Merge branch 'release/v0.1.0'

CHANGELOG.md

@@ -0,0 +1,14 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](http://semver.org/).
+
+## [Unreleased](https://github.com/passbolt/passbolt_install_scripts/compare/v0.1.0...HEAD)
+
+## [0.1.0](https://github.com/passbolt/passbolt_install_scripts/releases/tag/v0.1.0) - 2018-10-15
+
+### Added
+
+- Support for debian 9.6 support
+- Support for centos 7
+- Support for ubuntu 18.10

README.md

@@ -0,0 +1,66 @@
+	      ____                  __          ____
+	     / __ \____  _____ ____/ /_  ____  / / /_
+	    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
+	   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /_
+	  /_/    \__,_/____/____/_.___/\____/_/\__/
+
+	Open source password manager for teams
+	(c) 2018 Passbolt SARL
+	https://www.passbolt.com
+
+
+## Licence
+
+Passbolt is distributed under [Affero General Public License v3](http://www.gnu.org/licenses/agpl-3.0.html)
+
+# Passbolt install scripts
+
+We have been installing passbolt A LOT internally to test new functionalities, to debug issues mimic some environment etc.
+Sharing this scripts with the community will ease the installation procedure and allow users that do not want or can not use other
+installation options to have passbolt installed.
+
+## Why not a $place_your_distro_here package?
+
+It is a matter of priorities and manpower. Currently we ship a docker container which is a good fit for any GNU/Linux distro
+Windows and MacOS users. However we understand that some users do not want or can not use docker so we release this scripts for them.
+We are not against packaging passbolt for specific platforms but right now we are focused on some other tasks.
+
+## Requirements
+
+This installation scripts must be run as root user as it is required to install
+packages and use privileged ports such as 80 or 443.
+
+__WARNING__ This installation scripts are designed to be executed on __FRESH__ created instances.
+Running them on a previously provisioned system may lead to unknown states as well as it
+could overwrite configuration files, etc.
+
+## Usage
+
+In order to use the scripts just run:
+
+```bash ./dist/$distro/passbolt_$distro_installer.sh```
+
+You can obtain the scripts for different platforms on the releases page or you can just git clone this repository
+and build the scripts and use them.
+
+## Building
+
+In order to build the scripts for your operating system we provide a builder script.
+The builder script will concat all the code required for your distro in a single file under:
+
+```dist/$distro/passbolt_$disto_installer.sh```
+
+In order to build the passbolt installer please execute the following:
+
+```bash ./build_scripts.sh -d debian```
+
+or
+
+```bash ./build_scripts.sh -d centos```
+
+When the building is done use the scripts from `dist/$distro` to install passbolt on your system.
+## Development
+
+There is a sample development passbolt installer script on tests folder where a
+developer can test different functions together without building the whole script.
+

build_scripts.sh

@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+#
+# Small script that prepares install scripts for distribution
+#
+# - Concats all the parts in a single script under dist/<os>/
+# - Creates a tarball under dist/tar/<os>
+# - Checksums tarballs
+
+set -euo pipefail
+
+PROGNAME=$0
+
+help_message() {
+  cat <<-EOF
+  usage: $PROGNAME [OPTION] [ARGUMENT]
+
+  OPTIONS:
+    -h                    This help message
+    -d DISTRIBUTION_NAME  Builds for a specific distribution. Supported values centos/debian/ubuntu
+EOF
+}
+
+error() {
+  echo "$1"
+  help_message
+  exit 1
+}
+
+build() {
+  local os=$1
+  local output=dist/"$os"/passbolt_"$os"_installer.sh
+
+  if ! [[ "$os" =~ ^(debian|ubuntu|centos)$ ]]; then
+    error "Distribution not supported"
+  fi
+
+  mkdir -p dist/"$os"/conf/{nginx,php}
+  {
+  cat templates/header.in
+  cat conf/constants_common.sh
+  cat "conf/$os/constants.sh"
+  } >> "$output"
+
+  for util in lib/helpers/utils/*.sh; do
+    cat "$util" >> "$output";
+  done
+
+  for validator in lib/validators/*.sh; do
+    cat "$validator" >> "$output";
+  done
+
+  for validator in lib/validators/*.sh; do
+    cat "$validator" >> "$output";
+  done
+
+  for initializer in lib/initializers/*.sh; do
+    cat "$initializer" >> "$output";
+  done
+
+  if [ "$os" == "centos" ]; then
+    for helper in lib/helpers/"$os"/*.sh; do
+      cat "$helper" >> "$output";
+    done
+  fi
+
+  for helper in lib/helpers/*.sh; do
+    cat "$helper" >> "$output";
+  done
+
+  cat "lib/main/$os/main.sh" >> "$output"
+
+  chmod +x "$output"
+
+  cp conf/nginx/*.conf "dist/$os/conf/nginx"
+  cp conf/php/*.conf "dist/$os/conf/php"
+  cp "conf/$os/packages.txt" "dist/$os/conf/packages.txt"
+}
+
+while getopts "chd:" opt; do
+  case $opt in
+    h)
+      help_message
+      exit 0
+      ;;
+    d)
+      build "$OPTARG"
+      ;;
+    *)
+      error "No such build option"
+      ;;
+  esac
+done
+
+if [ "$OPTIND" -eq 1 ]; then
+  error "Please tell me what to build"
+fi

