version 1.84, 2024/04/24 23:17:48
|
version 1.95, 2024/08/05 13:36:59
|
Line 437 sub check_prerequisites {
|
Line 437 sub check_prerequisites {
|
|
|
sub check_locale { |
sub check_locale { |
my ($distro) = @_; |
my ($distro) = @_; |
my ($fh,$langvar,$command,$earlyout); |
my ($fh,$langvar,$command,$langcmd,$earlyout,$default); |
$langvar = 'LANG'; |
$langvar = 'LANG'; |
if ($distro =~ /^(ubuntu|debian)/) { |
if ($distro =~ /^(ubuntu|debian)/) { |
if (!open($fh,"</etc/default/locale")) { |
if (!open($fh,"</etc/default/locale")) { |
Line 491 sub check_locale {
|
Line 491 sub check_locale {
|
$earlyout = 1; |
$earlyout = 1; |
} |
} |
} |
} |
return if ($earlyout); |
return () if ($earlyout); |
my @data = <$fh>; |
my @data = <$fh>; |
chomp(@data); |
chomp(@data); |
|
close($fh); |
foreach my $item (@data) { |
foreach my $item (@data) { |
if ($item =~ /^\Q$langvar\E=\"?([^\"]*)\"?/) { |
if ($item =~ /^\Q$langvar\E=\"?([^\"]*)\"?/) { |
my $default = $1; |
$default = $1; |
if ($default ne 'en_US.UTF-8') { |
if ($default ne 'en_US.UTF-8') { |
if ($distro =~ /^debian/) { |
if ($distro =~ /^debian/) { |
$command = 'locale-gen en_US.UTF-8'."\n". |
$command = 'locale-gen en_US.UTF-8'."\n". |
Line 517 sub check_locale {
|
Line 518 sub check_locale {
|
last; |
last; |
} |
} |
} |
} |
close($fh); |
# Check for locales |
return $command; |
if ($default ne 'en_US.UTF-8') { |
|
my ($has_us_english,$has_other_code,$has_other_lang); |
|
if (open(PIPE,"locale -a 2>/dev/null |")) { |
|
while (<PIPE>) { |
|
chomp(); |
|
next if (/^(C(|\.utf8)|POSIX)$/i); |
|
if (/^en_US\.utf8/i) { |
|
$has_us_english = 1; |
|
} elsif (/^[A-Za-z]{2}_[A-Za-z]{2}/) { |
|
$has_other_code = 1; |
|
} elsif (/^[A-Za-z]{3,}/) { |
|
$has_other_lang = 1; |
|
} |
|
} |
|
close(PIPE); |
|
if (!$has_us_english) { |
|
if ($has_other_code || $has_other_lang) { |
|
if ($distro =~ /^ubuntu/) { |
|
$langcmd = "sudo apt-get install language-pack-en\n"; |
|
} elsif ($distro =~ /^debian/) { |
|
$langcmd = "apt-get install language-pack-en\n"; |
|
} elsif ($distro =~ /^(suse|sles)/) { |
|
$langcmd = &mt('Use yast: System > Language > Primary Language = English')."\n"; |
|
} elsif ($distro =~ /^fedora(\d+)$/) { |
|
if ($1 > 23) { |
|
$langcmd = "dnf install glibc-langpack-en\n"; |
|
} else { |
|
$langcmd = "yum install glibc-common\n"; |
|
} |
|
} elsif ($distro =~ /^(?:rhes|centos|scientific|oracle|rocky|alma)(\d+)/) { |
|
if ($1 > 7) { |
|
$langcmd = "dnf install glibc-langpack-en\n"; |
|
} else { |
|
$langcmd = "yum install glibc-common\n"; |
|
} |
|
} |
|
} else { |
|
if ($distro =~ /^ubuntu/) { |
|
$langcmd = "sudo apt-get install language-pack-en\n"; |
|
} elsif ($distro =~ /^debian/) { |
|
$langcmd = "apt-get install language-pack-en\n"; |
|
} elsif ($distro =~ /^(suse|sles)/) { |
|
$langcmd = &mt('Use yast: System > Language > Primary Language = English')."\n"; |
|
} elsif ($distro =~ /^fedora(\d+)$/) { |
|
if ($1 > 23) { |
|
$langcmd = &mt('Either install all languages[_1]or install English only[_2]', |
|
":\ndnf install glibc-all-langpacks\n\n", |
|
":\ndnf install glibc-langpack-en\n"); |
|
} else { |
|
$langcmd = "yum install glibc-common\n"; |
|
} |
|
} elsif ($distro =~ /^(?:rhes|centos|scientific|oracle|rocky|alma)(\d+)/) { |
|
if ($1 > 7) { |
|
$langcmd = &mt('Either install all languages[_1]or install English only[_2]', |
|
":\ndnf install glibc-all-langpacks\n\n", |
|
":\ndnf install glibc-langpack-en\n"); |
|
} else { |
|
