doc/install/linux/install.pl - diff

Return to install.pl CVS log

Up to [LON-CAPA] / doc / install / linux

Diff for /doc/install/linux/install.pl between versions 1.82 and 1.92

version 1.82, 2021/12/21 16:05:45	version 1.92, 2024/07/28 13:21:34
Line 572 sub check_required {	Line 572 sub check_required {
if ($mysqlsetup eq 'needsrestart') {	if ($mysqlsetup eq 'needsrestart') {
$mysqlrestart = '';	$mysqlrestart = '';
if ($distro eq 'ubuntu') {	if ($distro eq 'ubuntu') {
$mysqlrestart = 'sudo ';	$mysqlrestart = 'sudo ';
}	}
$mysqlrestart .= 'service mysql restart';	$mysqlrestart .= 'service mysql restart';
return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart);	return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart);
Line 595 sub check_required {	Line 595 sub check_required {
my ($sslhostsfilesref,$has_std,$has_int,$rewritenum,$nochgstd,$nochgint);	my ($sslhostsfilesref,$has_std,$has_int,$rewritenum,$nochgstd,$nochgint);
($recommended{'firewall'},$apachefw) = &chkfirewall($distro);	($recommended{'firewall'},$apachefw) = &chkfirewall($distro);
($recommended{'runlevels'},$tostop,$uses_systemctl) = &chkconfig($distro,$instdir);	($recommended{'runlevels'},$tostop,$uses_systemctl) = &chkconfig($distro,$instdir);
	if ((ref($uses_systemctl) eq 'HASH') && ($uses_systemctl->{'apache'})) {
	$recommended{'systemd'} = &check_systemd_security($distro);
	}
$recommended{'apache'} = &chkapache($distro,$instdir);	$recommended{'apache'} = &chkapache($distro,$instdir);
($recommended{'apachessl'},$sslhostsfilesref,$has_std,$has_int,$rewritenum,	($recommended{'apachessl'},$sslhostsfilesref,$has_std,$has_int,$rewritenum,
$nochgstd,$nochgint) = &chkapachessl($distro,$instdir,$hostname,$hostip);	$nochgstd,$nochgint) = &chkapachessl($distro,$instdir,$hostname,$hostip);
Line 622 sub check_mysql_running {	Line 625 sub check_mysql_running {
$process = 'mysqld';	$process = 'mysqld';
$proc_owner = 'mysql';	$proc_owner = 'mysql';
}	}
	if ($1 >= 16) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^debian(\w+)/) {
	if ($1 >= 10) {
	$process = 'mysql';
	$proc_owner = 'mysql';
	}
	if ($1 >= 11) {
	$mysqldaemon = 'mariadb';
	}
	if ($1 >= 9) {
	$use_systemctl = 1;
	}
} elsif ($distro =~ /^fedora(\d+)/) {	} elsif ($distro =~ /^fedora(\d+)/) {
if ($1 >= 16) {	if ($1 >= 16) {
$process = 'mysqld';	$process = 'mysqld';
Line 641 sub check_mysql_running {	Line 658 sub check_mysql_running {
$proc_owner = 'mysql';	$proc_owner = 'mysql';
$use_systemctl = 1;	$use_systemctl = 1;
}	}
	if ($1 >= 9) {
	$process = 'mariadb';
	}
} elsif ($distro =~ /^sles(\d+)/) {	} elsif ($distro =~ /^sles(\d+)/) {
if ($1 >= 12) {	if ($1 >= 12) {
$use_systemctl = 1;	$use_systemctl = 1;
Line 761 sub chkconfig {	Line 781 sub chkconfig {
if (($distro =~ /^ubuntu/) && ($version <= 8)) {	if (($distro =~ /^ubuntu/) && ($version <= 8)) {
$daemon{'cups'} = 'cupsys';	$daemon{'cups'} = 'cupsys';
}	}
if (($distro =~ /^ubuntu/) && ($version >= 18)) {	if ((($distro =~ /^ubuntu/) && ($version >= 18)) \|\|
	(($distro =~ /^debian/) && ($version >= 10))) {
$daemon{'ntp'} = 'chrony';	$daemon{'ntp'} = 'chrony';
}	}
	if (($distro =~ /^debian/) && ($version >= 11)) {
	$daemon{'mysql'} = 'mariadb';
	}
} elsif ($distro =~ /^fedora(\d+)/) {	} elsif ($distro =~ /^fedora(\d+)/) {
my $version = $1;	my $version = $1;
if ($version >= 15) {	if ($version >= 15) {
Line 886 sub chkconfig {	Line 910 sub chkconfig {
return (\%needfix,\%tostop,\%uses_systemctl);	return (\%needfix,\%tostop,\%uses_systemctl);
}	}

