doc/install/linux/install.pl - diff

Return to install.pl CVS log

Up to [LON-CAPA] / doc / install / linux

Diff for /doc/install/linux/install.pl between versions 1.45.2.2 and 1.45.2.21

version 1.45.2.2, 2019/02/19 19:24:28	version 1.45.2.21, 2024/07/28 14:05:29
Line 27 use strict;	Line 27 use strict;
use File::Copy;	use File::Copy;
use Term::ReadKey;	use Term::ReadKey;
use DBI;	use DBI;
	use File::Spec;
use Cwd();	use Cwd();
use File::Basename();	use File::Basename();
use lib File::Basename::dirname(Cwd::abs_path($0));	use lib File::Basename::dirname(Cwd::abs_path($0));
Line 164 sub get_user_selection {	Line 165 sub get_user_selection {
sub get_distro {	sub get_distro {
my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow,$unknown);	my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow,$unknown);
$packagecmd = '/bin/rpm -q LONCAPA-prerequisites ';	$packagecmd = '/bin/rpm -q LONCAPA-prerequisites ';
if (-e '/etc/redhat-release') {	if (-e '/etc/oracle-release') {
	open(IN,'</etc/oracle-release');
	my $versionstring=<IN>;
	chomp($versionstring);
	close(IN);
	if ($versionstring =~ /^Oracle Linux Server release (\d+)/) {
	my $version = $1;
	$distro = 'oracle'.$1;
	$updatecmd = 'yum install LONCAPA-prerequisites';
	$installnow = 'yum -y install LONCAPA-prerequisites';
	}
	} elsif (-e '/etc/redhat-release') {
open(IN,'</etc/redhat-release');	open(IN,'</etc/redhat-release');
my $versionstring=<IN>;	my $versionstring=<IN>;
chomp($versionstring);	chomp($versionstring);
Line 194 sub get_distro {	Line 206 sub get_distro {
$distro = 'rhes'.$1;	$distro = 'rhes'.$1;
$updatecmd = 'yum install LONCAPA-prerequisites';	$updatecmd = 'yum install LONCAPA-prerequisites';
$installnow = 'yum -y install LONCAPA-prerequisites';	$installnow = 'yum -y install LONCAPA-prerequisites';
} elsif ($versionstring =~ /CentOS(?:\| Linux) release (\d+)/) {	} elsif ($versionstring =~ /Red Hat Enterprise Linux release (\d+)/) {
$distro = 'centos'.$1;	$distro = 'rhes'.$1;
	$updatecmd = 'dnf install LONCAPA-prerequisites';
	$installnow = 'dnf -y install LONCAPA-prerequisites';
	} elsif ($versionstring =~ /CentOS(\| Linux\| Stream) release (\d+)/) {
	$distro = 'centos'.$2;
	if ($1 eq ' Stream') {
	$distro .= '-stream';
	}
$updatecmd = 'yum install LONCAPA-prerequisites';	$updatecmd = 'yum install LONCAPA-prerequisites';
$installnow = 'yum -y install LONCAPA-prerequisites';	$installnow = 'yum -y install LONCAPA-prerequisites';
} elsif ($versionstring =~ /Scientific Linux (?:SL )?release ([\d.]+) /) {	} elsif ($versionstring =~ /Scientific Linux (?:SL )?release ([\d.]+) /) {
Line 204 sub get_distro {	Line 223 sub get_distro {
$distro = 'scientific'.$ver;	$distro = 'scientific'.$ver;
$updatecmd = 'yum install LONCAPA-prerequisites';	$updatecmd = 'yum install LONCAPA-prerequisites';
$installnow = 'yum -y install LONCAPA-prerequisites';	$installnow = 'yum -y install LONCAPA-prerequisites';
	} elsif ($versionstring =~ /Rocky Linux release ([\d.]+)/) {
	my $ver = $1;
	$ver =~ s/\.\d+$//;
	$distro = 'rocky'.$ver;
	$updatecmd = 'dnf install LONCAPA-prerequisites';
	$installnow = 'dnf -y install LONCAPA-prerequisites';
	} elsif ($versionstring =~ /AlmaLinux release ([\d.]+) /) {
	my $ver = $1;
	$ver =~ s/\.\d+$//;
	$distro = 'alma'.$ver;
	$updatecmd = 'dnf install LONCAPA-prerequisites';
	$installnow = 'dnf -y install LONCAPA-prerequisites';
} else {	} else {
print &mt('Unable to interpret [_1] to determine system type.',	print &mt('Unable to interpret [_1] to determine system type.',
'/etc/redhat-release')."\n";	'/etc/redhat-release')."\n";
Line 306 sub get_distro {	Line 337 sub get_distro {
$unknown = 1;	$unknown = 1;
}	}
} else {	} else {
print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n";	print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora, scientific linux, or oracle linux system.')."\n";
}	}
}	}
return ($distro,$packagecmd,$updatecmd,$installnow);	return ($distro,$packagecmd,$updatecmd,$installnow);
Line 342 sub check_prerequisites {	Line 373 sub check_prerequisites {

sub check_locale {	sub check_locale {
my ($distro) = @_;	my ($distro) = @_;
my ($fh,$langvar,$command);	my ($fh,$langvar,$command,$earlyout);
$langvar = 'LANG';	$langvar = 'LANG';
if ($distro =~ /^(ubuntu\|debian)/) {	if ($distro =~ /^(ubuntu\|debian)/) {
if (!open($fh,"</etc/default/locale")) {	if (!open($fh,"</etc/default/locale")) {
print &mt('Failed to open: [_1], default locale not checked.',	print &mt('Failed to open: [_1], default locale not checked.',
'/etc/default/locale');	'/etc/default/locale');
	$earlyout = 1;
}	}
} elsif ($distro =~ /^(suse\|sles)(\d+)/) {	} elsif ($distro =~ /^(suse\|sles)(\d+)/) {
if (($1 eq 'sles') && ($2 >= 15)) {	if (($1 eq 'sles') && ($2 >= 15)) {
if (!open($fh,"</etc/locale.conf")) {	if (!open($fh,"</etc/locale.conf")) {
print &mt('Failed to open: [_1], default locale not checked.',	print &mt('Failed to open: [_1], default locale not checked.',
'/etc/locale.conf');	'/etc/locale.conf');
	$earlyout = 1;
}	}
} else {	} else {
if (!open($fh,"</etc/sysconfig/language")) {	if (!open($fh,"</etc/sysconfig/language")) {
print &mt('Failed to open: [_1], default locale not checked.',	print &mt('Failed to open: [_1], default locale not checked.',
'/etc/sysconfig/language');	'/etc/sysconfig/language');
	$earlyout = 1;
}	}
$langvar = 'RC_LANG';	$langvar = 'RC_LANG';
}	}
Line 367 sub check_locale {	Line 401 sub check_locale {
if (!open($fh,"</etc/locale.conf")) {	if (!open($fh,"</etc/locale.conf")) {
print &mt('Failed to open: [_1], default locale not checked.',	print &mt('Failed to open: [_1], default locale not checked.',
'/etc/locale.conf');	'/etc/locale.conf');
	$earlyout = 1;
}	}
} elsif (!open($fh,"</etc/sysconfig/i18n")) {	} elsif (!open($fh,"</etc/sysconfig/i18n")) {
print &mt('Failed to open: [_1], default locale not checked.',	print &mt('Failed to open: [_1], default locale not checked.',
'/etc/sysconfig/i18n');	'/etc/sysconfig/i18n');
	$earlyout = 1;
}	}
} elsif ($distro =~ /^(?:rhes\|centos\|scientific)(\d+)/) {	} elsif ($distro =~ /^(?:rhes\|centos\|scientific\|oracle\|rocky\|alma)(\d+)/) {
if ($1 >= 7) {	if ($1 >= 7) {
if (!open($fh,"</etc/locale.conf")) {	if (!open($fh,"</etc/locale.conf")) {
print &mt('Failed to open: [_1], default locale not checked.',	print &mt('Failed to open: [_1], default locale not checked.',
'/etc/locale.conf');	'/etc/locale.conf');
	$earlyout = 1;
}	}
} elsif (!open($fh,"</etc/sysconfig/i18n")) {	} elsif (!open($fh,"</etc/sysconfig/i18n")) {
print &mt('Failed to open: [_1], default locale not checked.',	print &mt('Failed to open: [_1], default locale not checked.',
'/etc/sysconfig/i18n');	'/etc/sysconfig/i18n');
	$earlyout = 1;
}	}
} else {	} else {
if (!open($fh,"</etc/sysconfig/i18n")) {	if (!open($fh,"</etc/sysconfig/i18n")) {
print &mt('Failed to open: [_1], default locale not checked.',	print &mt('Failed to open: [_1], default locale not checked.',
'/etc/sysconfig/i18n');	'/etc/sysconfig/i18n');
	$earlyout = 1;
}	}
}	}
	return if ($earlyout);
my @data = <$fh>;	my @data = <$fh>;
chomp(@data);	chomp(@data);
foreach my $item (@data) {	foreach my $item (@data) {
Line 401 sub check_locale {	Line 441 sub check_locale {
$command = 'sudo locale-gen en_US.UTF-8'."\n".	$command = 'sudo locale-gen en_US.UTF-8'."\n".
'sudo update-locale LANG=en_US.UTF-8';	'sudo update-locale LANG=en_US.UTF-8';
} elsif ($distro =~ /^(suse\|sles)/) {	} elsif ($distro =~ /^(suse\|sles)/) {
$command = 'yast language';	$command = 'yast language';
} else {	} elsif (-e '/usr/bin/system-config-language') {
$command = 'system-config-language';	$command = 'system-config-language';
	} elsif (-e '/usr/bin/localectl') {
	$command = '/usr/bin/localectl set-locale LANG=en_US.UTF-8';
	} else {
	$command = 'No standard command found';
}	}
}	}
last;	last;
Line 427 sub check_required {	Line 471 sub check_required {
unless ($localecmd eq '') {	unless ($localecmd eq '') {
return ($distro,$gotprereqs,$localecmd);	return ($distro,$gotprereqs,$localecmd);
}	}
my ($mysqlon,$mysqlsetup,$mysqlrestart,$dbh,$has_pass,$has_lcdb,%recommended,	my ($mysqlon,$mysqlsetup,$mysqlrestart,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb,
$downloadstatus,$filetouse,$production,$testing,$apachefw,$tostop,$uses_systemctl);	%recommended,$downloadstatus,$filetouse,$production,$testing,$apachefw,
	$tostop,$uses_systemctl,$mysql_has_wwwuser);
my $wwwuid = &uid_of_www();	my $wwwuid = &uid_of_www();
my $wwwgid = getgrnam('www');	my $wwwgid = getgrnam('www');
if (($wwwuid eq '') \|\| ($wwwgid eq '')) {	if (($wwwuid eq '') \|\| ($wwwgid eq '')) {
Line 439 sub check_required {	Line 484 sub check_required {
}	}
$mysqlon = &check_mysql_running($distro);	$mysqlon = &check_mysql_running($distro);
if ($mysqlon) {	if ($mysqlon) {
my $mysql_has_wwwuser = &check_mysql_wwwuser();	($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser,$mysql_unix_socket) =
($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser) =	&check_mysql_setup($instdir,$dsn,$distro);
&check_mysql_setup($instdir,$dsn,$distro,$mysql_has_wwwuser);
if ($mysqlsetup eq 'needsrestart') {	if ($mysqlsetup eq 'needsrestart') {
$mysqlrestart = '';	$mysqlrestart = '';
if ($distro eq 'ubuntu') {	if ($distro eq 'ubuntu') {
$mysqlrestart = 'sudo ';	$mysqlrestart = 'sudo ';
}	}
$mysqlrestart .= 'service mysql restart';	$mysqlrestart .= 'service mysql restart';
return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart);	return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart);
Line 467 sub check_required {	Line 511 sub check_required {
}	}
($recommended{'firewall'},$apachefw) = &chkfirewall($distro);	($recommended{'firewall'},$apachefw) = &chkfirewall($distro);
($recommended{'runlevels'},$tostop,$uses_systemctl) = &chkconfig($distro,$instdir);	($recommended{'runlevels'},$tostop,$uses_systemctl) = &chkconfig($distro,$instdir);
	if ((ref($uses_systemctl) eq 'HASH') && ($uses_systemctl->{'apache'})) {
	$recommended{'systemd'} = &check_systemd_security($distro);
	}
$recommended{'apache'} = &chkapache($distro,$instdir);	$recommended{'apache'} = &chkapache($distro,$instdir);
$recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop);	$recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop);
($recommended{'download'},$downloadstatus,$filetouse,$production,$testing)	($recommended{'download'},$downloadstatus,$filetouse,$production,$testing)
= &need_download();	= &need_download($distro,$instdir);
return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,	return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,
$mysqlrestart,\%recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,	$mysqlrestart,\%recommended,$dbh,$has_pass,$mysql_unix_socket,
$filetouse,$production,$testing,$apachefw,$uses_systemctl);	$has_lcdb,$downloadstatus,$filetouse,$production,$testing,$apachefw,
	$uses_systemctl);
}	}