$langcmd = "yum install glibc-common\n"; |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
return ($command,$langcmd); |
} |
} |
|
|
sub check_required { |
sub check_required { |
Line 529 sub check_required {
|
Line 594 sub check_required {
|
} |
} |
my $gotprereqs = &check_prerequisites($packagecmd,$distro); |
my $gotprereqs = &check_prerequisites($packagecmd,$distro); |
if ($gotprereqs eq '') { |
if ($gotprereqs eq '') { |
return ($distro,$gotprereqs,'',$packagecmd,$updatecmd); |
return ($distro,$gotprereqs,'','',$packagecmd,$updatecmd); |
} |
} |
my $localecmd = &check_locale($distro); |
my ($localecmd,$langcmd) = &check_locale($distro); |
unless ($localecmd eq '') { |
unless ($localecmd eq '') { |
return ($distro,$gotprereqs,$localecmd); |
return ($distro,$gotprereqs,$localecmd,$langcmd); |
} |
} |
my ($mysqlon,$mysqlsetup,$mysqlrestart,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb, |
my ($mysqlon,$mysqlsetup,$mysqlrestart,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb, |
%recommended,$downloadstatus,$filetouse,$production,$testing,$apachefw, |
%recommended,$downloadstatus,$filetouse,$production,$testing,$apachefw, |
Line 572 sub check_required {
|
Line 637 sub check_required {
|
if ($mysqlsetup eq 'needsrestart') { |
if ($mysqlsetup eq 'needsrestart') { |
$mysqlrestart = ''; |
$mysqlrestart = ''; |
if ($distro eq 'ubuntu') { |
if ($distro eq 'ubuntu') { |
$mysqlrestart = 'sudo '; |
$mysqlrestart = 'sudo '; |
} |
} |
$mysqlrestart .= 'service mysql restart'; |
$mysqlrestart .= 'service mysql restart'; |
return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart); |
return ($distro,$gotprereqs,$localecmd,$langcmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart); |
} else { |
} else { |
if ($mysqlsetup eq 'noroot') { |
if ($mysqlsetup eq 'noroot') { |
$recommended{'mysqlperms'} = 1; |
$recommended{'mysqlperms'} = 1; |
Line 595 sub check_required {
|
Line 660 sub check_required {
|
my ($sslhostsfilesref,$has_std,$has_int,$rewritenum,$nochgstd,$nochgint); |
my ($sslhostsfilesref,$has_std,$has_int,$rewritenum,$nochgstd,$nochgint); |
($recommended{'firewall'},$apachefw) = &chkfirewall($distro); |
($recommended{'firewall'},$apachefw) = &chkfirewall($distro); |
($recommended{'runlevels'},$tostop,$uses_systemctl) = &chkconfig($distro,$instdir); |
($recommended{'runlevels'},$tostop,$uses_systemctl) = &chkconfig($distro,$instdir); |
|
if ((ref($uses_systemctl) eq 'HASH') && ($uses_systemctl->{'apache'})) { |
|
$recommended{'systemd'} = &check_systemd_security($distro); |
|
} |
$recommended{'apache'} = &chkapache($distro,$instdir); |
$recommended{'apache'} = &chkapache($distro,$instdir); |
($recommended{'apachessl'},$sslhostsfilesref,$has_std,$has_int,$rewritenum, |
($recommended{'apachessl'},$sslhostsfilesref,$has_std,$has_int,$rewritenum, |
$nochgstd,$nochgint) = &chkapachessl($distro,$instdir,$hostname,$hostip); |
$nochgstd,$nochgint) = &chkapachessl($distro,$instdir,$hostname,$hostip); |
$recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop); |
$recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop); |
($recommended{'download'},$downloadstatus,$filetouse,$production,$testing) |
($recommended{'download'},$downloadstatus,$filetouse,$production,$testing) |
= &need_download($distro,$instdir); |
= &need_download($distro,$instdir); |
return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow, |
return ($distro,$gotprereqs,$localecmd,$langcmd,$packagecmd,$updatecmd,$installnow, |
$mysqlrestart,\%recommended,$dbh,$has_pass,$mysql_unix_socket, |
