Commit 55e85078 authored by Jon Pugh's avatar Jon Pugh

Merge branch '2960237-sync-alter' into 3016995-file-path-properties

parents 7faa6e9f 6bed7757
...@@ -65,6 +65,7 @@ build:deb: ...@@ -65,6 +65,7 @@ build:deb:
test:debian-jessie-aegir3-apt: test:debian-jessie-aegir3-apt:
stage: test stage: test
image: debian:jessie image: debian:jessie
allow_failure: true
dependencies: dependencies:
- build:deb - build:deb
only: only:
...@@ -88,6 +89,11 @@ test:debian-stretch-aegir3-apt: ...@@ -88,6 +89,11 @@ test:debian-stretch-aegir3-apt:
dependencies: dependencies:
- build:deb - build:deb
only:
- 7.x-3.x
- /^7\.x-3\.\d+\.x/
- /-runalltests$/
before_script: before_script:
- apt-get update - apt-get update
# Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start. # Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start.
...@@ -97,17 +103,13 @@ test:debian-stretch-aegir3-apt: ...@@ -97,17 +103,13 @@ test:debian-stretch-aegir3-apt:
script: "scripts/ci-aegir-dev-install-apt-debian9.sh" script: "scripts/ci-aegir-dev-install-apt-debian9.sh"
test:ubuntu-xenial-aegir3-apt: test:debian-buster-aegir3-apt:
stage: test stage: test
image: ubuntu:xenial image: debian:buster
allow_failure: false
dependencies: dependencies:
- build:deb - build:deb
only:
- 7.x-3.x
- /^7\.x-3\.\d+\.x/
- /-runalltests$/
before_script: before_script:
- apt-get update - apt-get update
# Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start. # Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start.
...@@ -115,11 +117,11 @@ test:ubuntu-xenial-aegir3-apt: ...@@ -115,11 +117,11 @@ test:ubuntu-xenial-aegir3-apt:
- echo "exit 0" >> /usr/sbin/policy-rc.d - echo "exit 0" >> /usr/sbin/policy-rc.d
- apt-get install --yes sudo curl - apt-get install --yes sudo curl
script: "scripts/ci-aegir-dev-install-apt-ubuntu-xenial.sh" script: "scripts/ci-aegir-dev-install-apt-debian10.sh"
test:ubuntu-artful-aegir3-apt: test:ubuntu-xenial-aegir3-apt:
stage: test stage: test
image: ubuntu:artful image: ubuntu:xenial
dependencies: dependencies:
- build:deb - build:deb
...@@ -135,8 +137,7 @@ test:ubuntu-artful-aegir3-apt: ...@@ -135,8 +137,7 @@ test:ubuntu-artful-aegir3-apt:
- echo "exit 0" >> /usr/sbin/policy-rc.d - echo "exit 0" >> /usr/sbin/policy-rc.d
- apt-get install --yes sudo curl - apt-get install --yes sudo curl
script: "scripts/ci-aegir-dev-install-apt-ubuntu-artful.sh" script: "scripts/ci-aegir-dev-install-apt-ubuntu-xenial.sh"
test:ubuntu-bionic-aegir3-apt: test:ubuntu-bionic-aegir3-apt:
stage: test stage: test
...@@ -252,9 +253,9 @@ publish:unstable-repo: ...@@ -252,9 +253,9 @@ publish:unstable-repo:
# #
# Upgrade the latest stable Aegir to our unstable repo. # Upgrade the latest stable Aegir to our unstable repo.
upgradetest:debian-jessie-aegir3-apt-upgrade: upgradetest:debian-stretch-aegir3-apt-upgrade:
stage: upgradetest stage: upgradetest
image: debian:jessie image: debian:stretch
dependencies: dependencies:
- publish:unstable-repo - publish:unstable-repo
...@@ -271,7 +272,7 @@ upgradetest:debian-jessie-aegir3-apt-upgrade: ...@@ -271,7 +272,7 @@ upgradetest:debian-jessie-aegir3-apt-upgrade:
- apt-get install --yes sudo curl cron - apt-get install --yes sudo curl cron
script: script:
- "scripts/ci-aegir-stable-install-apt-debian8.sh" - "scripts/ci-aegir-stable-install-apt-debian9.sh"