sub check_mysql_running {	sub check_mysql_running {
Line 490 sub check_mysql_running {	Line 538 sub check_mysql_running {
$process = 'mysqld';	$process = 'mysqld';
$proc_owner = 'mysql';	$proc_owner = 'mysql';
}	}
	if ($1 >= 16) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^debian(\w+)/) {
	if ($1 >= 10) {
	$process = 'mysql';
	$proc_owner = 'mysql';
	}
	if ($1 >= 11) {
	$mysqldaemon = 'mariadb';
	}
	if ($1 >= 9) {
	$use_systemctl = 1;
	}
} elsif ($distro =~ /^fedora(\d+)/) {	} elsif ($distro =~ /^fedora(\d+)/) {
if ($1 >= 16) {	if ($1 >= 16) {
$process = 'mysqld';	$process = 'mysqld';
Line 499 sub check_mysql_running {	Line 561 sub check_mysql_running {
if ($1 >= 19) {	if ($1 >= 19) {
$mysqldaemon ='mariadb';	$mysqldaemon ='mariadb';
}	}
} elsif ($distro =~ /^(?:centos\|rhes\|scientific)(\d+)/) {	if ($1 >= 34) {
	$process = 'mariadb';
	}
	} elsif ($distro =~ /^(?:centos\|rhes\|scientific\|oracle\|rocky\|alma)(\d+)/) {
if ($1 >= 7) {	if ($1 >= 7) {
$mysqldaemon ='mariadb';	$mysqldaemon ='mariadb';
$process = 'mysqld';	$process = 'mysqld';
$proc_owner = 'mysql';	$proc_owner = 'mysql';
$use_systemctl = 1;	$use_systemctl = 1;
}	}
	if ($1 >= 9) {
	$process = 'mariadb';
	}
} elsif ($distro =~ /^sles(\d+)/) {	} elsif ($distro =~ /^sles(\d+)/) {
if ($1 >= 12) {	if ($1 >= 12) {
$use_systemctl = 1;	$use_systemctl = 1;
Line 626 sub chkconfig {	Line 694 sub chkconfig {
if (($distro =~ /^ubuntu/) && ($version <= 8)) {	if (($distro =~ /^ubuntu/) && ($version <= 8)) {
$daemon{'cups'} = 'cupsys';	$daemon{'cups'} = 'cupsys';
}	}
	if ((($distro =~ /^ubuntu/) && ($version >= 18)) \|\|
	(($distro =~ /^debian/) && ($version >= 10))) {
	$daemon{'ntp'} = 'chrony';
	}
	if (($distro =~ /^debian/) && ($version >= 11)) {
	$daemon{'mysql'} = 'mariadb';
	}
} elsif ($distro =~ /^fedora(\d+)/) {	} elsif ($distro =~ /^fedora(\d+)/) {
my $version = $1;	my $version = $1;
if ($version >= 15) {	if ($version >= 15) {
Line 640 sub chkconfig {	Line 715 sub chkconfig {
if ($version >= 19) {	if ($version >= 19) {
$daemon{'mysql'} = 'mariadb';	$daemon{'mysql'} = 'mariadb';
}	}
} elsif ($distro =~ /^(?:centos\|rhes\|scientific)(\d+)/) {	if ($version >= 26) {
	$daemon{'ntp'} = 'chronyd';
	}
	} elsif ($distro =~ /^(?:centos\|rhes\|scientific\|oracle\|rocky\|alma)(\d+)/) {
my $version = $1;	my $version = $1;
if ($version >= 7) {	if ($version >= 7) {
$uses_systemctl{'ntp'} = 1;	$uses_systemctl{'ntp'} = 1;
Line 650 sub chkconfig {	Line 728 sub chkconfig {
$uses_systemctl{'cups'} = 1;	$uses_systemctl{'cups'} = 1;
$daemon{'mysql'} = 'mariadb';	$daemon{'mysql'} = 'mariadb';
}	}
	if (($version >= 8) \|\| ($distro eq 'oracle7')) {
	$daemon{'ntp'} = 'chronyd';
	}
}	}
my $nocheck;	my $nocheck;
if (! -x $checker_bin) {	if (! -x $checker_bin) {
Line 742 sub chkconfig {	Line 823 sub chkconfig {
return (\%needfix,\%tostop,\%uses_systemctl);	return (\%needfix,\%tostop,\%uses_systemctl);
}	}

	sub check_systemd_security {
	my ($distro) = @_;
	my $service = 'httpd.service';
	if ($distro =~ /^(suse\|sles\|ubuntu\|debian)/) {
	$service = 'apache2.service';
	}
	system("systemctl daemon-reload");
	if (open(PIPE,"systemctl show $service --property=ProtectHome 2>/dev/null \|")) {
	my $protection = <PIPE>;
	close(PIPE);
	chomp($protection);
	if ($protection =~ /^ProtectHome=(read-only\|yes)$/i) {
	return 1;
	}
	} else {
	print &mt('Could not check systemctl configuration for Apache')."\n";
	}
	return 0;
	}

sub uses_firewalld {	sub uses_firewalld {
my ($distro) = @_;	my ($distro) = @_;
my ($inuse, $checkfirewalld);	my ($inuse,$checkfirewalld,$zone);
if ($distro =~ /^(suse\|sles)([\d\.]+)$/) {	if ($distro =~ /^(suse\|sles)([\d\.]+)$/) {
if (($1 eq 'sles') && ($2 >= 15)) {	if (($1 eq 'sles') && ($2 >= 15)) {
$checkfirewalld = 1;	$checkfirewalld = 1;
Line 753 sub uses_firewalld {	Line 854 sub uses_firewalld {
if ($1 >= 18) {	if ($1 >= 18) {
$checkfirewalld = 1;	$checkfirewalld = 1;
}	}
} elsif ($distro =~ /^(?:centos\|rhes\|scientific)(\d+)/) {	} elsif ($distro =~ /^(?:centos\|rhes\|scientific\|oracle\|rocky\|alma)(\d+)/) {
if ($1 >= 7) {	if ($1 >= 7) {
$checkfirewalld = 1;	$checkfirewalld = 1;
}	}
}	}
if ($checkfirewalld) {	if ($checkfirewalld) {
my ($loaded,$active);	my ($loaded,$active);
if (open(PIPE,"systemctl status firewalld \|")) {	if (open(PIPE,"systemctl status firewalld 2>/dev/null \|")) {
while (<PIPE>) {	while (<PIPE>) {
chomp();	chomp();
if (/^\s*Loaded:\s+(\w+)/) {	if (/^\s*Loaded:\s+(\w+)/) {
$loaded = $1;	$loaded = $1;
}	}
if (/^\s*Active\s+(\w+)/) {	if (/^\s*Active:\s+(\w+)/) {
$active = $1;	$active = $1;
}	}
}	}
Line 774 sub uses_firewalld {	Line 875 sub uses_firewalld {
}	}
if (($loaded eq 'loaded') \|\| ($active eq 'active')) {	if (($loaded eq 'loaded') \|\| ($active eq 'active')) {
$inuse = 1;	$inuse = 1;
	my $cmd = 'firewall-cmd --get-default-zone';
	if (open(PIPE,"$cmd \|")) {
	my $result = <PIPE>;
	chomp($result);
	close(PIPE);
	if ($result =~ /^\w+$/) {
	$zone = $result;
	}
	}
}	}
}	}
return $inuse;	return ($inuse,$zone);
}	}

