Merge branch 'staging/fixes' into main

Author: Kristan Kenney

CHANGELOG.md

@@ -16,6 +16,8 @@ All notable changes to this project will be documented in this file.
 - Fixed an issue where malformed JSON output was returned when custom theme files are present. (#967)
 - Fixed an error that would occur when running `v-change-user-php-cli` for the first time if .bash_aliases did not exist. (#960)
 - Corrected an issue where tooltips were not displayed when hovering over the top level menu items.
+- Improved handling of APT repository keys during installation.
+- Reworked the Let's Encrypt renew functionality to skip removed aliases.
 
 ## [1.2.1] - Service Release
 ### Features

bin/v-update-letsencrypt-ssl

@@ -58,6 +58,27 @@ for user in $($HESTIA/bin/v-list-sys-users plain); do
             aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
             aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
             aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
+
+            # Source domain.conf
+            source <(cat $HESTIA/data/users/$user/web.conf | grep "DOMAIN='$domain'")
+
+            # Split aliases into array
+            IFS=',' read -r -a ALIASES <<< "$ALIAS"
+
+            # Loop through all crt aliases
+            for alias in ${aliases//,/ } ; do
+                # Validate if the alias still exists in web.conf
+                if [[ " ${ALIASES[@]} " =~ " ${alias} " ]]; then
+                    f_aliases+="$alias,"
+                fi
+            done
+
+            # Remove leading comma
+            if [[ ${f_aliases: -1} = ',' ]] ; then f_aliases=${f_aliases::-1}; fi
+
+            # Write the filtered alias list to the default var
+            aliases=$f_aliases
+
             msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
             if [ $? -ne 0 ]; then
                 log_event $E_INVALID "$domain $msg"
@@ -114,4 +135,4 @@ done
 # No Logging
 #log_event "$OK" "$EVENT"
 
-exit
+exit

func/main.sh

@@ -165,19 +165,14 @@ get_user_owner() {
 # Random password generator
 generate_password() {
     matrix=$1
-    lenght=$2
+    length=$2
     if [ -z "$matrix" ]; then
-        matrix=0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+        matrix=[:alnum:]
     fi
-    if [ -z "$lenght" ]; then
-        lenght=10
+    if [ -z "$length" ]; then
+        length=10
     fi
-    i=1
-    while [ $i -le $lenght ]; do
-        pass="$pass${matrix:$(($RANDOM%${#matrix})):1}"
-       ((i++))
-    done
-    echo "$pass"
+    cat /dev/urandom | tr -dc $matrix | head -c$length
 }
 
 # Package existence check

install/hst-install-debian.sh

@@ -107,13 +107,7 @@ download_file() {
 
 # Defining password-gen function
 gen_pass() {
-    MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
-    LENGTH=16
-    while [ ${n:=1} -le $LENGTH ]; do
-        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
-        let n+=1
-    done
-    echo "$PASS"
+    cat /dev/urandom | tr -dc [:alnum:] | head -c16
 }
 
 # Defining return code check function
@@ -586,53 +580,39 @@ echo
 # Installing Nginx repo
 if [ "$nginx" = 'yes' ]; then
     echo "[ * ] NGINX"
-    echo "deb [arch=amd64] http://nginx.org/packages/mainline/$VERSION/ $codename nginx" > $apt/nginx.list
-    wget --quiet http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key
-    APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/nginx_signing.key > /dev/null 2>&1
+    echo "deb [arch=amd64] https://nginx.org/packages/mainline/$VERSION/ $codename nginx" > $apt/nginx.list
+    apt-key adv --fetch-keys 'https://nginx.org/keys/nginx_signing.key' > /dev/null 2>&1
 fi
 
 # Installing sury PHP repo
 echo "[ * ] PHP"
 echo "deb https://packages.sury.org/php/ $codename main" > $apt/php.list
-wget --quiet https://packages.sury.org/php/apt.gpg -O /tmp/php_signing.key
-APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/php_signing.key > /dev/null 2>&1
+apt-key adv --fetch-keys 'https://packages.sury.org/php/apt.gpg' > /dev/null 2>&1
 
 # Installing sury Apache2 repo
 if [ "$apache" = 'yes' ]; then
     echo "[ * ] Apache2"
     echo "deb https://packages.sury.org/apache2/ $codename main" > $apt/apache2.list
-    wget --quiet https://packages.sury.org/apache2/apt.gpg -O /tmp/apache2_signing.key
-    APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/apache2_signing.key > /dev/null 2>&1
+    apt-key adv --fetch-keys 'https://packages.sury.org/apache2/apt.gpg' > /dev/null 2>&1
 fi
 
