Sets hostname correctly, and sets remaining roundcube default

b71ae0d2 · Paul Cammish · aca46a37 · b71ae0d2 · b71ae0d2 · b71ae0d2
Commit b71ae0d2 authored Jun 13, 2019 by Paul Cammish
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -94,7 +94,6 @@ install:quick:
  stage: install
  allow_failure: false
  script:
-    - echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
    - chmod -x $( which gitlab-runner )
    - hostname quick.sympl.test
    - echo "$( hostname )" > /etc/hostname ; echo "$( hostname -I | head -n 1 ) $(hostname)" >> /etc/hosts
@@ -105,6 +104,7 @@ install:quick:
    - apt-get -qq update
    - apt-get -y --allow-unauthenticated install --install-recommends sympl-core
    - run-parts --verbose --exit-on-error autotest/test.d
+    - hostname
    - dpkg -l 'sympl*'
  variables:
    CI_DEBUG_TRACE: "false"
@@ -120,10 +120,8 @@ install:clean:
  stage: install
  allow_failure: false
  script:
-    - echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
    - chmod -x $( which gitlab-runner )
    - hostname clean.sympl.test
-    - echo "$( hostname )" > /etc/hostname ; echo "$( hostname -I | head -n 1 ) $(hostname)" >> /etc/hosts
    - apt-get -qq update; apt-get -qq -y upgrade
    - cp -r repo/ /
    - chmod -R 664 /repo ; chmod -R +X /repo
@@ -131,6 +129,7 @@ install:clean:
    - apt-get -qq update
    - apt-get -y --allow-unauthenticated install --install-recommends sympl-core
    - run-parts --verbose --exit-on-error autotest/test.d
+    - hostname
    - dpkg -l 'sympl*'
  variables:
    CI_DEBUG_TRACE: "false"
@@ -146,20 +145,22 @@ install:upgrade:
  stage: install
  allow_failure: false
  script:
-    - echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
    - chmod -x $( which gitlab-runner )
    - hostname upgrade.sympl.test
-    - echo "$( hostname )" > /etc/hostname ; echo "$( hostname -I | head -n 1 ) $(hostname)" >> /etc/hosts
    - apt-get -qq update; apt-get -qq -y upgrade
    - wget -qO- http://mirror.mythic-beasts.com/mythic/support@mythic-beasts.com.gpg.key | apt-key add -
    - echo deb http://packages.mythic-beasts.com/mythic/ stretch-testing main > /etc/apt/sources.list.d/sympl_mythic-beasts.list
    - apt-get -qq update; apt-get -qq install --install-recommends sympl-core
+    - dpkg -l 'sympl-*' | grep '^ii' | awk '{ print $2 " " $3 }' | sort > pre-upgrade
    - cp -r repo/ /
    - chmod -R 664 /repo ; chmod -R +X /repo
    - echo "deb file:/repo stretch main" > /etc/apt/sources.list.d/local.list
    - apt-get -qq update; apt-get -y --allow-unauthenticated upgrade
    - apt-get -y autoremove
+    - dpkg -l 'sympl-*' | grep '^ii' | awk '{ print $2 " " $3 }' | sort > post-upgrade
+    - autotest/checkupgrade
    - run-parts --verbose --exit-on-error autotest/test.d
+    - hostname
    - dpkg -l 'sympl*'
  variables:
    CI_DEBUG_TRACE: "false"

--- a/CHANGELOG
+++ b/CHANGELOG
+CHANGELOG
+---------
+
+* 2019-06-13 - Improved hostname & webmail installs
+  - Hostname misconfiguration will be repaired automatically
+  - If a FQDN isn't set, one will be created automatically.
+  - Webmail should no longer prompt for web server to configure
+
 * 2019-06-12 - Changes to web stats
  - Stats are no longer generated by default.
  - If it exists, public/htdocs/stats will require HTTPS and a

--- a/autotest/checkupgrade
+++ b/autotest/checkupgrade
+#!/bin/bash
+
+if [ $( diff pre-upgrade post-upgrade | wc -l ) -eq 0 ]; then
+  echo 'E: Versions not changed'
+  exit 1
+fi
+ 
+diff pre-upgrade post-upgrade
+exit 0
--- a/autotest/test.d/01-setup
+++ b/autotest/test.d/01-setup
@@ -14,7 +14,7 @@ fi