# extra step to run the task queue. # extra step to run the task queue.
- sudo su aegir --login --command 'drush @hostmaster php-eval "echo hosting_task_count();"' - sudo su aegir --login --command 'drush @hostmaster php-eval "echo hosting_task_count();"'
- sudo su aegir --login --command 'drush @hostmaster hosting-tasks --force' - sudo su aegir --login --command 'drush @hostmaster hosting-tasks --force'
...@@ -283,6 +284,6 @@ upgradetest:debian-jessie-aegir3-apt-upgrade: ...@@ -283,6 +284,6 @@ upgradetest:debian-jessie-aegir3-apt-upgrade:
- sudo su aegir --login --command 'drush @hostmaster php-eval "echo hosting_task_count_running();"' - sudo su aegir --login --command 'drush @hostmaster php-eval "echo hosting_task_count_running();"'
# upgrade to the latest version from the unstable repo. # upgrade to the latest version from the unstable repo.
- rm -v /etc/apt/sources.list.d/aegir-stable.list - rm -v /etc/apt/sources.list.d/aegir-stable.list
- echo "deb http://debian.aegirproject.org unstable main" | sudo tee -a /etc/apt/sources.list.d/aegir-unstable.list - echo "deb [signed-by=/usr/share/keyrings/aegir-archive-keyring.gpg] http://debian.aegirproject.org unstable main" | sudo tee -a /etc/apt/sources.list.d/aegir-unstable.list
- sudo apt-get update - sudo apt-get update
- sudo apt-get --yes dist-upgrade - sudo apt-get --yes dist-upgrade
<?php
/**
* @file
* Provides the Provision_Config_Drupal_Services class.
*/
class Provision_Config_Drupal_Services extends Provision_Config {
public $template = 'aegir.services.tpl.php';
public $description = 'Drupal aegir.services.yml file';
protected $mode = 0440;
function filename() {
return $this->site_path . '/aegir.services.yml';
}
function process() {
$this->version = provision_version();
$this->cookie_domain = $this->getCookieDomain();
$this->group = $this->platform->server->web_group;
}
/**
* Extract our cookie domain from the URI.
*/
protected function getCookieDomain() {
$uri = explode('.', $this->uri);
# Leave base domain; only strip out subdomains.
if (count($uri) > 2) {
$uri[0] = '';
}
return implode('.', $uri);
}
}
---
# This file was automatically generated by Aegir <?php print $this->version; ?>
# on <?php print date('r'); ?>.
parameters:
session.storage.options:
cookie_domain: '<?php print $this->cookie_domain; ?>'
...@@ -126,7 +126,6 @@ if (isset($_SERVER['db_name'])) { ...@@ -126,7 +126,6 @@ if (isset($_SERVER['db_name'])) {
ini_set('session.cache_limiter', 'none'); ini_set('session.cache_limiter', 'none');
ini_set('session.cookie_lifetime', 0); ini_set('session.cookie_lifetime', 0);
ini_set('session.gc_maxlifetime', 200000); ini_set('session.gc_maxlifetime', 200000);
ini_set('session.save_handler', 'user');
ini_set('session.use_only_cookies', 1); ini_set('session.use_only_cookies', 1);
ini_set('session.use_trans_sid', 0); ini_set('session.use_trans_sid', 0);
ini_set('url_rewriter.tags', ''); ini_set('url_rewriter.tags', '');
......
...@@ -157,6 +157,11 @@ if (isset($_SERVER['db_name'])) { ...@@ -157,6 +157,11 @@ if (isset($_SERVER['db_name'])) {
<?php endif; ?> <?php endif; ?>
<?php endif; ?> <?php endif; ?>
/**
* Set the Syslog identity to the site name so it's not always "drupal".
*/
$conf['syslog_identity'] = '<?php print $this->uri ?>';
<?php print $extra_config; ?> <?php print $extra_config; ?>
# Additional host wide configuration settings. Useful for safely specifying configuration settings. # Additional host wide configuration settings. Useful for safely specifying configuration settings.
......