	sub check_systemd_security {
	my ($distro) = @_;
	my $service = 'httpd.service';
	if ($distro =~ /^(suse\|sles\|ubuntu\|debian)/) {
	$service = 'apache2.service';
	}
	system("systemctl daemon-reload");
	if (open(PIPE,"systemctl show $service --property=ProtectHome 2>/dev/null \|")) {
	my $protection = <PIPE>;
	close(PIPE);
	chomp($protection);
	if ($protection =~ /^ProtectHome=(read-only\|yes)$/i) {
	return 1;
	}
	} else {
	print &mt('Could not check systemctl configuration for Apache')."\n";
	}
	return 0;
	}

sub uses_firewalld {	sub uses_firewalld {
my ($distro) = @_;	my ($distro) = @_;
my ($inuse,$checkfirewalld,$zone);	my ($inuse,$checkfirewalld,$zone);
Line 989 sub chkapache {	Line 1033 sub chkapache {
my $distname = $1;	my $distname = $1;
my $version = $2;	my $version = $2;
my ($stdconf,$stdsite);	my ($stdconf,$stdsite);
if (($distname eq 'ubuntu') && ($version > 12)) {	if ((($distname eq 'ubuntu') && ($version > 12)) \|\|
	(($distname eq 'debian') && ($version >= 10))) {
$stdconf = "$instdir/debian-ubuntu/ubuntu14/loncapa_conf";	$stdconf = "$instdir/debian-ubuntu/ubuntu14/loncapa_conf";
$stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_sites";	$stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_sites";
} else {	} else {
Line 1000 sub chkapache {	Line 1045 sub chkapache {
print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n";	print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n";
} else {	} else {
my ($configfile,$sitefile);	my ($configfile,$sitefile);
if (($distname eq 'ubuntu') && ($version > 12)) {	if ((($distname eq 'ubuntu') && ($version > 12)) \|\|
	(($distname eq 'debian') && ($version >= 10))) {
$sitefile = '/etc/apache2/sites-available/loncapa.conf';	$sitefile = '/etc/apache2/sites-available/loncapa.conf';
$configfile = '/etc/apache2/conf-available/loncapa.conf';	$configfile = '/etc/apache2/conf-available/loncapa.conf';
} else {	} else {
Line 1016 sub chkapache {	Line 1062 sub chkapache {
}	}
}	}
}	}
if ((!$fixapache) && ($distname eq 'ubuntu') && ($version > 12)) {	if ((!$fixapache) && ((($distname eq 'ubuntu') && ($version > 12)) \|\|
	(($distname eq 'debian') && ($version >= 10)))) {
if (($sitefile ne '') && (-e $sitefile) && (-e $stdsite)) {	if (($sitefile ne '') && (-e $sitefile) && (-e $stdsite)) {
if (open(PIPE, "diff --brief $stdsite $sitefile \|")) {	if (open(PIPE, "diff --brief $stdsite $sitefile \|")) {
my $diffres = <PIPE>;	my $diffres = <PIPE>;
close(PIPE);	close(PIPE);
chomp($diffres);	chomp($diffres);
unless ($diffres) {	if ($diffres) {
	$fixapache = 1;
	} else {
$fixapache = 0;	$fixapache = 0;
}	}
}	}
Line 1036 sub chkapache {	Line 1085 sub chkapache {
}	}
}	}
}	}
if ((!$fixapache) && ($distname eq 'ubuntu')) {	if ((!$fixapache) && (($distname eq 'ubuntu') \|\| ($distname eq 'debian'))) {
