Commit e3c27ccc authored by Jon Pugh's avatar Jon Pugh

Merge branch '7.x-3.x' into 2995091-hostmaster-dl-destination

parents 1d8ce20c 074ee278
......@@ -65,6 +65,7 @@ build:deb:
test:debian-jessie-aegir3-apt:
stage: test
image: debian:jessie
allow_failure: true
dependencies:
- build:deb
only:
......@@ -88,6 +89,11 @@ test:debian-stretch-aegir3-apt:
dependencies:
- build:deb
only:
- 7.x-3.x
- /^7\.x-3\.\d+\.x/
- /-runalltests$/
before_script:
- apt-get update
# Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start.
......@@ -97,17 +103,13 @@ test:debian-stretch-aegir3-apt:
script: "scripts/ci-aegir-dev-install-apt-debian9.sh"
test:ubuntu-xenial-aegir3-apt:
test:debian-buster-aegir3-apt:
stage: test
image: ubuntu:xenial
image: debian:buster
allow_failure: false
dependencies:
- build:deb
only:
- 7.x-3.x
- /^7\.x-3\.\d+\.x/
- /-runalltests$/
before_script:
- apt-get update
# Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start.
......@@ -115,11 +117,11 @@ test:ubuntu-xenial-aegir3-apt:
- echo "exit 0" >> /usr/sbin/policy-rc.d
- apt-get install --yes sudo curl
script: "scripts/ci-aegir-dev-install-apt-ubuntu-xenial.sh"
script: "scripts/ci-aegir-dev-install-apt-debian10.sh"
test:ubuntu-artful-aegir3-apt:
test:ubuntu-xenial-aegir3-apt:
stage: test
image: ubuntu:artful
image: ubuntu:xenial
dependencies:
- build:deb
......@@ -135,8 +137,7 @@ test:ubuntu-artful-aegir3-apt:
- echo "exit 0" >> /usr/sbin/policy-rc.d
- apt-get install --yes sudo curl
script: "scripts/ci-aegir-dev-install-apt-ubuntu-artful.sh"
script: "scripts/ci-aegir-dev-install-apt-ubuntu-xenial.sh"
test:ubuntu-bionic-aegir3-apt:
stage: test
......@@ -252,9 +253,9 @@ publish:unstable-repo:
#
# Upgrade the latest stable Aegir to our unstable repo.
upgradetest:debian-jessie-aegir3-apt-upgrade:
upgradetest:debian-stretch-aegir3-apt-upgrade:
stage: upgradetest
image: debian:jessie
image: debian:stretch
dependencies:
- publish:unstable-repo
......@@ -271,7 +272,7 @@ upgradetest:debian-jessie-aegir3-apt-upgrade:
- apt-get install --yes sudo curl cron
script:
- "scripts/ci-aegir-stable-install-apt-debian8.sh"
- "scripts/ci-aegir-stable-install-apt-debian9.sh"
# extra step to run the task queue.
- sudo su aegir --login --command 'drush @hostmaster php-eval "echo hosting_task_count();"'
- sudo su aegir --login --command 'drush @hostmaster hosting-tasks --force'
......@@ -283,6 +284,6 @@ upgradetest:debian-jessie-aegir3-apt-upgrade:
- sudo su aegir --login --command 'drush @hostmaster php-eval "echo hosting_task_count_running();"'
# upgrade to the latest version from the unstable repo.
- rm -v /etc/apt/sources.list.d/aegir-stable.list
- echo "deb http://debian.aegirproject.org unstable main" | sudo tee -a /etc/apt/sources.list.d/aegir-unstable.list
- echo "deb [signed-by=/usr/share/keyrings/aegir-archive-keyring.gpg] http://debian.aegirproject.org unstable main" | sudo tee -a /etc/apt/sources.list.d/aegir-unstable.list
- sudo apt-get update
- sudo apt-get --yes dist-upgrade
......@@ -126,7 +126,6 @@ if (isset($_SERVER['db_name'])) {
ini_set('session.cache_limiter', 'none');
ini_set('session.cookie_lifetime', 0);
ini_set('session.gc_maxlifetime', 200000);
ini_set('session.save_handler', 'user');
ini_set('session.use_only_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('url_rewriter.tags', '');
......@@ -155,6 +154,13 @@ if (isset($_SERVER['db_name'])) {
<?php endif; ?>
<?php endif; ?>
/**
* If external request was HTTPS but internal request is HTTP, set $_SERVER['HTTPS'] so Drupal detects the right scheme.
*/
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' && $_SERVER["REQUEST_SCHEME"] == 'http') {
$_SERVER['HTTPS'] = 'on';
}
<?php print $extra_config; ?>
# Additional host wide configuration settings. Useful for safely specifying configuration settings.
......@@ -167,6 +173,11 @@ if (isset($_SERVER['db_name'])) {
include_once('<?php print $this->platform->root ?>/sites/all/platform.settings.php');
}
# Additional platform wide configuration settings.
if (is_readable('<?php print $this->platform->root ?>/sites/all/settings.php')) {
include_once('<?php print $this->platform->root ?>/sites/all/settings.php');
}
# Additional site configuration settings.
if (is_readable('<?php print $this->site_path ?>/local.settings.php')) {
include_once('<?php print $this->site_path ?>/local.settings.php');
......
