update

Update preparation and small fixes.
QROkes · Jun 30, 2024 · 86dbd3d · 86dbd3d
1 parent de25786
commit 86dbd3d
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 17 deletions.
diff --git a/lib/general b/lib/general
@@ -5,7 +5,7 @@
 [[ -z $TERM || $TERM == "unknown" || $TERM == "dumb" ]] && export TERM=dumb
 
 readonly app_version="1.18.3"
-readonly svr_version="1.9"
+readonly svr_version="1.10"
 readonly os_ubuntu_supported=(focal jammy noble) # https://ubuntu.com/about/release-cycle
 readonly php_supported=(7.4 8.0 8.1 8.2 8.3) # https://www.php.net/supported-versions.php
 readonly php_default="8.3"

diff --git a/lib/install b/lib/install
@@ -495,10 +495,8 @@ php_optim() {
 	sudo sed -i -r "/^[;]?memory_limit =/c\memory_limit = ${phpmem}M" /etc/php/$ver/fpm/php.ini
 	sudo sed -i -r "/^[;]?max_input_vars =/c\max_input_vars = $(check_var php-max-input-vars)" /etc/php/$ver/fpm/php.ini
 
-	# Remove this non-sense restriction in the next stack update (1.10)
-	# We can not make it default because not all conf files have this option because it was included in a minor release (1.18.2)
-	[[ -n $(conf_read php-disable-functions) && $(conf_read php-disable-functions) != "off" ]] && sudo sed -i -r "/^[;]?disable_functions =/c\disable_functions = $(check_var php-disable-functions)" /etc/php/$ver/fpm/php.ini
-	[[ -n $(conf_read php-allow-url-fopen) ]] && sudo sed -i -r "/^[;]?allow_url_fopen =/c\allow_url_fopen = $(check_var php-allow-url-fopen)" /etc/php/$ver/fpm/php.ini
+	[[ $(conf_read php-disable-functions) != "off" ]] && sudo sed -i -r "/^[;]?disable_functions =/c\disable_functions = $(check_var php-disable-functions)" /etc/php/$ver/fpm/php.ini
+	sudo sed -i -r "/^[;]?allow_url_fopen =/c\allow_url_fopen = $(check_var php-allow-url-fopen)" /etc/php/$ver/fpm/php.ini
 
 	sudo sed -i -r "/^[;]?opcache.memory_consumption=/c\opcache.memory_consumption=$(check_var php-max-mem)" /etc/php/$ver/fpm/php.ini
 	sudo sed -i -r '/^[;]?opcache.interned_strings_buffer=/c\opcache.interned_strings_buffer=16' /etc/php/$ver/fpm/php.ini
@@ -1030,6 +1028,7 @@ stack_builder() {
 		else
 			[[ -f /usr/share/keyrings/nginx-archive-keyring.gpg && ( ! -s /usr/share/keyrings/nginx-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/nginx-archive-keyring.gpg | grep -m 1 '[^[:space:]]')) ]] && sudo rm -rf /usr/share/keyrings/nginx-archive-keyring.gpg # Prevent issues!
 			[[ ! -f /usr/share/keyrings/nginx-archive-keyring.gpg ]] && wget -nv -O- https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg
+			chmod 644 /usr/share/keyrings/nginx-archive-keyring.gpg
 			if [[ $(conf_read nginx-ppa) == "mainline" ]]; then
 				echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/ubuntu/ $(lsb_release -cs) nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
 			else
@@ -1053,6 +1052,7 @@ stack_builder() {
 			[[ -f /usr/share/keyrings/php-archive-keyring.gpg && ( ! -s /usr/share/keyrings/php-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/php-archive-keyring.gpg | grep -m 1 '[^[:space:]]')) ]] && sudo rm -rf /usr/share/keyrings/php-archive-keyring.gpg # Prevent issues!
 			[[ ! -f /usr/share/keyrings/php-archive-keyring.gpg ]] && wget -nv -O- 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xB8DC7E53946656EFBCE4C1DD71DAEAAB4AD4CAB6' | sudo gpg --dearmor -o /usr/share/keyrings/php-archive-keyring.gpg
 			echo "deb [signed-by=/usr/share/keyrings/php-archive-keyring.gpg] https://ppa.launchpadcontent.net/ondrej/php/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/php.list
+			chmod 644 /usr/share/keyrings/php-archive-keyring.gpg
 		fi
 
