Upgrading Passbolt on CentOS 7

We had post a guide to install PASSBOLT on CentOS 7 last time, since Passbolt has release a newer version, and everytime we login to lower version passbolt, it will shows a notification to upgrade Passbolt. IT WAS ANNOYING ! So, we decide to make another guide for upgrading PASSBOLT v1.6.0 to V2.0.7 .

First, we need to know what version we at running. Find passbolt version by this command:

# cat /var/www/passbolt/app/version.php

Output should be like this:

[
‘number’ => ‘1.6.10‘,
‘name’ => ‘Get Up’
],
];

Update to lastest & enable EPEL repositories to install all the required passbolt components:

# yum update -y
# yum -y install yum-utils epel-release
# yum -y install 'http://rpms.remirepo.net/enterprise/remi-release-7.rpm'

Install remi’s repositories for PHP 7.2

# yum-config-manager --enable 'remi-php72'

Install some basic utilities:

# yum -y install unzip wget composer policycoreutils-python git gcc

PHP Installation

# yum -y install php-intl php-gd php-mysql php-mcrypt php-pear php-devel php-mbstring php-fpm gpgme-devel
# yum install -y php-fpm

///// NOTE: If you getting gnupg.so error, run 'pecl uninstall gnupg' to uninstall it, and reinstall with 'pecl install gnupg'. After that run 'echo "extension=gnupg.so" > /etc/php.d/gnupg.ini' to make gnupg working. /////

Run php-fpm with unix socket, and user as nginx

# vim /etc/php-fpm.d/www.conf

Edit listen, user, group:

listen = /var/run/php-fpm/php-fpm.sock
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx
listen.mode = 0666

Restart php-fpm to take effect

# service php-fpm restart

Change the default group owner of the default php session

# chgrp nginx /var/lib/php/session

Cd to passbolt installation path and rename it to older version.

# cd /var/www/
# mv passbolt passbolt_old

Download latest passbolt from GIT.

# git clone https://github.com/passbolt/passbolt_api.git ./passbolt

Install the dependencies

# cd passbolt
# composer install

Copy the avatar folder

# cp -R ../passbolt_old/app/webroot/img/public/* ./webroot/img/public/.
# mv ./webroot/img/public/images/ProfileAvatar ./webroot/img/public/images/Avatar

Copy the server gpg key

# cp ../passbolt_old/app/Config/gpg/* config/gpg/.

Create a passbolt configuration file

///// Do not copy your v1 configuration files,name and values in the main configuration is now located in one file called config/passbolt.php. /////

# cp config/passbolt.default.php config/passbolt.php
# vim config/passbolt.php

You will need to set at least the following:

> Application full base url (/app/Config/core.php)
> Database configuration (/app/Config/database.php)
> Email settings (/app/Config/email.php)
> Server OpenPGP key fingerprint.(/app/Config/app.php)

Change passbolt folder ownership to your web application user and permission to 755.

# chown -R nginx.nginx /var/www/passbolt
# chmod -R 755 /var/www/passbolt

Run the migration script with your web application user.

# su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt migrate" nginx

Run healthcheck to see is everything ready to work.

# su -s /bin/bash -c "./bin/cake passbolt healthcheck" nginx

Change crontab send notification command

# crontab -e
* * * * * /usr/bin/su -c "/var/www/passbolt/bin/cake EmailQueue.sender > /var/www/passbolt/tmp/email.log" -s /bin/bash nginx

///// We are not done yet. /////

Check your nginx root path, rewrite rules. Here is an example for nginx:

server {
listen   80;
listen   [::]:80;
server_name www.example.com;
return 301 http://example.com$request_uri;
}
server {
listen   80;
server_name example.com;
root   /var/www/example.com/webroot;
index  index.php;
access_log /var/www/example.com/log/access.log;
error_log /var/www/example.com/log/error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}

Restart services & TEST !

ENJOY ~