From 50d8fa14e0a4300960b3e5648349777e1e3ddecc Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Thu, 3 Jan 2019 16:18:15 +0100
Subject: [PATCH] Add mantisbt

---
 virtual/eldiron.nix                           |   4 +
 virtual/packages.nix                          |   2 +
 .../mantisbt-patches/bug_report.php.diff      |  20 +++
 .../mantisbt-patches/bug_report_page.php.diff |  53 ++++++++
 .../mantisbt-patches/bugnote_add.php.diff     |  20 +++
 .../mantisbt-patches/bugnote_add_inc.php.diff |  52 ++++++++
 virtual/packages/mantisbt-plugin-slack.json   |  15 +++
 .../mantisbt-plugin-source-integration.json   |  15 +++
 ...gin-source-integration_Source.API.php.diff |  12 ++
 virtual/packages/mantisbt.nix                 | 124 ++++++++++++++++++
 10 files changed, 317 insertions(+)
 create mode 100644 virtual/packages/mantisbt-patches/bug_report.php.diff
 create mode 100644 virtual/packages/mantisbt-patches/bug_report_page.php.diff
 create mode 100644 virtual/packages/mantisbt-patches/bugnote_add.php.diff
 create mode 100644 virtual/packages/mantisbt-patches/bugnote_add_inc.php.diff
 create mode 100644 virtual/packages/mantisbt-plugin-slack.json
 create mode 100644 virtual/packages/mantisbt-plugin-source-integration.json
 create mode 100644 virtual/packages/mantisbt-plugin-source-integration_Source.API.php.diff
 create mode 100644 virtual/packages/mantisbt.nix

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index f70c92c..e893b3a 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -126,6 +126,7 @@
         connexionswing_dev = mypkgs.connexionswing_dev.phpFpm.pool;
         connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool;
         nextcloud = mypkgs.nextcloud.phpFpm.pool;
+        mantisbt = mypkgs.mantisbt.phpFpm.pool;
       };
     };
 
@@ -259,6 +260,7 @@
         mypkgs.connexionswing_prod.apache.modules ++
         mypkgs.ympd.apache.modules ++
         mypkgs.git.web.apache.modules ++
+        mypkgs.mantisbt.apache.modules ++
         pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
         [ "macro" ]);
       extraConfig = builtins.concatStringsSep "\n"
@@ -312,6 +314,7 @@
           documentRoot = mypkgs.git.web.webRoot;
           extraConfig = builtins.concatStringsSep "\n" [
             mypkgs.git.web.apache.vhostConf
+            mypkgs.mantisbt.apache.vhostConf
           ] + ''
             RewriteEngine on
             RewriteCond %{REQUEST_URI}       ^/releases
@@ -416,6 +419,7 @@
       authentication = ''
         local	all	postgres				ident
         local	all	all					md5
+        host	all	all		samehost		md5
         host	all	all		178.33.252.96/32	md5
         host	all	all		188.165.209.148/32	md5
         #host	all	all		all			pam
diff --git a/virtual/packages.nix b/virtual/packages.nix
index d9656f7..b66ebb2 100644
--- a/virtual/packages.nix
+++ b/virtual/packages.nix
@@ -6,6 +6,7 @@ let
   adminer = import ./packages/adminer.nix;
   ympd = import ./packages/ympd.nix;
   gitweb = import ./packages/gitweb.nix;
+  mantisbt = import ./packages/mantisbt.nix;
 in
   {
     inherit adminer;
@@ -13,5 +14,6 @@ in
     connexionswing_dev  = connexionswing { environment = "dev"; };
     connexionswing_prod = connexionswing { environment = "prod"; };
     inherit nextcloud;
+    inherit mantisbt;
     git = { web = gitweb; };
   }
diff --git a/virtual/packages/mantisbt-patches/bug_report.php.diff b/virtual/packages/mantisbt-patches/bug_report.php.diff
new file mode 100644
index 0000000..a520043
--- /dev/null
+++ b/virtual/packages/mantisbt-patches/bug_report.php.diff
@@ -0,0 +1,20 @@
+--- a/bug_report.php	2018-02-10 21:29:27.000000000 +0100
++++ b/bug_report.php	2018-03-03 15:04:19.622499678 +0100
+@@ -149,6 +149,17 @@
+ 	access_ensure_project_level( config_get( 'update_bug_assign_threshold' ) );
+ }
+ 
++# begin captcha check for anon user
++if ( current_user_is_anonymous() && get_gd_version() > 0 ) {
++  $f_captcha = gpc_get_string( 'captcha', '' );
++  $f_captcha = utf8_strtolower( trim( $f_captcha ) );
++
++  $t_securimage = new Securimage();
++  if( $t_securimage->check( $f_captcha ) == false ) {
++    trigger_error( ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR );
++  }
++}
++
+ # if a profile was selected then let's use that information
+ if( 0 != $t_bug_data->profile_id ) {
+ 	if( profile_is_global( $t_bug_data->profile_id ) ) {
diff --git a/virtual/packages/mantisbt-patches/bug_report_page.php.diff b/virtual/packages/mantisbt-patches/bug_report_page.php.diff
new file mode 100644
index 0000000..80dea91
--- /dev/null
+++ b/virtual/packages/mantisbt-patches/bug_report_page.php.diff
@@ -0,0 +1,53 @@
+--- a/bug_report_page.php	2018-02-10 21:29:27.000000000 +0100
++++ b/bug_report_page.php	2018-03-03 15:04:19.622499678 +0100
+@@ -708,7 +708,50 @@
+ 				<span class="lbl padding-6"><?php echo lang_get( 'check_report_more_bugs' ) ?></span>
+ 			</label>
+ 		</td>
+ 	</tr>
++<?php
++	# captcha image requires GD library and related option to ON
++	if( current_user_is_anonymous() && get_gd_version() > 0 ) {
++		$t_securimage_path = 'vendor/dapphp/securimage';
++		$t_securimage_show = $t_securimage_path . '/securimage_show.php';
++		$t_securimage_play = $t_securimage_path . '/securimage_play.swf?'