......@@ -157,6 +157,18 @@ if (isset($_SERVER['db_name'])) {
<?php endif; ?>
<?php endif; ?>
/**
* Set the Syslog identity to the site name so it's not always "drupal".
*/
$conf['syslog_identity'] = '<?php print $this->uri ?>';
/**
* If external request was HTTPS but internal request is HTTP, set $_SERVER['HTTPS'] so Drupal detects the right scheme.
*/
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' && $_SERVER["REQUEST_SCHEME"] == 'http') {
$_SERVER['HTTPS'] = 'on';
}
<?php print $extra_config; ?>
# Additional host wide configuration settings. Useful for safely specifying configuration settings.
......@@ -169,6 +181,11 @@ if (isset($_SERVER['db_name'])) {
include_once('<?php print $this->platform->root ?>/sites/all/platform.settings.php');
}
# Additional platform wide configuration settings.
if (is_readable('<?php print $this->platform->root ?>/sites/all/settings.php')) {
include_once('<?php print $this->platform->root ?>/sites/all/settings.php');
}
# Additional site configuration settings.
if (is_readable('<?php print $this->site_path ?>/local.settings.php')) {
include_once('<?php print $this->site_path ?>/local.settings.php');
......
......@@ -23,6 +23,7 @@ print '<?php' ?>
*/
if (isset($_SERVER['SITE_SUBDIR']) && isset($_SERVER['RAW_HOST'])) {
$base_url = 'http://' . $_SERVER['RAW_HOST'] . '/' . $_SERVER['SITE_SUBDIR'];
ini_set('session.cookie_path', '/' . $_SERVER['SITE_SUBDIR'] . '/');
}
<?php endif; ?>
......@@ -110,9 +111,6 @@ if (isset($_SERVER['db_name'])) {
<?php endif; ?>
$profile = "<?php print $this->profile ?>";
$install_profile = "<?php print $this->profile ?>";
/**
* PHP settings:
*
......@@ -133,7 +131,6 @@ if (isset($_SERVER['db_name'])) {
*/
umask(0002);
$settings['install_profile'] = '<?php print $this->profile ?>';
$settings['file_public_path'] = 'sites/<?php print $this->uri ?>/files';
$settings['file_private_path'] = 'sites/<?php print $this->uri ?>/private/files';
$config['system.file']['path']['temporary'] = 'sites/<?php print $this->uri ?>/private/temp';
......@@ -182,6 +179,18 @@ if (isset($_SERVER['db_name'])) {
'\.local$',
);
/**
* Set the Syslog identity to the site name so it's not always "drupal".
*/
$config['syslog.settings']['identity'] = '<?php print $this->uri ?>';
/**
* If external request was HTTPS but internal request is HTTP, set $_SERVER['HTTPS'] so Drupal detects the right scheme.
*/
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' && $_SERVER["REQUEST_SCHEME"] == 'http') {
$_SERVER['HTTPS'] = 'on';
}
<?php print $extra_config; ?>
# Additional host wide configuration settings. Useful for safely specifying configuration settings.
......@@ -194,6 +203,11 @@ if (isset($_SERVER['db_name'])) {
include('<?php print $this->platform->root ?>/sites/all/platform.settings.php');
}
# Additional platform wide configuration settings.
if (is_readable('<?php print $this->platform->root ?>/sites/all/settings.php')) {
include_once('<?php print $this->platform->root ?>/sites/all/settings.php');
}
# Additional site configuration settings.
if (is_readable('<?php print $this->site_path ?>/local.settings.php')) {
include('<?php print $this->site_path ?>/local.settings.php');
......
......@@ -19,10 +19,10 @@ class Provision_Config_Drushrc_Alias extends Provision_Config_Drushrc {
function __construct($context, $data = array()) {
parent::__construct($context, $data);
if (is_array($data['aliases'])) {
if (isset($data['aliases']) && is_array($data['aliases'])) {
$data['aliases'] = array_unique($data['aliases']);
}
if (is_array($data['drush_aliases'])) {
if (isset($data['drush_aliases']) && is_array($data['drush_aliases'])) {
$data['drush_aliases'] = array_unique($data['drush_aliases']);
}
......
......@@ -3,17 +3,10 @@ api = 2
; This makefile fetches the latest release of Drupal from Drupal.org.
projects[drupal][type] = "core"
projects[drupal][version] = 7.60
; Sync manually with drupal-org-core.make in the hostmaster repo.
; Sync manually with drupal-org-core.make in the hostmaster repo.
; Function each() is deprecated since PHP 7.2; https://www.drupal.org/project/drupal/issues/2925449
projects[drupal][patch][2925449] = "https://www.drupal.org/files/issues/2018-04-08/deprecated_each2925449-106.patch"
; [PHP 7.2] Avoid count() calls on uncountable variables; https://www.drupal.org/project/drupal/issues/2885610
projects[drupal][patch][2885610] = "https://www.drupal.org/files/issues/2018-04-21/drupal-7-count-function-deprecation-fixes-2885610-19.patch"
; Pin a core version, only as long as we have a core patch below.
