANGELOG: update for 16.0.5snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 03c81b7..1cb76cc 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 16.0.5snap1 + - nextcloud: update to 16.0.5 + v 15.0.11snap2 - tests: update ruby version and gems - php: enable gmp diff --git a/README.md b/README.md index 312ffd6..d34d79f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 15.0.11 +- Nextcloud 16.0.5 - Apache 2.4 - PHP 7.2 - MySQL 5.7 From 7dbf1cc55abc46b0951bbd876d79cb96c1923ee1 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 30 Sep 2019 11:27:54 -0700 Subject: [PATCH 254/416] tests: disable v14 dailies and enable v16 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 16 ++++++++-------- .travis/cron.sh | 6 ------ 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 71333a5..9123dd2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -64,7 +64,7 @@ jobs: # Run the tests command: ./.circleci/runtests.sh - test-daily-v14: + test-daily-v15: working_directory: ~/nextcloud-snap machine: true steps: @@ -75,14 +75,14 @@ jobs: command: | sudo apt update -qq sudo apt install -y snapd - sudo snap install nextcloud --channel=14/edge + sudo snap install nextcloud --channel=15/edge sudo nextcloud.manual-install admin admin - run: # Run the tests command: ./.circleci/runtests.sh - test-daily-v15: + test-daily-v16: working_directory: ~/nextcloud-snap machine: true steps: @@ -93,7 +93,7 @@ jobs: command: | sudo apt update -qq sudo apt install -y snapd - sudo snap install nextcloud --channel=15/edge + sudo snap install nextcloud --channel=16/edge sudo nextcloud.manual-install admin admin - run: @@ -116,7 +116,7 @@ workflows: jobs: [test-daily-master] - daily-v14: + daily-v15: triggers: - schedule: # 0700 UTC == 0000 PSC @@ -125,9 +125,9 @@ workflows: branches: only: develop - jobs: [test-daily-v14] + jobs: [test-daily-v15] - daily-v15: + daily-v16: triggers: - schedule: # 0700 UTC == 0000 PSC @@ -136,4 +136,4 @@ workflows: branches: only: develop - jobs: [test-daily-v15] + jobs: [test-daily-v16] diff --git a/.travis/cron.sh b/.travis/cron.sh index 14c9ea7..78c559d 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -1,7 +1,6 @@ #!/bin/bash latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" -latest_stable14_url="https://download.nextcloud.com/server/daily/latest-stable14.tar.bz2" latest_stable15_url="https://download.nextcloud.com/server/daily/latest-stable15.tar.bz2" latest_stable16_url="https://download.nextcloud.com/server/daily/latest-stable16.tar.bz2" @@ -37,11 +36,6 @@ request_build \ "latest-master" "$latest_master_url" "master-$today" \ "From CI: Use Nextcloud latest master" -echo "Requesting build of latest 14..." -request_build \ - "latest-14" "$latest_stable14_url" "14-$today" \ - "From CI: Use Nextcloud latest 14" - echo "Requesting build of latest 15..." request_build \ "latest-15" "$latest_stable15_url" "15-$today" \ From 539d86acf54e7e5981c66e00c761118d5c1dfdc7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 1 Oct 2019 18:29:34 -0700 Subject: [PATCH 255/416] php: check file timestamps for opcache Not checking timestamps seems like a sensible optimization given that snaps are read-only. However, this ignores the fact that apps can be installed and updated, and those are also PHP. The opcache needs to be invalidated in that case. Update the PHP configuration to check file timestamps. Fix #1130 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- src/common/utilities/common-utilities | 14 ++++++++-- src/import-export/bin/import-data | 2 +- src/nextcloud/bin/occ | 6 +--- src/php/config/php.ini | 25 ++++++++++++----- src/php/utilities/php-utilities | 15 ---------- tests/spec/maintenance_mode_spec.rb | 40 +++++++++++++++------------ tests/spec/spec_helper.rb | 7 +++-- 8 files changed, 61 insertions(+), 50 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 1dc106c..693dceb 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -246,7 +246,7 @@ parts: source: src/php/ organize: config/*: config/php/ - stage-packages: [mawk, libfcgi0ldbl] + stage-packages: [mawk] # Copy over our Nextcloud configuration files nextcloud-customizations: diff --git a/src/common/utilities/common-utilities b/src/common/utilities/common-utilities index 4698ac6..37ed507 100755 --- a/src/common/utilities/common-utilities +++ b/src/common/utilities/common-utilities @@ -52,10 +52,20 @@ wait_for_command() enable_maintenance_mode() { - run_command "Enabling maintenance mode" occ -n maintenance:mode --on + if run_command "Enabling maintenance mode" occ -n maintenance:mode --on; then + # The opcache might cache changes for one second. Wait for two to be safe. + sleep 2 + return 0 + fi + return 1 } disable_maintenance_mode() { - run_command "Disabling maintenance mode" occ -n maintenance:mode --off + if run_command "Disabling maintenance mode" occ -n maintenance:mode --off; then + # The opcache might cache changes for one second. Wait for two to be safe. + sleep 2 + return 0 + fi + return 1 } diff --git a/src/import-export/bin/import-data b/src/import-export/bin/import-data index e6388cb..e3e696a 100755 --- a/src/import-export/bin/import-data +++ b/src/import-export/bin/import-data @@ -139,7 +139,7 @@ echo "unstable, so beware if using from within scripts." >&2 echo "" >&2 # Enable maintenance mode so data can't change out from under us -if ! enable_maintenance_mode; then +if nextcloud_is_installed && ! enable_maintenance_mode; then echo "Unable to enter maintenance mode" exit 1 fi diff --git a/src/nextcloud/bin/occ b/src/nextcloud/bin/occ index 3f3dafb..cb4e93f 100755 --- a/src/nextcloud/bin/occ +++ b/src/nextcloud/bin/occ @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/sh -e # shellcheck source=src/mysql/utilities/mysql-utilities . "$SNAP/utilities/mysql-utilities" @@ -19,7 +19,3 @@ wait_for_php wait_for_nextcloud_to_be_configured run-php "$SNAP/htdocs/occ" "$@" - -# occ may have modified the config. Invalidate its cache just in case, otherwise -# PHP won't see the changes. -php_invalidate_opcache "$NEXTCLOUD_CONFIG_DIR/config.php" diff --git a/src/php/config/php.ini b/src/php/config/php.ini index a211dc9..ef2bb2c 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -1735,12 +1735,11 @@ ldap.max_links = -1 [opcache] zend_extension=opcache.so - ; Determines if Zend OPCache is enabled opcache.enable=1 ; Determines if Zend OPCache is enabled for the CLI version of PHP -opcache.enable_cli=1 +;opcache.enable_cli=0 ; The OPcache shared memory storage size. opcache.memory_consumption=128 @@ -1749,7 +1748,7 @@ opcache.memory_consumption=128 opcache.interned_strings_buffer=8 ; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 100000 are allowed. +; Only numbers between 200 and 1000000 are allowed. opcache.max_accelerated_files=10000 ; The maximum percentage of "wasted" memory until a restart is scheduled. @@ -1763,7 +1762,7 @@ opcache.max_accelerated_files=10000 ; When disabled, you must reset the OPcache manually or restart the ; webserver for changes to the filesystem to take effect. -opcache.validate_timestamps=0 +;opcache.validate_timestamps=1 ; How often (in seconds) to check file timestamps for changes to the shared ; memory storage allocation. ("1" means validate once per second, but only @@ -1777,9 +1776,6 @@ opcache.revalidate_freq=1 ; size of the optimized code. opcache.save_comments=1 -; If enabled, a fast shutdown sequence is used for the accelerated code -;opcache.fast_shutdown=0 - ; Allow file existence override (file_exists, etc.) performance feature. ;opcache.enable_file_override=0 @@ -1847,10 +1843,25 @@ opcache.save_comments=1 ; Enables or disables checksum validation when script loaded from file cache. ;opcache.file_cache_consistency_checks=1 +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + ; Enables or disables copying of PHP code (text segment) into HUGE PAGES. ; This should improve performance, but requires appropriate OS configuration. ;opcache.huge_code_pages=1 +; Validate cached file permissions. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + [curl] ; A default value for the CURLOPT_CAINFO option. This is required to be an ; absolute path. diff --git a/src/php/utilities/php-utilities b/src/php/utilities/php-utilities index d52cab1..792efa8 100755 --- a/src/php/utilities/php-utilities +++ b/src/php/utilities/php-utilities @@ -77,18 +77,3 @@ php_set_previous_memory_limit() { snapctl set private.php.memory-limit="$1" } - -php_invalidate_opcache() -{ - tmpfile="$(mktemp --tmpdir tmp_XXXXXXXXXX.php)" - echo "" > "$tmpfile" - - export SCRIPT_FILENAME="$tmpfile" - export REQUEST_METHOD="GET" - if ! output="$(cgi-fcgi -bind -connect "$PHP_FPM_SOCKET")"; then - echo "Unable to invalidate opcache: $output" >&2 - fi - - # Dash doesn't support trap RETURN - rm -f "$tmpfile" -} diff --git a/tests/spec/maintenance_mode_spec.rb b/tests/spec/maintenance_mode_spec.rb index 14456a3..fd296cd 100644 --- a/tests/spec/maintenance_mode_spec.rb +++ b/tests/spec/maintenance_mode_spec.rb @@ -1,24 +1,30 @@ feature "Maintenance mode" do - # Regression test for #486. - scenario "enable/disable" do - # First, verify that maintenance mode is not active - visit "/" - expect(page).not_to have_content('maintenance mode') + # Regression test for #486. + scenario "enable/disable" do + # First, verify that maintenance mode is not active + visit "/" + expect(page).not_to have_content('maintenance mode') - # Enable maintenance mode - `sudo nextcloud.occ maintenance:mode --on 2>&1` - expect($?.to_i).to eq 0 + # Enable maintenance mode + `sudo nextcloud.occ -n maintenance:mode --on 2>&1` + expect($?.to_i).to eq 0 - # Now verify that maintenance mode is active - visit "/" - expect(page).to have_content('maintenance mode') + # Maintenance mode takes one second to apply (opcache) + sleep 2 - # Now disable maintenance mode - `sudo nextcloud.occ maintenance:mode --off 2>&1` - expect($?.to_i).to eq 0 + # Now verify that maintenance mode is active + visit "/" + expect(page).to have_content('maintenance mode') - # Finally, verify that maintenance mode is not active again - visit "/" - expect(page).not_to have_content('maintenance mode') + # Now disable maintenance mode + `sudo nextcloud.occ -n maintenance:mode --off 2>&1` + expect($?.to_i).to eq 0 + + # Maintenance mode takes one second to apply (opcache) + sleep 2 + + # Finally, verify that maintenance mode is not active again + visit "/" + expect(page).not_to have_content('maintenance mode') end end diff --git a/tests/spec/spec_helper.rb b/tests/spec/spec_helper.rb index 09e4caf..77ddc54 100644 --- a/tests/spec/spec_helper.rb +++ b/tests/spec/spec_helper.rb @@ -124,7 +124,7 @@ config.before(:suite) do # Ensure the first run wizard is disabled, just in case - `sudo nextcloud.occ app:disable firstrunwizard` + `sudo nextcloud.occ -n app:disable firstrunwizard` end config.after(:each) do @@ -133,9 +133,12 @@ Capybara.current_session.driver.quit # After each test, make sure maintenance mode is reset - `sudo nextcloud.occ maintenance:mode --off 2>&1` + `sudo nextcloud.occ -n maintenance:mode --off 2>&1` expect($?.to_i).to eq 0 + # Maintenance mode takes a second to apply (opcache) + sleep 2 + # Make sure any and all backups are removed `sudo rm -rf /var/snap/nextcloud/common/backups` From 959041ada5ae613bd86aca3915137673be3df9cc Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 3 Oct 2019 13:53:52 -0700 Subject: [PATCH 256/416] php: update to 7.2.23 Resolve #1133 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 693dceb..22288c1 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.2.22.tar.bz2/from/this/mirror - source-checksum: sha256/c10a9883b586ada5ef1149f2571625b27efdcc3e70a04fbb9121979633b0f08a + source: https://php.net/get/php-7.2.23.tar.bz2/from/this/mirror + source-checksum: sha256/a17af3643d29d7e730f977e3776dc3e325d5ca00b361e41dbfc2368ebad5430d source-type: tar install-via: prefix configflags: From 5948fc81ca39386446303750bd4c9906b3219632 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 3 Oct 2019 14:56:24 -0700 Subject: [PATCH 257/416] CHANGELOG: update for 16.0.5snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 1cb76cc..067ddde 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 16.0.5snap2 + - php: update to 7.2.23 + - php: check file timestamps for opcache + - tests: disable v14 dailies and enable v16 + v 16.0.5snap1 - nextcloud: update to 16.0.5 From fbb70edce8d76e7853e7332b23a23c28c0b862a3 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 21 Oct 2019 12:34:32 -0700 Subject: [PATCH 258/416] mysql: update to 5.7.28 Resolve #1143 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 22288c1..e641592 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -276,7 +276,7 @@ parts: mysql: plugin: cmake source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.27 + source-tag: mysql-5.7.28 source-depth: 1 override-pull: | snapcraftctl pull From b8673432b5b608d4a21f8e1ef28ef5742824c3a2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 24 Oct 2019 08:18:43 -0700 Subject: [PATCH 259/416] php: update to 7.2.24 Resolve #1152 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index e641592..ecb5ace 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.2.23.tar.bz2/from/this/mirror - source-checksum: sha256/a17af3643d29d7e730f977e3776dc3e325d5ca00b361e41dbfc2368ebad5430d + source: https://php.net/get/php-7.2.24.tar.bz2/from/this/mirror + source-checksum: sha256/a079934db63068bbcc9bbd2e7b916b9891fc97719862697e5f954c639984f603 source-type: tar install-via: prefix configflags: From bb43cd8af469c46975dadf090814f873cbb261fb Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 25 Oct 2019 08:39:28 -0700 Subject: [PATCH 260/416] CHANGELOG: update for 16.0.5snap3 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 067ddde..664d8ca 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 16.0.5snap3 + - php: update to 7.2.24 + - mysql: update to 5.7.28 + v 16.0.5snap2 - php: update to 7.2.23 - php: check file timestamps for opcache From 20c70a77330763535b1ca885c9e4bc7e037534f8 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 23 Nov 2019 20:30:40 -0800 Subject: [PATCH 261/416] ci: enable daily v17 snap Build, release, and test a snap daily from stable17. Resolve #1175 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 29 +++++++++++++++++++++++++++++ .travis/cron.sh | 6 ++++++ 2 files changed, 35 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9123dd2..eacf7c7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -100,6 +100,24 @@ jobs: # Run the tests command: ./.circleci/runtests.sh + test-daily-v17: + working_directory: ~/nextcloud-snap + machine: true + steps: + - checkout + + - run: + # Install the snap and create an admin user + command: | + sudo apt update -qq + sudo apt install -y snapd + sudo snap install nextcloud --channel=17/edge + sudo nextcloud.manual-install admin admin + + - run: + # Run the tests + command: ./.circleci/runtests.sh + workflows: version: 2 commit: @@ -137,3 +155,14 @@ workflows: only: develop jobs: [test-daily-v16] + + daily-v17: + triggers: + - schedule: + # 0700 UTC == 0000 PSC + cron: "0 7 * * *" + filters: + branches: + only: develop + + jobs: [test-daily-v17] diff --git a/.travis/cron.sh b/.travis/cron.sh index 78c559d..b64cf23 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -3,6 +3,7 @@ latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" latest_stable15_url="https://download.nextcloud.com/server/daily/latest-stable15.tar.bz2" latest_stable16_url="https://download.nextcloud.com/server/daily/latest-stable16.tar.bz2" +latest_stable17_url="https://download.nextcloud.com/server/daily/latest-stable17.tar.bz2" rewrite_snapcraft_yaml() { @@ -45,3 +46,8 @@ echo "Requesting build of latest 16..." request_build \ "latest-16" "$latest_stable16_url" "16-$today" \ "From CI: Use Nextcloud latest 16" + +echo "Requesting build of latest 17..." +request_build \ + "latest-17" "$latest_stable17_url" "17-$today" \ + "From CI: Use Nextcloud latest 17" From e46e7bd01b933d6e02fab25d86a02c8bdf7ab282 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 5 Dec 2019 10:17:04 -0800 Subject: [PATCH 262/416] php: update to 7.3.12 Resolve #1149 Signed-off-by: Kyle Fazzari --- README.md | 2 +- snap/snapcraft.yaml | 5 +++-- src/php/config/php.ini | 2 +- tests/spec/change_mode_spec.rb | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d34d79f..a7b0bd9 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Nextcloud server packaged as a snap. It consists of: - Nextcloud 16.0.5 - Apache 2.4 -- PHP 7.2 +- PHP 7.3 - MySQL 5.7 - Redis 4.0 - mDNS for network discovery diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index ecb5ace..2bd9252 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.2.24.tar.bz2/from/this/mirror - source-checksum: sha256/a079934db63068bbcc9bbd2e7b916b9891fc97719862697e5f954c639984f603 + source: https://php.net/get/php-7.3.12.tar.bz2/from/this/mirror + source-checksum: sha256/d317b029f991410578cc38ba4b76c9f764ec29c67e7124e1fec57bceb3ad8c39 source-type: tar install-via: prefix configflags: @@ -218,6 +218,7 @@ parts: - libldap2-dev - libfreetype6-dev - libgmp-dev + - libzip-dev prime: - -sbin/ - -etc/ diff --git a/src/php/config/php.ini b/src/php/config/php.ini index ef2bb2c..e96e0ce 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -723,7 +723,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. ; http://php.net/extension-dir -extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20170718" +extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20180731" ; On windows: ; extension_dir = "ext" diff --git a/tests/spec/change_mode_spec.rb b/tests/spec/change_mode_spec.rb index 39d2c83..0634ebd 100644 --- a/tests/spec/change_mode_spec.rb +++ b/tests/spec/change_mode_spec.rb @@ -66,7 +66,7 @@ def assert_php_signature # Verify that PHP adds an X-Powered-By header response = nextcloud_response expect(response.to_hash).to include "x-powered-by" - expect(response["x-powered-by"]).to match /PHP\/7\.2\.\d+/ + expect(response["x-powered-by"]).to match /PHP\/7\.3\.\d+/ end def nextcloud_response(url: "http://localhost") From b0c325a2dc989a215333d3eae9659a5116e9e472 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 19 Dec 2019 10:11:54 -0800 Subject: [PATCH 263/416] php: update to 7.3.13 See #1149 for more details. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 2bd9252..08703fb 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.3.12.tar.bz2/from/this/mirror - source-checksum: sha256/d317b029f991410578cc38ba4b76c9f764ec29c67e7124e1fec57bceb3ad8c39 + source: https://php.net/get/php-7.3.13.tar.bz2/from/this/mirror + source-checksum: sha256/5c7b89062814f3c3953d1518f63ed463fd452929e3a37110af4170c5d23267bc source-type: tar install-via: prefix configflags: From 7250b33358db0413ffc93ad2163bbe6a4f61e2eb Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 6 Jan 2020 13:02:11 -0800 Subject: [PATCH 264/416] CHANGELOG: update for 16.0.5snap4 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 664d8ca..f53ff09 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 16.0.5snap4 + - php: update to 7.3.13 + v 16.0.5snap3 - php: update to 7.2.24 - mysql: update to 5.7.28 From 4ae68bbc818e8b88b70295f63bff4c4f5f5460ec Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 6 Jan 2020 14:45:22 -0800 Subject: [PATCH 265/416] tests: update dependencies Signed-off-by: Kyle Fazzari --- tests/Gemfile.lock | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/tests/Gemfile.lock b/tests/Gemfile.lock index a68cfbb..7dca906 100644 --- a/tests/Gemfile.lock +++ b/tests/Gemfile.lock @@ -3,7 +3,7 @@ GEM specs: addressable (2.7.0) public_suffix (>= 2.0.2, < 5.0) - capybara (3.29.0) + capybara (3.30.0) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) @@ -11,36 +11,35 @@ GEM rack-test (>= 0.6.3) regexp_parser (~> 1.5) xpath (~> 3.2) - childprocess (2.0.0) - rake (< 13.0) + childprocess (3.0.0) diff-lcs (1.3) mini_mime (1.0.2) mini_portile2 (2.4.0) - nokogiri (1.10.4) + nokogiri (1.10.7) mini_portile2 (~> 2.4.0) - public_suffix (4.0.1) - rack (2.0.7) + public_suffix (4.0.3) + rack (2.0.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rake (12.3.3) + rake (13.0.1) regexp_parser (1.6.0) - rspec (3.8.0) - rspec-core (~> 3.8.0) - rspec-expectations (~> 3.8.0) - rspec-mocks (~> 3.8.0) - rspec-core (3.8.2) - rspec-support (~> 3.8.0) - rspec-expectations (3.8.4) + rspec (3.9.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-core (3.9.1) + rspec-support (~> 3.9.1) + rspec-expectations (3.9.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-mocks (3.8.1) + rspec-support (~> 3.9.0) + rspec-mocks (3.9.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-support (3.8.2) - rubyzip (1.2.4) - selenium-webdriver (3.142.4) - childprocess (>= 0.5, < 3.0) - rubyzip (~> 1.2, >= 1.2.2) + rspec-support (~> 3.9.0) + rspec-support (3.9.2) + rubyzip (2.0.0) + selenium-webdriver (3.142.7) + childprocess (>= 0.5, < 4.0) + rubyzip (>= 1.2.2) xpath (3.2.0) nokogiri (~> 1.8) From 0f8d4d6e15593ae6f0c6bd7f5c1570ad3e2b813c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 11 Jan 2020 15:48:55 -0800 Subject: [PATCH 266/416] nextcloud-fixer: update all apps Nextcloud upgrades don't update apps properly (see nextcloud/server#18673). This results in a very poor upgrade experience if a bundled app needs to update. Work around this issue by updating apps automatically. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- src/nextcloud/bin/nextcloud-fixer | 7 ++++++ src/nextcloud/bin/occ | 2 +- src/nextcloud/bin/setup-nextcloud | 40 +++++++++++++++---------------- 4 files changed, 28 insertions(+), 23 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 08703fb..78d3fda 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -102,7 +102,7 @@ apps: hooks: configure: - plugs: [network, network-bind] + plugs: [network, network-bind, removable-media] parts: apache: diff --git a/src/nextcloud/bin/nextcloud-fixer b/src/nextcloud/bin/nextcloud-fixer index c87b112..d928730 100755 --- a/src/nextcloud/bin/nextcloud-fixer +++ b/src/nextcloud/bin/nextcloud-fixer @@ -24,6 +24,13 @@ if nextcloud_is_installed; then trap 'disable_maintenance_mode' EXIT occ -n db:convert-filecache-bigint + + echo "Updating all apps..." + if occ -n app:update --all; then + # app:update downloads and extracts the updates, but now we + # need to run upgrade to run database migrations, etc. + occ -n upgrade + fi else wait_for_nextcloud_to_be_installed diff --git a/src/nextcloud/bin/occ b/src/nextcloud/bin/occ index cb4e93f..173a533 100755 --- a/src/nextcloud/bin/occ +++ b/src/nextcloud/bin/occ @@ -14,8 +14,8 @@ if [ "$(id -u)" -ne 0 ]; then exit 1 fi -# occ can't do much before PHP FPM is up and running wait_for_php +wait_for_redis wait_for_nextcloud_to_be_configured run-php "$SNAP/htdocs/occ" "$@" diff --git a/src/nextcloud/bin/setup-nextcloud b/src/nextcloud/bin/setup-nextcloud index 3750b8f..06f811b 100755 --- a/src/nextcloud/bin/setup-nextcloud +++ b/src/nextcloud/bin/setup-nextcloud @@ -54,25 +54,23 @@ else occ -n app:disable updatenotification fi -# Finally, make sure nextcloud is up to date. The return code of the upgrade -# can be used to determine the outcome: -# success = 0; -# not installed = 1; -# in maintenance mode = 2; -# already up to date = 3; -# invalid arguments = 4; -# other failure = 5; -echo "Making sure nextcloud is fully upgraded..." -occ -n upgrade -return_code=$? -if [ $return_code -eq 1 ]; then - echo "Nextcloud is not yet installed-- no upgrade necessary" -elif [ $return_code -eq 3 ]; then - echo "Nextcloud is fully upgraded" -elif [ $return_code -ne 0 ]; then - echo "Unable to upgrade Nextcloud. Will try again." - # occ may have left it in maintenance mode, so turn that off - disable_maintenance_mode - sleep 10 # Delaying here so systemd doesn't throttle us - exit 1 + +if nextcloud_is_installed; then + # Finally, make sure nextcloud is up to date. The return code of the + # upgrade can be used to determine the outcome: + # success (or already up to date) = 0; + # not installed = 1; + # in maintenance mode = 2; + # invalid arguments = 4; + # other failure = 5; + echo "Making sure nextcloud is fully upgraded..." + occ -n upgrade + return_code=$? + if [ $return_code -ne 0 ]; then + echo "Unable to upgrade Nextcloud. Will try again." + # occ may have left it in maintenance mode, so turn that off + disable_maintenance_mode + sleep 10 # Delaying here so systemd doesn't throttle us + exit 1 + fi fi From ddc4bccd32b23d3e61399f6762b87f8d71ab24ec Mon Sep 17 00:00:00 2001 From: Daniel Kesselberg Date: Thu, 2 Jan 2020 21:24:02 +0100 Subject: [PATCH 267/416] Update nextcloud to 16.0.7 Signed-off-by: Daniel Kesselberg --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 78d3fda..259a2a5 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-16.0.5.tar.bz2 - source-checksum: sha256/8709c64fa776fd731c8e5f1ab25d592a2e690e5e18a81601cccf363795fae551 + source: https://download.nextcloud.com/server/releases/nextcloud-16.0.7.tar.bz2 + source-checksum: sha256/b9632772f4845c16b14e1e861783a747ed1bc25a18347d99b2caccb1079c8de3 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 32f418da4cfab8859ec663b87e4718cf007f2ae5 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 12 Jan 2020 17:41:43 -0800 Subject: [PATCH 268/416] CHANGELOG: update for 16.0.7snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index f53ff09..e515b8b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 16.0.7snap1 + - nextcloud: update to 16.0.7 + - nextcloud-fixer: update all apps + - tests: update dependencies + v 16.0.5snap4 - php: update to 7.3.13 diff --git a/README.md b/README.md index a7b0bd9..974dbb6 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 16.0.5 +- Nextcloud 16.0.7 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From c4898ba7f203801b1b5e7cbf7b10d30032bf21f4 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 13 Jan 2020 10:55:02 -0800 Subject: [PATCH 269/416] nextcloud-fixer: upgrade and update apps before anything else Also refactor nextcloud-fixer to be a more easily-expanded set of fixes (hacks) by making them all shell scripts instead of lines in the same file. Fix #1214 Signed-off-by: Kyle Fazzari --- src/nextcloud/bin/nextcloud-fixer | 31 +++++-------------- .../fixes/existing-install/1_upgrade.sh | 6 ++++ .../fixes/existing-install/2_update-apps.sh | 8 +++++ .../existing-install/3_add-missing-indices.sh | 4 +++ src/nextcloud/fixes/existing-install/README | 3 ++ .../maintenance/1_convert-filecache-bigint.sh | 5 +++ .../fixes/existing-install/maintenance/README | 4 +++ .../fixes/fresh-install/1_disable-theming.sh | 10 ++++++ .../fresh-install/2_add-missing-indices.sh | 3 ++ .../3_convert-filecache-bigint.sh | 6 ++++ src/nextcloud/fixes/fresh-install/README | 2 ++ 11 files changed, 59 insertions(+), 23 deletions(-) create mode 100755 src/nextcloud/fixes/existing-install/1_upgrade.sh create mode 100755 src/nextcloud/fixes/existing-install/2_update-apps.sh create mode 100755 src/nextcloud/fixes/existing-install/3_add-missing-indices.sh create mode 100644 src/nextcloud/fixes/existing-install/README create mode 100755 src/nextcloud/fixes/existing-install/maintenance/1_convert-filecache-bigint.sh create mode 100644 src/nextcloud/fixes/existing-install/maintenance/README create mode 100755 src/nextcloud/fixes/fresh-install/1_disable-theming.sh create mode 100755 src/nextcloud/fixes/fresh-install/2_add-missing-indices.sh create mode 100755 src/nextcloud/fixes/fresh-install/3_convert-filecache-bigint.sh create mode 100644 src/nextcloud/fixes/fresh-install/README diff --git a/src/nextcloud/bin/nextcloud-fixer b/src/nextcloud/bin/nextcloud-fixer index d928730..18338ab 100755 --- a/src/nextcloud/bin/nextcloud-fixer +++ b/src/nextcloud/bin/nextcloud-fixer @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/sh -e # shellcheck source=src/apache/utilities/apache-utilities . "$SNAP/utilities/apache-utilities" @@ -11,11 +11,9 @@ wait_for_apache if nextcloud_is_installed; then - # This command can be run without putting Nextcloud into maintenance mode - occ -n db:add-missing-indices + # Run set of fixes for an update to an existing install + run-parts -v --exit-on-error --regex '.*\.sh$' "$SNAP/fixes/existing-install" - # Unfortunately convert-filecache-bigint requires that Nextcloud be in maintenance - # mode, and can take some time. if ! enable_maintenance_mode; then echo "Unable to enter maintenance mode" >&2 sleep 10 # Give it a few seconds before bailing so systemd doesn't throttle @@ -23,25 +21,12 @@ if nextcloud_is_installed; then fi trap 'disable_maintenance_mode' EXIT - occ -n db:convert-filecache-bigint - - echo "Updating all apps..." - if occ -n app:update --all; then - # app:update downloads and extracts the updates, but now we - # need to run upgrade to run database migrations, etc. - occ -n upgrade - fi + # Run set of fixes for an update to an existing install that require maintenance + # mode + run-parts -v --exit-on-error --regex '.*\.sh$' "$SNAP/fixes/existing-install/maintenance" else wait_for_nextcloud_to_be_installed - # Disable the theming app. It requires imagick (which the snap doesn't ship) and - # displays a warning if it's not installed. This way, the warning is only shown if - # someone needs and enables the theming app. - run_command "Disabling theming by default" occ -n app:disable theming - - # Technically convert-filecache-bigint should be run under maintenance mode, but - # there really isn't anything to go wrong on a fresh install, and the UX of enabling - # maintenance mode as soon as an admin account is created is awful. - occ -n db:add-missing-indices - occ -n db:convert-filecache-bigint + # Run set of fixes for a fresh install + run-parts -v --exit-on-error --regex '.*\.sh$' "$SNAP/fixes/fresh-install" fi diff --git a/src/nextcloud/fixes/existing-install/1_upgrade.sh b/src/nextcloud/fixes/existing-install/1_upgrade.sh new file mode 100755 index 0000000..bcafa71 --- /dev/null +++ b/src/nextcloud/fixes/existing-install/1_upgrade.sh @@ -0,0 +1,6 @@ +#!/bin/sh -e + +# If Nextcloud just updated, it's possible that the upgrade process +# placed app update files, but didn't run the proper migrations for +# them. Run upgrade again to make sure +occ -n upgrade \ No newline at end of file diff --git a/src/nextcloud/fixes/existing-install/2_update-apps.sh b/src/nextcloud/fixes/existing-install/2_update-apps.sh new file mode 100755 index 0000000..85079c8 --- /dev/null +++ b/src/nextcloud/fixes/existing-install/2_update-apps.sh @@ -0,0 +1,8 @@ +#!/bin/sh -e + +# Now explicitly update all apps, in case the upgrade step didn't do it +if occ -n app:update --all; then + # app:update downloads and extracts the updates, but now we + # need to run database migrations, etc. so run upgrade again + occ -n upgrade +fi \ No newline at end of file diff --git a/src/nextcloud/fixes/existing-install/3_add-missing-indices.sh b/src/nextcloud/fixes/existing-install/3_add-missing-indices.sh new file mode 100755 index 0000000..3c7e33a --- /dev/null +++ b/src/nextcloud/fixes/existing-install/3_add-missing-indices.sh @@ -0,0 +1,4 @@ +#!