Merge branch 'release/v0.4.0'

passbolt · Aug 7, 2019 · 16c82b0 · 16c82b0
2 parents d1dca54 + 8aa3788
commit 16c82b0
Show file tree

Hide file tree

Showing 12 changed files with 49 additions and 22 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,15 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased](https://github.com/passbolt/passbolt_install_scripts/compare/v0.3.1...HEAD)
 
+## [0.4.0](https://github.com/passbolt/passbolt_install_scripts/compare/v0.4.0..v0.3.2) - 2019-08-07
+
+### Fixed
+- Error on mariadb create syntax [#9](https://github.com/passbolt/passbolt_install_scripts/issues/9)
+- Centos cron error output [#8](https://github.com/passbolt/passbolt_install_scripts/issues/8)
+- Centos selinux errors [#7](https://github.com/passbolt/passbolt_install_scripts/issues/7)
+- Dist tar files break permissions on host [#5](https://github.com/passbolt/passbolt_install_scripts/issues/5)
+- Nginx is not configured for ipv6 [#4](https://github.com/passbolt/passbolt_install_scripts/issues/4)
+
 ## [0.3.2](https://github.com/passbolt/passbolt_install_scripts/compare/v0.3.2..v0.3.1) - 2019-02-12
 
 ### Fixed

diff --git a/build_scripts.sh b/build_scripts.sh
@@ -28,7 +28,10 @@ checksum() {
 
 compress() {
   mkdir -p dist/tar/"$1"
-  tar cvfz dist/tar/"$1"/passbolt-ce-installer-"$1"-"$2".tar.gz -C dist/"$1" .
+  cd dist/"$1" || exit 1
+  tar cvfz passbolt-ce-installer-"$1"-"$2".tar.gz *
+  cd -
+  mv dist/"$1"/passbolt-ce-installer-"$1"-"$2".tar.gz dist/tar/"$1"
 }
 
 error() {
@@ -103,8 +106,8 @@ while getopts "chd:" opt; do
       build "$OPTARG"
       ;;
     c)
-      compress debian 9
-      checksum debian 9
+      compress debian 10
+      checksum debian 10
       compress centos 7
       checksum centos 7
       compress ubuntu 18.04

diff --git a/conf/centos/constants.sh b/conf/centos/constants.sh
@@ -8,5 +8,5 @@ readonly WWW_USER_HOME="/var/lib/nginx"
 readonly GNUPG_HOME='/var/lib/nginx/.gnupg'
 readonly CRONTAB_DIR='/var/spool/cron/'
 readonly REMI_PHP_URL='http://rpms.remirepo.net/enterprise/remi-release-7.rpm'
-readonly REMI_PHP_VERSION='remi-php72'
+readonly REMI_PHP_VERSION='remi-php73'
 readonly PHP_EXT_DIR='/etc/php.d'
diff --git a/conf/centos/packages.txt b/conf/centos/packages.txt
@@ -1,7 +1,6 @@
 php-intl
 php-gd
 php-mysql
-php-mcrypt
 php-pear
 php-devel
 php-mbstring

diff --git a/conf/debian/constants.sh b/conf/debian/constants.sh
@@ -1,8 +1,8 @@
 readonly OS='debian'
-readonly OS_SUPPORTED_VERSION="9.0"
+readonly OS_SUPPORTED_VERSION="10.0"
 readonly OS_VERSION_FILE="/etc/debian_version"
-readonly FPM_WWW_POOL="/etc/php/7.0/fpm/pool.d/www.conf"
-readonly FPM_SERVICE="php7.0-fpm"
+readonly FPM_WWW_POOL="/etc/php/7.3/fpm/pool.d/www.conf"
+readonly FPM_SERVICE="php7.3-fpm"
 readonly WWW_USER="www-data"
 readonly WWW_USER_HOME="/home/www-data"
 readonly GNUPG_HOME='/home/www-data/.gnupg'

diff --git a/conf/debian/packages.txt b/conf/debian/packages.txt
@@ -1,12 +1,11 @@
-php7.0-intl
-php7.0-gd
-php7.0-mysql
-php7.0-mcrypt
+php7.3-intl
+php7.3-gd
+php7.3-mysql
 php-pear
-php7.0-dev
-php7.0-mbstring
-php7.0-fpm
-php7.0-ldap
+php7.3-dev
+php7.3-mbstring
+php7.3-fpm
+php7.3-ldap
 php-gnupg
 git
 nginx

diff --git a/conf/nginx/passbolt.conf b/conf/nginx/passbolt.conf
@@ -1,4 +1,5 @@
 server {
+  listen [::]:80;
   listen 80;
   server_name _SERVER_NAME_;
   client_body_buffer_size     100K;

diff --git a/conf/nginx/passbolt_ssl.conf b/conf/nginx/passbolt_ssl.conf
@@ -1,6 +1,6 @@
 server {
+  listen [::]:443;
   listen 443;
-
   server_name _SERVER_NAME_;
   client_body_buffer_size     100K;
   client_header_buffer_size   1k;

diff --git a/conf/php/www.conf b/conf/php/www.conf
@@ -69,6 +69,12 @@ listen.group = _WWW_GROUP_
 ; Default Value: no set
 ; process.priority = -19
 
