Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
As a simple alternative to the solution in bug 9949 or just as an
additional measure, this patch adds a rewrite rule for intranet
in order to intercept potential misuse of perl scripts that could be
reached on a dev package install via the cgi-bin/koha scriptalias.
It simply rewrites them to the nonexistent "notfound", resulting in a
regular 404 error.
The rewrite rule does not harm regular installs and is just a little extra
step in securing a dev install. You should have more security measures in
place to secure your staff client.
QA Note: Although a rewrite rule may not be our first choice, this one
rule is more elegant and easier to maintain than e.g. a whole bunch of
aliases.
Note: This patch should have a regular and a dev install signoff.
Test plan:
[1] Make sure that this rewrite rule is inserted in your actual apache
config via /etc/koha/apache-shared-intranet.conf. Restart Apache.
[2] For regular package installs:
Try one of the URLs in step 3.
Verify that your staff client still operates as usual. Test a few
URLs inside some modules.
[3] For dev installs:
Try some URLs like below.
Expect 404 errors only, not 500s. If you do not see a 404, go back!
/misc/stage_file.pl
/t/db_dependent/default_search_class.pl
/installer/data/mysql/updatedatabase.pl
/Makefile.PL
[4] Do you see an additional directory to add to the regex? Please report.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When languages are added or removed when need to flush the caches to
keep the interface consistent
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Aparently ((i++)) isn't portable, changed for an admittedly uglier
but functional increment.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Sometimes doing koha-sip --restart instance happens too fast and
the SIP server is not started.
To test:
- have SIP enabled and running for your instance
- issue a restart, make sure it restarts
sudo koha-sip --restart inst
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Now koha-common.postinst has a way to patch log4perl configs on
instances, we should patch the Z3950 responder config accordingly,
before it is backported to 19.11 or the 20.05 release :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
No more wide characters in print when logging to a file with Koha::Logger.
Test with this string
"♯Turpo :"
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes koha-common.postinst check if the log4perl.conf files
on the instances need tweaking. If they do, it appends the relevant
configuration text.
To test:
1. Install Koha 19.11 or earlier using the packages
2. Create an instance:
$ koha-create --create-db test1
$ koha-create --create-db test2
=> FAIL: /etc/koha/sites/test1/log4perl.conf doesn't include an entry for
z39.50
3. Apply this patch and run:
$ docker run \
--volume=/path/to/your/clone:/koha \
--volume=/dest/path/for/debs:/debs \
--privileged
--env VERSION=19.12.00.047 \
koha/koha-dpkg:master
Note: Paths need to be adjusted
4. Grab the .deb files and put them on the machine you're testing this
5. Edit /etc/koha/sites/test2/log4perl.conf and add the following text
at the bottom: log4perl.logger.z3950
6. Install the debs:
$ sudo dpkg -i koha-perldeps koha-deps koha-common
=> SUCCESS: Install process doesn't explode due to the addition
=> SUCCESS: /etc/koha/sites/test1/log4perl.conf has a new entry for log4perl.logger.z3950
=> SUCCESS: /etc/koha/sites/test2/log4perl.conf doesn't have a new entry for log4perl.logger.z3950
7. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The line for enabling the unsafe expand_entities option is commented
and includes a warning to keep it like that ;)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
It would be nice to be able to search and install plugins directly from GitHub ( and GitLab if possible ). This would make it easier to verify the authenticity of plugins and make discovering new plugins easier as well as making installation of plugins simpler.
Test Plan:
1) Apply this patch
2) Add the new block for plugin_repos to your koha-conf.xml
3) Restart all the things!
4) Browse to the plugins home page
5) Try searching for 'patrons' in the new search box
6) Verify you get results!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Context: I am trying to make koha-misc4dev stop when something wrong happens.
Basically we do not want the process to continue of the DB has not been populated correctly.
It will make the errors easier to catch.
The issue: Say a script that will return an error (die in perl for an easy example),
koha-shell will not return the 255 error code, but 0 instead.