/bin/sh -e + +# This command can be run without putting Nextcloud into maintenance mode +occ -n db:add-missing-indices \ No newline at end of file diff --git a/src/nextcloud/fixes/existing-install/README b/src/nextcloud/fixes/existing-install/README new file mode 100644 index 0000000..b8817c8 --- /dev/null +++ b/src/nextcloud/fixes/existing-install/README @@ -0,0 +1,3 @@ +This directory contains a set of executables to be run when an existing +instance of Nextcloud is launched (this may or may not be an upgrade). +None of these should require maintenance mode. \ No newline at end of file diff --git a/src/nextcloud/fixes/existing-install/maintenance/1_convert-filecache-bigint.sh b/src/nextcloud/fixes/existing-install/maintenance/1_convert-filecache-bigint.sh new file mode 100755 index 0000000..e3b8c5b --- /dev/null +++ b/src/nextcloud/fixes/existing-install/maintenance/1_convert-filecache-bigint.sh @@ -0,0 +1,5 @@ +#!/bin/sh -e + +# Unfortunately convert-filecache-bigint requires that Nextcloud be in maintenance +# mode, and can take some time. +occ -n db:convert-filecache-bigint \ No newline at end of file diff --git a/src/nextcloud/fixes/existing-install/maintenance/README b/src/nextcloud/fixes/existing-install/maintenance/README new file mode 100644 index 0000000..063ff18 --- /dev/null +++ b/src/nextcloud/fixes/existing-install/maintenance/README @@ -0,0 +1,4 @@ +This directory contains a set of executables to be run when an existing +instance of Nextcloud is launched (this may or may not be an upgrade). All of +these should require maintenance mode. If they don't, they should be placed in +the parent directory. \ No newline at end of file diff --git a/src/nextcloud/fixes/fresh-install/1_disable-theming.sh b/src/nextcloud/fixes/fresh-install/1_disable-theming.sh new file mode 100755 index 0000000..5708721 --- /dev/null +++ b/src/nextcloud/fixes/fresh-install/1_disable-theming.sh @@ -0,0 +1,10 @@ +#!/bin/sh -e + +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" + +# Disable the theming app. It requires imagick (which the snap doesn't ship) and +# displays a warning if it's not installed. This way, the warning is only shown if +# someone needs and enables the theming app. +run_command "Disabling theming by default" occ -n app:disable theming + diff --git a/src/nextcloud/fixes/fresh-install/2_add-missing-indices.sh b/src/nextcloud/fixes/fresh-install/2_add-missing-indices.sh new file mode 100755 index 0000000..6f67db0 --- /dev/null +++ b/src/nextcloud/fixes/fresh-install/2_add-missing-indices.sh @@ -0,0 +1,3 @@ +#!/bin/sh -e + +occ -n db:add-missing-indices \ No newline at end of file diff --git a/src/nextcloud/fixes/fresh-install/3_convert-filecache-bigint.sh b/src/nextcloud/fixes/fresh-install/3_convert-filecache-bigint.sh new file mode 100755 index 0000000..482b9ea --- /dev/null +++ b/src/nextcloud/fixes/fresh-install/3_convert-filecache-bigint.sh @@ -0,0 +1,6 @@ +#!/bin/sh -e + +# Technically convert-filecache-bigint should be run under maintenance mode, but +# there really isn't anything to go wrong on a fresh install, and the UX of enabling +# maintenance mode as soon as an admin account is created is awful. +occ -n db:convert-filecache-bigint \ No newline at end of file diff --git a/src/nextcloud/fixes/fresh-install/README b/src/nextcloud/fixes/fresh-install/README new file mode 100644 index 0000000..923f386 --- /dev/null +++ b/src/nextcloud/fixes/fresh-install/README @@ -0,0 +1,2 @@ +This directory contains a set of executables to be run when a fresh instance of +Nextcloud is installed. None of these should require maintenance mode. \ No newline at end of file From 2196f0ec7a564bd5cc806ce40bdae1f57c2b8232 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 13 Jan 2020 14:27:19 -0800 Subject: [PATCH 270/416] CHANGELOG: update for 16.0.7snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index e515b8b..5f4f144 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 16.0.7snap2 + - nextcloud-fixer: upgrade and update apps before anything else + v 16.0.7snap1 - nextcloud: update to 16.0.7 - nextcloud-fixer: update all apps From b6db9a144005a2a6c024649d4d57a0e4ec7d2f27 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 14 Jan 2020 20:02:39 -0800 Subject: [PATCH 271/416] mysql: update to 5.7.29 Resolve #1217 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 259a2a5..7050b0e 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -277,7 +277,7 @@ parts: mysql: plugin: cmake source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.28 + source-tag: mysql-5.7.29 source-depth: 1 override-pull: | snapcraftctl pull From fa0b1b6dd2f3d4ac8de8a91ec9f90eb30c68a864 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 14 Jan 2020 20:21:31 -0800 Subject: [PATCH 272/416] README: removable-media also covers /mnt Resolve #1121 Signed-off-by: Kyle Fazzari --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 974dbb6..8f8368d 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,9 @@ which will automatically change the cron admin setting to Cron for you. Also note that the interface providing the ability to access removable media is not automatically connected upon install, so if you'd like to use external -storage (or otherwise use a device in `/media` for data), you need to give the -snap permission to access removable media by connecting that interface: +storage (or otherwise use a device in `/media` or `/mnt` for data), you need to +give the snap permission to access removable media by connecting that +interface: $ sudo snap connect nextcloud:removable-media From ddd28450c1258f2209b9fe1b7294c3cf2f5919c3 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 19 Jan 2020 09:12:46 -0800 Subject: [PATCH 273/416] Add github sponsors Signed-off-by: Kyle Fazzari --- .github/FUNDING.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 656dd76..628bcbc 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1 +1,2 @@ +github: kyrofa liberapay: kyrofa From a1d1f3d4673efafbf9d2cc97b2785964f1d65b5d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 19 Jan 2020 09:24:57 -0800 Subject: [PATCH 274/416] Enable daily release and test of v18 Resolve #1225 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 29 +++++++++++++++++++++++++++++ .travis/cron.sh | 6 ++++++ 2 files changed, 35 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index eacf7c7..6b921a6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -118,6 +118,24 @@ jobs: # Run the tests command: ./.circleci/runtests.sh + test-daily-v18: + working_directory: ~/nextcloud-snap + machine: true + steps: + - checkout + + - run: + # Install the snap and create an admin user + command: | + sudo apt update -qq + sudo apt install -y snapd + sudo snap install nextcloud --channel=18/edge + sudo nextcloud.manual-install admin admin + + - run: + # Run the tests + command: ./.circleci/runtests.sh + workflows: version: 2 commit: @@ -166,3 +184,14 @@ workflows: only: develop jobs: [test-daily-v17] + + daily-v18: + triggers: + - schedule: + # 0700 UTC == 0000 PSC + cron: "0 7 * * *" + filters: + branches: + only: develop + + jobs: [test-daily-v18] diff --git a/.travis/cron.sh b/.travis/cron.sh index b64cf23..84f861c 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -4,6 +4,7 @@ latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar latest_stable15_url="https://download.nextcloud.com/server/daily/latest-stable15.tar.bz2" latest_stable16_url="https://download.nextcloud.com/server/daily/latest-stable16.tar.bz2" latest_stable17_url="https://download.nextcloud.com/server/daily/latest-stable17.tar.bz2" +latest_stable18_url="https://download.nextcloud.com/server/daily/latest-stable18.tar.bz2" rewrite_snapcraft_yaml() { @@ -51,3 +52,8 @@ echo "Requesting build of latest 17..." request_build \ "latest-17" "$latest_stable17_url" "17-$today" \ "From CI: Use Nextcloud latest 17" + +echo "Requesting build of latest 18..." +request_build \ + "latest-18" "$latest_stable18_url" "18-$today" \ + "From CI: Use Nextcloud latest 18" From 8c476187cd96b4593ccd520a6ec2d2e0f63bba91 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 16 Jan 2020 12:54:15 -0800 Subject: [PATCH 275/416] nextcloud: notify admins upon update The main sell of the Nextcloud snap is that is updates automatically in a transactional manner. A side effect of this is that admins could completely miss the fact that an update occurred, and if the update did something they didn't expect they don't immediately know what to blame. Notify all admins when the snap updates, making sure they know how to revert if something doesn't work properly. Resolve #1220 Signed-off-by: Kyle Fazzari --- src/common/utilities/common-utilities | 10 ++++++++ .../existing-install/99_notify_admins.sh | 25 +++++++++++++++++++ .../fresh-install/99_record_snap_version.sh | 7 ++++++ src/nextcloud/utilities/nextcloud-utilities | 16 ++++++++++++ 4 files changed, 58 insertions(+) create mode 100755 src/nextcloud/fixes/existing-install/99_notify_admins.sh create mode 100755 src/nextcloud/fixes/fresh-install/99_record_snap_version.sh diff --git a/src/common/utilities/common-utilities b/src/common/utilities/common-utilities index 37ed507..a8bc40f 100755 --- a/src/common/utilities/common-utilities +++ b/src/common/utilities/common-utilities @@ -50,6 +50,16 @@ wait_for_command() fi } +get_previous_snap_version() +{ + snapctl get private.snap.version +} + +set_previous_snap_version() +{ + snapctl set private.snap.version="$1" +} + enable_maintenance_mode() { if run_command "Enabling maintenance mode" occ -n maintenance:mode --on; then diff --git a/src/nextcloud/fixes/existing-install/99_notify_admins.sh b/src/nextcloud/fixes/existing-install/99_notify_admins.sh new file mode 100755 index 0000000..dd40f48 --- /dev/null +++ b/src/nextcloud/fixes/existing-install/99_notify_admins.sh @@ -0,0 +1,25 @@ +#!/bin/sh -e + +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" + +previous_version="$(get_previous_snap_version)" +if [ "$previous_version" != "$SNAP_VERSION" ]; then + message="The Nextcloud snap updated itself to version $SNAP_VERSION. We" + message="$message are dedicated to ensuring these updates work amazingly" + message="$message well, but in the unlikely event something broke," + message="$message remember you can revert the update with a single" + message="$message command:\n\n" + message="$message $ sudo snap revert nextcloud\n\n" + message="$message Please also don't forget to log an issue:" + message="$message https://github.com/nextcloud/nextcloud-snap" + + run_command \ + "Notifying admins of update from ${previous_version:-unknown version} to $SNAP_VERSION" \ + nextcloud_notify_admins \ + "Nextcloud updated" "$(printf "%b" "$message")" || true + + set_previous_snap_version "$SNAP_VERSION" +fi diff --git a/src/nextcloud/fixes/fresh-install/99_record_snap_version.sh b/src/nextcloud/fixes/fresh-install/99_record_snap_version.sh new file mode 100755 index 0000000..903a1af --- /dev/null +++ b/src/nextcloud/fixes/fresh-install/99_record_snap_version.sh @@ -0,0 +1,7 @@ +#!/bin/sh -e + +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" + +# Record the snap version so we can notify when it's been updated +set_previous_snap_version "$SNAP_VERSION" diff --git a/src/nextcloud/utilities/nextcloud-utilities b/src/nextcloud/utilities/nextcloud-utilities index 70c6d38..46ee303 100644 --- a/src/nextcloud/utilities/nextcloud-utilities +++ b/src/nextcloud/utilities/nextcloud-utilities @@ -30,6 +30,22 @@ wait_for_nextcloud_to_be_installed() wait_for_command "Waiting for Nextcloud to be installed" nextcloud_is_installed } +# nextcloud_notify_admins +nextcloud_notify_admins() +{ + if ! occ app:list --output=json | jq -e '.enabled | .notifications' > /dev/null; then + echo "Notifications app isn't enabled-- unable to send notification" >&2 + return 1 + fi + + users=$(occ user:list --output=json | jq -r 'keys[]') + for user in $users; do + if occ user:info --output=json "$user" | jq -e '.groups | index("admin")' > /dev/null; then + occ notification:generate "$user" "$1" -l "$2" + fi + done +} + cronjob_interval() { interval="$(snapctl get nextcloud.cron-interval)" From f04a551e6588c23c72bba169754c40b7e453aa96 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 29 Jan 2020 11:43:38 -0800 Subject: [PATCH 276/416] php: update to 7.3.14 Resolve #1230 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 18 ++++++++++++------ snap/snapcraft.yaml | 4 ++-- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6b921a6..343a4b8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -16,7 +16,8 @@ jobs: build: working_directory: ~/nextcloud-snap - machine: true + machine: + image: ubuntu-1604:201903-01 steps: - checkout @@ -48,7 +49,8 @@ jobs: test-daily-master: working_directory: ~/nextcloud-snap - machine: true + machine: + image: ubuntu-1604:201903-01 steps: - checkout @@ -66,7 +68,8 @@ jobs: test-daily-v15: working_directory: ~/nextcloud-snap - machine: true + machine: + image: ubuntu-1604:201903-01 steps: - checkout @@ -84,7 +87,8 @@ jobs: test-daily-v16: working_directory: ~/nextcloud-snap - machine: true + machine: + image: ubuntu-1604:201903-01 steps: - checkout @@ -102,7 +106,8 @@ jobs: test-daily-v17: working_directory: ~/nextcloud-snap - machine: true + machine: + image: ubuntu-1604:201903-01 steps: - checkout @@ -120,7 +125,8 @@ jobs: test-daily-v18: working_directory: ~/nextcloud-snap - machine: true + machine: + image: ubuntu-1604:201903-01 steps: - checkout diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 7050b0e..55403d4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -172,8 +172,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.3.13.tar.bz2/from/this/mirror - source-checksum: sha256/5c7b89062814f3c3953d1518f63ed463fd452929e3a37110af4170c5d23267bc + source: https://php.net/get/php-7.3.14.tar.bz2/from/this/mirror + source-checksum: sha256/b9dfcbbbc929ce67995f976de8636c5f46804593ecae6e110509329b9dc6c272 source-type: tar install-via: prefix configflags: From a6b81ea21c8301cc65842762ac40e45043188c12 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 8 Feb 2020 16:04:34 -0800 Subject: [PATCH 277/416] hooks: add pre-refresh hook to update apps Nextcloud's update process doesn't do a good job of ensuring apps are updated properly and re-enabled after the update. It seems to work best if apps are already as up-to-date as they can be. If we know we're about to be refreshed, take a moment to make sure all apps are up-to-date. Resolve #1243 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 ++ src/hooks/bin/pre-refresh | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100755 src/hooks/bin/pre-refresh diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 55403d4..06a827e 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -103,6 +103,8 @@ apps: hooks: configure: plugs: [network, network-bind, removable-media] + pre-refresh: + plugs: [network, network-bind, removable-media] parts: apache: diff --git a/src/hooks/bin/pre-refresh b/src/hooks/bin/pre-refresh new file mode 100755 index 0000000..9cb75a8 --- /dev/null +++ b/src/hooks/bin/pre-refresh @@ -0,0 +1,21 @@ +#!/bin/sh -e + +# shellcheck source=src/apache/utilities/apache-utilities +. "$SNAP/utilities/apache-utilities" +# shellcheck source=src/nextcloud/utilities/nextcloud-utilities +. "$SNAP/utilities/nextcloud-utilities" + +# By waiting for Apache we ensure that Nextcloud is setup and fully-updated +wait_for_apache + +# We're about to be refreshed. Nextcloud's update process doesn't do a good job +# of ensuring apps are updated properly and re-enabled after the update. Let's +# help it out a little by trying to update all apps right now, before the +# update actually happens. +if nextcloud_is_installed; then + if occ -n app:update --all; then + # app:update downloads and extracts the updates, but now we + # need to run database migrations, etc. + occ -n upgrade + fi +fi From 15be55a4efb891adbdb93621f92011d04ac65265 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Fri, 7 Feb 2020 00:03:20 +0100 Subject: [PATCH 278/416] nextcloud: update to 16.0.8 Resolve #1236 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 55403d4..794fc78 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -158,8 +158,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-16.0.7.tar.bz2 - source-checksum: sha256/b9632772f4845c16b14e1e861783a747ed1bc25a18347d99b2caccb1079c8de3 + source: https://download.nextcloud.com/server/releases/nextcloud-16.0.8.tar.bz2 + source-checksum: sha256/252fb559814777553e57a5c486194c5e07c92e6a453e1d0bacba5f339221bf30 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From b9dd20290410bb0df7b464be12eb2b07183c4aec Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 9 Feb 2020 00:15:46 -0800 Subject: [PATCH 279/416] CHANGELOG: update for 16.0.8snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 7 +++++++ README.md | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 5f4f144..7610586 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +v 16.0.8snap1 + - nextcloud: update to 16.0.8 + - hooks: add pre-refresh hook to update apps + - php: update to 7.3.14 + - nextcloud: notify admins upon update + - mysql: update to 5.7.29 + v 16.0.7snap2 - nextcloud-fixer: upgrade and update apps before anything else diff --git a/README.md b/README.md index 8f8368d..46105b0 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 16.0.7 +- Nextcloud 16.0.8 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 55c7add7714ebb34303d71e4f3cca38a8cd0460c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 19 Jan 2020 09:17:26 -0800 Subject: [PATCH 280/416] nextcloud: update to 17.0.3 Resolve #1129 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index fceb83b..ca061ce 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -160,8 +160,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-16.0.8.tar.bz2 - source-checksum: sha256/252fb559814777553e57a5c486194c5e07c92e6a453e1d0bacba5f339221bf30 + source: https://download.nextcloud.com/server/releases/nextcloud-17.0.3.tar.bz2 + source-checksum: sha256/901d51888f47df2930a07da585b8d3cf1b70a6c9c9702971c5e2b36ed0e47444 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From ce4f5f6dac03dd2a93bf11908e6f1a25007e8907 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Thu, 20 Feb 2020 19:09:34 +0100 Subject: [PATCH 281/416] php: update to 7.3.15 Resolve #1256 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index fceb83b..4d11b91 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -174,8 +174,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.3.14.tar.bz2/from/this/mirror - source-checksum: sha256/b9dfcbbbc929ce67995f976de8636c5f46804593ecae6e110509329b9dc6c272 + source: https://php.net/get/php-7.3.15.tar.bz2/from/this/mirror + source-checksum: sha256/8dbe1507ea0035f4211faa0db80fe95f39df0e39d8408223820fe9123487043d source-type: tar install-via: prefix configflags: From 9514306732b30699a013b8b7c8daf7a23817eda2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 22 Feb 2020 18:28:41 -0800 Subject: [PATCH 282/416] nextcloud: support notifying users with spaces in username Nextcloud supports creating a user with spaces in the username, which confuses the update notification. Update it to support spaces. Fix #1260 Signed-off-by: Kyle Fazzari --- src/nextcloud/utilities/nextcloud-utilities | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/nextcloud/utilities/nextcloud-utilities b/src/nextcloud/utilities/nextcloud-utilities index 46ee303..0ccd512 100644 --- a/src/nextcloud/utilities/nextcloud-utilities +++ b/src/nextcloud/utilities/nextcloud-utilities @@ -38,8 +38,7 @@ nextcloud_notify_admins() return 1 fi - users=$(occ user:list --output=json | jq -r 'keys[]') - for user in $users; do + occ user:list --output=json | jq -r 'keys[]' | while read -r user; do if occ user:info --output=json "$user" | jq -e '.groups | index("admin")' > /dev/null; then occ notification:generate "$user" "$1" -l "$2" fi From 4118679717095164f0b0c9c75a7750021ff38bcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Fri, 14 Feb 2020 15:56:03 +0100 Subject: [PATCH 283/416] redis: update phpredis to 5.1.1 and redis to 5.0.7 Resolve #802 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 4d11b91..d13b87c 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -229,13 +229,13 @@ parts: sbin/php-fpm: bin/php-fpm extensions: # Build the redis PHP module - - source: https://github.com/phpredis/phpredis/archive/3.1.4.tar.gz - source-checksum: sha256/656cab2eb93bd30f30701c1280707c60e5736c5420212d5d547ebe0d3f4baf71 + - source: https://github.com/phpredis/phpredis/archive/5.1.1.tar.gz + source-checksum: sha256/6b054e1c944f0c415a3489cf6ac94d5423b2b506d8c36ac7a8cdd965a1c07cf9 redis: plugin: redis - source: http://download.redis.io/releases/redis-4.0.13.tar.gz - source-checksum: sha256/17d955227966dcd68590be6139e5fe7f2d19fc4fb7334248a904ea9cdd30c1d4 + source: http://download.redis.io/releases/redis-5.0.7.tar.gz + source-checksum: sha256/61db74eabf6801f057fd24b590232f2f337d422280fd19486eca03be87d3a82b redis-customizations: plugin: dump From fbddf6140b24ac8d185496d453651312b1bffc35 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 23 Feb 2020 13:03:40 -0800 Subject: [PATCH 284/416] CHANGELOG: update for 17.0.3snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 6 ++++++ README.md | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 7610586..cc8d4bc 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +v 17.0.3snap1 + - redis: update phpredis to 5.1.1 and redis to 5.0.7 + - nextcloud: support notifying users with spaces in username + - php: update to 7.3.15 + - nextcloud: update to 17.0.3 + v 16.0.8snap1 - nextcloud: update to 16.0.8 - hooks: add pre-refresh hook to update apps diff --git a/README.md b/README.md index 46105b0..287e776 100644 --- a/README.md +++ b/README.md @@ -2,11 +2,11 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 16.0.8 +- Nextcloud 17.0.3 - Apache 2.4 - PHP 7.3 - MySQL 5.7 -- Redis 4.0 +- Redis 5.0 - mDNS for network discovery From 0a680064ca5bbb019c0703dfae32b1fb68b00a89 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 23 Feb 2020 15:11:46 -0800 Subject: [PATCH 285/416] Disable v15 dailies v15 is no longer supported. Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 30 ------------------------------ .travis/cron.sh | 6 ------ 2 files changed, 36 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 343a4b8..3eaadbe 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -66,25 +66,6 @@ jobs: # Run the tests command: ./.circleci/runtests.sh - test-daily-v15: - working_directory: ~/nextcloud-snap - machine: - image: ubuntu-1604:201903-01 - steps: - - checkout - - - run: - # Install the snap and create an admin user - command: | - sudo apt update -qq - sudo apt install -y snapd - sudo snap install nextcloud --channel=15/edge - sudo nextcloud.manual-install admin admin - - - run: - # Run the tests - command: ./.circleci/runtests.sh - test-daily-v16: working_directory: ~/nextcloud-snap machine: @@ -158,17 +139,6 @@ workflows: jobs: [test-daily-master] - daily-v15: - triggers: - - schedule: - # 0700 UTC == 0000 PSC - cron: "0 7 * * *" - filters: - branches: - only: develop - - jobs: [test-daily-v15] - daily-v16: triggers: - schedule: diff --git a/.travis/cron.sh b/.travis/cron.sh index 84f861c..80fba88 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -1,7 +1,6 @@ #!/bin/bash latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" -latest_stable15_url="https://download.nextcloud.com/server/daily/latest-stable15.tar.bz2" latest_stable16_url="https://download.nextcloud.com/server/daily/latest-stable16.tar.bz2" latest_stable17_url="https://download.nextcloud.com/server/daily/latest-stable17.tar.bz2" latest_stable18_url="https://download.nextcloud.com/server/daily/latest-stable18.tar.bz2" @@ -38,11 +37,6 @@ request_build \ "latest-master" "$latest_master_url" "master-$today" \ "From CI: Use Nextcloud latest master" -echo "Requesting build of latest 15..." -request_build \ - "latest-15" "$latest_stable15_url" "15-$today" \ - "From CI: Use Nextcloud latest 15" - echo "Requesting build of latest 16..." request_build \ "latest-16" "$latest_stable16_url" "16-$today" \ From 908ae2f757c3c3f328d297de2326622452243b56 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 27 Feb 2020 16:45:01 -0800 Subject: [PATCH 286/416] tests: update gems Resolve #1272 Signed-off-by: Kyle Fazzari --- tests/Gemfile.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/Gemfile.lock b/tests/Gemfile.lock index 7dca906..adf996a 100644 --- a/tests/Gemfile.lock +++ b/tests/Gemfile.lock @@ -3,7 +3,7 @@ GEM specs: addressable (2.7.0) public_suffix (>= 2.0.2, < 5.0) - capybara (3.30.0) + capybara (3.31.0) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) @@ -15,14 +15,14 @@ GEM diff-lcs (1.3) mini_mime (1.0.2) mini_portile2 (2.4.0) - nokogiri (1.10.7) + nokogiri (1.10.8) mini_portile2 (~> 2.4.0) public_suffix (4.0.3) - rack (2.0.8) + rack (2.2.2) rack-test (1.1.0) rack (>= 1.0, < 3) rake (13.0.1) - regexp_parser (1.6.0) + regexp_parser (1.7.0) rspec (3.9.0) rspec-core (~> 3.9.0) rspec-expectations (~> 3.9.0) @@ -36,7 +36,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) rspec-support (3.9.2) - rubyzip (2.0.0) + rubyzip (2.2.0) selenium-webdriver (3.142.7) childprocess (>= 0.5, < 4.0) rubyzip (>= 1.2.2) From f643ad51839b608a146a2016d8199effacbbf641 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Tue, 24 Mar 2020 17:51:32 +0100 Subject: [PATCH 287/416] php: update to 7.3.16 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolve #1281 Signed-off-by: Marc Peña Segarra --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index abf20b1..93d67ad 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -174,8 +174,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.3.15.tar.bz2/from/this/mirror - source-checksum: sha256/8dbe1507ea0035f4211faa0db80fe95f39df0e39d8408223820fe9123487043d + source: https://php.net/get/php-7.3.16.tar.bz2/from/this/mirror + source-checksum: sha256/b8072d526a283182963b03960b7982392daa43cb31131eca4cf0b996764a042e source-type: tar install-via: prefix configflags: From 4907de993b43306e558e3607259db755e9cb7ca3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Tue, 24 Mar 2020 18:01:10 +0100 Subject: [PATCH 288/416] redis: update to 5.0.8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolve #1286 Signed-off-by: Marc Peña Segarra --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index abf20b1..8dc813a 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -234,8 +234,8 @@ parts: redis: plugin: redis - source: http://download.redis.io/releases/redis-5.0.7.tar.gz - source-checksum: sha256/61db74eabf6801f057fd24b590232f2f337d422280fd19486eca03be87d3a82b + source: http://download.redis.io/releases/redis-5.0.8.tar.gz + source-checksum: sha256/f3c7eac42f433326a8d981b50dba0169fdfaf46abb23fcda2f933a7552ee4ed7 redis-customizations: plugin: dump From 26a97012690c1ae0ca619f832fa56ea426f98f5b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 24 Mar 2020 16:39:03 -0700 Subject: [PATCH 289/416] nextcloud: update to 17.0.5 Resolve #1277 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 39324bb..f3b9712 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -160,8 +160,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-17.0.3.tar.bz2 - source-checksum: sha256/901d51888f47df2930a07da585b8d3cf1b70a6c9c9702971c5e2b36ed0e47444 + source: https://download.nextcloud.com/server/releases/nextcloud-17.0.5.tar.bz2 + source-checksum: sha256/d503eaf998e652554a27c14382f2b42c307e7fc9d6afa05f2829b547eb733161 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 406f3ffd4783b48528a54618d962c4924f350ab2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 28 Mar 2020 11:27:39 -0700 Subject: [PATCH 290/416] CHANGELOG: update for 17.0.5snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index cc8d4bc..0f68769 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 17.0.5snap1 + - nextcloud: update to 17.0.5 + - redis: update to 5.0.8 + - php: update to 7.3.16 + v 17.0.3snap1 - redis: update phpredis to 5.1.1 and redis to 5.0.7 - nextcloud: support notifying users with spaces in username diff --git a/README.md b/README.md index 287e776..65f723d 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 17.0.3 +- Nextcloud 17.0.5 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 8840c5120b218398634baf218cb61a3b9ef304cc Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 2 Apr 2020 19:14:13 -0700 Subject: [PATCH 291/416] apache: update to 2.4.43 Resolve #1292 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f3b9712..614ff4d 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -109,8 +109,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.41.tar.bz2 - source-checksum: sha256/133d48298fe5315ae9366a0ec66282fa4040efa5d566174481077ade7d18ea40 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.43.tar.bz2 + source-checksum: sha256/a497652ab3fc81318cdc2a203090a999150d86461acff97c1065dc910fe10f43 override-pull: | snapcraftctl pull From 7bab51fe70aaab72baac69ded8547807e27e6c40 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 18 Apr 2020 09:35:48 -0700 Subject: [PATCH 292/416] php: update to 7.3.17 Resolve #1301 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 614ff4d..01ba754 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -174,8 +174,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.3.16.tar.bz2/from/this/mirror - source-checksum: sha256/b8072d526a283182963b03960b7982392daa43cb31131eca4cf0b996764a042e + source: https://php.net/get/php-7.3.17.tar.bz2/from/this/mirror + source-checksum: sha256/d83e90d9024c999f209933732ed4e1d0e7295a67c66ab79490898ea0a4a29709 source-type: tar install-via: prefix configflags: From 2b2f0ccfa7079a8c0e7924a67f78f25f210a591a Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 27 Feb 2020 16:37:33 -0800 Subject: [PATCH 293/416] nextcloud: update to 18.0.4 Resolve #1247 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 01ba754..68f7565 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -160,8 +160,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-17.0.5.tar.bz2 - source-checksum: sha256/d503eaf998e652554a27c14382f2b42c307e7fc9d6afa05f2829b547eb733161 + source: https://download.nextcloud.com/server/releases/nextcloud-18.0.4.tar.bz2 + source-checksum: sha256/fad8e12632b352247ffc5ae181d4e414d732b9072caa0401774cfdb93a714329 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 7230f672f7206284056bd316036775ccab3602a1 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 24 Apr 2020 13:38:29 -0700 Subject: [PATCH 294/416] CHANGELOG: update for 18.0.4snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 0f68769..b3e3eeb 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 18.0.4snap1 + - nextcloud: update to 18.0.4 + - php: update to 7.3.17 + - apache: update to 2.4.43 + v 17.0.5snap1 - nextcloud: update to 17.0.5 - redis: update to 5.0.8 diff --git a/README.md b/README.md index 65f723d..f6c55ea 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 17.0.5 +- Nextcloud 18.0.4 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 0a0b418287c667b70510a984370fb3375e59b09e Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 5 May 2020 11:54:22 -0700 Subject: [PATCH 295/416] mysql: update to 5.7.30 Resolve #1320 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 68f7565..799dc46 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -279,7 +279,7 @@ parts: mysql: plugin: cmake source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.29 + source-tag: mysql-5.7.30 source-depth: 1 override-pull: | snapcraftctl pull From dbabf3f812da7e7ee4026d33ec11c01997a1899b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 20 May 2020 14:06:18 -0700 Subject: [PATCH 296/416] tests: update CircleCI image They're apparently unwilling to fix their broken image, so we need to upgrade the one we use. Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 10 +++++----- tests/spec/spec_helper.rb | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3eaadbe..2707782 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -17,7 +17,7 @@ jobs: build: working_directory: ~/nextcloud-snap machine: - image: ubuntu-1604:201903-01 + image: ubuntu-1604:202004-01 steps: - checkout @@ -50,7 +50,7 @@ jobs: test-daily-master: working_directory: ~/nextcloud-snap machine: - image: ubuntu-1604:201903-01 + image: ubuntu-1604:202004-01 steps: - checkout @@ -69,7 +69,7 @@ jobs: test-daily-v16: working_directory: ~/nextcloud-snap machine: - image: ubuntu-1604:201903-01 + image: ubuntu-1604:202004-01 steps: - checkout @@ -88,7 +88,7 @@ jobs: test-daily-v17: working_directory: ~/nextcloud-snap machine: - image: ubuntu-1604:201903-01 + image: ubuntu-1604:202004-01 steps: - checkout @@ -107,7 +107,7 @@ jobs: test-daily-v18: working_directory: ~/nextcloud-snap machine: - image: ubuntu-1604:201903-01 + image: ubuntu-1604:202004-01 steps: - checkout diff --git a/tests/spec/spec_helper.rb b/tests/spec/spec_helper.rb index 77ddc54..0f4c5dd 100644 --- a/tests/spec/spec_helper.rb +++ b/tests/spec/spec_helper.rb @@ -9,7 +9,7 @@ Capybara.register_driver :chrome do |app| options = Selenium::WebDriver::Chrome::Options.new( - args: %w[headless disable-gpu no-sandbox] + args: %w[headless disable-gpu no-sandbox ignore-certificate-errors] ) Capybara::Selenium::Driver.new(app, browser: :chrome, options: options) end From 401ba484fb88a9efbbd9712608efa153008f908c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 15 May 2020 23:18:59 -0700 Subject: [PATCH 297/416] php: update to 7.3.18 Resolve #1336 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 799dc46..e744585 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -174,8 +174,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.3.17.tar.bz2/from/this/mirror - source-checksum: sha256/d83e90d9024c999f209933732ed4e1d0e7295a67c66ab79490898ea0a4a29709 + source: https://php.net/get/php-7.3.18.tar.bz2/from/this/mirror + source-checksum: sha256/749d21f65deb57153b575f846705f5db54732c6b672e80612b29dcf1a53be8a4 source-type: tar install-via: prefix configflags: From 707ebf779be23545b92aa193d39222166ce960f2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 21 May 2020 10:05:24 -0700 Subject: [PATCH 298/416] CHANGELOG: update for 18.0.4snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index b3e3eeb..96c7473 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 18.0.4snap2 + - php: update to 7.3.18 + - mysql: update to 5.7.30 + v 18.0.4snap1 - nextcloud: update to 18.0.4 - php: update to 7.3.17 From 7f639ff652361e2fec840a803a68e5f1b6f12192 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 21 May 2020 16:55:03 -0700 Subject: [PATCH 299/416] nextcloud: cron should run every 5 minutes by default 5 minutes should be the default for new installs. Existing installs should remain unchanged, and the admin can always configure it as they see fit. Resolve #1345 Signed-off-by: Kyle Fazzari --- src/nextcloud/utilities/nextcloud-utilities | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nextcloud/utilities/nextcloud-utilities b/src/nextcloud/utilities/nextcloud-utilities index 0ccd512..6d7e4f7 100644 --- a/src/nextcloud/utilities/nextcloud-utilities +++ b/src/nextcloud/utilities/nextcloud-utilities @@ -5,7 +5,7 @@ export NEXTCLOUD_CONFIG_DIR="$SNAP_DATA/nextcloud/config" export NEXTCLOUD_DATA_DIR="$SNAP_COMMON/nextcloud/data" -DEFAULT_CRONJOB_INTERVAL="15m" +DEFAULT_CRONJOB_INTERVAL="5m" nextcloud_is_configured() { From c0b80f25388031fbf1287db2edccd5ad8b99c3d2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 2 Jun 2020 11:58:05 -0700 Subject: [PATCH 300/416] nextcloud: regenerate asset cache on startup Without this, reverting the snap can result in an older Nextcloud attempting to use the assets of a newer Nextcloud, which is an experience that generally makes one sad. Resolve #1323 Signed-off-by: Kyle Fazzari --- .../fixes/existing-install/4_regenerate-assets.sh | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100755 src/nextcloud/fixes/existing-install/4_regenerate-assets.sh diff --git a/src/nextcloud/fixes/existing-install/4_regenerate-assets.sh b/src/nextcloud/fixes/existing-install/4_regenerate-assets.sh new file mode 100755 index 0000000..ce77ca3 --- /dev/null +++ b/src/nextcloud/fixes/existing-install/4_regenerate-assets.sh @@ -0,0 +1,7 @@ +#!/bin/sh -e + +# This does a lot of stuff, but what we really care about is the fact that it +# regenerates the asset caches. This is required because these caches are +# stored alongside the data, which is unversioned. Without clearing the caches +# on starup, a revert would try to use a newer version's CSS, for example. +occ -n maintenance:repair From 28e26ace774151791b07ced1a0b5cb4b2b0cd1fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Thu, 13 Feb 2020 23:23:58 +0100 Subject: [PATCH 301/416] Make the snap core18 compatible It includes these changes in snapcraft.yaml: - Add "base: core18" - Modify libpng* packages names in the php part - Add missing stage-packages in the php part - Add a missing stage-package in the mysql part - "requirements" needs to be an array now (cerbot part) And these in x-apache.yaml: - "self.stage_packages.extend" with needed stage-packages - "schema['required'].append('modules')" is not valid anymore Resolve #755 Signed-off-by: Kyle Fazzari --- snap/plugins/x-apache.py | 5 ++++- snap/snapcraft.yaml | 19 ++++++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/snap/plugins/x-apache.py b/snap/plugins/x-apache.py index ff08d62..3b7c581 100644 --- a/snap/plugins/x-apache.py +++ b/snap/plugins/x-apache.py @@ -22,7 +22,7 @@ def schema(cls): 'default': 'event', } - schema['required'].append('modules') + schema['required'] = ['modules'] return schema @@ -32,6 +32,9 @@ def __init__(self, name, options, project): self.build_packages.extend( ['pkg-config', 'libapr1-dev', 'libaprutil1-dev', 'libpcre3-dev', 'libssl-dev']) + self.stage_packages.extend( + ['libapr1', 'libaprutil1', 'libpcre3', + 'libssl1.0.0']) def build(self): super().build() diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index e744585..567d74b 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -7,6 +7,7 @@ description: | grade: stable confinement: strict +base: core18 apps: # Apache daemon @@ -209,11 +210,20 @@ parts: stage-packages: # These are only included here until the OS snap stabilizes - libxml2 - - libpng12-0 + - libpng16-16 + # These seems to be needed for core18 + - libcurl4 + - libjpeg9 + - libbz2-1.0 + - libmcrypt4 + - libldap-2.4-2 + - libfreetype6 + - libgmp10 + - libzip4 build-packages: - libxml2-dev - libcurl4-openssl-dev - - libpng12-dev + - libpng-dev - libjpeg9-dev - libbz2-dev - libmcrypt-dev @@ -308,6 +318,9 @@ parts: # Remove scripts that we'll be replacing with our own - -support-files/mysql.server - -COPYING + stage-packages: + # This seems to be needed for core18 + - libaio1 prime: # Remove scripts that we'll be replacing with our own - -support-files/mysql.server @@ -361,7 +374,7 @@ parts: plugin: python python-version: python2 source: src/https/ - requirements: requirements.txt + requirements: ["requirements.txt"] build-packages: [libffi-dev] after: [patches] override-build: | From f40b0c1a61105c6a89f68998716958fa888b7f7a Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 3 Jun 2020 16:19:42 -0700 Subject: [PATCH 302/416] Reorganize stage-packages and write wrapper Signed-off-by: Kyle Fazzari --- snap/plugins/x-apache.py | 4 +--- snap/snapcraft.yaml | 42 ++++++++++++++++++++++--------------- src/mysql/bin/run-mysqldump | 3 +++ 3 files changed, 29 insertions(+), 20 deletions(-) create mode 100755 src/mysql/bin/run-mysqldump diff --git a/snap/plugins/x-apache.py b/snap/plugins/x-apache.py index 3b7c581..06ecf99 100644 --- a/snap/plugins/x-apache.py +++ b/snap/plugins/x-apache.py @@ -32,9 +32,7 @@ def __init__(self, name, options, project): self.build_packages.extend( ['pkg-config', 'libapr1-dev', 'libaprutil1-dev', 'libpcre3-dev', 'libssl-dev']) - self.stage_packages.extend( - ['libapr1', 'libaprutil1', 'libpcre3', - 'libssl1.0.0']) + self.stage_packages.extend(['libapr1', 'libaprutil1']) def build(self): super().build() diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 567d74b..2509611 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -53,7 +53,7 @@ apps: plugs: [network, network-bind] mysqldump: - command: mysqldump --defaults-file=$SNAP_DATA/mysql/root.ini --lock-tables nextcloud + command: run-mysqldump plugs: [network, network-bind] # Nextcloud occ command @@ -207,19 +207,6 @@ parts: # Enable gmp - --with-gmp - stage-packages: - # These are only included here until the OS snap stabilizes - - libxml2 - - libpng16-16 - # These seems to be needed for core18 - - libcurl4 - - libjpeg9 - - libbz2-1.0 - - libmcrypt4 - - libldap-2.4-2 - - libfreetype6 - - libgmp10 - - libzip4 build-packages: - libxml2-dev - libcurl4-openssl-dev @@ -231,6 +218,28 @@ parts: - libfreetype6-dev - libgmp-dev - libzip-dev + stage-packages: + - libasn1-8-heimdal + - libcurl4 + - libfreetype6 + - libgssapi3-heimdal + - libhcrypto4-heimdal + - libheimbase1-heimdal + - libheimntlm0-heimdal + - libhx509-5-heimdal + - libicu60 + - libjpeg9 + - libkrb5-26-heimdal + - libldap-2.4-2 + - libnghttp2-14 + - libpng16-16 + - libpsl5 + - libroken18-heimdal + - librtmp1 + - libsasl2-2 + - libwind0-heimdal + - libxml2 + - libzip4 prime: - -sbin/ - -etc/ @@ -314,13 +323,12 @@ parts: - bison - libncurses5-dev - libaio-dev + stage-packages: + - libaio1 stage: # Remove scripts that we'll be replacing with our own - -support-files/mysql.server - -COPYING - stage-packages: - # This seems to be needed for core18 - - libaio1 prime: # Remove scripts that we'll be replacing with our own - -support-files/mysql.server diff --git a/src/mysql/bin/run-mysqldump b/src/mysql/bin/run-mysqldump new file mode 100755 index 0000000..a271940 --- /dev/null +++ b/src/mysql/bin/run-mysqldump @@ -0,0 +1,3 @@ +#!/bin/sh + +mysqldump --defaults-file="$SNAP_DATA/mysql/root.ini" --lock-tables nextcloud "$@" From b0ad61d8f3b8fc761da3ab9f6326ac5a8dc67f8c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 3 Jun 2020 16:52:26 -0700 Subject: [PATCH 303/416] Add Dockerfile to build snap Signed-off-by: Kyle Fazzari --- .circleci/Dockerfile | 72 ++++++++++++++++++++++++++++++++++++++++++++ .circleci/config.yml | 8 +++-- 2 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 .circleci/Dockerfile diff --git a/.circleci/Dockerfile b/.circleci/Dockerfile new file mode 100644 index 0000000..5b057b9 --- /dev/null +++ b/.circleci/Dockerfile @@ -0,0 +1,72 @@ +FROM ubuntu:bionic as builder + +# Grab dependencies +RUN apt update +RUN apt dist-upgrade --yes +RUN apt install --yes curl sudo jq squashfs-tools + +# Grab the core snap from the stable channel and unpack it in the proper place +RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/core' | jq '.download_url' -r) --output core.snap +RUN mkdir -p /snap/core +RUN unsquashfs -d /snap/core/current core.snap + +# Grab the core18 snap from the stable channel and unpack it in the proper place +RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/core18' | jq '.download_url' -r) --output core18.snap +RUN mkdir -p /snap/core18 +RUN unsquashfs -d /snap/core18/current core18.snap + +# Grab the snapcraft snap from the stable channel and unpack it in the proper place +RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/snapcraft?channel=stable' | jq '.download_url' -r) --output snapcraft.snap +RUN mkdir -p /snap/snapcraft +RUN unsquashfs -d /snap/snapcraft/current snapcraft.snap + +# Grab the go snap from the stable channel and unpack it in the proper place +RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/go?channel=stable' | jq '.download_url' -r) --output go.snap +RUN mkdir -p /snap/go +RUN unsquashfs -d /snap/go/current go.snap + +# Create a snapcraft runner +RUN mkdir -p /snap/bin +RUN echo "#!/bin/sh" > /snap/bin/snapcraft +RUN snap_version="$(awk '/^version:/{print $2}' /snap/snapcraft/current/meta/snap.yaml)" && echo "export SNAP_VERSION=\"$snap_version\"" >> /snap/bin/snapcraft +RUN echo 'exec "$SNAP/usr/bin/python3" "$SNAP/bin/snapcraft" "$@"' >> /snap/bin/snapcraft +RUN chmod +x /snap/bin/snapcraft + +# Create a go runner +RUN echo "#!/bin/sh" > /snap/bin/go +RUN snap_version="$(awk '/^version:/{print $2}' /snap/go/current/meta/snap.yaml)" && echo "export SNAP_VERSION=\"$snap_version\"" >> /snap/bin/go +RUN echo "export SNAP=\"/snap/go/current\"" >> /snap/bin/go +RUN echo "export SNAP_NAME=\"go\"" >> /snap/bin/go +RUN echo 'exec "$SNAP/command-go.wrapper" "$@"' >> /snap/bin/go +RUN chmod +x /snap/bin/go + +# Create a gofmt runner +RUN echo "#!/bin/sh" > /snap/bin/gofmt +RUN snap_version="$(awk '/^version:/{print $2}' /snap/go/current/meta/snap.yaml)" && echo "export SNAP_VERSION=\"$snap_version\"" >> /snap/bin/gofmt +RUN echo "export SNAP=\"/snap/go/current\"" >> /snap/bin/gofmt +RUN echo "export SNAP_NAME=\"go\"" >> /snap/bin/gofmt +RUN echo 'exec "$SNAP/command-gofmt.wrapper" "$@"' >> /snap/bin/gofmt +RUN chmod +x /snap/bin/gofmt + +# Multi-stage build, only need the snaps from the builder. Copy them one at a +# time so they can be cached. +FROM ubuntu:bionic +COPY --from=builder /snap/core /snap/core +COPY --from=builder /snap/core18 /snap/core18 +COPY --from=builder /snap/snapcraft /snap/snapcraft +COPY --from=builder /snap/go /snap/go +COPY --from=builder /snap/bin/snapcraft /snap/bin/snapcraft +COPY --from=builder /snap/bin/go /snap/bin/go +COPY --from=builder /snap/bin/gofmt /snap/bin/gofmt + +# Generate locale +RUN apt update && apt dist-upgrade --yes && apt install --yes sudo locales && locale-gen en_US.UTF-8 + +# Set the proper environment +ENV LANG="en_US.UTF-8" +ENV LANGUAGE="en_US:en" +ENV LC_ALL="en_US.UTF-8" +ENV PATH="/snap/bin:$PATH" +ENV SNAP="/snap/snapcraft/current" +ENV SNAP_NAME="snapcraft" +ENV SNAP_ARCH="amd64" diff --git a/.circleci/config.yml b/.circleci/config.yml index 2707782..de77779 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -21,12 +21,16 @@ jobs: steps: - checkout + - run: + # Build the docker image necessary to build this snap + command: | + docker build -t nextcloud_builder .circleci/ + - run: # Build the snap command: | docker run -v $(pwd):$(pwd) \ - -e SNAPCRAFT_MANAGED_HOST=yes \ - -t snapcore/snapcraft:stable \ + -t nextcloud_builder \ sh -c "cd $(pwd) && apt update -qq && snapcraft" - run: From 4ba323ef15fef30bc7669296dd7559ee57125219 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 4 Jun 2020 15:37:42 -0700 Subject: [PATCH 304/416] Specify architectures Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 2509611..45ce0bc 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -9,6 +9,13 @@ grade: stable confinement: strict base: core18 +architectures: + - build-on: amd64 + - build-on: i386 + - build-on: arm64 + - build-on: armhf + - build-on: ppc64el + apps: # Apache daemon apache: From b1644b4b1435b27a64929dc0917a4044d8410390 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 4 Jun 2020 17:58:59 -0700 Subject: [PATCH 305/416] CHANGELOG: update for 18.0.4snap3 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 96c7473..ca8d029 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 18.0.4snap3 + - nextcloud: regenerate asset cache on startup + - nextcloud: cron should run every 5 minutes by default + v 18.0.4snap2 - php: update to 7.3.18 - mysql: update to 5.7.30 From 500531e75180ba719bfa272686c8b78e40a6885b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 7 Jun 2020 16:39:05 -0700 Subject: [PATCH 306/416] CHANGELOG: update for 18.0.4snap4 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index ca8d029..7c7b4f2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 18.0.4snap4 + - snap: upgrade to core18 + v 18.0.4snap3 - nextcloud: regenerate asset cache on startup - nextcloud: cron should run every 5 minutes by default From 775dc8dfbbbb5b4ea3e9ecffa33f1f86cf1a105d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 7 Jun 2020 17:12:59 -0700 Subject: [PATCH 307/416] tests: remove v16 dailies v16 is no longer supported Resolve #1362 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 30 ------------------------------ .travis/cron.sh | 6 ------ 2 files changed, 36 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index de77779..4e4b903 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -70,25 +70,6 @@ jobs: # Run the tests command: ./.circleci/runtests.sh - test-daily-v16: - working_directory: ~/nextcloud-snap - machine: - image: ubuntu-1604:202004-01 - steps: - - checkout - - - run: - # Install the snap and create an admin user - command: | - sudo apt update -qq - sudo apt install -y snapd - sudo snap install nextcloud --channel=16/edge - sudo nextcloud.manual-install admin admin - - - run: - # Run the tests - command: ./.circleci/runtests.sh - test-daily-v17: working_directory: ~/nextcloud-snap machine: @@ -143,17 +124,6 @@ workflows: jobs: [test-daily-master] - daily-v16: - triggers: - - schedule: - # 0700 UTC == 0000 PSC - cron: "0 7 * * *" - filters: - branches: - only: develop - - jobs: [test-daily-v16] - daily-v17: triggers: - schedule: diff --git a/.travis/cron.sh b/.travis/cron.sh index 80fba88..a8a4af0 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -1,7 +1,6 @@ #!/bin/bash latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" -latest_stable16_url="https://download.nextcloud.com/server/daily/latest-stable16.tar.bz2" latest_stable17_url="https://download.nextcloud.com/server/daily/latest-stable17.tar.bz2" latest_stable18_url="https://download.nextcloud.com/server/daily/latest-stable18.tar.bz2" @@ -37,11 +36,6 @@ request_build \ "latest-master" "$latest_master_url" "master-$today" \ "From CI: Use Nextcloud latest master" -echo "Requesting build of latest 16..." -request_build \ - "latest-16" "$latest_stable16_url" "16-$today" \ - "From CI: Use Nextcloud latest 16" - echo "Requesting build of latest 17..." request_build \ "latest-17" "$latest_stable17_url" "17-$today" \ From c8ba897261182807a0cd2ce4ed6ec473ef3c3d9c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 9 Jun 2020 09:32:19 -0700 Subject: [PATCH 308/416] snap: rewrite plugins to workaround snapcraft breakage Snapcraft 4.0.4 was released and broke our CI. See https://forum.snapcraft.io/t/18063 for more information. Signed-off-by: Kyle Fazzari --- snap/plugins/{x-apache.py => apache.py} | 4 ++-- snap/plugins/{x-php.py => php.py} | 2 +- snap/plugins/{x-redis.py => redis.py} | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) rename snap/plugins/{x-apache.py => apache.py} (94%) rename snap/plugins/{x-php.py => php.py} (99%) rename snap/plugins/{x-redis.py => redis.py} (94%) diff --git a/snap/plugins/x-apache.py b/snap/plugins/apache.py similarity index 94% rename from snap/plugins/x-apache.py rename to snap/plugins/apache.py index 06ecf99..6fb7c17 100644 --- a/snap/plugins/x-apache.py +++ b/snap/plugins/apache.py @@ -1,8 +1,8 @@ import subprocess -import snapcraft +import snapcraft.plugins.v1 -class ApachePlugin(snapcraft.BasePlugin): +class ApachePlugin(snapcraft.plugins.v1.PluginV1): @classmethod def schema(cls): diff --git a/snap/plugins/x-php.py b/snap/plugins/php.py similarity index 99% rename from snap/plugins/x-php.py rename to snap/plugins/php.py index 24ec9d3..2e0a98f 100644 --- a/snap/plugins/x-php.py +++ b/snap/plugins/php.py @@ -5,7 +5,7 @@ import subprocess import snapcraft -from snapcraft.plugins import autotools +from snapcraft.plugins.v1 import autotools logger = logging.getLogger(__name__) diff --git a/snap/plugins/x-redis.py b/snap/plugins/redis.py similarity index 94% rename from snap/plugins/x-redis.py rename to snap/plugins/redis.py index 9b8a922..4f6bc85 100644 --- a/snap/plugins/x-redis.py +++ b/snap/plugins/redis.py @@ -5,7 +5,7 @@ import subprocess import snapcraft -from snapcraft.plugins import make +from snapcraft.plugins.v1 import make logger = logging.getLogger(__name__) From e14feac7f6f0e9f889b8048b49b974d91559f405 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 9 Jun 2020 13:54:58 -0700 Subject: [PATCH 309/416] nextcloud: update to 18.0.6 Resolve #1374 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 45ce0bc..0fe7506 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -168,8 +168,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-18.0.4.tar.bz2 - source-checksum: sha256/fad8e12632b352247ffc5ae181d4e414d732b9072caa0401774cfdb93a714329 + source: https://download.nextcloud.com/server/releases/nextcloud-18.0.6.tar.bz2 + source-checksum: sha256/3aa185f69c4e5ec7de3b3d5792003aeb4bd16a350865e447c9363019c69b15b2 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 903451e2f98bc633918fe56bd7f84d0e79e0719b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 10 Jun 2020 16:07:44 -0700 Subject: [PATCH 310/416] CHANGELOG: update for 17.0.6snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 7c7b4f2..ec3a56c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 18.0.6snap1 + - nextcloud: update to 18.0.6 + - snap: rewrite plugins to workaround snapcraft breakage + v 18.0.4snap4 - snap: upgrade to core18 diff --git a/README.md b/README.md index f6c55ea..ff797bb 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 18.0.4 +- Nextcloud 18.0.6 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 18ed9d2df473d4c9e3e523488245d589a5d2112c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 11 Jun 2020 11:51:53 -0700 Subject: [PATCH 311/416] tests: enable v19 dailies Resolve #1369 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 30 ++++++++++++++++++++++++++++++ .travis/cron.sh | 6 ++++++ 2 files changed, 36 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4e4b903..b66e709 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -108,6 +108,25 @@ jobs: # Run the tests command: ./.circleci/runtests.sh + test-daily-v19: + working_directory: ~/nextcloud-snap + machine: + image: ubuntu-1604:202004-01 + steps: + - checkout + + - run: + # Install the snap and create an admin user + command: | + sudo apt update -qq + sudo apt install -y snapd + sudo snap install nextcloud --channel=19/edge + sudo nextcloud.manual-install admin admin + + - run: + # Run the tests + command: ./.circleci/runtests.sh + workflows: version: 2 commit: @@ -145,3 +164,14 @@ workflows: only: develop jobs: [test-daily-v18] + + daily-v19: + triggers: + - schedule: + # 0700 UTC == 0000 PSC + cron: "0 7 * * *" + filters: + branches: + only: develop + + jobs: [test-daily-v19] diff --git a/.travis/cron.sh b/.travis/cron.sh index a8a4af0..f71df73 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -3,6 +3,7 @@ latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" latest_stable17_url="https://download.nextcloud.com/server/daily/latest-stable17.tar.bz2" latest_stable18_url="https://download.nextcloud.com/server/daily/latest-stable18.tar.bz2" +latest_stable19_url="https://download.nextcloud.com/server/daily/latest-stable19.tar.bz2" rewrite_snapcraft_yaml() { @@ -45,3 +46,8 @@ echo "Requesting build of latest 18..." request_build \ "latest-18" "$latest_stable18_url" "18-$today" \ "From CI: Use Nextcloud latest 18" + +echo "Requesting build of latest 19..." +request_build \ + "latest-19" "$latest_stable19_url" "19-$today" \ + "From CI: Use Nextcloud latest 19" From 7fbb94aa0aec5e67cb540a6cbc5663409ba9aeaa Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 19 May 2020 14:35:22 -0700 Subject: [PATCH 312/416] nextcloud: update to 19.0.0 Also enable the bcmath PHP module, and add libfontconfig1 for collabora. Finally, make sure optional db columns are added. Resolve #1342 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 12 +++++++++--- .../fixes/existing-install/4_add-missing-columns.sh | 4 ++++ ...4_regenerate-assets.sh => 5_regenerate-assets.sh} | 0 .../fixes/fresh-install/3_add-missing-columns.sh | 4 ++++ ...cache-bigint.sh => 4_convert-filecache-bigint.sh} | 0 5 files changed, 17 insertions(+), 3 deletions(-) create mode 100755 src/nextcloud/fixes/existing-install/4_add-missing-columns.sh rename src/nextcloud/fixes/existing-install/{4_regenerate-assets.sh => 5_regenerate-assets.sh} (100%) create mode 100755 src/nextcloud/fixes/fresh-install/3_add-missing-columns.sh rename src/nextcloud/fixes/fresh-install/{3_convert-filecache-bigint.sh => 4_convert-filecache-bigint.sh} (100%) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 0fe7506..731066f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -168,8 +168,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-18.0.6.tar.bz2 - source-checksum: sha256/3aa185f69c4e5ec7de3b3d5792003aeb4bd16a350865e447c9363019c69b15b2 + source: https://download.nextcloud.com/server/releases/nextcloud-19.0.0.tar.bz2 + source-checksum: sha256/d23d429657c5e3476d7e73af1eafc70e42a81cfe2ed65b20655a005724fe0aae organize: '*': htdocs/ '.htaccess': htdocs/.htaccess @@ -207,6 +207,7 @@ parts: - --with-freetype-dir=/usr/lib - --disable-rpath - --enable-ftp + - --enable-bcmath # Enable ldap - --with-libdir=lib/$SNAPCRAFT_ARCH_TRIPLET @@ -283,7 +284,12 @@ parts: source: src/nextcloud/ organize: config/: htdocs/config/ - stage-packages: [jq] + stage-packages: + # jq is needed for parsing occ's json output + - jq + + # The collabora appimage requires this + - libfontconfig1 # Download the boost headers for MySQL. Note that the version used may need to # be updated if the version of MySQL changes. diff --git a/src/nextcloud/fixes/existing-install/4_add-missing-columns.sh b/src/nextcloud/fixes/existing-install/4_add-missing-columns.sh new file mode 100755 index 0000000..ad1e81f --- /dev/null +++ b/src/nextcloud/fixes/existing-install/4_add-missing-columns.sh @@ -0,0 +1,4 @@ +#!/bin/sh -e + +# This command can be run without putting Nextcloud into maintenance mode +occ -n db:add-missing-columns diff --git a/src/nextcloud/fixes/existing-install/4_regenerate-assets.sh b/src/nextcloud/fixes/existing-install/5_regenerate-assets.sh similarity index 100% rename from src/nextcloud/fixes/existing-install/4_regenerate-assets.sh rename to src/nextcloud/fixes/existing-install/5_regenerate-assets.sh diff --git a/src/nextcloud/fixes/fresh-install/3_add-missing-columns.sh b/src/nextcloud/fixes/fresh-install/3_add-missing-columns.sh new file mode 100755 index 0000000..ad1e81f --- /dev/null +++ b/src/nextcloud/fixes/fresh-install/3_add-missing-columns.sh @@ -0,0 +1,4 @@ +#!/bin/sh -e + +# This command can be run without putting Nextcloud into maintenance mode +occ -n db:add-missing-columns diff --git a/src/nextcloud/fixes/fresh-install/3_convert-filecache-bigint.sh b/src/nextcloud/fixes/fresh-install/4_convert-filecache-bigint.sh similarity index 100% rename from src/nextcloud/fixes/fresh-install/3_convert-filecache-bigint.sh rename to src/nextcloud/fixes/fresh-install/4_convert-filecache-bigint.sh From 411a6d90274b34d82a1e09835203db62aa32c1e6 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 23 Jun 2020 17:21:15 -0700 Subject: [PATCH 313/416] CHANGELOG: update for 19.0.0snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index ec3a56c..ed93054 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 19.0.0snap1 + - nextcloud: update to 19.0.0 + v 18.0.6snap1 - nextcloud: update to 18.0.6 - snap: rewrite plugins to workaround snapcraft breakage diff --git a/README.md b/README.md index ff797bb..50b3ee5 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 18.0.6 +- Nextcloud 19.0.0 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 718d7749bd04e726733134c4362164a093fb7e76 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 25 Jun 2020 14:12:10 -0700 Subject: [PATCH 314/416] tests: update all gems Signed-off-by: Kyle Fazzari --- tests/Gemfile.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/Gemfile.lock b/tests/Gemfile.lock index adf996a..a401ad3 100644 --- a/tests/Gemfile.lock +++ b/tests/Gemfile.lock @@ -3,7 +3,7 @@ GEM specs: addressable (2.7.0) public_suffix (>= 2.0.2, < 5.0) - capybara (3.31.0) + capybara (3.33.0) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) @@ -12,31 +12,31 @@ GEM regexp_parser (~> 1.5) xpath (~> 3.2) childprocess (3.0.0) - diff-lcs (1.3) + diff-lcs (1.4.2) mini_mime (1.0.2) mini_portile2 (2.4.0) - nokogiri (1.10.8) + nokogiri (1.10.9) mini_portile2 (~> 2.4.0) - public_suffix (4.0.3) - rack (2.2.2) + public_suffix (4.0.5) + rack (2.2.3) rack-test (1.1.0) rack (>= 1.0, < 3) rake (13.0.1) - regexp_parser (1.7.0) + regexp_parser (1.7.1) rspec (3.9.0) rspec-core (~> 3.9.0) rspec-expectations (~> 3.9.0) rspec-mocks (~> 3.9.0) - rspec-core (3.9.1) - rspec-support (~> 3.9.1) - rspec-expectations (3.9.0) + rspec-core (3.9.2) + rspec-support (~> 3.9.3) + rspec-expectations (3.9.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) rspec-mocks (3.9.