...@@ -23,6 +23,7 @@ print '<?php' ?> ...@@ -23,6 +23,7 @@ print '<?php' ?>
*/ */
if (isset($_SERVER['SITE_SUBDIR']) && isset($_SERVER['RAW_HOST'])) { if (isset($_SERVER['SITE_SUBDIR']) && isset($_SERVER['RAW_HOST'])) {
$base_url = 'http://' . $_SERVER['RAW_HOST'] . '/' . $_SERVER['SITE_SUBDIR']; $base_url = 'http://' . $_SERVER['RAW_HOST'] . '/' . $_SERVER['SITE_SUBDIR'];
ini_set('session.cookie_path', '/' . $_SERVER['SITE_SUBDIR'] . '/');
} }
<?php endif; ?> <?php endif; ?>
...@@ -110,9 +111,6 @@ if (isset($_SERVER['db_name'])) { ...@@ -110,9 +111,6 @@ if (isset($_SERVER['db_name'])) {
<?php endif; ?> <?php endif; ?>
$profile = "<?php print $this->profile ?>";
$install_profile = "<?php print $this->profile ?>";
/** /**
* PHP settings: * PHP settings:
* *
...@@ -133,7 +131,6 @@ if (isset($_SERVER['db_name'])) { ...@@ -133,7 +131,6 @@ if (isset($_SERVER['db_name'])) {
*/ */
umask(0002); umask(0002);
$settings['install_profile'] = '<?php print $this->profile ?>';
$settings['file_public_path'] = '<?php print $this->file_public_path ?>'; $settings['file_public_path'] = '<?php print $this->file_public_path ?>';
$settings['file_private_path'] = '<?php print $this->file_private_path ?>'; $settings['file_private_path'] = '<?php print $this->file_private_path ?>';
$config['system.file']['path']['temporary'] = '<?php print $this->file_temporary_path ?>'; $config['system.file']['path']['temporary'] = '<?php print $this->file_temporary_path ?>';
...@@ -163,6 +160,7 @@ if (isset($_SERVER['db_name'])) { ...@@ -163,6 +160,7 @@ if (isset($_SERVER['db_name'])) {
/** /**
* Load services definition file. * Load services definition file.
*/ */
$settings['container_yamls'][] = __DIR__ . '/aegir.services.yml';
$settings['container_yamls'][] = __DIR__ . '/services.yml'; $settings['container_yamls'][] = __DIR__ . '/services.yml';
/** /**
...@@ -182,6 +180,11 @@ if (isset($_SERVER['db_name'])) { ...@@ -182,6 +180,11 @@ if (isset($_SERVER['db_name'])) {
'\.local$', '\.local$',
); );
/**
* Set the Syslog identity to the site name so it's not always "drupal".
*/
$config['syslog.settings']['identity'] = '<?php print $this->uri ?>';
<?php print $extra_config; ?> <?php print $extra_config; ?>
# Additional host wide configuration settings. Useful for safely specifying configuration settings. # Additional host wide configuration settings. Useful for safely specifying configuration settings.
......
...@@ -19,10 +19,10 @@ class Provision_Config_Drushrc_Alias extends Provision_Config_Drushrc { ...@@ -19,10 +19,10 @@ class Provision_Config_Drushrc_Alias extends Provision_Config_Drushrc {
function __construct($context, $data = array()) { function __construct($context, $data = array()) {
parent::__construct($context, $data); parent::__construct($context, $data);
if (is_array($data['aliases'])) { if (isset($data['aliases']) && is_array($data['aliases'])) {
$data['aliases'] = array_unique($data['aliases']); $data['aliases'] = array_unique($data['aliases']);
} }
if (is_array($data['drush_aliases'])) { if (isset($data['drush_aliases']) && is_array($data['drush_aliases'])) {
$data['drush_aliases'] = array_unique($data['drush_aliases']); $data['drush_aliases'] = array_unique($data['drush_aliases']);
} }
......
...@@ -3,17 +3,10 @@ api = 2 ...@@ -3,17 +3,10 @@ api = 2
; This makefile fetches the latest release of Drupal from Drupal.org. ; This makefile fetches the latest release of Drupal from Drupal.org.
projects[drupal][type] = "core" projects[drupal][type] = "core"
projects[drupal][version] = 7.60
; Sync manually with drupal-org-core.make in the hostmaster repo. ; Pin a core version, only as long as we have a core patch below.
; Sync manually with drupal-org-core.make in the hostmaster repository.
; Sync manually with drupal-org-core.make in the hostmaster repo. ;projects[drupal][version] = 7.61
; Function each() is deprecated since PHP 7.2; https://www.drupal.org/project/drupal/issues/2925449
projects[drupal][patch][2925449] = "https://www.drupal.org/files/issues/2018-04-08/deprecated_each2925449-106.patch"
; [PHP 7.2] Avoid count() calls on uncountable variables; https://www.drupal.org/project/drupal/issues/2885610
projects[drupal][patch][2885610] = "https://www.drupal.org/files/issues/2018-04-21/drupal-7-count-function-deprecation-fixes-2885610-19.patch"
; The release.sh script updates the version of hostmaster. ; The release.sh script updates the version of hostmaster.
projects[hostmaster][type] = "profile" projects[hostmaster][type] = "profile"
......
