- [docker](Dockerfile) Install the smime webapp plugin providing [S/MIME](https://kopano.com/blog/s-mime-plugin-description/).

- [docker](Dockerfile) Install the mdm webapp plugin providing [Mobile Device Management](https://documentation.kopano.io/webapp_mdm_manual/).
- [demo](demo) Add [S/MIME](https://kopano.com/blog/s-mime-plugin-description/) cert generation.
- [kopano](src/kopano/entry.d/10-kopano-common) Fix bug in `kopano_apply_envvars_php()`.

CHANGELOG.md

@@ -1,3 +1,10 @@
+# 1.2.5
+
+- [docker](Dockerfile) Install the smime webapp plugin providing [S/MIME](https://kopano.com/blog/s-mime-plugin-description/).
+- [docker](Dockerfile) Install the mdm webapp plugin providing [Mobile Device Management](https://documentation.kopano.io/webapp_mdm_manual/).
+- [demo](demo) Add [S/MIME](https://kopano.com/blog/s-mime-plugin-description/) cert generation.
+- [kopano](src/kopano/entry.d/10-kopano-common) Fix bug in `kopano_apply_envvars_php()`.
+
 # 1.2.4
 
 - [kopano](src/kopano) Now, use man pages and sample config files to find valid keys to match envvar.

Dockerfile

@@ -164,6 +164,14 @@ RUN	apt-get install --yes --no-install-recommends apache2 libapache2-mod-php \
 	https://download.kopano.io/community ${DIST} ${REL} all) \
 	&& echo "$webaddr<->${DIST} ${REL} all<-" \
 	&& curl $webaddr | tar -xzC $DOCKER_BUILD_DEB_DIR \
+	&& webaddr=$(kopano-webaddr.sh mdm \
+	https://download.kopano.io/community ${DIST} ${REL} all) \
+	&& echo "$webaddr<->${DIST} ${REL} all<-" \
+	&& curl $webaddr | tar -xzC $DOCKER_BUILD_DEB_DIR \
+	&& webaddr=$(kopano-webaddr.sh smime \
+	https://download.kopano.io/community ${DIST} ${REL} ${ARCH}) \
+	&& echo "$webaddr<->${DIST} ${REL} all<-" \
+	&& curl $webaddr | tar -xzC $DOCKER_BUILD_DEB_DIR \
 	&& apt-get update \
 	&& for i in $(seq ${DOCKER_BUILD_PASSES}); do echo "\033[1;36mKOPANO WEBAPP INSTALL PASS: $i\033[0m" \
 	&& dpkg --install --force-depends --skip-same-version --recursive $DOCKER_BUILD_DEB_DIR \

README.md

@@ -112,6 +112,7 @@ services:
       - backend
     ports:
       - "127.0.0.1:25:25"      # SMTP
+      - "127.0.0.1:465:465"    # SMTPS authentication required
     depends_on:
       - auth
     environment: # Virgin config, ignored on restarts unless FORCE_CONFIG given.
@@ -391,7 +392,7 @@ Separately, `LOG_LEVEL` controls the logging level of the Kopano services. `LOG_
 | ---- | ---- | ---- | ------- | ------ | ---- | ----- |
 | 0    | 1    | 2    | **3**   | 4      | 5    | 6     |
 
-## Custom themes
+## WebApp custom themes
 
 You can easily customize the Kopano WebApp see [New! JSON themes in Kopano WebApp](https://kopano.com/blog/new-json-themes-in-kopano-webapp/). Once you have the files you can install them in your docker container using the receipt below, where we assume that the container name is `mail-app` and that the directory `mytheme` contains the `theme.json` and the other file defining the theme.
 
@@ -403,6 +404,22 @@ docker exec -it mail-app run dc_replace /etc/kopano/webapp/config.php 'define("T
 
 Please note that it is not possible to rename the directory `/etc/kopano/theme/Custom` within the container without further modifications.
 