++			. http_build_query( array(
++				'audio_file' => $t_securimage_path . '/securimage_play.php',
++				'bgColor1=' => '#fff',
++				'bgColor2=' => '#fff',
++				'iconColor=' => '#777',
++				'borderWidth=' => 1,
++				'borderColor=' => '#000',
++			) );
++?>
++	<tr>
++		<th class="category">CAPTCHA</th>
++		<td>
++
++				<label for="captcha-field" class="block clearfix">
++					<strong><?php echo lang_get( 'signup_captcha_request_label' ); ?></strong>
++				</label>
++				<span id="captcha-input" class="input">
++					<?php print_captcha_input( 'captcha' ); ?>
++
++					<span id="captcha-image" class="captcha-image" style="padding-right:3px;">
++						<img src="<?php echo $t_securimage_show; ?>" alt="visual captcha" />
++						<ul id="captcha-refresh"><li><a href="#"><?php
++							echo lang_get( 'signup_captcha_refresh' );
++						?></a></li></ul>
++					</span>
++
++					<object type="application/x-shockwave-flash" width="19" height="19"
++						data="<?php echo $t_securimage_play; ?>">
++						<param name="movie" value="<?php echo $t_securimage_play; ?>" />
++					</object>
++				</span>
++                </td>
++        </tr>
++<?php
++			}
++?>
++
+ </table>
+ </div>
+ </div>
diff --git a/virtual/packages/mantisbt-patches/bugnote_add.php.diff b/virtual/packages/mantisbt-patches/bugnote_add.php.diff
new file mode 100644
index 0000000..4509f0a
--- /dev/null
+++ b/virtual/packages/mantisbt-patches/bugnote_add.php.diff
@@ -0,0 +1,20 @@
+--- a/bugnote_add.php	2018-02-10 21:29:27.000000000 +0100
++++ b/bugnote_add.php	2018-03-03 15:13:12.439919511 +0100
+@@ -44,6 +44,17 @@
+ 
+ $t_query = array( 'issue_id' => $f_bug_id );
+ 
++# begin captcha check for anon user
++if ( current_user_is_anonymous() && get_gd_version() > 0 ) {
++  $f_captcha = gpc_get_string( 'captcha', '' );
++  $f_captcha = utf8_strtolower( trim( $f_captcha ) );
++
++  $t_securimage = new Securimage();
++  if( $t_securimage->check( $f_captcha ) == false ) {
++    trigger_error( ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR );
++  }
++}
++
+ if( count( $f_files ) > 0 && is_blank( $f_text ) && helper_duration_to_minutes( $f_duration ) == 0 ) {
+ 	$t_payload = array(
+ 		'files' => helper_array_transpose( $f_files )
diff --git a/virtual/packages/mantisbt-patches/bugnote_add_inc.php.diff b/virtual/packages/mantisbt-patches/bugnote_add_inc.php.diff
new file mode 100644
index 0000000..a8589c7
--- /dev/null
+++ b/virtual/packages/mantisbt-patches/bugnote_add_inc.php.diff
@@ -0,0 +1,52 @@
+--- a/bugnote_add_inc.php	2018-02-10 21:29:27.000000000 +0100
++++ b/bugnote_add_inc.php	2018-03-03 15:14:27.332428557 +0100
+@@ -119,6 +119,49 @@
+ 					<textarea name="bugnote_text" id="bugnote_text" class="<?php echo $t_bugnote_class ?>" rows="7"></textarea>
+ 				</td>
+ 			</tr>
++<?php
++	# captcha image requires GD library and related option to ON
++	if( current_user_is_anonymous() && get_gd_version() > 0 ) {
++		$t_securimage_path = 'vendor/dapphp/securimage';
++		$t_securimage_show = $t_securimage_path . '/securimage_show.php';
++		$t_securimage_play = $t_securimage_path . '/securimage_play.swf?'