...@@ -33,6 +33,9 @@ case "$1" in ...@@ -33,6 +33,9 @@ case "$1" in
# this obviously doesn't work for git releases # this obviously doesn't work for git releases
VERSION=`sed -n '/^version/{s/^.*= *//;p}' /usr/share/drush/commands/provision/provision.info` VERSION=`sed -n '/^version/{s/^.*= *//;p}' /usr/share/drush/commands/provision/provision.info`
# TODO: lookup? composer installs?
DRUSH_PATH="/usr/local/bin/drush"
FLAGS="--yes" FLAGS="--yes"
if [ "$DPKG_DEBUG" = "developer" ]; then if [ "$DPKG_DEBUG" = "developer" ]; then
FLAGS="$FLAGS --debug" FLAGS="$FLAGS --debug"
...@@ -68,10 +71,10 @@ case "$1" in ...@@ -68,10 +71,10 @@ case "$1" in
chown aegir:aegir "$AEGIRHOME" "$AEGIRHOME/config" "$AEGIRHOME/config/$WEBSERVER.conf" chown aegir:aegir "$AEGIRHOME" "$AEGIRHOME/config" "$AEGIRHOME/config/$WEBSERVER.conf"
# flush the drush cache to find new commands # flush the drush cache to find new commands
su -s /bin/sh aegir -c 'drush cache-clear drush' su -s /bin/sh aegir -c "$DRUSH_PATH cache-clear drush"
site_uri=`su -s /bin/sh aegir -c 'drush @hostmaster status --fields="uri" --field-labels=0 2>/dev/null | tr "\n" " " | sed -e "s/^[[:space:]]*//g" -e "s/[[:space:]]*\$//g"'` site_uri=`su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster status --fields='uri' --field-labels=0 2>/dev/null | tr '\n' ' ' | sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*\$//g'"`
drupal_root=`su -s /bin/sh aegir -c 'drush @hostmaster status --fields="root" --field-labels=0 2>/dev/null | tr "\n" " " | sed -e "s/^[[:space:]]*//g" -e "s/[[:space:]]*\$//g"'` drupal_root=`su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster status --fields='root' --field-labels=0 2>/dev/null | tr '\n' ' ' | sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*\$//g'"`
if [ -d "$drupal_root" ]; then if [ -d "$drupal_root" ]; then
# upgrade # upgrade
...@@ -95,14 +98,14 @@ case "$1" in ...@@ -95,14 +98,14 @@ case "$1" in
echo "it seems to be the same version as the one we're trying to install, not upgrading" echo "it seems to be the same version as the one we're trying to install, not upgrading"
else else
echo "upgrading the frontend from $drupal_root to $NEW_PLATFORM" echo "upgrading the frontend from $drupal_root to $NEW_PLATFORM"
if su -s /bin/sh aegir -c 'drush @hostmaster pm-list --status=enabled --pipe' | grep -q hosting_queued; then if su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster pm-list --status=enabled --pipe" | grep -q hosting_queued; then
service hosting-queued stop service hosting-queued stop
fi fi
cd "$drupal_root" cd "$drupal_root"
su -s /bin/sh aegir -c "drush hostmaster-migrate $FLAGS '$site_uri' '$NEW_PLATFORM'" su -s /bin/sh aegir -c "$DRUSH_PATH hostmaster-migrate $FLAGS '$site_uri' '$NEW_PLATFORM'"
echo "upgrade finished, old platform left in $drupal_root" echo "upgrade finished, old platform left in $drupal_root"
# restart daemon if enabled # restart daemon if enabled
if su -s /bin/sh aegir -c 'drush @hostmaster pm-list --status=enabled --pipe' | grep -q hosting_queued; then if su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster pm-list --status=enabled --pipe" | grep -q hosting_queued; then
service hosting-queued start service hosting-queued start
fi fi
fi fi
...@@ -173,7 +176,7 @@ case "$1" in ...@@ -173,7 +176,7 @@ case "$1" in
fi fi
# pass data through JSON for extra security # pass data through JSON for extra security
su -s /bin/sh aegir -c "cd $AEGIRHOME && drush hostmaster-install $FLAGS --backend $site_uri 2>&1 | drush backend-parse $DEBUG" <<EOF su -s /bin/sh aegir -c "cd $AEGIRHOME && $DRUSH_PATH hostmaster-install $FLAGS --backend $site_uri 2>&1 | $DRUSH_PATH backend-parse $DEBUG" <<EOF
{ "yes": 1, { "yes": 1,
"version": "$VERSION", "version": "$VERSION",
"aegir_db_host": "$AEGIR_DB_HOST", "aegir_db_host": "$AEGIR_DB_HOST",
...@@ -183,11 +186,11 @@ case "$1" in ...@@ -183,11 +186,11 @@ case "$1" in
} }
EOF EOF
# flush the drush cache to find new commands # flush the drush cache to find new commands
su -s /bin/sh aegir -c 'drush cache-clear drush' su -s /bin/sh aegir -c "$DRUSH_PATH cache-clear drush"
# on new installs, we default to having the daemon enabled # on new installs, we default to having the daemon enabled
echo 'Enabling hosting-queued daemon' echo 'Enabling hosting-queued daemon'
su -s /bin/sh aegir -c 'drush @hostmaster pm-enable -y hosting_queued' su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster pm-enable -y hosting_queued"
service hosting-queued start service hosting-queued start
if [ -f /bin/systemctl ]; then if [ -f /bin/systemctl ]; then
# There must be a better way, but we're trying to stay compatible with Debian Wheezy and Jessie. # There must be a better way, but we're trying to stay compatible with Debian Wheezy and Jessie.