The caller cannot know something wrong happened
The solution is to propagate the error and make koha-shell return the same error code
as the command it executed
An example:
=== t.pl ===
die('something wrong');
% perl t.pl;echo $?
something wrong at t.pl line 1.
255
% sudo koha-shell kohadev -p -c 'perl xxx.pl' ; echo $?
something wrong at xxx.pl line 1.
0
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Tested it with
$ sudo debian/scripts/koha-shell kohadev -c 'exit 8'
$ echo $?
8
The unpatched version returns 0 (forgets about the error code).
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
At the last development meeting we have voted to remove the
QueryParser-related code
https://wiki.koha-community.org/wiki/Development_IRC_meeting_19_February_2020
Hea tells us that it has not been adopted, and the code/bug tracker that
it is not really usable as it. As nobody is willing to work on it, we
decided to remove it instead.
Test plan:
% prove t/db_dependent/Search.t
must return green
See commits from bug 9239 and confirm that the code is removed in this
patch.
Also play with the search on the UI and confirm that you do not see
obvious regressions
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 9978 should have fixed them all, but some were missing.
We want all the license statements part of Koha to be identical, and
using the GPLv3 statement.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
cpanfile is a format for describing CPAN dependencies for Perl
applications.
It is more concise - thus easier to read and maintain - than
C4::Installer::PerlDependencies, and allows to describe requirements
more accurately (using version ranges or features for instance)
Additionally it can be read by tools such as cpanm or carton for an
easy way to install dependencies on non-Debian-based systems.
For more information on cpanfile, see
http://search.cpan.org/~miyagawa/Module-CPANfile-1.1002/lib/cpanfile.pod
This patch replace C4::Installer::PerlDependencies by an equivalent
cpanfile and update all scripts/modules that were using PerlDependencies
It also removes dead code from C4::Installer::PerlModules (some
subroutines were not used at all, except in unit tests)
Added dependencies:
- Module::CPANfile
- CPAN::Meta (dependency of Module::CPANfile, but we need a more recent
version than the one Module::CPANfile requires)
Test plan:
1. Go to About page, tab Perl modules and keep this browser tab open
2. Apply patch
3. Install Module::CPANfile and CPAN::Meta
a. On Debian-based systems:
# will install libcpan-meta-perl as a dependency
sudo apt install libmodule-cpanfile-perl
b. Others:
# will install CPAN::Meta as a dependency
sudo cpanm Module::CPANfile
4. In a new browser tab, go to About page, tab Perl modules and compare
the table with the one in the previous browser tab
They should be identical, except for newly added dependencies
(Module::CPANfile and CPAN::Meta)
5. Do a 'standard' install
a. perl Makefile.PL (select 'standard')
b. make
c. sudo make install
d. Configure your database, web server, ... and go through the web
install process
6. Verify that the cpanfile got copied into PERL_MODULE_DIR (which
should be /usr/share/koha/lib)
7. Go to the about page of this fresh install and compare it with your
dev install
8. Verify that debian/list-deps still works
This takes a lot of time and it may not be necessary to wait until
the end. If you see some Debian package names that correspond to
modules in cpanfile, it means it still works
(you need apt-file for this script to work)
9. Verify that koha_perl_deps.pl still works
10. prove t/Installer_pm.t t/Installer_PerlModules.t
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
- Enable sip for your testing instance
sudo koha-sip --enable inst
- Start sip for your testing instance
sudo koha-sip --start inst
- Verify it is running
ps ax |grep sip -> you should see processes
- Disable sip for your testing intance
sudo koha-sip --disable inst
- Verify that the following has happened:
* SIP is no longer running for your instance - no SIP processes
* SIP Cannot be started for the instance because it is not enabled.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The dependancy has now been packaged, this patch adds it to the debian
control file for package installs.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Trivial change. Speaks for itself.
Since koha/detail.pl does not exist, we cannot break things ;)
Test plan:
[1] Copy the change in apache-shared-intranet.conf to your actual
apache configuration. Probably in /etc/koha/.
[2] Restart Apache.