++			. http_build_query( array(
++				'audio_file' => $t_securimage_path . '/securimage_play.php',
++				'bgColor1=' => '#fff',
++				'bgColor2=' => '#fff',
++				'iconColor=' => '#777',
++				'borderWidth=' => 1,
++				'borderColor=' => '#000',
++			) );
++?>
++	<tr>
++		<th class="category">CAPTCHA</th>
++		<td>
++
++				<label for="captcha-field" class="block clearfix">
++					<strong><?php echo lang_get( 'signup_captcha_request_label' ); ?></strong>
++				</label>
++				<span id="captcha-input" class="input">
++					<?php print_captcha_input( 'captcha' ); ?>
++
++					<span id="captcha-image" class="captcha-image" style="padding-right:3px;">
++						<img src="<?php echo $t_securimage_show; ?>" alt="visual captcha" />
++						<ul id="captcha-refresh"><li><a href="#"><?php
++							echo lang_get( 'signup_captcha_refresh' );
++						?></a></li></ul>
++					</span>
++
++					<object type="application/x-shockwave-flash" width="19" height="19"
++						data="<?php echo $t_securimage_play; ?>">
++						<param name="movie" value="<?php echo $t_securimage_play; ?>" />
++					</object>
++				</span>
++                </td>
++        </tr>
++<?php
++			}
++?>
++
+ 
+ <?php
+ 	if( config_get( 'time_tracking_enabled' ) ) {
diff --git a/virtual/packages/mantisbt-plugin-slack.json b/virtual/packages/mantisbt-plugin-slack.json
new file mode 100644
index 0000000..54ea38b
--- /dev/null
+++ b/virtual/packages/mantisbt-plugin-slack.json
@@ -0,0 +1,15 @@
+{
+  "tag": "9286d2e-master",
+  "meta": {
+    "name": "mantisbt-plugin-slack",
+    "url": "https://github.com/mantisbt-plugins/Slack",
+    "branch": "master"
+  },
+  "github": {
+    "owner": "mantisbt-plugins",
+    "repo": "Slack",
+    "rev": "9286d2eeeb8a986ed949e378711fef5f0bf182dc",
+    "sha256": "0nn0v4jc967giilkzrppi5svd04m2hnals75xxp0iabcdjnih0mn",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/packages/mantisbt-plugin-source-integration.json b/virtual/packages/mantisbt-plugin-source-integration.json
new file mode 100644
index 0000000..e36a68c
--- /dev/null
+++ b/virtual/packages/mantisbt-plugin-source-integration.json
@@ -0,0 +1,15 @@
+{
+  "tag": "v2.1.5",
+  "meta": {
+    "name": "mantisbt-plugin-source-integration",
+    "url": "https://github.com/mantisbt-plugins/source-integration",
+    "branch": "refs/tags/v2.1.5"
+  },
+  "github": {
+    "owner": "mantisbt-plugins",
+    "repo": "source-integration",
+    "rev": "a48039a20abc50864e0e68c0c843b27058404386",
+    "sha256": "07g6q3hivmnd94r47pp0snk5bv4pa3piwclc9qhj612i4wnsazsk",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/packages/mantisbt-plugin-source-integration_Source.API.php.diff b/virtual/packages/mantisbt-plugin-source-integration_Source.API.php.diff
new file mode 100644
index 0000000..c355144
--- /dev/null
+++ b/virtual/packages/mantisbt-plugin-source-integration_Source.API.php.diff
@@ -0,0 +1,12 @@
+--- b/Source/Source.API.php	2017-09-18 00:50:32.000000000 +0200
++++ a/Source/Source.API.php	2018-03-04 19:00:25.578889039 +0100
+@@ -452,6 +452,9 @@
+ 	# Allow other plugins to post-process commit data
+ 	event_signal( 'EVENT_SOURCE_COMMITS', array( $p_changesets ) );
+ 	event_signal( 'EVENT_SOURCE_FIXED', array( $t_fixed_bugs ) );
++	foreach( $t_fixed_bugs as $t_bug_id => $t_changeset ) {
++          event_signal( 'EVENT_BUG_ACTION', array('RESOLVE', $t_bug_id) );
++        }
+ }
+ 
+ /**
diff --git a/virtual/packages/mantisbt.nix b/virtual/packages/mantisbt.nix
new file mode 100644
index 0000000..f136ea5
--- /dev/null
+++ b/virtual/packages/mantisbt.nix
@@ -0,0 +1,124 @@
+with import ../../libs.nix;
+with nixpkgs_unstable;
+let
+  # FIXME: check that source-integration and slack still work
+  mantisbt = let
+    plugins = {
+      slack = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-slack.json // rec {
+        installPhase = ''
+          sed -i -e "s/return '@' . \\\$username;/return \\\$username;/" Slack.php