$mysqlrestart,\%recommended,$dbh,$has_pass,$mysql_unix_socket, |
$has_lcdb,$downloadstatus,$filetouse,$production,$testing,$apachefw, |
$has_lcdb,$downloadstatus,$filetouse,$production,$testing,$apachefw, |
$uses_systemctl,$hostname,$hostip,$sslhostsfilesref,$has_std,$has_int, |
$uses_systemctl,$hostname,$hostip,$sslhostsfilesref,$has_std,$has_int, |
Line 622 sub check_mysql_running {
|
Line 690 sub check_mysql_running {
|
$process = 'mysqld'; |
$process = 'mysqld'; |
$proc_owner = 'mysql'; |
$proc_owner = 'mysql'; |
} |
} |
|
if ($1 >= 16) { |
|
$use_systemctl = 1; |
|
} |
|
} elsif ($distro =~ /^debian(\w+)/) { |
|
if ($1 >= 10) { |
|
$process = 'mysql'; |
|
$proc_owner = 'mysql'; |
|
} |
|
if ($1 >= 11) { |
|
$mysqldaemon = 'mariadb'; |
|
} |
|
if ($1 >= 9) { |
|
$use_systemctl = 1; |
|
} |
} elsif ($distro =~ /^fedora(\d+)/) { |
} elsif ($distro =~ /^fedora(\d+)/) { |
if ($1 >= 16) { |
if ($1 >= 16) { |
$process = 'mysqld'; |
$process = 'mysqld'; |
Line 650 sub check_mysql_running {
|
Line 732 sub check_mysql_running {
|
$proc_owner = 'mysql'; |
$proc_owner = 'mysql'; |
$process = 'mysqld'; |
$process = 'mysqld'; |
} |
} |
if ($1 >= 15) { |
if ($1 >= 12) { |
$mysqldaemon ='mariadb'; |
$mysqldaemon ='mariadb'; |
} |
} |
} elsif ($distro =~ /^suse(\d+)/) { |
} elsif ($distro =~ /^suse(\d+)/) { |
Line 736 sub chkconfig {
|
Line 818 sub chkconfig {
|
$uses_systemctl{'ntp'} = 1; |
$uses_systemctl{'ntp'} = 1; |
$uses_systemctl{'cups'} = 1; |
$uses_systemctl{'cups'} = 1; |
$uses_systemctl{'memcached'} = 1; |
$uses_systemctl{'memcached'} = 1; |
if (($name eq 'sles') && ($num >= 15)) { |
if ($name eq 'sles') { |
$daemon{'ntp'} = 'chronyd'; |
if ($num >= 12) { |
$daemon{'mysql'} = 'mariadb'; |
$daemon{'mysql'} = 'mariadb'; |
|
} |
|
if ($num >= 15) { |
|
$daemon{'ntp'} = 'chronyd'; |
|
} else { |
|
$daemon{'ntp'} = 'ntpd'; |
|
} |
} else { |
} else { |
$daemon{'ntp'} = 'ntpd'; |
$daemon{'ntp'} = 'ntpd'; |
} |
} |
Line 764 sub chkconfig {
|
Line 852 sub chkconfig {
|
if (($distro =~ /^ubuntu/) && ($version <= 8)) { |
if (($distro =~ /^ubuntu/) && ($version <= 8)) { |
$daemon{'cups'} = 'cupsys'; |
$daemon{'cups'} = 'cupsys'; |
} |
} |
if (($distro =~ /^ubuntu/) && ($version >= 18)) { |
if ((($distro =~ /^ubuntu/) && ($version >= 18)) || |
|
(($distro =~ /^debian/) && ($version >= 10))) { |
$daemon{'ntp'} = 'chrony'; |
$daemon{'ntp'} = 'chrony'; |
} |
} |
|
if (($distro =~ /^debian/) && ($version >= 10)) { |
|
$daemon{'mysql'} = 'mariadb'; |
|
} |
} elsif ($distro =~ /^fedora(\d+)/) { |
} elsif ($distro =~ /^fedora(\d+)/) { |
my $version = $1; |
my $version = $1; |
if ($version >= 15) { |
if ($version >= 15) { |
Line 889 sub chkconfig {
|
Line 981 sub chkconfig {
|
return (\%needfix,\%tostop,\%uses_systemctl); |
return (\%needfix,\%tostop,\%uses_systemctl); |
} |
} |
|
|
|
sub check_systemd_security { |
|
my ($distro) = @_; |
|
my $service = 'httpd.service'; |
|
if ($distro =~ /^(suse|sles|ubuntu|debian)/) { |
|
$service = 'apache2.service'; |
|
} |
|
system("systemctl daemon-reload"); |
|
if (open(PIPE,"systemctl show $service --property=ProtectHome 2>/dev/null |")) { |
|
my $protection = <PIPE>; |
|
close(PIPE); |
|
chomp($protection); |
|
if ($protection =~ /^ProtectHome=(read-only|yes)$/i) { |
|
return 1; |
|
} |
|
} else { |
|
print &mt('Could not check systemctl configuration for Apache')."\n"; |
|
} |
|
return 0; |
|
} |
|
|
sub uses_firewalld { |
sub uses_firewalld { |
my ($distro) = @_; |