...@@ -215,10 +218,10 @@ EOF ...@@ -215,10 +218,10 @@ EOF
esac esac
# this will ensure that this script aborts if the site can't be bootstrapped # this will ensure that this script aborts if the site can't be bootstrapped
if su -s /bin/sh aegir -c 'drush @hostmaster status' 2>&1 | grep -q 'Drupal bootstrap.*Successful'; then if su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster status" 2>&1 | grep -q 'Drupal bootstrap.*Successful'; then
echo 'Aegir frontend bootstrap correctly, operation was a success!' echo 'Aegir frontend bootstrap correctly, operation was a success!'
echo 'Use this URL to login on your new site:' echo 'Use this URL to login on your new site:'
su -s /bin/sh aegir -c 'drush @hostmaster uli' su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster uli"
else else
echo 'Aegir frontend failed to bootstrap, something went wrong!' echo 'Aegir frontend failed to bootstrap, something went wrong!'
echo 'Look at the log above for clues or run with DPKG_DEBUG=developer' echo 'Look at the log above for clues or run with DPKG_DEBUG=developer'
......
aegir3-provision (3.180) unstable; urgency=medium
* Bugfixes and UI improvements, see http://aegir.readthedocs.org/en/3.x/release-notes/3.18
* Include Drupal 7.67
-- Colan Schwartz <13228-colan@users.noreply.gitlab.com> Thu, 27 Jun 2019 15:27:28 -0400
aegir3-provision (3.174) testing; urgency=medium
* Update to Hostmaster 7.x-3.174
* Include an updated ctools, views, module_filter
* Include a new Golden Contrib module: Hosting Deploy
-- Herman van Rink <helmo@initfour.nl> Thu, 04 Apr 2019 15:48:32 +0200
aegir3-provision (3.173) testing; urgency=medium
* Update to Hostmaster 7.x-3.173 & Drupal 7.63.
-- Jon Pugh <jon@thinkdrop.net> Fri, 18 Jan 2019 14:37:21 -0500
aegir3-provision (3.172) testing; urgency=medium
* Fix regression in legacy hosting_ssl: the logic for determining a certificate wasn't good, in the legacy module. #3020747
-- Jon Pugh <jon@thinkdrop.net> Wed, 09 Jan 2019 10:50:08 -0500
aegir3-provision (3.171) testing; urgency=medium
* Fix regression in hosting_https, #3020747
-- Herman van Rink <helmo@initfour.nl> Sat, 22 Dec 2018 20:22:16 +0100
aegir3-provision (3.170) unstable; urgency=high
* Bugfixes and UI improvements, see http://aegir.readthedocs.org/en/3.x/release-notes/3.17
* Fixes a number of security issues.
* Include Drupal 7.61
-- Herman van Rink <helmo@initfour.nl> Wed, 19 Dec 2018 16:50:53 +0100
aegir3-provision (3.161) testing; urgency=medium aegir3-provision (3.161) testing; urgency=medium
* Minor bugfix release * Minor bugfix release
......