sub chkfirewall {	sub chkfirewall {
Line 787 sub chkfirewall {	Line 897 sub chkfirewall {
https => 443,	https => 443,
);	);
my %activefw;	my %activefw;
if (&firewall_is_active()) {	my ($firewalld,$zone) = &uses_firewalld($distro);
if (&uses_firewalld($distro)) {	if ($firewalld) {
my %current;	my %current;
if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services \|')) {	if (open(PIPE,'firewall-cmd --permanent --zone='.$zone.' --list-services \|')) {
my $svc = <PIPE>;	my $svc = <PIPE>;
close(PIPE);	close(PIPE);
chomp($svc);	chomp($svc);
map { $current{$_} = 1; } (split(/\s+/,$svc));	map { $current{$_} = 1; } (split(/\s+/,$svc));
}	}
if ($current{'http'} && $current{'https'}) {	if ($current{'http'} && $current{'https'}) {
$configfirewall = 0;	$configfirewall = 0;
}	}
} else {	} else {
	if (&firewall_is_active()) {
my $iptables = &get_pathto_iptables();	my $iptables = &get_pathto_iptables();
if ($iptables eq '') {	if ($iptables eq '') {
print &mt('Firewall not checked as path to iptables not determined.')."\n";	print &mt('Firewall not checked as path to iptables not determined.')."\n";
Line 821 sub chkfirewall {	Line 932 sub chkfirewall {
print &mt('Firewall not checked as iptables Chains not identified.')."\n";	print &mt('Firewall not checked as iptables Chains not identified.')."\n";
}	}
}	}
	} else {
	print &mt('Firewall not enabled.')."\n";
}	}
} else {
print &mt('Firewall not enabled.')."\n";
}	}
return ($configfirewall,\%activefw);	return ($configfirewall,\%activefw);
}	}
Line 835 sub chkapache {	Line 946 sub chkapache {
my $distname = $1;	my $distname = $1;
my $version = $2;	my $version = $2;
my ($stdconf,$stdsite);	my ($stdconf,$stdsite);
if (($distname eq 'ubuntu') && ($version > 12)) {	if ((($distname eq 'ubuntu') && ($version > 12)) \|\|
	(($distname eq 'debian') && ($version >= 10))) {
$stdconf = "$instdir/debian-ubuntu/ubuntu14/loncapa_conf";	$stdconf = "$instdir/debian-ubuntu/ubuntu14/loncapa_conf";
$stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_sites";	$stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_sites";
} else {	} else {
Line 846 sub chkapache {	Line 958 sub chkapache {
print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n";	print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n";
} else {	} else {
my ($configfile,$sitefile);	my ($configfile,$sitefile);
if (($distname eq 'ubuntu') && ($version > 12)) {	if ((($distname eq 'ubuntu') && ($version > 12)) \|\|
$sitefile = '/etc/apache2/sites-available/loncapa';	(($distname eq 'debian') && ($version >= 10))) {
$configfile = "/etc/apache2/conf-available/loncapa";	$sitefile = '/etc/apache2/sites-available/loncapa.conf';
	$configfile = '/etc/apache2/conf-available/loncapa.conf';
} else {	} else {
$configfile = "/etc/apache2/sites-available/loncapa";	$configfile = '/etc/apache2/sites-available/loncapa';
}	}
if (($configfile ne '') && (-e $configfile) && (-e $stdconf)) {	if (($configfile ne '') && (-e $configfile) && (-e $stdconf)) {
if (open(PIPE, "diff --brief $stdconf $configfile \|")) {	if (open(PIPE, "diff --brief $stdconf $configfile \|")) {
Line 862 sub chkapache {	Line 975 sub chkapache {
}	}
}	}
}	}
if ((!$fixapache) && ($distname eq 'ubuntu') && ($version > 12)) {	if ((!$fixapache) && ((($distname eq 'ubuntu') && ($version > 12)) \|\|
	(($distname eq 'debian') && ($version >= 10)))) {
if (($sitefile ne '') && (-e $sitefile) && (-e $stdsite)) {	if (($sitefile ne '') && (-e $sitefile) && (-e $stdsite)) {
if (open(PIPE, "diff --brief $stdsite $sitefile \|")) {	if (open(PIPE, "diff --brief $stdsite $sitefile \|")) {
my $diffres = <PIPE>;	my $diffres = <PIPE>;
close(PIPE);	close(PIPE);
chomp($diffres);	chomp($diffres);
unless ($diffres) {	if ($diffres) {
	$fixapache = 1;
	} else {
$fixapache = 0;	$fixapache = 0;
}	}
}	}
Line 882 sub chkapache {	Line 998 sub chkapache {
}	}
}	}
}	}
	if ((!$fixapache) && (($distname eq 'ubuntu') \|\| ($distname eq 'debian'))) {
	my $sitestatus = "/etc/apache2/mods-available/status.conf";
	my $stdstatus = "$instdir/debian-ubuntu/status.conf";
	if ((-e $stdstatus) && (-e $sitestatus)) {
	if (open(PIPE, "diff --brief $stdstatus $sitestatus \|")) {
	my $diffres = <PIPE>;
	close(PIPE);
	chomp($diffres);
	if ($diffres) {
	$fixapache = 1;
	}
	}
	}
	}
} elsif ($distro =~ /^(suse\|sles)([\d\.]+)$/) {	} elsif ($distro =~ /^(suse\|sles)([\d\.]+)$/) {
my ($name,$version) = ($1,$2);	my ($name,$version) = ($1,$2);
my $apache = 'apache';	my $apache = 'apache';
Line 921 sub chkapache {	Line 1051 sub chkapache {
}	}
} else {	} else {
my $configfile = 'httpd.conf';	my $configfile = 'httpd.conf';
if ($distro =~ /^(?:centos\|rhes\|scientific)(\d+)$/) {	my $mpmfile = 'mpm.conf';
	if ($distro =~ /^(?:centos\|rhes\|scientific\|oracle\|rocky\|alma)(\d+)/) {
if ($1 >= 7) {	if ($1 >= 7) {
$configfile = 'apache2.4/httpd.conf';	$configfile = 'apache2.4/httpd.conf';
} elsif ($1 > 5) {	} elsif ($1 > 5) {
Line 929 sub chkapache {	Line 1060 sub chkapache {
}	}
} elsif ($distro =~ /^fedora(\d+)$/) {	} elsif ($distro =~ /^fedora(\d+)$/) {
if ($1 > 17) {	if ($1 > 17) {
$configfile = 'apache2.4/httpd.conf';	$configfile = 'apache2.4/httpd.conf';
} elsif ($1 > 10) {	} elsif ($1 > 10) {
$configfile = 'new/httpd.conf';	$configfile = 'new/httpd.conf';
}	}
Line 947 sub chkapache {	Line 1078 sub chkapache {
}	}
}	}
}	}
	if (-e "/etc/httpd/conf.modules.d/00-mpm.conf") {
	if (!-e "$instdir/centos-rhes-fedora-sl/$mpmfile") {
	print &mt('Warning: No LON-CAPA Apache MPM configuration file found for installation check.')."\n";
	} elsif ((-e "/etc/httpd/conf.modules.d/00-mpm.conf") && (-e "$instdir/centos-rhes-fedora-sl/$mpmfile")) {
	if (open(PIPE, "diff --brief $instdir/centos-rhes-fedora-sl/$mpmfile /etc/httpd/conf.modules.d/00-mpm.conf \|")) {
	my $diffres = <PIPE>;
	close(PIPE);
	chomp($diffres);
	if ($diffres) {
	$fixapache = 1;
	}
	}
	}
	}
}	}
return $fixapache;	return $fixapache;
}	}
Line 987 sub chksrvcs {	Line 1132 sub chksrvcs {
}	}

sub need_download {	sub need_download {
	my ($distro,$instdir) = @_;
my $needs_download = 1;	my $needs_download = 1;
my ($production,$testing,$stdsizes) = &download_versionslist();	my ($production,$testing,$stdsizes) = &download_versionslist();
my ($rootdir,$localcurrent,$localtesting,%tarball,%localsize,%bymodtime,	my ($localcurrent,$localtesting,%tarball,%localsize,%bymodtime,
%bysize,$filetouse,$downloadstatus);	%bysize,$filetouse,$downloadstatus);
$rootdir = '/root';	if (opendir(my $dir,$instdir)) {
if (opendir(my $dir,"$rootdir")) {
my (@lcdownloads,$version);	my (@lcdownloads,$version);
foreach my $file (readdir($dir)) {	foreach my $file (readdir($dir)) {
if ($file =~ /^loncapa\-([\w\-.]+)\.tar\.gz$/) {	if ($file =~ /^loncapa\-([\w\-.]+)\.tar\.gz$/) {
Line 1002 sub need_download {	Line 1147 sub need_download {
}	}
if (ref($stdsizes) eq 'HASH') {	if (ref($stdsizes) eq 'HASH') {
if ($version eq 'current') {	if ($version eq 'current') {
my @stats = stat("$rootdir/$file");	my @stats = stat("$instdir/$file");
$localcurrent = $stats[7];	$localcurrent = $stats[7];
if ($localcurrent == $stdsizes->{$production}) {	if ($localcurrent == $stdsizes->{$production}) {
$needs_download = 0;	$needs_download = 0;
$filetouse = $file;	$filetouse = $file;
}	}
} elsif ($version eq 'testing') {	} elsif ($version eq 'testing') {
my @stats = stat("$rootdir/$file");	my @stats = stat("$instdir/$file");
$localtesting = $stats[7];	$localtesting = $stats[7];
if ($localtesting == $stdsizes->{$testing}) {	if ($localtesting == $stdsizes->{$testing}) {
$needs_download = 0;	$needs_download = 0;
Line 1023 sub need_download {	Line 1168 sub need_download {
if ($needs_download) {	if ($needs_download) {
if (@lcdownloads > 0) {	if (@lcdownloads > 0) {
foreach my $version (@lcdownloads) {	foreach my $version (@lcdownloads) {
my @stats = stat("$rootdir/$tarball{$version}");	my @stats = stat("$instdir/$tarball{$version}");
my $mtime = $stats[9];	my $mtime = $stats[9];
$localsize{$version} = $stats[7];	$localsize{$version} = $stats[7];
if ($mtime) {	if ($mtime) {
Line 1056 sub need_download {	Line 1201 sub need_download {
my $newest = $sorted[0];	my $newest = $sorted[0];
if (ref($bymodtime{$newest}) eq 'ARRAY') {	if (ref($bymodtime{$newest}) eq 'ARRAY') {
$downloadstatus =	$downloadstatus =
"Latest LON-CAPA source download in $rootdir is: ".	"Latest LON-CAPA source download in $instdir is: ".
join(',',@{$bymodtime{$newest}})." (downloaded ".	join(',',@{$bymodtime{$newest}})." (downloaded ".
localtime($newest).")\n";	localtime($newest).")\n";
}	}
} else {	} else {
$downloadstatus =	$downloadstatus =
"The $rootdir directory already contains the latest LON-CAPA version:".	"The $instdir directory already contains the latest LON-CAPA version:".
"\n".$filetouse."\n"."which can be used for installation.\n";	"\n".$filetouse."\n"."which can be used for installation.\n";
}	}
} else {	} else {
$downloadstatus = "The $rootdir directory does not appear to contain any downloaded LON-CAPA source code files which can be used for installation.\n";	$downloadstatus = "The $instdir directory does not appear to contain any downloaded LON-CAPA source code files which can be used for installation.\n";
}	}
}	}
} else {	} else {
$downloadstatus = "Could not open $rootdir directory to look for existing downloads of LON-CAPA source code.\n";	$downloadstatus = "Could not open $instdir directory to look for existing downloads of LON-CAPA source code.\n";
}	}
return ($needs_download,$downloadstatus,$filetouse,$production,$testing);	return ($needs_download,$downloadstatus,$filetouse,$production,$testing);
}	}