my ($distro) = @_; |
my ($inuse,$checkfirewalld,$zone); |
my ($inuse,$checkfirewalld,$zone); |
Line 992 sub chkapache {
|
Line 1104 sub chkapache {
|
my $distname = $1; |
my $distname = $1; |
my $version = $2; |
my $version = $2; |
my ($stdconf,$stdsite); |
my ($stdconf,$stdsite); |
if (($distname eq 'ubuntu') && ($version > 12)) { |
if ((($distname eq 'ubuntu') && ($version > 12)) || |
|
(($distname eq 'debian') && ($version >= 10))) { |
$stdconf = "$instdir/debian-ubuntu/ubuntu14/loncapa_conf"; |
$stdconf = "$instdir/debian-ubuntu/ubuntu14/loncapa_conf"; |
$stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_sites"; |
$stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_sites"; |
} else { |
} else { |
Line 1003 sub chkapache {
|
Line 1116 sub chkapache {
|
print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n"; |
print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n"; |
} else { |
} else { |
my ($configfile,$sitefile); |
my ($configfile,$sitefile); |
if (($distname eq 'ubuntu') && ($version > 12)) { |
if ((($distname eq 'ubuntu') && ($version > 12)) || |
|
(($distname eq 'debian') && ($version >= 10))) { |
$sitefile = '/etc/apache2/sites-available/loncapa.conf'; |
$sitefile = '/etc/apache2/sites-available/loncapa.conf'; |
$configfile = '/etc/apache2/conf-available/loncapa.conf'; |
$configfile = '/etc/apache2/conf-available/loncapa.conf'; |
} else { |
} else { |
Line 1019 sub chkapache {
|
Line 1133 sub chkapache {
|
} |
} |
} |
} |
} |
} |
if ((!$fixapache) && ($distname eq 'ubuntu') && ($version > 12)) { |
if ((!$fixapache) && ((($distname eq 'ubuntu') && ($version > 12)) || |
|
(($distname eq 'debian') && ($version >= 10)))) { |
if (($sitefile ne '') && (-e $sitefile) && (-e $stdsite)) { |
if (($sitefile ne '') && (-e $sitefile) && (-e $stdsite)) { |
if (open(PIPE, "diff --brief $stdsite $sitefile |")) { |
if (open(PIPE, "diff --brief $stdsite $sitefile |")) { |
my $diffres = <PIPE>; |
my $diffres = <PIPE>; |
close(PIPE); |
close(PIPE); |
chomp($diffres); |
chomp($diffres); |
unless ($diffres) { |
if ($diffres) { |
|
$fixapache = 1; |
|
} else { |
$fixapache = 0; |
$fixapache = 0; |
} |
} |
} |
} |
Line 1039 sub chkapache {
|
Line 1156 sub chkapache {
|
} |
} |
} |
} |
} |
} |
if ((!$fixapache) && ($distname eq 'ubuntu')) { |
if ((!$fixapache) && (($distname eq 'ubuntu') || ($distname eq 'debian'))) { |
my $sitestatus = "/etc/apache2/mods-available/status.conf"; |
my $sitestatus = "/etc/apache2/mods-available/status.conf"; |
my $stdstatus = "$instdir/debian-ubuntu/status.conf"; |
my $stdstatus = "$instdir/debian-ubuntu/status.conf"; |
if ((-e $stdstatus) && (-e $sitestatus)) { |
if ((-e $stdstatus) && (-e $sitestatus)) { |
Line 1390 sub chkapachessl {
|
Line 1507 sub chkapachessl {
|
foreach my $file (sort(keys(%{$sslfiles{$key}}))) { |
foreach my $file (sort(keys(%{$sslfiles{$key}}))) { |
unless ((-l "$enabled_dir/$file") && |
unless ((-l "$enabled_dir/$file") && |
(readlink("$enabled_dir/$file") eq "$ssldir/$file")) { |
(readlink("$enabled_dir/$file") eq "$ssldir/$file")) { |
print_and_log(&mt("Warning, use: 'sudo a2ensite $file' to activate LON-CAPA SSL Apache config\n")); |
if ($distro =~ /^debian(\d+)$/) { |
|
print_and_log(&mt("Warning, use: 'a2ensite $file' to activate LON-CAPA SSL Apache config\n")); |
|
} elsif ($distro =~ /^ubuntu(\d+)$/) { |
|
print_and_log(&mt("Warning, use: 'sudo a2ensite $file' to activate LON-CAPA SSL Apache config\n")); |
|
} |
} |
} |
} |
} |
} |
} |