...@@ -11,7 +11,7 @@ Vcs-browser: http://drupalcode.org/project/provision.git ...@@ -11,7 +11,7 @@ Vcs-browser: http://drupalcode.org/project/provision.git
Package: aegir3-provision Package: aegir3-provision
Architecture: all Architecture: all
Depends: ${misc:Depends}, php5-cli (>= 5.3) | php7.0-cli | php7.1-cli | php7.2-cli, php5 | php7.0-xml | php7.1-xml | php7.2-xml, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql, mysql-client | mariadb-client, sudo, postfix | mail-transport-agent, apache2 | nginx, adduser, ucf, curl Depends: ${misc:Depends}, php5-cli (>= 5.3) | php7.0-cli | php7.1-cli | php7.2-cli | php-cli, php5 | php7.0-xml | php7.1-xml | php7.2-xml | php-xml, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql | php-mysql, mysql-client | mariadb-client, sudo, postfix | mail-transport-agent, apache2 | nginx, adduser, ucf, curl
Recommends: mysql-server | mariadb-server, rsync, composer Recommends: mysql-server | mariadb-server, rsync, composer
Conflicts: aegir-provision, aegir-provision2, aegir2-provision Conflicts: aegir-provision, aegir-provision2, aegir2-provision
Replaces: aegir-provision, aegir-provision2, aegir2-provision Replaces: aegir-provision, aegir-provision2, aegir2-provision
...@@ -30,8 +30,8 @@ Description: mass Drupal hosting system - backend ...@@ -30,8 +30,8 @@ Description: mass Drupal hosting system - backend
Package: aegir3-hostmaster Package: aegir3-hostmaster
Architecture: all Architecture: all
Depends: ${misc:Depends}, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql, php5-gd | php7.0-gd | php7.1-gd | php7.2-gd, apache2 | nginx, libapache2-mod-php5 | libapache2-mod-php7.0 | libapache2-mod-php7.1 | libapache2-mod-php7.2 | php5-fpm | php7.0-fpm | php7.1-fpm | php7.2-fpm,, aegir3-provision (>= ${source:Version}), git-core, unzip, lsb-base (>= 3.0-6) Depends: ${misc:Depends}, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql | php-mysql, php5-gd | php7.0-gd | php7.1-gd | php7.2-gd | php-gd, apache2 | nginx, libapache2-mod-php5 | libapache2-mod-php7.0 | libapache2-mod-php7.1 | libapache2-mod-php7.2 | libapache2-mod-php | php5-fpm | php7.0-fpm | php7.1-fpm | php7.2-fpm | php-fpm, aegir3-provision (>= ${source:Version}), git-core, unzip, lsb-base (>= 3.0-6)
Recommends: php5 | php7.0 | php7.1 | php7.2 Recommends: php5 | php7.0 | php7.1 | php7.2 | php
Conflicts: aegir-hostmaster, aegir-hostmaster2, aegir2-hostmaster Conflicts: aegir-hostmaster, aegir-hostmaster2, aegir2-hostmaster
Replaces: aegir-hostmaster, aegir-hostmaster2, aegir2-hostmaster Replaces: aegir-hostmaster, aegir-hostmaster2, aegir2-hostmaster
Description: mass Drupal hosting system - frontend Description: mass Drupal hosting system - frontend
...@@ -69,8 +69,8 @@ Description: mass Drupal hosting system ...@@ -69,8 +69,8 @@ Description: mass Drupal hosting system
Package: aegir3-cluster-slave Package: aegir3-cluster-slave
Architecture: all Architecture: all
Depends: ${misc:Depends}, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql, sudo, apache2, adduser, ucf, libapache2-mod-php5 | libapache2-mod-php7.0 | libapache2-mod-php7.1, libapache2-mod-php7.2, rsync, nfs-client, mysql-client Depends: ${misc:Depends}, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql | php-mysql, sudo, apache2, adduser, ucf, libapache2-mod-php5 | libapache2-mod-php7.0 | libapache2-mod-php7.1 | libapache2-mod-php7.2 | libapache2-mod-php, rsync, nfs-client, mysql-client, aegir3-provision
Recommends: php5-gd | php7.0-gd | php7.1-gd | php7.2-gd, php5 | php7.0 | php7.1 | php7.2 Recommends: php5-gd | php7.0-gd | php7.1-gd | php7.2-gd, php5 | php7.0 | php7.1 | php7.2 | php
Conflicts: aegir-cluster-slave, aegir-cluster-slave2, aegir2-cluster-slave, aegir3 Conflicts: aegir-cluster-slave, aegir-cluster-slave2, aegir2-cluster-slave, aegir3
Replaces: aegir-cluster-slave, aegir-cluster-slave2, aegir2-cluster-slave Replaces: aegir-cluster-slave, aegir-cluster-slave2, aegir2-cluster-slave
Description: mass Drupal hosting system - slave backend Description: mass Drupal hosting system - slave backend
......
