blob: 5e5c22978b33e172630068b336685f094ffde4d9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
post_install() {
# => create user
getent group zarafa &>/dev/null || groupadd -r zarafa
getent passwd zarafa &>/dev/null || useradd -r -c 'Zarafa Groupware Suite' -g zarafa -d /dev/null -s /bin/false zarafa
passwd -l zarafa &>/dev/null
if [ ! -d "/var/lib/mysql" ]
then
# => create database
mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
systemctl start mysqld
# => prepare database
mysql -u root -e "CREATE DATABASE IF NOT EXISTS zarafa; GRANT ALL PRIVILEGES ON zarafa.* TO zarafa@localhost IDENTIFIED BY 'zarafa'; SET GLOBAL max_allowed_packet=16777216;"
else
# => show instructions
echo ">>> MySQL user zarafa, with unrestricted access to a "zarafa" database, must exist"
echo " > CREATE DATABASE IF NOT EXISTS zarafa;"
echo " > GRANT ALL PRIVILEGES ON zarafa.* TO zarafa@localhost IDENTIFIED BY 'zarafa';"
echo ">>> Run /usr/bin/mysql_secure_installation"
echo
echo ">>> Ensure the GLOBAL MySQL variable, max_allowed_packet, is >= 16MB, or is SESSION writable"
echo " > SET GLOBAL max_allowed_packet=16777216;"
echo
echo ">>> Log files located at /var/log/zarafa"
fi
# => set permission (PWD)
chown zarafa:zarafa -R /var/log/zarafa
chown zarafa:zarafa -R /var/lib/zarafa
# => copy example configs to their active locations
for cfg in ${pkgdir}/usr/share/doc/zarafa/example-config/*.cfg; do
cp -n ${cfg} /etc/zarafa
done
# => create ssl key and certificate (SSL)
if [ ! -f "/etc/ssl/private/zarafa.key" ]
then
# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
# https://cipherli.st/
# http://www.shellhacks.com/en/HowTo-Create-CSR-using-OpenSSL-Without-Prompt-Non-Interactive
echo ">>> Creating default key and certificate to /etc/ssl/private/zarafa.*"
openssl genrsa -out /etc/ssl/private/zarafa.key 4096
openssl req -new -sha512 -key /etc/ssl/private/zarafa.key -out /tmp/zarafa.csr -subj "/CN=localhost"
openssl x509 -req -days 3650 -in /tmp/zarafa.csr -signkey /etc/ssl/private/zarafa.key -out /etc/ssl/private/zarafa.crt
# trust own certificate for later connections
find -L /etc/ssl/certs -samefile /etc/ssl/private/zarafa.crt -exec rm {} \;
ln -s /etc/ssl/private/zarafa.crt /etc/ssl/certs/zarafa.crt
ln -s /etc/ssl/private/zarafa.crt /etc/ssl/certs/$(openssl x509 -noout -hash -in /etc/ssl/certs/zarafa.crt).0
update-ca-trust
fi
# => create diffie hellman (PFS)
if [ ! -f "/etc/ssl/private/zarafa.dh" ]
then
echo ">>> Creating default dh file to /etc/ssl/private/zarafa.*"
openssl dhparam -out /etc/ssl/private/zarafa.dh 512
fi
# => set permission (SSL)
echo ">>> Setting permissions to /etc/ssl/private/zarafa.*"
chmod go-rwx /etc/ssl/private/zarafa.*
chmod u+rw /etc/ssl/private/zarafa.*
chown root:root /etc/ssl/private/zarafa.*
}
post_upgrade() {
# post_install $1
}
pre_remove() {
userdel zarafa &> /dev/null
groupdel zarafa &> /dev/null
return 0
}
|