diff --git a/.github/workflows/build-lxd.yml b/.github/workflows/build-lxd.yml index 254aa366c..77e3235be 100644 --- a/.github/workflows/build-lxd.yml +++ b/.github/workflows/build-lxd.yml @@ -159,6 +159,7 @@ jobs: env: USE_INCUS: "${{ needs.determine-runner.outputs.lxc_cmd == 'incus' && 'yes' || 'no' }}" run: | + set -x export CI LXD_EXTRA_PROFILE="$LXD_EXTRA_PROFILE" BRANCH="${VERSION##refs/heads/}" ./build/build-LXD.sh - name: Pack LXD image @@ -269,16 +270,16 @@ jobs: export FF_BINARY_PATH="$(which firefox)" sudo "$LXC" exec ncp -- /usr/local/bin/ncc config:system:set overwrite.cli.url --value "https://nextcloudpi.local" sudo "$LXC" exec ncp -- bash -c 'tail -f /var/log/ncp.log' |& awk '{ print "NCP::" $0 }' & - ../.venv/bin/python activation_tests.py --no-gui "nextcloudpi.local" 443 4443 || { + ../.venv/bin/python activation_tests.py -t 300 --no-gui "nextcloudpi.local" 443 4443 || { echo "Activation test failed!" echo "Geckodriver logs:" tail -n 20 geckodriver.log >&2 || true echo "================" echo "ncp.log: " - sudo "$LXC" exec ncp -- bash -c "tail -n20 /var/log/ncp.log" || true + sudo "$LXC" exec ncp -- bash -c "cat /var/log/ncp.log" || true echo "================" echo "nextcloud log: " - datadir="$("$LXC" exec ncp -- ncc config:system:get datadirectory)" + datadir="$(sudo "$LXC" exec ncp -- ncc config:system:get datadirectory)" sudo "$LXC" exec ncp -- cat "$datadir/nextcloud.log" || true exit 1 } @@ -295,7 +296,7 @@ jobs: sudo "$LXC" exec ncp -- cat "$datadir/nextcloud.log" || true exit 1 } - USE_INCUS="$USE_INCUS" python system_tests.py --non-interactive --skip-update-test || { + USE_INCUS="$USE_INCUS" ../.venv/bin/python system_tests.py --non-interactive --skip-update-test || { echo "System test failed!" exit 1 } @@ -321,7 +322,17 @@ jobs: sudo "$LXC" exec ncp -- bash -c "DBG=x ncp-update ${UPDATE_ARGS[*]}" sudo "$LXC" exec ncp -- /usr/local/bin/ncc status - if [[ "$current_nc_version" =~ "$latest_nc_version".* ]] + latest_build="${latest_nc_version#*.}" + latest_build="${latest_build#*.}" + + if [[ "$current_nc_version" =~ ^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*$ ]] + then + current_nc_version="${current_nc_version%.*}" + fi + current_build="${current_nc_version#*.}" + current_build="${current_build#*.}" + + if [[ "${current_nc_version%.*}" == "${latest_nc_version%.*}" ]] && [[ "${current_build}" -ge "${latest_build}" ]] then echo "Nextcloud is up to date - skipping NC update test." else @@ -393,7 +404,6 @@ jobs: sudo "$LXC" stop ncp test-dist-upgrade: - if: false needs: - determine-runner runs-on: ${{ needs.determine-runner.outputs.runner_label }} @@ -401,8 +411,8 @@ jobs: VERSION: "${{ inputs.git_ref || github.ref }}" LXC: "${{ needs.determine-runner.outputs.lxc_cmd }}" LXD_EXTRA_PROFILE: "${{ needs.determine-runner.outputs.lxd_extra_profile }}" - PREVIOUS_IMAGE_URL_ARM64: "https://github.com/nextcloud/nextcloudpi/releases/download/v1.53.2/NextcloudPi_LXD_arm64_v1.53.2.tar.gz" - PREVIOUS_IMAGE_URL_AMD64: "https://github.com/nextcloud/nextcloudpi/releases/download/v1.53.2/NextCloudPi_LXD_x86_v1.53.2.tar.gz" + PREVIOUS_IMAGE_URL_ARM64: "https://github.com/nextcloud/nextcloudpi/releases/download/v1.57.1/NextcloudPi_LXD_arm64_v1.57.1.tar.gz" + PREVIOUS_IMAGE_URL_AMD64: "https://github.com/nextcloud/nextcloudpi/releases/download/v1.57.1/NextCloudPi_LXD_x86_v1.57.1.tar.gz" USE_INCUS: "${{ needs.determine-runner.outputs.lxc_cmd == 'incus' && 'yes' || 'no' }}" steps: - name: Setup incus @@ -416,7 +426,7 @@ jobs: - name: Checkout code uses: actions/checkout@v3 with: - ref: "v1.54.3" + ref: "v1.57.1" - name: Setup Firefox if: ${{ runner.arch != 'ARM64' }} continue-on-error: true @@ -425,6 +435,7 @@ jobs: - name: Setup Firefox from packages if: ${{ runner.arch == 'ARM64' || steps.setup-firefox-browser-action.outcome == 'failure' }} run: | + sudo apt-get update sudo apt-get install -y --no-install-recommends firefox - name: Setup GeckoDriver env: @@ -458,8 +469,9 @@ jobs: - name: Launch ncp container run: | set -x + . ./build/buildlib.sh sudo "$LXC" delete -q -f ncp || true - sudo "$LXC" image import -q "./ncp.tar.gz" --alias "ncp/update" + sudo "$LXC" image import -q "./ncp.tar.gz" --alias "ncp/update" || true LXC_ARGS=(-p default) [[ -z "$LXD_EXTRA_PROFILE" ]] || LXC_ARGS+=(-p "$LXD_EXTRA_PROFILE") systemd-run --user --scope -p "Delegate=yes" "$LXC" launch -q "${LXC_ARGS[@]}" "ncp/update" ncp || \ @@ -477,6 +489,7 @@ jobs: set -x export GECKODRIVER_PATH="$GECKODRIVER_PATH" export FF_BINARY_PATH="$(which firefox)" + sudo "$LXC" exec ncp -- /usr/local/bin/ncc config:system:set overwrite.cli.url --value "https://nextcloudpi.local" sudo "$LXC" exec ncp -- bash -c 'tail -f /var/log/ncp.log' |& awk '{ print "NCP::" $0 }' & ../.venv/bin/python activation_tests.py --no-gui "nextcloudpi.local" 443 4443 || { echo "Activation test failed!" @@ -485,6 +498,10 @@ jobs: echo "================" echo "ncp.log: " sudo "$LXC" exec ncp -- bash -c "tail -n20 /var/log/ncp.log" || true + echo "================" + echo "nextcloud log: " + datadir="$(sudo "$LXC" exec ncp -- ncc config:system:get datadirectory)" + sudo "$LXC" exec ncp -- cat "$datadir/nextcloud.log" || true exit 1 } ../.venv/bin/python nextcloud_tests.py --skip-release-check --no-gui "nextcloudpi.local" 443 4443 || { @@ -528,22 +545,34 @@ jobs: echo "Running update to ${VERSION}" current_nc_version="$(sudo "$LXC" exec ncp -- ncc status | grep "version:" | awk '{ print $3 }')" - latest_nc_version="29.0.9" - - sudo "$LXC" exec ncp -- apt-get update ||: - sudo "$LXC" exec ncp -- apt-get install --no-install-recommends -y gnupg2 - sudo "$LXC" exec ncp -- apt-key adv --fetch-keys https://packages.sury.org/php/apt.gpg - + latest_nc_version="33.0.3" + sudo "$LXC" exec ncp -- bash -c "DBG=x ncp-update ${UPDATE_ARGS[*]}" sudo "$LXC" exec ncp -- /usr/local/bin/ncc status - #if [[ "$current_nc_version" =~ "$latest_nc_version".* ]] - #then - # echo "Nextcloud is up to date - skipping NC update test." - #else - # sudo "$LXC" exec ncp -- bash -c "DBG=x ncp-update-nc ${latest_nc_version?}" - # sudo "$LXC" exec ncp -- /usr/local/bin/ncc status - #fi + if [[ "$current_nc_version" =~ "$latest_nc_version".* ]] + then + echo "Nextcloud is up to date - skipping NC update test." + else + for i in {1..10} + do + echo "running nc update $i/10..." + sudo "$LXC" exec ncp -- bash -c "DBG=x ncp-update-nc ${latest_nc_version?}" + sudo "$LXC" exec ncp -- /usr/local/bin/ncc status + current_nc_version_new="$(sudo "$LXC" exec ncp -- ncc status | grep "version:" | awk '{ print $3 }')" + + if [[ "$current_nc_version_new" =~ "$latest_nc_version".