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) - rspec-support (3.9.2) - rubyzip (2.2.0) + rspec-support (3.9.3) + rubyzip (2.3.0) selenium-webdriver (3.142.7) childprocess (>= 0.5, < 4.0) rubyzip (>= 1.2.2) @@ -53,4 +53,4 @@ DEPENDENCIES selenium-webdriver BUNDLED WITH - 2.0.2 + 2.1.4 From 37cf619f9160dc108f43672f6f2d2defc261223e Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 13 Jul 2020 10:02:04 -0700 Subject: [PATCH 315/416] php: update to 7.3.20 Resolve #1399 Signed-off-by: Kyle Fazzari --- .circleci/Dockerfile | 5 ++++- snap/snapcraft.yaml | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.circleci/Dockerfile b/.circleci/Dockerfile index 5b057b9..d99a9df 100644 --- a/.circleci/Dockerfile +++ b/.circleci/Dockerfile @@ -59,8 +59,11 @@ COPY --from=builder /snap/bin/snapcraft /snap/bin/snapcraft COPY --from=builder /snap/bin/go /snap/bin/go COPY --from=builder /snap/bin/gofmt /snap/bin/gofmt +# Install snapd +RUN apt update && apt dist-upgrade --yes && apt install --yes snapd + # Generate locale -RUN apt update && apt dist-upgrade --yes && apt install --yes sudo locales && locale-gen en_US.UTF-8 +RUN apt install --yes sudo locales && locale-gen en_US.UTF-8 # Set the proper environment ENV LANG="en_US.UTF-8" diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 731066f..cccc19a 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -182,8 +182,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.3.18.tar.bz2/from/this/mirror - source-checksum: sha256/749d21f65deb57153b575f846705f5db54732c6b672e80612b29dcf1a53be8a4 + source: https://php.net/get/php-7.3.20.tar.bz2/from/this/mirror + source-checksum: sha256/c6ed7894911acfe075381c01b07745d92e9259fac510a849f742edb6b95c89de source-type: tar install-via: prefix configflags: From 822bf3f0b09355da4cb6cfc3dce41bc162adcbd2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 16 Jul 2020 11:42:49 -0700 Subject: [PATCH 316/416] mysql: update to 5.7.31 Resolve #1404 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index cccc19a..9a8f45f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -311,7 +311,7 @@ parts: mysql: plugin: cmake source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.30 + source-tag: mysql-5.7.31 source-depth: 1 override-pull: | snapcraftctl pull From 17a520bb5dcb32cd53869b37bfb1f8547b006fa0 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 17 Jul 2020 12:13:21 -0700 Subject: [PATCH 317/416] nextcloud: update to 19.0.1 Resolve #1408 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 9a8f45f..7824a0a 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -168,8 +168,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-19.0.0.tar.bz2 - source-checksum: sha256/d23d429657c5e3476d7e73af1eafc70e42a81cfe2ed65b20655a005724fe0aae + source: https://download.nextcloud.com/server/releases/nextcloud-19.0.1.tar.bz2 + source-checksum: sha256/4ef311e00d939915d3a9714cd3a1ad436db9157e04620e4a88c2f427e5e65b2d organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 79d6f702b810b201ac5c278e86a0d1441f2467c1 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 20 Jul 2020 14:39:21 -0700 Subject: [PATCH 318/416] CHANGELOG: update for 19.0.1snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index ed93054..1719f1d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 19.0.1snap1 + - nextcloud: update to 19.0.1 + - mysql: update to 5.7.31 + - php: update to 7.3.20 + v 19.0.0snap1 - nextcloud: update to 19.0.0 diff --git a/README.md b/README.md index 50b3ee5..5157f7b 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 19.0.0 +- Nextcloud 19.0.1 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 2db803e19aa9f0b3b92fdba8869184de34337d5b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 21 Jul 2020 15:07:02 -0700 Subject: [PATCH 319/416] mysql: ignore config files on host Snaps are not properly confined across distributions. This has led to bad behavior in the Nextcloud snap where, if installed on a Debian system (which does not have apparmor in its kernel) that has MySQL installed, the snap will find the host's MySQL configuration files. This isn't an issue on Ubuntu or other systems where snap security is real. Work around this by explicitly not loading any config files except the one in the snap. Resolve #913 Signed-off-by: Kyle Fazzari --- src/mysql/bin/start_mysql | 2 +- src/mysql/support-files/mysql.server | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mysql/bin/start_mysql b/src/mysql/bin/start_mysql index 560a47e..1a4a30b 100755 --- a/src/mysql/bin/start_mysql +++ b/src/mysql/bin/start_mysql @@ -8,7 +8,7 @@ new_install=false # Make sure the database is initialized (this is safe to run if already # initialized) -if mysqld --initialize-insecure --basedir="$SNAP" --datadir="$SNAP_DATA/mysql" --lc-messages-dir="$SNAP/share"; then +if mysqld --defaults-file="$SNAP/my.cnf" --initialize-insecure --basedir="$SNAP" --datadir="$SNAP_DATA/mysql" --lc-messages-dir="$SNAP/share"; then new_install=true fi diff --git a/src/mysql/support-files/mysql.server b/src/mysql/support-files/mysql.server index d6fb637..8dfea09 100755 --- a/src/mysql/support-files/mysql.server +++ b/src/mysql/support-files/mysql.server @@ -202,7 +202,7 @@ case "$mode" in then # Give extra arguments to mysqld with the my.cnf file. This script # may be overwritten at next upgrade. - "$bindir/mysqld_safe" --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --lc-messages-dir="$SNAP/share" --socket="$MYSQL_SOCKET" "$other_args" >/dev/null 2>&1 & + "$bindir/mysqld_safe" --defaults-file="$SNAP/my.cnf" --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --lc-messages-dir="$SNAP/share" --socket="$MYSQL_SOCKET" "$other_args" >/dev/null 2>&1 & wait_for_pid created "$!" "$mysqld_pid_file_path"; return_value=$? # Make lock for RedHat / SuSE From b406f63fd75f4762cb3f1bf2d03d509d52f6b4b3 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 22 Jul 2020 21:17:22 -0700 Subject: [PATCH 320/416] CHANGELOG: update for 19.0.1snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 1719f1d..3678a44 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 19.0.1snap2 + - mysql: ignore config files on host + v 19.0.1snap1 - nextcloud: update to 19.0.1 - mysql: update to 5.7.31 From 59c633c64424f4ceb6d304947438f15dd495d743 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 10 Aug 2020 09:10:09 -0700 Subject: [PATCH 321/416] apache: update to 2.4.46 Resolve #1430 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 7824a0a..b4c702f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -117,8 +117,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.43.tar.bz2 - source-checksum: sha256/a497652ab3fc81318cdc2a203090a999150d86461acff97c1065dc910fe10f43 + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.46.tar.bz2 + source-checksum: sha256/740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea override-pull: | snapcraftctl pull From 7cc6ee8171517d157b8b772e1da6e77e09d89299 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 10 Aug 2020 09:08:35 -0700 Subject: [PATCH 322/416] php: update to 7.3.21 Resolve #1428 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index b4c702f..5519620 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -182,8 +182,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.3.20.tar.bz2/from/this/mirror - source-checksum: sha256/c6ed7894911acfe075381c01b07745d92e9259fac510a849f742edb6b95c89de + source: https://php.net/get/php-7.3.21.tar.bz2/from/this/mirror + source-checksum: sha256/dbb0ea39e7e4b3814d6d1dd3ac5983aed6c38cdf55464645da11a8b134a9f7a7 source-type: tar install-via: prefix configflags: From d8f63a524e86e09d7aec71451a32bcf3700b58e6 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 11 Aug 2020 12:14:54 -0700 Subject: [PATCH 323/416] CHANGELOG: update for 19.0.1snap3 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 3678a44..42a2033 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 19.0.1snap3 + - php: update to 7.3.21 + - apache: update to 2.4.46 + v 19.0.1snap2 - mysql: ignore config files on host From 4bf0838d30d158867446b4eb6a1d81508477b078 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 2 Sep 2020 11:58:35 -0700 Subject: [PATCH 324/416] nextcloud: update to 19.0.2 Resolve #1442 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 5519620..5b025f4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -168,8 +168,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-19.0.1.tar.bz2 - source-checksum: sha256/4ef311e00d939915d3a9714cd3a1ad436db9157e04620e4a88c2f427e5e65b2d + source: https://download.nextcloud.com/server/releases/nextcloud-19.0.2.tar.bz2 + source-checksum: sha256/8152f385fdb0645114e0043aaf07b0de046fbaf205fa6d6bf530d22db86c66a5 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 9553d28467af41b1eb77093ab0caf92c23abda57 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 4 Sep 2020 14:03:28 -0700 Subject: [PATCH 325/416] CHANGELOG: update for 19.0.2snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 42a2033..76871dd 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 19.0.2snap1 + - nextcloud: update to 19.0.2 + v 19.0.1snap3 - php: update to 7.3.21 - apache: update to 2.4.46 diff --git a/README.md b/README.md index 5157f7b..ae61e21 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 19.0.1 +- Nextcloud 19.0.2 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 3ddb79723893679c02df8e412709014b3e91e830 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 10 Sep 2020 12:29:16 -0700 Subject: [PATCH 326/416] nextcloud: update to 19.0.3 Resolve #1452 Signed-off-by: Kyle Fazzari --- README.md | 2 +- snap/snapcraft.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ae61e21..42dceb6 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 19.0.2 +- Nextcloud 19.0.3 - Apache 2.4 - PHP 7.3 - MySQL 5.7 diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 5b025f4..c2d06f7 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -168,8 +168,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-19.0.2.tar.bz2 - source-checksum: sha256/8152f385fdb0645114e0043aaf07b0de046fbaf205fa6d6bf530d22db86c66a5 + source: https://download.nextcloud.com/server/releases/nextcloud-19.0.3.tar.bz2 + source-checksum: sha256/fc503985e8aa4ed795d882e35679e0e1b7670181768e7820307222d8b4658969 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From b1a10605ca2122cb56bab1aff672cbafae9a02fd Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 11 Sep 2020 14:48:21 -0700 Subject: [PATCH 327/416] snapcraft.yaml: enable network monitoring Add the `network-observe` interface to the PHP-FPM service. This is not automatically connected upon install, but can be optionally connected if one would like to utilize the network monitoring functionality built into the Nextcloud system app. Resolve #1451 Signed-off-by: Kyle Fazzari --- README.md | 10 ++++++++++ snap/snapcraft.yaml | 10 +++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 42dceb6..74be36f 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,16 @@ interface: $ sudo snap connect nextcloud:removable-media +### System monitoring + +The System application requires a bit more access to the system than the snap +uses by default (e.g. the ability to monitor network hardware, etc.). If you'd +like to utilize those features, you'll need to connect the interface that +allows that kind of access: + + $ sudo snap connect nextcloud:network-observe + + ### Configuration Beyond the typical Nextcloud configuration (either by using `nextcloud.occ` or diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c2d06f7..cde28d7 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -38,7 +38,15 @@ apps: command: start-php-fpm daemon: simple restart-condition: always - plugs: [network, network-bind, removable-media] + plugs: + - network + - network-bind + + # Optional interface for observing network in system settings + - network-observe + + # Optional interface for accessing removable media + - removable-media # redis server daemon redis-server: From 581aa43a86b53cf00f9741871d3bbe5e25aa855d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 13 Sep 2020 16:44:59 -0700 Subject: [PATCH 328/416] CHANGELOG: update for 19.0.3snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 76871dd..6e13e25 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 19.0.3snap1 + - snapcraft.yaml: enable network monitoring + - nextcloud: update to 19.0.3 + v 19.0.2snap1 - nextcloud: update to 19.0.2 From 1567cfaa998d4c055823cdf67203afb521487e6b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 25 Sep 2020 12:29:24 -0700 Subject: [PATCH 329/416] php: include support for argon2 Resolve #1459 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index cde28d7..2321f67 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -223,6 +223,9 @@ parts: # Enable gmp - --with-gmp + + # Enable argon2 + - --with-password-argon2 build-packages: - libxml2-dev - libcurl4-openssl-dev @@ -234,6 +237,7 @@ parts: - libfreetype6-dev - libgmp-dev - libzip-dev + - libargon2-0-dev stage-packages: - libasn1-8-heimdal - libcurl4 @@ -256,6 +260,7 @@ parts: - libwind0-heimdal - libxml2 - libzip4 + - libargon2-0 prime: - -sbin/ - -etc/ From fa52566879530ae679e17324bd97a63f3a3c7935 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 1 Oct 2020 13:30:58 -0700 Subject: [PATCH 330/416] php: update to 7.3.23 Resolve #1469 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 2321f67..d2c341d 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -190,8 +190,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.3.21.tar.bz2/from/this/mirror - source-checksum: sha256/dbb0ea39e7e4b3814d6d1dd3ac5983aed6c38cdf55464645da11a8b134a9f7a7 + source: https://php.net/get/php-7.3.23.tar.bz2/from/this/mirror + source-checksum: sha256/fd6666ad4605508042c6964151379475daea36c43e03b11b1e79d4ae6b04c04c source-type: tar install-via: prefix configflags: From b3f368ef0a1bb51d4b65cdc3ce8ed593ba9a3b25 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 1 Oct 2020 15:28:43 -0700 Subject: [PATCH 331/416] php: disable output buffering Fix #1450 Signed-off-by: Kyle Fazzari --- src/php/config/php.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/php/config/php.ini b/src/php/config/php.ini index e96e0ce..eb15323 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -227,7 +227,7 @@ precision = 14 ; Development Value: 4096 ; Production Value: 4096 ; http://php.net/output-buffering -output_buffering = 4096 +output_buffering = Off ; You can redirect all of the output of your scripts to a function. For ; example, if you set output_handler to "mb_output_handler", character From 3f23f07beb56cc753d6ac509ff60e9b8d5981ac9 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 2 Oct 2020 07:44:00 -0700 Subject: [PATCH 332/416] CHANGELOG: update for 19.0.3snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 6e13e25..2cb624e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 19.0.3snap2 + - php: disable output buffering + - php: update to 7.3.23 + - php: include support for argon2 + v 19.0.3snap1 - snapcraft.yaml: enable network monitoring - nextcloud: update to 19.0.3 From e002bb2a0fd6d9a054e8ca243cf67ddfac8c0038 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 2 Oct 2020 12:54:12 -0700 Subject: [PATCH 333/416] dailies: stop generating and testing v17 daily Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 30 ------------------------------ .travis/cron.sh | 6 ------ 2 files changed, 36 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b66e709..716d30d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -70,25 +70,6 @@ jobs: # Run the tests command: ./.circleci/runtests.sh - test-daily-v17: - working_directory: ~/nextcloud-snap - machine: - image: ubuntu-1604:202004-01 - steps: - - checkout - - - run: - # Install the snap and create an admin user - command: | - sudo apt update -qq - sudo apt install -y snapd - sudo snap install nextcloud --channel=17/edge - sudo nextcloud.manual-install admin admin - - - run: - # Run the tests - command: ./.circleci/runtests.sh - test-daily-v18: working_directory: ~/nextcloud-snap machine: @@ -143,17 +124,6 @@ workflows: jobs: [test-daily-master] - daily-v17: - triggers: - - schedule: - # 0700 UTC == 0000 PSC - cron: "0 7 * * *" - filters: - branches: - only: develop - - jobs: [test-daily-v17] - daily-v18: triggers: - schedule: diff --git a/.travis/cron.sh b/.travis/cron.sh index f71df73..4f243ff 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -1,7 +1,6 @@ #!/bin/bash latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" -latest_stable17_url="https://download.nextcloud.com/server/daily/latest-stable17.tar.bz2" latest_stable18_url="https://download.nextcloud.com/server/daily/latest-stable18.tar.bz2" latest_stable19_url="https://download.nextcloud.com/server/daily/latest-stable19.tar.bz2" @@ -37,11 +36,6 @@ request_build \ "latest-master" "$latest_master_url" "master-$today" \ "From CI: Use Nextcloud latest master" -echo "Requesting build of latest 17..." -request_build \ - "latest-17" "$latest_stable17_url" "17-$today" \ - "From CI: Use Nextcloud latest 17" - echo "Requesting build of latest 18..." request_build \ "latest-18" "$latest_stable18_url" "18-$today" \ From a8d742caa06b01862cfb80b4d4114d3e5ed4ebb9 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 8 Oct 2020 14:01:41 -0700 Subject: [PATCH 334/416] mysql: ensure mysqld responds before considering it up There are a number of examples where the mysql service in the snap fails to fire up because, despite the mysql socket and pid being available, mysqld doesn't seem to respond properly. Add a simple command to the status check to ensure there's no race condition. Fix #1478 Signed-off-by: Kyle Fazzari --- src/mysql/bin/start_mysql | 6 +++++- src/mysql/utilities/mysql-utilities | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/mysql/bin/start_mysql b/src/mysql/bin/start_mysql index 1a4a30b..ebd245c 100755 --- a/src/mysql/bin/start_mysql +++ b/src/mysql/bin/start_mysql @@ -37,6 +37,9 @@ if [ $new_install = true ]; then EOF chmod 600 "$root_option_file" + # Make sure we wait until MySQL is actually up before continuing + wait_for_mysql -f + # Now set everything up in one step: # 1) Set the root user's password # 2) Create the nextcloud user @@ -54,9 +57,10 @@ if [ $new_install = true ]; then echo "password=$root_password" >> "$root_option_file" printf "done\n" else - echo "Failed to initialize-- reverting..." + echo "Failed to initialize-- undoing setup and will try again..." "$SNAP/support-files/mysql.server" stop rm -rf "$SNAP_DATA"/mysql/* + exit 1 fi else # Okay, this isn't a new installation. However, we recently changed diff --git a/src/mysql/utilities/mysql-utilities b/src/mysql/utilities/mysql-utilities index a03e3ed..6e44ac8 100755 --- a/src/mysql/utilities/mysql-utilities +++ b/src/mysql/utilities/mysql-utilities @@ -19,7 +19,10 @@ mysql_is_running() { # Arguments: # -f: Force the check, i.e. ignore if it's currently in setup - [ -f "$MYSQL_PIDFILE" ] && [ -S "$MYSQL_SOCKET" ] && (! mysql_setup_running || [ "$1" = "-f" ]) + [ -f "$MYSQL_PIDFILE" ] && \ + [ -S "$MYSQL_SOCKET" ] && \ + run-mysql -e 'SHOW DATABASES' > /dev/null 2>&1 && \ + (! mysql_setup_running || [ "$1" = "-f" ]) } wait_for_mysql() From 50f79962e9e564aa629107bee84a9c05e836a4c3 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 9 Oct 2020 12:41:22 -0700 Subject: [PATCH 335/416] php: update to 7.4.11 Resolve #1477 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 28 ++++++++++++++++++---------- src/php/config/php.ini | 2 +- tests/spec/change_mode_spec.rb | 2 +- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index d2c341d..acec6d6 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -190,8 +190,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.3.23.tar.bz2/from/this/mirror - source-checksum: sha256/fd6666ad4605508042c6964151379475daea36c43e03b11b1e79d4ae6b04c04c + source: https://php.net/get/php-7.4.11.tar.bz2/from/this/mirror + source-checksum: sha256/5408f255243bd2292f3fbc2fafc27a2ec083fcd852902728f2ba9a3ea616b8c5 source-type: tar install-via: prefix configflags: @@ -201,18 +201,18 @@ parts: - --disable-phpdbg - --enable-ctype - --enable-mbstring - - --enable-zip + - --with-zip - --with-pdo-mysql - --with-zlib - - --with-gd + - --enable-gd - --with-curl - --with-openssl - --with-bz2 - --enable-exif - --enable-intl - --enable-pcntl - - --with-jpeg-dir=/usr/lib - - --with-freetype-dir=/usr/lib + - --with-jpeg + - --with-freetype - --disable-rpath - --enable-ftp - --enable-bcmath @@ -226,11 +226,15 @@ parts: # Enable argon2 - --with-password-argon2 + + # Disable sqlite (we use mysql) + - --without-sqlite3 + - --without-pdo-sqlite build-packages: - libxml2-dev - libcurl4-openssl-dev - libpng-dev - - libjpeg9-dev + - libjpeg8-dev - libbz2-dev - libmcrypt-dev - libldap2-dev @@ -238,6 +242,9 @@ parts: - libgmp-dev - libzip-dev - libargon2-0-dev + + # This is no longer bundled with PHP as of v7.4 + - libonig-dev stage-packages: - libasn1-8-heimdal - libcurl4 @@ -248,7 +255,7 @@ parts: - libheimntlm0-heimdal - libhx509-5-heimdal - libicu60 - - libjpeg9 + - libjpeg8 - libkrb5-26-heimdal - libldap-2.4-2 - libnghttp2-14 @@ -261,6 +268,7 @@ parts: - libxml2 - libzip4 - libargon2-0 + - libonig4 prime: - -sbin/ - -etc/ @@ -269,8 +277,8 @@ parts: sbin/php-fpm: bin/php-fpm extensions: # Build the redis PHP module - - source: https://github.com/phpredis/phpredis/archive/5.1.1.tar.gz - source-checksum: sha256/6b054e1c944f0c415a3489cf6ac94d5423b2b506d8c36ac7a8cdd965a1c07cf9 + - source: https://github.com/phpredis/phpredis/archive/5.3.1.tar.gz + source-checksum: sha256/930dc88ef126509b8991c52757fdc68908c753b476ad6f25dae0ce6925870f14 redis: plugin: redis diff --git a/src/php/config/php.ini b/src/php/config/php.ini index eb15323..ea59411 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -723,7 +723,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. ; http://php.net/extension-dir -extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20180731" +extension_dir = "${SNAP}/lib/php/extensions/no-debug-non-zts-20190902" ; On windows: ; extension_dir = "ext" diff --git a/tests/spec/change_mode_spec.rb b/tests/spec/change_mode_spec.rb index 0634ebd..2abf032 100644 --- a/tests/spec/change_mode_spec.rb +++ b/tests/spec/change_mode_spec.rb @@ -66,7 +66,7 @@ def assert_php_signature # Verify that PHP adds an X-Powered-By header response = nextcloud_response expect(response.to_hash).to include "x-powered-by" - expect(response["x-powered-by"]).to match /PHP\/7\.3\.\d+/ + expect(response["x-powered-by"]).to match /PHP\/7\.4\.\d+/ end def nextcloud_response(url: "http://localhost") From 68617309dfde9b1623c90ce8608538e1f9ffe6a8 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 10 Oct 2020 08:15:02 -0700 Subject: [PATCH 336/416] hooks: check that apps.nextcloud.com is up before refreshing Trying to update apps or upgrade Nextcloud while apps.nextcloud.com is down is a recipe for problems. Do more to avoid that situation by canceling a refresh if it seems to be down. Resolve #1485 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 1 + src/hooks/bin/pre-refresh | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index d2c341d..3773f12 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -436,3 +436,4 @@ parts: source: src/hooks/ organize: bin/: snap/hooks/ + stage-packages: [curl] diff --git a/src/hooks/bin/pre-refresh b/src/hooks/bin/pre-refresh index 9cb75a8..6453156 100755 --- a/src/hooks/bin/pre-refresh +++ b/src/hooks/bin/pre-refresh @@ -13,6 +13,14 @@ wait_for_apache # help it out a little by trying to update all apps right now, before the # update actually happens. if nextcloud_is_installed; then + # Before attempting an update, or otherwise allowing the refresh to + # continue, ensure the website that hosts Nextcloud apps is up. If + # it's down, app updates won't work, and the refresh can go sideways. + if ! curl -Is --max-time 10 https://apps.nextcloud.com > /dev/null 2>&1; then + echo "Unable to refresh: apps.nextcloud.com seems to be down, please try again later" >&2 + exit 1 + fi + if occ -n app:update --all; then # app:update downloads and extracts the updates, but now we # need to run database migrations, etc. From cf371c0161ec4472a554cac60321a54a25ba7800 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 5 Oct 2020 11:27:05 -0700 Subject: [PATCH 337/416] apache,php,mysql,redis,nextcloud: add log rotation Add logrotate to the snap, and setup all service logs to be rotated. Reorganize the existing logs to make this more straight-forward. Resolve #1476 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 66 ++++++++++++++----- src/apache/bin/run-httpd | 4 +- src/apache/conf/httpd.conf | 2 +- src/common/utilities/common-utilities | 5 ++ src/hooks/bin/post-refresh | 3 + src/import-export/bin/export-data | 2 +- src/logrotate/bin/run-logrotate | 23 +++++++ src/logrotate/config/logrotate.conf | 44 +++++++++++++ src/logrotate/utilities/logrotate-utilities | 9 +++ src/migrations/bin/run-snap-migrations | 24 +++++++ .../migrations/19.0.3snap3/1_move-logs.sh | 36 ++++++++++ src/mysql/bin/reload-mysql | 6 ++ src/mysql/bin/run-mysql | 5 +- src/mysql/bin/run-mysqldump | 5 +- src/mysql/bin/start_mysql | 16 +++-- src/mysql/my.cnf | 4 +- src/mysql/utilities/mysql-utilities | 8 +++ src/nextcloud/bin/nextcloud-cron | 6 +- src/nextcloud/config/autoconfig.php | 2 +- src/nextcloud/config/config.php | 11 +++- src/php/bin/reload-php | 6 ++ src/php/bin/start-php-fpm | 4 +- src/php/config/php-fpm.conf | 2 +- src/php/config/php.ini | 2 +- src/php/utilities/php-utilities | 7 ++ src/redis/bin/start-redis-server | 6 +- src/redis/config/redis.conf | 2 +- src/redis/utilities/redis-utilities | 2 + 28 files changed, 266 insertions(+), 46 deletions(-) create mode 100755 src/hooks/bin/post-refresh create mode 100755 src/logrotate/bin/run-logrotate create mode 100644 src/logrotate/config/logrotate.conf create mode 100755 src/logrotate/utilities/logrotate-utilities create mode 100755 src/migrations/bin/run-snap-migrations create mode 100755 src/migrations/migrations/19.0.3snap3/1_move-logs.sh create mode 100755 src/mysql/bin/reload-mysql create mode 100755 src/php/bin/reload-php diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 26d081d..bfd03b6 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -19,23 +19,26 @@ architectures: apps: # Apache daemon apache: - command: run-httpd -k start -DFOREGROUND - stop-command: httpd-wrapper -k stop + command: bin/run-httpd -k start -DFOREGROUND + stop-command: bin/httpd-wrapper -k stop + reload-command: bin/httpd-wrapper -k graceful daemon: simple restart-condition: always plugs: [network, network-bind, removable-media] # MySQL daemon mysql: - command: start_mysql + command: bin/start_mysql stop-command: support-files/mysql.server stop + reload-command: bin/reload-mysql daemon: simple restart-condition: always plugs: [network, network-bind] # PHP FPM daemon php-fpm: - command: start-php-fpm + command: bin/start-php-fpm + reload-command: bin/reload-php daemon: simple restart-condition: always plugs: @@ -50,72 +53,78 @@ apps: # redis server daemon redis-server: - command: start-redis-server + command: bin/start-redis-server daemon: simple restart-condition: always plugs: [network, network-bind] # mDNS daemon mdns-publisher: - command: delay-on-failure mdns-publisher nextcloud + command: bin/delay-on-failure mdns-publisher nextcloud daemon: simple restart-condition: always plugs: [network, network-bind] # MySQL client mysql-client: - command: run-mysql + command: bin/run-mysql plugs: [network, network-bind] mysqldump: - command: run-mysqldump + command: bin/run-mysqldump plugs: [network, network-bind] # Nextcloud occ command occ: - command: occ + command: bin/occ plugs: [network, network-bind, removable-media] enable-https: - command: enable-https + command: bin/enable-https plugs: [network, network-bind] disable-https: - command: disable-https + command: bin/disable-https plugs: [network, network-bind] renew-certs: - command: renew-certs + command: bin/renew-certs daemon: simple restart-condition: always plugs: [network, network-bind] nextcloud-cron: - command: nextcloud-cron + command: bin/nextcloud-cron daemon: simple restart-condition: on-failure plugs: [network, network-bind, removable-media] # Command for manually installing instead of visiting site to create admin. manual-install: - command: manual-install + command: bin/manual-install plugs: [network, network-bind, removable-media] import: - command: import-data + command: bin/import-data plugs: [network, network-bind, removable-media] export: - command: export-data + command: bin/export-data plugs: [network, network-bind, removable-media] # Service for automatically fixing Nextcloud indices, etc. nextcloud-fixer: - command: nextcloud-fixer + command: bin/nextcloud-fixer daemon: simple restart-condition: on-failure plugs: [network, network-bind, removable-media] + logrotate: + command: bin/run-logrotate + daemon: simple + restart-condition: on-failure + timer: 00:00 # Run once a day at midnight + hooks: configure: plugs: [network, network-bind, removable-media] @@ -290,6 +299,7 @@ parts: source: src/redis/ organize: config/*: config/redis/ + after: [envsubst] # Copy over our PHP configuration file. php-customizations: @@ -445,3 +455,25 @@ parts: organize: bin/: snap/hooks/ stage-packages: [curl] + + logrotate: + plugin: dump + source: src/logrotate/ + organize: + config/*: config/logrotate/ + usr/sbin/*: bin/ + stage-packages: [logrotate] + stage: + - bin/* + - config/* + - utilities/* + after: [envsubst] + + migrations: + plugin: dump + source: src/migrations/ + + envsubst: + plugin: nil + stage-packages: [gettext-base] + stage: [usr/bin/envsubst] diff --git a/src/apache/bin/run-httpd b/src/apache/bin/run-httpd index 2cf89dd..f93853b 100755 --- a/src/apache/bin/run-httpd +++ b/src/apache/bin/run-httpd @@ -3,8 +3,8 @@ # shellcheck source=src/https/utilities/https-utilities . "$SNAP/utilities/https-utilities" -mkdir -p "$SNAP_DATA/apache/logs" -chmod 750 "$SNAP_DATA/apache/logs" +mkdir -p "$SNAP_DATA/logs" +chmod 750 "$SNAP_DATA/logs" # Make sure Nextcloud is installed and running echo "Making sure nextcloud is setup..." diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index 43dac3c..d5a6b9b 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -166,7 +166,7 @@ ProxyFCGIBackendType GENERIC # Default log location. If you define an error logfile for a # container, that host's errors will be logged there and not here. # -ErrorLog "${SNAP_DATA}/apache/logs/error_log" +ErrorLog "${SNAP_DATA}/logs/apache_errors.log" # # LogLevel: Control the number of messages logged to the error_log. diff --git a/src/common/utilities/common-utilities b/src/common/utilities/common-utilities index a8bc40f..24f6677 100755 --- a/src/common/utilities/common-utilities +++ b/src/common/utilities/common-utilities @@ -1,5 +1,10 @@ #!/bin/sh +SNAP_CURRENT="$(realpath -s "$SNAP/../current")" +SNAP_DATA_CURRENT="$(realpath -s "$SNAP_DATA/../current")" +export SNAP_CURRENT +export SNAP_DATA_CURRENT + stdout_is_a_terminal() { [ -t 1 ] diff --git a/src/hooks/bin/post-refresh b/src/hooks/bin/post-refresh new file mode 100755 index 0000000..21def49 --- /dev/null +++ b/src/hooks/bin/post-refresh @@ -0,0 +1,3 @@ +#!/bin/sh -e + +run-snap-migrations \ No newline at end of file diff --git a/src/import-export/bin/export-data b/src/import-export/bin/export-data index 7ac5868..de5c8f1 100755 --- a/src/import-export/bin/export-data +++ b/src/import-export/bin/export-data @@ -49,7 +49,7 @@ export_database() { backup="$1" echo "Exporting database..." - if ! mysqldump --defaults-file="$SNAP_DATA/mysql/root.ini" \ + if ! mysqldump --defaults-file="$MYSQL_ROOT_OPTION_FILE" \ --lock-tables nextcloud > "${backup}/database.sql"; then echo "Unable to export database" exit 1 diff --git a/src/logrotate/bin/run-logrotate b/src/logrotate/bin/run-logrotate new file mode 100755 index 0000000..37883d8 --- /dev/null +++ b/src/logrotate/bin/run-logrotate @@ -0,0 +1,23 @@ +#!/bin/sh -e + +# shellcheck source=src/logrotate/utilities/logrotate-utilities +. "$SNAP/utilities/logrotate-utilities" + +# Clean non existent log file entries from status file +test -e "$LOGROTATE_STATUS_FILE" || touch "$LOGROTATE_STATUS_FILE" +head -1 "$LOGROTATE_STATUS_FILE" > "${LOGROTATE_STATUS_FILE}.clean" +sed 's/"//g' "$LOGROTATE_STATUS_FILE" | while read -r logfile date +do + [ -e "$logfile" ] && echo "\"$logfile\" $date" +done >> "${LOGROTATE_STATUS_FILE}.clean" +mv "${LOGROTATE_STATUS_FILE}.clean" "$LOGROTATE_STATUS_FILE" + +# logrotate doesn't support environment variables in its configuration file, +# so we write a converted version to disk and use that (and of course clean +# it up afterward) +configuration_file="$(mktemp)" +trap 'rm -f "$configuration_file"' EXIT + +envsubst < "$SNAP/config/logrotate/logrotate.conf" > "$configuration_file" + +logrotate --verbose --state "$LOGROTATE_STATUS_FILE" "$configuration_file" diff --git a/src/logrotate/config/logrotate.conf b/src/logrotate/config/logrotate.conf new file mode 100644 index 0000000..18a31f3 --- /dev/null +++ b/src/logrotate/config/logrotate.conf @@ -0,0 +1,44 @@ +# Rotate log files every week +weekly + +# Keep 4 weeks worth of logs +rotate 4 + +# Create new (empty) log files after rotating old ones +create 640 root root + +# It's okay if the log file is missing +missingok + +# Don't rotate log files that are empty +notifempty + +# Compress logfiles, although wait until the next rotation in order to give +# clients time to finish writing. +compress +delaycompress + +# Apache logs +$SNAP_DATA_CURRENT/logs/apache_errors.log { + postrotate + snapctl restart --reload $SNAP_INSTANCE_NAME.apache + endscript +} + +# PHP logs +$SNAP_DATA_CURRENT/logs/php_errors.log $SNAP_DATA_CURRENT/logs/php-fpm_errors.log $SNAP_DATA_CURRENT/logs/nextcloud.log { + postrotate + snapctl restart --reload $SNAP_INSTANCE_NAME.php-fpm + endscript +} + +# Redis logs. Note that redis reopens the log for every message, so it doesn't +# require a postrotate +$SNAP_DATA_CURRENT/logs/redis.log {} + +# MySQL logs +$SNAP_DATA_CURRENT/logs/mysql_errors.log { + postrotate + snapctl restart --reload $SNAP_INSTANCE_NAME.mysql + endscript +} \ No newline at end of file diff --git a/src/logrotate/utilities/logrotate-utilities b/src/logrotate/utilities/logrotate-utilities new file mode 100755 index 0000000..36238f4 --- /dev/null +++ b/src/logrotate/utilities/logrotate-utilities @@ -0,0 +1,9 @@ +#!