; Sync manually with drupal-org-core.make in the hostmaster repository.
;projects[drupal][version] = 7.61
; The release.sh script updates the version of hostmaster.
projects[hostmaster][type] = "profile"
......
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBE6UpTYBEACl8WyZrrcbMe4wfFQW2HMJP9PrDolioDlZZDpC9VesU2E1WFTW
jOZQY33HG/89evHLWg78JVo57z+OgmFS4bv7aGoynId5KfSF/azI9ibRCWMXHBa+
Mp8Pk+ufb3InYe7thOJQ9q1DGf/jg42+a31rpsiW58+HGACn3fIhdU8MhVcZ45NS
gVJI0yeOnacpvtMCmQwTZdhmG4d9hV7RcaN46fWz1Ys0qPJ3PGaRK7R4Qb6/+hPg
p9tvfjyUw0e6dWmAgHkoo54mpiYdPgD6+S7nuqbeFGzai1GVcwCH9Ec6/E9L4wnD
c0rvstyyBlaGyPSakViw46ZbE2VQK/uPEciqBmJUm8Yzh3uOhk5ufS11hC4S3F/t
VeJWZwIEBQGX0a81eMDtu0XtK+5B+WFsQ1ZLeUaK0hhZwoJS5wsbyhNi1KYLOucV
OaeAcz8snzw4q0MtJKxPT4TVhE78uu6DsoW7yY3atOIfGTuS4dUV3ahGxSC0r+Pw
BRqQ09vhu2z96zuLFHrlMmcG/OloHwIOOgk2sQ1YaP7Gklr8mk+c8hqX/TWci7Nh
oG/i6dIcSni13lIF8aVhcFD1T3rcvi/MP4E5t6XiMKfCVUGYx7qCyhO91N3NrLTw
CLAiWoxZ8ZfHFsutK8NmgzTHUTwwn+D+aGpow8wJ2cpQFb8ExjSiImwRvQARAQAB
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBE6UpTYBEACl8WyZrrcbMe4wfFQW2HMJP9PrDolioDlZZDpC9VesU2E1WFTW
jOZQY33HG/89evHLWg78JVo57z+OgmFS4bv7aGoynId5KfSF/azI9ibRCWMXHBa+
Mp8Pk+ufb3InYe7thOJQ9q1DGf/jg42+a31rpsiW58+HGACn3fIhdU8MhVcZ45NS
gVJI0yeOnacpvtMCmQwTZdhmG4d9hV7RcaN46fWz1Ys0qPJ3PGaRK7R4Qb6/+hPg
p9tvfjyUw0e6dWmAgHkoo54mpiYdPgD6+S7nuqbeFGzai1GVcwCH9Ec6/E9L4wnD
c0rvstyyBlaGyPSakViw46ZbE2VQK/uPEciqBmJUm8Yzh3uOhk5ufS11hC4S3F/t
VeJWZwIEBQGX0a81eMDtu0XtK+5B+WFsQ1ZLeUaK0hhZwoJS5wsbyhNi1KYLOucV
OaeAcz8snzw4q0MtJKxPT4TVhE78uu6DsoW7yY3atOIfGTuS4dUV3ahGxSC0r+Pw
BRqQ09vhu2z96zuLFHrlMmcG/OloHwIOOgk2sQ1YaP7Gklr8mk+c8hqX/TWci7Nh
oG/i6dIcSni13lIF8aVhcFD1T3rcvi/MP4E5t6XiMKfCVUGYx7qCyhO91N3NrLTw
CLAiWoxZ8ZfHFsutK8NmgzTHUTwwn+D+aGpow8wJ2cpQFb8ExjSiImwRvQARAQAB
tEFBZWdpciBEZWJpYW4gYXJjaGl2ZSBhdXRvc2lnbmluZyA8ZGViaWFuQGRlYmlh
bi5hZWdpcnByb2plY3Qub3JnPokCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AFAlf+NugFCQ8NLCAACgkQWt+ToDN2zPnCkRAAoIw0OVgdpiXKP711
w1S3fgprFJ2AanHIBkT70CM3JI83nWcQ7r/h5oD/eTlRjxO/I+aCP82MXkmoyRG7
7y2OvEh4G/Z01G/FSa+B+5iwvmjyOuW9DjFzJZPviqm3Qki8jckEgT8sJbeuKdhz