* ]] + then + break + fi + if [[ "$current_nc_version" == "$current_nc_version_new" ]] + then + echo "failed to update to $latest_nc_version" + exit 1 + fi + current_nc_version="$current_nc_version_new" + done + fi sudo "$LXC" exec ncp -- rm -f /opt/ncdata/data/nextcloud.log @@ -564,9 +593,22 @@ jobs: - name: Test LXD Image working-directory: ./tests run: | + set -x + sudo "$LXC" exec ncp -- bash -c 'tail -f /var/log/ncp.log' |& awk '{ print "NCP::" $0 }' & export GECKODRIVER_PATH="$GECKODRIVER_PATH" export FF_BINARY_PATH="$(which firefox)" - ../.venv/bin/python nextcloud_tests.py --no-gui --skip-release-check "nextcloudpi.local" 443 4443 || { + + USE_INCUS="$USE_INCUS" ../.venv/bin/python system_tests.py --skip-update-test --non-interactive || { + echo "System test failed!" + echo "ncp.log: " + sudo "$LXC" exec ncp -- bash -c "tail -n20 /var/log/ncp.log" || true + echo "================" + echo "nextcloud log: " + datadir="$(sudo "$LXC" exec ncp -- ncc config:system:get datadirectory)" + sudo "$LXC" exec ncp -- cat "$datadir/nextcloud.log" || true + exit 1 + } + ../.venv/bin/python nextcloud_tests.py --no-gui "nextcloudpi.local" 443 4443 || { echo "Nextcloud test failed!" echo "Geckodriver logs:" tail -n 20 geckodriver.log >&2 || true @@ -579,11 +621,6 @@ jobs: sudo "$LXC" exec ncp -- cat "$datadir/nextcloud.log" || true exit 1 } - sudo "$LXC" exec ncp -- bash -c 'tail -f /var/log/ncp.log' |& awk '{ print "NCP::" $0 }' & - USE_INCUS="$USE_INCUS" ../.venv/bin/python system_tests.py --non-interactive --skip-update-test || { - echo "System test failed!" - exit 1 - } - name: Checkout current version run: | git fetch origin @@ -592,7 +629,7 @@ jobs: id: distupgrade run: | set -x - sudo "$LXC" exec ncp -- cat /etc/os-release | grep 'VERSION_ID="11"' || { + sudo "$LXC" exec ncp -- cat /etc/os-release | grep 'VERSION_ID="12"' || { echo "can't upgrade from Debian $(sudo "$LXC" exec ncp -- cat /etc/os-release | grep VERSION_ID=)" exit 1 } @@ -602,18 +639,27 @@ jobs: sudo "$LXC" exec ncp -- bash -c "DEBIAN_FRONTEND=noninteractive ncp-dist-upgrade" sudo "$LXC" exec ncp -- /usr/local/bin/ncc status - if [[ "$current_nc_version" =~ "$latest_nc_version".* ]] + latest_build="${latest_nc_version#*.}" + latest_build="${latest_build#*.}" + + if [[ "$current_nc_version" =~ ^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*$ ]] + then + current_nc_version="${current_nc_version%.*}" + fi + current_build="${current_nc_version#*.}" + current_build="${current_build#*.}" + + if [[ "${current_nc_version%.*}" == "${latest_nc_version%.*}" ]] && [[ "${current_build}" -ge "${latest_build}" ]] then echo "Nextcloud is up to date - skipping NC update test." else - - for i in {1..10}; + for i in {1..10} do - echo "running nc update ($i/10)..." + echo "running nc update $i/10..." sudo "$LXC" exec ncp -- bash -c "DBG=x ncp-update-nc ${latest_nc_version?}" - sudo "$LXC" exec ncp -- /usr/local/bin/ncc status current_nc_version_new="$(sudo "$LXC" exec ncp -- ncc status | grep "version:" | awk '{ print $3 }')" + if [[ "$current_nc_version_new" =~ "$latest_nc_version".* ]] then break @@ -632,10 +678,8 @@ jobs: - name: Relaunch container run: | set -x - LXC_ARGS=() - [[ -z "$LXD_EXTRA_PROFILE" ]] || LXC_ARGS+=(-p "$LXD_EXTRA_PROFILE") - systemd-run --user --scope -p "Delegate=yes" "$LXC" start ncp || \ - sudo systemd-run --scope -p "Delegate=yes" "$LXC" start ncp + systemd-run --user --scope -p "Delegate=yes" "$LXC" start -q ncp || \ + sudo systemd-run --scope -p "Delegate=yes" "$LXC" start -q ncp sudo "$LXC" exec ncp -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done' sleep 30 ip="$(sudo "$LXC" list -c n4 -f csv | grep '^ncp' | cut -d ',' -f2)" @@ -646,9 +690,20 @@ jobs: working-directory: ./tests run: | set -x + sudo "$LXC" exec ncp -- bash -c 'tail -f /var/log/ncp.log' |& awk '{ print "NCP::" $0 }' & export GECKODRIVER_PATH="$GECKODRIVER_PATH" export FF_BINARY_PATH="$(which firefox)" - sudo "$LXC" exec ncp -- bash -c 'tail -f /var/log/ncp.log' |& awk '{ print "NCP::" $0 }' & + + USE_INCUS="$USE_INCUS" ../.venv/bin/python system_tests.py --skip-update-test --non-interactive || { + echo "System test failed!" + echo "ncp.log: " + sudo "$LXC" exec ncp -- bash -c "tail -n20 /var/log/ncp.log" || true + echo "================" + echo "nextcloud log: " + datadir="$(sudo "$LXC" exec ncp -- ncc config:system:get datadirectory)" + sudo "$LXC" exec ncp -- cat "$datadir/nextcloud.log" || true + exit 1 + } ../.venv/bin/python nextcloud_tests.py --no-gui "nextcloudpi.local" 443 4443 || { echo "Nextcloud test failed!" echo "Geckodriver logs:" @@ -662,10 +717,6 @@ jobs: sudo "$LXC" exec ncp -- cat "$datadir/nextcloud.log" || true exit 1 } - USE_INCUS="$USE_INCUS" ../.venv/bin/python system_tests.py --non-interactive || { - echo "System test failed!" - exit 1 - } sudo "$LXC" stop ncp test-fresh-install: @@ -767,7 +818,7 @@ jobs: sudo "$LXC" exec ncp -- bash -c "tail -n20 /var/log/ncp.log" || true echo "================" echo "nextcloud log: " - datadir="$("$LXC" exec ncp -- ncc config:system:get datadirectory)" + datadir="$(sudo "$LXC" exec ncp -- ncc config:system:get datadirectory)" sudo "$LXC" exec ncp -- cat "$datadir/nextcloud.log" || true exit 1 } diff --git a/.github/workflows/build-sd-images.yml b/.github/workflows/build-sd-images.yml index 9f8356d70..c0ddc18c5 100644 --- a/.github/workflows/build-sd-images.yml +++ b/.github/workflows/build-sd-images.yml @@ -178,12 +178,12 @@ jobs: echo 'Mutex posixsem' | sudo tee -a raspbian_root/etc/apache2/mods-available/ssl.conf echo 'ignore-warnings ARM64-COW-BUG' | sudo tee -a raspbian_root/etc/redis/redis.conf sudo mkdir -p raspbian_root/etc/systemd/system/redis-server.service.d - echo '[Service]' | sudo tee raspbian_root/etc/systemd/system/redis-server.service.d/ncp.conf - echo 'PrivateUsers=false' | sudo tee -a raspbian_root/etc/systemd/system/redis-server.service.d/ncp.conf + echo '[Service]' | sudo tee raspbian_root/etc/systemd/system/redis-server.service.d/ncp-ci.conf + echo 'PrivateUsers=false' | sudo tee -a raspbian_root/etc/systemd/system/redis-server.service.d/ncp-ci.conf sudo mkdir -p raspbian_root/etc/systemd/system/php8.3-fpm.service.d - echo '[Service]' | sudo tee raspbian_root/etc/systemd/system/php8.3-fpm.service.d/ncp.conf - echo 'ExecStartPre=mkdir -p /var/run/php' | sudo tee -a raspbian_root/etc/systemd/system/php8.3-fpm.service.d/ncp.conf + echo '[Service]' | sudo tee raspbian_root/etc/systemd/system/php8.3-fpm.service.d/ncp-ci.conf + echo 'ExecStartPre=mkdir -p /var/run/php' | sudo tee -a raspbian_root/etc/systemd/system/php8.3-fpm.service.d/ncp-ci.conf - name: Test image id: test run: | @@ -421,8 +421,8 @@ jobs: # echo 'Mutex posixsem' | sudo tee -a raspbian_root/etc/apache2/mods-available/ssl.conf # echo 'ignore-warnings ARM64-COW-BUG' | sudo tee -a raspbian_root/etc/redis/redis.conf # sudo mkdir -p raspbian_root/etc/systemd/system/redis-server.service.d -# echo '[Service]' | sudo tee raspbian_root/etc/systemd/system/redis-server.service.d/ncp.conf -# echo 'PrivateUsers=false' | sudo tee -a raspbian_root/etc/systemd/system/redis-server.service.d/ncp.conf +# echo '[Service]' | sudo tee raspbian_root/etc/systemd/system/redis-server.service.d/ncp-ci.conf +# echo 'PrivateUsers=false' | sudo tee -a raspbian_root/etc/systemd/system/redis-server.service.d/ncp-ci.conf # - name: Test and activate image # if: ${{ steps.download-previous-image.outputs.skipped == 'false' }} # id: test diff --git a/bin/ncp-dist-upgrade b/bin/ncp-dist-upgrade index 7c93def98..6cfb0038d 100755 --- a/bin/ncp-dist-upgrade +++ b/bin/ncp-dist-upgrade @@ -9,12 +9,38 @@ set -e . /etc/os-release +new_cfg=/usr/local/etc/ncp-recommended.cfg +[[ -f "${new_cfg}" ]] || { echo "Already on the latest recommended distribution. Abort." >&2; exit 1; } + +echo " +>>> ATTENTION <<< +This is a dangerous process that is only guaranteed to work properly if you +have not made manual changes in the system. Backup the SD card first and +proceed at your own risk. + +Note that this is not a requirement for NCP to continue working properly. +The current distribution will keep receiving updates for some time. + +Do you want to continue? [y/N]" + +if [[ "${DEBIAN_FRONTEND:-}" == "noninteractive" ]] || ! [[ -t 0 ]] +then + echo "Noninteractive environment detected. Automatically proceeding in 30 seconds..." + sleep 30 +else + read -n1 -r key + [[ "${key,,}" == y ]] || exit 0 +fi + if [[ "$VERSION_ID" -eq 10 ]] then UPGRADE_CMD=(bash /usr/local/bin/ncp-dist-upgrade.d/debian-10.sh) elif [[ "$VERSION_ID" -eq 11 ]] then UPGRADE_CMD=(bash /usr/local/bin/ncp-dist-upgrade.d/debian-11.sh) +elif [[ "$VERSION_ID" -eq 12 ]] +then + UPGRADE_CMD=(bash /usr/local/bin/ncp-dist-upgrade.d/debian-12.sh) else echo "No dist-upgrade available for OS version: Debian ${VERSION}." exit 0 diff --git a/bin/ncp-dist-upgrade.d/debian-10.sh b/bin/ncp-dist-upgrade.d/debian-10.sh index d63dee59f..d46dfc734 100644 --- a/bin/ncp-dist-upgrade.d/debian-10.sh +++ b/bin/ncp-dist-upgrade.d/debian-10.sh @@ -4,26 +4,6 @@ set -eu -o pipefail [[ -f /.dockerenv ]] && { echo "Not supported in Docker. Upgrade the container instead"; exit 0; } -new_cfg=/usr/local/etc/ncp-recommended.cfg -[[ -f "${new_cfg}" ]] || { echo "Already on the lastest recommended distribution. Abort." >&2; exit 1; } - -APTINSTALL="apt-get install -y --no-install-recommends" -export DEBIAN_FRONTEND=noninteractive - -echo " ->>> ATTENTION <<< -This is a dangerous process that is only guaranteed to work properly if you -have not made manual changes in the system. Backup the SD card first and -proceed at your own risk. - -Note that this is not a requirement for NCP to continue working properly. -The current distribution will keep receiving updates for some time. - -Do you want to continue? [y/N]" - -read key -[[ "$key" == y ]] || exit 0 - source /usr/local/etc/library.sh # sets NCPCFG RELEASE PHPVER old_cfg="${NCPCFG}" diff --git a/bin/ncp-dist-upgrade.d/debian-11.sh b/bin/ncp-dist-upgrade.d/debian-11.sh index 89513fd28..cb43cfb2f 100644 --- a/bin/ncp-dist-upgrade.d/debian-11.sh +++ b/bin/ncp-dist-upgrade.d/debian-11.sh @@ -1,30 +1,7 @@ - #!/bin/bash +#!/bin/bash set -eu -o pipefail -new_cfg=/usr/local/etc/ncp-recommended.cfg -[[ -f "${new_cfg}" ]] || { echo "Already on the lastest recommended distribution. Abort." >&2; exit 1; } - -echo " ->>> ATTENTION <<< -This is a dangerous process that is only guaranteed to work properly if you -have not made manual changes in the system. Backup the SD card first and -proceed at your own risk. - -Note that this is not a requirement for NCP to continue working properly. -The current distribution will keep receiving updates for some time. - -Do you want to continue? [y/N]" - -if [[ "${DEBIAN_FRONTEND:-}" == "noninteractive" ]] || ! [[ -t 0 ]] -then - echo "Noninteractive environment detected. Automatically proceeding in 30 seconds..." - sleep 30 -else - read -n1 -r key - [[ "${key,,}" == y ]] || exit 0 -fi - export DEBIAN_FRONTEND=noninteractive source /usr/local/etc/library.sh @@ -66,8 +43,8 @@ sudo apt-get --purge autoremove -y apt-get install -y --no-install-recommends exfatprogs #mkdir -p /etc/systemd/system/php8.1-fpm.service.d -#echo '[Service]' > /etc/systemd/system/php8.1-fpm.service.d/ncp.conf -#echo 'ExecStartPre=mkdir -p /var/run/php' >> /etc/systemd/system/php8.1-fpm.service.d/ncp.conf +#echo '[Service]' > /etc/systemd/system/php8.1-fpm.service.d/ncp-ci.conf +#echo 'ExecStartPre=mkdir -p /var/run/php' >> /etc/systemd/system/php8.1-fpm.service.d/ncp-ci.conf #[[ "$INIT_SYSTEM" != "systemd" ]] || { systemctl daemon-reload && systemctl restart php8.1-fpm; } restore_maintenance_mode diff --git a/bin/ncp-dist-upgrade.d/debian-12.sh b/bin/ncp-dist-upgrade.d/debian-12.sh new file mode 100644 index 000000000..142674b24 --- /dev/null +++ b/bin/ncp-dist-upgrade.d/debian-12.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +set -eu -o pipefail + +export DEBIAN_FRONTEND=noninteractive + +source /usr/local/etc/library.sh +is_more_recent_than "${PHPVER}.0" "8.2.0" || { + echo "You still have PHP version ${PHPVER} installed. Please update to the latest supported version of nextcloud (which will also update your PHP version) before proceeding with the distribution upgrade." + echo "Exiting." + exit 1 +} +save_maintenance_mode + +# Perform dist-upgrade +set -x + +# Make sure, PHP repo is properly setup +curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb +dpkg -i /tmp/debsuryorg-archive-keyring.deb +echo "deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list + +apt-get update +apt-get upgrade -y +for aptlist in /etc/apt/sources.list /etc/apt/sources.list.d/{php.list,armbian.list,raspi.list} +do + [ -f "$aptlist" ] && sed -i -e "s/bookworm/trixie/g" "$aptlist" +done +for aptlist in /etc/apt/sources.list.d/*.list +do + [[ "$aptlist" =~ "/etc/apt/sources.list.d/"(php|armbian|raspi)".list" ]] || { + echo "Disabling repositories from \"$aptlist\"" + sed -i -e "s/deb/#deb/g" "$aptlist" + } +done +apt-get update +apt-get upgrade -y dpkg +apt-get upgrade -y --without-new-pkgs + +apt-get full-upgrade -y +apt-get --purge autoremove -y + +restore_maintenance_mode +cfg="$(jq "." "$NCPCFG")" +cfg="$(jq ".release = \"trixie\"" <<<"$cfg")" +echo "$cfg" > "$NCPCFG" +rm -f /etc/update-motd.d/30ncp-dist-upgrade +rm -f /usr/local/etc/ncp-recommended.cfg + +echo "Update to Debian 13 (trixie) successful." + +is_active_app unattended-upgrades && { + echo "Setting up unattended upgrades..." + run_app unattended-upgrades || true + echo "done." +} \ No newline at end of file diff --git a/bin/ncp-update-nc.d/upgrade-php-bookworm-8.3.sh b/bin/ncp-update-nc.d/upgrade-php-bookworm-8.3.sh index c84c322a8..1a3c51479 100755 --- a/bin/ncp-update-nc.d/upgrade-php-bookworm-8.3.sh +++ b/bin/ncp-update-nc.d/upgrade-php-bookworm-8.3.sh @@ -57,10 +57,7 @@ install_template "php/opcache.ini.sh" "/etc/php/${PHPVER_NEW}/mods-available/opc a2enconf "php${PHPVER_NEW}-fpm" -[[ -f "/etc/systemd/system/php${PHPVER_OLD}-fpm.service.d/ncp.conf" ]] && { - mkdir -p "/etc/systemd/system/php${PHPVER_NEW}-fpm.service.d" - cp "/etc/systemd/system/php${PHPVER_OLD}-fpm.service.d/ncp.conf" "/etc/systemd/system/php${PHPVER_NEW}-fpm.service.d/ncp.conf" -} +install_template "systemd/php-fpm.service.d.ncp.conf.sh" "/etc/systemd/system/php${PHPVER_NEW}-fpm.service.d/ncp.conf" echo "Starting apache and php-fpm..." service "php${PHPVER_NEW}-fpm" start diff --git a/bin/ncp/CONFIG/nc-datadir.sh b/bin/ncp/CONFIG/nc-datadir.sh index 967516ffe..4a2ae35a8 100644 --- a/bin/ncp/CONFIG/nc-datadir.sh +++ b/bin/ncp/CONFIG/nc-datadir.sh @@ -112,6 +112,10 @@ configure() btrfs subvolume create "${BASEDIR}" } + # first set in config the new value, because occ checks if the current datadir exists + ncc config:system:set datadirectory --value="${DATADIR}" \ + || sed -i "s|'datadirectory' =>.