sub check_mysql_setup {	sub check_mysql_setup {
my ($instdir,$dsn,$distro,$mysql_has_wwwuser) = @_;	my ($instdir,$dsn,$distro) = @_;
my ($mysqlsetup,$has_pass);	my ($mysqlsetup,$has_pass,$mysql_unix_socket,$mysql_has_wwwuser);
my $dbh = DBI->connect($dsn,'root','',{'PrintError'=>0});	my $dbh = DBI->connect($dsn,'root','',{'PrintError'=>0});
	my ($mysqlversion,$mysqlminorversion,$mysqlsubver,$mysqlname) = &get_mysql_version();
	if (($mysqlname =~ /^MariaDB/i) && (($mysqlversion == 10 && $mysqlminorversion >= 4) \|\| ($mysqlversion >= 11))) {
	if ($dbh) {
	my $sth = $dbh->prepare("SELECT Priv FROM mysql.global_priv WHERE (User = 'root' AND Host ='localhost')");
	$sth->execute();
	while (my $priv = $sth->fetchrow_array) {
	if ($priv =~ /unix_socket/) {
	$mysql_unix_socket = 1;
	last;
	}
	}
	$sth->finish();
	if ($mysql_unix_socket) {
	print_and_log(&mt('MariaDB using unix_socket for root access from localhost.')."\n");
	$mysqlsetup = 'rootok';
	$mysql_has_wwwuser = &check_mysql_wwwuser($dbh);
	return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser,$mysql_unix_socket);
	}
	}
	}
if ($dbh) {	if ($dbh) {
$mysqlsetup = 'noroot';	$mysqlsetup = 'noroot';
	if (($mysqlname !~ /^MariaDB/i) && (($mysqlversion == 5 && $mysqlminorversion >= 7) \|\| ($mysqlversion >= 6))) {
	my $sth = $dbh->prepare("SELECT plugin from mysql.user where User='root'");
	$sth->execute();
	while (my $priv = $sth->fetchrow_array) {
	if ($priv =~ /auth_socket/) {
	$mysql_unix_socket = 1;
	last;
	}
	}
	$sth->finish();
	if ($mysql_unix_socket) {
	print_and_log(&mt('MySQL using unix_socket for root access from localhost.')."\n");
	$mysqlsetup = 'rootok';
	$mysql_has_wwwuser = &check_mysql_wwwuser($dbh);
	return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser,$mysql_unix_socket);
	}
	}
} elsif ($DBI::err =~ /1045/) {	} elsif ($DBI::err =~ /1045/) {
$has_pass = 1;	$has_pass = 1;
} elsif ($distro =~ /^ubuntu(\d+)$/) {	} elsif ($distro =~ /^ubuntu(\d+)$/) {
Line 1093 sub check_mysql_setup {	Line 1275 sub check_mysql_setup {
}	}
close(PIPE);	close(PIPE);
}	}
unless ($mysql_has_wwwuser) {
$mysql_has_wwwuser = &check_mysql_wwwuser();
}
$dbh = DBI->connect($dsn,'root','',{'PrintError'=>0});	$dbh = DBI->connect($dsn,'root','',{'PrintError'=>0});
if ($dbh) {	if ($dbh) {
$mysqlsetup = 'noroot';	$mysqlsetup = 'noroot';
	$mysql_has_wwwuser = &check_mysql_wwwuser($dbh);
} elsif ($DBI::err =~ /1045/) {	} elsif ($DBI::err =~ /1045/) {
$has_pass = 1;	$has_pass = 1;
} else {	} else {
$mysqlsetup = 'needsrestart';	$mysqlsetup = 'needsrestart';
	$mysql_has_wwwuser = &check_mysql_wwwuser();
return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser);	return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser);
}	}
}	}
Line 1114 sub check_mysql_setup {	Line 1295 sub check_mysql_setup {
if ($dbh) {	if ($dbh) {
$mysqlsetup = 'rootok';	$mysqlsetup = 'rootok';
print_and_log(&mt('Password accepted.')."\n");	print_and_log(&mt('Password accepted.')."\n");
	$mysql_has_wwwuser = &check_mysql_wwwuser($dbh);
} else {	} else {
$mysqlsetup = 'rootfail';	$mysqlsetup = 'rootfail';
print_and_log(&mt('Problem accessing MySQL.')."\n");	print_and_log(&mt('Problem accessing MySQL.')."\n");
Line 1125 sub check_mysql_setup {	Line 1307 sub check_mysql_setup {
if ($dbh) {	if ($dbh) {
$mysqlsetup = 'rootok';	$mysqlsetup = 'rootok';
print_and_log(&mt('Password accepted.')."\n");	print_and_log(&mt('Password accepted.')."\n");
	$mysql_has_wwwuser = &check_mysql_wwwuser($dbh);
} else {	} else {
if ($DBI::err =~ /1045/) {	if ($DBI::err =~ /1045/) {
print_and_log(&mt('Incorrect password.')."\n");	print_and_log(&mt('Incorrect password.')."\n");
}	}
	$mysql_has_wwwuser = &check_mysql_wwwuser();
}	}
}	}
}	}
} elsif ($mysqlsetup ne 'noroot') {	} elsif ($mysqlsetup ne 'noroot') {
print_and_log(&mt('Problem accessing MySQL.')."\n");	print_and_log(&mt('Problem accessing MySQL.')."\n");
$mysqlsetup = 'rootfail';	$mysqlsetup = 'rootfail';
	$mysql_has_wwwuser = &check_mysql_wwwuser();
}	}
return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser);	return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser);
}	}

sub check_mysql_wwwuser {	sub check_mysql_wwwuser {
	my ($dbh) = @_;
my $mysql_wwwuser;	my $mysql_wwwuser;
my $dbhn = DBI->connect("DBI:mysql:database=information_schema",'www','localhostkey',	if ($dbh) {
{PrintError => +0}) \|\| return;	$mysql_wwwuser = $dbh->selectrow_array("SELECT COUNT(User) FROM mysql.user WHERE (User = 'www' AND Host ='localhost')");
if ($dbhn) {	} else {
$mysql_wwwuser = 1;	my $dbhn = DBI->connect("DBI:mysql:database=information_schema",'www','localhostkey',
$dbhn->disconnect;	{PrintError => +0}) \|\| return;
	if ($dbhn) {
	$mysql_wwwuser = 1;
	$dbhn->disconnect;
	}
}	}
return $mysql_wwwuser;	return $mysql_wwwuser;
}	}
Line 1181 sub get_pathto_iptables {	Line 1371 sub get_pathto_iptables {

sub firewall_is_active {	sub firewall_is_active {
if (-e '/proc/net/ip_tables_names') {	if (-e '/proc/net/ip_tables_names') {
	my $status;
if (open(PIPE,'cat /proc/net/ip_tables_names \|grep filter \|')) {	if (open(PIPE,'cat /proc/net/ip_tables_names \|grep filter \|')) {
my $status = <PIPE>;	$status = <PIPE>;
close(PIPE);	close(PIPE);
chomp($status);	chomp($status);
if ($status eq 'filter') {	if ($status eq 'filter') {
return 1;	return 1;
}	}
}	}
	unless ($status) {
	if (open(PIPE,'nft list tables \|')) {
	while(<PIPE>) {
	chomp();
	if (/filter$/) {
	$status = 1;
	last;
	}
	}
	close(PIPE);
	if ($status) {
	return 1;
	}
	}
	}
}	}
return 0;	return 0;
}	}
Line 1350 print "	Line 1556 print "
".&mt('3.')." ".&mt('Set-up the MySQL database.')."	".&mt('3.')." ".&mt('Set-up the MySQL database.')."
".&mt('4.')." ".&mt('Set-up MySQL permissions.')."	".&mt('4.')." ".&mt('Set-up MySQL permissions.')."
".&mt('5.')." ".&mt('Configure Apache web server.')."	".&mt('5.')." ".&mt('Configure Apache web server.')."
".&mt('6.')." ".&mt('Configure start-up of services.')."	".&mt('6.')." ".&mt('Configure systemd security settings for Apache web server.')."
".&mt('7.')." ".&mt('Check firewall settings.')."	".&mt('7.')." ".&mt('Configure start-up of services.')."
".&mt('8.')." ".&mt('Stop services not used by LON-CAPA,')."	".&mt('8.')." ".&mt('Check firewall settings.')."
	".&mt('9.')." ".&mt('Stop services not used by LON-CAPA,')."
".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")."	".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")."
".&mt('9.')." ".&mt('Download LON-CAPA source code in readiness for installation.')."	".&mt('10.')." ".&mt('Download LON-CAPA source code in readiness for installation.')."

".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')."	".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')."

Line 1383 my $instdir = `pwd`;	Line 1590 my $instdir = `pwd`;
chomp($instdir);	chomp($instdir);

my %callsub;	my %callsub;
my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache',	my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache','systemd',
'runlevels','firewall','stopsrvcs','download');	'runlevels','firewall','stopsrvcs','download');
my %prompts = &texthash(	my %prompts = &texthash(
wwwuser => "Create the 'www' user?",	wwwuser => "Create the 'www' user?",
Line 1391 my %prompts = &texthash(	Line 1598 my %prompts = &texthash(
mysql => 'Set-up the MySQL database?',	mysql => 'Set-up the MySQL database?',
mysqlperms => 'Set-up MySQL permissions?',	mysqlperms => 'Set-up MySQL permissions?',
apache => 'Configure Apache web server?',	apache => 'Configure Apache web server?',
	systemd => 'Configure systemd security settings for Apache web server?',
runlevels => 'Set overrides for start-up order of services?',	runlevels => 'Set overrides for start-up order of services?',
firewall => 'Configure firewall settings for Apache',	firewall => 'Configure firewall settings for Apache',
stopsrvcs => 'Stop extra services not required on a LON-CAPA server?',	stopsrvcs => 'Stop extra services not required on a LON-CAPA server?',
Line 1401 print "\n".&mt('Checking system status .	Line 1609 print "\n".&mt('Checking system status .

my $dsn = "DBI:mysql:database=mysql";	my $dsn = "DBI:mysql:database=mysql";
my ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart,	my ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart,
$recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,$filetouse,$production,	$recommended,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb,$downloadstatus,
$testing,$apachefw,$uses_systemctl) = &check_required($instdir,$dsn);	$filetouse,$production,$testing,$apachefw,$uses_systemctl) = &check_required($instdir,$dsn);
if ($distro eq '') {	if ($distro eq '') {
print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n".	print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n".
&mt('The following are supported: [_1].',	&mt('The following are supported: [_1].',
'CentOS, RedHat Enterprise, Fedora, Scientific Linux, '.	'CentOS, RedHat Enterprise, Fedora, Scientific Linux, '.
'openSuSE, SLES, Ubuntu LTS, Debian')."\n\n".	'Oracle Linux, openSuSE, SLES, Ubuntu LTS, Debian')."\n\n".
&mt('Stopping execution.')."\n";	&mt('Stopping execution.')."\n";
exit;	exit;
}	}
Line 1445 if (!$gotprereqs) {	Line 1653 if (!$gotprereqs) {
exit;	exit;
} else {	} else {
($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,	($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,
$mysqlrestart,$recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,	$mysqlrestart,$recommended,$dbh,$has_pass,$mysql_unix_socket,
$filetouse,$production,$testing,$apachefw,$uses_systemctl) =	$has_lcdb,$downloadstatus,$filetouse,$production,$testing,$apachefw,
&check_required($instdir,$dsn);	$uses_systemctl) = &check_required($instdir,$dsn);
}	}
} else {	} else {
print &mt('Failed to run command to install LONCAPA-prerequisites')."\n";	print &mt('Failed to run command to install LONCAPA-prerequisites')."\n";
Line 1501 my $lctarball = 'loncapa-current.tar.gz'	Line 1709 my $lctarball = 'loncapa-current.tar.gz'
my $sourcetarball = $lctarball;	my $sourcetarball = $lctarball;
if ($callsub{'download'}) {	if ($callsub{'download'}) {
my ($production,$testing,$sizes) = &download_versionslist();	my ($production,$testing,$sizes) = &download_versionslist();
	my $homedir = '/root';
	if ($distro =~ /^ubuntu/) {
	if ($instdir ne $homedir) {
	($homedir) = ($instdir =~ m{^(.*)/[^/]+$});
	}
	}
if ($production && $testing) {	if ($production && $testing) {
if ($production ne $testing) {	if ($production ne $testing) {
print &mt('Two recent LON-CAPA releases are available: ')."\n".	print &mt('Two recent LON-CAPA releases are available: ')."\n".
&mt('1.').' '.&mt('A production release - version: [_1].',$production)."\n".	&mt('1.').' '.&mt('A production release - version: [_1].',$production)."\n".
&mt('2.').' '.&mt('A testing release - version: [_1].',$testing)."\n\n".	&mt('2.').' '.&mt('A testing release - version: [_1].',$testing)."\n\n".
&mt('Download the production release? ~[Y/n~]');	&mt("After download, the tar.gz file will be extracted into $homedir")."\n\n".
	&mt("Download the production release into $instdir? ~[Y/n~]");
if (&get_user_selection(1)) {	if (&get_user_selection(1)) {
$sourcetarball = 'loncapa-'.$production.'.tar.gz';	$sourcetarball = 'loncapa-'.$production.'.tar.gz';
	print "$sourcetarball will be downloaded into $instdir\n";
} else {	} else {
print "\n".&mt('Download the testing release? ~[Y/n~]');	print "\n".&mt('Download the testing release? ~[Y/n~]');
if (&get_user_selection(1)) {	if (&get_user_selection(1)) {
$sourcetarball = 'loncapa-'.$testing.'.tar.gz';	$sourcetarball = 'loncapa-'.$testing.'.tar.gz';
	print "$sourcetarball will be downloaded into $instdir\n";
	} else {
	$callsub{'download'} = 0;
}	}
}	}
}	}
} elsif ($production) {	} elsif ($production) {
print &mt('The most recent LON-CAPA release is version: [_1].',$production)."\n".	print &mt('The most recent LON-CAPA release is version: [_1].',$production)."\n".
&mt('Download the production release? ~[Y/n~]');	&mt("After download, the tar.gz file will be extracted into $homedir")."\n\n".
	&mt("Download the production release into $instdir? ~[Y/n~]");
if (&get_user_selection(1)) {	if (&get_user_selection(1)) {
$sourcetarball = 'loncapa-'.$production.'.tar.gz';	$sourcetarball = 'loncapa-'.$production.'.tar.gz';
	print "$sourcetarball will be downloaded into $instdir\n";
	} else {
	$callsub{'download'} = 0;
}	}
}	}
} elsif ($filetouse ne '') {	} elsif ($filetouse ne '') {
Line 1544 if ($callsub{'pwauth'}) {	Line 1767 if ($callsub{'pwauth'}) {