wE4TtPVchThbVD9WGSM0HHKfdTTswddb0wbwahe/s6wblqC5qUXmku9yjL/9paBh
bsUuxvqioVHPINTYdczT5g/7SIRj2j3tQGSsS1TRRDZqwvW+Sp1TwhxUUWR/zhys
nCBXHkD+PdZuFhMjg88XhBj5cQaoyrCpOy1NmVvhyfDPSa3TtCo/G6uOvrZReMhx
PGb9sAyhjwVPGvlD6zOpX55fHG+hpE4cpKwf2dQ8usu2Vpg4tt9anZ/pgszJ/nno
W9cVaXRdvlap0kyEUxqjZ3gfv9mltBqq2FEWhfsN2BTWfUNDDts04Mr2RWSE1A5D
S2f2V3zVIJOS+OawZoM0Pfcp3n/RZ2NpU3Wv2MGyL+cHBWYLUrxj1ZQ+db+T9men
fV+Rtcleb+LL6C6BKciltV1fW7pChhJGKyBVzK2SMsti8EzpBCpUGiuhT/YaMtt5
9TS7uD9745wsJP4iWyHd84eGN3XYJ33RXocNyYUHeGrHLl5l0cEGW4vlsGKaGxoK
fSOLMSmN916rtRkS4lsyPVaDj1+JAhwEEAEIAAYFAk6UsKoACgkQeSFSUnt1kh6X
bi5hZWdpcnByb2plY3Qub3JnPokCPgQTAQoAKAIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AFAl2XDK0FCRSmAfEACgkQWt+ToDN2zPmClQ//VGUWjO8Jjsah9zew
tfBHVha9qhZjzjV8h6PItExF61nwS2KmB4iRYUlhziN3ZcPcZo1A1TESnvVPrnrO
f51zAQ7f/0ZXryb62c9JR6K0wcF0qDLPO+59tb4EJ0M2v//i6rzv8zc0My+nrQyL
7TmuQsBHhpXsymKvG+1zGW3uHjVFCFYpALxV1JI4O1H9xWntGFXXzQuMlmpE5bBk
vT9aFRATvF0/yk+xjPKGYtVRo/qbWzdzABDa5R8zgB8HDK1tyD+ydQ5xWge3jXDd
LxIEBW8Y9hrDWQ01xqsuRGMGWeYZWg2paw/Xu8g8c96Pmv8mVvVnbAUF59Ow6lCe
pJD4Q90W+5IRNsOB1Hwa42kcqrmnEP0UEgrjjKp19jTORmJFxCajGtT9IdHOZL23
HJ/wECKXe0hb/4LdUYX55nH0vvm+cKjShgxQHf1CzxebdJ07LK2d2Amp80KtekkE
ZGED24LQLjsmGVqlk5uo5UX3/rkBdLB18vMMQAndQIamgbOwQeha7/zK1dTCbBEs
KMlJc7uq6UDbEY8+xTozjPIw6VrPtC3Eed3IImVjRd8T8Nv9ez+t3xoLigjWH5XJ
msErRVNNRQZ8tBB9W+anzr5wPOx6BLTFoH6vWb0cqyzg6I3DFBUSvPipPuA3IEzt
qF+QLY5dSnzKz6lVvtWtjDMg3oaJAhwEEAEIAAYFAk6UsKoACgkQeSFSUnt1kh6X
Ew/8DSf0+OUYm0CNB8a6fN8GoSbx2Njg/HrfYn3pLBnQ8gl6BQ/0k1HaH851aDOL
j76ldIDPAyb8pjJO/Paeu09IEUs9yZLb1WvRgeO0wohVcf1EkP/h73XMM05tz75M
lymEprkc4RuyfXyAh4mnhSVg9Xr8DUW79jd6+JcNkSN2tg75e77F2vIssNFwpIyp
......@@ -60,6 +60,6 @@ Ql7g+6XxqD8yf+rdEB56fS3SkuGb1UKvdPP1rwLDBheXcas/f55WAOVpsE0o1Ivm
R0Aprjh8FK2L2i4c3ARTF+t64HOZZ94Jtr+ZUDmy6DgeMMKc6Dr5VHWbTppOntQi
I2PnLuBHSd6vQ2Ps57TK5JepOJBRkBu9xhzS0eF4ilZnkAxPcm6rb//OEP99iX9R
LMwXV3EGKPmTED4=
=T1Aq
=CdGR
-----END PGP PUBLIC KEY BLOCK-----
......@@ -33,6 +33,9 @@ case "$1" in
# this obviously doesn't work for git releases
VERSION=`sed -n '/^version/{s/^.*= *//;p}' /usr/share/drush/commands/provision/provision.info`
