community/roundcubemail: add subpkg -openrc for running with php-fpm

5 files changed, 247 insertions, 4 deletions

diff --git a/community/roundcubemail/APKBUILD b/community/roundcubemail/APKBUILD
index e97b0fd845..0a9e723357 100644
--- a/community/roundcubemail/APKBUILD
+++ b/community/roundcubemail/APKBUILD
@@ -1,4 +1,5 @@
 # Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=roundcubemail
 pkgver=1.3.6
@@ -28,12 +29,17 @@ depends="$_php
 	$_php-zip
 	ca-certificates
 	"
+pkgusers="roundcube"
+pkggroups="$pkgusers"
 options="!check"  # no tests provided
-install="$pkgname.post-install $pkgname.post-upgrade"
-subpackages="$pkgname-installer $pkgname-doc"
+install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade
+	$pkgname-openrc.post-install"
+subpackages="$pkgname-installer $pkgname-openrc $pkgname-doc"
 source="https://github.com/roundcube/$pkgname/releases/download/$pkgver/$pkgname-$pkgver.tar.gz
 	fix-dirs.patch
 	config-session_key.patch
+	fpm-pool.conf
+	$pkgname.confd
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
@@ -77,7 +83,7 @@ package() {
 	done
 	_mv ./$_destdir/LICENSE ./usr/share/licenses/roundcube/
 
-	install -d ./var/log/roundcube
+	install -d -m 750 -o roundcube -g roundcube ./var/log/roundcube
 }
 
 installer() {
@@ -87,6 +93,22 @@ installer() {
 	_mv "$pkgdir"/$_destdir/installer "$subpkgdir"/$_destdir/
 }
 
+openrc() {
+	pkgdesc="OpenRC init script that runs Roundcube with php-fpm"
+	depends="$pkgname=$pkgver-r$pkgrel $_php-fpm"
+
+	local confdir="$subpkgdir/etc/$_php/php-fpm.d"
+	local fpm_name="php-fpm${_php#php}"
+
+	install -m 644 -D "$srcdir"/fpm-pool.conf "$confdir"/roundcube.conf
+	install -m 644 -D "$srcdir"/$pkgname.confd "$subpkgdir"/etc/conf.d/roundcube
+
+	mkdir -p "$subpkgdir"/etc/init.d
+	ln -s $fpm_name "$subpkgdir"/etc/init.d/roundcube
+
+	install -m 700 -o roundcube -g roundcube -d "$subpkgdir"/var/tmp/roundcube
+}
+
 _mv() {
 	local dest; for dest; do true; done  # get last argument
 	mkdir -p "$dest"
@@ -95,4 +117,6 @@ _mv() {
 
