ソースを参照

Merge branch 'stretch' of https://github.com/bashrc/freedombone

Bob Mottram 7 年 前
コミット
316fd0d317

+ 0
- 52
image_build/mod_omemo_all_access.lua ファイルの表示

@@ -1,55 +0,0 @@
1
---
2
---
3
-
4
-local jid_bare = require "util.jid".bare;
5
-local st = require "util.stanza"
6
-local white_listed_namespace = "eu.siacs.conversations.axolotl."
7
-local disco_feature_namespace = white_listed_namespace .. "whitelisted"
8
-
9
-local mod_pep = module:depends"pep";
10
-local pep_data = mod_pep.module.save().data;
11
-
12
-local function on_account_disco_info(event)
13
-	(event.reply or event.stanza):tag("feature", {var=disco_feature_namespace}):up();
14
-end
15
-
16
-local function on_pep_request(event)
17
-	local session, stanza = event.origin, event.stanza
18
-	local payload = stanza.tags[1];
19
-	if stanza.attr.type == 'get' then
20
-		local node, requested_id;
21
-		payload = payload.tags[1]
22
-		if payload and payload.name == 'items' then
23
-			node = payload.attr.node
24
-			local item = payload.tags[1];
25
-			if item and item.name == 'item' then
26
-				requested_id = item.attr.id;
27
-			end 
28
-		end
29
-		if node and string.sub(node,1,string.len(white_listed_namespace)) == white_listed_namespace then
30
-			local user = stanza.attr.to and jid_bare(stanza.attr.to) or session.username..'@'..session.host;
31
-			local user_data = pep_data[user];
32
-			if user_data and user_data[node] then
33
-				local id, item = unpack(user_data[node]);
34
-				if not requested_id or id == requested_id then
35
-					local stanza = st.reply(stanza)
36
-						:tag('pubsub', {xmlns='http://jabber.org/protocol/pubsub'})
37
-							:tag('items', {node=node})
38
-								:add_child(item)
39
-							:up()
40
-						:up();
41
-					session.send(stanza);
42
-					module:log("debug","provided access to omemo node",node)
43
-					return true;
44
-				end
45
-			end
46
-			module:log("debug","requested node was white listed", node)
47
-		end
48
-	end
49
-end
50
-
51
-module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", on_pep_request, 10);
52
-module:hook("account-disco-info", on_account_disco_info);

バイナリ
image_build/prosody-modules-20170514.tar.gz ファイルの表示


バイナリ
image_build/prosody-modules-20180104.tar.gz ファイルの表示


+ 21
- 8
src/freedombone-app-fedwiki ファイルの表示

@@ -16,7 +16,7 @@
16 16
 # License
17 17
 # =======
18 18
 #
19
-# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
19
+# Copyright (C) 2017-2018 Bob Mottram <bob@freedombone.net>
20 20
 #
21 21
 # This program is free software: you can redistribute it and/or modify
22 22
 # it under the terms of the GNU Affero General Public License as published by
@@ -31,7 +31,7 @@
31 31
 # You should have received a copy of the GNU Affero General Public License
32 32
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
33 33
 
34
-VARIANTS=""
34
+VARIANTS='full full-vim writer'
35 35
 
36 36
 IN_DEFAULT_INSTALL=0
37 37
 SHOW_ON_ABOUT=1
@@ -141,7 +141,11 @@ function change_password_fedwiki {
141 141
         echo $'Fedwiki password is too short'
142 142
         return
143 143
     fi
144
-    #${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
144
+    ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
145
+    sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
146
+    systemctl daemon-reload
147
+    systemctl restart fedwiki
148
+    write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
145 149
 }
146 150
 
147 151
 function reconfigure_fedwiki {
@@ -422,7 +426,7 @@ function install_fedwiki {
422 426
     FEDWIKI_ONION_HOSTNAME=$(add_onion_service fedwiki 80 ${FEDWIKI_ONION_PORT})
423 427
 
424 428
     if [ ! $FEDWIKI_COOKIE ]; then
425
-        FEDWIKI_COOKIE="$(create_password 30)$(create_password 30)$(create_password 30)"
429
+        FEDWIKI_COOKIE="$(create_password 30)"
426 430
     fi
427 431
 