# TODO: lookup? composer installs?
DRUSH_PATH="/usr/local/bin/drush"
FLAGS="--yes"
if [ "$DPKG_DEBUG" = "developer" ]; then
FLAGS="$FLAGS --debug"
......@@ -68,10 +71,10 @@ case "$1" in
chown aegir:aegir "$AEGIRHOME" "$AEGIRHOME/config" "$AEGIRHOME/config/$WEBSERVER.conf"
# flush the drush cache to find new commands
su -s /bin/sh aegir -c 'drush cache-clear drush'
su -s /bin/sh aegir -c "$DRUSH_PATH cache-clear drush"
site_uri=`su -s /bin/sh aegir -c 'drush @hostmaster status --fields="uri" --field-labels=0 2>/dev/null | tr "\n" " " | sed -e "s/^[[:space:]]*//g" -e "s/[[:space:]]*\$//g"'`
drupal_root=`su -s /bin/sh aegir -c 'drush @hostmaster status --fields="root" --field-labels=0 2>/dev/null | tr "\n" " " | sed -e "s/^[[:space:]]*//g" -e "s/[[:space:]]*\$//g"'`
site_uri=`su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster status --fields='uri' --field-labels=0 2>/dev/null | tr '\n' ' ' | sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*\$//g'"`
drupal_root=`su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster status --fields='root' --field-labels=0 2>/dev/null | tr '\n' ' ' | sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*\$//g'"`
if [ -d "$drupal_root" ]; then
# upgrade
......@@ -95,14 +98,14 @@ case "$1" in
echo "it seems to be the same version as the one we're trying to install, not upgrading"
else
echo "upgrading the frontend from $drupal_root to $NEW_PLATFORM"
if su -s /bin/sh aegir -c 'drush @hostmaster pm-list --status=enabled --pipe' | grep -q hosting_queued; then
if su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster pm-list --status=enabled --pipe" | grep -q hosting_queued; then
service hosting-queued stop
fi
cd "$drupal_root"
su -s /bin/sh aegir -c "drush hostmaster-migrate $FLAGS '$site_uri' '$NEW_PLATFORM'"
su -s /bin/sh aegir -c "$DRUSH_PATH hostmaster-migrate $FLAGS '$site_uri' '$NEW_PLATFORM'"
echo "upgrade finished, old platform left in $drupal_root"
# restart daemon if enabled
if su -s /bin/sh aegir -c 'drush @hostmaster pm-list --status=enabled --pipe' | grep -q hosting_queued; then
if su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster pm-list --status=enabled --pipe" | grep -q hosting_queued; then
service hosting-queued start
fi
fi
......@@ -173,7 +176,7 @@ case "$1" in
fi
# pass data through JSON for extra security
su -s /bin/sh aegir -c "cd $AEGIRHOME && drush hostmaster-install $FLAGS --backend $site_uri 2>&1 | drush backend-parse $DEBUG" <<EOF
su -s /bin/sh aegir -c "cd $AEGIRHOME && $DRUSH_PATH hostmaster-install $FLAGS --backend $site_uri 2>&1 | $DRUSH_PATH backend-parse $DEBUG" <<EOF
{ "yes": 1,
"version": "$VERSION",
"aegir_db_host": "$AEGIR_DB_HOST",
......@@ -183,11 +186,11 @@ case "$1" in
}
EOF
# flush the drush cache to find new commands
su -s /bin/sh aegir -c 'drush cache-clear drush'
su -s /bin/sh aegir -c "$DRUSH_PATH cache-clear drush"
# on new installs, we default to having the daemon enabled
echo 'Enabling hosting-queued daemon'
su -s /bin/sh aegir -c 'drush @hostmaster pm-enable -y hosting_queued'
su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster pm-enable -y hosting_queued"
service hosting-queued start
if [ -f /bin/systemctl ]; then
# There must be a better way, but we're trying to stay compatible with Debian Wheezy and Jessie.
......@@ -215,10 +218,10 @@ EOF
esac
# this will ensure that this script aborts if the site can't be bootstrapped
if su -s /bin/sh aegir -c 'drush @hostmaster status' 2>&1 | grep -q 'Drupal bootstrap.*Successful'; then
if su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster status" 2>&1 | grep -q 'Drupal bootstrap.*Successful'; then
echo 'Aegir frontend bootstrap correctly, operation was a success!'
echo 'Use this URL to login on your new site:'
su -s /bin/sh aegir -c 'drush @hostmaster uli'
su -s /bin/sh aegir -c "$DRUSH_PATH @hostmaster uli"
else
echo 'Aegir frontend failed to bootstrap, something went wrong!'
echo 'Look at the log above for clues or run with DPKG_DEBUG=developer'
......
aegir3-provision (3.182) testing; urgency=medium
* Mini-release to update the bundled dehydrated lib for LetsEncrypt.
-- Herman van Rink <helmo@initfour.nl> Tue, 08 Oct 2019 21:50:20 +0200
aegir3-provision (3.181ubuntu1) testing; urgency=medium
* New mini-release required for update to Debian repo PGP key (https://www.drupal.org/project/hostmaster/issues/3085544)
-- Colan Schwartz <13228-colan@users.noreply.gitlab.com> Fri, 04 Oct 2019 16:16:36 -0400
aegir3-provision (3.180) unstable; urgency=medium
* Bugfixes and UI improvements, see http://aegir.readthedocs.org/en/3.x/release-notes/3.18
* Include Drupal 7.67
-- Colan Schwartz <13228-colan@users.noreply.gitlab.com> Thu, 27 Jun 2019 15:27:28 -0400
aegir3-provision (3.174) testing; urgency=medium
* Update to Hostmaster 7.x-3.174
* Include an updated ctools, views, module_filter
* Include a new Golden Contrib module: Hosting Deploy
-- Herman van Rink <helmo@initfour.nl> Thu, 04 Apr 2019 15:48:32 +0200
aegir3-provision (3.173) testing; urgency=medium
* Update to Hostmaster 7.x-3.173 & Drupal 7.63.