my $sitestatus = "/etc/apache2/mods-available/status.conf";	my $sitestatus = "/etc/apache2/mods-available/status.conf";
my $stdstatus = "$instdir/debian-ubuntu/status.conf";	my $stdstatus = "$instdir/debian-ubuntu/status.conf";
if ((-e $stdstatus) && (-e $sitestatus)) {	if ((-e $stdstatus) && (-e $sitestatus)) {
Line 1387 sub chkapachessl {	Line 1436 sub chkapachessl {
foreach my $file (sort(keys(%{$sslfiles{$key}}))) {	foreach my $file (sort(keys(%{$sslfiles{$key}}))) {
unless ((-l "$enabled_dir/$file") &&	unless ((-l "$enabled_dir/$file") &&
(readlink("$enabled_dir/$file") eq "$ssldir/$file")) {	(readlink("$enabled_dir/$file") eq "$ssldir/$file")) {
print_and_log(&mt("Warning, use: 'sudo a2ensite $file' to activate LON-CAPA SSL Apache config\n"));	if ($distro =~ /^debian(\d+)$/) {
	print_and_log(&mt("Warning, use: 'a2ensite $file' to activate LON-CAPA SSL Apache config\n"));
	} elsif ($distro =~ /^ubuntu(\d+)$/) {
	print_and_log(&mt("Warning, use: 'sudo a2ensite $file' to activate LON-CAPA SSL Apache config\n"));
	}
}	}
}	}
}	}
Line 1550 sub check_mysql_setup {	Line 1603 sub check_mysql_setup {
my ($instdir,$dsn,$distro) = @_;	my ($instdir,$dsn,$distro) = @_;
my ($mysqlsetup,$has_pass,$mysql_unix_socket,$mysql_has_wwwuser);	my ($mysqlsetup,$has_pass,$mysql_unix_socket,$mysql_has_wwwuser);
my $dbh = DBI->connect($dsn,'root','',{'PrintError'=>0});	my $dbh = DBI->connect($dsn,'root','',{'PrintError'=>0});
my ($mysqlversion,$mysqlsubver,$mysqlname) = &get_mysql_version();	my ($mysqlversion,$mysqlminorversion,$mysqlsubver,$mysqlname) = &get_mysql_version();
if (($mysqlname =~ /^MariaDB/i) && ($mysqlversion >= 10.4)) {	if (($mysqlname =~ /^MariaDB/i) && (($mysqlversion == 10 && $mysqlminorversion >= 4) \|\| ($mysqlversion >= 11))) {
if ($dbh) {	if ($dbh) {
my $sth = $dbh->prepare("SELECT Priv FROM mysql.global_priv WHERE (User = 'root' AND Host ='localhost')");	my $sth = $dbh->prepare("SELECT Priv FROM mysql.global_priv WHERE (User = 'root' AND Host ='localhost')");
$sth->execute();	$sth->execute();
Line 1572 sub check_mysql_setup {	Line 1625 sub check_mysql_setup {
}	}
if ($dbh) {	if ($dbh) {
$mysqlsetup = 'noroot';	$mysqlsetup = 'noroot';
if (($mysqlname !~ /^MariaDB/i) && ($mysqlversion >= 5.7)) {	if (($mysqlname !~ /^MariaDB/i) && (($mysqlversion == 5 && $mysqlminorversion >= 7) \|\| ($mysqlversion >= 6))) {
my $sth = $dbh->prepare("SELECT plugin from mysql.user where User='root'");	my $sth = $dbh->prepare("SELECT plugin from mysql.user where User='root'");
$sth->execute();	$sth->execute();
while (my $priv = $sth->fetchrow_array) {	while (my $priv = $sth->fetchrow_array) {
Line 1697 sub get_pathto_iptables {	Line 1750 sub get_pathto_iptables {