/bin/sh + +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" + +export LOGROTATE_STATUS_FILE="$SNAP_DATA/logrotate/status" + +mkdir -p "$(dirname "$LOGROTATE_STATUS_FILE")" +chmod 750 "$(dirname "$LOGROTATE_STATUS_FILE")" \ No newline at end of file diff --git a/src/migrations/bin/run-snap-migrations b/src/migrations/bin/run-snap-migrations new file mode 100755 index 0000000..b2aa2ed --- /dev/null +++ b/src/migrations/bin/run-snap-migrations @@ -0,0 +1,24 @@ +#!/bin/sh -e + +# shellcheck source=src/common/utilities/common-utilities +. "$SNAP/utilities/common-utilities" + +version_less_than() +{ + if [ "$1" = "$2" ]; then + return 1 + fi + + printf "%s\n%s" "$1" "$2" | sort -VC +} + +previous_version="$(get_previous_snap_version)" +migrations_directory="$SNAP/migrations" + +version_migrations="$(find "$migrations_directory" -maxdepth 1 -mindepth 1 | sort -V)" +for directory in $version_migrations; do + version="$(basename "$directory")" + if version_less_than "$previous_version" "$version"; then + run-parts -v --exit-on-error --regex '.*\.sh$' "$directory" + fi +done \ No newline at end of file diff --git a/src/migrations/migrations/19.0.3snap3/1_move-logs.sh b/src/migrations/migrations/19.0.3snap3/1_move-logs.sh new file mode 100755 index 0000000..fabf16f --- /dev/null +++ b/src/migrations/migrations/19.0.3snap3/1_move-logs.sh @@ -0,0 +1,36 @@ +#!/bin/sh -e +# +# Version 19.0.3snap3 introduced log rotation, and it also reorganized the log +# layout. Let's move any existing logs into place so we don't lose them. + +mkdir -p "${SNAP_DATA}/logs" +chmod 750 "${SNAP_DATA}/logs" + +apache_errors_log="$SNAP_DATA/apache/logs/error_log" +if [ -f "$apache_errors_log" ]; then + mv "$apache_errors_log" "$SNAP_DATA/logs/apache_errors.log" +fi + +php_errors_log="$SNAP_DATA/apache/logs/php_errors.log" +if [ -f "$php_errors_log" ]; then + mv "$php_errors_log" "$SNAP_DATA/logs/php_errors.log" +fi + +php_fpm_errors_log="$SNAP_DATA/php/php-fpm.log" +if [ -f "$php_fpm_errors_log" ]; then + mv "$php_fpm_errors_log" "$SNAP_DATA/logs/php-fpm_errors.log" +fi + +redis_log="$SNAP_DATA/redis/redis.log" +if [ -f "$redis_log" ]; then + mv "$redis_log" "$SNAP_DATA/logs/redis.log" +fi + +mysql_errors_log="$SNAP_DATA/mysql/error.log" +if [ -f "$mysql_errors_log" ]; then + mv "$mysql_errors_log" "$SNAP_DATA/logs/mysql_errors.log" +fi + +# The apache and php directories only existed to hold those logs, so we don't +# need them anymore +rm -rf "$SNAP_DATA/apache" "$SNAP_DATA/php" \ No newline at end of file diff --git a/src/mysql/bin/reload-mysql b/src/mysql/bin/reload-mysql new file mode 100755 index 0000000..dff8b40 --- /dev/null +++ b/src/mysql/bin/reload-mysql @@ -0,0 +1,6 @@ +#!/bin/sh + +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" + +mysql_flush_logs \ No newline at end of file diff --git a/src/mysql/bin/run-mysql b/src/mysql/bin/run-mysql index ccd4dd1..6984873 100755 --- a/src/mysql/bin/run-mysql +++ b/src/mysql/bin/run-mysql @@ -1,3 +1,6 @@ #!/bin/sh -mysql --defaults-file="$SNAP_DATA/mysql/root.ini" "$@" +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" + +mysql --defaults-file="$MYSQL_ROOT_OPTION_FILE" "$@" diff --git a/src/mysql/bin/run-mysqldump b/src/mysql/bin/run-mysqldump index a271940..2ac66c1 100755 --- a/src/mysql/bin/run-mysqldump +++ b/src/mysql/bin/run-mysqldump @@ -1,3 +1,6 @@ #!/bin/sh -mysqldump --defaults-file="$SNAP_DATA/mysql/root.ini" --lock-tables nextcloud "$@" +# shellcheck source=src/mysql/utilities/mysql-utilities +. "$SNAP/utilities/mysql-utilities" + +mysqldump --defaults-file="$MYSQL_ROOT_OPTION_FILE" --lock-tables nextcloud "$@" diff --git a/src/mysql/bin/start_mysql b/src/mysql/bin/start_mysql index ebd245c..251c8b9 100755 --- a/src/mysql/bin/start_mysql +++ b/src/mysql/bin/start_mysql @@ -3,7 +3,9 @@ # shellcheck source=src/mysql/utilities/mysql-utilities . "$SNAP/utilities/mysql-utilities" -root_option_file="$SNAP_DATA/mysql/root.ini" +mkdir -p "${SNAP_DATA}/logs" +chmod 750 "${SNAP_DATA}/logs" + new_install=false # Make sure the database is initialized (this is safe to run if already @@ -30,12 +32,12 @@ if [ $new_install = true ]; then printf "done\n" # Save root user information - cat <<-EOF > "$root_option_file" + cat <<-EOF > "$MYSQL_ROOT_OPTION_FILE" [client] socket=$MYSQL_SOCKET user=root EOF - chmod 600 "$root_option_file" + chmod 600 "$MYSQL_ROOT_OPTION_FILE" # Make sure we wait until MySQL is actually up before continuing wait_for_mysql -f @@ -46,7 +48,7 @@ if [ $new_install = true ]; then # 3) Create the nextcloud database # 4) Grant the nextcloud user privileges on the nextcloud database printf "Setting up users and nextcloud database... " - if mysql --defaults-file="$root_option_file" <<-SQL + if run-mysql <<-SQL ALTER USER 'root'@'localhost' IDENTIFIED BY '$root_password'; CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY '$nextcloud_password'; CREATE DATABASE nextcloud; @@ -54,7 +56,7 @@ if [ $new_install = true ]; then SQL then # Now the root mysql user has a password. Save that as well. - echo "password=$root_password" >> "$root_option_file" + echo "password=$root_password" >> "$MYSQL_ROOT_OPTION_FILE" printf "done\n" else echo "Failed to initialize-- undoing setup and will try again..." @@ -66,7 +68,7 @@ else # Okay, this isn't a new installation. However, we recently changed # the location of MySQL's socket (11.0.2snap1). Make sure the root # option file is updated to look there instead of the old location. - sed -ri "s|(socket\s*=\s*)/var/snap/.*mysql.sock|\1$MYSQL_SOCKET|" "$root_option_file" + sed -ri "s|(socket\s*=\s*)/var/snap/.*mysql.sock|\1$MYSQL_SOCKET|" "$MYSQL_ROOT_OPTION_FILE" fi # Wait here until mysql is running @@ -75,7 +77,7 @@ wait_for_mysql -f # Check and upgrade mysql tables if necessary. This will return 0 if the upgrade # succeeded, in which case we need to restart mysql. echo "Checking/upgrading mysql tables if necessary..." -if mysql_upgrade --defaults-file="$root_option_file"; then +if mysql_upgrade --defaults-file="$MYSQL_ROOT_OPTION_FILE"; then echo "Restarting mysql server after upgrade..." "$SNAP/support-files/mysql.server" restart diff --git a/src/mysql/my.cnf b/src/mysql/my.cnf index 4971e69..5aaef79 100644 --- a/src/mysql/my.cnf +++ b/src/mysql/my.cnf @@ -3,6 +3,4 @@ user=root max_allowed_packet=100M secure-file-priv=NULL skip-networking - -[mysqld_safe] -log_error=error.log +log_error=../logs/mysql_errors.log \ No newline at end of file diff --git a/src/mysql/utilities/mysql-utilities b/src/mysql/utilities/mysql-utilities index 6e44ac8..def773c 100755 --- a/src/mysql/utilities/mysql-utilities +++ b/src/mysql/utilities/mysql-utilities @@ -3,6 +3,7 @@ # shellcheck source=src/common/utilities/common-utilities . "$SNAP/utilities/common-utilities" +export MYSQL_ROOT_OPTION_FILE="$SNAP_DATA/mysql/root.ini" export MYSQL_PIDFILE="/tmp/pids/mysql.pid" export MYSQL_SOCKET="/tmp/sockets/mysql.sock" export NEXTCLOUD_PASSWORD_FILE="$SNAP_DATA/mysql/nextcloud_password" @@ -57,6 +58,13 @@ mysql_pid() fi } +mysql_flush_logs() +{ + if mysql_is_running ""; then + run-mysql -e 'FLUSH LOGS' + fi +} + mysql_set_nextcloud_password() { echo "$1" > "$NEXTCLOUD_PASSWORD_FILE" diff --git a/src/nextcloud/bin/nextcloud-cron b/src/nextcloud/bin/nextcloud-cron index f0448e9..bab534c 100755 --- a/src/nextcloud/bin/nextcloud-cron +++ b/src/nextcloud/bin/nextcloud-cron @@ -16,6 +16,10 @@ while true; do exit 0 fi - run-php "$SNAP/htdocs/cron.php" + # Only run cron job if Nextcloud is actually installed + if nextcloud_is_installed; then + run-php "$SNAP/htdocs/cron.php" + fi + sleep "$(cronjob_interval)" done diff --git a/src/nextcloud/config/autoconfig.php b/src/nextcloud/config/autoconfig.php index 6422d3c..e2a64ad 100644 --- a/src/nextcloud/config/autoconfig.php +++ b/src/nextcloud/config/autoconfig.php @@ -2,7 +2,7 @@ $snap_name = getenv('SNAP_NAME'); -$data_path = '/var/snap/'.$snap_name.'/current'; +$data_path = getenv('SNAP_DATA_CURRENT'); $database_password = trim(file_get_contents($data_path . '/mysql/nextcloud_password')); diff --git a/src/nextcloud/config/config.php b/src/nextcloud/config/config.php index 61847b5..c41d44e 100644 --- a/src/nextcloud/config/config.php +++ b/src/nextcloud/config/config.php @@ -1,6 +1,7 @@ '/snap/'.$snap_name.'/current/htdocs/apps', + 'path'=> $snap_current.'/htdocs/apps', 'url' => '/apps', 'writable' => false, ), @@ -25,7 +26,7 @@ * This directory is writable, meant for apps installed by the user. */ array( - 'path'=> '/var/snap/'.$snap_name.'/current/nextcloud/extra-apps', + 'path'=> $snap_data_current.'/nextcloud/extra-apps', 'url' => '/extra-apps', 'writable' => true, ), @@ -50,4 +51,8 @@ 'host' => getenv('REDIS_SOCKET'), 'port' => 0, ), + +'log_type' => 'file', +'logfile' => $snap_data_current.'/logs/nextcloud.log', +'logfilemode' => 0640, ); diff --git a/src/php/bin/reload-php b/src/php/bin/reload-php new file mode 100755 index 0000000..20b455e --- /dev/null +++ b/src/php/bin/reload-php @@ -0,0 +1,6 @@ +#!#!/bin/sh + +# shellcheck source=src/php/utilities/php-utilities +. "$SNAP/utilities/php-utilities" + +php_reload \ No newline at end of file diff --git a/src/php/bin/start-php-fpm b/src/php/bin/start-php-fpm index 81fd83e..39f4e21 100755 --- a/src/php/bin/start-php-fpm +++ b/src/php/bin/start-php-fpm @@ -11,8 +11,8 @@ # shellcheck source=src/nextcloud/utilities/nextcloud-utilities . "$SNAP/utilities/configuration-utilities" -mkdir -p "${SNAP_DATA}/php" -chmod 750 "${SNAP_DATA}/php" +mkdir -p "$SNAP_DATA/logs" +chmod 750 "$SNAP_DATA/logs" # We need to make sure mysql is running so we can run the migration process # shellcheck disable=SC2119 diff --git a/src/php/config/php-fpm.conf b/src/php/config/php-fpm.conf index 465c35c..a630aa5 100644 --- a/src/php/config/php-fpm.conf +++ b/src/php/config/php-fpm.conf @@ -21,7 +21,7 @@ pid = ${PHP_FPM_PIDFILE} ; in a local file. ; Note: the default prefix is /home/ubuntu/src/nextcloud-snap/parts/php/install/var ; Default Value: log/php-fpm.log -error_log = ${SNAP_DATA}/php/php-fpm.log +error_log = ${SNAP_DATA}/logs/php-fpm_errors.log ; syslog_facility is used to specify what type of program is logging the ; message. This lets syslogd specify that messages from different facilities diff --git a/src/php/config/php.ini b/src/php/config/php.ini index ea59411..3713250 100644 --- a/src/php/config/php.ini +++ b/src/php/config/php.ini @@ -570,7 +570,7 @@ html_errors = On ;error_log = php_errors.log ; Log errors to syslog (Event Log on Windows). ;error_log = syslog -error_log = ${SNAP_DATA}/apache/logs/php_errors.log +error_log = ${SNAP_DATA}/logs/php_errors.log ;windows.show_crt_warning ; Default value: 0 diff --git a/src/php/utilities/php-utilities b/src/php/utilities/php-utilities index 792efa8..63a8467 100755 --- a/src/php/utilities/php-utilities +++ b/src/php/utilities/php-utilities @@ -51,6 +51,13 @@ php_pid() fi } +php_reload() +{ + if php_is_running; then + kill -USR1 php_pid > /dev/null + fi +} + php_memory_limit() { memory_limit="$(snapctl get php.memory-limit)" diff --git a/src/redis/bin/start-redis-server b/src/redis/bin/start-redis-server index 5cbc923..efb1963 100755 --- a/src/redis/bin/start-redis-server +++ b/src/redis/bin/start-redis-server @@ -3,10 +3,10 @@ # shellcheck source=src/redis/utilities/redis-utilities . "$SNAP/utilities/redis-utilities" -mkdir -p "${SNAP_DATA}/redis" -chmod 750 "${SNAP_DATA}/redis" +mkdir -p "${SNAP_DATA}/logs" +chmod 750 "${SNAP_DATA}/logs" # redis doesn't support environment variables in its config files. Thankfully # it supports reading the config file from stdin though, so we'll rewrite the # config file on the fly and pipe it in. -sed -e "s|\${SNAP_DATA}|$SNAP_DATA|;s|\${REDIS_PIDFILE}|$REDIS_PIDFILE|;s|\${REDIS_SOCKET}|$REDIS_SOCKET|" "$SNAP/config/redis/redis.conf" | redis-server - +envsubst < "$SNAP/config/redis/redis.conf" | redis-server - diff --git a/src/redis/config/redis.conf b/src/redis/config/redis.conf index ddeddc6..46a0c3a 100644 --- a/src/redis/config/redis.conf +++ b/src/redis/config/redis.conf @@ -160,7 +160,7 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # Redis to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null -logfile ${SNAP_DATA}/redis/redis.log +logfile ${SNAP_DATA}/logs/redis.log # To enable logging to the system logger, just set 'syslog-enabled' to yes, # and optionally update the other syslog parameters to suit your needs. diff --git a/src/redis/utilities/redis-utilities b/src/redis/utilities/redis-utilities index e6283f4..2540dfa 100755 --- a/src/redis/utilities/redis-utilities +++ b/src/redis/utilities/redis-utilities @@ -8,8 +8,10 @@ export REDIS_SOCKET="/tmp/sockets/redis.sock" mkdir -p "$(dirname "$REDIS_PIDFILE")" mkdir -p "$(dirname "$REDIS_SOCKET")" +mkdir -p "$SNAP_DATA/redis" chmod 750 "$(dirname "$REDIS_PIDFILE")" chmod 750 "$(dirname "$REDIS_SOCKET")" +chmod 750 "$SNAP_DATA/redis" redis_is_running() { From 1772d5315d455bc2ae561822afa55ad6300a871c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 6 Oct 2020 17:44:54 -0700 Subject: [PATCH 338/416] apache: enable access log Now that we have the ability to rotate logs, add the modules required to Apache to have an access log, and enable it. Also start building the Apache modules statically, saving us from needing to specify them in multiple places. Resolve #669 Signed-off-by: Kyle Fazzari --- snap/plugins/apache.py | 12 +++++++++--- snap/plugins/php.py | 6 ++++++ snap/snapcraft.yaml | 3 +++ src/apache/conf/httpd.conf | 16 ++++------------ src/apache/conf/ssl.conf | 1 - src/logrotate/config/logrotate.conf | 2 +- 6 files changed, 23 insertions(+), 17 deletions(-) diff --git a/snap/plugins/apache.py b/snap/plugins/apache.py index 6fb7c17..f62efa4 100644 --- a/snap/plugins/apache.py +++ b/snap/plugins/apache.py @@ -26,6 +26,12 @@ def schema(cls): return schema + @classmethod + def get_build_properties(cls): + # Inform Snapcraft of the properties associated with building. If these + # change in the YAML Snapcraft will consider the build step dirty. + return super().get_build_properties() + ["modules", "mpm"] + def __init__(self, name, options, project): super().__init__(name, options, project) @@ -34,14 +40,14 @@ def __init__(self, name, options, project): 'libssl-dev']) self.stage_packages.extend(['libapr1', 'libaprutil1']) + def build(self): super().build() subprocess.check_call( - "./configure --prefix={} --with-mpm={} --enable-modules=none --enable-mods-shared='{}' ENABLED_DSO_MODULES='{}'".format( + "./configure --prefix={} --with-mpm={} --enable-modules=none --enable-mods-static='{}'".format( self.installdir, self.options.mpm, - ' '.join(self.options.modules), - ','.join(self.options.modules)), + ' '.join(self.options.modules)), cwd=self.builddir, shell=True) self.run( diff --git a/snap/plugins/php.py b/snap/plugins/php.py index 2e0a98f..08c2536 100644 --- a/snap/plugins/php.py +++ b/snap/plugins/php.py @@ -61,6 +61,12 @@ def schema(cls): return schema + @classmethod + def get_pull_properties(cls): + # Inform Snapcraft of the properties associated with pulling. If these + # change in the YAML Snapcraft will consider the pull step dirty. + return super().get_pull_properties() + ["extensions"] + def __init__(self, name, options, project): super().__init__(name, options, project) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index bfd03b6..b22a1d4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -160,6 +160,9 @@ parts: - alias - ssl - socache_shmcb + - slotmem_shm + - log_config + - logio filesets: exclude: diff --git a/src/apache/conf/httpd.conf b/src/apache/conf/httpd.conf index d5a6b9b..cf37e5e 100644 --- a/src/apache/conf/httpd.conf +++ b/src/apache/conf/httpd.conf @@ -47,18 +47,6 @@ PidFile "${APACHE_PIDFILE}" # Example: # LoadModule foo_module modules/mod_foo.so # -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule mime_module modules/mod_mime.so -LoadModule env_module modules/mod_env.so -LoadModule headers_module modules/mod_headers.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule dir_module modules/mod_dir.so -LoadModule alias_module modules/mod_alias.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so # 'Main' server configuration # @@ -162,11 +150,15 @@ ProxyFCGIBackendType GENERIC +# The "combined" format is taken from the Ubuntu Apache config +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined + # # Default log location. If you define an error logfile for a # container, that host's errors will be logged there and not here. # ErrorLog "${SNAP_DATA}/logs/apache_errors.log" +CustomLog "${SNAP_DATA}/logs/apache_access.log" combined # # LogLevel: Control the number of messages logged to the error_log. diff --git a/src/apache/conf/ssl.conf b/src/apache/conf/ssl.conf index 4728c16..232770c 100644 --- a/src/apache/conf/ssl.conf +++ b/src/apache/conf/ssl.conf @@ -21,7 +21,6 @@ Listen ${HTTPS_PORT} # Example: # LoadModule foo_module modules/mod_foo.so # -LoadModule ssl_module modules/mod_ssl.so # 'Main' server configuration # diff --git a/src/logrotate/config/logrotate.conf b/src/logrotate/config/logrotate.conf index 18a31f3..4bbcc1f 100644 --- a/src/logrotate/config/logrotate.conf +++ b/src/logrotate/config/logrotate.conf @@ -41,4 +41,4 @@ $SNAP_DATA_CURRENT/logs/mysql_errors.log { postrotate snapctl restart --reload $SNAP_INSTANCE_NAME.mysql endscript -} \ No newline at end of file +} From fdd6305d2168f039fd172d7a1121ed8d9bc9d32c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 9 Oct 2020 17:53:28 -0700 Subject: [PATCH 339/416] migrations: sanity check nextcloud version before upgrade Nextcloud is strict about what makes for a valid upgrade. Minor version jumps are okay (i.e. within the same major version). Single major version jumps are also okay, but not more than one (e.g. 18 to 19 is okay, but not 18 to 20). Downgrades are never okay. Add a check to the migration runner (which is run by the post-refresh hook) to ensure that the snap doesn't allow such a refresh to occur, which should relieve a lot of potential stress and reverts. Resolve #1393 Signed-off-by: Kyle Fazzari --- src/migrations/bin/run-snap-migrations | 44 ++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/src/migrations/bin/run-snap-migrations b/src/migrations/bin/run-snap-migrations index b2aa2ed..cbd2abc 100755 --- a/src/migrations/bin/run-snap-migrations +++ b/src/migrations/bin/run-snap-migrations @@ -12,13 +12,51 @@ version_less_than() printf "%s\n%s" "$1" "$2" | sort -VC } +major_version() +{ + echo "$1" | sed -r 's/([0-9]+)\..*/\1/' +} + +# Before we do any migrations, Nextcloud is very strict about what makes for a +# valid upgrade: +# +# 1. A minor version upgrade (i.e. with the same major version). +# 2. A single major version upgrade (e.g. 18 to 19, not 18 to 20). +# 3. No downgrades are supported. +# +# Enforce those rules so folks don't end up needing to revert. + previous_version="$(get_previous_snap_version)" -migrations_directory="$SNAP/migrations" +current_version="$SNAP_VERSION" -version_migrations="$(find "$migrations_directory" -maxdepth 1 -mindepth 1 | sort -V)" +# Before we can compare versions, we must first confirm we HAVE them both +if [ -z "$previous_version" ] || [ -z "$current_version" ]; then + exit 0 +fi + +# First of all, let's make sure that the new version is actually newer than the +# previous one. If it's not, we already know there are problems. +if version_less_than "$current_version" "$previous_version"; then + echo "Nextcloud doesn't support downgrades, but you can revert. See 'snap revert -h' for details." >&2 + exit 1 +fi + +previous_major_version="$(major_version "$previous_version")" +current_major_version="$(major_version "$current_version")" + +# Now make sure the major version jump is less than or equal to 1 +if [ "$((current_major_version-previous_major_version))" -gt "1" ]; then + next_major_version="$((previous_major_version+1))" + echo "Nextcloud doesn't support skipping major versions, you must upgrade to Nextcloud $next_major_version first. Try 'sudo snap refresh nextcloud --channel=$next_major_version'" >&2 + exit 1 +fi + +# Now run the version-specific migrations +migrations_directory="$SNAP/migrations" +version_migrations="$(find "$migrations_directory" -maxdepth 1 -mindepth 1 -type d | sort -V)" for directory in $version_migrations; do version="$(basename "$directory")" if version_less_than "$previous_version" "$version"; then run-parts -v --exit-on-error --regex '.*\.sh$' "$directory" fi -done \ No newline at end of file +done From 9af2b592723f6da29f15afd571bc4eddfd392b6f Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 11 Oct 2020 16:11:43 -0700 Subject: [PATCH 340/416] mysql: properly handle interrupt in bootstrapping When first installed, MySQL generates its data directory, passwords, accounts, and database. This can take a non-negligible amount of time, and thus is pretty easily interrupted (e.g. with a reboot). If it's interrupted, MySQL can end up half-way initialized. Make this process more robust, and start it over if it gets interrupted. Fix #1200 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 4 -- src/mysql/bin/start_mysql | 8 +++- src/mysql/utilities/mysql-utilities | 5 +++ tests/spec/spec_helper.rb | 58 ++++++++++++++++++++++++----- 4 files changed, 59 insertions(+), 16 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 716d30d..302e6fb 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -45,7 +45,6 @@ jobs: # Install the snap and create an admin user command: | sudo snap install *.snap --dangerous - sudo nextcloud.manual-install admin admin - run: # Run the integration tests @@ -64,7 +63,6 @@ jobs: sudo apt update -qq sudo apt install -y snapd sudo snap install --edge nextcloud - sudo nextcloud.manual-install admin admin - run: # Run the tests @@ -83,7 +81,6 @@ jobs: sudo apt update -qq sudo apt install -y snapd sudo snap install nextcloud --channel=18/edge - sudo nextcloud.manual-install admin admin - run: # Run the tests @@ -102,7 +99,6 @@ jobs: sudo apt update -qq sudo apt install -y snapd sudo snap install nextcloud --channel=19/edge - sudo nextcloud.manual-install admin admin - run: # Run the tests diff --git a/src/mysql/bin/start_mysql b/src/mysql/bin/start_mysql index 251c8b9..9901313 100755 --- a/src/mysql/bin/start_mysql +++ b/src/mysql/bin/start_mysql @@ -8,9 +8,13 @@ chmod 750 "${SNAP_DATA}/logs" new_install=false +if ! mysql_is_initialized; then + rm -rf "$SNAP_DATA/mysql" +fi + # Make sure the database is initialized (this is safe to run if already # initialized) -if mysqld --defaults-file="$SNAP/my.cnf" --initialize-insecure --basedir="$SNAP" --datadir="$SNAP_DATA/mysql" --lc-messages-dir="$SNAP/share"; then +if mysqld --defaults-file="$SNAP/my.cnf" --initialize-insecure --basedir="$SNAP" --datadir="$SNAP_DATA/mysql" --lc-messages-dir="$SNAP/share" > /dev/null 2>&1; then new_install=true fi @@ -61,7 +65,7 @@ if [ $new_install = true ]; then else echo "Failed to initialize-- undoing setup and will try again..." "$SNAP/support-files/mysql.server" stop - rm -rf "$SNAP_DATA"/mysql/* + rm -rf "$SNAP_DATA/mysql" exit 1 fi else diff --git a/src/mysql/utilities/mysql-utilities b/src/mysql/utilities/mysql-utilities index def773c..1b540f2 100755 --- a/src/mysql/utilities/mysql-utilities +++ b/src/mysql/utilities/mysql-utilities @@ -26,6 +26,11 @@ mysql_is_running() (! mysql_setup_running || [ "$1" = "-f" ]) } +mysql_is_initialized() +{ + [ -f "$MYSQL_ROOT_OPTION_FILE" ] && grep -q "password=" "$MYSQL_ROOT_OPTION_FILE" +} + wait_for_mysql() { # Arguments: diff --git a/tests/spec/spec_helper.rb b/tests/spec/spec_helper.rb index 0f4c5dd..7b339d9 100644 --- a/tests/spec/spec_helper.rb +++ b/tests/spec/spec_helper.rb @@ -7,17 +7,40 @@ require 'capybara/rspec' require 'selenium-webdriver' -Capybara.register_driver :chrome do |app| - options = Selenium::WebDriver::Chrome::Options.new( - args: %w[headless disable-gpu no-sandbox ignore-certificate-errors] - ) - Capybara::Selenium::Driver.new(app, browser: :chrome, options: options) -end +if ENV['FIREFOX'] + Capybara.register_driver :firefox do |app| + options = Selenium::WebDriver::Firefox::Options.new( + args: %w[--headless] + ) + capabilities = Selenium::WebDriver::Remote::Capabilities.firefox( + acceptInsecureCerts: true, + ) + Capybara::Selenium::Driver.new( + app, + browser: :firefox, + options: options, + desired_capabilities: capabilities + ) + end + + Capybara.configure do | config | + config.default_driver = :firefox + config.app_host = 'http://localhost' + config.run_server = false + end +else + Capybara.register_driver :chrome do |app| + options = Selenium::WebDriver::Chrome::Options.new( + args: %w[headless disable-gpu no-sandbox ignore-certificate-errors] + ) + Capybara::Selenium::Driver.new(app, browser: :chrome, options: options) + end -Capybara.configure do | config | - config.default_driver = :chrome - config.app_host = 'http://localhost' - config.run_server = false + Capybara.configure do | config | + config.default_driver = :chrome + config.app_host = 'http://localhost' + config.run_server = false + end end # This file was generated by the `rspec --init` command. Conventionally, all @@ -123,6 +146,9 @@ config.include Capybara::DSL, :type => :feature config.before(:suite) do + # Install the snap and create an admin user + install_nextcloud + # Ensure the first run wizard is disabled, just in case `sudo nextcloud.occ -n app:disable firstrunwizard` end @@ -205,4 +231,16 @@ def set_config(options) `snap watch --last=configure-snap` expect($?.to_i).to eq 0 end + + def nextcloud_is_installed + `sudo snap run --shell nextcloud.occ -c '. "$SNAP/utilities/nextcloud-utilities" && nextcloud_is_installed'` + $?.to_i == 0 + end + + def install_nextcloud + unless nextcloud_is_installed + `sudo nextcloud.manual-install admin admin` + expect($?.to_i).to eq 0 + end + end end From 9b49722aeaf6268552e4afb5e8484d740ecfbb9c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 11 Oct 2020 13:52:57 -0700 Subject: [PATCH 341/416] nextcloud: update to 19.0.4 Resolve #1487 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index b22a1d4..fedb0a2 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-19.0.3.tar.bz2 - source-checksum: sha256/fc503985e8aa4ed795d882e35679e0e1b7670181768e7820307222d8b4658969 + source: https://download.nextcloud.com/server/releases/nextcloud-19.0.4.tar.bz2 + source-checksum: sha256/465711715d64cbdf0465fcb4405f23b6f0947b85bbe12b6577c9e1602c63ae78 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 560006d842d2127f76a5142156d46aa2549ecdaa Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 12 Oct 2020 14:43:36 -0700 Subject: [PATCH 342/416] CHANGELOG: update for 19.0.4snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 10 ++++++++++ README.md | 5 ++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 2cb624e..975bdc5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,13 @@ +v 19.0.4snap1 + - apache: enable access log + - apache,php,mysql,redis,nextcloud: add log rotation + - hooks: check that apps.nextcloud.com is up before refreshing + - migrations: sanity check nextcloud version before upgrade + - mysql: ensure mysqld responds before considering it up + - mysql: properly handle interrupt in bootstrapping + - nextcloud: update to 19.0.4 + - php: update to 7.4.11 + v 19.0.3snap2 - php: disable output buffering - php: update to 7.3.23 diff --git a/README.md b/README.md index 74be36f..3b78a0b 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 19.0.3 +- Nextcloud 19.0.4 - Apache 2.4 - PHP 7.3 - MySQL 5.7 @@ -177,7 +177,7 @@ There are a few CLI utilities included: ## Where is my stuff? - `$SNAP_DATA` (`/var/snap/nextcloud/current/` by default) - - Apache, PHP, MySQL, and Redis logs + - Logs (Apache, PHP, MySQL, Redis, and Nextcloud logs) - Keys and certificates - MySQL database - Redis database @@ -185,7 +185,6 @@ There are a few CLI utilities included: - Any Nextcloud apps installed by the user - `$SNAP_COMMON` (`/var/snap/nextcloud/common/` by default) - Nextcloud data - - Nextcloud logs ## Hacking From e3a9027ca759af61e5a2325a102856e57d8386c2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 19 Oct 2020 10:27:54 -0700 Subject: [PATCH 343/416] migrations: support daily versions The current migration version check assumes a version of the format major.minor.patch, which isn't the case when it comes to daily builds. Update the logic to take that into account, and bail the version check entirely if major versions can't be reliably extracted. Fix #1505 Signed-off-by: Kyle Fazzari --- src/migrations/bin/run-snap-migrations | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/src/migrations/bin/run-snap-migrations b/src/migrations/bin/run-snap-migrations index cbd2abc..a082e38 100755 --- a/src/migrations/bin/run-snap-migrations +++ b/src/migrations/bin/run-snap-migrations @@ -14,7 +14,12 @@ version_less_than() major_version() { - echo "$1" | sed -r 's/([0-9]+)\..*/\1/' + echo "$1" | sed -r 's/([0-9]+)[.-].