 # Installing MariaDB repo
 if [ "$mysql" = 'yes' ]; then
     echo "[ * ] MariaDB"
-    echo "deb [arch=amd64] http://ams2.mirrors.digitalocean.com/mariadb/repo/$mariadb_v/$VERSION $codename main" > $apt/mariadb.list
-    if [ "$release" -eq 8 ]; then
-        APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --recv-keys --keyserver keyserver.ubuntu.com CBCB082A1BB943DB > /dev/null 2>&1
-    else
-        APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --recv-keys --keyserver keyserver.ubuntu.com F1656F24C74CD1D8 > /dev/null 2>&1
-    fi
-fi
-
-# Installing Backport repo for Debian 8
-if [ "$release" -eq 8 ]; then
-    echo "deb [check-valid-until=no] http://archive.debian.org/debian jessie-backports main" >> /etc/apt/sources.list
+    echo "deb [arch=amd64] https://mirror.mva-n.net/mariadb/repo/$mariadb_v/$VERSION $codename main" > $apt/mariadb.list
+    apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' > /dev/null 2>&1
 fi
 
 # Installing HestiaCP repo
 echo "[ * ] Hestia Control Panel"
 echo "deb https://$RHOST/ $codename main" > $apt/hestia.list
-APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A189E93654F0B0E5 > /dev/null 2>&1
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A189E93654F0B0E5 > /dev/null 2>&1
 
 # Installing PostgreSQL repo
 if [ "$postgresql" = 'yes' ]; then
     echo "[ * ] PostgreSQL"
-    echo "deb http://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > $apt/postgresql.list
-    wget --quiet https://www.postgresql.org/media/keys/ACCC4CF8.asc -O /tmp/psql_signing.key
-    APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/psql_signing.key > /dev/null 2>&1
-    rm /tmp/psql_signing.key
+    echo "deb https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > $apt/postgresql.list
+    apt-key adv --fetch-keys 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' > /dev/null 2>&1
 fi
 
 # Echo for a new line
@@ -1587,31 +1567,6 @@ if [ "$dovecot" = 'yes' ] && [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
     sed -i "s/%des_key%/$rcDesKey/g" /etc/roundcube/config.inc.php
     sed -i "s/localhost/$servername/g" /etc/roundcube/plugins/password/config.inc.php
     mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql
-
-    if [ "$release" -eq 8 ]; then
-        # RoundCube tinyMCE fix
-        tinymceFixArchiveURL=$HESTIA_INSTALL_DIR/roundcube/roundcube-tinymce.tar.gz
-        tinymceParentFolder=/usr/share/roundcube/program/js
-        tinymceFolder=$tinymceParentFolder/tinymce
-        tinymceBadJS=$tinymceFolder/tiny_mce.js
-        tinymceFixArchive=$tinymceParentFolder/roundcube-tinymce.tar.gz
-        if [[ -L "$tinymceFolder" && -d "$tinymceFolder" ]]; then
-            if [ -f "$tinymceBadJS" ]; then
-                wget $tinymceFixArchiveURL -O $tinymceFixArchive
-                if [[ -f "$tinymceFixArchive" && -s "$tinymceFixArchive" ]]
-                then
-                    rm $tinymceFolder
-                    tar -xzf $tinymceFixArchive -C $tinymceParentFolder
-                    rm $tinymceFixArchive
-                    chown -R root:root $tinymceFolder
-                else
-                    echo -n "File roundcube-tinymce.tar.gz is not downloaded,"
-                    echo "RoundCube tinyMCE fix is not applied"
-                    rm $tinymceFixArchive
-                fi
-            fi
-        fi
-    fi
 
     # Enable Roundcube plugins
     cp -f $HESTIA_INSTALL_DIR/roundcube/plugins/config_newmail_notifier.inc.php /etc/roundcube/plugins/newmail_notifier/config.inc.php

install/hst-install-ubuntu.sh

@@ -89,13 +89,7 @@ download_file() {
 
 # Defining password-gen function
 gen_pass() {
-    MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
-    LENGTH=16
-    while [ ${n:=1} -le $LENGTH ]; do
-        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
-        let n+=1
-    done
-    echo "$PASS"
+    cat /dev/urandom | tr -dc [:alnum:] | head -c16
 }
 
 # Defining return code check function
@@ -561,10 +555,8 @@ echo
 # Installing Nginx repo
 if [ "$nginx" = 'yes' ]; then
     echo "[ * ] NGINX"
-    echo "deb [arch=amd64] http://nginx.org/packages/mainline/$VERSION/ $codename nginx" \
-    > $apt/nginx.list
-    wget --quiet http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key
-    APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/nginx_signing.key > /dev/null 2>&1
+    echo "deb [arch=amd64] https://nginx.org/packages/mainline/$VERSION/ $codename nginx" > $apt/nginx.list
+    apt-key adv --fetch-keys 'https://nginx.org/keys/nginx_signing.key' > /dev/null 2>&1
 fi
 