if ($callsub{'mysql'}) {	if ($callsub{'mysql'}) {
if ($dbh) {	if ($dbh) {
&setup_mysql($callsub{'mysqlperms'},$distro,$dbh,$has_pass,$has_lcdb);	&setup_mysql($callsub{'mysqlperms'},$dbh,$has_pass,
	$mysql_unix_socket,$has_lcdb,$distro);
} else {	} else {
print &mt('Unable to configure MySQL because access is denied.')."\n";	print &mt('Unable to configure MySQL because access is denied.')."\n";
}	}
Line 1552 if ($callsub{'mysql'}) {	Line 1776 if ($callsub{'mysql'}) {
&print_and_log(&mt('Skipping configuration of MySQL.')."\n");	&print_and_log(&mt('Skipping configuration of MySQL.')."\n");
if ($callsub{'mysqlperms'}) {	if ($callsub{'mysqlperms'}) {
if ($dbh) {	if ($dbh) {
&setup_mysql_permissions($dbh,$has_pass);	&setup_mysql_permissions($dbh,$has_pass,$mysql_unix_socket);
} else {	} else {
print &mt('Unable to configure MySQL because access is denied.')."\n";	print &mt('Unable to configure MySQL because access is denied.')."\n";
}	}
Line 1575 if ($callsub{'apache'}) {	Line 1799 if ($callsub{'apache'}) {
&copy_apache2_debconf($instdir,$distro);	&copy_apache2_debconf($instdir,$distro);
} else {	} else {
&copy_httpd_conf($instdir,$distro);	&copy_httpd_conf($instdir,$distro);
	&copy_mpm_conf($instdir,$distro);
}	}
} else {	} else {
print_and_log(&mt('Skipping configuration of Apache web server.')."\n");	print_and_log(&mt('Skipping configuration of Apache web server.')."\n");
}	}

	if ($callsub{'systemd'}) {
	&check_systemd_update($distro);
	} else {
	print_and_log('Skipping systemd configuration update for web server');
	}

if ($callsub{'runlevels'}) {	if ($callsub{'runlevels'}) {
my $count = 0;	my $count = 0;
if (ref($recommended) eq 'HASH') {	if (ref($recommended) eq 'HASH') {
Line 1608 if ($callsub{'runlevels'}) {	Line 1839 if ($callsub{'runlevels'}) {
}	}

if ($callsub{'firewall'}) {	if ($callsub{'firewall'}) {
if (&uses_firewalld($distro)) {	my ($firewalld,$zone) = &uses_firewalld($distro);
	if ($firewalld) {
my (%current,%added);	my (%current,%added);
if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services \|')) {	if (open(PIPE,"firewall-cmd --permanent --zone=$zone --list-services \|")) {
my $svc = <PIPE>;	my $svc = <PIPE>;
close(PIPE);	close(PIPE);
chomp($svc);	chomp($svc);
Line 1618 if ($callsub{'firewall'}) {	Line 1850 if ($callsub{'firewall'}) {
}	}
foreach my $service ('http','https') {	foreach my $service ('http','https') {
unless ($current{$service}) {	unless ($current{$service}) {
if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service \|")) {	if (open(PIPE,"firewall-cmd --permanent --zone=$zone --add-service=$service \|")) {
my $result = <PIPE>;	my $result = <PIPE>;
if ($result =~ /^success/) {	if ($result =~ /^success/) {
$added{$service} = 1;	$added{$service} = 1;
Line 1629 if ($callsub{'firewall'}) {	Line 1861 if ($callsub{'firewall'}) {
if (keys(%added) > 0) {	if (keys(%added) > 0) {
print &mt('Firewall configured to allow access for: [_1].',	print &mt('Firewall configured to allow access for: [_1].',
join(', ',sort(keys(%added))))."\n";	join(', ',sort(keys(%added))))."\n";
	system('firewall-cmd --reload');
}	}
if ($current{'http'} \|\| $current{'https'}) {	if ($current{'http'} \|\| $current{'https'}) {
print &mt('Firewall already configured to allow access for:[_1].',	print &mt('Firewall already configured to allow access for:[_1].',
(($current{'http'})? ' http':'').(($current{'https'})? ' https':''))."\n";	(($current{'http'})? ' http':'').(($current{'https'})? ' https':''))."\n";
}	}
unless ($current{'ssh'}) {	unless ($current{'ssh'}) {
print &mt('If you would the like to allow access to ssh from outside, use the command[_1].',	print &mt('If you would like to allow access to ssh from outside, use the commands:')."\n".
'firewall-cmd --permanent --zone=public --add-service=ssh')."\n";	"firewall-cmd --permanent --zone=$zone --add-service=ssh\n".
	"firewall-cmd --reload\n";
}	}
} elsif ($distro =~ /^(suse\|sles)/) {	} elsif ($distro =~ /^(suse\|sles)/) {
print &mt('Use [_1] to configure the firewall to allow access for [_2].',	print &mt('Use [_1] to configure the firewall to allow access for [_2].',
Line 1658 if ($callsub{'firewall'}) {	Line 1892 if ($callsub{'firewall'}) {
}	}
}	}
}	}
} elsif ($distro =~ /^scientific/) {	} elsif ($distro =~ /^(scientific\|oracle)/) {
print &mt('Use [_1] to configure the firewall to allow access for [_2].',	print &mt('Use [_1] to configure the firewall to allow access for [_2].',
'system-config-firewall-tui -- Customize',	'system-config-firewall-tui -- Customize',
'ssh, http')."\n";	'ssh, http')."\n";
} else {	} else {
print &mt('Use [_1] to configure the firewall to allow access for [_2].',	my $version;
'setup -- Firewall configuration -> Customize',	if ($distro =~ /^(redhat\|centos\|rocky\|alma)(\d+)/) {
'ssh, http, https')."\n";	$version = $1;
	}
	if ($version > 5) {
	print &mt('Use [_1] to configure the firewall to allow access for [_2].',
	'system-config-firewall-tui -- Customize',
	'ssh, http')."\n";
	} else {
	print &mt('Use [_1] to configure the firewall to allow access for [_2].',
	'setup -- Firewall configuration -> Customize',
	'ssh, http, https')."\n";
	}
}	}
} else {	} else {
&print_and_log(&mt('Skipping Firewall configuration.')."\n");	&print_and_log(&mt('Skipping Firewall configuration.')."\n");
Line 1685 if ($callsub{'download'}) {	Line 1929 if ($callsub{'download'}) {
print &mt('LON-CAPA is available for download from: [_1]',	print &mt('LON-CAPA is available for download from: [_1]',
'http://install.loncapa.org/')."\n";	'http://install.loncapa.org/')."\n";
if (!-e '/etc/loncapa-release') {	if (!-e '/etc/loncapa-release') {
&print_and_log(&mt('LON-CAPA is not yet installed on your system.').	&print_and_log(&mt('LON-CAPA is not yet installed on your system.')."\n\n");
"\n\n".	unless ($filetouse) {
&mt('You may retrieve the source for LON-CAPA by executing:')."\n".	&print_and_log(&mt('You may retrieve the source for LON-CAPA by executing:')."\n".
"wget http://install.loncapa.org/versions/$lctarball\n");	"wget http://install.loncapa.org/versions/$lctarball\n");
	}
} else {	} else {
my $currentversion;	my $currentversion;
if (open(my $fh,"</etc/loncapa-release")) {	if (open(my $fh,"</etc/loncapa-release")) {
Line 1715 if ($callsub{'download'}) {	Line 1960 if ($callsub{'download'}) {
}	}