 		api-events_update ikp
@@ -1070,6 +1070,7 @@ stack_builder() {
 			[[ -f /usr/share/keyrings/redis-archive-keyring.gpg && ( ! -s /usr/share/keyrings/redis-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/redis-archive-keyring.gpg | grep -m 1 '[^[:space:]]')) ]] && sudo rm -rf /usr/share/keyrings/redis-archive-keyring.gpg # Prevent issues!
 			[[ ! -f /usr/share/keyrings/redis-archive-keyring.gpg ]] && wget -nv -O- https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
 			echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
+			chmod 644 /usr/share/keyrings/redis-archive-keyring.gpg
 		fi
 
 		api-events_update ikr
@@ -1088,6 +1089,7 @@ stack_builder() {
 			[[ -f /usr/share/keyrings/mysql-archive-keyring.gpg && ( ! -s /usr/share/keyrings/mysql-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/mysql-archive-keyring.gpg | grep -m 1 '[^[:space:]]')) ]] && sudo rm -rf /usr/share/keyrings/mysql-archive-keyring.gpg # Prevent issues!
 			[[ ! -f /usr/share/keyrings/mysql-archive-keyring.gpg ]] && wget -nv -O- 'https://repo.mysql.com/RPM-GPG-KEY-mysql-2023' | sudo gpg --dearmor -o /usr/share/keyrings/mysql-archive-keyring.gpg
 			echo "deb [signed-by=/usr/share/keyrings/mysql-archive-keyring.gpg] http://repo.mysql.com/apt/ubuntu $(lsb_release -cs) mysql-8.0" | sudo tee /etc/apt/sources.list.d/mysql.list
+			chmod 644 /usr/share/keyrings/mysql-archive-keyring.gpg
 
 		# https://mariadb.org/download/?t=repo-config
 		elif [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then
@@ -1097,6 +1099,7 @@ stack_builder() {
 			[[ -f /usr/share/keyrings/mariadb-archive-keyring.gpg && ( ! -s /usr/share/keyrings/mariadb-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/mariadb-archive-keyring.gpg | grep -m 1 '[^[:space:]]' )) ]] && sudo rm -rf /usr/share/keyrings/mariadb-archive-keyring.gpg # Prevent issues!
 			[[ ! -f /usr/share/keyrings/mariadb-archive-keyring.gpg ]] && wget -nv -O- 'https://mariadb.org/mariadb_release_signing_key.asc' | sudo gpg --dearmor -o /usr/share/keyrings/mariadb-archive-keyring.gpg
 			echo "deb [signed-by=/usr/share/keyrings/mariadb-archive-keyring.gpg] http://mirrors.syringanetworks.net/mariadb/repo/$(conf_read mysql-ver)/ubuntu $(check_osname) main" | sudo tee /etc/apt/sources.list.d/mariadb.list
+			chmod 644 /usr/share/keyrings/mariadb-archive-keyring.gpg
 		fi
 
 		api-events_update ikm

diff --git a/lib/update b/lib/update
@@ -336,6 +336,7 @@ oneseven_to_oneight() {
 }
 
 
+# v1.18.0
 oneight_to_onenine() {
 	# Regenerate conf file
 	if [[ -f /opt/webinoly/webinoly.conf ]]; then
@@ -368,16 +369,35 @@ oneight_to_onenine() {
 }
 