conf/centos/constants.sh

@@ -0,0 +1,12 @@
+readonly OS='centos'
+readonly OS_SUPPORTED_VERSION="7.0"
+readonly OS_VERSION_FILE="/etc/centos-release"
+readonly FPM_WWW_POOL="/etc/php-fpm.d/www.conf"
+readonly FPM_SERVICE="php-fpm"
+readonly WWW_USER="nginx"
+readonly WWW_USER_HOME="/var/lib/nginx"
+readonly GNUPG_HOME='/var/lib/nginx/.gnupg'
+readonly CRONTAB_DIR='/var/spool/cron/'
+readonly REMI_PHP_URL='http://rpms.remirepo.net/enterprise/remi-release-7.rpm'
+readonly REMI_PHP_VERSION='remi-php72'
+readonly PHP_EXT_DIR='/etc/php.d'

conf/centos/packages.txt

@@ -0,0 +1,16 @@
+php-intl
+php-gd
+php-mysql
+php-mcrypt
+php-pear
+php-devel
+php-mbstring
+php-fpm
+php-ldap
+gcc
+gpgme-devel
+git
+policycoreutils-python
+nginx
+unzip
+wget

conf/constants_common.sh

@@ -0,0 +1,11 @@
+script_path="$(realpath "$0")"
+script_directory="$(dirname "$script_path")"
+readonly UNDEFINED="_UNDEF_"
+readonly PROGNAME="$0"
+readonly PASSBOLT_BASE_DIR="/var/www/passbolt"
+readonly PASSBOLT_REPO="https://github.com/passbolt/passbolt_api"
+readonly PASSBOLT_BRANCH="master"
+readonly NGINX_SITE_DIR='/etc/nginx/conf.d'
+readonly SSL_CERT_PATH='/etc/ssl/certs/passbolt_certificate.crt'
+readonly SSL_KEY_PATH='/etc/ssl/certs/passbolt_private.key'
+readonly LETSENCRYPT_LIVE_DIR='/etc/letsencrypt/live'

conf/debian/constants.sh

@@ -0,0 +1,9 @@
+readonly OS='debian'
+readonly OS_SUPPORTED_VERSION="9.0"
+readonly OS_VERSION_FILE="/etc/debian_version"
+readonly FPM_WWW_POOL="/etc/php/7.0/fpm/pool.d/www.conf"
+readonly FPM_SERVICE="php7.0-fpm"
+readonly WWW_USER="www-data"
+readonly WWW_USER_HOME="/home/www-data"
+readonly GNUPG_HOME='/home/www-data/.gnupg'
+readonly CRONTAB_DIR='/var/spool/cron/crontabs'

conf/debian/packages.txt

@@ -0,0 +1,14 @@
+php7.0-intl
+php7.0-gd
+php7.0-mysql
+php7.0-mcrypt
+php-pear
+php7.0-dev
+php7.0-mbstring
+php7.0-fpm
+php7.0-ldap
+php-gnupg
+git
+nginx
+unzip
+certbot

conf/nginx/passbolt.conf

@@ -0,0 +1,32 @@
+server {
+  listen 80;
+  server_name _SERVER_NAME_;
+  client_body_buffer_size     100K;
+  client_header_buffer_size   1K;
+  client_max_body_size        5M;
+
+  client_body_timeout   10;
+  client_header_timeout 10;
+  keepalive_timeout     5 5;
+  send_timeout          10;
+
+  root /var/www/passbolt/webroot;
+  index index.php;
+
+  location / {
+    try_files $uri $uri/ /index.php?$args;
+  }
+
+  location ~ \.php$ {
+    try_files                $uri =404;
+    include                  fastcgi_params;
+    fastcgi_pass             127.0.0.1:9000;
+    fastcgi_index            index.php;
+    fastcgi_intercept_errors on;
+    fastcgi_split_path_info  ^(.+\.php)(.+)$;
+    fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param            SERVER_NAME $http_host;
+    fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";
+  }
+
+}

conf/nginx/passbolt_ssl.conf

@@ -0,0 +1,40 @@
+server {
+  listen 443;
+
+  server_name _SERVER_NAME_;
+  client_body_buffer_size     100K;
+  client_header_buffer_size   1k;
+  client_max_body_size        5M;
+
+  client_body_timeout   10;
+  client_header_timeout 10;
+  keepalive_timeout     5 5;
+  send_timeout          10;
+  ssl on;
+  ssl_certificate     _NGINX_CERT_FILE_;
+  ssl_certificate_key _NGINX_KEY_FILE_;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH";
+  ssl_session_tickets off;
+
+  root /var/www/passbolt/webroot;
+  index index.php;
+
+  location / {
+    try_files $uri $uri/ /index.php?$args;
+  }
+
+  location ~ \.php$ {
+    try_files                $uri =404;
+    include                  fastcgi_params;
+    fastcgi_pass             127.0.0.1:9000;
+    fastcgi_index            index.php;
+    fastcgi_intercept_errors on;
+    fastcgi_split_path_info  ^(.+\.php)(.+)$;
+    fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param            SERVER_NAME $http_host;
+    fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";
+  }
+
+}