print "\n".&mt('Requested configuration complete.')."\n\n";	print "\n".&mt('Requested configuration complete.')."\n\n";
my $apachename;
if ($have_tarball && !$updateshown) {	if ($have_tarball && !$updateshown) {
my ($lcdir) = ($sourcetarball =~ /^([\w.\-]+)\.tar.gz$/);	my ($lcdir) = ($sourcetarball =~ /^([\w.\-]+)\.tar.gz$/);
if (!-e '/etc/loncapa-release') {	if ($lcdir eq 'loncapa-current') {
print &mt('If you are now ready to install LON-CAPA, enter the following commands:')."\n\n";	$lcdir = "loncapa-X.Y.Z (X.Y.Z should correspond to a version number like '2.11.3')";
} else {	}
print &mt('If you are now ready to update LON-CAPA, enter the following commands:')."\n\n".	my ($apachename,$lc_uses_systemctl,$uses_sudo);
"/etc/init.d/loncontrol stop\n";	if ($distro =~ /^(suse\|sles\|debian\|ubuntu)([\d.]+)/) {
if ($distro =~ /^(suse\|sles\|debian\|ubuntu)([\d.]+)/) {	if (($1 eq 'suse') && ($2 < 10)) {
if (($1 eq 'suse') && ($2 < 10)) {	$apachename = 'apache';
$apachename = 'apache';
} else {
$apachename = 'apache2';
}
} else {	} else {
$apachename = 'httpd';	$apachename = 'apache2';
}	}
print "/etc/init.d/$apachename stop\n";	} else {
	$apachename = 'httpd';
}	}
print "cd /root\n".	if ($distro =~ /^oracle(\d+)$/) {
"tar zxf $sourcetarball\n".	if ($1 > 6) {
"cd $lcdir\n".	$lc_uses_systemctl = 1;
"./UPDATE\n";	}
	} elsif ($distro =~ /^(?:rhes\|centos\|rocky\|alma)(\d+)/) {
	if ($1 > 7) {
	$lc_uses_systemctl = 1;
	}
	} elsif ($distro =~ /^ubuntu(\d+)$/) {
	if ($1 > 16) {
	$lc_uses_systemctl = 1;
	}
	$uses_sudo = 1;
	} elsif ($distro =~ /^debian(\d+)$/) {
	if ($1 >= 10) {
	$lc_uses_systemctl = 1;
	}
	} elsif ($distro =~ /^sles(\d+)$/) {
	if ($1 > 12) {
	$lc_uses_systemctl = 1;
	}
	} elsif ($distro =~ /^fedora(\d+)$/) {
	if ($1 > 25) {
	$lc_uses_systemctl = 1;
	}
	}
	if (!-e '/etc/loncapa-release') {
	print &mt('If you are now ready to install LON-CAPA, enter the following commands:')."\n\n";
	} else {
	my $lcstop = '/etc/init.d/loncontrol stop';
	if ($lc_uses_systemctl) {
	$lcstop = 'systemctl stop loncontrol';
	}
	my $apachestop = "/etc/init.d/$apachename stop";
	if ($uses_systemctl) {
	$apachestop = "systemctl stop $apachename";
	}
	if ($uses_sudo) {
	$lcstop = 'sudo '.$lcstop;
	$apachestop = 'sudo '.$apachestop;
	}
	print &mt('If you are now ready to update LON-CAPA, enter the following commands:').
	"\n\n$lcstop\n$apachestop\n";
	}
	my ($extract,$update);
	my $homedir = '/root';
	if ($uses_sudo) {
	$extract = 'sudo ';
	$update = 'sudo ';
	if ($instdir ne $homedir) {
	($homedir) = ($instdir =~ m{^(.*)/[^/]+$});
	}
	}
	$extract .= "tar zxf $sourcetarball --directory $homedir";
	$update .= './UPDATE';
	print "$extract\n".
	"cd $homedir/$lcdir\n".
	"$update\n";
if (-e '/etc/loncapa-release') {	if (-e '/etc/loncapa-release') {
print "/etc/init.d/loncontrol start\n";	my $lcstart = '/etc/init.d/loncontrol start';
print "/etc/init.d/$apachename start\n";	if ($lc_uses_systemctl) {
	$lcstart = '/home/httpd/perl/loncontrol start';
	}
	my $apachestart = "/etc/init.d/$apachename start";
	if ($uses_systemctl) {
	$apachestart = "systemctl start $apachename";
	}
	if ($uses_sudo) {
	$lcstart = 'sudo '.$lcstart;
	$apachestart = 'sudo '.$apachestart;
	}
	print "$lcstart\n";
	print "$apachestart\n";
}	}
}	}
exit;	exit;
Line 1809 sub build_and_install_mod_auth_external	Line 2116 sub build_and_install_mod_auth_external
> #define SERVER_UIDS $num /* user "www" */	> #define SERVER_UIDS $num /* user "www" */
ENDPATCH	ENDPATCH

	my $patch_code = <<"ENDPATCH";
	127a128
	> #include <string.h>
	214a216
	> #include <time.h>
	566c568
	< check_fails()
	---
	> int check_fails()
	589c591
	< log_failure()
	---
	> void log_failure()
	629c631
	< snooze(int seconds)
	---
	> void snooze(int seconds)
	653c655
	< main(int argc, char **argv)
	---
	> int main(int argc, char **argv)
	ENDPATCH

if (! -e "/usr/bin/patch") {	if (! -e "/usr/bin/patch") {
print_and_log(&mt('You must install the software development tools package: [_1], when installing Linux.',"'patch'")."\n");	print_and_log(&mt('You must install the software development tools package: [_1], when installing Linux.',"'patch'")."\n");
print_and_log(&mt('Authentication installation not completed.')."\n");	print_and_log(&mt('Authentication installation not completed.')."\n");
Line 1819 ENDPATCH	Line 2149 ENDPATCH
return;	return;
}	}
my $dir = "/tmp/pwauth-2.2.8";	my $dir = "/tmp/pwauth-2.2.8";
	my $patchedok;
if (open(PATCH,"\| patch $dir/config.h")) {	if (open(PATCH,"\| patch $dir/config.h")) {
print PATCH $patch;	print PATCH $patch;
close(PATCH);	close(PATCH);
	if (open(PATCH,"\| patch $dir/pwauth.c")) {
	print PATCH $patch_code;
	close(PATCH);
	$patchedok = 1;
	}
	}
	if ($patchedok) {
print_and_log("\n");	print_and_log("\n");
##	##
## Compile patched pwauth	## Compile patched pwauth
Line 1892 sub kill_extra_services {	Line 2230 sub kill_extra_services {
&print_and_log(&mt('Removing [_1] from startup.',$service)."\n");	&print_and_log(&mt('Removing [_1] from startup.',$service)."\n");
if ($distro =~ /^(?:debian\|ubuntu)(\d+)/) {	if ($distro =~ /^(?:debian\|ubuntu)(\d+)/) {
my $version = $1;	my $version = $1;
if (($distro =~ /^ubuntu/) && ($version > 16)) {	if ((($distro =~ /^ubuntu/) && ($version > 16)) \|\|
	(($distro =~ /^debian/) && ($version >= 10))) {
if (ref($uses_systemctl) eq 'HASH') {	if (ref($uses_systemctl) eq 'HASH') {
if ($uses_systemctl->{$service}) {	if ($uses_systemctl->{$service}) {
if (`systemctl is-enabled $service`) {	if (`systemctl is-enabled $service`) {
Line 1924 sub kill_extra_services {	Line 2263 sub kill_extra_services {
}	}

sub setup_mysql {	sub setup_mysql {
my ($setup_mysql_permissions,$distro,$dbh,$has_pass,$has_lcdb) = @_;	my ($setup_mysql_permissions,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb,$distro) = @_;
my @mysql_lc_commands;	my @mysql_lc_commands;
unless ($has_lcdb) {	unless ($has_lcdb) {
push(@mysql_lc_commands,"CREATE DATABASE loncapa");	my $createcmd = 'CREATE DATABASE loncapa';
	if ($distro =~ /^sles(\d+)/) {
	if ($1 > 11) {
	$createcmd .= ' CHARACTER SET utf8 COLLATE utf8_general_ci';
	}
	} elsif ($distro =~ /^ubuntu(\d+)/) {
	if ($1 > 16) {
	$createcmd .= ' CHARACTER SET latin1 COLLATE latin1_swedish_ci';
	}
	}
	push(@mysql_lc_commands,$createcmd);
}	}
push(@mysql_lc_commands,"USE loncapa");	push(@mysql_lc_commands,"USE loncapa");
push(@mysql_lc_commands,qq{	push(@mysql_lc_commands,qq{
CREATE TABLE IF NOT EXISTS metadata (title TEXT, author TEXT, subject TEXT, url TEXT, keywords TEXT, version TEXT, notes TEXT, abstract TEXT, mime TEXT, language TEXT, creationdate DATETIME, lastrevisiondate DATETIME, owner TEXT, copyright TEXT, domain TEXT, dependencies TEXT, modifyinguser TEXT, authorspace TEXT, lowestgradelevel TEXT, highestgradelevel TEXT, standards TEXT, count INT, course INT, course_list TEXT, goto INT, goto_list TEXT, comefrom INT, comefrom_list TEXT, sequsage INT, sequsage_list TEXT, stdno INT, stdno_list TEXT, avetries FLOAT, avetries_list TEXT, difficulty FLOAT, difficulty_list TEXT, disc FLOAT, disc_list TEXT, clear FLOAT, technical FLOAT, correct FLOAT, helpful FLOAT, depth FLOAT, hostname TEXT, FULLTEXT idx_title (title), FULLTEXT idx_author (author), FULLTEXT idx_subject (subject), FULLTEXT idx_url (url), FULLTEXT idx_keywords (keywords), FULLTEXT idx_version (version), FULLTEXT idx_notes (notes), FULLTEXT idx_abstract (abstract), FULLTEXT idx_mime (mime), FULLTEXT idx_language (language), FULLTEXT idx_owner (owner), FULLTEXT idx_copyright (copyright)) ENGINE=MYISAM	CREATE TABLE IF NOT EXISTS metadata (title TEXT, author TEXT, subject TEXT, url TEXT, keywords TEXT, version TEXT, notes TEXT, abstract TEXT, mime TEXT, language TEXT, creationdate DATETIME, lastrevisiondate DATETIME, owner TEXT, copyright TEXT, domain TEXT, dependencies TEXT, modifyinguser TEXT, authorspace TEXT, lowestgradelevel TEXT, highestgradelevel TEXT, standards TEXT, count INT, course INT, course_list TEXT, goto INT, goto_list TEXT, comefrom INT, comefrom_list TEXT, sequsage INT, sequsage_list TEXT, stdno INT, stdno_list TEXT, avetries FLOAT, avetries_list TEXT, difficulty FLOAT, difficulty_list TEXT, disc FLOAT, disc_list TEXT, clear FLOAT, technical FLOAT, correct FLOAT, helpful FLOAT, depth FLOAT, hostname TEXT, FULLTEXT idx_title (title), FULLTEXT idx_author (author), FULLTEXT idx_subject (subject), FULLTEXT idx_url (url), FULLTEXT idx_keywords (keywords), FULLTEXT idx_version (version), FULLTEXT idx_notes (notes), FULLTEXT idx_abstract (abstract), FULLTEXT idx_mime (mime), FULLTEXT idx_language (language), FULLTEXT idx_owner (owner), FULLTEXT idx_copyright (copyright)) ENGINE=MYISAM
});	});
if ($setup_mysql_permissions) {	if ($setup_mysql_permissions) {
&setup_mysql_permissions($dbh,$has_pass,@mysql_lc_commands);	&setup_mysql_permissions($dbh,$has_pass,$mysql_unix_socket,@mysql_lc_commands);
} else {	} else {
print_and_log(&mt('Skipping MySQL permissions setup.')."\n");	print_and_log(&mt('Skipping MySQL permissions setup.')."\n");
if ($dbh) {	if ($dbh) {
Line 1951 CREATE TABLE IF NOT EXISTS metadata (tit	Line 2300 CREATE TABLE IF NOT EXISTS metadata (tit
}	}