[3] Try a biblionumber say 123 on intranet with [your_staff_client]/bib/123.
Does the detail page come up?
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the --elasticsearch-server option switch to koha-create.
It allows choosing a different Elasticsearch configuration. It defaults
to the current 'localhost:9200' value.
To test:
- Apply this patches
- Run:
$ reset_all
$ man koha-create
=> SUCCESS: The man page shows correct information about the added
option switch
- Run:
$ sudo koha-create --create-db test
=> SUCCESS: /etc/koha/sites/test/koha-conf.xml contains the default
value (i.e. the current behaviour is kept)
- Run:
$ sudo koha-create --create-db --elasticsearch-server tomas:1234 test2
=> SUCCESS: /etc/koha/sites/test2/koha-conf.xml contains the passed
value in the <elasticsearch><server> section.
- Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Missing entries are added to those files.
Test plan:
Search for typos
Compare the two files and comfirm the entries are the same in both.
Exception: supportdir exists in etc/koha-conf.xml only, but I think it's
obsolete.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes the init script deal with koha-z3950-responder in --stop
and --restart actions. Currently, only --start calls the script.
To test:
- Enable the server:
$ koha-z3950-responder --enable kohadev
- Stop koha-common
$ service koha-common stop
=> SUCCESS: No koha-z3950-responder running
- Start koha-common
$ service koha-common start
=> SUCCESS: It is loaded (even if failing because of config issues)
- Stop koha-common
$ service koha-common stop
=> FAIL: It is still running (no --stop issued)
- Repeat for restart
- Apply this patch
- Redo
=> SUCCESS: Things behave as expected!
- Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Koha has a number of features that rely on knowing the IP address of the connecting client. If that server is behind a proxy these features do not work.
This patch adds a module to automatically convert the X-Forwarded-For header into the REMOTE_ADDR environment variable for both CGI and Plack processes.
TEST PLAN:
1) Apply this patch set
2) Install Plack::Middleware::RealIP via cpanm or your favorite utility
3) Update your plack.psgi with the changes you find in this patch set ( this process differs based on your testing environment )
4) Restart plack
5) Tail the plack error log for your instance
6) Use curl to access the OPAC, adding an X-Forwarded-For header: curl --header "X-Forwarded-For: 32.32.32.32" http://127.0.0.1:8080
7) Note the logs output this address if you are unproxied
8) If you are proxied, restart plack using a command like below, where the ip you see in the logs ("REAL IP) is what you put in the koha conf:
<koha_trusted_proxies>172.22.0.1 1.1.1.1</koha_trusted_proxies>
9) Restart all the things!
10) Repeat step 6
11) You should now see "REAL IP: 32.32.32.32" in the plack logs as the remote address in your plack-error.log logs!
12) Disable plack so you are running in cgi mode, repeat step 6 again
13) You should see "REAL IP: 32.32.32.32" as the remove address in your opac-error.log logs!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Ed Veal <eveal@mckinneytexas.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Run koha-dump [yourdb]. Rename the files in var/spool/koha/[yourdb]
Run koha-dump --without-db-name [yourdb]
Run a diff between the unzipped sql files. The last dump should not
contain a CREATE DATABASE and USE statement. See BZ 15664 c4.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
- Run "sudo koha-plack restart kohadev" and verify the output is
out of line.
- Apply the patch
- If you are on e.g. kohadevbox you need to copy koha-plack to
/usr/sbin/ thus:
sudo cp debian/scripts/koha-plack /usr/sbin/koha-plack
- Run "sudo koha-plack restart kohadev" again and check that you
get two lines of output, nicely aligned with the "OK" inside the
square brackets.
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
koha-zebra has a nice, informative --status switch, koha-indexer
does not. This patch adds it.