 sha512sums="c5e1e80034392ea4fcf780750ad2b7db43422a746462015865cbdb027e9e47b2bae7b191da19b65a7b9303c195bdfd0aa5b5a0382c09dd97d117671271cdc122  roundcubemail-1.3.6.tar.gz
 d205ba8442870b26f93fb287e7fe2bd1a452ea534823869b7ef299e2dca52d64c8a3fdc9a44bd3bc731c1e400efcf745c1866974e3b908e4e54d05b47b835f3e  fix-dirs.patch
-7c4b88da4d2baa53d247dcb7b130d564954a04611c13f2770f45924fafab2a0e98f8dd078cabc87f3eddd0ab03f3ca48a48f27a462676354af22566cb19d220b  config-session_key.patch"
+7c4b88da4d2baa53d247dcb7b130d564954a04611c13f2770f45924fafab2a0e98f8dd078cabc87f3eddd0ab03f3ca48a48f27a462676354af22566cb19d220b  config-session_key.patch
+c88d609e94c212215a24f54d2a2cb800d4a382b1044e0c875416bdda6a4e6c0cb896675918e8d24f3ed9e1b677d526d61f3ee1564cb870f674dac687696e8ba4  fpm-pool.conf
+acaa76bfbba6117172a02ad11e39f9b55838895104e75180b057f647156c04fd2e44ac695a333f2332691d19bac5ef8afaca1f89ad409800b19f78afbb40aecb  roundcubemail.confd"
diff --git a/community/roundcubemail/fpm-pool.conf b/community/roundcubemail/fpm-pool.conf
new file mode 100644
index 0000000000..39b1206e02
--- /dev/null
+++ b/community/roundcubemail/fpm-pool.conf
@@ -0,0 +1,190 @@
+[global]
+; Error log file
+; Default Value: log/php-fpm.log
+error_log = /var/log/roundcube/php-fpm.log
+
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+log_level = warning
+
+; If this number of child processes exit with SIGSEGV or SIGBUS within the time
+; interval set by emergency_restart_interval then FPM will restart. A value
+; of '0' means 'Off'.
+; Default Value: 0
+emergency_restart_threshold = 10
+
+; Interval of time used by emergency_restart_interval to determine when
+; a graceful restart will be initiated.  This can be useful to work around
+; accidental corruptions in an accelerator's shared memory.
+; Available Units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+emergency_restart_interval = 1m
+
+; Time limit for child processes to wait for a reaction on signals from master.
+; Available units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+process_control_timeout = 10s
+
+
+[roundcube]
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses on a
+;                            specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket (the path is *not*
+;                            relative to chroot!)
+; Note: This value is mandatory.
+listen = /run/roundcube/fastcgi.sock
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions.
+; Default Values: user and group are set as the running user
+;                 mode is set to 0666
+listen.mode  = 0666
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+;   static   ... a fixed number of child processes.
+;   dynamic  ... the number of child processes are set dynamically.
+;   ondemand ... no children are created at startup; children will be forked
+;                when new requests will connect.
+; Note: This value is mandatory.
+pm = ondemand
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 10
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+pm.process_idle_timeout = 120s
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+pm.max_requests = 500
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page.
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+pm.status_path =
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+ping.path = /ping
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_terminate_timeout = 0
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+; Note: the path is *not* relative to chroot.
+;slowlog = /var/log/roundcube/php-fpm.slow.log
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+;   php_value/php_flag             - you can set classic ini defines which can
+;                                    be overwritten from PHP call 'ini_set'.
+;   php_admin_value/php_admin_flag - these directives won't be overwritten by
+;                                     PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+;
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+;
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr/lib/php7.x)
+
+; Allow HTTP file uploads.
+php_admin_flag[file_uploads] = true
+
+; Maximal size of a file that can be uploaded via web interface.
+php_admin_value[memory_limit] = 32M
+php_admin_value[post_max_size] = 32M
+php_admin_value[upload_max_filesize] = 32M
+
+; Where to store temporary files.
+php_admin_value[session.save_path] = /var/tmp/roundcube
+php_admin_value[sys_temp_dir] = /var/tmp/roundcube
+php_admin_value[upload_tmp_dir] = /var/tmp/roundcube
+
+; Log errors to specified file.
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = /var/log/roundcube/php.error.log
+
+; OPcache error_log file name. Empty string assumes "stderr"
+php_admin_value[opcache.error_log] = /var/log/roundcube/php.error.log
+
+; Output buffering is a mechanism for controlling how much output data
+; (excluding headers and cookies) PHP should keep internally before pushing that
+; data to the client. If your application's output exceeds this setting, PHP
+; will send that data in chunks of roughly the size you specify.
+; This must be disabled for Roundcube.
+php_admin_flag[output_buffering] = false
+
+; Overload(replace) single byte functions by mbstring functions.
+; This must be disabled for Roundcube.
+php_admin_flag[mbstring.func_overload] = false
+
+; Never populate the $HTTP_RAW_POST_DATA variable.
+; http://php.net/always-populate-raw-post-data
+php_admin_value[always_populate_raw_post_data] = -1
+
+; Disable certain functions for security reasons.
+; http://php.net/disable-functions
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
+
+; Enable OpCache.
+php_admin_flag[opcache.enable] = true
diff --git a/community/roundcubemail/roundcubemail-openrc.post-install b/community/roundcubemail/roundcubemail-openrc.post-install
new file mode 100644
index 0000000000..cfce997525
--- /dev/null
+++ b/community/roundcubemail/roundcubemail-openrc.post-install
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# When don't need (and should not) to let sensitive files readable by www-data
+# group when running with php-fpm.
+chown roundcube:roundcube /etc/roundcube/session_key
+
+cat >&2 <<EOF
+*
+* Point your web server to /run/roundcube/fastcgi.sock and start Roundcube with
+* /etc/init.d/roundcube start. You can modify php-fpm settings in
+* /etc/php7/fpm.d/roundcube.conf.
+*
+EOF
+
+exit 0
diff --git a/community/roundcubemail/roundcubemail.confd b/community/roundcubemail/roundcubemail.confd
new file mode 100644
index 0000000000..dd391a8d7b
--- /dev/null
+++ b/community/roundcubemail/roundcubemail.confd
@@ -0,0 +1,8 @@
+# Config file for /etc/init.d/roundcube
+
+name="Roundcube"
+user="roundcube"
+group="roundcube"
+
+required_files="/etc/roundcube/config.inc.php"
+rc_after="mta dovecot"
diff --git a/community/roundcubemail/roundcubemail.pre-install b/community/roundcubemail/roundcubemail.pre-install
new file mode 100644
index 0000000000..49f4ee008d
--- /dev/null
+++ b/community/roundcubemail/roundcubemail.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S roundcube 2>/dev/null
+adduser -S -D -H -h /var/tmp/roundcube -s /sbin/nologin -G roundcube -g roundcubemail roundcube 2>/dev/null
+
+exit 0