sub firewall_is_active {	sub firewall_is_active {
if (-e '/proc/net/ip_tables_names') {	if (-e '/proc/net/ip_tables_names') {
	my $status;
if (open(PIPE,'cat /proc/net/ip_tables_names \|grep filter \|')) {	if (open(PIPE,'cat /proc/net/ip_tables_names \|grep filter \|')) {
my $status = <PIPE>;	$status = <PIPE>;
close(PIPE);	close(PIPE);
chomp($status);	chomp($status);
if ($status eq 'filter') {	if ($status eq 'filter') {
return 1;	return 1;
}	}
}	}
	unless ($status) {
	if (open(PIPE,'nft list tables \|')) {
	while(<PIPE>) {
	chomp();
	if (/filter$/) {
	$status = 1;
	last;
	}
	}
	close(PIPE);
	if ($status) {
	return 1;
	}
	}
	}
}	}
return 0;	return 0;
}	}
Line 1866 print "	Line 1935 print "
".&mt('3.')." ".&mt('Set-up the MySQL database.')."	".&mt('3.')." ".&mt('Set-up the MySQL database.')."
".&mt('4.')." ".&mt('Set-up MySQL permissions.')."	".&mt('4.')." ".&mt('Set-up MySQL permissions.')."
".&mt('5.')." ".&mt('Configure Apache web server.')."	".&mt('5.')." ".&mt('Configure Apache web server.')."
".&mt('6.')." ".&mt('Configure SSL for Apache web server.')."	".&mt('6.')." ".&mt('Configure systemd security settings for Apache web server.')."
".&mt('7.')." ".&mt('Configure start-up of services.')."	".&mt('7.')." ".&mt('Configure SSL for Apache web server.')."
".&mt('8.')." ".&mt('Check firewall settings.')."	".&mt('8.')." ".&mt('Configure start-up of services.')."
".&mt('9.')." ".&mt('Stop services not used by LON-CAPA,')."	".&mt('9.')." ".&mt('Check firewall settings.')."
	".&mt('10.')." ".&mt('Stop services not used by LON-CAPA,')."
".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")."	".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")."
".&mt('10.')." ".&mt('Download LON-CAPA source code in readiness for installation.')."	".&mt('11.')." ".&mt('Download LON-CAPA source code in readiness for installation.')."

".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')."	".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')."

Line 1900 my $instdir = `pwd`;	Line 1970 my $instdir = `pwd`;
chomp($instdir);	chomp($instdir);