*|'datadirectory' => '${DATADIR}',|" "${NCDIR?}"/config/config.php + # use encryption, if selected if is_active_app nc-encrypt; then # if we have encryption AND BTRFS, then store ncdata_enc in the subvolume @@ -123,10 +127,6 @@ configure() fi chown www-data: "${DATADIR}" - # datadir - ncc config:system:set datadirectory --value="${DATADIR}" \ - || sed -i "s|'datadirectory' =>.*|'datadirectory' => '${DATADIR}',|" "${NCDIR?}"/config/config.php - ncc config:system:set logfile --value="${DATADIR}/nextcloud.log" \ || sed -i "s|'logfile' =>.*|'logfile' => '${DATADIR}/nextcloud.log',|" "${NCDIR?}"/config/config.php set_ncpcfg datadir "${DATADIR}" diff --git a/bin/ncp/CONFIG/nc-init.sh b/bin/ncp/CONFIG/nc-init.sh index dcc83b61c..92ec85990 100644 --- a/bin/ncp/CONFIG/nc-init.sh +++ b/bin/ncp/CONFIG/nc-init.sh @@ -180,7 +180,6 @@ EOF if ! is_more_recent_than "21.0.0" "${ncver}"; then ncc app:install notify_push ncc app:enable notify_push - test -f /.ncp-image || start_notify_push # don't start during build fi # previews @@ -216,6 +215,9 @@ EOF test -f /.ncp-image || bash /usr/local/bin/nextcloud-domain.sh } + # start notify_push after NC is fully configured + test -f /.ncp-image || start_notify_push # don't start during build + # dettach mysql during the build if [[ "${db_pid}" != "" ]]; then echo "Shutting down mariaDB (${db_pid})" diff --git a/bin/ncp/NETWORKING/SSH.sh b/bin/ncp/NETWORKING/SSH.sh index 58dfcebdb..a596cd93c 100644 --- a/bin/ncp/NETWORKING/SSH.sh +++ b/bin/ncp/NETWORKING/SSH.sh @@ -17,7 +17,12 @@ install() { else echo 'PermitRootLogin prohibit-password' >> /etc/ssh/sshd_config fi - systemctl reload ssh + # On Debian 13+ SSH is socket-activated, reload via socket + if systemctl is-active ssh.socket &>/dev/null; then + systemctl restart ssh + else + systemctl reload ssh + fi } is_active() diff --git a/bin/ncp/NETWORKING/freeDNS.sh b/bin/ncp/NETWORKING/freeDNS.sh index 0a66099c7..bddbee6e7 100644 --- a/bin/ncp/NETWORKING/freeDNS.sh +++ b/bin/ncp/NETWORKING/freeDNS.sh @@ -6,11 +6,11 @@ # GPL licensed (see end of file) * Use at your own risk! # - -install() -{ - apt-get update - apt-get install --no-install-recommends -y dnsutils +install() { + wait_for_dpkg \ + && apt-get update \ + && wait_for_dpkg \ + && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y dnsutils } configure() diff --git a/bin/ncp/NETWORKING/letsencrypt.sh b/bin/ncp/NETWORKING/letsencrypt.sh index 8f66451db..db5dc3bcf 100644 --- a/bin/ncp/NETWORKING/letsencrypt.sh +++ b/bin/ncp/NETWORKING/letsencrypt.sh @@ -62,6 +62,8 @@ configure() local key_path="$(grep SSLCertificateKeyFile "${nc_vhostcfg}" | awk '{ print $2 }')" sed -i "s|SSLCertificateFile.*|SSLCertificateFile ${cert_path}|" "${ncp_vhostcfg}" sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile ${key_path}|" "${ncp_vhostcfg}" + # Disable OCSP stapling without Let's Encrypt certificate + sed -i 's/SSLUseStapling.*$/SSLUseStapling off/' /etc/apache2/conf-available/http2.conf apachectl -k graceful echo "letsencrypt certificates disabled. Using self-signed certificates instead." exit 0 @@ -134,6 +136,8 @@ EOF } done set-nc-domain "$DOMAIN" + # Enable OCSP stapling with valid Let's Encrypt certificate + sed -i 's/SSLUseStapling.