docker: fixes in build process for NC13 version

changelog.md

@@ -1,9 +1,11 @@
 
-[v0.46.3](https://github.com/nextcloud/nextcloudpi/commit/865d622) (2018-02-07) unattended upgrades: fix unattended upgrades not working because of modified files
+[v0.46.4 ](https://github.com/nextcloud/nextcloudpi/commit/ae79b42) (2018-02-08) do not rely on pings, just return value of operations
 
-[v0.46.2 ](https://github.com/nextcloud/nextcloudpi/commit/1615589) (2018-02-07) modsecurity: turn off logging, its too spammy for ramlogs
+[v0.46.3](https://github.com/nextcloud/nextcloudpi/commit/4c12769) (2018-02-07) unattended upgrades: fix unattended upgrades not working because of modified files
 
-[v0.46.1, master](https://github.com/nextcloud/nextcloudpi/commit/fe57d03) (2018-02-07) ping to 4.4.4.2 because google is blocked in china
+[v0.46.2 ](https://github.com/nextcloud/nextcloudpi/commit/e649f47) (2018-02-07) modsecurity: turn off logging, its too spammy for ramlogs
+
+[v0.46.1 ](https://github.com/nextcloud/nextcloudpi/commit/bf45b30) (2018-02-07) ping to 4.2.2.2 because google is blocked in china
 
 [v0.46.0 ](https://github.com/nextcloud/nextcloudpi/commit/4c9dab6) (2018-02-06) update to NC 13.0.0
 

docker-armhf/nextcloudpi/Dockerfile

@@ -9,6 +9,7 @@ ENV DOCKERBUILD 1
 COPY nextcloudpi.sh /usr/local/etc/
 
 RUN \
+
 # mark as image build
 touch /.ncp-image; \
 
@@ -34,7 +35,34 @@ rm -r /var/www/ncp-web/wizard; \
 # cleanup all NCP extras
 source /usr/local/etc/library.sh; \
 cd /usr/local/etc/nextcloudpi-config.d/; \
-for script in *.sh; do cleanup_script $script done; \
+for script in *.sh; do cleanup_script $script; done; \
+
+apt-get purge -y \
+  make \
+  git \
+  binutils \
+  cpp \
+  cpp-6 \
+  gcc \
+  gcc-6 \
+  libasan3 \
+  libaugeas0 \
+  libc-dev-bin \
+  libc6-dev \
+  libcc1-0 \
+  libexpat1-dev \
+  libffi-dev \
+  libgcc-6-dev \
+  libgomp1 \
+  libisl15 \
+  libmpc3 \
+  libubsan0 \
+  linux-libc-dev \
+  python-virtualenv \
+  python-pkg-resources \
+  python3-pkg-resources \
+  python3-virtualenv \
+  virtualenv; \
 
 # package clean up
 apt-get autoremove -y; \

docker/nextcloudpi/Dockerfile

@@ -9,6 +9,7 @@ ENV DOCKERBUILD 1
 COPY nextcloudpi.sh /usr/local/etc/
 
 RUN \
+
 # mark as image build
 touch /.ncp-image; \
 
@@ -31,11 +32,15 @@ rm /.ncp-image; \
 # remove wizard for now
 rm -r /var/www/ncp-web/wizard; \
 
+# cleanup all NCP extras
+source /usr/local/etc/library.sh; \
+cd /usr/local/etc/nextcloudpi-config.d/; \
+for script in *.sh; do cleanup_script $script; done; \
+
 # letsencrypt build artifacts cleanup
 apt-get purge -y \
     make \
     git \
-    augeas-lenses \
     binutils \
     cpp \
     cpp-6 \
@@ -56,21 +61,15 @@ apt-get purge -y \
     liblsan0 \
     libmpc3 \
     libmpx2 \
-    libpython-dev \
-    libpython2.7-dev \
     libquadmath0 \
-    libssl-dev \
     libtsan0 \
     libubsan0 \
     linux-libc-dev \
-    python-dev \
     python-virtualenv \
-    python2.7-dev \
     python-pkg-resources \
     python3-pkg-resources \
     python3-virtualenv \
-    virtualenv \
-    python-pip-whl; \
+    virtualenv; \
 
 # package clean up
 apt-get autoremove -y; \

etc/nextcloudpi-config.d/nc-init.sh

@@ -43,7 +43,8 @@ configure()
     mysqld & 
   fi
 
-  pgrep -x mysqld &>/dev/null || { echo "mariaDB process not found"; return 1; }
+  pgrep -x mysqld &>/dev/null || { 
+    echo "mariaDB process not found. Waiting..."
 