my %callsub;	my %callsub;
my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache',	my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache','systemd',
'apachessl','runlevels','firewall','stopsrvcs','download');	'apachessl','runlevels','firewall','stopsrvcs','download');
my %prompts = &texthash(	my %prompts = &texthash(
wwwuser => "Create the 'www' user?",	wwwuser => "Create the 'www' user?",
Line 1908 my %prompts = &texthash(	Line 1978 my %prompts = &texthash(
mysql => 'Set-up the MySQL database?',	mysql => 'Set-up the MySQL database?',
mysqlperms => 'Set-up MySQL permissions?',	mysqlperms => 'Set-up MySQL permissions?',
apache => 'Configure Apache web server?',	apache => 'Configure Apache web server?',
apachessl => 'Configure SSL for Apache web server?',	systemd => 'Configure systemd security settings for Apache web server?',
	apachessl => 'Configure SSL for Apache web server?',
runlevels => 'Set overrides for start-up order of services?',	runlevels => 'Set overrides for start-up order of services?',
firewall => 'Configure firewall settings for Apache',	firewall => 'Configure firewall settings for Apache',
stopsrvcs => 'Stop extra services not required on a LON-CAPA server?',	stopsrvcs => 'Stop extra services not required on a LON-CAPA server?',
Line 1950 if (!$gotprereqs) {	Line 2021 if (!$gotprereqs) {
&mt('The following command can be used to install the package (and dependencies):')."\n\n".	&mt('The following command can be used to install the package (and dependencies):')."\n\n".
$updatecmd."\n\n";	$updatecmd."\n\n";
if ($installnow eq '') {	if ($installnow eq '') {
	print &mt('Stopping execution.')."\n";
exit;	exit;
} else {	} else {
print &mt('Run command? ~[Y/n~]');	print &mt('Run command? ~[Y/n~]');
Line 2117 if ($callsub{'apache'}) {	Line 2189 if ($callsub{'apache'}) {
print_and_log(&mt('Skipping configuration of Apache web server.')."\n");	print_and_log(&mt('Skipping configuration of Apache web server.')."\n");
}	}

	if ($callsub{'systemd'}) {
	&check_systemd_update($distro);
	} else {
	print_and_log('Skipping systemd configuration update for web server');
	}

if ($callsub{'apachessl'}) {	if ($callsub{'apachessl'}) {
my $targetdir = '/etc/httpd/conf.d';	my $targetdir = '/etc/httpd/conf.d';
if ($distro =~ /^(suse\|sles)/) {	if ($distro =~ /^(suse\|sles)/) {
Line 2240 if ($callsub{'firewall'}) {	Line 2318 if ($callsub{'firewall'}) {
'ssh, http')."\n";	'ssh, http')."\n";
} else {	} else {
my $version;	my $version;
if ($distro =~ /^(redhat\|centos)(\d+)/) {	if ($distro =~ /^(redhat\|centos\|rocky\|alma)(\d+)/) {
$version = $1;	$version = $1;
}	}
if ($version > 5) {	if ($version > 5) {
Line 2271 if ($callsub{'download'}) {	Line 2349 if ($callsub{'download'}) {
print &mt('LON-CAPA is available for download from: [_1]',	print &mt('LON-CAPA is available for download from: [_1]',
'http://install.loncapa.org/')."\n";	'http://install.loncapa.org/')."\n";
if (!-e '/etc/loncapa-release') {	if (!-e '/etc/loncapa-release') {
&print_and_log(&mt('LON-CAPA is not yet installed on your system.')."\n\n";	&print_and_log(&mt('LON-CAPA is not yet installed on your system.')."\n\n");
unless ($filetouse) {	unless ($filetouse) {
&print_and_log(&mt('You may retrieve the source for LON-CAPA by executing:')."\n".	&print_and_log(&mt('You may retrieve the source for LON-CAPA by executing:')."\n".
"wget http://install.loncapa.org/versions/$lctarball\n");	"wget http://install.loncapa.org/versions/$lctarball\n");
Line 2330 if ($have_tarball && !$updateshown) {	Line 2408 if ($have_tarball && !$updateshown) {
$lc_uses_systemctl = 1;	$lc_uses_systemctl = 1;
}	}
$uses_sudo = 1;	$uses_sudo = 1;
	} elsif ($distro =~ /^debian(\d+)$/) {
	if ($1 >= 10) {
	$lc_uses_systemctl = 1;
	}
} elsif ($distro =~ /^sles(\d+)$/) {	} elsif ($distro =~ /^sles(\d+)$/) {
if ($1 > 12) {	if ($1 > 12) {
$lc_uses_systemctl = 1;	$lc_uses_systemctl = 1;
}	}
	} elsif ($distro =~ /^fedora(\d+)$/) {
	if ($1 > 25) {
	$lc_uses_systemctl = 1;
	}
}	}
if (!-e '/etc/loncapa-release') {	if (!-e '/etc/loncapa-release') {
print &mt('If you are now ready to install LON-CAPA, enter the following commands:')."\n\n";	print &mt('If you are now ready to install LON-CAPA, enter the following commands:')."\n\n";
Line 2450 sub build_and_install_mod_auth_external	Line 2536 sub build_and_install_mod_auth_external
> #define SERVER_UIDS $num /* user "www" */	> #define SERVER_UIDS $num /* user "www" */
ENDPATCH	ENDPATCH