<?php if ($this->ssl_enabled && $this->ssl_key) : ?> <?php if ($this->ssl_enabled && $this->ssl_key && $this->ssl_cert_ok) : ?>
<VirtualHost <?php print "{$ip_address}:{$http_ssl_port}"; ?>> <VirtualHost <?php print "{$ip_address}:{$http_ssl_port}"; ?>>
<?php if ($this->site_mail) : ?> <?php if ($this->site_mail) : ?>
...@@ -82,7 +82,7 @@ if ($this->redirection) { ...@@ -82,7 +82,7 @@ if ($this->redirection) {
# Prevent direct reading of files in the private dir. # Prevent direct reading of files in the private dir.
# This is for Drupal7 compatibility, which would normally drop # This is for Drupal7 compatibility, which would normally drop
# a .htaccess in those directories, but we explicitly ignore those # a .htaccess in those directories, but we explicitly ignore those
<Directory "<?php print $this->site_path; ?>/private/" > <Directory ~ "sites/.*/private">
<Files *> <Files *>
SetHandler This_is_a_Drupal_security_line_do_not_remove SetHandler This_is_a_Drupal_security_line_do_not_remove
</Files> </Files>
......
<Directory <?php print $this->root; ?>> <Directory <?php print $this->root; ?>>
Order allow,deny Order allow,deny
Allow from all Allow from all
Satisfy any Satisfy All
Require all granted Require all granted
<?php print $extra_config; ?> <?php print $extra_config; ?>
......
...@@ -39,7 +39,7 @@ Alias /<?php print $subdir; ?> <?php print $this->root; ?> ...@@ -39,7 +39,7 @@ Alias /<?php print $subdir; ?> <?php print $this->root; ?>
# Prevent direct reading of files in the private dir. # Prevent direct reading of files in the private dir.
# This is for Drupal7 compatibility, which would normally drop # This is for Drupal7 compatibility, which would normally drop
# a .htaccess in those directories, but we explicitly ignore those # a .htaccess in those directories, but we explicitly ignore those
<Directory "<?php print $this->site_path; ?>/private/" > <Directory ~ "sites/.*/private">
SetHandler This_is_a_Drupal_security_line_do_not_remove SetHandler This_is_a_Drupal_security_line_do_not_remove
Deny from all Deny from all
Options None Options None
......
...@@ -83,7 +83,7 @@ if ($this->redirection || $ssl_redirection) { ...@@ -83,7 +83,7 @@ if ($this->redirection || $ssl_redirection) {
# Prevent direct reading of files in the private dir. # Prevent direct reading of files in the private dir.
# This is for Drupal7 compatibility, which would normally drop # This is for Drupal7 compatibility, which would normally drop
# a .htaccess in those directories, but we explicitly ignore those # a .htaccess in those directories, but we explicitly ignore those
<Directory "<?php print $this->site_path; ?>/private/" > <Directory ~ "sites/.*/private">
<Files *> <Files *>
SetHandler This_is_a_Drupal_security_line_do_not_remove SetHandler This_is_a_Drupal_security_line_do_not_remove
</Files> </Files>
......
...@@ -9,12 +9,11 @@ ...@@ -9,12 +9,11 @@
class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site { class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site {
public $template = 'vhost_ssl.tpl.php'; public $template = 'vhost_ssl.tpl.php';
public $disabled_template = 'vhost_ssl_disabled.tpl.php'; public $disabled_template = 'vhost_ssl_disabled.tpl.php';
public $ssl_cert_ok = TRUE;
public $description = 'encrypted virtual host configuration'; public $description = 'encrypted virtual host configuration';
function write() { function write() {
parent::write();
if ($this->ssl_enabled && $this->ssl_key) { if ($this->ssl_enabled && $this->ssl_key) {
$path = dirname($this->data['ssl_cert']); $path = dirname($this->data['ssl_cert']);
// Make sure the ssl.d directory in the server ssl.d exists. // Make sure the ssl.d directory in the server ssl.d exists.
