From be46cb1959683ce3650beb4232d03fe0e8b101e4 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Wed, 8 Sep 2021 13:20:04 +0200
Subject: [PATCH] - pre-release update files

---
 helper_scripts/cert_check.sh                  | 66 +++++++++++++++++++
 .../{upd_dev_collection.php => upd_0094.php}  |  0
 install/sql/incremental/upd_0094.sql          | 20 ++++++
 .../sql/incremental/upd_dev_collection.sql    | 20 ------
 4 files changed, 86 insertions(+), 20 deletions(-)
 create mode 100644 helper_scripts/cert_check.sh
 rename install/patches/{upd_dev_collection.php => upd_0094.php} (100%)
 create mode 100644 install/sql/incremental/upd_0094.sql

diff --git a/helper_scripts/cert_check.sh b/helper_scripts/cert_check.sh
new file mode 100644
index 0000000000..148ab59f7a
--- /dev/null
+++ b/helper_scripts/cert_check.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+chkdata() {
+	F=$1
+	CRT=$2
+	KEY=$3
+	if [[ "$CRT" != "" && "$KEY" != "" ]] ; then
+		if [[ ! -f "$CRT" ]] ; then
+			echo "[WARN] CERTIFICATE FILE ${CRT} MISSING FOR ${F}" ;
+		else 
+			echo -n "Checking ${CRT}" ;
+			CHK=$(openssl x509 -in "${CRT}" -text -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		if [[ ! -f "$KEY" ]] ; then
+			echo "[WARN] KEY FILE ${KEY} MISSING FOR ${F}" ;
+		else
+			echo -n "Checking ${KEY}" ;
+			CHK=$(openssl rsa -in "${KEY}" -check -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+	
+		if [[ -f "$CRT" && -f "$KEY" ]] ; then
+			echo -n "Checking that key and certificate match";
+			MDCRT=$(openssl x509 -noout -modulus -in "${CRT}" | openssl md5) ;
+			MDKEY=$(openssl rsa -noout -modulus -in "${KEY}" | openssl md5) ;
+			if [[ "$MDCRT" != "$MDKEY" ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		echo "---" ;
+	elif [[ "$CRT" != ""  || "$KEY" != "" ]] ; then
+		echo "[WARN] Check SSL config of ${F}";
+		echo "---" ;
+	fi
+}
+
+if [[ -d /etc/apache2/sites-enabled ]] ; then
+	echo "Checking enabled apache vhosts" ;
+	for FIL in /etc/apache2/sites-enabled/* ; do
+		CRT=$(grep 'SSLCertificateFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=$(grep 'SSLCertificateKeyFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
+
+if [[ -d /etc/nginx/sites-enabled ]] ; then
+	echo "Checking enabled nginx vhosts" ;
+	for FIL in /etc/nginx/sites-enabled/* ; do
+		CRT=$(grep 'ssl_certificate' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		CRT=${CRT%;}
+		KEY=$(grep 'ssl_certificate_key' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=${KEY%;}
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
\ No newline at end of file
diff --git a/install/patches/upd_dev_collection.php b/install/patches/upd_0094.php
similarity index 100%
rename from install/patches/upd_dev_collection.php
rename to install/patches/upd_0094.php
diff --git a/install/sql/incremental/upd_0094.sql b/install/sql/incremental/upd_0094.sql
new file mode 100644
index 0000000000..2206658555
--- /dev/null
+++ b/install/sql/incremental/upd_0094.sql
@@ -0,0 +1,20 @@
+-- Add column for email backup limit (#5732)
+ALTER TABLE `client_template` ADD `limit_mail_backup` ENUM( 'n', 'y' ) NOT NULL DEFAULT 'y' AFTER `limit_spamfilter_policy`;
+ALTER TABLE `client` ADD `limit_mail_backup` ENUM( 'n', 'y' ) NOT NULL DEFAULT 'y' AFTER `limit_spamfilter_policy`;
+
+-- default spamfilter_users.policy_id to 0
+ALTER TABLE `spamfilter_users` ALTER `policy_id` SET DEFAULT 0;
+
+-- mail_forwarding.source must be unique
+ALTER TABLE `mail_forwarding` DROP KEY `server_id`;
+ALTER TABLE `mail_forwarding` ADD KEY `server_id` (`server_id`, `source`);
+
+-- Purge apps & addons installer (#5795) - second time due to syntax error in 0093
+DROP TABLE IF EXISTS `software_package`;
+DROP TABLE IF EXISTS `software_repo`;
+DROP TABLE IF EXISTS `software_update`;
+DROP TABLE IF EXISTS `software_update_inst`;
+
+-- mail_transport.domain must be unique
+ALTER TABLE `mail_transport` DROP KEY `server_id_2`;
+ALTER TABLE `mail_transport` ADD UNIQUE KEY `server_id_2` (`server_id`, `domain`);
diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index 2206658555..e69de29bb2 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -1,20 +0,0 @@
--- Add column for email backup limit (#5732)
-ALTER TABLE `client_template` ADD `limit_mail_backup` ENUM( 'n', 'y' ) NOT NULL DEFAULT 'y' AFTER `limit_spamfilter_policy`;
-ALTER TABLE `client` ADD `limit_mail_backup` ENUM( 'n', 'y' ) NOT NULL DEFAULT 'y' AFTER `limit_spamfilter_policy`;
-
--- default spamfilter_users.policy_id to 0
-ALTER TABLE `spamfilter_users` ALTER `policy_id` SET DEFAULT 0;
-
--- mail_forwarding.source must be unique
-ALTER TABLE `mail_forwarding` DROP KEY `server_id`;
-ALTER TABLE `mail_forwarding` ADD KEY `server_id` (`server_id`, `source`);
-
--- Purge apps & addons installer (#5795) - second time due to syntax error in 0093
-DROP TABLE IF EXISTS `software_package`;
-DROP TABLE IF EXISTS `software_repo`;
-DROP TABLE IF EXISTS `software_update`;
-DROP TABLE IF EXISTS `software_update_inst`;
-
--- mail_transport.domain must be unique
-ALTER TABLE `mail_transport` DROP KEY `server_id_2`;
-ALTER TABLE `mail_transport` ADD UNIQUE KEY `server_id_2` (`server_id`, `domain`);
-- 
GitLab