	my $patch_code = <<"ENDPATCH";
	127a128
	> #include <string.h>
	214a216
	> #include <time.h>
	566c568
	< check_fails()
	---
	> int check_fails()
	589c591
	< log_failure()
	---
	> void log_failure()
	629c631
	< snooze(int seconds)
	---
	> void snooze(int seconds)
	653c655
	< main(int argc, char **argv)
	---
	> int main(int argc, char **argv)
	ENDPATCH

if (! -e "/usr/bin/patch") {	if (! -e "/usr/bin/patch") {
print_and_log(&mt('You must install the software development tools package: [_1], when installing Linux.',"'patch'")."\n");	print_and_log(&mt('You must install the software development tools package: [_1], when installing Linux.',"'patch'")."\n");
print_and_log(&mt('Authentication installation not completed.')."\n");	print_and_log(&mt('Authentication installation not completed.')."\n");
Line 2460 ENDPATCH	Line 2569 ENDPATCH
return;	return;
}	}
my $dir = "/tmp/pwauth-2.2.8";	my $dir = "/tmp/pwauth-2.2.8";
	my $patchedok;
if (open(PATCH,"\| patch $dir/config.h")) {	if (open(PATCH,"\| patch $dir/config.h")) {
print PATCH $patch;	print PATCH $patch;
close(PATCH);	close(PATCH);
	if (open(PATCH,"\| patch $dir/pwauth.c")) {
	print PATCH $patch_code;
	close(PATCH);
	$patchedok = 1;
	}
	}
	if ($patchedok) {
print_and_log("\n");	print_and_log("\n");
##	##
## Compile patched pwauth	## Compile patched pwauth
Line 2533 sub kill_extra_services {	Line 2650 sub kill_extra_services {
&print_and_log(&mt('Removing [_1] from startup.',$service)."\n");	&print_and_log(&mt('Removing [_1] from startup.',$service)."\n");
if ($distro =~ /^(?:debian\|ubuntu)(\d+)/) {	if ($distro =~ /^(?:debian\|ubuntu)(\d+)/) {
my $version = $1;	my $version = $1;
if (($distro =~ /^ubuntu/) && ($version > 16)) {	if ((($distro =~ /^ubuntu/) && ($version > 16)) \|\|
	(($distro =~ /^debian/) && ($version >= 10))) {
if (ref($uses_systemctl) eq 'HASH') {	if (ref($uses_systemctl) eq 'HASH') {
if ($uses_systemctl->{$service}) {	if ($uses_systemctl->{$service}) {
if (`systemctl is-enabled $service`) {	if (`systemctl is-enabled $service`) {
Line 2603 CREATE TABLE IF NOT EXISTS metadata (tit	Line 2721 CREATE TABLE IF NOT EXISTS metadata (tit