...@@ -28,28 +27,39 @@ class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site { ...@@ -28,28 +27,39 @@ class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site {
// XXX: test. data structure may not be sound. try d($this->uri) // XXX: test. data structure may not be sound. try d($this->uri)
// if $this fails // if $this fails
Provision_Service_http_ssl::assign_certificate_site($this->ssl_key, $this); Provision_Service_http_ssl::assign_certificate_site($this->ssl_key, $this);
// Copy the certificates to the server's ssl.d directory. // Copy the certificates to the server's ssl.d directory.
provision_file()->copy( if (!provision_file()->copy($this->data['ssl_cert_source'], $this->data['ssl_cert'])->status()) {
$this->data['ssl_cert_source'], drush_set_error('SSL_CERT_COPY_FAIL', dt('failed to copy SSL certificate in place'));
$this->data['ssl_cert']) $this->ssl_cert_ok = FALSE;
|| drush_set_error('SSL_CERT_COPY_FAIL', dt('failed to copy SSL certificate in place')); }
provision_file()->copy( if (!provision_file()->copy($this->data['ssl_cert_key_source'], $this->data['ssl_cert_key'])->status()) {
$this->data['ssl_cert_key_source'], drush_set_error('SSL_KEY_COPY_FAIL', dt('failed to copy SSL key in place'));
$this->data['ssl_cert_key']) $this->ssl_cert_ok = FALSE;
|| drush_set_error('SSL_KEY_COPY_FAIL', dt('failed to copy SSL key in place')); }
// Copy the chain certificate, if it is set. // Copy the chain certificate, if it is set.
if (!empty($this->data['ssl_chain_cert_source'])) { if (!empty($this->data['ssl_chain_cert_source'])) {
provision_file()->copy( if (!provision_file()->copy($this->data['ssl_chain_cert_source'], $this->data['ssl_chain_cert'])->status()) {
$this->data['ssl_chain_cert_source'], drush_set_error('SSL_CHAIN_COPY_FAIL', dt('failed to copy SSL certficate chain in place'));
$this->data['ssl_chain_cert']) $this->ssl_cert_ok = FALSE;
|| drush_set_error('SSL_CHAIN_COPY_FAIL', dt('failed to copy SSL certficate chain in place')); }
} }
// If cert is not ok, turn off ssl_redirection.
if ($this->ssl_cert_ok == FALSE) {
$this->data['ssl_redirection'] = FALSE;
drush_log(dt('SSL Certificate preparation failed. SSL has been disabled for this site.'), 'warning');
}
// Sync the key directory to the remote server. // Sync the key directory to the remote server.
$this->data['server']->sync($path, array( $this->data['server']->sync($path, array(
'exclude' => "{$path}/*.receipt", // Don't need to synch the receipts 'exclude' => "{$path}/*.receipt", // Don't need to synch the receipts
)); ));
} }
// Call parent's write AFTER ensuring the certificates are in place to prevent
// the vhost from referencing missing files.
parent::write();
} }
/** /**
......
This diff is collapsed.
...@@ -264,6 +264,11 @@ function drush_provision_hostmaster_install($site = NULL) { ...@@ -264,6 +264,11 @@ function drush_provision_hostmaster_install($site = NULL) {
'client_email' => drush_get_option('client_email'), 'client_email' => drush_get_option('client_email'),
'profile' => $profile, 'profile' => $profile,
'drush_aliases' => 'hm', 'drush_aliases' => 'hm',
'command-specific' => array (
'pm-download' => array (
'use-site-dir' => 1,
),
),
)); ));
drush_log('Starting with the hostmaster frontend installation.', 'notice'); drush_log('Starting with the hostmaster frontend installation.', 'notice');
......
...@@ -146,6 +146,11 @@ We are making the following assumptions: ...@@ -146,6 +146,11 @@ We are making the following assumptions:
'uri' => $site, 'uri' => $site,
'profile' => 'hostmaster', 'profile' => 'hostmaster',
'drush_aliases' => 'hm', 'drush_aliases' => 'hm',
'command-specific' => array (
'pm-download' => array (
'use-site-dir' => 1,
),
),
)); ));
provision_backend_invoke($site_name, 'provision-verify'); provision_backend_invoke($site_name, 'provision-verify');
drush_set_option('site_name', $site_name); drush_set_option('site_name', $site_name);
......
...@@ -48,8 +48,12 @@ function drush_provision_drupal_provision_delete() { ...@@ -48,8 +48,12 @@ function drush_provision_drupal_provision_delete() {
drush_set_error(dt('Existing sites were found on this platform. These sites will need to be deleted before this platform can be deleted.')); drush_set_error(dt('Existing sites were found on this platform. These sites will need to be deleted before this platform can be deleted.'));
} }
else { else {
drush_invoke_process('@none', 'provision-save', array(d()->name), array('delete' => TRUE));