To test:
- Run "sudo koha-indexer --status kohadev" - you get an error:
"Error: invalid option switch (--status)"
- Apply this patch
- If you are on e.g. kohadevbox you need to copy koha-indexer to
where it is actually run from:
sudo cp debian/scripts/koha-indexer /usr/sbin/koha-indexer
- Run "sudo koha-indexer --status kohadev" again and you should
get a nice status telling if the indexer is running or not
- Toggle the indexer on and off with koha-indexer --start/--stop
and verify the status is telling the truth about the state of
the indexer
- Run "sudo koha-indexer --help" and check there is a description
of the --status option
- Have a look at debian/docs/koha-indexer.xml and verify there is
an adequate description of the --status option.
- Run "prove -v xt/verify-debian-docbook.t" to check the structure
of the man page in DocBook format.
PS: I tried to generate a manpage from the DocBook as described at
https://wiki.koha-community.org/wiki/Testing_man_pages
but the output did not look good for any of our DocBook files.
Not sure why.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Missing installer for debian packages.
Sponsored-by: Koha-Suomi Oy
Signed-off-by: Johanna Raisa <johanna.raisa@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Trivial edit. The usage statement is wrong.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Before patch: -D and -d are mistaken for --debug
$ sudo DEB_BUILD_OPTIONS=nocheck ./debian/build-git-snapshot -r ~/debian -v 19.06~git --autoversion -d -D="stretch"
Option d does not take an argument
git status --porcelain -unormal
git rev-parse --short=8 HEAD
dch --force-distribution -D "squeeze-dev" -v "19.06~git+20190627205913.466f99e4-1" "Building git snapshot."
dch warning: Recognised distributions are:
experimental, unstable, testing, stable, oldstable, oldoldstable,
{bullseye,buster,stretch,jessie,wheezy}-proposed-updates,
{testing,stable,oldstable,oldoldstable}-proposed-updates,
{bullseye,buster,stretch,jessie,wheezy}-security,
{testing,stable,oldstable,oldoldstable}}-security, jessie-backports, stretch-backports and UNRELEASED.
Using your request anyway.
NOTE: squeeze-dev in the first dch line and warning about Option d.
Apply patch: -D and -d are differentiated correctly.
$ sudo DEB_BUILD_OPTIONS=nocheck ./debian/build-git-snapshot -r ~/debian -v 19.06~git --autoversion -d -D="stretch"
git status --porcelain -unormal
git rev-parse --short=8 HEAD
dch --force-distribution -D "stretch" -v "19.06~git+20190627210316.b3f919a7-1" "Building git snapshot."
dch warning: Previous package version was Debian native whilst new version is not
dch -r "Building git snapshot."
NOTE: No more 'Option d' error, and "stretch" in the first dch line.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Rather than try to use -y and symbols, since
older versions of pwgen don't have the -y,
Purposefully just shorten the generated
password to 15 characters and put @ on the end.
This avoids nasty shell globbing, fixes the
MySQL requiring a symbol by default in the
newer versions.
While @ at the end is less secure, the
password portion providing security is
still 15 characters long.
Before patch, password should have potentially
multiple ugly symbols in it.
After patch, when creating an instance, the
password will have an @ at the end of it.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
MySQL 5.7 is old, and the latest versions fail on "GRANT USAGE" if the
user does not exist. "DROP USER IF EXISTS" has been with us since 5.7,
so all users should have it by now. This patch fixes the issue.
To test:
Try to koha_remove a site, and if it works with no errors, all good!
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
TEST PLAN
---------
$ sudo mysql -u root
> CREATE USER 'bug23090_test1'@'localhost' IDENTIFIED BY 'badpassword';
[Magical MySQL Error]
> CREATE USER 'bug23090_test1'@'localhost' IDENTIFIED BY 'GoodP@ssw0rd';
[Should be okay]
> DROP USER 'bug23090_test1'@'localhost';
> QUIT
$ sudo koha-create --create-db fail23090
[Magical MySQL Error]
[Apply this patch and put it (debian/scripts/koha-create) into place in
/usr/sbin/koha-create]
$ sudo koha-create --create-db pass23090
(Clean up and databases made)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Like history.txt we need to tell some debian/ files to copy
teams.yaml
Also pick it for the `make install` process (Makefile.PL)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