*$/SSLUseStapling on/' /etc/apache2/conf-available/http2.conf apachectl -k graceful rm -rf $ncdir/.well-known diff --git a/etc/library.sh b/etc/library.sh index eb3697eef..ffe8ba5f6 100644 --- a/etc/library.sh +++ b/etc/library.sh @@ -14,7 +14,8 @@ export NCDIR=/var/www/nextcloud export ncc=/usr/local/bin/ncc export NCPCFG=${NCPCFG:-etc/ncp.cfg} export ARCH="$(dpkg --print-architecture)" -export DB_PREFIX="$(php -r 'include("/var/www/nextcloud/config/config.php"); echo $CONFIG['"'dbtableprefix'"'];' || echo 'oc_')" +# 2>/dev/null suppresses stderr-Output if PHP is not yet installed (new system) +export DB_PREFIX="$(php -r 'include("/var/www/nextcloud/config/config.php"); echo $CONFIG['"'dbtableprefix'"'];' 2>/dev/null || echo 'oc_')" [[ "${ARCH}" =~ ^(armhf|arm)$ ]] && ARCH="armv7" [[ "${ARCH}" == "arm64" ]] && ARCH=aarch64 [[ "${ARCH}" == "amd64" ]] && ARCH=x86_64 @@ -55,8 +56,10 @@ command -v jq &>/dev/null || { NCLATESTVER=$(jq -r .nextcloud_version < "$NCPCFG") PHPVER=$( jq -r .php_version < "$NCPCFG") RELEASE=$( jq -r .release < "$NCPCFG") -# the default repo in bullseye is bullseye-security -grep -Eh '^deb ' /etc/apt/sources.list | grep "${RELEASE}-security" > /dev/null && RELEASE="${RELEASE}-security" +# check also /etc/apt/sources.list.d/ in Trixie +grep -Eh '^deb ' /etc/apt/sources.list 2>/dev/null | grep "${RELEASE}-security" > /dev/null \ + || grep -Eh '^deb ' /etc/apt/sources.list.d/*.list 2>/dev/null | grep "${RELEASE}-security" > /dev/null \ + && RELEASE="${RELEASE}-security" command -v ncc &>/dev/null && NCVER="$(ncc status 2>/dev/null | grep "version:" | awk '{ print $3 }')" function configure_app() @@ -176,6 +179,8 @@ function start_notify_push() if [[ -f /.docker-image ]]; then NEXTCLOUD_URL=https://localhost sudo -E -u www-data "/var/www/nextcloud/apps/notify_push/bin/${ARCH}/notify_push" --allow-self-signed /var/www/nextcloud/config/config.php &>/dev/null & else + # load generated systemd-unit + systemctl daemon-reload systemctl enable --now notify_push fi sleep 5 # apparently we need to make sure we wait until the database is written or something @@ -600,10 +605,26 @@ function clear_password_fields() function apt_install() { + wait_for_dpkg apt-get update --allow-releaseinfo-change + wait_for_dpkg DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends -o Dpkg::Options::=--force-confdef -o Dpkg::Options::="--force-confold" "$@" } +function wait_for_dpkg() { + local tries=0 + while fuser /var/lib/dpkg/lock-frontend /var/lib/dpkg/lock >/dev/null 2>&1; do + echo "dpkg locked, waiting..." + fuser -v /var/lib/dpkg/lock-frontend /var/lib/dpkg/lock 2>/dev/null || true + sleep 2 + tries=$((tries + 1)) + if [[ $tries -ge 150 ]]; then + echo "dpkg lock timeout" + return 1 + fi + done +} + function is_docker() { [[ -f /.dockerenv ]] || [[ -f /.docker-image ]] || [[ "$DOCKERBUILD" == 1 ]] } diff --git a/etc/ncp-templates/apache2/http2.conf.sh b/etc/ncp-templates/apache2/http2.conf.sh index a286d7746..a5e595ae1 100644 --- a/etc/ncp-templates/apache2/http2.conf.sh +++ b/etc/ncp-templates/apache2/http2.conf.sh @@ -22,7 +22,7 @@ SSLCompression off SSLSessionTickets on # OCSP Stapling -SSLUseStapling on +SSLUseStapling off SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) diff --git a/etc/ncp-templates/mysql/91-ncp.cnf.sh b/etc/ncp-templates/mysql/91-ncp.cnf.sh index c65717122..9186044ed 100644 --- a/etc/ncp-templates/mysql/91-ncp.cnf.sh +++ b/etc/ncp-templates/mysql/91-ncp.cnf.sh @@ -14,9 +14,6 @@ fi cat </dev/null; then + # Unprivileged LXC: namespace operations not permitted for non-root. + # Disable ProtectSystem to prevent php-fpm failing with 226/NAMESPACE. + cat <