sub setup_mysql_permissions {	sub setup_mysql_permissions {
my ($dbh,$has_pass,@mysql_lc_commands) = @_;	my ($dbh,$has_pass,$mysql_unix_socket,@mysql_lc_commands) = @_;
my ($mysqlversion,$mysqlsubver,$mysqlname) = &get_mysql_version();	my ($mysqlversion,$mysqlminorversion,$mysqlsubver,$mysqlname) = &get_mysql_version();
my ($usesauth,$is_mariadb,$hasauthcol,@mysql_commands);	my ($usescreate,$usesauth,$is_mariadb,$hasauthcol,@mysql_commands);
if ($mysqlname =~ /^MariaDB/i) {	if ($mysqlname =~ /^MariaDB/i) {
$is_mariadb = 1;	$is_mariadb = 1;
if ($mysqlversion >= 10.2) {	if ((($mysqlversion == 10) && ($mysqlminorversion >= 4)) \|\| ($mysqlversion >= 11)) {
	$usescreate = 1;
	} elsif (($mysqlversion == 10) && ($mysqlminorversion >= 2)) {
$usesauth = 1;	$usesauth = 1;
} elsif ($mysqlversion >= 5.5) {	} elsif (($mysqlversion == 5) && ($mysqlminorversion >= 5)) {
$hasauthcol = 1;	$hasauthcol = 1;
}	}
} else {	} else {
if (($mysqlversion > 5.7) \|\| (($mysqlversion == 5.7) && ($mysqlsubver > 5))) {	if (($mysqlversion > 5) \|\| (($mysqlminorversion == 5) && ($mysqlminorversion > 7)) \|\|
	(($mysqlversion == 5) && ($mysqlminorversion == 7) && ($mysqlsubver > 5))) {
$usesauth = 1;	$usesauth = 1;
} elsif (($mysqlversion >= 5.6) \|\| (($mysqlversion == 5.5) && ($mysqlsubver >= 7))) {	} elsif (($mysqlversion == 5) &&
	(($mysqlminorversion >= 6) \|\| (($mysqlminorversion == 5) && ($mysqlsubver >= 7)))) {
$hasauthcol = 1;	$hasauthcol = 1;
}	}
}	}
if ($usesauth) {	if ($usescreate) {
@mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')");	@mysql_commands = ("CREATE USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'");
	} elsif ($usesauth) {
	@mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')",
	"FLUSH PRIVILEGES");
if ($is_mariadb) {	if ($is_mariadb) {
push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'");	push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'");
} else {	} else {
Line 1988 INSERT db (Host,Db,User,Select_priv,Inse	Line 2344 INSERT db (Host,Db,User,Select_priv,Inse
INSERT db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv) VALUES('localhost','loncapa','www','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y')");	INSERT db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv) VALUES('localhost','loncapa','www','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y')");
}	}
push(@mysql_commands,"DELETE FROM user WHERE host<>'localhost'");	push(@mysql_commands,"DELETE FROM user WHERE host<>'localhost'");
if ($has_pass) {	if (($has_pass) \|\| ($mysql_unix_socket)) {
if ($dbh) {	if ($dbh) {
push(@mysql_commands,"FLUSH PRIVILEGES");	push(@mysql_commands,"FLUSH PRIVILEGES");
if (@mysql_commands) {	if (@mysql_commands) {
Line 2075 sub new_mysql_rootpasswd {	Line 2431 sub new_mysql_rootpasswd {
}	}

sub get_mysql_version {	sub get_mysql_version {
my ($version,$subversion,$name);	my ($version,$minorversion,$subversion,$name);
if (open(PIPE," mysql -V \|")) {	if (open(PIPE," mysql -V \|")) {
my $info = <PIPE>;	my $info = <PIPE>;
chomp($info);	chomp($info);
close(PIPE);	close(PIPE);
($version,$subversion,$name) = ($info =~ /(\d+\.\d+)\.(\d+)\-?(\w*),/);	($version,$minorversion,$subversion,$name) = ($info =~ /(\d+)\.(\d+)\.(\d+)(?:\-?(\w*),\|)/);
} else {	} else {
print &mt('Could not determine which version of MySQL is installed.').	print &mt('Could not determine which version of MySQL is installed.').
"\n";	"\n";
}	}
return ($version,$subversion,$name);	return ($version,$minorversion,$subversion,$name);
	}

	sub check_systemd_update {
	my ($distro) = @_;
	my ($use_systemctl,$service);
	$service = 'apache2.service';
	if ($distro =~ /^ubuntu(\w+)/) {
	if ($1 >= 16) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^debian(\w+)/) {
	if ($1 >= 9) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^fedora(\d+)/) {
	$service = 'httpd.service';
	if ($1 >= 16) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^(?:centos\|rhes\|scientific\|oracle\|rocky\|alma)(\d+)/) {
	$service = 'httpd.service';
	if ($1 >= 7) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^sles(\d+)/) {
	if ($1 >= 12) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^suse(\d+)/) {
	if ($1 >= 13) {
	$use_systemctl = 1;
	}
	}
	if ($use_systemctl) {
	my $needsupdate = &check_systemd_security($distro);
	if ($needsupdate) {
	if (!-d '/etc/systemd/system/'.$service.'.d') {
	mkdir '/etc/systemd/system/'.$service.'.d', 0755;
	}
	if (-d '/etc/systemd/system/'.$service.'.d') {
	if (-e '/etc/systemd/system/'.$service.'.d/override.conf') {
	if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) {
	my ($inservice,$addservice,$protectoff,$linenum,$change,@lines);
	while (my $entry = <$fh>) {
	$linenum ++;
	chomp($entry);
	if ($entry eq '[Service]') {
	if (!$protectoff) {
	$inservice = $linenum;
	push(@lines,$entry);
	} else {
	$addservice = 1;
	next;
	}
	}
	if ($entry =~ /^ProtectHome\s=\s([\w-]+)\s*$/) {
	my $value = $1;
	if ($protectoff) {
	next;
	if (lc($value) eq 'no') {
	$protectoff = $linenum;
	push(@lines,$entry);
	} else {
	if ($protectoff) {
	next;
	} else {
	push(@lines,'ProtectHome=no');
	$protectoff = $linenum;
	$change = $linenum;
	}
	}
	}
	}
	}
	close($fh);
	if ($addservice \|\| $change \|\| !$protectoff) {
	if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
	if ($addservice) {
	print $fh "[Service]\n";
	}
	foreach my $entry (@lines) {
	print $fh "$entry\n";
	}
	close($fh);
	print_and_log('Updated /etc/systemd/system/'.$service.'.d/override.conf');
	system('systemctl daemon-reload');
	} else {
	print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for writing.');
	}
	} else {
	print_and_log('No change needed in /etc/systemd/system/'.$service.'.d/override.conf');
	}
	} else {
	print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for reading.');
	}
	} else {
	if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
	print $fh '[Service]'."\n".'ProtectHome=no'."\n";
	close($fh);
	print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf');
	system('systemctl daemon-reload');
	}
	}
	} else {
	print_and_log('No /etc/systemd/system/'.$service.'.d directory exists and creating one failed,');
	}
	} else {
	print_and_log('No update needed to systemd security settings for Apache web server.');
	}
	} else {
	print_and_log('No update needed to systemd, as this Linux distro does not use systemctl');
	}
}	}

###########################################################	###########################################################
Line 2098 sub get_mysql_version {	Line 2566 sub get_mysql_version {
sub copy_httpd_conf {	sub copy_httpd_conf {
my ($instdir,$distro) = @_;	my ($instdir,$distro) = @_;
my $configfile = 'httpd.conf';	my $configfile = 'httpd.conf';
if ($distro =~ /^(?:centos\|rhes\|scientific)(\d+)$/) {	if ($distro =~ /^(?:centos\|rhes\|scientific\|oracle\|rocky\|alma)(\d+)/) {
if ($1 >= 7) {	if ($1 >= 7) {
$configfile = 'apache2.4/httpd.conf';	$configfile = 'apache2.4/httpd.conf';
} elsif ($1 > 5) {	} elsif ($1 > 5) {
Line 2119 sub copy_httpd_conf {	Line 2587 sub copy_httpd_conf {
print_and_log("\n");	print_and_log("\n");
}	}

	###########################################################
	##
	## RHEL/CentOS/Fedora/Scientific Linux
	## Copy LON-CAPA mpm.conf to /etc/httpd/conf.modules.d/00-mpm.conf
	##
	## The LON-CAPA mpm.conf enables the prefork MPM module in
	## Apache. This is also the default for RHEL/CentOS/Oracle
	## Linux 7 and earlier, and Fedora 26 and earlier. For more
	## recent versions of those distros, the event MPM is enabled
	## by default. After &copy_mpm_conf() is run, the prefork MPM
	## module will be enabled instead of the event MPM module.
	##
	###########################################################

	sub copy_mpm_conf {
	my ($instdir,$distro) = @_;
	my $mpmfile = 'mpm.conf';
	if ((-e "/etc/httpd/conf.modules.d/00-mpm.conf") &&
	(-e "$instdir/centos-rhes-fedora-sl/$mpmfile")) {
	print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'mpm.conf'",
	"'/etc/httpd/conf.modules.d/00-mpm.conf'")."\n");
	copy "$instdir/centos-rhes-fedora-sl/$mpmfile","/etc/httpd/conf.modules.d/00-mpm.conf";
	chmod(0644,"/etc/httpd/conf.modules.d/00-mpm.conf");
	print_and_log("\n");
	} else {
	my $logfail;
	if ($distro =~ /^(?:centos\|rhes\|scientific\|oracle\|rocky\|alma)(\d+)/) {
	if ($1 > 7) {
	$logfail = 1;
	}
	} elsif ($distro =~ /^fedora(\d+)$/) {
	if ($1 > 26) {
	$logfail = 1;
	}
	}
	if ($logfail) {
	print_and_log(&mt('Warning: copying the LON-CAPA [_1] failed because [_2] and/or [_3] are missing.',
	$mpmfile,"'$instdir/centos-rhes-fedora-sl/$mpmfile'",
	"'/etc/httpd/conf.modules.d/00-mpm.conf'"));
	print_and_log("\n");
	}
	}
	}