+## WebApp plugins
+
+### S/MIME
+
+[S/MIME](https://en.wikipedia.org/wiki/S/MIME) provides [email encryption](https://en.wikipedia.org/wiki/Email_encryption) guaranteeing the confidentiality and non-repudiation of email. The [S/MIME](https://documentation.kopano.io/webapp_smime_manual/) WebApp plugin is pre-installed.
+
+Using the [demo](#demo) you can easily create a S/MIME certificate you can try out using WebApp.
+
+```sh
+make app-create_smime
+```
+
+### Mobile device management
+
+The [Mobile Device Management](https://documentation.kopano.io/webapp_mdm_manual/) WebApp plugin comes pre-installed. With it you can resync, remove, refresh and even wipe your devices, connected via [Exchange ActiveSync (EAS)](https://en.wikipedia.org/wiki/Exchange_ActiveSync).
+
 ## Mail transfer agent interaction
 
 Environment variables can be used to configure where Kopano find the Mail Transfer Agent, such as Postfix. Likewise the Mail Transfer Agent need to know where to forward emails to.

ROADMAP.md

@@ -17,17 +17,6 @@ Consider to also consolidating it under /srv to simplify making it persistent?
 
 Integrate [webapp-passwd](https://github.com/silentsakky/zarafa-webapp-passwd)?
 
-## S/MIME
-
-Install and configure [S/MIME](https://kopano.com/blog/s-mime-plugin-description/)?
-
-[S/MIME manual](https://documentation.kopano.io/webapp_smime_manual/).
-
-## MDM
-
-Install and configure [MDM](https://documentation.kopano.io/webapp_mdm_manual/)?
-With the MDM plugin you can resync, remove, refresh and even wipe your device.
-
 ## Improve Health Check?
 
 Verify the user anonymously.

demo/.gitignore

@@ -0,0 +1 @@
+ssl

demo/Makefile

@@ -24,7 +24,7 @@ up:
 down:
 	docker-compose down
 
-destroy: auth-gui-down
+destroy: auth-gui-down all-destroy_smime
 	docker-compose down -v
 
 config:
@@ -249,7 +249,7 @@ db-init:
 db-test:
 	docker-compose exec db mysqlshow -u $(MYSQL_USER) $(MYSQL_DATABASE) -p$(MYSQL_PASSWORD)
 
-app-init: wait_12 app-public_store
+app-init: #wait_21 app-public_store
 
 app-debugtools:
 	docker-compose exec app apt-get update
@@ -311,8 +311,44 @@ app-create_store:
 app-public_store:
 	docker-compose exec app kopano-storeadm -h default: -P
 
+app-create_smime: all-create_smime ssl/ca.crt
+	docker cp ssl/ca.crt $$(docker-compose ps -q app):/usr/local/share/ca-certificates/$(MAIL_DOMAIN)_CA.crt
+	docker-compose exec app update-ca-certificates
+
 all-test_quiet:
 	$(eval curl_dbg := -s -S )
 
 all-test_muted:
 	$(eval curl_dbg := -s -S >/dev/null || true)
+
+all-create_smime: ssl/$(LDAP_TEST_USER).smime.p12
+
+all-destroy_smime:
+	rm -rf ssl
+
+#.PRECIOUS: %.key %.crt %.smime.crt
+
+%.p12: %.crt
+	openssl pkcs12 -export -in $< -inkey $*.key -out $@ \
+	-passout pass:$(LDAP_TEST_PASSWD)
+
+%.csr: %.key
+	openssl req -new -key $< -out $@ \
+	-subj "/O=$(MAIL_DOMAIN)/CN=$(LDAP_TEST_USER)/emailAddress=$(LDAP_TEST_USER)@$(MAIL_DOMAIN)"
+
+%.smime.crt: %.smime.csr ssl/ca.crt
+	openssl x509 -req -in $< -CA $(@D)/ca.crt -CAkey $(@D)/ca.key -out $@ \
+	-setalias "Self Signed SMIME" -addtrust emailProtection \
+	-addreject clientAuth -addreject serverAuth -trustout \
+	-CAcreateserial
+
+%.crt: %.key
+	openssl req -x509 -batch -key $< -out $@ \
+	-subj "/O=$(MAIL_DOMAIN)"
+
+%.key: ssl
+	openssl genrsa -out $@
+	chmod a+r $@
+
+ssl:
+	mkdir -p $@

demo/docker-compose.yml

@@ -36,6 +36,7 @@ services:
       - IMAPS_LISTEN=*:993                      # enable TLS
       - POP3S_LISTEN=*:995                      # enable TLS
       - ICALS_LISTEN=*:8443                     # enable TLS
+      - PLUGIN_SMIME_USER_DEFAULT_ENABLE_SMIME=true
       - SYSLOG_LEVEL=${SYSLOG_LEVEL-3}
       - LOG_LEVEL=${LOG_LEVEL-3}
     volumes:

src/docker/bin/docker-runfunc.sh

@@ -2,13 +2,14 @@
 #
 # docker-runfunc.sh
 #
-# Allow functions to be accessed from the commandline.
+# Allow functions to be accessed from the command line.
 #
 