sub setup_mysql_permissions {	sub setup_mysql_permissions {
my ($dbh,$has_pass,$mysql_unix_socket,@mysql_lc_commands) = @_;	my ($dbh,$has_pass,$mysql_unix_socket,@mysql_lc_commands) = @_;
my ($mysqlversion,$mysqlsubver,$mysqlname) = &get_mysql_version();	my ($mysqlversion,$mysqlminorversion,$mysqlsubver,$mysqlname) = &get_mysql_version();
my ($usescreate,$usesauth,$is_mariadb,$hasauthcol,@mysql_commands);	my ($usescreate,$usesauth,$is_mariadb,$hasauthcol,@mysql_commands);
if ($mysqlname =~ /^MariaDB/i) {	if ($mysqlname =~ /^MariaDB/i) {
$is_mariadb = 1;	$is_mariadb = 1;
if ($mysqlversion >= 10.4) {	if ((($mysqlversion == 10) && ($mysqlminorversion >= 4)) \|\| ($mysqlversion >= 11)) {
$usescreate = 1;	$usescreate = 1;
} elsif ($mysqlversion >= 10.2) {	} elsif (($mysqlversion == 10) && ($mysqlminorversion >= 2)) {
$usesauth = 1;	$usesauth = 1;
} elsif ($mysqlversion >= 5.5) {	} elsif (($mysqlversion == 5) && ($mysqlminorversion >= 5)) {
$hasauthcol = 1;	$hasauthcol = 1;
}	}
} else {	} else {
if (($mysqlversion > 5.7) \|\| (($mysqlversion == 5.7) && ($mysqlsubver > 5))) {	if (($mysqlversion > 5) \|\| (($mysqlminorversion == 5) && ($mysqlminorversion > 7)) \|\|
	(($mysqlversion == 5) && ($mysqlminorversion == 7) && ($mysqlsubver > 5))) {
$usesauth = 1;	$usesauth = 1;
} elsif (($mysqlversion >= 5.6) \|\| (($mysqlversion == 5.5) && ($mysqlsubver >= 7))) {	} elsif (($mysqlversion == 5) &&
	(($mysqlminorversion >= 6) \|\| (($mysqlminorversion == 5) && ($mysqlsubver >= 7)))) {
$hasauthcol = 1;	$hasauthcol = 1;
}	}
}	}
Line 2731 sub new_mysql_rootpasswd {	Line 2851 sub new_mysql_rootpasswd {
}	}

sub get_mysql_version {	sub get_mysql_version {
my ($version,$subversion,$name);	my ($version,$minorversion,$subversion,$name);
if (open(PIPE," mysql -V \|")) {	if (open(PIPE," mysql -V \|")) {
my $info = <PIPE>;	my $info = <PIPE>;
chomp($info);	chomp($info);
close(PIPE);	close(PIPE);
($version,$subversion,$name) = ($info =~ /(\d+\.\d+)\.(\d+)(?:\-?(\w*),\|)/);	($version,$minorversion,$subversion,$name) = ($info =~ /(\d+)\.(\d+)\.(\d+)(?:\-?(\w*),\|)/);
} else {	} else {
print &mt('Could not determine which version of MySQL is installed.').	print &mt('Could not determine which version of MySQL is installed.').
"\n";	"\n";
}	}
return ($version,$subversion,$name);	return ($version,$minorversion,$subversion,$name);
	}