-- Jon Pugh <jon@thinkdrop.net> Fri, 18 Jan 2019 14:37:21 -0500
aegir3-provision (3.172) testing; urgency=medium
* Fix regression in legacy hosting_ssl: the logic for determining a certificate wasn't good, in the legacy module. #3020747
-- Jon Pugh <jon@thinkdrop.net> Wed, 09 Jan 2019 10:50:08 -0500
aegir3-provision (3.171) testing; urgency=medium
* Fix regression in hosting_https, #3020747
-- Herman van Rink <helmo@initfour.nl> Sat, 22 Dec 2018 20:22:16 +0100
aegir3-provision (3.170) unstable; urgency=high
* Bugfixes and UI improvements, see http://aegir.readthedocs.org/en/3.x/release-notes/3.17
* Fixes a number of security issues.
* Include Drupal 7.61
-- Herman van Rink <helmo@initfour.nl> Wed, 19 Dec 2018 16:50:53 +0100
aegir3-provision (3.161) testing; urgency=medium
* Minor bugfix release
......
......@@ -11,7 +11,7 @@ Vcs-browser: http://drupalcode.org/project/provision.git
Package: aegir3-provision
Architecture: all
Depends: ${misc:Depends}, php5-cli (>= 5.3) | php7.0-cli | php7.1-cli | php7.2-cli, php5 | php7.0-xml | php7.1-xml | php7.2-xml, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql, mysql-client | mariadb-client, sudo, postfix | mail-transport-agent, apache2 | nginx, adduser, ucf, curl
Depends: ${misc:Depends}, php5-cli (>= 5.3) | php7.0-cli | php7.1-cli | php7.2-cli | php-cli, php5 | php7.0-xml | php7.1-xml | php7.2-xml | php-xml, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql | php-mysql, mysql-client | mariadb-client, sudo, postfix | mail-transport-agent, apache2 | nginx, adduser, ucf, curl
Recommends: mysql-server | mariadb-server, rsync, composer
Conflicts: aegir-provision, aegir-provision2, aegir2-provision
Replaces: aegir-provision, aegir-provision2, aegir2-provision
......@@ -30,8 +30,8 @@ Description: mass Drupal hosting system - backend
Package: aegir3-hostmaster
Architecture: all
Depends: ${misc:Depends}, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql, php5-gd | php7.0-gd | php7.1-gd | php7.2-gd, apache2 | nginx, libapache2-mod-php5 | libapache2-mod-php7.0 | libapache2-mod-php7.1 | libapache2-mod-php7.2 | php5-fpm | php7.0-fpm | php7.1-fpm | php7.2-fpm,, aegir3-provision (>= ${source:Version}), git-core, unzip, lsb-base (>= 3.0-6)
Recommends: php5 | php7.0 | php7.1 | php7.2
Depends: ${misc:Depends}, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql | php-mysql, php5-gd | php7.0-gd | php7.1-gd | php7.2-gd | php-gd, apache2 | nginx, libapache2-mod-php5 | libapache2-mod-php7.0 | libapache2-mod-php7.1 | libapache2-mod-php7.2 | libapache2-mod-php | php5-fpm | php7.0-fpm | php7.1-fpm | php7.2-fpm | php-fpm, aegir3-provision (>= ${source:Version}), git-core, unzip, lsb-base (>= 3.0-6)
Recommends: php5 | php7.0 | php7.1 | php7.2 | php
Conflicts: aegir-hostmaster, aegir-hostmaster2, aegir2-hostmaster
Replaces: aegir-hostmaster, aegir-hostmaster2, aegir2-hostmaster
Description: mass Drupal hosting system - frontend
......@@ -69,8 +69,8 @@ Description: mass Drupal hosting system
Package: aegir3-cluster-slave
Architecture: all
Depends: ${misc:Depends}, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql, sudo, apache2, adduser, ucf, libapache2-mod-php5 | libapache2-mod-php7.0 | libapache2-mod-php7.1, libapache2-mod-php7.2, rsync, nfs-client, mysql-client
Recommends: php5-gd | php7.0-gd | php7.1-gd | php7.2-gd, php5 | php7.0 | php7.1 | php7.2
Depends: ${misc:Depends}, php5-mysql | php7.0-mysql | php7.1-mysql | php7.2-mysql | php-mysql, sudo, apache2, adduser, ucf, libapache2-mod-php5 | libapache2-mod-php7.0 | libapache2-mod-php7.1 | libapache2-mod-php7.2 | libapache2-mod-php, rsync, nfs-client, mysql-client, aegir3-provision
Recommends: php5-gd | php7.0-gd | php7.1-gd | php7.2-gd, php5 | php7.0 | php7.1 | php7.2 | php
Conflicts: aegir-cluster-slave, aegir-cluster-slave2, aegir2-cluster-slave, aegir3
Replaces: aegir-cluster-slave, aegir-cluster-slave2, aegir2-cluster-slave
Description: mass Drupal hosting system - slave backend
......