428 432
     echo '[Unit]' > /etc/systemd/system/fedwiki.service
@@ -434,7 +438,7 @@ function install_fedwiki {
434 438
     echo 'User=fedwiki' >> /etc/systemd/system/fedwiki.service
435 439
     echo 'Group=fedwiki' >> /etc/systemd/system/fedwiki.service
436 440
     echo "WorkingDirectory=/usr/local/lib/node_modules/wiki" >> /etc/systemd/system/fedwiki.service
437
-    echo "ExecStart=/usr/local/bin/wiki --security_type friends --cookieSecret '${FEDWIKI_COOKIE}' --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT" >> /etc/systemd/system/fedwiki.service
441
+    echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'" >> /etc/systemd/system/fedwiki.service
438 442
     echo 'StandardOutput=syslog' >> /etc/systemd/system/fedwiki.service
439 443
     echo 'StandardError=syslog' >> /etc/systemd/system/fedwiki.service
440 444
     echo 'SyslogIdentifier=fedwiki' >> /etc/systemd/system/fedwiki.service
@@ -444,13 +448,22 @@ function install_fedwiki {
444 448
     echo '[Install]' >> /etc/systemd/system/fedwiki.service
445 449
     echo 'WantedBy=multi-user.target' >> /etc/systemd/system/fedwiki.service
446 450
 
451
+    if [ ! -d ${FEDWIKI_DATA}/status ]; then
452
+        mkdir -p ${FEDWIKI_DATA}/status
453
+    fi
454
+    fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
455
+    echo '{' > $fedwiki_auth_file
456
+    echo "  \"name\": \"${MY_USERNAME}\"," >> $fedwiki_auth_file
457
+    echo '  \"friend\": {' >> $fedwiki_auth_file
458
+    echo "    \"secret\": \"${FEDWIKI_COOKIE}\"" >> $fedwiki_auth_file
459
+    echo '  }' >> $fedwiki_auth_file
460
+    echo '}' >> $fedwiki_auth_file
461
+
447 462
     chown -R fedwiki:fedwiki $FEDWIKI_DATA
448 463
 
449 464
     fedwiki_setup_web
450 465
 
451
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a fedwiki -p "$FEDWIKI_ADMIN_PASSWORD"
452
-
453
-    fedwiki_auth_file=/var/lib/fedwiki/status/owner.json
466
+    ${PROJECT_NAME}-pass -u $MY_USERNAME -a fedwiki -p "$FEDWIKI_COOKIE"
454 467
 
455 468
     function_check add_ddns_domain
456 469
     add_ddns_domain $FEDWIKI_DOMAIN_NAME

+ 1
- 1
src/freedombone-app-pihole ファイルの表示

@@ -47,7 +47,7 @@ PIHOLE_BLACKLIST=$piholeDir/blacklist.txt
47 47
 PIHOLE_WHITELIST=$piholeDir/whitelist.txt
48 48
 
49 49
 PIHOLE_REPO="https://github.com/pi-hole/pi-hole"
50
-PIHOLE_COMMIT='2ceeac41fe8e493f9040b54a7c82f1183ecf5566'
50
+PIHOLE_COMMIT='e602008459128c233899b1e9d70cca0f38f41670'
51 51
 
52 52
 pihole_variables=(ONION_ONLY
53 53
                   PIHOLE_IFACE

+ 11
- 42
src/freedombone-app-xmpp ファイルの表示

@@ -47,8 +47,8 @@ prosody_filename=prosody-${prosody_latest_version}-1nightly${prosody_nightly}
47 47
 prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest/${prosody_filename}.tar.gz"
48 48
 
49 49
 # From https://hg.prosody.im/prosody-modules
50
-prosody_modules_filename='prosody-modules-20170514.tar.gz'
51
-prosody_modules_hash='ef404c203317cc0de6da7aaec4f21765a57f630adfbf082cf2dd92b881c15f86'
50
+prosody_modules_filename='prosody-modules-20180104.tar.gz'
51
+prosody_modules_hash='7c81b4ed8a90130b4db5902dc1f299ad1c4dab57a0970552b71cb2042a490bc1'
52 52
 