*/\1/' +} + +is_integer() +{ + expr "$1" : '^[0-9]\+$' > /dev/null } # Before we do any migrations, Nextcloud is very strict about what makes for a @@ -41,14 +46,20 @@ if version_less_than "$current_version" "$previous_version"; then exit 1 fi +# Now attempt to extract the major version previous_major_version="$(major_version "$previous_version")" current_major_version="$(major_version "$current_version")" -# Now make sure the major version jump is less than or equal to 1 -if [ "$((current_major_version-previous_major_version))" -gt "1" ]; then - next_major_version="$((previous_major_version+1))" - echo "Nextcloud doesn't support skipping major versions, you must upgrade to Nextcloud $next_major_version first. Try 'sudo snap refresh nextcloud --channel=$next_major_version'" >&2 - exit 1 +# Verify that what we got was actually integers (not all versions work this +# way, e.g. the daily builds). This isn't an error, we just can't reliably +# check this without numbers. +if is_integer "$previous_major_version" && is_integer "$current_major_version"; then + # Now make sure the major version jump is less than or equal to 1 + if [ "$((current_major_version-previous_major_version))" -gt "1" ]; then + next_major_version="$((previous_major_version+1))" + echo "Nextcloud doesn't support skipping major versions, you must upgrade to Nextcloud $next_major_version first. Try 'sudo snap refresh nextcloud --channel=$next_major_version'" >&2 + exit 1 + fi fi # Now run the version-specific migrations From 9a5086bc6828ece24658aecadc738662f07c726a Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 19 Oct 2020 10:31:59 -0700 Subject: [PATCH 344/416] mysql: update to 5.7.32 Resolve #1510 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- src/mysql/bin/reload-mysql | 2 +- src/mysql/bin/run-mysql | 2 +- src/mysql/bin/run-mysqldump | 2 +- src/mysql/bin/start_mysql | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index fedb0a2..ce6caf2 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -345,7 +345,7 @@ parts: mysql: plugin: cmake source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.31 + source-tag: mysql-5.7.32 source-depth: 1 override-pull: | snapcraftctl pull diff --git a/src/mysql/bin/reload-mysql b/src/mysql/bin/reload-mysql index dff8b40..c9922e0 100755 --- a/src/mysql/bin/reload-mysql +++ b/src/mysql/bin/reload-mysql @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/sh -e # shellcheck source=src/mysql/utilities/mysql-utilities . "$SNAP/utilities/mysql-utilities" diff --git a/src/mysql/bin/run-mysql b/src/mysql/bin/run-mysql index 6984873..1072fe7 100755 --- a/src/mysql/bin/run-mysql +++ b/src/mysql/bin/run-mysql @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/sh -e # shellcheck source=src/mysql/utilities/mysql-utilities . "$SNAP/utilities/mysql-utilities" diff --git a/src/mysql/bin/run-mysqldump b/src/mysql/bin/run-mysqldump index 2ac66c1..ae793e7 100755 --- a/src/mysql/bin/run-mysqldump +++ b/src/mysql/bin/run-mysqldump @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/sh -e # shellcheck source=src/mysql/utilities/mysql-utilities . "$SNAP/utilities/mysql-utilities" diff --git a/src/mysql/bin/start_mysql b/src/mysql/bin/start_mysql index 9901313..9d887e9 100755 --- a/src/mysql/bin/start_mysql +++ b/src/mysql/bin/start_mysql @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/sh -e # shellcheck source=src/mysql/utilities/mysql-utilities . "$SNAP/utilities/mysql-utilities" From bb9fa8e499c26cc353da3ccc72c39ed02150fdcb Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 19 Oct 2020 15:38:55 -0700 Subject: [PATCH 345/416] logrotate: remove status file if it seems corrupted This means we may miss a rotation, but that seems a small price to pay for handling this error. Fix #1508 Signed-off-by: Kyle Fazzari --- src/logrotate/bin/run-logrotate | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/logrotate/bin/run-logrotate b/src/logrotate/bin/run-logrotate index 37883d8..083d08a 100755 --- a/src/logrotate/bin/run-logrotate +++ b/src/logrotate/bin/run-logrotate @@ -20,4 +20,9 @@ trap 'rm -f "$configuration_file"' EXIT envsubst < "$SNAP/config/logrotate/logrotate.conf" > "$configuration_file" -logrotate --verbose --state "$LOGROTATE_STATUS_FILE" "$configuration_file" +# If logrotate fails, it could be due to corruption in the status file. Try +# removing it so we start with a clean slate next time around. +if ! logrotate --verbose --state "$LOGROTATE_STATUS_FILE" "$configuration_file"; then + rm -f "$LOGROTATE_STATUS_FILE" + exit 1 +fi From ee02793cee8e1666c17381f89997645771d4e7c5 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 23 Oct 2020 15:51:55 -0700 Subject: [PATCH 346/416] Enable daily release of v20 Resolve #1518 Signed-off-by: Kyle Fazzari --- .travis/cron.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.travis/cron.sh b/.travis/cron.sh index 4f243ff..b9a9dd3 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -3,6 +3,7 @@ latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" latest_stable18_url="https://download.nextcloud.com/server/daily/latest-stable18.tar.bz2" latest_stable19_url="https://download.nextcloud.com/server/daily/latest-stable19.tar.bz2" +latest_stable20_url="https://download.nextcloud.com/server/daily/latest-stable20.tar.bz2" rewrite_snapcraft_yaml() { @@ -45,3 +46,8 @@ echo "Requesting build of latest 19..." request_build \ "latest-19" "$latest_stable19_url" "19-$today" \ "From CI: Use Nextcloud latest 19" + +echo "Requesting build of latest 20..." +request_build \ + "latest-20" "$latest_stable20_url" "20-$today" \ + "From CI: Use Nextcloud latest 20" From d98be9bc7217d75a7df124aa157b3f0442a05165 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 25 Oct 2020 08:02:50 -0700 Subject: [PATCH 347/416] logrotate: skip first line of status file when cleaning Fix #1508 Signed-off-by: Kyle Fazzari --- src/logrotate/bin/run-logrotate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logrotate/bin/run-logrotate b/src/logrotate/bin/run-logrotate index 083d08a..14d6bbe 100755 --- a/src/logrotate/bin/run-logrotate +++ b/src/logrotate/bin/run-logrotate @@ -6,7 +6,7 @@ # Clean non existent log file entries from status file test -e "$LOGROTATE_STATUS_FILE" || touch "$LOGROTATE_STATUS_FILE" head -1 "$LOGROTATE_STATUS_FILE" > "${LOGROTATE_STATUS_FILE}.clean" -sed 's/"//g' "$LOGROTATE_STATUS_FILE" | while read -r logfile date +sed '1d; s/"//g' "$LOGROTATE_STATUS_FILE" | while read -r logfile date do [ -e "$logfile" ] && echo "\"$logfile\" $date" done >> "${LOGROTATE_STATUS_FILE}.clean" From a8c36227cc11f1022e7bf3380320ea07bb6ab030 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 25 Oct 2020 15:00:19 -0700 Subject: [PATCH 348/416] CHANGELOG: update for 19.0.4snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 975bdc5..ac7b25a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,9 @@ +v 19.0.4snap2 + - logrotate: skip first line of status file when cleaning + - logrotate: remove status file if it seems corrupted + - mysql: update to 5.7.32 + - migrations: support daily versions + v 19.0.4snap1 - apache: enable access log - apache,php,mysql,redis,nextcloud: add log rotation From e5017fbd6b87672c17bd5e755239aeb38a9de293 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 3 Oct 2020 14:50:03 -0700 Subject: [PATCH 349/416] nextcloud: update to 20.0.1 Resolve #1474 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- tests/spec/change_php_memory_limit_spec.rb | 4 ++-- tests/spec/enable_https_spec.rb | 2 +- tests/spec/import_export_spec.rb | 2 +- tests/spec/login_spec.rb | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index ce6caf2..4724bf7 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-19.0.4.tar.bz2 - source-checksum: sha256/465711715d64cbdf0465fcb4405f23b6f0947b85bbe12b6577c9e1602c63ae78 + source: https://download.nextcloud.com/server/releases/nextcloud-20.0.1.tar.bz2 + source-checksum: sha256/96c6b50e1e676e46cec82d8f8ff1abd5eef9dfa00580081b6c640612c3ff2efc organize: '*': htdocs/ '.htaccess': htdocs/.htaccess diff --git a/tests/spec/change_php_memory_limit_spec.rb b/tests/spec/change_php_memory_limit_spec.rb index 941ae20..d07e19c 100644 --- a/tests/spec/change_php_memory_limit_spec.rb +++ b/tests/spec/change_php_memory_limit_spec.rb @@ -46,11 +46,11 @@ def assert_login fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "All files" + expect(page).to have_content "Recommended files" end def assert_logged_in visit "/" - expect(page).to have_content "All files" + expect(page).to have_content "Recommended files" end end diff --git a/tests/spec/enable_https_spec.rb b/tests/spec/enable_https_spec.rb index fb20f34..a3c7c7d 100644 --- a/tests/spec/enable_https_spec.rb +++ b/tests/spec/enable_https_spec.rb @@ -10,6 +10,6 @@ fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "All files" + expect(page).to have_content "Recommended files" end end diff --git a/tests/spec/import_export_spec.rb b/tests/spec/import_export_spec.rb index 2a0f3c3..f2db349 100644 --- a/tests/spec/import_export_spec.rb +++ b/tests/spec/import_export_spec.rb @@ -38,6 +38,6 @@ def assert_loginable fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "All files" + expect(page).to have_content "Recommended files" end end diff --git a/tests/spec/login_spec.rb b/tests/spec/login_spec.rb index 4ef572f..e513779 100644 --- a/tests/spec/login_spec.rb +++ b/tests/spec/login_spec.rb @@ -4,7 +4,7 @@ fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "All files" + expect(page).to have_content "Recommended files" end scenario "Logging in with incorrect credentials" do From 442c7cf3eabcac893dbcb34b0d5fa0482fe6baf9 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 26 Oct 2020 14:20:36 -0700 Subject: [PATCH 350/416] nextcloud: workaround invalid json from occ There are situations where `occ --output=json` produces invalid json (see https://github.com/nextcloud/server/issues/23596). Work around these issues using jq. Update #1504 Signed-off-by: Kyle Fazzari --- src/nextcloud/utilities/nextcloud-utilities | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/nextcloud/utilities/nextcloud-utilities b/src/nextcloud/utilities/nextcloud-utilities index 6d7e4f7..824e820 100644 --- a/src/nextcloud/utilities/nextcloud-utilities +++ b/src/nextcloud/utilities/nextcloud-utilities @@ -33,13 +33,13 @@ wait_for_nextcloud_to_be_installed() # nextcloud_notify_admins nextcloud_notify_admins() { - if ! occ app:list --output=json | jq -e '.enabled | .notifications' > /dev/null; then + if ! occ app:list --output=json | jq -eR 'fromjson? | .enabled | .notifications' > /dev/null; then echo "Notifications app isn't enabled-- unable to send notification" >&2 return 1 fi - occ user:list --output=json | jq -r 'keys[]' | while read -r user; do - if occ user:info --output=json "$user" | jq -e '.groups | index("admin")' > /dev/null; then + occ user:list --output=json | jq -rR 'fromjson? | keys[]' | while read -r user; do + if occ user:info --output=json "$user" | jq -eR 'fromjson? | .groups | index("admin")' > /dev/null; then occ notification:generate "$user" "$1" -l "$2" fi done From 20e560ac621a4e67c52c59b01b3a2fe00002d4e2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 26 Oct 2020 15:57:47 -0700 Subject: [PATCH 351/416] CHANGELOG: update for 20.0.1snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index ac7b25a..acb1513 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 20.0.1snap1 + - nextcloud: workaround invalid json from occ + - nextcloud: update to 20.0.1 + v 19.0.4snap2 - logrotate: skip first line of status file when cleaning - logrotate: remove status file if it seems corrupted diff --git a/README.md b/README.md index 3b78a0b..f547a3e 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 19.0.4 +- Nextcloud 20.0.1 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 872f33b3c69168f79deb84f7df0cd9abd3379c2c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 26 Oct 2020 16:19:12 -0700 Subject: [PATCH 352/416] tests: enable daily v20 tests Also update tests to pass for both v20 and earlier major versions. Resolve #1519 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 29 ++++++++++++++++++++++ tests/spec/change_php_memory_limit_spec.rb | 4 +-- tests/spec/enable_https_spec.rb | 2 +- tests/spec/import_export_spec.rb | 2 +- tests/spec/login_spec.rb | 2 +- 5 files changed, 34 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 302e6fb..7be07ec 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -104,6 +104,24 @@ jobs: # Run the tests command: ./.circleci/runtests.sh + test-daily-v20: + working_directory: ~/nextcloud-snap + machine: + image: ubuntu-1604:202004-01 + steps: + - checkout + + - run: + # Install the snap and create an admin user + command: | + sudo apt update -qq + sudo apt install -y snapd + sudo snap install nextcloud --channel=20/edge + + - run: + # Run the tests + command: ./.circleci/runtests.sh + workflows: version: 2 commit: @@ -141,3 +159,14 @@ workflows: only: develop jobs: [test-daily-v19] + + daily-v20: + triggers: + - schedule: + # 0700 UTC == 0000 PSC + cron: "0 7 * * *" + filters: + branches: + only: develop + + jobs: [test-daily-v20] diff --git a/tests/spec/change_php_memory_limit_spec.rb b/tests/spec/change_php_memory_limit_spec.rb index d07e19c..7bd4704 100644 --- a/tests/spec/change_php_memory_limit_spec.rb +++ b/tests/spec/change_php_memory_limit_spec.rb @@ -46,11 +46,11 @@ def assert_login fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "Recommended files" + expect(page).to have_content /(Recommended|All) files/ end def assert_logged_in visit "/" - expect(page).to have_content "Recommended files" + expect(page).to have_content /(Recommended|All) files/ end end diff --git a/tests/spec/enable_https_spec.rb b/tests/spec/enable_https_spec.rb index a3c7c7d..d9e2f20 100644 --- a/tests/spec/enable_https_spec.rb +++ b/tests/spec/enable_https_spec.rb @@ -10,6 +10,6 @@ fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "Recommended files" + expect(page).to have_content /(Recommended|All) files/ end end diff --git a/tests/spec/import_export_spec.rb b/tests/spec/import_export_spec.rb index f2db349..316c4de 100644 --- a/tests/spec/import_export_spec.rb +++ b/tests/spec/import_export_spec.rb @@ -38,6 +38,6 @@ def assert_loginable fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "Recommended files" + expect(page).to have_content /(Recommended|All) files/ end end diff --git a/tests/spec/login_spec.rb b/tests/spec/login_spec.rb index e513779..0a00eba 100644 --- a/tests/spec/login_spec.rb +++ b/tests/spec/login_spec.rb @@ -4,7 +4,7 @@ fill_in "User", with: "admin" fill_in "Password", with: "admin" click_button "Log in" - expect(page).to have_content "Recommended files" + expect(page).to have_content /(Recommended|All) files/ end scenario "Logging in with incorrect credentials" do From e103f8816b9e372e5e10335f916f89f86276b292 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 14 Nov 2020 12:30:28 -0800 Subject: [PATCH 353/416] php: fix shebang in reload-php Signed-off-by: Kyle Fazzari --- src/php/bin/reload-php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/php/bin/reload-php b/src/php/bin/reload-php index 20b455e..db5585a 100755 --- a/src/php/bin/reload-php +++ b/src/php/bin/reload-php @@ -1,6 +1,6 @@ -#!#!/bin/sh +#!/bin/sh # shellcheck source=src/php/utilities/php-utilities . "$SNAP/utilities/php-utilities" -php_reload \ No newline at end of file +php_reload From 97aab782fbe34f32bead07b6a9254eb319f33598 Mon Sep 17 00:00:00 2001 From: Hagen Echzell Date: Thu, 26 Nov 2020 20:03:38 +0100 Subject: [PATCH 354/416] nextcloud: Update to 20.0.2 Signed-off-by: Hagen Echzell --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 4724bf7..a7e9cb6 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-20.0.1.tar.bz2 - source-checksum: sha256/96c6b50e1e676e46cec82d8f8ff1abd5eef9dfa00580081b6c640612c3ff2efc + source: https://download.nextcloud.com/server/releases/nextcloud-20.0.2.tar.bz2 + source-checksum: sha256/be84c2ac7fba066ddc0637a4672b39628bbbd200dad8c00a0437a4765007dd21 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From b6a4657ca4cd492afa43d2e31f00290d05ff1d8d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 26 Nov 2020 14:40:32 -0800 Subject: [PATCH 355/416] php: update to 7.4.13 Resolve #1550 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index a7e9cb6..64ca4c2 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -202,8 +202,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.4.11.tar.bz2/from/this/mirror - source-checksum: sha256/5408f255243bd2292f3fbc2fafc27a2ec083fcd852902728f2ba9a3ea616b8c5 + source: https://php.net/get/php-7.4.13.tar.bz2/from/this/mirror + source-checksum: sha256/15a339857e11c92eb47fddcd0dfe8aaa951a9be7c57ab7230ccd497465a31fda source-type: tar install-via: prefix configflags: From 90bc6d0a341c5c6cd80a04bdbad226b934d57579 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 30 Nov 2020 12:08:46 -0800 Subject: [PATCH 356/416] CHANGELOG: update for 20.0.2snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index acb1513..5f7c088 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 20.0.2snap1 + - php: update to 7.4.13 + - nextcloud: update to 20.0.2 + - php: fix shebang in reload-php + v 20.0.1snap1 - nextcloud: workaround invalid json from occ - nextcloud: update to 20.0.1 diff --git a/README.md b/README.md index f547a3e..1dec699 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 20.0.1 +- Nextcloud 20.0.2 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From fe28410ddf7f2270fe781069a5cfcb0d4aaa7683 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 4 Dec 2020 08:43:02 -0800 Subject: [PATCH 357/416] nextcloud-fixer: run db:add-missing-primary-keys Resolve #1565 Signed-off-by: Kyle Fazzari --- .../fixes/existing-install/6_add-missing-primary-keys.sh | 4 ++++ 1 file changed, 4 insertions(+) create mode 100755 src/nextcloud/fixes/existing-install/6_add-missing-primary-keys.sh diff --git a/src/nextcloud/fixes/existing-install/6_add-missing-primary-keys.sh b/src/nextcloud/fixes/existing-install/6_add-missing-primary-keys.sh new file mode 100755 index 0000000..dec66b0 --- /dev/null +++ b/src/nextcloud/fixes/existing-install/6_add-missing-primary-keys.sh @@ -0,0 +1,4 @@ +#!/bin/sh -e + +# This command can be run without putting Nextcloud into maintenance mode +occ -n db:add-missing-primary-keys From 2270772dd3dd4e2eaf43f140252b328cbf53098e Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 4 Dec 2020 12:40:28 -0800 Subject: [PATCH 358/416] CHANGELOG: update for 20.0.2snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 5f7c088..5d39e68 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 20.0.2snap2 + - nextcloud-fixer: run db:add-missing-primary-keys + v 20.0.2snap1 - php: update to 7.4.13 - nextcloud: update to 20.0.2 From 6157e2ac8d80a0686d1ed868e2c59410f97b609c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 9 Dec 2020 13:48:36 -0800 Subject: [PATCH 359/416] nextcloud: update to 20.0.3 Resolve #1575 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 64ca4c2..66a21ca 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-20.0.2.tar.bz2 - source-checksum: sha256/be84c2ac7fba066ddc0637a4672b39628bbbd200dad8c00a0437a4765007dd21 + source: https://download.nextcloud.com/server/releases/nextcloud-20.0.3.tar.bz2 + source-checksum: sha256/e0f64504d338f64d3c677357f0012cf8b0ed0dc42ec08f958b6dc4ff70edf175 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From b225d026c1ab521a5a5aadf0927b12002b94caee Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 9 Dec 2020 16:57:51 -0800 Subject: [PATCH 360/416] CHANGELOG: update for 20.0.3snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 ++++- README.md | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 5d39e68..4c0f873 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ +v 20.0.3snap1 + - nextcloud: update to 20.0.3 + v 20.0.2snap2 - - nextcloud-fixer: run db:add-missing-primary-keys + - nextcloud-fixer: run occ db:add-missing-primary-keys v 20.0.2snap1 - php: update to 7.4.13 diff --git a/README.md b/README.md index 1dec699..d0458cf 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 20.0.2 +- Nextcloud 20.0.3 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From f36af40db1e7801929fb633c0396f56a84c21bbf Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 10 Dec 2020 11:52:10 -0800 Subject: [PATCH 361/416] mysql: use READ-COMMITTED instead of REPEATABLE-READ This configuration is recommended by Nextcloud, and might improve MySQL performance in the snap. Resolve #1571 Signed-off-by: Kyle Fazzari --- src/mysql/my.cnf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/mysql/my.cnf b/src/mysql/my.cnf index 5aaef79..dc4a58b 100644 --- a/src/mysql/my.cnf +++ b/src/mysql/my.cnf @@ -3,4 +3,5 @@ user=root max_allowed_packet=100M secure-file-priv=NULL skip-networking -log_error=../logs/mysql_errors.log \ No newline at end of file +transaction_isolation=READ-COMMITTED +log_error=../logs/mysql_errors.log From 898f281dc845b4106821933282fb2a9a85240516 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 21 Dec 2020 23:06:43 -0800 Subject: [PATCH 362/416] nextcloud: update to 20.0.4 Resolve #1594 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 66a21ca..0671c86 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-20.0.3.tar.bz2 - source-checksum: sha256/e0f64504d338f64d3c677357f0012cf8b0ed0dc42ec08f958b6dc4ff70edf175 + source: https://download.nextcloud.com/server/releases/nextcloud-20.0.4.tar.bz2 + source-checksum: sha256/269f1622e326f5d11e387d3861aad4e2b0e79334ae97eed5a7b3352ba7661420 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From bc4cb6fd847a5a41fc39ea0e6e8b4c8bed8fb9b7 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 23 Dec 2020 15:05:05 -0800 Subject: [PATCH 363/416] CHANGELOG: update for 20.0.4snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 4c0f873..9870e05 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 20.0.4snap1 + - nextcloud: update to 20.0.4 + - mysql: use READ-COMMITTED instead of REPEATABLE-READ + v 20.0.3snap1 - nextcloud: update to 20.0.3 diff --git a/README.md b/README.md index d0458cf..b49c891 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 20.0.3 +- Nextcloud 20.0.4 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 48f4c8ae5f0db82ff4943f58edd3467af2d83661 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 7 Jan 2021 08:02:57 -0800 Subject: [PATCH 364/416] php: update to 7.4.14 Resolve #1602 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 0671c86..0fe2bbc 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -202,8 +202,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.4.13.tar.bz2/from/this/mirror - source-checksum: sha256/15a339857e11c92eb47fddcd0dfe8aaa951a9be7c57ab7230ccd497465a31fda + source: https://php.net/get/php-7.4.14.tar.bz2/from/this/mirror + source-checksum: sha256/6889ca0605adee3aa7077508cd79fcef1dbd88461cdf25e7c1a86997b8d0a1f6 source-type: tar install-via: prefix configflags: From 9721e1caf4de0f4823a30ddad990ec5ea3db417c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 11 Jan 2021 15:32:55 -0800 Subject: [PATCH 365/416] CHANGELOG: update for 20.0.4snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 9870e05..6fb8337 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 20.0.4snap2 + - php: update to 7.4.14 + v 20.0.4snap1 - nextcloud: update to 20.0.4 - mysql: use READ-COMMITTED instead of REPEATABLE-READ From 50080ec09d8d296bc52b50c8add118b75ed347aa Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 27 Jan 2021 09:56:39 -0800 Subject: [PATCH 366/416] mysql: update to 5.7.33 Resolve #1616 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 0fe2bbc..fed717a 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -345,7 +345,7 @@ parts: mysql: plugin: cmake source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.32 + source-tag: mysql-5.7.33 source-depth: 1 override-pull: | snapcraftctl pull From cb462221d9063241ad81fe94eda4876bd475ea6d Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 27 Jan 2021 10:07:05 -0800 Subject: [PATCH 367/416] nextcloud: update to 20.0.6 Resolve #1619 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 0fe2bbc..c67ae6f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-20.0.4.tar.bz2 - source-checksum: sha256/269f1622e326f5d11e387d3861aad4e2b0e79334ae97eed5a7b3352ba7661420 + source: https://download.nextcloud.com/server/releases/nextcloud-20.0.6.tar.bz2 + source-checksum: sha256/859167170402b876b6ef1a37fa4aaa5617b6bf847bb5d50a94f636bae65a34b9 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From bb009ff27f94182caedd47fe44515ac0244e049b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 1 Feb 2021 09:53:06 -0800 Subject: [PATCH 368/416] CHANGELOG: update for 20.0.6snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 6fb8337..6d6192c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 20.0.6snap1 + - nextcloud: update to 20.0.6 + - mysql: update to 5.7.33 + v 20.0.4snap2 - php: update to 7.4.14 diff --git a/README.md b/README.md index b49c891..0e3d417 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 20.0.4 +- Nextcloud 20.0.6 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From f8828f048e7dfe152671868b7b2aebdc78fff2f6 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 3 Feb 2021 13:59:37 -0800 Subject: [PATCH 369/416] nextcloud: update to 20.0.7 Resolve #1632 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 17ebb05..25b0c4d 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-20.0.6.tar.bz2 - source-checksum: sha256/859167170402b876b6ef1a37fa4aaa5617b6bf847bb5d50a94f636bae65a34b9 + source: https://download.nextcloud.com/server/releases/nextcloud-20.0.7.tar.bz2 + source-checksum: sha256/8ced82b772bf0af67d5be1323e40f977429bc0a2bcc864095efc78767500b72b organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 119ee153a725cc98fbd1ede790f06a9cb6839d52 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 3 Feb 2021 15:24:46 -0800 Subject: [PATCH 370/416] CHANGELOG: update for 20.0.7snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 6d6192c..c582988 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 20.0.7snap1 + - nextcloud: update to 20.0.7 + v 20.0.6snap1 - nextcloud: update to 20.0.6 - mysql: update to 5.7.33 diff --git a/README.md b/README.md index 0e3d417..cc616c3 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 20.0.6 +- Nextcloud 20.0.7 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 03f49221f271e7036f0606be8846dabc2b013d80 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 4 Feb 2021 08:24:23 -0800 Subject: [PATCH 371/416] php: update to 7.4.15 Resolve #1638 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 25b0c4d..bcf6090 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -202,8 +202,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.4.14.tar.bz2/from/this/mirror - source-checksum: sha256/6889ca0605adee3aa7077508cd79fcef1dbd88461cdf25e7c1a86997b8d0a1f6 + source: https://php.net/get/php-7.4.15.tar.bz2/from/this/mirror + source-checksum: sha256/1bd7be0293446c3d3cbe3c9fae6045119af0798fb0869db61932796dc23a7757 source-type: tar install-via: prefix configflags: From d82f43265e62aca3c3e6354aa2c649f07f53ff2c Mon Sep 17 00:00:00 2001 From: Anand Kumria Date: Sun, 28 Feb 2021 15:23:40 +1100 Subject: [PATCH 372/416] Correctly obtain the PHP-FPM pid before sending a signal When calling a function, it is effectively an external program call so needs to be wrapped in "$(..func...)" Copy the same technique as in restart_php_if_running() and place the pid into a variable and then send the USR1 signal. This will mean reloading should now work properly. Signed-off-by: Anand Kumria --- src/php/utilities/php-utilities | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/php/utilities/php-utilities b/src/php/utilities/php-utilities index 63a8467..049ccb5 100755 --- a/src/php/utilities/php-utilities +++ b/src/php/utilities/php-utilities @@ -54,7 +54,8 @@ php_pid() php_reload() { if php_is_running; then - kill -USR1 php_pid > /dev/null + pid="$(php_pid)" + kill -USR1 "$pid" > /dev/null fi } From ef07f5f9dec3b44398d0d5ba6e4ba2fa33f41cf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Fri, 5 Mar 2021 21:46:29 +0100 Subject: [PATCH 373/416] nextcloud: update to 20.0.8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolve #1656 Signed-off-by: Marc Peña Segarra --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index bcf6090..cc52968 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-20.0.7.tar.bz2 - source-checksum: sha256/8ced82b772bf0af67d5be1323e40f977429bc0a2bcc864095efc78767500b72b + source: https://download.nextcloud.com/server/releases/nextcloud-20.0.8.tar.bz2 + source-checksum: sha256/85746a4bda87bf754be5834cdb6489c365dc847653bab8ff3afccdaac3b356b5 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 42e34ddc9b4227b9ab160c8fbc093ebf21a8d6fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Fri, 5 Mar 2021 22:02:16 +0100 Subject: [PATCH 374/416] redis: update to 5.0.12 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolve #1665 Signed-off-by: Marc Peña Segarra --- snap/snapcraft.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index bcf6090..3958efd 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -289,13 +289,13 @@ parts: sbin/php-fpm: bin/php-fpm extensions: # Build the redis PHP module - - source: https://github.com/phpredis/phpredis/archive/5.3.1.tar.gz - source-checksum: sha256/930dc88ef126509b8991c52757fdc68908c753b476ad6f25dae0ce6925870f14 + - source: https://github.com/phpredis/phpredis/archive/5.3.3.tar.gz + source-checksum: sha256/7b0f487f8ad4b93ed0542a9bb650d4d47bea64abc54c9440280458f329bc34e7 redis: plugin: redis - source: http://download.redis.io/releases/redis-5.0.8.tar.gz - source-checksum: sha256/f3c7eac42f433326a8d981b50dba0169fdfaf46abb23fcda2f933a7552ee4ed7 + source: http://download.redis.io/releases/redis-5.0.12.tar.gz + source-checksum: sha256/7040eba5910f7c3d38f05ea5a1d88b480488215bdbd2e10ec70d18380108e31e redis-customizations: plugin: dump From b675bffa76e8c7918f4423ba8f429039df0ecec2 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 6 Mar 2021 12:05:05 -0800 Subject: [PATCH 375/416] logrotate: rotate apache access log Fix #1668 Signed-off-by: Kyle Fazzari --- src/logrotate/config/logrotate.