 # remove any existing definations
 rm -r /var/lib/clamav/*.tmp /var/lib/clamav/*.cvd /var/lib/clamav/*.cld 2> /dev/null
-touch /srv/$(hostname)/config/antivirus
+touch /srv/$(hostname -f)/config/antivirus

 # Start freshclam to download new definitions, whatever state it's in
 systemctl unmask clamav-freshclam
@@ -56,7 +56,7 @@ service clamav-daemon start

 # Enable antispam and antivirus as default, otherwise monit would stop them.
 echo "I: Enabling Antivirus and Antispam config"
-touch /srv/$(hostname)/config/anti{spam,virus}
+touch /srv/$(hostname -f)/config/anti{spam,virus}

 # We need to wait a little while for spamd and clamd to start properly before testing.

@@ -69,7 +69,7 @@ echo ' done.'

 # Start spamassassin, from whatever state

-touch /srv/$(hostname)/config/antispam
+touch /srv/$(hostname -f)/config/antispam
 systemctl unmask spamassassin
 service spamassassin stop
 service spamassassin start

--- a/autotest/test.d/50-test-cli
+++ b/autotest/test.d/50-test-cli
@@ -18,14 +18,14 @@ ruby -e "ans='$ans'.sub(/^\{CRYPT\}/,'') ; exit '$pw'.crypt(ans) == ans"
 #
 # Set the mailbox password using our newly encrypted password
 #
-echo "$ans" > /srv/$(hostname)/mailboxes/root/password
-chown sympl.sympl /srv/$(hostname)/mailboxes/root/password
+echo "$ans" > /srv/$(hostname -f)/mailboxes/root/password
+chown sympl.sympl /srv/$(hostname -f)/mailboxes/root/password

 #
 # Set the FTP password
 #
-echo "$ans" > /srv/$(hostname)/config/ftp-password
-chown sympl.sympl /srv/$(hostname)/config/ftp-password
+echo "$ans" > /srv/$(hostname -f)/config/ftp-password
+chown sympl.sympl /srv/$(hostname -f)/config/ftp-password

 #
 # This just returns the IP address
@@ -98,7 +98,7 @@ symbiosis-firewall-whitelist --verbose
 #
 # Check the FTP password
 #
-AUTHD_ACCOUNT="$(hostname)" AUTHD_PASSWORD="$pw" AUTHD_REMOTE_IP="1.2.3.4" symbiosis-ftpd-check-password
+AUTHD_ACCOUNT="$(hostname -f)" AUTHD_PASSWORD="$pw" AUTHD_REMOTE_IP="1.2.3.4" symbiosis-ftpd-check-password

 #=============================================================================================================
 # symbiosis-httpd

--- a/autotest/test.d/99-ssl_hooks
+++ b/autotest/test.d/99-ssl_hooks
@@ -6,7 +6,7 @@ if [ -f /tmp/ssl-hook-test ]; then rm /tmp/ssl-hook-test ; fi
 echo 'echo $1 > /tmp/ssl-hook-test' > /etc/sympl/ssl-hooks.d/ssl-hook-test
 chmod +x /etc/sympl/ssl-hooks.d/ssl-hook-test

-sympl-ssl --force $(hostname) > /dev/null
+sympl-ssl --force $(hostname -f) > /dev/null

 if [ "x$( cat /tmp/ssl-hook-test )" != "xlive-update" ] || [ ! -f /tmp/ssl-hook-test ] ; then
  rm /etc/sympl/ssl-hooks.d/ssl-hook-test /tmp/ssl-hook-test

--- a/core/debian/changelog
+++ b/core/debian/changelog
+sympl-core (9.0.190613.0) stable; urgency=medium
+
+  * Improved hostname handling on install
+
+ -- Paul Cammish <sympl@kelduum.net>  Thu, 13 Jun 2019 15:52:00 +0100
+
 sympl-core (9.0.190612.0) stable; urgency=medium

  * Improved security for /srv

--- a/core/debian/postinst
+++ b/core/debian/postinst
@@ -38,7 +38,6 @@ shadowconfig on
 #
 if ( ! grep ^sympl: /etc/passwd 2>/dev/null >/dev/null ); then

-  echo "Adding 'sympl' account"
  adduser --home=/home/sympl --shell=/bin/bash --disabled-login --gecos='Sympl Administrator,,,' sympl

