From 230e6953fd436b529b454fb292df7320858a58e2 Mon Sep 17 00:00:00 2001
From: mlan <mlan@circuit-factory.com>
Date: Sun, 15 Nov 2020 22:54:49 +0100
Subject: [PATCH] - [kopano](src/kopano) New, `MIGRATE_CONFIG=all` tries to
 make configs compatible with new versions.

---
 CHANGELOG.md                         |  1 +
 README.md                            | 12 +++++++++---
 ROADMAP.md                           |  4 ----
 src/kopano/entry.d/20-kopano-migrate | 27 +++++++++++++++++++++++++++
 4 files changed, 37 insertions(+), 7 deletions(-)
 create mode 100755 src/kopano/entry.d/20-kopano-migrate

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2ceb4f5..518ee35 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@
 - [travis-ci](.travis.yml) Travis CI now run test-all.
 - [docker](src/docker/bin/docker-config.sh) Generalized `dc_cond_chown()`.
 - [kopano](src/kopano) Updated documentation and bug fix of support for secure IMAPS, POP3S and ICALS.
+- [kopano](src/kopano) New, `MIGRATE_CONFIG=all` tries to make configs compatible with new versions.
 
 # 1.2.2
 
diff --git a/README.md b/README.md
index 2174fd6..6812de9 100644
--- a/README.md
+++ b/README.md
@@ -430,15 +430,21 @@ They will run `sa-learn --spam` or `sa-learn --ham`,
 respectively when a message is placed in either `var/lib/kopano/spamd/spam` or
 `var/lib/kopano/spamd/ham`.
 
+## Migrate old configuration to newer version of Kopano
+
+Sometimes a new version of Kopano breaks compatibility with old configurations. The `mlan/kopano` include some functionality to address such situations. Use`MIGRATE_CONFIG` to try to attempt all or a list of available fixes. `MIGRATE_CONFIG=1 2 3` is an example of a list of fixes and `MIGRATE_CONFIG=all`  attempts all fixes.
+
+### `MIGRATE_CONFIG=1` Rejected insecure request as configuration for SECURE_COOKIES is true
+
+Prior to Kopano WebApp version 5.0.0 the parameter was `define("INSECURE_COOKIES", true);` was used to allow HTTP access. Now [`define("SECURE_COOKIES", false);`](https://documentation.kopano.io/webapp_admin_manual/config.html#secure-cookies) is used instead. This fix tries to update the configuration accordingly.
+
 # Knowledge base
 
 Here some topics relevant for arranging a mail server are presented.
 
 ## Kopano WebApp HTTP access
 
-The distribution installation of `kopano-webapp` only allow HTTPS access. The `mlan/kopano` image updates the configuration to [`define("SECURE_COOKIES", false);`](https://documentation.kopano.io/webapp_admin_manual/config.html#secure-cookies) in `/etc/kopano/webapp/config.php` also allowing HTTP access. This can be useful when arranging the `mlan/kopano` container behind a reverse proxy, like [Traefik](https://doc.traefik.io/traefik/), which then does the enforcement of HTTPS.
-
-Note that prior to Kopano WebApp version 5.0.0 the corresponding parameter was `define("INSECURE_COOKIES", true);`, which provide the same functionality but with inverse logic.
+The distribution installation of `kopano-webapp` only allow HTTPS access. The `mlan/kopano` image updates the configuration to [`define("SECURE_COOKIES", false);`](https://documentation.kopano.io/webapp_admin_manual/config.html#secure-cookies) in `/etc/kopano/webapp/config.php` also allowing HTTP access. This can be useful when arranging the `mlan/kopano` container behind a reverse proxy, like [Traefik](https://doc.traefik.io/traefik/), which then does the enforcement of HTTPS. Also see [`MIGRATE_CONFIG=1` Rejected insecure request as configuration for SECURE_COOKIES is true](#migrate_config=1-rejected-insecure-request-as-configuration-for-secure_cookies-is-true).
 
 ## Mail client configuration
 
diff --git a/ROADMAP.md b/ROADMAP.md
index 38dbfd9..6367b00 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -12,10 +12,6 @@ The following directives exist:
 !include common.cfg
 ```
 
-## ACME TLS
-
-Arrange ACME TLS certificates for kopano-gateway (IMAP POP3).
-
 ## Revisit Persistent Data
 
 Consider consolidating directories which are candidates for persistence under `/srv`.
diff --git a/src/kopano/entry.d/20-kopano-migrate b/src/kopano/entry.d/20-kopano-migrate
new file mode 100755
index 0000000..a7493ef
--- /dev/null
+++ b/src/kopano/entry.d/20-kopano-migrate
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# 20-kopano-migrate
+#
+# Try to make configs compatible with new version if MIGRATE_CONFIG is defined.
+# Set MIGRATE_CONFIG=1 2 3 to list of fixes or MIGRATE_CONFIG=all to attempt all fixes.
+#
+kopano_apply_migrate_fixes() {
+	local applied
+	if [ -n "$MIGRATE_CONFIG" ]; then
+		for fix in ${MIGRATE_CONFIG/all/1}; do # list all fixes here
+		case $fix in
+		1) dc_replace /etc/kopano/webapp/config.php 'define("INSECURE_COOKIES", true);' 'define("SECURE_COOKIES", false);' ;;
+		*) fix= ;;
+		esac
+		if [ -n "$fix" ]; then
+			applied="$applied $fix"
+		fi
+		done
+		dc_log 5 "Applied fixes;$applied to configuration since MIGRATE_CONFIG=$MIGRATE_CONFIG"
+	fi
+}
+
+#
+# run
+#
+kopano_apply_migrate_fixes