#########################################################	#########################################################
##	##
## Ubuntu/Debian -- copy our loncapa configuration file to	## Ubuntu/Debian -- copy our loncapa configuration file to
Line 2139 sub copy_apache2_debconf {	Line 2651 sub copy_apache2_debconf {
my $apache2_sites_enabled_dir = '/etc/apache2/sites-enabled';	my $apache2_sites_enabled_dir = '/etc/apache2/sites-enabled';
my $apache2_sites_available_dir = '/etc/apache2/sites-available';	my $apache2_sites_available_dir = '/etc/apache2/sites-available';
my $defaultconfig = "$apache2_sites_enabled_dir/000-default";	my $defaultconfig = "$apache2_sites_enabled_dir/000-default";
	my $defaultsite = "$apache2_sites_enabled_dir/loncapa.conf";
my ($distname,$version);	my ($distname,$version);
if ($distro =~ /^(debian\|ubuntu)(\d+)$/) {	if ($distro =~ /^(debian\|ubuntu)(\d+)$/) {
$distname = $1;	$distname = $1;
$version = $2;	$version = $2;
}	}
if (($distname eq 'ubuntu') && ($version > 12)) {	if ((($distname eq 'ubuntu') && ($version > 12)) \|\|
	(($distname eq 'debian') && ($version >= 10))) {
$defaultconfig = "$apache2_sites_enabled_dir/000-default.conf";	$defaultconfig = "$apache2_sites_enabled_dir/000-default.conf";
}	}
if (-l $defaultconfig) {	my ($skipconf,$skipsite,$skipstatus);
unlink($defaultconfig);	if ((($distname eq 'ubuntu') && ($version > 12)) \|\|
}	(($distname eq 'debian') && ($version >= 10))) {
if (($distname eq 'ubuntu') && ($version > 12)) {
print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from conf-enabled.',"'apache2'","'/etc/apache2/conf-available'","'loncapa.conf symlink'")."\n");
my $apache2_conf_enabled_dir = '/etc/apache2/conf-enabled';	my $apache2_conf_enabled_dir = '/etc/apache2/conf-enabled';
my $apache2_conf_available_dir = '/etc/apache2/conf-available';	my $apache2_conf_available_dir = '/etc/apache2/conf-available';
if (-e "$apache2_conf_available_dir/loncapa") {
copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.original");
}
my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf';	my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf';
copy("$instdir/debian-ubuntu/ubuntu14/loncapa_conf","$apache2_conf_available_dir/loncapa");	if ((-e "$apache2_conf_available_dir/loncapa") && (-e "$instdir/debian-ubuntu/ubuntu14/loncapa_conf")) {
chmod(0444,"$apache2_conf_available_dir/loncapa");	if (open(PIPE, "diff --brief $apache2_conf_available_dir/loncapa $instdir/debian-ubuntu/ubuntu14/loncapa_conf \|")) {
if (-l $defaultconf) {	my $diffres = <PIPE>;
unlink($defaultconf);	close(PIPE);
}	chomp($diffres);
symlink("$apache2_conf_available_dir/loncapa","$defaultconf");	if ($diffres) {
print_and_log(&mt('Copying loncapa [_1] site file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default.conf symlink'")."\n");	copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.conf.original");
copy("$instdir/debian-ubuntu/ubuntu14/loncapa_site","$apache2_sites_available_dir/loncapa");	} else {
chmod(0444,"$apache2_sites_available_dir/loncapa");	copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.conf");
symlink("$apache2_sites_available_dir/loncapa","$defaultconfig");	chdir($apache2_conf_enabled_dir);
} else {	symlink('../conf-available/loncapa.conf','loncapa.conf');
print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default symlink'")."\n");	chdir($instdir);
if (-e "$apache2_sites_available_dir/loncapa") {	}
copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.original");	if (-l $defaultconf) {
}	my $linkfname = readlink($defaultconf);
copy("$instdir/debian-ubuntu/loncapa","$apache2_sites_available_dir/loncapa");	if ($linkfname ne '') {
chmod(0444,"$apache2_sites_available_dir/loncapa");	$linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_conf_enabled_dir));
symlink("$apache2_sites_available_dir/loncapa","$apache2_sites_enabled_dir/000-default");	}
	if ($linkfname eq "$apache2_conf_available_dir/loncapa") {
	unlink($defaultconf);
	}
	}
	unlink("$apache2_conf_available_dir/loncapa");
	}
	}
	if ((-e "$apache2_conf_available_dir/loncapa.conf") && (-e "$instdir/debian-ubuntu/ubuntu14/loncapa_conf")) {
	if (open(PIPE, "diff --brief $apache2_conf_available_dir/loncapa.conf $instdir/debian-ubuntu/ubuntu14/loncapa_conf \|")) {
	my $diffres = <PIPE>;
	close(PIPE);
	chomp($diffres);
	if ($diffres) {
	copy("$apache2_conf_available_dir/loncapa.conf","$apache2_conf_available_dir/loncapa.conf.original");
	}
	if (-l $defaultconf) {
	my $linkfname = readlink($defaultconf);
	if ($linkfname ne '') {
	$linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_conf_enabled_dir));
	}
	if ($linkfname eq "$apache2_conf_available_dir/loncapa.conf") {
	unless ($diffres) {
	$skipconf = 1;
	}
	}
	}
	}
	}
	unless ($skipconf) {
	print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from conf-enabled.',"'apache2'","'/etc/apache2/conf-available'","'loncapa.conf symlink'")."\n");
	copy("$instdir/debian-ubuntu/ubuntu14/loncapa_conf","$apache2_conf_available_dir/loncapa.conf");
	chmod(0444,"$apache2_conf_available_dir/loncapa.conf");
	if (-l $defaultconf) {
	unlink($defaultconf);
	}
	chdir($apache2_conf_enabled_dir);
	symlink('../conf-available/loncapa.conf','loncapa.conf');
	chdir($instdir);
	}
	my $stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_site";
	if ((-e $stdsite) && (-e "$apache2_sites_available_dir/loncapa")) {
	if (open(PIPE, "diff --brief $stdsite $apache2_sites_available_dir/loncapa \|")) {
	my $diffres = <PIPE>;
	close(PIPE);
	chomp($diffres);
	if ($diffres) {
	copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.conf.original");
	} else {
	copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.conf");
	}
	if (-l $defaultconfig) {
	my $linkfname = readlink($defaultconfig);
	if ($linkfname ne '') {
	$linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_sites_enabled_dir));
	}
	if ($linkfname eq "$apache2_sites_available_dir/loncapa") {
	unlink($defaultconfig);
	}
	}
	unlink("$apache2_sites_available_dir/loncapa");
	}
	}
	if ((-e $stdsite) && (-e "$apache2_sites_available_dir/loncapa.conf")) {
	if (open(PIPE, "diff --brief $stdsite $apache2_sites_available_dir/loncapa.conf \|")) {
	my $diffres = <PIPE>;
	close(PIPE);
	chomp($diffres);
	if ($diffres) {
	copy("$apache2_sites_available_dir/loncapa.conf","$apache2_sites_available_dir/loncapa.conf.original");
	}
	if (-l $defaultsite) {
	my $linkfname = readlink($defaultsite);
	if ($linkfname ne '') {
	$linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_sites_enabled_dir));
	}
	if ($linkfname eq "$apache2_sites_available_dir/loncapa.conf") {
	unless ($diffres) {
	$skipsite = 1;
	}
	}
	}
	}
	}
	unless ($skipsite) {
	print_and_log(&mt('Copying loncapa [_1] site file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'loncapa.conf symlink'")."\n");
	copy("$instdir/debian-ubuntu/ubuntu14/loncapa_site","$apache2_sites_available_dir/loncapa.conf");
	chmod(0444,"$apache2_sites_available_dir/loncapa.conf");
	chdir($apache2_sites_enabled_dir);
	symlink('../sites-available/loncapa.conf','loncapa.conf');
	chdir($instdir);
	}
	if (-l $defaultconfig) {
	my $linkfname = readlink($defaultconfig);
	if ($linkfname ne '') {
	$linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_sites_enabled_dir));
	}
	if ($linkfname eq "$apache2_sites_available_dir/000-default.conf") {
	unlink($defaultconfig);
	}
	}
	} else {
	if ((-e "$instdir/debian-ubuntu/loncapa") && (-e "$apache2_sites_available_dir/loncapa")) {
	if (open(PIPE, "diff --brief $instdir/debian-ubuntu/loncapa $apache2_sites_available_dir/loncapa \|")) {
	my $diffres = <PIPE>;
	close(PIPE);
	chomp($diffres);
	if ($diffres) {
	copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.original");
	}
	if (-l $defaultconfig) {
	my $linkfname = readlink($defaultconfig);
	if ($linkfname eq "$apache2_sites_available_dir/loncapa") {
	unless ($diffres) {
	$skipsite = 1;
	}
	}
	}
	}
	}
	unless ($skipsite) {
	if (-l $defaultconfig) {
	unlink($defaultconfig);
	}
	print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default symlink'")."\n");
	if (-e "$instdir/debian-ubuntu/loncapa") {
	copy("$instdir/debian-ubuntu/loncapa","$apache2_sites_available_dir/loncapa");
	chmod(0444,"$apache2_sites_available_dir/loncapa");
	symlink("$apache2_sites_available_dir/loncapa","$apache2_sites_enabled_dir/000-default");
	}
	}
	}
	if (($distname eq 'ubuntu') \|\| ($distname eq 'debian')) {
	my $sitestatus = "$apache2_mods_available_dir/status.conf";
	my $stdstatus = "$instdir/debian-ubuntu/status.conf";
	if ((-e $sitestatus) && (-e $stdstatus)) {
	if (open(PIPE, "diff --brief $stdstatus $sitestatus \|")) {
	my $diffres = <PIPE>;
	close(PIPE);
	chomp($diffres);
	if ($diffres) {
	copy("$apache2_mods_available_dir/status.conf","$apache2_mods_available_dir/status.conf.original");
	} else {
	$skipstatus = 1;
	}
	}
	}
	unless ($skipstatus) {
	if (-e $stdstatus) {
	print_and_log(&mt('Copying loncapa [_1] file to [_2],',"'status.conf'","'/etc/apache2/mods-available/status.conf'")."\n");
	copy($stdstatus,$sitestatus);
	chmod(0644,$sitestatus);
	}
	}
}	}
print_and_log("\n");	print_and_log("\n");
}	}
Line 2355 sub download_loncapa {	Line 3017 sub download_loncapa {
print_and_log("	print_and_log("
------------------------------------------------------------------------	------------------------------------------------------------------------

".&mt('You seem to have a version of loncapa-current.tar.gz in [_1]',$instdir)."\n".	".&mt('You seem to have a version of [_1] in [_2]',$lctarball,$instdir)."\n".
&mt('This copy will be used and a new version will NOT be downloaded.')."\n".	&mt('This copy will be used and a new version will NOT be downloaded.')."\n".
&mt('If you wish, you may download a new version by executing:')."	&mt('If you wish, you may download a new version by executing:')."

wget http://install.loncapa.org/versions/loncapa-current.tar.gz	wget http://install.loncapa.org/versions/$lctarball

------------------------------------------------------------------------	------------------------------------------------------------------------
");	");
}	}

##	##
## untar loncapa.tar.gz	## untar loncapa-X.Y.Z.tar.gz
##	##
if ($have_tarball) {	if ($have_tarball) {
	my $homedir = '/root';
	my ($targetdir,$chdircmd,$updatecmd);
	if (($distro =~ /^ubuntu/) && ($instdir ne $homedir)) {
	($homedir) = ($instdir =~ m{^(.*)/[^/]+$});
	$updatecmd = 'sudo ./UPDATE';
	} else {
	$updatecmd = './UPDATE';
	}
print_and_log(&mt('Extracting LON-CAPA source files')."\n");	print_and_log(&mt('Extracting LON-CAPA source files')."\n");
writelog(`cd ~root; tar zxf $instdir/$lctarball`);	if (-e $homedir) {
	writelog(`tar zxf $instdir/$lctarball --directory $homedir`);
	$targetdir = $homedir;
	} else {
	writelog(`tar zxf $instdir/$lctarball`);
	$targetdir = $instdir;
	}
	if ($lctarball =~ /^loncapa\-(\d+\.\d+\.\d+(?:\|[^.]+))\.tar\.gz$/) {
	$chdircmd = "cd $targetdir/loncapa-".$1;
	} else {
	$chdircmd = "cd $targetdir/loncapa-X.Y.Z (X.Y.Z should correspond to a version number like '2.11.3')";
	}
print_and_log("\n");	print_and_log("\n");
print &mt('LON-CAPA source files extracted.')."\n".	print &mt('LON-CAPA source files extracted.')."\n".
&mt('It remains for you to execute the following commands:')."	&mt('It remains for you to execute the following commands:').
	"\n$chdircmd\n$updatecmd\n".
cd /root/loncapa-N.N (N.N should correspond to a version number like '0.4')	&mt('If you have any trouble, please see [_1] and [_2]',
./UPDATE	'http://install.loncapa.org/','http://help.loncapa.org/')."\n";

".&mt('If you have any trouble, please see [_1] and [_2]',
'http://install.loncapa.org/','http://help.loncapa.org/')."\n";
$updateshown = 1;	$updateshown = 1;
}	}
return ($have_tarball,$updateshown);	return ($have_tarball,$updateshown);

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.45.2.2
changed lines
	Added in v.1.45.2.21