Merge pull request #75 from NethServer/fixTlsVerify

Add SMTP_TLS_VERIFY setting and SMTP server self-signed certificate verification NethServer/dev#6817
NethServer · Jan 4, 2024 · 2db8d28 · 2db8d28
2 parents bc5b945 + 1a92f0b
commit 2db8d28
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 17 deletions.
diff --git a/imageroot/bin/discover-smarthost b/imageroot/bin/discover-smarthost
@@ -35,6 +35,7 @@ with open(envfile + ".tmp", "w") as efp:
     print(f"SMTP_PORT={smtp_settings['port']}", file=efp)
     print(f"MAIL_DOMAIN={domain}", file=efp)
     print(f"MAIL_FROM_ADDRESS=no-reply", file=efp)
+    print(f"SMTP_TLS_VERIFY={smtp_settings['tls_verify']}", file=efp)
     if smtp_settings['password'] != 'none':
         print(f"SMTP_SECURE={smtp_settings['encrypt_smtp']}", file=efp)
     if smtp_settings['username'] and smtp_settings['password']:

diff --git a/imageroot/bin/setup-ldap b/imageroot/bin/setup-ldap
@@ -26,10 +26,7 @@
 # Example:
 #   setup-ldap {"domain": "ad.mydomain.org"}
 
-import os
 import sys
-import json
-import time
 import agent
 import subprocess
 from agent.ldapproxy import Ldapproxy
@@ -61,19 +58,7 @@ if not domain:
     print(f'Domain not found: {cdomain}', file=sys.stderr)
     sys.exit(0)
 
-max_tries = 60
-i = 0
-while i < max_tries:
-    i = i+1
-    try:
-        ret, out = occ(["status", "--output", "json"])
-        status = json.loads(out)
-        if status["installed"]:
-            break
-        print(f"setup-ldap: waiting for nextcloud-app ({i})", file=sys.stderr)
-        time.sleep(1)
-    except Exception as e:
-        continue
+# we wait after nextcloud-app systemed is ready inside systemd script wait_after_nextcloud
 
 occ(["app:enable", "user_ldap"])
 cret, coutput = occ(["ldap:show-config", "s01"])

diff --git a/imageroot/bin/setup-smtp b/imageroot/bin/setup-smtp
@@ -0,0 +1,25 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2023 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import agent
+import subprocess
+
+def occ(args):
+    cmd = ['podman', 'exec', '--user', 'www-data', 'nextcloud-app', 'php', './occ']
+    p = subprocess.run(cmd + args, capture_output=True)
+    return (p.returncode, p.stdout)
+
+smarthost= agent.read_envfile("smarthost.env")
+# smarthost is configured
+if 'SMTP_HOST' in smarthost:
+    # verify if smarthost verify tls certificate
+    if smarthost.get('SMTP_SECURE') == 'none' or smarthost.get('SMTP_TLS_VERIFY') == 'False':
+        occ(["config:system:set","mail_smtpstreamoptions","ssl","allow_self_signed","--value=true", "--type=boolean"])
+        occ(["config:system:set","mail_smtpstreamoptions","ssl","verify_peer","--value=false","--type=boolean"])
+        occ(["config:system:set","mail_smtpstreamoptions","ssl","verify_peer_name","--value=false","--type=boolean"])
+    else:
+        occ(["config:system:delete","mail_smtpstreamoptions","ssl"])
diff --git a/imageroot/bin/wait-startup b/imageroot/bin/wait-startup
@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2023 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import sys
+import json
+import time
+import subprocess
+
+def occ(args):
+    cmd = ['podman', 'exec', '--user', 'www-data', 'nextcloud-app', 'php', './occ']
+    p = subprocess.run(cmd + args, capture_output=True)
+    return (p.returncode, p.stdout)
+
+# wait after nextcloud-app is ready
+max_tries = 60
+i = 0
+while i < max_tries:
+    i = i+1
+    try:
+        ret, out = occ(["status", "--output", "json"])
+        status = json.loads(out)
+        if status["installed"]:
+            break
+        print(f"wait-startup: waiting for nextcloud-app ({i})", file=sys.stderr)
+        time.sleep(1)
+    except Exception as e:
+        continue
diff --git a/imageroot/systemd/user/nextcloud-app.service b/imageroot/systemd/user/nextcloud-app.service
@@ -11,6 +11,8 @@ Restart=always
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/nextcloud-app.pid %t/nextcloud-app.ctr-id
 ExecStartPre=-runagent discover-smarthost
+ExecStartPost=runagent wait_startup
+ExecStartPost=runagent setup-smtp
 ExecStart=/usr/bin/podman run --conmon-pidfile %t/nextcloud-app.pid --cidfile %t/nextcloud-app.ctr-id --cgroups=no-conmon --pod-id-file %t/nextcloud.pod-id --replace -d --name nextcloud-app --env-file=%S/state/config.env --env-file=%S/state/smarthost.env -v nextcloud-app-data:/var/www/html -v %S/state/zzz_nethserver.conf:/usr/local/etc/php-fpm.d/zzz_nethserver.conf:z ${NEXTCLOUD_APP_IMAGE}
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/nextcloud-app.ctr-id -t 10
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/nextcloud-app.ctr-id

diff --git a/tests/nextcloud.robot b/tests/nextcloud.robot
@@ -15,7 +15,7 @@ Check if nextcloud can be configured
     Should Be Equal As Integers    ${rc}  0
 
 Check if nextcloud works as expected
-    Wait Until Keyword Succeeds    20 times    6 seconds    Ping nextcloud
+    Wait Until Keyword Succeeds    60 times    10 seconds    Ping nextcloud
 
 Check if nextcloud is removed correctly
     ${rc} =    Execute Command    remove-module --no-preserve ${module_id}