Merge pull request 'Bump version & Debian 12 patch' (#95 ) from unstable into master

Reviewed-on: #95
Update changelog for release
2024-04-22 10:41:13 +02:00 · 2024-04-16 18:02:46 +02:00 · 2024-04-16 18:01:24 +02:00 · 2024-04-16 17:59:01 +02:00 · 2024-04-16 17:55:08 +02:00 · 2024-04-03 16:28:57 +02:00
3 changed files with 56 additions and 17 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -21,6 +21,27 @@ The **patch** part changes is incremented if multiple releases happen the same m
 ### Security


+
+## [24.04]
+
+### Added
+
+* Prevent op_del to fail and able to remove web account when part of it is already removed
+
+### Changed
+
+* Add sendmail_path and open_basedir in LXC PHP pool configs
+
+### Fixed
+
+* letsencrypt: Add required check when retrieving certificate. (Avoid TypeError.)
+* web-add.sh: Fix ssh group membership (#94)
+
+### Removed
+
+### Security
+
+
 ## [23.02] 2023-02-20

 ### Added
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@ -157,6 +157,9 @@ class LetsEncrypt
    {
        $stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
        $read = stream_socket_client("ssl://" . $domain . ":443", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $stream);
+        if ($read === false) {
+            return false;
+        }
        $cont = stream_context_get_params($read);
        
        return $cont;
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@ -14,7 +14,7 @@

 set -e

-VERSION="23.02"
+VERSION="24.04"
 HOME="/root"
 CONTACT_MAIL="jdoe@example.org"
 WWWBOUNCE_MAIL="jdoe@example.org"
@ -23,6 +23,7 @@ LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.local.sh"
 PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
 TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
 SSH_GROUP="evolinux-ssh"
+HOST="$(hostname -f)"

 # Set to nginx if you use nginx and not apache
 WEB_SERVER="apache"
@ -362,14 +363,12 @@ create_www_account() {
        lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" --uid "$www_uid" --ingroup "$in_login" --force-badname >/dev/null
    done

-    if grep -qE '^AllowGroups' /etc/ssh/sshd_config; then
-        if ! grep -qE "^AllowGroups(\\s+\\S+)*(\\s+$SSH_GROUP)" /etc/ssh/sshd_config; then
-            sed -i "s/^AllowGroups .*/& $SSH_GROUP/" /etc/ssh/sshd_config
-            groupadd --force $SSH_GROUP
-        fi
-        usermod -a -G $SSH_GROUP "$in_login"
-    elif grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
+    if grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
        sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
+    else
+        if getent group "$SSH_GROUP" 1>/dev/null 2>&1; then
+            usermod --append --groups "$SSH_GROUP" "$in_login"
+	fi
    fi
    /etc/init.d/ssh reload

@ -435,6 +434,8 @@ create_www_account() {
            pool_path="/etc/php/8.0/fpm/pool.d/"
        elif [ "$php_version" = "81" ]; then
            pool_path="/etc/php/8.1/fpm/pool.d/"
+        elif [ "$php_version" = "82" ]; then
+            pool_path="/etc/php/8.2/fpm/pool.d/"
        else
            pool_path="/etc/php5/fpm/pool.d/"
        fi
@ -454,6 +455,8 @@ pm.max_children = 10
 pm.process_idle_timeout = 10s

 php_admin_value[error_log] = /home/${in_login}/log/php.log
+php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -f www-${in_login}@${HOST}"
+php_admin_value[open_basedir] = "/usr/share/php:/home/${in_login}:/tmp"
 EOT
        step_ok "Création du pool FPM ${php_version}"
    done
@ -611,6 +614,9 @@ EOT
            elif [ "$php_version" = "81" ]; then
                initscript_path="/etc/init.d/php8.1-fpm"
                binary="php-fpm8.1"
+            elif [ "$php_version" = "82" ]; then
+                initscript_path="/etc/init.d/php8.2-fpm"
+                binary="php-fpm8.2"
            else
                initscript_path="/etc/init.d/php5-fpm"
                binary="php5-fpm"
@ -758,8 +764,10 @@ op_del() {

    # Deactivate web vhost (apache or nginx)
    if [ "$WEB_SERVER" == "apache" ]; then
-        a2dissite "${login}.conf"
-        rm /etc/apache2/sites-available/"$login.conf"
+        if a2query -s "${login}" >/dev/null 2&>1; then
+            a2dissite "${login}.conf"
+        fi
+        rm -f /etc/apache2/sites-available/"$login.conf"

        apache2ctl configtest

@ -779,21 +787,24 @@ op_del() {
            elif [ "$php_version" = "81" ]; then
                phpfpm_dir="/etc/php/8.1/fpm/pool.d/"
                initscript_path="/etc/init.d/php8.1-fpm"
+            elif [ "$php_version" = "82" ]; then
+                phpfpm_dir="/etc/php/8.2/fpm/pool.d/"
+                initscript_path="/etc/init.d/php8.2-fpm"
            else
                phpfpm_dir="/etc/php5/fpm/pool.d/"
                initscript_path="/etc/init.d/php5-fpm"
            fi
-            rm /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
+            rm -f /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
            lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
        done

    elif [ "$WEB_SERVER" == "nginx" ]; then
-        rm /etc/nginx/sites-{available,enabled}/"$login"
-        rm /etc/munin/plugins/phpfpm_"${in_login}"*
+        rm -f /etc/nginx/sites-{available,enabled}/"$login"
+        rm -f /etc/munin/plugins/phpfpm_"${in_login}"*
        nginx -t
    fi