53 53
 xmpp_variables=(ONION_ONLY
54 54
                 INSTALLED_WITHIN_DOCKER
@@ -326,46 +326,6 @@ function update_prosody_modules {
326 326
         return
327 327
     fi
328 328
 
329
-    # This module is a workaround for OMEMO within group chat
330
-    # See https://github.com/iNPUTmice/omemo_all_access
331
-    if [ -f ~/freedombone/image_build/mod_omemo_all_access.lua ]; then
332
-        if [ ! -d /var/lib/prosody/prosody-modules ]; then
333
-            mkdir -p /var/lib/prosody/prosody-modules
334
-        fi
335
-
336
-        copy_omemo_all_access=1
337
-        if [ -f /usr/lib/prosody/modules/mod_omemo_all_access.lua ]; then
338
-            curr_hash=$(sha256sum /usr/lib/prosody/modules/mod_omemo_all_access.lua)
339
-            new_hash=$(sha256sum ~/freedombone/image_build/mod_omemo_all_access.lua)
340
-            if [[ "$curr_hash" == "$new_hash" ]]; then
341
-                copy_omemo_all_access=
342
-            fi
343
-        fi
344
-
345
-        if [ $copy_omemo_all_access ]; then
346
-            systemctl stop prosody
347
-            cp ~/freedombone/image_build/mod_omemo_all_access.lua /var/lib/prosody/prosody-modules/mod_omemo_all_access.lua
348
-            cp ~/freedombone/image_build/mod_omemo_all_access.lua /usr/lib/prosody/modules/mod_omemo_all_access.lua
349
-
350
-            chmod +x /var/lib/prosody/prosody-modules/mod_omemo_all_access.lua
351
-            chmod +x /usr/lib/prosody/modules/mod_omemo_all_access.lua
352
-
353
-            if ! grep -q "omemo_all_access" /etc/prosody/prosody.cfg.lua; then
354
-                sed -i '/"pep";/a "omemo_all_access"; -- Fix for PEP with OMEMO' /etc/prosody/prosody.cfg.lua
355
-                sed -i 's|"omemo_all_access";|  "omemo_all_access";|g' /etc/prosody/prosody.cfg.lua
356
-            fi
357
-
358
-            if ! grep -q "omemo_all_access" /etc/prosody/conf.avail/xmpp.cfg.lua; then
359
-                sed -i '/"pep";/a "omemo_all_access"; -- Fix for PEP with OMEMO' /etc/prosody/conf.avail/xmpp.cfg.lua
360
-                sed -i 's|"omemo_all_access";|  "omemo_all_access";|g' /etc/prosody/conf.avail/xmpp.cfg.lua
361
-            fi
362
-
363
-            chown -R prosody:prosody /var/lib/prosody/prosody-modules
364
-            chown -R prosody:prosody /usr/lib/prosody/modules
365
-            systemctl start prosody
366
-        fi
367
-    fi
368
-
369 329
     if [ ! -f $INSTALL_DIR/$prosody_modules_filename ]; then
370 330
         # Obtain the modules
371 331
         if [ -f ~/freedombone/image_build/$prosody_modules_filename ]; then
@@ -413,6 +373,15 @@ function update_prosody_modules {
413 373
         sed -i '/"pep"/a "vcard";' /etc/prosody/prosody.cfg.lua
414 374
         systemctl start prosody
415 375
     fi
376
+    if ! grep -q "omemo_all_access" /etc/prosody/prosody.cfg.lua; then
377
+        sed -i '/"pep";/a "omemo_all_access"; -- Fix for PEP with OMEMO' /etc/prosody/prosody.cfg.lua
378
+        sed -i 's|"omemo_all_access";|  "omemo_all_access";|g' /etc/prosody/prosody.cfg.lua
379
+    fi
380
+
381
+    if ! grep -q "omemo_all_access" /etc/prosody/conf.avail/xmpp.cfg.lua; then
382
+        sed -i '/"pep";/a "omemo_all_access"; -- Fix for PEP with OMEMO' /etc/prosody/conf.avail/xmpp.cfg.lua
383
+        sed -i 's|"omemo_all_access";|  "omemo_all_access";|g' /etc/prosody/conf.avail/xmpp.cfg.lua
384
+    fi
416 385
 }
417 386
 