 # Installing sury PHP repo
@@ -580,22 +572,20 @@ fi
 # Installing MariaDB repo
 if [ "$mysql" = 'yes' ]; then
     echo "[ * ] MariaDB"
-    echo "deb [arch=amd64] http://ams2.mirrors.digitalocean.com/mariadb/repo/$mariadb_v/$VERSION $codename main" > $apt/mariadb.list
-    APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8 > /dev/null 2>&1
+    echo "deb [arch=amd64] https://mirror.mva-n.net/mariadb/repo/$mariadb_v/$VERSION $codename main" > $apt/mariadb.list
+    apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' > /dev/null 2>&1
 fi
 
 # Installing HestiaCP repo
 echo "[ * ] Hestia Control Panel"
 echo "deb https://$RHOST/ $codename main" > $apt/hestia.list
-APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A189E93654F0B0E5 > /dev/null 2>&1
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A189E93654F0B0E5 > /dev/null 2>&1
 
 # Installing PostgreSQL repo
 if [ "$postgresql" = 'yes' ]; then
     echo "[ * ] PostgreSQL"
-    echo "deb http://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > $apt/postgresql.list
-    wget --quiet https://www.postgresql.org/media/keys/ACCC4CF8.asc -O /tmp/psql_signing.key
-    APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/psql_signing.key > /dev/null 2>&1
-    rm /tmp/psql_signing.key
+    echo "deb https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > $apt/postgresql.list
+    apt-key adv --fetch-keys 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' > /dev/null 2>&1
 fi
 
 # Echo for a new line

install/upgrade/versions/latest.sh

@@ -24,3 +24,35 @@ if [ "$FTP_SYSTEM" = "vsftpd" ]; then
     cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
     chmod 644 /etc/vsftpd.conf
 fi
+
+
+# Rework apt repositories
+apt="/etc/apt/sources.list.d"
+echo "[ * ] Hardening APT repositories..."
+if [ -f "$apt/nginx.list" ]; then
+    if grep -q "http://nginx.org/packages/mainline/" $apt/nginx.list; then
+        echo "  ----- NGINX"
+        sed -i "s/http\:\/\/nginx.org/https\:\/\/nginx.org/g" $apt/nginx.list
+    fi
+fi
+
+if [ -f "$apt/php.list" ]; then
+    if grep -q "http://packages.sury.org/" $apt/php.list; then
+        echo "  ----- PHP"
+        sed -i "s/http\:\/\/packages.sury.org/https\:\/\/packages.sury.org/g" $apt/php.list
+    fi
+fi
+
+if [ -f "$apt/mariadb.list" ]; then
+    if grep -q "http://ams2.mirrors.digitalocean.com" $apt/mariadb.list; then
+        echo "  ----- MariaDB"
+        sed -i "s/http\:\/\/ams2.mirrors.digitalocean.com/https\:\/\/mirror.mva-n.net/g" $apt/mariadb.list
+    fi
+fi
+
+if [ -f "$apt/postgresql.list" ]; then
+    if grep -q "http://apt.postgresql.org" $apt/postgresql.list; then
+        echo "  ----- PostgreSQL"
+        sed -i "s/http\:\/\/apt.postgresql.org/https\:\/\/apt.postgresql.org/g" $apt/postgresql.list
+    fi
+fi

test/test.bats

@@ -6,13 +6,7 @@ load 'test_helper/bats-file/load'
 
 
 function random() {
-    MATRIX='0123456789'
-    LENGTH=$1
-    while [ ${n:=1} -le $LENGTH ]; do
-        rand="$rand${MATRIX:$(($RANDOM%${#MATRIX})):1}"
-        let n+=1
-    done
-    echo "$rand"
+    cat /dev/urandom | tr -dc [:digit:] | head -c$1
 }
 
 function setup() {

test/test_actions.sh

@@ -7,13 +7,7 @@ V_TEST="$HESTIA/test"
 
 # Define functions
 random() {
-    MATRIX='0123456789'
-    LENGTH=$1
-    while [ ${n:=1} -le $LENGTH ]; do
-        rand="$rand${MATRIX:$(($RANDOM%${#MATRIX})):1}"
-        let n+=1
-    done
-    echo "$rand"
+    cat /dev/urandom | tr -dc [:digit:] | head -c$1
 }
 
 echo_result() {

web/css/src/styles.css

@@ -639,6 +639,7 @@ a {
 .l-center {
   margin: 0 auto;
   max-width: 1020px;
+  min-width: 1020px;
 }
 
 .l-logo {