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logrotate/config/logrotate.conf b/src/logrotate/config/logrotate.conf index 4bbcc1f..65c09bb 100644 --- a/src/logrotate/config/logrotate.conf +++ b/src/logrotate/config/logrotate.conf @@ -19,7 +19,7 @@ compress delaycompress # Apache logs -$SNAP_DATA_CURRENT/logs/apache_errors.log { +$SNAP_DATA_CURRENT/logs/apache_errors.log $SNAP_DATA_CURRENT/logs/apache_access.log { postrotate snapctl restart --reload $SNAP_INSTANCE_NAME.apache endscript From 2e77f5a23edcf85848694a6e0b79b7fce0bda99c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 8 Apr 2021 08:06:31 -0700 Subject: [PATCH 376/416] circleci: pin go to 1.15 The snapcraft godeps plugin only works with v1.15, see LP: #1922150 for more information. Signed-off-by: Kyle Fazzari --- .circleci/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/Dockerfile b/.circleci/Dockerfile index d99a9df..8f4e8a7 100644 --- a/.circleci/Dockerfile +++ b/.circleci/Dockerfile @@ -21,7 +21,7 @@ RUN mkdir -p /snap/snapcraft RUN unsquashfs -d /snap/snapcraft/current snapcraft.snap # Grab the go snap from the stable channel and unpack it in the proper place -RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/go?channel=stable' | jq '.download_url' -r) --output go.snap +RUN curl -L $(curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/go?channel=1.15/stable' | jq '.download_url' -r) --output go.snap RUN mkdir -p /snap/go RUN unsquashfs -d /snap/go/current go.snap From c1a4d2f071d058bf78e91b90e76b178f15cc8e76 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 31 Mar 2021 18:21:21 -0700 Subject: [PATCH 377/416] CHANGELOG: update for 20.0.8snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 7 +++++++ README.md | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index c582988..dd1d1e6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +v 20.0.8snap1 + - logrotate: rotate apache access log + - redis: update to 5.0.12 + - nextcloud: update to 20.0.8 + - Correctly obtain the PHP-FPM pid before sending a signal + - php: update to 7.4.15 + v 20.0.7snap1 - nextcloud: update to 20.0.7 diff --git a/README.md b/README.md index cc616c3..97df562 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 20.0.7 +- Nextcloud 20.0.8 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 618ecabc11a85068053003992a8809b505f2083f Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Mon, 19 Apr 2021 07:03:36 -0500 Subject: [PATCH 378/416] Update NextCloud 20.0.9 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3c10b38..6983258 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-20.0.8.tar.bz2 - source-checksum: sha256/85746a4bda87bf754be5834cdb6489c365dc847653bab8ff3afccdaac3b356b5 + source: https://download.nextcloud.com/server/releases/nextcloud-20.0.9.tar.bz2 + source-checksum: sha256/c8fe4ae86bc51276be6d39cbaf3f45f3b29df901cd5a4163b8a6af0e09e9ff04 organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 1bb04f7cabcc40dd8ead253f5b42677b2b9c142c Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Tue, 20 Apr 2021 10:19:23 -0500 Subject: [PATCH 379/416] Upgrade MySQL to 5.7.34 Fixes #1616 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 6983258..f81f970 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -345,7 +345,7 @@ parts: mysql: plugin: cmake source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.33 + source-tag: mysql-5.7.34 source-depth: 1 override-pull: | snapcraftctl pull From d93ad8989549a4b772ddd03dddc049a518dfa31b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 24 Apr 2021 21:35:21 -0700 Subject: [PATCH 380/416] CHANGELOG: update for 20.0.9snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index dd1d1e6..737e4de 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 20.0.9snap1 + - mysql: update to 5.7.34 + - nextcloud: update to 20.0.9 + v 20.0.8snap1 - logrotate: rotate apache access log - redis: update to 5.0.12 diff --git a/README.md b/README.md index 97df562..b171c89 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 20.0.8 +- Nextcloud 20.0.9 - Apache 2.4 - PHP 7.3 - MySQL 5.7 From 931c34a8d2330653412120b9c3ec565b968c4ec1 Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Wed, 28 Apr 2021 10:34:35 -0500 Subject: [PATCH 381/416] Update PHP 7.4.18 Fixes #1713 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f81f970..383fd0a 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -202,8 +202,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.4.15.tar.bz2/from/this/mirror - source-checksum: sha256/1bd7be0293446c3d3cbe3c9fae6045119af0798fb0869db61932796dc23a7757 + source: https://php.net/get/php-7.4.18.tar.bz2/from/this/mirror + source-checksum: sha256/2e455932e9c6f5889b1dc879f36fdd5744eaf1ff572b1b778958cbb8f5c1842f source-type: tar install-via: prefix configflags: From 0f534193a67b6c9d283b2271ba8567a876247365 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 6 Mar 2021 12:02:52 -0800 Subject: [PATCH 382/416] mysql: update to 8.0.24 Resolve #1626 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 2 +- snap/snapcraft.yaml | 73 +++++++++++++--------------- src/mysql/bin/start_mysql | 16 ++---- src/mysql/support-files/mysql.server | 6 +-- 4 files changed, 40 insertions(+), 57 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 7be07ec..8990586 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -38,7 +38,7 @@ jobs: command: | sudo apt update -qq sudo apt install -y snapd - sudo snap install --beta review-tools + sudo snap install review-tools sudo /snap/bin/review-tools.snap-review *.snap - run: diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 383fd0a..b5ca458 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -325,18 +325,10 @@ parts: # The collabora appimage requires this - libfontconfig1 - # Download the boost headers for MySQL. Note that the version used may need to - # be updated if the version of MySQL changes. boost: plugin: dump - source: https://github.com/kyrofa/boost_tarball/raw/master/boost_1_59_0.tar.gz - source-checksum: sha1/5123209db194d66d69a9cfa5af8ff473d5941d97 - # When building MySQL, the headers in the source directory 'boost/' are - # required. Previously, using the 'copy' plugin, the whole archive was put - # under 'boost/', making the headers reside in 'boost/boost/'. Due to a bug, - # we now only stage the 'boost/' directory without moving it. - # - # Bug: https://bugs.launchpad.net/snapcraft/+bug/1757093 + source: https://sourceforge.net/projects/boost/files/boost/1.73.0/boost_1_73_0.tar.bz2 + source-checksum: sha1/6d6ed02b29c860fd21b274fc4e1f820855e765e9 stage: - boost/ prime: @@ -344,65 +336,66 @@ parts: mysql: plugin: cmake - source: https://github.com/mysql/mysql-server.git - source-tag: mysql-5.7.34 - source-depth: 1 - override-pull: | - snapcraftctl pull - git apply $SNAPCRAFT_STAGE/mysql-support-compile-time-disabling-of-setpriority.patch - after: [boost, patches] + after: [boost] + + # Get from https://dev.mysql.com/downloads/mysql/ + source: https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-8.0.24.tar.gz + source-checksum: md5/e8cb8eafe07e22d5da123ffc5ca79e56 configflags: - - -DWITH_BOOST=$SNAPCRAFT_STAGE - - -DWITH_INNODB_PAGE_CLEANER_PRIORITY=OFF - -DCMAKE_INSTALL_PREFIX=/ - -DBUILD_CONFIG=mysql_release + - -DCMAKE_BUILD_TYPE=Release - -DWITH_UNIT_TESTS=OFF - -DWITH_EMBEDDED_SERVER=OFF - -DWITH_ARCHIVE_STORAGE_ENGINE=OFF + - -DWITH_EXAMPLE_STORAGE_ENGINE=OFF - -DWITH_BLACKHOLE_STORAGE_ENGINE=OFF - -DWITH_FEDERATED_STORAGE_ENGINE=OFF - -DWITH_PARTITION_STORAGE_ENGINE=OFF + - -DWITH_PERFSCHEMA_STORAGE_ENGINE=OFF + - -DWITH_DEBUG=OFF + - -DWITH_INNODB_EXTRA_DEBUG=OFF - -DINSTALL_MYSQLTESTDIR= + - -DDOWNLOAD_BOOST=OFF + - -DWITH_BOOST=$SNAPCRAFT_STAGE + + override-build: | + snapcraftctl build + # MySQL v8 is massive. Strip it. + find "$SNAPCRAFT_PART_INSTALL/bin" -type f -exec sh -c 'grep -IL . "$1" || strip --strip-all "$1"' sh "{}" \; + build-packages: - - wget - - g++ - - cmake - - bison - libncurses5-dev - - libaio-dev - stage-packages: - - libaio1 + - binutils stage: # Remove scripts that we'll be replacing with our own - -support-files/mysql.server - -COPYING - prime: - # Remove scripts that we'll be replacing with our own - - -support-files/mysql.server # Remove unused binaries that waste space + - -bin/comp_err + - -bin/ibd2sdi - -bin/innochecksum - -bin/lz4_decompress + - -bin/myisam_ftdump - -bin/myisam* - - -bin/mysqladmin - - -bin/mysqlbinlog - -bin/mysql_client_test - -bin/mysql_config* + - -bin/mysql_secure_installation + - -bin/mysql_ssl_rsa_setup + - -bin/mysql_tzinfo_to_sql + - -bin/mysql_upgrade + - -bin/mysqladmin + - -bin/mysqlbinlog + - -bin/mysqlcheck - -bin/mysqld_multi - -bin/mysqlimport - - -bin/mysql_install_db - - -bin/mysql_plugin - -bin/mysqlpump - - -bin/mysql_secure_installation + - -bin/mysqlrouter* - -bin/mysqlshow - -bin/mysqlslap - - -bin/mysql_ssl_rsa_setup - - -bin/mysqltest - - -bin/mysql_tzinfo_to_sql + - -bin/mysqltest* - -bin/perror - - -bin/replace - - -bin/resolveip - - -bin/resolve_stack_dump - -bin/zlib_decompress # Copy over our MySQL scripts diff --git a/src/mysql/bin/start_mysql b/src/mysql/bin/start_mysql index 9d887e9..86e0287 100755 --- a/src/mysql/bin/start_mysql +++ b/src/mysql/bin/start_mysql @@ -56,7 +56,7 @@ if [ $new_install = true ]; then ALTER USER 'root'@'localhost' IDENTIFIED BY '$root_password'; CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY '$nextcloud_password'; CREATE DATABASE nextcloud; - GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY '$nextcloud_password'; + GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost'; SQL then # Now the root mysql user has a password. Save that as well. @@ -75,20 +75,10 @@ else sed -ri "s|(socket\s*=\s*)/var/snap/.*mysql.sock|\1$MYSQL_SOCKET|" "$MYSQL_ROOT_OPTION_FILE" fi -# Wait here until mysql is running +# Wait here until mysql is running. MySQL 8 runs the upgrade automatically, +# so no need to do that, anymore. wait_for_mysql -f -# Check and upgrade mysql tables if necessary. This will return 0 if the upgrade -# succeeded, in which case we need to restart mysql. -echo "Checking/upgrading mysql tables if necessary..." -if mysql_upgrade --defaults-file="$MYSQL_ROOT_OPTION_FILE"; then - echo "Restarting mysql server after upgrade..." - "$SNAP/support-files/mysql.server" restart - - # Wait for server to come back after upgrade - wait_for_mysql -f -fi - # If this was a new installation, wait until the server is all up and running # before saving off the nextcloud user's password. This way the presence of the # file can be used as a signal that mysql is ready to be used. diff --git a/src/mysql/support-files/mysql.server b/src/mysql/support-files/mysql.server index 8dfea09..10f60e9 100755 --- a/src/mysql/support-files/mysql.server +++ b/src/mysql/support-files/mysql.server @@ -115,7 +115,7 @@ other_args="$*" # uncommon, but needed when called from an RPM upgrade action # Upstream mysql stuff, no need to fix this # shellcheck disable=SC2116,SC2039 case "$(echo "testing\c")","$(echo -n testing)" in - *c*,-n*) echo_n="" echo_c="" ;; + *c*,-n*) echo_n="" echo_c="" ;; *c*,*) echo_n=-n echo_c="" ;; *) echo_n="" echo_c='\c' ;; esac @@ -202,7 +202,7 @@ case "$mode" in then # Give extra arguments to mysqld with the my.cnf file. This script # may be overwritten at next upgrade. - "$bindir/mysqld_safe" --defaults-file="$SNAP/my.cnf" --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --lc-messages-dir="$SNAP/share" --socket="$MYSQL_SOCKET" "$other_args" >/dev/null 2>&1 & + "$bindir/mysqld_safe" --defaults-file="$SNAP/my.cnf" --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --lc-messages-dir="$SNAP/share" --socket="$MYSQL_SOCKET" "$other_args" >/dev/null & wait_for_pid created "$!" "$mysqld_pid_file_path"; return_value=$? # Make lock for RedHat / SuSE @@ -253,7 +253,7 @@ case "$mode" in 'restart') # Stop the service and regardless of whether it was # running or not, start it again. - if $0 stop "$other_args"; then + if $0 stop "$other_args"; then $0 start "$other_args" else log_failure_msg "Failed to stop running server, so refusing to try to start." From 9a2a9bc06e40f2a78c7d8794e87d17e487ed711b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 8 May 2021 06:34:25 -0700 Subject: [PATCH 383/416] CHANGELOG: update for 20.0.9snap2 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 737e4de..ae11e4a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 20.0.9snap2 + - mysql: update to 8.0.24 + - php: update to 7.4.18 + v 20.0.9snap1 - mysql: update to 5.7.34 - nextcloud: update to 20.0.9 diff --git a/README.md b/README.md index b171c89..7d05aa3 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Nextcloud server packaged as a snap. It consists of: - Nextcloud 20.0.9 - Apache 2.4 - PHP 7.3 -- MySQL 5.7 +- MySQL 8 - Redis 5.0 - mDNS for network discovery From 985ad2784c2a425dd28c0fad7afbf7412d540150 Mon Sep 17 00:00:00 2001 From: szaimen Date: Sun, 9 May 2021 19:14:22 +0200 Subject: [PATCH 384/416] Readme.md - Show correct php version Signed-off-by: szaimen --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7d05aa3..354e96e 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Nextcloud server packaged as a snap. It consists of: - Nextcloud 20.0.9 - Apache 2.4 -- PHP 7.3 +- PHP 7.4 - MySQL 8 - Redis 5.0 - mDNS for network discovery From bc38c88a83152a855e365acc9d32c55160708318 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 14 May 2021 23:54:03 -0700 Subject: [PATCH 385/416] nextcloud: update to 21.0.1 Resolve #1727 Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index b5ca458..126681b 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-20.0.9.tar.bz2 - source-checksum: sha256/c8fe4ae86bc51276be6d39cbaf3f45f3b29df901cd5a4163b8a6af0e09e9ff04 + source: https://download.nextcloud.com/server/releases/nextcloud-21.0.1.tar.bz2 + source-checksum: sha256/dd7c8ccc01547914a75b44bbf86028289c8919dc39f4e2e720147b6bd596aebe organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 8d2a9054275ba76087145995f15d9434c08eb83a Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 18 May 2021 22:00:01 -0700 Subject: [PATCH 386/416] CHANGELOG: update for 21.0.1snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index ae11e4a..ee9fc14 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 21.0.1snap1 + - nextcloud: update to 21.0.1 + v 20.0.9snap2 - mysql: update to 8.0.24 - php: update to 7.4.18 diff --git a/README.md b/README.md index 354e96e..0d97db2 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 20.0.9 +- Nextcloud 21 - Apache 2.4 - PHP 7.4 - MySQL 8 From 4c0e0abfed2702d8e749e57a516fa8c20a327bd1 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 28 May 2021 20:41:42 -0700 Subject: [PATCH 387/416] mysql: disable binary logging This was disabled in v5.7, and is supposed to be disabled in v8 when initialized with the method we're using, but it's not. Disable it to keep the same behavior. We're not replicating, anyway-- this should be unnecessary. Resolve #1742. Signed-off-by: Kyle Fazzari --- src/mysql/my.cnf | 1 + 1 file changed, 1 insertion(+) diff --git a/src/mysql/my.cnf b/src/mysql/my.cnf index dc4a58b..07b563b 100644 --- a/src/mysql/my.cnf +++ b/src/mysql/my.cnf @@ -3,5 +3,6 @@ user=root max_allowed_packet=100M secure-file-priv=NULL skip-networking +skip-log-bin transaction_isolation=READ-COMMITTED log_error=../logs/mysql_errors.log From 21677156d83eed89e33152e5bfec095bcaaa0967 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sat, 29 May 2021 21:23:34 -0700 Subject: [PATCH 388/416] CHANGELOG: update for 21.0.1snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index ee9fc14..b672964 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 21.0.1snap2 + - mysql: disable binary logging + v 21.0.1snap1 - nextcloud: update to 21.0.1 From 88d13aa6c441a1a6926c962970be9644c542a70a Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Wed, 2 Jun 2021 06:49:04 -0500 Subject: [PATCH 389/416] Upgrade Apache 2.4.48 Fixes #1753 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 126681b..f583dad 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -134,8 +134,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.46.tar.bz2 - source-checksum: sha256/740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.48.tar.bz2 + source-checksum: sha256/1bc826e7b2e88108c7e4bf43c026636f77a41d849cfb667aa7b5c0b86dbf966c override-pull: | snapcraftctl pull From e78e06bc763d551fcc2c4e6daa74656fcb2a5458 Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Thu, 3 Jun 2021 06:42:02 -0500 Subject: [PATCH 390/416] Upgrade PHP 7.4.20 Fixes #1756 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index f583dad..aba0b7f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -202,8 +202,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.4.18.tar.bz2/from/this/mirror - source-checksum: sha256/2e455932e9c6f5889b1dc879f36fdd5744eaf1ff572b1b778958cbb8f5c1842f + source: https://php.net/get/php-7.4.20.tar.bz2/from/this/mirror + source-checksum: sha256/0ada6bc635e530fa7a4eb55e639dc070077108e5c9885f750b47007fd267b634 source-type: tar install-via: prefix configflags: From 61ad50d7c713ebd15703d4bcf131035234460fab Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 14 Jun 2021 08:31:51 -0700 Subject: [PATCH 391/416] ci: enable daily build and test of v21 latest Also disable v18, which is no longer supported. Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 24 ++++++++++++------------ .travis/cron.sh | 12 ++++++------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8990586..a763ba3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -68,7 +68,7 @@ jobs: # Run the tests command: ./.circleci/runtests.sh - test-daily-v18: + test-daily-v19: working_directory: ~/nextcloud-snap machine: image: ubuntu-1604:202004-01 @@ -80,13 +80,13 @@ jobs: command: | sudo apt update -qq sudo apt install -y snapd - sudo snap install nextcloud --channel=18/edge + sudo snap install nextcloud --channel=19/edge - run: # Run the tests command: ./.circleci/runtests.sh - test-daily-v19: + test-daily-v20: working_directory: ~/nextcloud-snap machine: image: ubuntu-1604:202004-01 @@ -98,13 +98,13 @@ jobs: command: | sudo apt update -qq sudo apt install -y snapd - sudo snap install nextcloud --channel=19/edge + sudo snap install nextcloud --channel=20/edge - run: # Run the tests command: ./.circleci/runtests.sh - test-daily-v20: + test-daily-v21: working_directory: ~/nextcloud-snap machine: image: ubuntu-1604:202004-01 @@ -116,7 +116,7 @@ jobs: command: | sudo apt update -qq sudo apt install -y snapd - sudo snap install nextcloud --channel=20/edge + sudo snap install nextcloud --channel=21/edge - run: # Run the tests @@ -138,7 +138,7 @@ workflows: jobs: [test-daily-master] - daily-v18: + daily-v19: triggers: - schedule: # 0700 UTC == 0000 PSC @@ -147,9 +147,9 @@ workflows: branches: only: develop - jobs: [test-daily-v18] + jobs: [test-daily-v19] - daily-v19: + daily-v20: triggers: - schedule: # 0700 UTC == 0000 PSC @@ -158,9 +158,9 @@ workflows: branches: only: develop - jobs: [test-daily-v19] + jobs: [test-daily-v20] - daily-v20: + daily-v21: triggers: - schedule: # 0700 UTC == 0000 PSC @@ -169,4 +169,4 @@ workflows: branches: only: develop - jobs: [test-daily-v20] + jobs: [test-daily-v21] diff --git a/.travis/cron.sh b/.travis/cron.sh index b9a9dd3..cf22bf9 100755 --- a/.travis/cron.sh +++ b/.travis/cron.sh @@ -1,9 +1,9 @@ #!/bin/bash latest_master_url="https://download.nextcloud.com/server/daily/latest-master.tar.bz2" -latest_stable18_url="https://download.nextcloud.com/server/daily/latest-stable18.tar.bz2" latest_stable19_url="https://download.nextcloud.com/server/daily/latest-stable19.tar.bz2" latest_stable20_url="https://download.nextcloud.com/server/daily/latest-stable20.tar.bz2" +latest_stable21_url="https://download.nextcloud.com/server/daily/latest-stable21.tar.bz2" rewrite_snapcraft_yaml() { @@ -37,11 +37,6 @@ request_build \ "latest-master" "$latest_master_url" "master-$today" \ "From CI: Use Nextcloud latest master" -echo "Requesting build of latest 18..." -request_build \ - "latest-18" "$latest_stable18_url" "18-$today" \ - "From CI: Use Nextcloud latest 18" - echo "Requesting build of latest 19..." request_build \ "latest-19" "$latest_stable19_url" "19-$today" \ @@ -51,3 +46,8 @@ echo "Requesting build of latest 20..." request_build \ "latest-20" "$latest_stable20_url" "20-$today" \ "From CI: Use Nextcloud latest 20" + +echo "Requesting build of latest 21..." +request_build \ + "latest-21" "$latest_stable21_url" "21-$today" \ + "From CI: Use Nextcloud latest 21" From 2c145249516e688eff6d83bc748cdb3c2f1c504d Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Thu, 1 Jul 2021 10:35:03 -0500 Subject: [PATCH 392/416] Upgrade PHP to 7.4.21 Fixes #1777 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index aba0b7f..afe6195 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -202,8 +202,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.4.20.tar.bz2/from/this/mirror - source-checksum: sha256/0ada6bc635e530fa7a4eb55e639dc070077108e5c9885f750b47007fd267b634 + source: https://php.net/get/php-7.4.21.tar.bz2/from/this/mirror + source-checksum: sha256/36ec6102e757e2c2b7742057a700bbff77c76fa0ccbe9c860398c3d24e32822a source-type: tar install-via: prefix configflags: From 5b199ea0984fdd62f5955d499c00a6421cdb3842 Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Thu, 1 Jul 2021 15:12:44 -0500 Subject: [PATCH 393/416] Upgrade Nextcloud 21.0.3 Fixes #1780 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index aba0b7f..a9c5a98 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-21.0.1.tar.bz2 - source-checksum: sha256/dd7c8ccc01547914a75b44bbf86028289c8919dc39f4e2e720147b6bd596aebe + source: https://download.nextcloud.com/server/releases/nextcloud-21.0.3.tar.bz2 + source-checksum: sha256/8adcd175c7a70c33332586fa9ce36d03ba02d1df5d4c334d1210201d3fb953ee organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 1c9942dc99809f34a7425554624b669606ca3343 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 6 Jul 2021 09:23:20 -0700 Subject: [PATCH 394/416] CHANGELOG: update for 21.0.3snap1 Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index b672964..c8805b9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 21.0.3snap1 + - nextcloud: update to 21.0.3 + - php: update to 7.4.21 + - apache: update to 2.4.48 + v 21.0.1snap2 - mysql: disable binary logging From 7691e3ceae9da6f65dbe20c24786a67de7529931 Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Tue, 20 Jul 2021 06:50:32 -0500 Subject: [PATCH 395/416] Upgrade MySQL to 8.0.26 Fixes #1795 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 3c43a41..377211d 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -339,8 +339,8 @@ parts: after: [boost] # Get from https://dev.mysql.com/downloads/mysql/ - source: https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-8.0.24.tar.gz - source-checksum: md5/e8cb8eafe07e22d5da123ffc5ca79e56 + source: https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-8.0.26.tar.gz + source-checksum: md5/3b3e641a80005dde29ad52b4d1649c6b configflags: - -DCMAKE_INSTALL_PREFIX=/ - -DBUILD_CONFIG=mysql_release From 157ed585e8b1d89c80ebeff397c1dd64fe26bc08 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 22 Jul 2021 18:25:14 -0700 Subject: [PATCH 396/416] nextcloud: support specifying data directory in manual-install Nextcloud's `occ maintenance:install` doesn't support autoconfig.php, which means there's currently no way to specify a data directory for the snap if one wants to install it from the CLI. Add support for this as a new option to the manual-install script. Resolve #1670 Signed-off-by: Kyle Fazzari --- src/nextcloud/bin/manual-install | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/src/nextcloud/bin/manual-install b/src/nextcloud/bin/manual-install index 24a4adc..455c491 100755 --- a/src/nextcloud/bin/manual-install +++ b/src/nextcloud/bin/manual-install @@ -8,24 +8,34 @@ . "$SNAP/utilities/nextcloud-utilities" COMMAND="nextcloud.manual-install" +data_directory="$NEXTCLOUD_DATA_DIR" print_usage() { echo "Usage:" - echo " $COMMAND -h" - echo " Display this help message." + echo " $COMMAND [-h -d ] " echo "" - echo " $COMMAND " echo " Install Nextcloud, creating the admin user with the provided" echo " credentials." + echo "" + echo " -h: Display this help message." + echo " -d : Use as data directory (defaults to" + echo " '$data_directory')" } -while getopts ":h" opt; do +while getopts ":hd:" opt; do case $opt in h) print_usage exit 0 ;; + d) + data_directory="$OPTARG" + ;; + :) + echo "Invalid option: $OPTARG requires an argument" >&2 + exit 1 + ;; \?) echo "Invalid option: -$OPTARG" >&2 exit 1 @@ -63,7 +73,7 @@ if [ -n "$mysql_nextcloud_password" ]; then --database-user="nextcloud" \ --database-host="localhost:$MYSQL_SOCKET" \ --database-pass="$mysql_nextcloud_password" \ - --data-dir="$NEXTCLOUD_DATA_DIR" \ + --data-dir="$data_directory" \ --admin-user="$username" \ --admin-pass="$password" fi From bfc28d0636e64913ce2e1906b835881dbce080e4 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 23 Jul 2021 23:17:53 -0700 Subject: [PATCH 397/416] mysql: add gcc-8 and g++-8 build-packages This is required as of MySQL v8.0.26. Signed-off-by: Kyle Fazzari --- snap/snapcraft.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 377211d..06ede30 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -367,6 +367,9 @@ parts: build-packages: - libncurses5-dev - binutils + - gcc-8 + - g++-8 + stage: # Remove scripts that we'll be replacing with our own - -support-files/mysql.server From b5ec8b7cb8f68cdf0ab81887adc0172c737d17d6 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 26 Jul 2021 09:28:48 -0700 Subject: [PATCH 398/416] CHANGELOG: update for 21.0.3snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index c8805b9..12e3574 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v 21.0.3snap2 + - nextcloud: support specifying data directory in manual-install + - mysql: upgrade to 8.0.26 + v 21.0.3snap1 - nextcloud: update to 21.0.3 - php: update to 7.4.21 From c1582ba2a182e8b031b7a6f64e71403ae1e12955 Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Fri, 6 Aug 2021 06:01:02 -0500 Subject: [PATCH 399/416] Upgrade Nextcloud to 21.0.4 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 06ede30..73c64d2 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-21.0.3.tar.bz2 - source-checksum: sha256/8adcd175c7a70c33332586fa9ce36d03ba02d1df5d4c334d1210201d3fb953ee + source: https://download.nextcloud.com/server/releases/nextcloud-21.0.4.tar.bz2 + source-checksum: sha256/4a0d30febfba53118ba990a0c2d2c16767b77aa676afc937d2018d6865c5fe3a organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 8da0dced70b2774e4893ec6194eec4c4382828ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Pe=C3=B1a=20Segarra?= Date: Tue, 17 Aug 2021 23:17:29 +0200 Subject: [PATCH 400/416] Update Redis to 6.0.15 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also update phpredis to 5.3.4 Fixes #1811 Signed-off-by: Marc Peña Segarra --- snap/snapcraft.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 06ede30..f120371 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -289,13 +289,13 @@ parts: sbin/php-fpm: bin/php-fpm extensions: # Build the redis PHP module - - source: https://github.com/phpredis/phpredis/archive/5.3.3.tar.gz - source-checksum: sha256/7b0f487f8ad4b93ed0542a9bb650d4d47bea64abc54c9440280458f329bc34e7 + - source: https://github.com/phpredis/phpredis/archive/5.3.4.tar.gz + source-checksum: sha256/c0df53dc4e8cd2921503fefa224cfd51de7f74561324a6d3c66f30d4016178b3 redis: plugin: redis - source: http://download.redis.io/releases/redis-5.0.12.tar.gz - source-checksum: sha256/7040eba5910f7c3d38f05ea5a1d88b480488215bdbd2e10ec70d18380108e31e + source: http://download.redis.io/releases/redis-6.0.15.tar.gz + source-checksum: sha256/4bc295264a95bc94423c162a9eee66135a24a51eefe5f53f18fc9bde5c3a9f74 redis-customizations: plugin: dump From daf9535d4690977aef701f25109ed743c7d6103c Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Thu, 19 Aug 2021 13:17:40 -0500 Subject: [PATCH 401/416] Upgrade Nextcloud 22.1.0 Fixes #1813 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 06ede30..bf40029 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-21.0.3.tar.bz2 - source-checksum: sha256/8adcd175c7a70c33332586fa9ce36d03ba02d1df5d4c334d1210201d3fb953ee + source: https://download.nextcloud.com/server/releases/nextcloud-22.1.0.tar.bz2 + source-checksum: sha256/4820808f799146853604e1fa27d7f292449018a44dc73bf928a97b02028318ba organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 264a22ae5095e595b5921af1ab474eea8fb337cb Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Thu, 26 Aug 2021 11:25:05 -0500 Subject: [PATCH 402/416] Upgrade PHP to 7.4.23 Fixes #1819 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c2a9b21..5da21a0 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -202,8 +202,8 @@ parts: php: plugin: php - source: https://php.net/get/php-7.4.21.tar.bz2/from/this/mirror - source-checksum: sha256/36ec6102e757e2c2b7742057a700bbff77c76fa0ccbe9c860398c3d24e32822a + source: https://php.net/get/php-7.4.23.tar.bz2/from/this/mirror + source-checksum: sha256/d1e094fe6e4f832e0a64be9c69464ba5d593fb216f914efa8bbb084e0a7a5727 source-type: tar install-via: prefix configflags: From 7a5ad4e86d1f1872d7a16efa0be416e2a14e98ae Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Mon, 30 Aug 2021 12:12:02 -0500 Subject: [PATCH 403/416] Upgrade Nextcloud 21.1.1 Signed-off-by: stondino00 <54154986+stondino00@users.noreply.github.com> --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index bf40029..1badeb7 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -188,8 +188,8 @@ parts: nextcloud: plugin: dump - source: https://download.nextcloud.com/server/releases/nextcloud-22.1.0.tar.bz2 - source-checksum: sha256/4820808f799146853604e1fa27d7f292449018a44dc73bf928a97b02028318ba + source: https://download.nextcloud.com/server/releases/nextcloud-22.1.1.tar.bz2 + source-checksum: sha256/e55b6eb977fb539081e33a7d8f196e38430eb337cc76bf0379a663a497fbde5b organize: '*': htdocs/ '.htaccess': htdocs/.htaccess From 33490b92cbbbf2e584ec6a0e407d709272d0e116 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 5 Sep 2021 13:29:24 -0700 Subject: [PATCH 404/416] CHANGELOG: update for 21.0.4snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 5 +++++ README.md | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 12e3574..4ac95be 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +v 21.0.4snap1 + - php: update to 7.4.23 + - redis: update to 6.0.15 + - nextcloud: update to 21.0.4 + v 21.0.3snap2 - nextcloud: support specifying data directory in manual-install - mysql: upgrade to 8.0.26 diff --git a/README.md b/README.md index 0d97db2..fcab054 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Nextcloud server packaged as a snap. It consists of: - Apache 2.4 - PHP 7.4 - MySQL 8 -- Redis 5.0 +- Redis 6 - mDNS for network discovery From 9ab994b30e1db861a7781a75ddcbf0735bad6e8a Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Sun, 5 Sep 2021 15:59:40 -0700 Subject: [PATCH 405/416] Add workflow for managing stale issues/PRs Signed-off-by: Kyle Fazzari --- .github/workflows/stale.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/workflows/stale.yml diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..cfaa80f --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,16 @@ +name: Manage stale issues and pull requests + +on: + schedule: + - cron: "0 0 * * *" + +jobs: + stale: + permissions: + issues: write + pull-requests: write + + runs-on: ubuntu-latest + + steps: + - uses: actions/stale@v4 \ No newline at end of file From 09139a001f2775cdcb8e02a95eb6fc4c6c733e5c Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Mon, 6 Sep 2021 16:21:51 -0700 Subject: [PATCH 406/416] migrations: extract version sanity checks into common utilities Begin using shellspec to test shell code. Fix #1808 Signed-off-by: Kyle Fazzari --- .circleci/config.yml | 46 ++-- .circleci/runtests.sh | 8 +- .shellspec | 12 + src/common/utilities/common-utilities | 76 +++++++ src/migrations/bin/run-snap-migrations | 57 +---- tests/.rspec | 1 + tests/Gemfile | 3 + tests/Gemfile.lock | 55 ++--- tests/Rakefile | 2 +- .../{spec => integration}/change_mode_spec.rb | 0 .../change_php_memory_limit_spec.rb | 0 .../{spec => integration}/change_port_spec.rb | 0 .../enable_https_spec.rb | 0 .../import_export_spec.rb | 0 tests/{spec => integration}/login_spec.rb | 0 .../maintenance_mode_spec.rb | 0 tests/{spec => integration}/spec_helper.rb | 3 + tests/run-tests.sh | 85 +++++++ tests/static.sh | 30 --- tests/unit/common_utilities_spec.sh | 211 ++++++++++++++++++ tests/unit/spec_helper.sh | 24 ++ 21 files changed, 483 insertions(+), 130 deletions(-) create mode 100644 .shellspec rename tests/{spec => integration}/change_mode_spec.rb (100%) rename tests/{spec => integration}/change_php_memory_limit_spec.rb (100%) rename tests/{spec => integration}/change_port_spec.rb (100%) rename tests/{spec => integration}/enable_https_spec.rb (100%) rename tests/{spec => integration}/import_export_spec.rb (100%) rename tests/{spec => integration}/login_spec.rb (100%) rename tests/{spec => integration}/maintenance_mode_spec.rb (100%) rename tests/{spec => integration}/spec_helper.rb (98%) create mode 100755 tests/run-tests.sh delete mode 100755 tests/static.sh create mode 100644 tests/unit/common_utilities_spec.sh create mode 100644 tests/unit/spec_helper.