418 387
 function prosody_daemon_restart_script {

+ 1
- 1
src/freedombone-upgrade ファイルの表示

@@ -96,7 +96,7 @@ if [ -d $PROJECT_DIR ]; then
96 96
         apt-get -yq -t stretch-backports install certbot
97 97
         email_install_tls
98 98
         email_disable_chunking
99
-        defrag_filesystem
99
+        #defrag_filesystem
100 100
     fi
101 101
 fi
102 102
 

+ 33
- 10
src/freedombone-utils-web ファイルの表示

@@ -861,12 +861,27 @@ function update_default_domain {
861 861
             fi
862 862
         fi
863 863
 
864
-        if [ -d /etc/dovecot ]; then
865
-            if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
866
-                if ! grep -q "ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
867
-                    sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
868
-                    sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
869
-                    systemctl restart dovecot
864
+        if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
865
+            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
866
+                if [ -d /etc/dovecot ]; then
867
+                    if ! grep -q "ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
868
+                        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
869
+                        sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
870
+                        systemctl restart dovecot
871
+                    fi
872
+                fi
873
+
874
+                if [ -d /etc/exim4 ]; then
875
+                    cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem /etc/exim4/
876
+                    chown root:Debian-exim /etc/exim4/*.pem
877
+                    chmod 640 /etc/exim4/*.pem
878
+
879
+                    sed -i "s|MAIN_TLS_CERTIFICATE =.*|MAIN_TLS_CERTIFICATE = /etc/exim4/fullchain.pem|g" /etc/exim4/conf.d/main/03_exim4-config_tlsoptions
880
+                    sed -i "s|MAIN_TLS_CERTIFICATE =.*|MAIN_TLS_CERTIFICATE = /etc/exim4/fullchain.pem|g" /etc/exim4/exim4.conf.template
881
+                    sed -i "s|MAIN_TLS_PRIVATEKEY =.*|MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem|g" /etc/exim4/conf.d/main/03_exim4-config_tlsoptions
882
+                    sed -i "s|MAIN_TLS_PRIVATEKEY =.*|MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem|g" /etc/exim4/exim4.conf.template
883
+
884
+                    systemctl restart exim4
870 885
                 fi
871 886
             fi
872 887
         fi
@@ -1026,14 +1041,22 @@ function email_install_tls {
1026 1041
         email_config_changed=1
1027 1042
     fi
1028 1043
     if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
1029
-        if ! grep -q "MAIN_TLS_CERTKEY = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" $tls_config_file; then
1030
-            sed -i "/.ifdef MAIN_TLS_CERTKEY/i\MAIN_TLS_CERTKEY = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" $tls_config_file
1044
+        cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem /etc/exim4/
1045
+        chown root:Debian-exim /etc/exim4/*.pem
1046
+        chmod 640 /etc/exim4/*.pem
1047
+
1048
+        if ! grep -q "MAIN_TLS_CERTIFICATE = /etc/exim4/fullchain.pem" $tls_config_file; then
1049
+            sed -i "/.ifdef MAIN_TLS_CERTKEY/i\MAIN_TLS_CERTIFICATE = /etc/exim4/fullchain.pem" $tls_config_file
1031 1050
             email_config_changed=1
1032 1051
         fi
1033 1052
     fi
1034 1053
     if [ -f /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key ]; then
1035
-        if ! grep -q "MAIN_TLS_PRIVATEKEY = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" $tls_config_file; then
1036
-            sed -i "/.ifndef MAIN_TLS_PRIVATEKEY/i\MAIN_TLS_PRIVATEKEY = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" $tls_config_file
1054
+        cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem /etc/exim4/
1055
+        chown root:Debian-exim /etc/exim4/*.pem
1056
+        chmod 640 /etc/exim4/*.pem
1057
+
1058
+        if ! grep -q "MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem" $tls_config_file; then
1059
+            sed -i "/.ifndef MAIN_TLS_PRIVATEKEY/i\MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem" $tls_config_file
1037 1060
             email_config_changed=1
1038 1061
         fi
1039 1062
     fi