 #
 # Source common functions.
 #
 . docker-common.sh
+. docker-config.sh
 
 #
 # dr_docker_call_func "$@"

src/kopano/entry.d/10-kopano-common

@@ -21,6 +21,8 @@ DOCKER_LDAP_PMAP_FILE=${DOCKER_LDAP_PMAP_FILE-/usr/share/kopano/ldap.propmap.cfg
 sqlstate_cfg_file=$DOCKER_CONF_DIR2/backend/sqlstatemachine/config.php
 zpush_cfg_file=$DOCKER_CONF_DIR2/config.php
 webapp_cfg_file=$DOCKER_CONF_DIR1/webapp/config.php
+webapp_mdm_cfg_file=$DOCKER_CONF_DIR1/webapp/config-mdm.php
+webapp_smime_cfg_file=$DOCKER_CONF_DIR1/webapp/config-smime.php
 
 #
 # Apply environment variables to configuration files.
@@ -37,6 +39,8 @@ kopano_apply_envvars_core() {
 
 kopano_apply_envvars_webapp() {
 	kopano_apply_envvars_php $webapp_cfg_file
+	kopano_apply_envvars_php $webapp_mdm_cfg_file
+	kopano_apply_envvars_php $webapp_smime_cfg_file
 }
 
 kopano_apply_envvars_zpush() {
@@ -50,7 +54,7 @@ kopano_apply_envvars_cfg() {
 	if [ -f $man_file ]; then
 		local env_vars="$(kopano_get_envvars_man $man_file)"
 		if [ -e $cfg_file ]; then
-			mv -f $cfg_file $cfg_file.orig
+			mv -f $cfg_file $cfg_file.bak
 		fi
 		for env_var in $env_vars; do
 			kopano_set_envvars_cfg $cfg_file $env_var
@@ -64,11 +68,12 @@ kopano_apply_envvars_php() {
 	local cfg_file=$1
 	if [ -e $cfg_file ]; then
 		local env_vars="$(kopano_get_envvars_php $cfg_file)"
-		cp -f $cfg_file $cfg_file.orig
 		for env_var in $env_vars; do
 			if [ -n "${!env_var}" ]; then
+				[ -z "${changed+x}" ] && cp -f $cfg_file $cfg_file.bak
 				dc_log 5 "Setting ${env_var} = ${!env_var} in $cfg_file"
-				sed -ri "s/(\s*define).+${env_var}.+/\1\(\x27${env_var}\x27, \x27${!env_var}\x27\);/g" $cfg_file
+				sed -ri "s/(\s*define[('\"]+${env_var}['\",]+).+/\1 ${!env_var});/Ig" $cfg_file
+				local changed
 			fi
 		done
 	fi
@@ -93,7 +98,7 @@ kopano_set_envvars_cfg() {
 kopano_gen_filename_man() { echo $DOCKER_MAN5_DIR/kopano-$1.cfg.5.gz ;}
 kopano_gen_filename_cfg() { echo $DOCKER_CONF_DIR1/$1.cfg ;}
 kopano_get_envvars_man() { zcat $1 | sed -r "/^\.SS/!d;{s/^\.SS (.*)/\U\1/g;s/,//g}" | sort -u ;}
-kopano_get_envvars_php() { sed -nr "/define\(/s/.*define\(['\"](.*)['\"], .*/\1/p" $1 | sort -u ;}
+kopano_get_envvars_php() { sed -nr "/define\(/Is/.*define\(['\"](.*)['\"], .*/\1/Ip" $1 | sort -u ;}
 
 #
 # Update SSL_CERTIFICATE_FILE and SSL_PRIVATE_KEY_FILE.

test/Makefile

@@ -242,7 +242,6 @@ test-lmtp_%:
 
 test-cfg_%:
 	$(eval cfg_s := $(shell [ $* -ge 2 ] && echo s))
-	$(eval cfg_s := $(shell [ $* -ge 2 ] && echo s))
 
 # Note: cannot use prereq also in a proper target since it will change the
 # prereq order, eg. avoid the "3" in test-imaps: test-imap_3