<?php if ($this->ssl_enabled && $this->ssl_key) : ?>
<?php if ($this->ssl_enabled && $this->ssl_key && $this->ssl_cert_ok) : ?>
<VirtualHost <?php print "{$ip_address}:{$http_ssl_port}"; ?>>
<?php if ($this->site_mail) : ?>
......@@ -82,7 +82,7 @@ if ($this->redirection) {
# Prevent direct reading of files in the private dir.
# This is for Drupal7 compatibility, which would normally drop
# a .htaccess in those directories, but we explicitly ignore those
<Directory "<?php print $this->site_path; ?>/private/" >
<Directory ~ "sites/.*/private">
<Files *>
SetHandler This_is_a_Drupal_security_line_do_not_remove
</Files>
......
<Directory <?php print $this->root; ?>>
Order allow,deny
Allow from all
Satisfy any
Satisfy All
Require all granted
<?php print $extra_config; ?>
......
......@@ -39,7 +39,7 @@ Alias /<?php print $subdir; ?> <?php print $this->root; ?>
# Prevent direct reading of files in the private dir.
# This is for Drupal7 compatibility, which would normally drop
# a .htaccess in those directories, but we explicitly ignore those
<Directory "<?php print $this->site_path; ?>/private/" >
<Directory ~ "sites/.*/private">
SetHandler This_is_a_Drupal_security_line_do_not_remove
Deny from all
Options None
......
......@@ -83,7 +83,7 @@ if ($this->redirection || $ssl_redirection) {
# Prevent direct reading of files in the private dir.
# This is for Drupal7 compatibility, which would normally drop
# a .htaccess in those directories, but we explicitly ignore those
<Directory "<?php print $this->site_path; ?>/private/" >
<Directory ~ "sites/.*/private">
<Files *>
SetHandler This_is_a_Drupal_security_line_do_not_remove
</Files>
......
......@@ -9,12 +9,11 @@
class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site {
public $template = 'vhost_ssl.tpl.php';
public $disabled_template = 'vhost_ssl_disabled.tpl.php';
public $ssl_cert_ok = TRUE;
public $description = 'encrypted virtual host configuration';
function write() {
parent::write();
if ($this->ssl_enabled && $this->ssl_key) {
$path = dirname($this->data['ssl_cert']);
// Make sure the ssl.d directory in the server ssl.d exists.
......@@ -28,28 +27,39 @@ class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site {
// XXX: test. data structure may not be sound. try d($this->uri)
// if $this fails
Provision_Service_http_ssl::assign_certificate_site($this->ssl_key, $this);
// Copy the certificates to the server's ssl.d directory.
provision_file()->copy(
$this->data['ssl_cert_source'],
$this->data['ssl_cert'])
|| drush_set_error('SSL_CERT_COPY_FAIL', dt('failed to copy SSL certificate in place'));
provision_file()->copy(
$this->data['ssl_cert_key_source'],
$this->data['ssl_cert_key'])
|| drush_set_error('SSL_KEY_COPY_FAIL', dt('failed to copy SSL key in place'));
if (!provision_file()->copy($this->data['ssl_cert_source'], $this->data['ssl_cert'])->status()) {
drush_set_error('SSL_CERT_COPY_FAIL', dt('failed to copy SSL certificate in place'));
$this->ssl_cert_ok = FALSE;
}
if (!provision_file()->copy($this->data['ssl_cert_key_source'], $this->data['ssl_cert_key'])->status()) {
drush_set_error('SSL_KEY_COPY_FAIL', dt('failed to copy SSL key in place'));
$this->ssl_cert_ok = FALSE;
}
// Copy the chain certificate, if it is set.
if (!empty($this->data['ssl_chain_cert_source'])) {
provision_file()->copy(
$this->data['ssl_chain_cert_source'],
$this->data['ssl_chain_cert'])
|| drush_set_error('SSL_CHAIN_COPY_FAIL', dt('failed to copy SSL certficate chain in place'));
if (!provision_file()->copy($this->data['ssl_chain_cert_source'], $this->data['ssl_chain_cert'])->status()) {
drush_set_error('SSL_CHAIN_COPY_FAIL', dt('failed to copy SSL certficate chain in place'));
$this->ssl_cert_ok = FALSE;
}
}
// If cert is not ok, turn off ssl_redirection.
if ($this->ssl_cert_ok == FALSE) {
$this->data['ssl_redirection'] = FALSE;
drush_log(dt('SSL Certificate preparation failed. SSL has been disabled for this site.'), 'warning');
}
// Sync the key directory to the remote server.
$this->data['server']->sync($path, array(
'exclude' => "{$path}/*.receipt", // Don't need to synch the receipts
));
}
// Call parent's write AFTER ensuring the certificates are in place to prevent
// the vhost from referencing missing files.
parent::write();
}
/**
......
This diff is collapsed.