  #
@@ -70,57 +69,91 @@ if ( ! dpkg-statoverride --list /srv > /dev/null ) ; then
 fi

 #
-# Find the hostname, if not set already.
+# Set the hostname, preferring the FQDN if it's there.
 #
-if [ -z "$HOSTNAME" ] ; then
-  if [ -f /etc/hostname ] ; then
-    HOSTNAME=$(< /etc/hostname)
+# We default to what it's been set to at the moment, rather than
+#   what's in /etc/hostname, as its easy to change one but forget the other.
+#
+if hostname --fqdn > /dev/null ; then
+  _HOSTNAME="$( hostname --fqdn )"
+else
+  _HOSTNAME="$( hostname )"
+fi
+echo "I: Hostname is $_HOSTNAME"
+
+#
+# Append ".localdomain" if HOSTNAME has no dots
+# (which is unlikely to happen with a clean install)
+#
+if ! [[ "$_HOSTNAME" =~ ^[_a-z0-9-]+\.([_a-z0-9-]+\.?)+$ ]] ; then
+  echo "I: Hostname is not an FQDN, changing to $_HOSTNAME.localdomain."
+  _HOSTNAME="$_HOSTNAME.localdomain"
+fi
+
+#
+# If the full hostname isn't now in /etc/hosts, then add it
+# 
+# This assumes that theres only one entry for each IP, and doesn't deal with
+#   partially mangled hosts files, but will deal with someone changing the
+#   hostname but not also changing /etc/hosts
+#
+if [ $( grep -c $_HOSTNAME '/etc/hosts' ) == 0 ]; then
+  echo "I: Updating hostname configuration with complete name."
+  if hostname -i > /dev/null ; then
+    hostname_ips="$( hostname -i )"
  else
-    HOSTNAME=$(hostname --fqdn)
+    hostname_ips="127.0.1.1"
  fi
+  sed -i "s|^$hostname_ips|# $hostname_ips|" '/etc/hosts'
+  sed -i "1i$hostname_ips\t$_HOSTNAME $( echo $_HOSTNAME | cut -d '.' -f 1 )" '/etc/hosts'
+  export HOSTNAME="$_HOSTNAME"
+  hostname -b "$_HOSTNAME"
 fi

 #
-# Append ".localdomain" if HOSTNAME has no dots.
+# Enforce using the full hostname
 #
-if ! [[ "$HOSTNAME" =~ ^[_a-z0-9-]+\.([_a-z0-9-]+\.?)+$ ]] ; then
-	HOSTNAME="$HOSTNAME.localdomain"
-fi
+echo "I: Checking hostname configuration files."
+if [ "$HOSTNAME" != "$_HOSTNAME" ]; then export HOSTNAME="$_HOSTNAME"; fi
+if [ "$( hostname )" != "$_HOSTNAME" ]; then hostname -b "$_HOSTNAME" ; fi
+if [ "$( cat /etc/hostname )" != "$_HOSTNAME" ]; then echo "$_HOSTNAME" > "/etc/hostname" ; fi 
+if [ -f "/etc/mailname" ] && [ "$( cat "/etc/mailname" )" != "$_HOSTNAME" ]; then echo "$_HOSTNAME" > "/etc/mailname" ; fi

 #
-#  If there are no existing directories beneath /srv/ create a default.
+#  If there are no existing directories beneath /srv/ create the defaults.
 #
-if [ ! -e "/srv/$HOSTNAME" ] ; then
+if [ ! -e "/srv/$_HOSTNAME" ] ; then
  #
  # Create the standard directories
-  #
-  mkdir -p /srv/$HOSTNAME/public/htdocs
-  mkdir -p /srv/$HOSTNAME/public/logs
-  mkdir -p /srv/$HOSTNAME/config
-  mkdir -p /srv/$HOSTNAME/mailboxes/root
-
-  chown -R sympl:sympl /srv/$HOSTNAME
-  chown -R www-data:www-data /srv/$HOSTNAME/public
+  # 
+  mkdir -p /srv/$_HOSTNAME/public/htdocs
+  mkdir -p /srv/$_HOSTNAME/public/logs
+  mkdir -p /srv/$_HOSTNAME/config
+  mkdir -p /srv/$_HOSTNAME/mailboxes/root
+
+  # With the right permissions
+  chown -R sympl:sympl /srv/$_HOSTNAME
+  chown -R www-data:www-data /srv/$_HOSTNAME/public
 fi