Line 1553 sub check_mysql_setup {
|
Line 1674 sub check_mysql_setup {
|
my ($instdir,$dsn,$distro) = @_; |
my ($instdir,$dsn,$distro) = @_; |
my ($mysqlsetup,$has_pass,$mysql_unix_socket,$mysql_has_wwwuser); |
my ($mysqlsetup,$has_pass,$mysql_unix_socket,$mysql_has_wwwuser); |
my $dbh = DBI->connect($dsn,'root','',{'PrintError'=>0}); |
my $dbh = DBI->connect($dsn,'root','',{'PrintError'=>0}); |
my ($mysqlversion,$mysqlsubver,$mysqlname) = &get_mysql_version(); |
my ($mysqlversion,$mysqlminorversion,$mysqlsubver,$mysqlname) = &get_mysql_version(); |
if (($mysqlname =~ /^MariaDB/i) && ($mysqlversion >= 10.4)) { |
if (($mysqlname =~ /^MariaDB/i) && (($mysqlversion == 10 && $mysqlminorversion >= 4) || ($mysqlversion >= 11))) { |
if ($dbh) { |
if ($dbh) { |
my $sth = $dbh->prepare("SELECT Priv FROM mysql.global_priv WHERE (User = 'root' AND Host ='localhost')"); |
my $sth = $dbh->prepare("SELECT Priv FROM mysql.global_priv WHERE (User = 'root' AND Host ='localhost')"); |
$sth->execute(); |
$sth->execute(); |
Line 1575 sub check_mysql_setup {
|
Line 1696 sub check_mysql_setup {
|
} |
} |
if ($dbh) { |
if ($dbh) { |
$mysqlsetup = 'noroot'; |
$mysqlsetup = 'noroot'; |
if (($mysqlname !~ /^MariaDB/i) && ($mysqlversion >= 5.7)) { |
if (($mysqlname !~ /^MariaDB/i) && (($mysqlversion == 5 && $mysqlminorversion >= 7) || ($mysqlversion >= 6))) { |
my $sth = $dbh->prepare("SELECT plugin from mysql.user where User='root'"); |
my $sth = $dbh->prepare("SELECT plugin from mysql.user where User='root'"); |
$sth->execute(); |
$sth->execute(); |
while (my $priv = $sth->fetchrow_array) { |
while (my $priv = $sth->fetchrow_array) { |
Line 1885 print "
|
Line 2006 print "
|
".&mt('3.')." ".&mt('Set-up the MySQL database.')." |
".&mt('3.')." ".&mt('Set-up the MySQL database.')." |
".&mt('4.')." ".&mt('Set-up MySQL permissions.')." |
".&mt('4.')." ".&mt('Set-up MySQL permissions.')." |
".&mt('5.')." ".&mt('Configure Apache web server.')." |
".&mt('5.')." ".&mt('Configure Apache web server.')." |
".&mt('6.')." ".&mt('Configure SSL for Apache web server.')." |
".&mt('6.')." ".&mt('Configure systemd security settings for Apache web server.')." |
".&mt('7.')." ".&mt('Configure start-up of services.')." |
".&mt('7.')." ".&mt('Configure SSL for Apache web server.')." |
".&mt('8.')." ".&mt('Check firewall settings.')." |
".&mt('8.')." ".&mt('Configure start-up of services.')." |
".&mt('9.')." ".&mt('Stop services not used by LON-CAPA,')." |
".&mt('9.')." ".&mt('Check firewall settings.')." |
|
".&mt('10.')." ".&mt('Stop services not used by LON-CAPA,')." |
".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")." |
".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")." |
".&mt('10.')." ".&mt('Download LON-CAPA source code in readiness for installation.')." |
".&mt('11.')." ".&mt('Download LON-CAPA source code in readiness for installation.')." |
|
|
".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')." |
".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')." |
|
|
Line 1919 my $instdir = `pwd`;
|
Line 2041 my $instdir = `pwd`;
|
chomp($instdir); |
chomp($instdir); |
|
|
my %callsub; |
my %callsub; |
my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache', |
my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache','systemd', |
'apachessl','runlevels','firewall','stopsrvcs','download'); |
'apachessl','runlevels','firewall','stopsrvcs','download'); |
my %prompts = &texthash( |
my %prompts = &texthash( |
wwwuser => "Create the 'www' user?", |