......@@ -9,10 +9,15 @@ function drush_provision_drupal_pre_provision_delete($backup_file = NULL) {
if (!empty($backup_file) && !strpos($backup_file, '/')) {
drush_set_error('PROVISION_DELETE_BACKUP_NAME_RELATIVE', dt('The passed backup name is a relative path, storing that in the site directory which is going to be deleted is probably not intended. Try an absolute name, or no name to let one be generated.'));
}
else {
// If site database exists and is boostrapped, run a backup.
elseif (drush_bootstrap_max() == DRUSH_BOOTSTRAP_DRUPAL_LOGIN) {
drush_log(dt('Invoking drush provision-backup...'));
drush_invoke("provision-backup", $backup_file);
drush_unset_option('force', 'process');
}
else {
drush_log(dt('Warning: A site backup was not made because a site database was not found.'), 'warning');
}
}
}
......@@ -48,8 +53,12 @@ function drush_provision_drupal_provision_delete() {
drush_set_error(dt('Existing sites were found on this platform. These sites will need to be deleted before this platform can be deleted.'));
}
else {
drush_invoke_process('@none', 'provision-save', array(d()->name), array('delete' => TRUE));
_provision_recursive_delete(d()->root);
d()->service('http')->sync(d()->root);
}
}
elseif (d()->type === 'server') {
drush_invoke_process('@none', 'provision-save', array(d()->name), array('delete' => TRUE));
}
}
......@@ -366,8 +366,14 @@ function install_main() {
$client_email = install_validate_client_email(drush_get_option('client_email', FALSE));
$account = install_create_admin_user($client_email);
$onetime = user_pass_reset_url($account);
// Store the one time login link in an option so the front end can direct the user to their new site.
// If a redirect is defined, the symlink to the alias needs to exist before
// we generate the login link, below.
_provision_drupal_maintain_aliases();
// Store the one time login link in an option so the front end can direct the
// user to their new site.
$onetime = provision_generate_login_reset();
drush_set_option('login_link', $onetime . '/login');
drush_log(dt('Login url: !onetime', array('!onetime' => $onetime . '/login')), 'success');
......
......@@ -158,10 +158,16 @@ function install_main() {
_provision_drupal_create_directories();
$account = user_load(1);
$onetime = user_pass_reset_url($account);
// Store the one time login link in an option so the front end can direct the user to their new site.
drush_set_option('login_link', $onetime . '/login');
drush_log(dt('Login url: !onetime', array('!onetime' => $onetime . '/login')), 'success');
// If a redirect is defined, the symlink to the alias needs to exist before
// we generate the login link, below.
_provision_drupal_maintain_aliases();
// Store the one time login link in an option so the front end can direct the
// user to their new site.
$onetime = provision_generate_login_reset();
drush_set_option('login_link', $onetime);
drush_log(dt('Login url: !onetime', array('!onetime' => $onetime)), 'success');
if (drush_get_option('client_email', FALSE)) {
install_send_welcome_mail($url, $account, $install_locale, $client_email, $onetime);
......
......@@ -159,8 +159,13 @@ function install_main() {
$account = user_load(1);
$onetime = user_pass_reset_url($account);
// Store the one time login link in an option so the front end can direct the user to their new site.
// If a redirect is defined, the symlink to the alias needs to exist before
// we generate the login link, below.
_provision_drupal_maintain_aliases();
// Store the one time login link in an option so the front end can direct the
// user to their new site.
$onetime = provision_generate_login_reset();
drush_set_option('login_link', $onetime);
drush_log(dt('Login url: !onetime', array('!onetime' => $onetime)), 'message');
......
......@@ -25,16 +25,21 @@ function drush_provision_drupal_provision_install_validate() {
drush_log(dt('Forcing reinstall...'), 'ok');
// Load the current database name from drushrc.php.
// I cannot find another way to find the current db_name!
require_once(d()->site_path . '/drushrc.php');
$old_db_name = $options['db_name'];
if (d()->service('db')->database_exists($old_db_name)) {
d()->service('db')->drop_database($old_db_name);
drush_log(dt('Dropped database @database.', array(
'@database' => $old_db_name,
)), 'ok');
// Drop the database if we can figure out what it is.
// If last install failed, the database and the site folder is deleted.
if (file_exists(d()->site_path . '/drushrc.php')) {
// Load the current database name from drushrc.php.
// I cannot find another way to find the current db_name!
require_once(d()->site_path . '/drushrc.php');
$old_db_name = $options['db_name'];
if (d()->service('db')->database_exists($old_db_name)) {
d()->service('db')->drop_database($old_db_name);
drush_log(dt('Dropped database @database.', array(
'@database' => $old_db_name,
)), 'ok');
}
}
// Destroy site_path.
......@@ -46,7 +51,9 @@ function drush_provision_drupal_provision_install_validate() {
// Check again if site does not exist after the forced reinstall.
if (_provision_drupal_site_exists()) {
return drush_set_error('PROVISION_SITE_INSTALLED');
return drush_set_error('PROVISION_SITE_INSTALLED', dt('The file !file still exists. Provision was unable to delete it.', array(