 #
-# We'd like to generate a certificate for the hostname.  Naturally this will go in /srv/$HOSTNAME
+# We'd like to generate a certificate for the hostname.  Naturally this will go in /srv/$_HOSTNAME
 #
-if [ -d "/srv/$HOSTNAME/config" ] ; then
+if [ -d "/srv/$_HOSTNAME/config" ] ; then
  #
  # Generate certificates for this host
  #
-  if ! ( sympl-ssl --verbose $HOSTNAME ) ; then
+  if ! ( sympl-ssl --verbose $_HOSTNAME ) ; then
    echo "W: SSL certificate generation failed. Retrying with a self-signed certificate..."
-    echo selfsigned > /srv/$HOSTNAME/config/ssl-provider
-    sympl-ssl --verbose $HOSTNAME || true
+    echo selfsigned > /srv/$_HOSTNAME/config/ssl-provider
+    sympl-ssl --verbose $_HOSTNAME || true
  fi
 fi

 #
-# Not interested in linking from /etc/$HOSTNAME/config/ssl.*
+# Not interested in linking from /etc/$_HOSTNAME/config/ssl.*
 #
-ssl_current_dir="/srv/$HOSTNAME/config/ssl/current"
+ssl_current_dir="/srv/$_HOSTNAME/config/ssl/current"

 #
 # If there are no cerificates in /etc/ssl, symlink those from this directory.
@@ -129,7 +162,7 @@ ssl_current_dir="/srv/$HOSTNAME/config/ssl/current"
 if [ ! -e "/etc/ssl/ssl.key" ] &&
    [ ! -e "/etc/ssl/ssl.crt" ] &&
    [ ! -e "/etc/ssl/ssl.combined" ] &&
-    ( sympl-ssl --no-generate --no-rollover $HOSTNAME ) &&
+    ( sympl-ssl --no-generate --no-rollover $_HOSTNAME ) &&
    [ -e "$ssl_current_dir/ssl.key" ] && 
    [ -e "$ssl_current_dir/ssl.crt" ] && 
    [ -e "$ssl_current_dir/ssl.combined" ] ; then
@@ -155,11 +188,6 @@ if [ ! -e "/etc/ssl/ssl.key" ] &&

 fi

-# set defaults for roundcube so we don't get prompted
-echo "roundcube-core roundcube/dbconfig-install boolean true" | debconf-set-selections
-echo "roundcube-core roundcube/database-type select mysql" | debconf-set-selections
-echo "roundcube-core roundcube/mysql/app-pass password" | debconf-set-selections
-
 # Run sympl-filesystem-security to enforce permissions
 sympl-filesystem-security


--- a/core/debian/sympl-core.init
+++ b/core/debian/sympl-core.init
@@ -29,7 +29,7 @@ SCRIPTNAME=/etc/init.d/$NAME

 case "$1" in
    'start')
-       log_action_msg "System configured with $DESC."
+       log_action_msg "System configured with $DESC"
       cat <<EOF

                                                                  ┌─────┐ v9.0
@@ -49,11 +49,11 @@ EOF
       ;;

    'stop')
-       log_action_msg "Thanks for using $DESC!"
+       log_action_msg "Thanks for using $DESC"
       ;;

    'restart'|'reload'|'force-reload'|'status')
-       log_action_msg "System configured with $DESC."
+       log_action_msg "System configured with $DESC"
       ;;

    *)

--- a/webmail/debian/changelog
+++ b/webmail/debian/changelog
+sympl-webmail (9.0.190612.0) stable; urgency=medium
+
+  * Improved webmail auto-configuration
+
+ -- Paul Cammish <sympl@kelduum.net>  Thu, 13 Jun 2019 15:53:00 +0100
+
 sympl-webmail (9.0.190611.0) stable; urgency=medium

  * Merged sympl-common into sympl-core

--- a/webmail/debian/preinst
+++ b/webmail/debian/preinst
+#!/bin/bash
+
+set -e
+
+case "$1" in
+    install)
+      # set defaults for roundcube so we don't get prompted
+      echo "roundcube-core roundcube/dbconfig-install boolean true" | debconf-set-selections
+      echo "roundcube-core roundcube/database-type select mysql" | debconf-set-selections
+      echo "roundcube-core roundcube/mysql/app-pass password" | debconf-set-selections
+      echo "roundcube-core roundcube/reconfigure-webserver select apache2" | debconf-set-selections
+    ;;
+
+    upgrade)
+      # do nothing
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+#DEBHELPER#
+
+exit 0