	sub check_systemd_update {
	my ($distro) = @_;
	my ($use_systemctl,$service);
	$service = 'apache2.service';
	if ($distro =~ /^ubuntu(\w+)/) {
	if ($1 >= 16) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^debian(\w+)/) {
	if ($1 >= 9) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^fedora(\d+)/) {
	$service = 'httpd.service';
	if ($1 >= 16) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^(?:centos\|rhes\|scientific\|oracle\|rocky\|alma)(\d+)/) {
	$service = 'httpd.service';
	if ($1 >= 7) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^sles(\d+)/) {
	if ($1 >= 12) {
	$use_systemctl = 1;
	}
	} elsif ($distro =~ /^suse(\d+)/) {
	if ($1 >= 13) {
	$use_systemctl = 1;
	}
	}
	if ($use_systemctl) {
	my $needsupdate = &check_systemd_security($distro);
	if ($needsupdate) {
	if (!-d '/etc/systemd/system/'.$service.'.d') {
	mkdir '/etc/systemd/system/'.$service.'.d', 0755;
	}
	if (-d '/etc/systemd/system/'.$service.'.d') {
	if (-e '/etc/systemd/system/'.$service.'.d/override.conf') {
	if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) {
	my ($inservice,$addservice,$protectoff,$linenum,$change,@lines);
	while (my $entry = <$fh>) {
	$linenum ++;
	chomp($entry);
	if ($entry eq '[Service]') {
	if (!$protectoff) {
	$inservice = $linenum;
	push(@lines,$entry);
	} else {
	$addservice = 1;
	next;
	}
	}
	if ($entry =~ /^ProtectHome\s=\s([\w-]+)\s*$/) {
	my $value = $1;
	if ($protectoff) {
	next;
	if (lc($value) eq 'no') {
	$protectoff = $linenum;
	push(@lines,$entry);
	} else {
	if ($protectoff) {
	next;
	} else {
	push(@lines,'ProtectHome=no');
	$protectoff = $linenum;
	$change = $linenum;
	}
	}
	}
	}
	}
	close($fh);
	if ($addservice \|\| $change \|\| !$protectoff) {
	if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
	if ($addservice) {
	print $fh "[Service]\n";
	}
	foreach my $entry (@lines) {
	print $fh "$entry\n";
	}
	close($fh);
	print_and_log('Updated /etc/systemd/system/'.$service.'.d/override.conf');
	system('systemctl daemon-reload');
	} else {
	print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for writing.');
	}
	} else {
	print_and_log('No change needed in /etc/systemd/system/'.$service.'.d/override.conf');
	}
	} else {
	print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for reading.');
	}
	} else {
	if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
	print $fh '[Service]'."\n".'ProtectHome=no'."\n";
	close($fh);
	print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf');
	}
	}
	} else {
	print_and_log('No /etc/systemd/system/'.$service.'.d directory exists and creating one failed,');
	}
	} else {
	print_and_log('No update needed to systemd security settings for Apache web server.');
	}
	} else {
	print_and_log('No update needed to systemd, as this Linux distro does not use systemctl');
	}
}	}

###########################################################	###########################################################
Line 3322 sub copy_apache2_debconf {	Line 3553 sub copy_apache2_debconf {
$distname = $1;	$distname = $1;
$version = $2;	$version = $2;
}	}
if (($distname eq 'ubuntu') && ($version > 12)) {	if ((($distname eq 'ubuntu') && ($version > 12)) \|\|
	(($distname eq 'debian') && ($version >= 10))) {
$defaultconfig = "$apache2_sites_enabled_dir/000-default.conf";	$defaultconfig = "$apache2_sites_enabled_dir/000-default.conf";
}	}
my ($skipconf,$skipsite,$skipstatus);	my ($skipconf,$skipsite,$skipstatus);
if (($distname eq 'ubuntu') && ($version > 12)) {	if ((($distname eq 'ubuntu') && ($version > 12)) \|\|
	(($distname eq 'debian') && ($version >= 10))) {
my $apache2_conf_enabled_dir = '/etc/apache2/conf-enabled';	my $apache2_conf_enabled_dir = '/etc/apache2/conf-enabled';
my $apache2_conf_available_dir = '/etc/apache2/conf-available';	my $apache2_conf_available_dir = '/etc/apache2/conf-available';
my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf';	my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf';
Line 3479 sub copy_apache2_debconf {	Line 3712 sub copy_apache2_debconf {
}	}
}	}
}	}
if ($distname eq 'ubuntu') {	if (($distname eq 'ubuntu') \|\| ($distname eq 'debian')) {
my $sitestatus = "$apache2_mods_available_dir/status.conf";	my $sitestatus = "$apache2_mods_available_dir/status.conf";
my $stdstatus = "$instdir/debian-ubuntu/status.conf";	my $stdstatus = "$instdir/debian-ubuntu/status.conf";
if ((-e $sitestatus) && (-e $stdstatus)) {	if ((-e $sitestatus) && (-e $stdstatus)) {

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.82
changed lines
	Added in v.1.92