Bump version and allow selectively disabling auto configuration

server/files/configure_misp.sh

@@ -7,11 +7,15 @@ source /rest_client.sh
 [ -z "$REDIS_FQDN" ] && REDIS_FQDN="redis"
 [ -z "$MISP_MODULES_FQDN" ] && MISP_MODULES_FQDN="http://misp-modules"
 
+# Switches to selectively disable configuration logic
+[ -z "$AUTOCONF_GPG" ] && AUTOCONF_GPG="true"
+[ -z "$AUTOCONF_ADMIN_KEY" ] && AUTOCONF_ADMIN_KEY="true"
+
 init_configuration(){
     # Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
     echo "... configuring default settings"
-    sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.redis_host" "$REDIS_FQDN"
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.baseurl" "$HOSTNAME"
+    sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.redis_host" "$REDIS_FQDN"
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.python_bin" $(which python3)
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q -f "MISP.ca_path" "/etc/ssl/certs/ca-certificates.crt"
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.ZeroMQ_redis_host" "$REDIS_FQDN"
@@ -40,6 +44,11 @@ init_workers(){
 }
 
 configure_gnupg() {
+    if [ "$AUTOCONF_GPG" != "true" ]; then
+        echo "... GPG auto configuration disabled"
+        return
+    fi
+
     GPG_DIR=/var/www/MISP/.gnupg
     GPG_ASC=/var/www/MISP/app/webroot/gpg.asc
     GPG_TMP=/tmp/gpg.tmp
@@ -79,15 +88,14 @@ GPGEOF
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.email" "${ADMIN_EMAIL}"
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.homedir" "${GPG_DIR}"
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.password" "${GPG_PASSPHRASE}"
-    sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.obscure_subject" false
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.binary" "$(which gpg)"
 }
 
 apply_updates() {
     # Disable weird default
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.ZeroMQ_enable" false
-    # Run updates
-    sudo -u www-data /var/www/MISP/app/Console/cake Admin runUpdates
+    # Run updates (strip colors since output might end up in a log)
+    sudo -u www-data /var/www/MISP/app/Console/cake Admin runUpdates | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g"
 }
 
 init_user() {
@@ -99,15 +107,21 @@ init_user() {
     if [ ! -z "$ADMIN_ORG" ]; then
         echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
     fi
-    if [ ! -z "$ADMIN_KEY" ]; then
-        echo "... setting admin key to '${ADMIN_KEY}'"
-        CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}")
+
+    if [ "$AUTOCONF_ADMIN_KEY" == "true" ]; then
+        if [ ! -z "$ADMIN_KEY" ]; then
+            echo "... setting admin key to '${ADMIN_KEY}'"
+            CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}")
+        else
+            echo "... regenerating admin key (set \$ADMIN_KEY if you want it to change)"
+            CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1)
+        fi
+        ADMIN_KEY=`${CHANGE_CMD[@]} | awk 'END {print $NF; exit}'`
+        echo "... admin user key set to '${ADMIN_KEY}'"
     else
-        echo "... regenerating admin key (set \$ADMIN_KEY if you want it to change)"
-        CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1)
+        ADMIN_KEY=""
+        echo "... admin user key auto configuration disabled"
     fi
-    ADMIN_KEY=`${CHANGE_CMD[@]} | awk 'END {print $NF; exit}'`
-    echo "... admin user key set to '${ADMIN_KEY}'"
 
     if [ ! -z "$ADMIN_PASSWORD" ]; then
         echo "... setting admin password to '${ADMIN_PASSWORD}'"
@@ -169,6 +183,11 @@ update_components() {
 
 
 create_sync_servers() {
+    if [ -z "$ADMIN_KEY" ]; then
+        echo "... admin key auto configuration is required to configure sync servers"
+        return
+    fi
+
     SPLITTED_SYNCSERVERS=$(echo $SYNCSERVERS | tr ',' '\n')
     for ID in $SPLITTED_SYNCSERVERS; do
         DATA="SYNCSERVERS_${ID}_DATA"

server/files/entrypoint_nginx.sh

@@ -185,14 +185,16 @@ flip_nginx() {
 }
 
 init_nginx() {
-    if [[ ! -L "/etc/nginx/sites-enabled/misp80" ]]; then
+    # Testing for files also test for links, and generalize better to mounted files
+    if [[ ! -f "/etc/nginx/sites-enabled/misp80" ]]; then
         echo "... enabling port 80 redirect"
         ln -s /etc/nginx/sites-available/misp80 /etc/nginx/sites-enabled/misp80
     else
         echo "... port 80 already configured"
     fi
 
-    if [[ ! -L "/etc/nginx/sites-enabled/misp" ]]; then
+    # Testing for files also test for links, and generalize better to mounted files
+    if [[ ! -f "/etc/nginx/sites-enabled/misp" ]]; then
         echo "... enabling port 443"
         ln -s /etc/nginx/sites-available/misp /etc/nginx/sites-enabled/misp
     else

template.env

@@ -1,5 +1,5 @@
-MISP_TAG=v2.4.173
-MODULES_TAG=v2.4.173
+MISP_TAG=v2.4.174
+MODULES_TAG=v2.4.174
 PHP_VER=20190902
 # MISP_COMMIT takes precedence over MISP_TAG
 # MISP_COMMIT=c56d537