-    rm /etc/awstats/awstats."$login.conf"
+    rm -f /etc/awstats/awstats."$login.conf"
    sed -i.bak "/-config=$login /d" /etc/cron.d/awstats

    if [ "$WEB_SERVER" == "apache" ]; then
@ -802,14 +813,18 @@ op_del() {
        fi

        for php_version in "${PHP_VERSIONS[@]}"; do
-            if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
+            if lxc-attach -n php"${php_version}" -- getent passwd www-"$login" &> /dev/null; then
                lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
            fi
-            lxc-attach -n php"${php_version}" -- userdel -f "$login"
+            if lxc-attach -n php"${php_version}" -- getent passwd "$login" &> /dev/null; then
+                lxc-attach -n php"${php_version}" -- userdel -f "$login"
+            fi
        done
    fi

-    userdel -f "$login"
+    if getent passwd "$login" &> /dev/null; then
+        userdel -f "$login"
+    fi

    sed -i.bak "/^$login:/d" /etc/aliases
    if [ "$WEB_SERVER" == "apache" ]; then
Author	SHA1	Message	Date
Ludovic Poujol	3400434f90	Merge pull request 'Bump version & Debian 12 patch' (#95 ) from unstable into master Reviewed-on: #95	2024-04-22 10:41:13 +02:00
Ludovic Poujol	a7c1af3d83	Update changelog for release	2024-04-16 18:02:46 +02:00
Ludovic Poujol	188e63376d	Bump version	2024-04-16 18:01:24 +02:00
Ludovic Poujol	a30ba3337b	Update CHANGELOG.md * web-add.sh: Fix ssh group membership (#94)	2024-04-16 17:59:01 +02:00
Ludovic Poujol	b014f1584a	Merge pull request 'Fix ssh group membership.' (#94 ) from fix-ssh-memebership into unstable Reviewed-on: #94	2024-04-16 17:55:08 +02:00
Brice Waegeneire	99741826f6	Fix ssh group membership. We now use split SSH configuration files, so the user was never a member of the ssh group on newly installed systems. This change don't modify the SSH configuration of new systems since evolinux-ssh members' are already allowed to connect by SSH.	2024-04-03 16:28:57 +02:00
Mathieu Trossevin	5a22490dc8	Merge pull request 'Fixes' (#90 ) from unstable into master Reviewed-on: #90	2023-12-06 10:49:02 +01:00
William Hirigoyen	95108897b0	Fix remaining test	2023-12-01 17:15:35 +01:00
Mathieu Trossevin	fd0f03ab05	Merge pull request 'fix(letsencrypt): check for false as to avoid TypeError' (#84 ) from fix-letsencrypt into unstable Reviewed-on: #84	2023-11-30 16:36:16 +01:00
whirigoyen	93c9e450ff	Merge pull request 'sendmail_path in LXC, and better op_del' (#85 ) from unstable into master Reviewed-on: #85 Reviewed-by: Mathieu Trossevin <mtrossevin@noreply.gitea.evolix.org>	2023-11-30 15:53:07 +01:00
Mathieu Trossevin	2b6b76b78d	Update changelog	2023-11-17 14:39:42 +01:00
Mathieu Trossevin	21eef58a96	Merge branch 'unstable' into fix-letsencrypt	2023-11-17 14:34:16 +01:00
Mathieu Trossevin	6951d1fd33	Merge branch 'master' into unstable	2023-11-16 11:04:29 +01:00
William Hirigoyen	0dfb19faea	Remove undue commit	2023-11-13 14:29:55 +01:00
William Hirigoyen	8e15676d05	Improve op_del improvement	2023-11-10 11:11:52 +01:00
William Hirigoyen	f5fe462248	Revert "Fix missing ITK admin link for multi PHP" This reverts commit `2fd65724f7`.	2023-11-10 10:49:29 +01:00
William Hirigoyen	964f710897	Revert "Remove extra }" This reverts commit `c385c102c5`.	2023-11-10 10:49:16 +01:00
William Hirigoyen	c385c102c5	Remove extra }	2023-11-09 17:21:33 +01:00
William Hirigoyen	2fd65724f7	Fix missing ITK admin link for multi PHP	2023-11-09 17:08:39 +01:00
William Hirigoyen	7d8704cd25	Fix sendmail_path hostname (missing domain / FQDN)	2023-11-09 12:01:14 +01:00
William Hirigoyen	72e39f297e	Prevent op_del to fail and able to remove web account when part of it is already removed	2023-11-09 11:31:16 +01:00
William Hirigoyen	2e8619e5e6	Add sendmail_path and open_basedir in LXC PHP pool configs	2023-11-08 12:03:14 +01:00
Mathieu Trossevin	9419242465	fix(letsencrypt): check for false as to avoid TypeError	2023-10-31 10:04:02 +01:00
bwaegeneire	e76ea90d89	Merge pull request 'Add support for php8.2' (#81 ) from unstable into master Reviewed-on: #81	2023-03-31 13:11:36 +02:00
Brice Waegeneire	a7f718c073	Add support for php8.2	2023-03-31 13:07:39 +02:00