+          cp -a . $out
+          '';
+      });
+      source-integration = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-source-integration.json // rec {
+        installPhase = ''
+          mkdir $out
+          patch -p1 < ${./mantisbt-plugin-source-integration_Source.API.php.diff}
+          cp -a Source* $out/
+        '';
+      });
+    };
+  in rec {
+    config = 
+      assert checkEnv "NIXOPS_MANTISBT_DB_PASSWORD";
+      assert checkEnv "NIXOPS_MANTISBT_MASTER_SALT";
+      assert checkEnv "NIXOPS_MANTISBT_LDAP_PASSWORD";
+      pkgs.writeText "config_inc.php" ''
+      <?php
+      $g_hostname              = 'db-1.immae.eu';
+      $g_db_username           = 'mantisbt';
+      $g_db_password           = '${builtins.getEnv "NIXOPS_MANTISBT_DB_PASSWORD"}';
+      $g_database_name         = 'mantisbt';
+      $g_db_type               = 'pgsql';
+      $g_crypto_master_salt    = '${builtins.getEnv "NIXOPS_MANTISBT_MASTER_SALT"}';
+      $g_allow_signup          = OFF;
+      $g_allow_anonymous_login = ON;
+      $g_anonymous_account     = 'anonymous';
+
+      $g_phpMailer_method	= PHPMAILER_METHOD_SMTP;
+      $g_smtp_host		= 'mail.immae.eu';
+      $g_smtp_username		= ''';
+      $g_smtp_password		= ''';
+      $g_webmaster_email	= 'webmaster@immae.eu';
+      $g_from_email		= 'noreply@immae.eu';
+      $g_return_path_email	= 'webmaster@immae.eu';
+      $g_from_name		= 'Mantis Bug Tracker at immae.eu';
+      $g_email_receive_own	= OFF;
+      # --- LDAP ---
+      $g_login_method = LDAP;
+      $g_ldap_protocol_version = 3;
+      $g_ldap_server = 'ldaps://ldap.immae.eu:636';
+      $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu';
+      $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu';
+      $g_ldap_bind_passwd = '${builtins.getEnv "NIXOPS_MANTISBT_LDAP_PASSWORD"}';
+      $g_use_ldap_email = ON;
+      $g_use_ldap_realname = ON;
+      $g_ldap_uid_field = 'uid'; 
+      $g_ldap_realname_field = 'cn';
+      $g_ldap_organization = '(memberOf=cn=users,cn=mantisbt,ou=services,dc=immae,dc=eu)';
+      '';
+    webRoot = stdenv.mkDerivation rec {
+      name = "mantisbt-${version}";
+      version = "2.11.1";
+      src = fetchurl {
+        url = "https://downloads.sourceforge.net/project/mantisbt/mantis-stable/${version}/${name}.tar.gz";
+        sha256 = "0jnrqz6r2hf53v0k1lh3il7hlfiphn61r9wgg6mzyywkjxwq07md";
+      };
+      patches = [
+        ./mantisbt-patches/bug_report.php.diff
+        ./mantisbt-patches/bug_report_page.php.diff
+        ./mantisbt-patches/bugnote_add.php.diff
+        ./mantisbt-patches/bugnote_add_inc.php.diff
+        ];
+      installPhase = ''
+        cp -a . $out
+        ln -s ${config} $out/config/config_inc.php
+        ln -s ${plugins.slack} $out/plugins/Slack
+        ln -s ${plugins.source-integration}/Source* $out/plugins/
+      '';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+        Alias /mantisbt "${webRoot}"
+        <Directory "${webRoot}">
+          DirectoryIndex index.php
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          </FilesMatch>
+
+          AllowOverride All
+          Options FollowSymlinks
+          Require all granted
+        </Directory>
+        <Directory "${webRoot}/admin">
+          #Reenable during upgrade
+          Require all denied
+        </Directory>
+        '';
+    };
+    phpFpm = rec {
+      basedir = builtins.concatStringsSep ":" (
+        [ webRoot config ]
+        ++ pkgs.lib.attrsets.mapAttrsToList (name: value: value) plugins);
+      socket = "/var/run/phpfpm/mantisbt.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        pm = ondemand
+        pm.max_children = 60
+        pm.process_idle_timeout = 60
+
+        php_admin_value[upload_max_filesize] = 5000000
+
+        php_admin_value[open_basedir] = "${basedir}:/tmp"
+        '';
+    };
+  };
+in 
+  mantisbt
-- 
2.41.0