 
+# v1.18.3
+onenine_to_oneten() {
+	# Regenerate conf file
+	if [[ -f /opt/webinoly/webinoly.conf ]]; then
+		mv /opt/webinoly/webinoly.conf /opt/webinoly/webinoly.conf.old
+		IFS=$'\n' # FOR loop takes whitespace as a delimiter, so IFS overwrite this.
+		for i in $(grep -E "^([a-z\-]+)\:.*$" /opt/webinoly/webinoly.conf.old)
+		do
+			conf_write $(echo $i | cut -d':' -f 1 -s) $(echo $i | cut -d':' -f 2- -s)
+		done
+	fi
+
+	# Backups to S3 not working in 24.04
+	[[ $(conf_read nginx-tool-bkp) == "true" && $(lsb_release -c | cut -d':' -f 2 | xargs) == "noble" ]] && sudo /opt/duplicity/bin/pip install boto3
+}
+
+
 # Version numbers without point
-[[ ${oldver//.} -lt 11 ]] && onezero_to_oneone
-[[ ${oldver//.} -lt 12 ]] && oneone_to_onetwo
-[[ ${oldver//.} -lt 13 ]] && onetwo_to_onethree
-[[ ${oldver//.} -lt 14 ]] && onethree_to_onefour
-[[ ${oldver//.} -lt 15 ]] && onefour_to_onefive
-[[ ${oldver//.} -lt 16 ]] && onefive_to_onesix
-[[ ${oldver//.} -lt 17 ]] && onesix_to_oneseven
-[[ ${oldver//.} -lt 18 ]] && oneseven_to_oneight
-[[ ${oldver//.} -lt 19 ]] && oneight_to_onenine
+[[ $(version $oldver) -lt $(version "1.1") ]] && onezero_to_oneone
+[[ $(version $oldver) -lt $(version "1.2") ]] && oneone_to_onetwo
+[[ $(version $oldver) -lt $(version "1.3") ]] && onetwo_to_onethree
+[[ $(version $oldver) -lt $(version "1.4") ]] && onethree_to_onefour
+[[ $(version $oldver) -lt $(version "1.5") ]] && onefour_to_onefive
+[[ $(version $oldver) -lt $(version "1.6") ]] && onefive_to_onesix
+[[ $(version $oldver) -lt $(version "1.7") ]] && onesix_to_oneseven
+[[ $(version $oldver) -lt $(version "1.8") ]] && oneseven_to_oneight
+[[ $(version $oldver) -lt $(version "1.9") ]] && oneight_to_onenine
+[[ $(version $oldver) -lt $(version "1.10") ]] && onenine_to_oneten
+
 
 # Update PIP packages!
 if [[ $(conf_read nginx-tool-bkp) == "true" && $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(jammy|focal)$ ]]; then

diff --git a/templates/general/conf b/templates/general/conf
@@ -432,14 +432,14 @@
 # Note: Use 'off' value to disable this security feature (not-recommended).
 # Note: This feature is utilized to help secure your websites and reduce your attack surface by preventing the execution of potentially risky PHP functions that could be exploited by attackers. Our default settings restrict access to specific PHP functions that aren't critical for the vast majority of websites.
 ###########################
-php-disable-functions:pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_listen,socket_create_listen,socket_read,socket_create_pair,stream_socket_server,proc_open,proc_close,proc_nice,proc_terminate,dl,link,highlight_file,show_source,diskfreespace,disk_free_space,getmyuid,popen,escapeshellcmd,symlink,shell_exec,exec,system,passthru
+#php-disable-functions:pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_listen,socket_create_listen,socket_read,socket_create_pair,stream_socket_server,proc_open,proc_close,proc_nice,proc_terminate,dl,link,highlight_file,show_source,diskfreespace,disk_free_space,getmyuid,popen,escapeshellcmd,symlink,shell_exec,exec,system,passthru
 
 
 # PHP Fopen Wrappers (allow_url_fopen)
 # Values: boolean (true/false)
 # Default: false
 # Note: Determines whether PHP can retrieve URL objects, such as files. This functionality is typically disabled for security purposes, although certain scripts may require it to work correctly.
-php-allow-url-fopen:false
+#php-allow-url-fopen:false
 
 
 # Redis maximum amount of memory before eviction policies

diff --git a/weby b/weby
@@ -216,7 +216,7 @@ fi
 
 
 # Update stack!
-[[ -n $oldver && ${newver//.} -gt ${oldver//.} ]] && source /opt/webinoly/lib/update
+[[ -n $oldver && $(version $newver) -gt $(version $oldver) ]] && source /opt/webinoly/lib/update
 [[ -f /usr/bin/duply && -f /opt/webinoly/templates/general/duply ]] && sudo cp /opt/webinoly/templates/general/duply /usr/bin/ && sudo chmod 755 /usr/bin/duply
 
 # Stack installation