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
+; or group is differrent than the master process user. It allows to create process
+; core dump and ptrace the process for the pool user.
+; Default Value: no
+; process.dumpable = yes
+
 ; Choose how the process manager will control the number of child processes.
 ; Possible Values:
 ;   static  - a fixed number (pm.max_children) of child processes;
@@ -223,7 +229,7 @@ pm.max_spare_servers = 3
 ;   last request memory:  0
 ;
 ; Note: There is a real-time FPM status monitoring sample web page available
-;       It's available in: /usr/share/php/7.0/fpm/status.html
+;       It's available in: /usr/share/php/7.3/fpm/status.html
 ;
 ; Note: The value must start with a leading slash (/). The value can be
 ;       anything, but it may not be a good idea to use the .php extension or it
@@ -322,6 +328,10 @@ pm.max_spare_servers = 3
 ; Default Value: 0
 ;request_slowlog_timeout = 0
 
+; Depth of slow log stack trace.
+; Default Value: 20
+;request_slowlog_trace_depth = 20
+
 ; The timeout for serving a single request after which the worker process will
 ; be killed. This option should be used when the 'max_execution_time' ini option
 ; does not stop script execution for some reason. A value of '0' means 'off'.
@@ -361,6 +371,13 @@ pm.max_spare_servers = 3
 ; Default Value: no
 ;catch_workers_output = yes
 
+; Decorate worker output with prefix and suffix containing information about
+; the child that writes to the log and if stdout or stderr is used as well as
+; log level and time. This options is used only if catch_workers_output is yes.
+; Settings to "no" will output data as written to the stdout or stderr.
+; Default value: yes
+;decorate_workers_output = no
+
 ; Clear environment in FPM workers
 ; Prevents arbitrary environment variables from reaching FPM worker processes
 ; by clearing the environment in workers before env vars specified in this

diff --git a/lib/helpers/_mysql_db_installer.sh b/lib/helpers/_mysql_db_installer.sh
@@ -12,8 +12,8 @@ DELETE FROM mysql.user WHERE User='';
 DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
 DROP DATABASE IF EXISTS test;
 DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
-CREATE DATABASE IF NOT EXISTS $(__config_get "$_config_db");
-GRANT ALL ON $(__config_get "$_config_db").* to $(__config_get "$_config_user")@'localhost' identified by '$(__config_get "$_config_pw")';
+CREATE DATABASE IF NOT EXISTS \`$(__config_get "$_config_db")\`;
+GRANT ALL ON \`$(__config_get "$_config_db")\`.* to \`$(__config_get "$_config_user")\`@'localhost' identified by '$(__config_get "$_config_pw")';
 UPDATE mysql.user SET plugin = '' WHERE user = 'root' AND host = 'localhost';
 FLUSH PRIVILEGES;
 EOF

diff --git a/lib/helpers/centos/setup_selinux.sh b/lib/helpers/centos/setup_selinux.sh
@@ -7,7 +7,6 @@ setup_selinux() {
     if [ "$selinux_status" == "enabled" ]; then
       semanage boolean -m httpd_can_network_connect -1
       semanage boolean -m httpd_can_network_connect_db -1
-      semanage fcontext -a -t httpd_sys_content_t '/var/www(/.*)?'
       semanage fcontext -a -t httpd_sys_rw_content_t "$PASSBOLT_BASE_DIR(/.*)?"
       restorecon -R "$PASSBOLT_BASE_DIR"
       semanage fcontext -a -t httpd_sys_rw_content_t "$GNUPG_HOME(/.*)?"

diff --git a/lib/helpers/setup_cronjob.sh b/lib/helpers/setup_cronjob.sh
@@ -1,7 +1,7 @@
 cron_job() {
   local process_email="$PASSBOLT_BASE_DIR/bin/cake EmailQueue.sender"
 
-  if [ ! -d "$CRONTAB_DIR" ] || [ ! "$(grep "$process_email" "$CRONTAB_DIR"/* )" ]; then
+  if [ ! -f "$CRONTAB_DIR"/$WWW_USER ] || [ ! "$(grep -q "$process_email" "$CRONTAB_DIR/$WWW_USER" )" ]; then
     echo "* * * * * $process_email" | crontab -u "$WWW_USER" -
   fi
 }