   # wait for mariadb
   # TODO FIXME armbian build
@@ -51,7 +52,8 @@ configure()
     #[[ -S /run/mysqld/mysqld.sock ]] && break
     #sleep 0.5
   #done
-  sleep 10
+    sleep 10
+  }
 
   # workaround to emulate DROP USER IF EXISTS ..;)
   local DBPASSWD=$( grep password /root/.my.cnf | cut -d= -f2 )
@@ -112,7 +114,9 @@ EOF
   sudo -u www-data php occ config:system:set mysql.utf8mb4 --type boolean --value="true"
 
   # Default trusted domain ( only from nextcloudpi-config )
-  test -f /.ncp-image || bash /usr/local/bin/nextcloud-domain.sh
+  test -f /usr/local/bin/nextcloud-domain.sh && {
+    test -f /.ncp-image || bash /usr/local/bin/nextcloud-domain.sh
+  }
   sudo -u www-data php occ config:system:set trusted_domains 5 --value="nextcloudpi.local"
 
   # email
@@ -122,11 +126,13 @@ EOF
   sudo -u www-data php occ config:system:set mail_domain       --value="ownyourbits.com"
 
   # NCP theme
-  local ID=$( grep instanceid config/config.php | awk -F "=> " '{ print $2 }' | sed "s|[,']||g" )
-  [[ "$ID" == "" ]] && { echo "failed to get ID"; return 1; }
-  mkdir -p data/appdata_${ID}/theming/images
-  cp /usr/local/etc/logo /usr/local/etc/background data/appdata_${ID}/theming/images
-  chown -R www-data:www-data data/appdata_${ID}
+  [[ -e /usr/local/etc/logo ]] && {
+    local ID=$( grep instanceid config/config.php | awk -F "=> " '{ print $2 }' | sed "s|[,']||g" )
+    [[ "$ID" == "" ]] && { echo "failed to get ID"; return 1; }
+    mkdir -p data/appdata_${ID}/theming/images
+    cp /usr/local/etc/logo /usr/local/etc/background data/appdata_${ID}/theming/images
+    chown -R www-data:www-data data/appdata_${ID}
+  }
 
   mysql nextcloud <<EOF
 replace into  oc_appconfig values ( 'theming', 'name'          , "NextCloudPi"             );

lamp.sh

@@ -29,7 +29,7 @@ install()
     # INSTALL 
     ##########################################
 
-    $APTINSTALL apt-utils 
+    $APTINSTALL apt-utils openssl
     $APTINSTALL cron
     $APTINSTALL apache2
     $APTINSTALL php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip php7.0-fileinfo php7.0-mcrypt php7.0-ldap

nextcloudpi.sh

@@ -202,16 +202,18 @@ EOF
     echo "NextCloudPi_$( date  "+%m-%d-%y" )" > /usr/local/etc/ncp-baseimage
 
     ## SSH hardening
-    sed -i 's|^#AllowTcpForwarding .*|AllowTcpForwarding no|'     /etc/ssh/sshd_config
-    sed -i 's|^#ClientAliveCountMax .*|ClientAliveCountMax 2|'    /etc/ssh/sshd_config
-    sed -i 's|^MaxAuthTries .*|MaxAuthTries 1|'                   /etc/ssh/sshd_config
-    sed -i 's|^#MaxSessions .*|MaxSessions 2|'                    /etc/ssh/sshd_config
-    sed -i 's|^#PermitRootLogin .*|PermitRootLogin no|'           /etc/ssh/sshd_config
-    sed -i 's|^#TCPKeepAlive .*|TCPKeepAlive no|'                 /etc/ssh/sshd_config
-    sed -i 's|^X11Forwarding .*|X11Forwarding no|'                /etc/ssh/sshd_config
-    sed -i 's|^#LogLevel .*|LogLevel VERBOSE|'                    /etc/ssh/sshd_config
-    sed -i 's|^#Compression .*|Compression no|'                   /etc/ssh/sshd_config
-    sed -i 's|^#AllowAgentForwarding .*|AllowAgentForwarding no|' /etc/ssh/sshd_config
+    [[ -f /etc/ssh/sshd_config ]] && {
+      sed -i 's|^#AllowTcpForwarding .*|AllowTcpForwarding no|'     /etc/ssh/sshd_config
+      sed -i 's|^#ClientAliveCountMax .*|ClientAliveCountMax 2|'    /etc/ssh/sshd_config
+      sed -i 's|^MaxAuthTries .*|MaxAuthTries 1|'                   /etc/ssh/sshd_config
+      sed -i 's|^#MaxSessions .*|MaxSessions 2|'                    /etc/ssh/sshd_config
+      sed -i 's|^#PermitRootLogin .*|PermitRootLogin no|'           /etc/ssh/sshd_config
+      sed -i 's|^#TCPKeepAlive .*|TCPKeepAlive no|'                 /etc/ssh/sshd_config
+      sed -i 's|^X11Forwarding .*|X11Forwarding no|'                /etc/ssh/sshd_config
+      sed -i 's|^#LogLevel .*|LogLevel VERBOSE|'                    /etc/ssh/sshd_config
+      sed -i 's|^#Compression .*|Compression no|'                   /etc/ssh/sshd_config
+      sed -i 's|^#AllowAgentForwarding .*|AllowAgentForwarding no|' /etc/ssh/sshd_config
+    }
 
     ## kernel hardening
     cat >> /etc/sysctl.conf <<EOF

update.sh

@@ -22,6 +22,11 @@ nc-static-IP.sh
 nc-wifi.sh
 nc-nextcloud.sh
 nc-init.sh
+UFW.sh
+nc-snapshot.sh
+nc-snapshot-auto.sh
+nc-audit.sh
+SSH.sh
 "
 
 # need to be fixed for this