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index a763ba3..35aa77c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,6 +1,6 @@ version: 2 jobs: - static-tests: + static: working_directory: ~/nextcloud-snap docker: - image: ubuntu:bionic @@ -10,11 +10,25 @@ jobs: - run: # Run the static tests command: | - apt update -qq - apt install shellcheck -y - ./tests/static.sh + apt-get update -qq + apt-get install -qq shellcheck + ./tests/run-tests.sh static - build: + unit: + working_directory: ~/nextcloud-snap + docker: + - image: ubuntu:bionic + steps: + - checkout + + - run: + # Run the unit tests + command: | + apt-get update -qq + apt-get install -qq curl git + ./tests/run-tests.sh unit + + integration: working_directory: ~/nextcloud-snap machine: image: ubuntu-1604:202004-01 @@ -36,8 +50,8 @@ jobs: - run: # Install and run the review tools on the resulting snap command: | - sudo apt update -qq - sudo apt install -y snapd + sudo apt-get update -qq + sudo apt-get install -qq snapd sudo snap install review-tools sudo /snap/bin/review-tools.snap-review *.snap @@ -60,8 +74,8 @@ jobs: - run: # Install the snap and create an admin user command: | - sudo apt update -qq - sudo apt install -y snapd + sudo apt-get update -qq + sudo apt-get install -qq snapd sudo snap install --edge nextcloud - run: @@ -78,8 +92,8 @@ jobs: - run: # Install the snap and create an admin user command: | - sudo apt update -qq - sudo apt install -y snapd + sudo apt-get update -qq + sudo apt-get install -qq snapd sudo snap install nextcloud --channel=19/edge - run: @@ -96,8 +110,8 @@ jobs: - run: # Install the snap and create an admin user command: | - sudo apt update -qq - sudo apt install -y snapd + sudo apt-get update -qq + sudo apt-get install -qq snapd sudo snap install nextcloud --channel=20/edge - run: @@ -114,8 +128,8 @@ jobs: - run: # Install the snap and create an admin user command: | - sudo apt update -qq - sudo apt install -y snapd + sudo apt-get update -qq + sudo apt-get install -qq snapd sudo snap install nextcloud --channel=21/edge - run: @@ -125,7 +139,7 @@ jobs: workflows: version: 2 commit: - jobs: [static-tests, build] + jobs: [static, unit, integration] daily-master: triggers: diff --git a/.circleci/runtests.sh b/.circleci/runtests.sh index b558a50..90f610e 100755 --- a/.circleci/runtests.sh +++ b/.circleci/runtests.sh @@ -3,9 +3,9 @@ # Note that the tests require chrome and chromedriver, but the CircleCI machine # executor image already contains both. -# In order to use rvm, we need a login shell. We need to install -# Ruby v2.4.0 (the older version that is the default doesn't handle -# the redirection that we test) +# In order to use rvm, we need a login shell. The older version of Ruby that is +# the default doesn't handle the redirection that we test, so we need a newer +# one (at least 2.4). bash --login -c ' rvm install 2.6.2 rvm use 2.6.2 @@ -13,5 +13,5 @@ bash --login -c ' gem update --system gem install bundler bundle install --deployment - bundle exec rake test + bundle exec ./run-tests.sh integration ' diff --git a/.shellspec b/.shellspec new file mode 100644 index 0000000..d567ecf --- /dev/null +++ b/.shellspec @@ -0,0 +1,12 @@ +--require spec_helper + +## Default kcov (coverage) options +# --kcov-options "--include-path=. --path-strip-level=1" +# --kcov-options "--include-pattern=.sh" +# --kcov-options "--exclude-pattern=/.shellspec,/spec/,/coverage/,/report/" + +## Example: Include script "myprog" with no extension +# --kcov-options "--include-pattern=.sh,myprog" + +## Example: Only specified files/directories +# --kcov-options "--include-pattern=myprog,/lib/" diff --git a/src/common/utilities/common-utilities b/src/common/utilities/common-utilities index 24f6677..bb71fd9 100755 --- a/src/common/utilities/common-utilities +++ b/src/common/utilities/common-utilities @@ -84,3 +84,79 @@ disable_maintenance_mode() fi return 1 } + +version_less_than() +{ + if [ "$1" = "$2" ]; then + return 1 + fi + + printf "%s\n%s" "$1" "$2" | sort -VC +} + +major_version() +{ + echo "$1" | sed -r 's/([0-9]+)[.-].*/\1/' +} + +is_integer() +{ + expr "$1" : '^[0-9]\+$' > /dev/null +} + +is_semver() +{ + expr "$1" : '^[0-9]\+\.[0-9]\+\.[0-9]\+.*$' > /dev/null +} + +# Nextcloud is very strict about what makes for a valid upgrade: +# +# 1. A minor version upgrade (i.e. with the same major version). +# 2. A single major version upgrade (e.g. 18 to 19, not 18 to 20). +# 3. No downgrades are supported. +is_supported_nextcloud_upgrade() +{ + previous_version="$1" + current_version="$2" + + # Before we can compare versions, we must first confirm we HAVE them both + if [ -z "$previous_version" ] || [ -z "$current_version" ]; then + return 0 + fi + + # Attempt to extract the major version + previous_major_version="$(major_version "$previous_version")" + current_major_version="$(major_version "$current_version")" + + # Before we can compare versions, we must first confirm the major versions + # are numberic (not all versions work this way, e.g. some daily builds). + # This isn't an error, we just can't reliably compare without numbers. + if ! (is_integer "$previous_major_version" && is_integer "$current_major_version"); then + return 0 + fi + + previous_version_is_semver=false + if is_semver "$previous_version"; then + previous_version_is_semver=true + fi + + current_version_is_semver=false + if is_semver "$current_version"; then + current_version_is_semver=true + fi + + # First of all, let's make sure that the new version is actually newer than the + # previous one. If it's not, we already know there are problems. We can only do + # this if both versioning schemes are the same though. + if [ $previous_version_is_semver = $current_version_is_semver ] && version_less_than "$current_version" "$previous_version"; then + echo "Nextcloud doesn't support downgrades, but you can revert. See 'snap revert -h' for details." >&2 + return 1 + fi + + # Now make sure the major version jump is less than or equal to 1 + if [ "$((current_major_version-previous_major_version))" -gt "1" ]; then + next_major_version="$((previous_major_version+1))" + echo "Nextcloud doesn't support skipping major versions, you must upgrade to Nextcloud $next_major_version first. Try 'sudo snap refresh nextcloud --channel=$next_major_version'" >&2 + return 1 + fi +} diff --git a/src/migrations/bin/run-snap-migrations b/src/migrations/bin/run-snap-migrations index a082e38..e979868 100755 --- a/src/migrations/bin/run-snap-migrations +++ b/src/migrations/bin/run-snap-migrations @@ -3,65 +3,14 @@ # shellcheck source=src/common/utilities/common-utilities . "$SNAP/utilities/common-utilities" -version_less_than() -{ - if [ "$1" = "$2" ]; then - return 1 - fi - - printf "%s\n%s" "$1" "$2" | sort -VC -} - -major_version() -{ - echo "$1" | sed -r 's/([0-9]+)[.-].*/\1/' -} - -is_integer() -{ - expr "$1" : '^[0-9]\+$' > /dev/null -} - -# Before we do any migrations, Nextcloud is very strict about what makes for a -# valid upgrade: -# -# 1. A minor version upgrade (i.e. with the same major version). -# 2. A single major version upgrade (e.g. 18 to 19, not 18 to 20). -# 3. No downgrades are supported. -# -# Enforce those rules so folks don't end up needing to revert. - previous_version="$(get_previous_snap_version)" -current_version="$SNAP_VERSION" -# Before we can compare versions, we must first confirm we HAVE them both -if [ -z "$previous_version" ] || [ -z "$current_version" ]; then - exit 0 -fi - -# First of all, let's make sure that the new version is actually newer than the -# previous one. If it's not, we already know there are problems. -if version_less_than "$current_version" "$previous_version"; then - echo "Nextcloud doesn't support downgrades, but you can revert. See 'snap revert -h' for details." >&2 +# Before we do any migrations, Nextcloud is very strict about what makes for a +# valid upgrade. Enforce those rules so folks don't end up needing to revert. +if ! is_supported_nextcloud_upgrade "$previous_version" "$SNAP_VERSION"; then exit 1 fi -# Now attempt to extract the major version -previous_major_version="$(major_version "$previous_version")" -current_major_version="$(major_version "$current_version")" - -# Verify that what we got was actually integers (not all versions work this -# way, e.g. the daily builds). This isn't an error, we just can't reliably -# check this without numbers. -if is_integer "$previous_major_version" && is_integer "$current_major_version"; then - # Now make sure the major version jump is less than or equal to 1 - if [ "$((current_major_version-previous_major_version))" -gt "1" ]; then - next_major_version="$((previous_major_version+1))" - echo "Nextcloud doesn't support skipping major versions, you must upgrade to Nextcloud $next_major_version first. Try 'sudo snap refresh nextcloud --channel=$next_major_version'" >&2 - exit 1 - fi -fi - # Now run the version-specific migrations migrations_directory="$SNAP/migrations" version_migrations="$(find "$migrations_directory" -maxdepth 1 -mindepth 1 -type d | sort -V)" diff --git a/tests/.rspec b/tests/.rspec index c99d2e7..0bbd190 100644 --- a/tests/.rspec +++ b/tests/.rspec @@ -1 +1,2 @@ +-I integration --require spec_helper diff --git a/tests/Gemfile b/tests/Gemfile index ac4ad38..669d378 100644 --- a/tests/Gemfile +++ b/tests/Gemfile @@ -6,6 +6,9 @@ gem 'capybara' # Webdriver for chrome headless gem 'selenium-webdriver' +# Gem to get us the chrome driver +gem 'webdrivers' + # Use nice acceptance tests DSL gem 'rspec' diff --git a/tests/Gemfile.lock b/tests/Gemfile.lock index a401ad3..c456354 100644 --- a/tests/Gemfile.lock +++ b/tests/Gemfile.lock @@ -1,56 +1,61 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) - capybara (3.33.0) + capybara (3.35.3) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) - regexp_parser (~> 1.5) + regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) childprocess (3.0.0) - diff-lcs (1.4.2) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - nokogiri (1.10.9) - mini_portile2 (~> 2.4.0) - public_suffix (4.0.5) + diff-lcs (1.4.4) + mini_mime (1.1.1) + nokogiri (1.12.4-x86_64-linux) + racc (~> 1.4) + public_suffix (4.0.6) + racc (1.5.2) rack (2.2.3) rack-test (1.1.0) rack (>= 1.0, < 3) - rake (13.0.1) - regexp_parser (1.7.1) - rspec (3.9.0) - rspec-core (~> 3.9.0) - rspec-expectations (~> 3.9.0) - rspec-mocks (~> 3.9.0) - rspec-core (3.9.2) - rspec-support (~> 3.9.3) - rspec-expectations (3.9.2) + rake (13.0.6) + regexp_parser (2.1.1) + rspec (3.10.0) + rspec-core (~> 3.10.0) + rspec-expectations (~> 3.10.0) + rspec-mocks (~> 3.10.0) + rspec-core (3.10.1) + rspec-support (~> 3.10.0) + rspec-expectations (3.10.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-mocks (3.9.1) + rspec-support (~> 3.10.0) + rspec-mocks (3.10.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-support (3.9.3) - rubyzip (2.3.0) + rspec-support (~> 3.10.0) + rspec-support (3.10.2) + rubyzip (2.3.2) selenium-webdriver (3.142.7) childprocess (>= 0.5, < 4.0) rubyzip (>= 1.2.2) + webdrivers (4.6.1) + nokogiri (~> 1.6) + rubyzip (>= 1.3.0) + selenium-webdriver (>= 3.0, < 4.0) xpath (3.2.0) nokogiri (~> 1.8) PLATFORMS - ruby + x86_64-linux DEPENDENCIES capybara rake rspec selenium-webdriver + webdrivers BUNDLED WITH - 2.1.4 + 2.2.26 diff --git a/tests/Rakefile b/tests/Rakefile index b7e5090..1960a85 100644 --- a/tests/Rakefile +++ b/tests/Rakefile @@ -3,7 +3,7 @@ require 'rspec/core/rake_task' RSpec::Core::RakeTask.new(:test) do |t| if ENV['TEST'].nil? or ENV['TEST'].empty? - t.pattern = Dir.glob('spec/**/*_spec.rb') + t.pattern = Dir.glob('integration/**/*_spec.rb') else t.pattern = Dir.glob(ENV['TEST']) end diff --git a/tests/spec/change_mode_spec.rb b/tests/integration/change_mode_spec.rb similarity index 100% rename from tests/spec/change_mode_spec.rb rename to tests/integration/change_mode_spec.rb diff --git a/tests/spec/change_php_memory_limit_spec.rb b/tests/integration/change_php_memory_limit_spec.rb similarity index 100% rename from tests/spec/change_php_memory_limit_spec.rb rename to tests/integration/change_php_memory_limit_spec.rb diff --git a/tests/spec/change_port_spec.rb b/tests/integration/change_port_spec.rb similarity index 100% rename from tests/spec/change_port_spec.rb rename to tests/integration/change_port_spec.rb diff --git a/tests/spec/enable_https_spec.rb b/tests/integration/enable_https_spec.rb similarity index 100% rename from tests/spec/enable_https_spec.rb rename to tests/integration/enable_https_spec.rb diff --git a/tests/spec/import_export_spec.rb b/tests/integration/import_export_spec.rb similarity index 100% rename from tests/spec/import_export_spec.rb rename to tests/integration/import_export_spec.rb diff --git a/tests/spec/login_spec.rb b/tests/integration/login_spec.rb similarity index 100% rename from tests/spec/login_spec.rb rename to tests/integration/login_spec.rb diff --git a/tests/spec/maintenance_mode_spec.rb b/tests/integration/maintenance_mode_spec.rb similarity index 100% rename from tests/spec/maintenance_mode_spec.rb rename to tests/integration/maintenance_mode_spec.rb diff --git a/tests/spec/spec_helper.rb b/tests/integration/spec_helper.rb similarity index 98% rename from tests/spec/spec_helper.rb rename to tests/integration/spec_helper.rb index 7b339d9..c76b406 100644 --- a/tests/spec/spec_helper.rb +++ b/tests/integration/spec_helper.rb @@ -7,6 +7,9 @@ require 'capybara/rspec' require 'selenium-webdriver' +# CircleCI has a chrome driver already in the image +require 'webdrivers' unless ENV.include? 'CIRCLECI' + if ENV['FIREFOX'] Capybara.register_driver :firefox do |app| options = Selenium::WebDriver::Firefox::Options.new( diff --git a/tests/run-tests.sh b/tests/run-tests.sh new file mode 100755 index 0000000..5831e30 --- /dev/null +++ b/tests/run-tests.sh @@ -0,0 +1,85 @@ +#!/bin/sh -e + +tests_dir=$(CDPATH="" cd -- "$(dirname -- "$0")" && pwd) + +run_shellcheck() +{ + checks=0 + failures=0 + while IFS= read -r file; do + # Skip hidden files + if expr "$(basename "$file")" : '^\.' > /dev/null; then + continue + fi + + checks=$((checks+1)) + if ! shellcheck -x "$file"; then + failures=$((failures+1)) + fi + done + + echo "Checked $checks files ($failures failed)" + + if [ $failures -gt 0 ]; then + return 1 + fi + + return 0 +} + +run_static_tests() +{ + grep -rl "^#!/bin/sh" "$tests_dir/../src/" | run_shellcheck +} + +run_unit_tests() +{ + [ ! -f "$HOME/.local/bin/shellspec" ] && curl -fsSL https://git.io/shellspec | sh -s 0.28.1 -y + $HOME/.local/bin/shellspec --helperdir "$tests_dir/unit" --default-path "$tests_dir/unit" --load-path "$tests_dir/unit" +} + +run_integration_tests() +{ + (cd "$tests_dir" && rake test) +} + +if [ $# = 0 ]; then + suite="all" +elif [ $# = 1 ]; then + suite="$1" + shift +else + echo "Usage:" + echo " run-tests.sh [all | static | unit | integration]" + exit 1 +fi + +static=false +unit=false +integration=false + +case "$suite" in + static) + static=true + ;; + unit) + unit=true + ;; + integration) + integration=true + ;; + all) + static=true + unit=true + integration=true + ;; + *) + echo "Invalid test suite: '$suite'" >&2 + exit 1 + ;; +esac + +[ "$static" = true ] && run_static_tests +[ "$unit" = true ] && run_unit_tests +[ "$integration" = true ] && run_integration_tests +exit 0 diff --git a/tests/static.sh b/tests/static.sh deleted file mode 100755 index 7999705..0000000 --- a/tests/static.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh - -tests_dir=$(CDPATH="" cd -- "$(dirname -- "$0")" && pwd) - -run_shellcheck() -{ - checks=0 - failures=0 - while IFS= read -r file; do - # Skip hidden files - if expr "$(basename "$file")" : '^\.' > /dev/null; then - continue - fi - - checks=$((checks+1)) - if ! shellcheck -x "$file"; then - failures=$((failures+1)) - fi - done - - echo "Checked $checks files ($failures failed)" - - if [ $failures -gt 0 ]; then - return 1 - fi - - return 0 -} - -grep -rl "^#!/bin/sh" "$tests_dir/../src/" | run_shellcheck diff --git a/tests/unit/common_utilities_spec.sh b/tests/unit/common_utilities_spec.sh new file mode 100644 index 0000000..a035741 --- /dev/null +++ b/tests/unit/common_utilities_spec.sh @@ -0,0 +1,211 @@ +Describe 'common-utilities' + Include src/common/utilities/common-utilities + Describe 'version_less_than' + It 'handles less than' + When call version_less_than '1.2.3' '1.2.4' + The status should be success + End + + It 'handles greater than' + When call version_less_than '1.2.4' '1.2.3' + The status should be failure + End + + It 'handles equal' + When call version_less_than '1.2.3' '1.2.3' + The status should be failure + End + + It 'handles daily less than' + When call version_less_than '18-2021-05-14' '18-2021-05-15' + The status should be success + End + + It 'handles daily greater than' + When call version_less_than '18-2021-05-15' '18-2021-05-14' + The status should be failure + End + + It 'handles daily equal' + When call version_less_than '18-2021-05-15' '18-2021-05-15' + The status should be failure + End + End + + Describe 'major_version' + It 'handles empty strings' + When call major_version '' + The status should be success + The output should equal '' + End + + It 'handles semver' + When call major_version '1.2.3' + The status should be success + The output should equal '1' + End + + It 'handles snap version' + When call major_version '1.2.3snap4' + The status should be success + The output should equal '1' + End + + It 'handles daily versions' + When call major_version '18-2021-05-15' + The status should be success + The output should equal '18' + End + End + + Describe 'is_integer' + It 'handles strings' + When call is_integer 'foo' + The status should be failure + End + + It 'handles floats' + When call is_integer '1.2' + The status should be failure + End + + It 'handles integers' + When call is_integer '1' + The status should be success + End + End + + Describe 'is_semver' + It 'rejects integer' + When call is_semver '1' + The status should be failure + End + + It 'rejects float' + When call is_semver '1.2' + The status should be failure + End + + It 'rejects daily version' + When call is_semver '18-2021-05-15' + The status should be failure + End + + It 'accepts valid semver' + When call is_semver '1.2.3' + The status should be success + End + + It 'accepts snap version' + When call is_semver '1.2.3snap4' + The status should be success + End + End + + Describe 'is_supported_nextcloud_upgrade' + It 'handles no previous version' + When call is_supported_nextcloud_upgrade '' '1.2.3' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'handles no current version' + When call is_supported_nextcloud_upgrade '1.2.3' '' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'handles same version' + When call is_supported_nextcloud_upgrade '1.2.3' '1.2.3' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'errors on downgrade' + When call is_supported_nextcloud_upgrade '1.2.3' '1.2.2' + The status should be failure + The output should equal '' + The error should match pattern "[Nn]extcloud doesn't support downgrades*" + End + + It 'handles minor upgrade' + When call is_supported_nextcloud_upgrade '1.2.3' '1.2.4' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'handles major upgrade' + When call is_supported_nextcloud_upgrade '1.2.3' '2.0.0' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'errors on daily downgrade' + When call is_supported_nextcloud_upgrade '18-2021-05-15' '18-2021-05-14' + The status should be failure + The output should equal '' + The error should match pattern "[Nn]extcloud doesn't support downgrades*" + End + + It 'handles minor daily upgrade' + When call is_supported_nextcloud_upgrade '18-2021-05-15' '18-2021-05-16' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'handles major daily upgrade' + When call is_supported_nextcloud_upgrade '18-2021-05-15' '19-2021-05-15' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'handles switching from daily to stable' + When call is_supported_nextcloud_upgrade '18-2021-05-15' '19.0.12snap1' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'handles switching from stable to daily' + When call is_supported_nextcloud_upgrade '18.0.12snap1' '18-2021-05-15' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'handles switching from stable to master' + When call is_supported_nextcloud_upgrade '18.0.12snap1' 'master-2021-05-15' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'handles switching from master to stable' + When call is_supported_nextcloud_upgrade 'master-2021-05-15' '18.0.12snap1' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'handles switching from daily to master' + When call is_supported_nextcloud_upgrade '18-2021-05-15' 'master-2021-05-15' + The status should be success + The output should equal '' + The error should equal '' + End + + It 'handles switching from master to daily' + When call is_supported_nextcloud_upgrade 'master-2021-05-15' '18-2021-05-15' + The status should be success + The output should equal '' + The error should equal '' + End + End +End diff --git a/tests/unit/spec_helper.sh b/tests/unit/spec_helper.sh new file mode 100644 index 0000000..93f1908 --- /dev/null +++ b/tests/unit/spec_helper.sh @@ -0,0 +1,24 @@ +# shellcheck shell=sh + +# Defining variables and functions here will affect all specfiles. +# Change shell options inside a function may cause different behavior, +# so it is better to set them here. +# set -eu + +# This callback function will be invoked only once before loading specfiles. +spec_helper_precheck() { + # Available functions: info, warn, error, abort, setenv, unsetenv + # Available variables: VERSION, SHELL_TYPE, SHELL_VERSION + : minimum_version "0.28.1" +} + +# This callback function will be invoked after a specfile has been loaded. +spec_helper_loaded() { + : +} + +# This callback function will be invoked after core modules has been loaded. +spec_helper_configure() { + # Available functions: import, before_each, after_each, before_all, after_all + : import 'support/custom_matcher' +} From 16933fa24180c256e91f0b81a2de8e7a0c77ae47 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Tue, 7 Sep 2021 16:34:58 -0700 Subject: [PATCH 407/416] CHANGELOG: update for 21.0.4snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 4ac95be..3df2c30 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 21.0.4snap2 + - migrations: extract version sanity checks into common utilities + v 21.0.4snap1 - php: update to 7.4.23 - redis: update to 6.0.15 From f15c9a30d7e2534cc2262a68b1148a09452aee05 Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Fri, 10 Sep 2021 17:49:36 -0700 Subject: [PATCH 408/416] CHANGELOG: update for 22.1.1snap1 Also update README. Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ README.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 3df2c30..9c0d7e4 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 22.1.1snap1 + - nextcloud: update to 22.1.1 + v 21.0.4snap2 - migrations: extract version sanity checks into common utilities diff --git a/README.md b/README.md index fcab054..5c53cfa 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Nextcloud server packaged as a snap. It consists of: -- Nextcloud 21 +- Nextcloud 22 - Apache 2.4 - PHP 7.4 - MySQL 8 From 9585d07cea93b11876ff8edf8f50198fb1bee9bb Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Wed, 15 Sep 2021 08:19:00 -0700 Subject: [PATCH 409/416] stale workflow: add message when marking stale Signed-off-by: Kyle Fazzari --- .github/workflows/stale.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index cfaa80f..9573321 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,4 +13,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/stale@v4 \ No newline at end of file + - uses: actions/stale@v4 + with: + days-before-stale: 60 + days-before-close: 7 + stale-issue-message: 'This issue is stale because it has been without activity for 60 days. It will be closed after 7 more days of inactivity.' + stale-pr-message: 'This pull request is stale because it has been without activity for 60 days. It will be closed after 7 more days of inactivity.' From 5e1b50abb23eccdf556f8fba88e676494c5a38d3 Mon Sep 17 00:00:00 2001 From: stondino00 <54154986+stondino00@users.noreply.github.com> Date: Thu, 16 Sep 2021 13:33:31 -0500 Subject: [PATCH 410/416] Upgrade Apache to 2.4.49 Fixes #1845 --- snap/snapcraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 554b5af..7b14ff4 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -134,8 +134,8 @@ hooks: parts: apache: plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.48.tar.bz2 - source-checksum: sha256/1bc826e7b2e88108c7e4bf43c026636f77a41d849cfb667aa7b5c0b86dbf966c + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.49.tar.bz2 + source-checksum: sha256/65b965d6890ea90d9706595e4b7b9365b5060bec8ea723449480b4769974133b override-pull: | snapcraftctl pull From 1f32bd83b1ca801bf4249c768689660b9e918f7b Mon Sep 17 00:00:00 2001 From: Kyle Fazzari Date: Thu, 16 Sep 2021 15:19:28 -0700 Subject: [PATCH 411/416] CHANGELOG: update for 22.1.1snap2 Signed-off-by: Kyle Fazzari --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 9c0d7e4..4e22ea7 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +v 22.1.1snap2 + - apache: update to 2.4.49 + v 22.1.1snap1 - nextcloud: update to 22.1.1 From 13750b85b425fbc5fee3042f8eaf9e21a78fcb1f Mon Sep 17 00:00:00 2001 From: Johannes Wilm Date: Sat, 25 Sep 2021 23:00:12 +0200 Subject: [PATCH 412/416] spelling --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 51b4139..93955bf 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # fiduswriter-snap -Snapcraft build instructions for Fidus Write. +Snapcraft build instructions for Fidus Writer. -Large parts of this package is based on [Snappy Nextcloud](https://github.com/nextcloud/nextcloud-snap) +Large parts of this package are based on the the snapcraft build instructions for [Nextcloud](https://github.com/nextcloud/nextcloud-snap). ## How to install From af81b1234320620681361a4c312fc527a1ef8e8c Mon Sep 17 00:00:00 2001 From: Johannes Wilm Date: Sun, 26 Sep 2021 06:48:09 +0200 Subject: [PATCH 413/416] fidus writer icon --- snap/gui/icon.svg | 214 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 213 insertions(+), 1 deletion(-) diff --git a/snap/gui/icon.svg b/snap/gui/icon.svg index 73f672b..d0e3b89 100644 --- a/snap/gui/icon.svg +++ b/snap/gui/icon.svg @@ -1,2 +1,214 @@ - + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 3b04965dd52717bd33bc2a698bf8dcc90c01db68 Mon Sep 17 00:00:00 2001 From: Johannes Wilm Date: Sun, 26 Sep 2021 06:53:14 +0200 Subject: [PATCH 414/416] fix indentation --- snap/snapcraft.yaml | 107 ++++++++++++++++++++++---------------------- 1 file changed, 54 insertions(+), 53 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index a16ff03..dea99b1 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -138,59 +138,60 @@ hooks: plugs: [network, network-bind] parts: - apache: - plugin: apache - source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.49.tar.bz2 - source-checksum: sha256/65b965d6890ea90d9706595e4b7b9365b5060bec8ea723449480b4769974133b - - override-pull: | - snapcraftctl pull - - # For some reason, all directories in (and after) 2.4.32 are setgid. - # Reported as https://bz.apache.org/bugzilla/show_bug.cgi?id=62298 - # Work around by unsetting setgid. FIXME: Remove when bug is fixed. - find . -perm -g+s -exec chmod g-s {} \; - - # The built-in Apache modules to enable - modules: - - headers - - proxy - - proxy_fcgi - - setenvif - - env - - rewrite - - mime - - dir - - authz_core - - unixd - - alias - - ssl - - socache_shmcb - - slotmem_shm - - log_config - - logio - - filesets: - exclude: - - -man - - -manual - - -htdocs - - -include - - -build - - -conf/httpd.conf - - -conf/magic - - -conf/original - - -conf/extra - - -bin/apachectl - - -bin/envvars* - stage: - - $exclude - prime: - - $exclude - - apache-customizations: - plugin: dump - source: src/apache/ + apache: + plugin: apache + source: http://ftp.wayne.edu/apache/httpd/httpd-2.4.49.tar.bz2 + source-checksum: sha256/65b965d6890ea90d9706595e4b7b9365b5060bec8ea723449480b4769974133b + + override-pull: | + snapcraftctl pull + + # For some reason, all directories in (and after) 2.4.32 are setgid. + # Reported as https://bz.apache.org/bugzilla/show_bug.cgi?id=62298 + # Work around by unsetting setgid. FIXME: Remove when bug is fixed. + find . -perm -g+s -exec chmod g-s {} \; + + # The built-in Apache modules to enable + modules: + - headers + - proxy + - proxy_fcgi + - setenvif + - env + - rewrite + - mime + - dir + - authz_core + - unixd + - alias + - ssl + - socache_shmcb + - slotmem_shm + - log_config + - logio + + filesets: + exclude: + - -man + - -manual + - -htdocs + - -include + - -build + - -conf/httpd.conf + - -conf/magic + - -conf/original + - -conf/extra + - -bin/apachectl + - -bin/envvars* + stage: + - $exclude + prime: + - $exclude + + apache-customizations: + plugin: dump + source: src/apache/ + redis: plugin: redis source: http://download.redis.io/releases/redis-6.0.15.tar.gz From ac7525f5b61d35c07b2e4791b91e9043a1117e29 Mon Sep 17 00:00:00 2001 From: Johannes Wilm Date: Sun, 26 Sep 2021 07:14:47 +0200 Subject: [PATCH 415/416] downgrade to core18 --- snap/snapcraft.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index dea99b1..aec6668 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,7 +1,7 @@ name: fiduswriter adopt-info: fiduswriter summary: 'An academic collaborative word processor' -base: core20 +base: core18 confinement: strict grade: stable epoch: 3* @@ -274,8 +274,9 @@ parts: source: src/languagetool/ npm: - plugin: npm - npm-node-version: 12.18.3 + plugin: nodejs + nodejs-package-manager: npm + nodejs-version: 12.18.3 source: src/npm prime: - -package.json From 4e08771417f39d4a1b175226cb9d96da8ab81c5f Mon Sep 17 00:00:00 2001 From: Johannes Wilm Date: Mon, 27 Sep 2021 07:20:13 +0200 Subject: [PATCH 416/416] cleanup --- build_clean.sh | 4 ++++ snap/snapcraft.yaml | 18 +++--------------- src/hooks/bin/post-refresh | 3 +-- 3 files changed, 8 insertions(+), 17 deletions(-) create mode 100755 build_clean.sh diff --git a/build_clean.sh b/build_clean.sh new file mode 100755 index 0000000..c32af20 --- /dev/null +++ b/build_clean.sh @@ -0,0 +1,4 @@ +#!/bin/sh -e + + +snapcraft clean && SNAPCRAFT_BUILD_ENVIRONMENT_MEMORY=8G snapcraft diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index aec6668..7229c4f 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -69,17 +69,6 @@ apps: restart-condition: always plugs: [network, network-bind] - fiduswriter-cron: - command: bin/fiduswriter-cron - daemon: simple - restart-condition: on-failure - plugs: [network, network-bind, removable-media] - - # Command for manually installing instead of visiting site to create admin. - manual-install: - command: bin/manual-install - plugs: [network, network-bind, removable-media] - import: command: bin/import-data plugs: [network, network-bind, removable-media] @@ -213,7 +202,7 @@ parts: after: [fiduswriter-patches, mysql] override-build: | # Removing here rather than in stage below due to snapcraft issue https://forum.snapcraft.io/t/conflicting-files-sometimes/19818/2 snapcraftctl build - rm $SNAPCRAFT_PART_INSTALL/lib/python3.8/site-packages/fiduswriter/configuration.py-default + rm $SNAPCRAFT_PART_INSTALL/lib/python3.6/site-packages/fiduswriter/configuration.py-default override-pull: | snapcraftctl pull git apply $SNAPCRAFT_STAGE/fiduswriter-set-defaults.patch @@ -242,14 +231,14 @@ parts: - nano # stage: # # Remove scripts that we'll be replacing with our own - # - -lib/python3.8/site-packages/fiduswriter/configuration.py-default + # - -lib/python3.6/site-packages/fiduswriter/configuration.py-default fiduswriter-customizations: plugin: dump source: src/fiduswriter/ after: [fiduswriter] organize: - configuration.py: lib/python3.8/site-packages/fiduswriter/configuration.py-default + configuration.py: lib/python3.6/site-packages/fiduswriter/configuration.py-default languagetool: plugin: nil @@ -344,7 +333,6 @@ parts: - -bin/myisam_ftdump - -bin/myisam* - -bin/mysql_client_test - - -bin/mysql_config* - -bin/mysql_secure_installation - -bin/mysql_ssl_rsa_setup - -bin/mysql_tzinfo_to_sql diff --git a/src/hooks/bin/post-refresh b/src/hooks/bin/post-refresh index 9d9b06e..cac3820 100755 --- a/src/hooks/bin/post-refresh +++ b/src/hooks/bin/post-refresh @@ -3,6 +3,7 @@ import os import shutil from subprocess import check_output, CalledProcessError +SNAP = os.environ.get('SNAP') SNAP_DATA = os.environ.get('SNAP_DATA') TRANSPILE_DIR = '{}/.transpile'.format(SNAP_DATA) @@ -15,8 +16,6 @@ if os.path.isdir(TRANSPILE_DIR): try: check_output([ '{}/bin/run-snap-migrations'.format(SNAP), - '--pythonpath', - SNAP_DATA ]) except CalledProcessError: sys.exit(1)