wwwuser => "Create the 'www' user?", |
Line 1927 my %prompts = &texthash(
|
Line 2049 my %prompts = &texthash(
|
mysql => 'Set-up the MySQL database?', |
mysql => 'Set-up the MySQL database?', |
mysqlperms => 'Set-up MySQL permissions?', |
mysqlperms => 'Set-up MySQL permissions?', |
apache => 'Configure Apache web server?', |
apache => 'Configure Apache web server?', |
apachessl => 'Configure SSL for Apache web server?', |
systemd => 'Configure systemd security settings for Apache web server?', |
|
apachessl => 'Configure SSL for Apache web server?', |
runlevels => 'Set overrides for start-up order of services?', |
runlevels => 'Set overrides for start-up order of services?', |
firewall => 'Configure firewall settings for Apache', |
firewall => 'Configure firewall settings for Apache', |
stopsrvcs => 'Stop extra services not required on a LON-CAPA server?', |
stopsrvcs => 'Stop extra services not required on a LON-CAPA server?', |
Line 1937 my %prompts = &texthash(
|
Line 2060 my %prompts = &texthash(
|
print "\n".&mt('Checking system status ...')."\n\n"; |
print "\n".&mt('Checking system status ...')."\n\n"; |
|
|
my $dsn = "DBI:mysql:database=mysql"; |
my $dsn = "DBI:mysql:database=mysql"; |
my ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart, |
my ($distro,$gotprereqs,$localecmd,$langcmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart, |
$recommended,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb,$downloadstatus, |
$recommended,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb,$downloadstatus, |
$filetouse,$production,$testing,$apachefw,$uses_systemctl,$hostname,$hostip, |
$filetouse,$production,$testing,$apachefw,$uses_systemctl,$hostname,$hostip, |
$sslhostsfiles,$has_std,$has_int,$rewritenum,$nochgstd,$nochgint) = |
$sslhostsfiles,$has_std,$has_int,$rewritenum,$nochgstd,$nochgint) = |
Line 1958 if ($mysqlrestart) {
|
Line 2081 if ($mysqlrestart) {
|
exit; |
exit; |
} |
} |
if ($localecmd ne '') { |
if ($localecmd ne '') { |
print "\n".&mt('Although the LON-CAPA application itself is localized for a number of different languages, the default locale language for the Linux OS on which it runs should be US English.')."\n"; |
print "\n".&mt('Although the LON-CAPA application itself is localized for a number of different languages,[_1]the default locale language for the Linux OS on which it runs should be US English.',"\n")."\n\n"; |
print "\n".&mt('Run the following command from the command line to set the default language for your OS, and then run this LON-CAPA installation set-up script again.')."\n\n". |
if ($langcmd ne '') { |
|
print &mt('Use the following command(s) or action(s) to install a required language package.')."\n\n". |
|
"$langcmd\n"; |
|
} |
|
print &mt('Run the following command from the command line to set the default language for your OS,[_1]and then run this LON-CAPA installation set-up script again.',"\n")."\n\n". |
$localecmd."\n\n". |
$localecmd."\n\n". |
&mt('Stopping execution.')."\n"; |
&mt('Stopping execution.')."\n"; |
exit; |
exit; |
Line 1969 if (!$gotprereqs) {
|
Line 2096 if (!$gotprereqs) {
|
&mt('The following command can be used to install the package (and dependencies):')."\n\n". |
&mt('The following command can be used to install the package (and dependencies):')."\n\n". |
$updatecmd."\n\n"; |
$updatecmd."\n\n"; |
if ($installnow eq '') { |
if ($installnow eq '') { |
|
print &mt('Stopping execution.')."\n"; |
exit; |
exit; |
} else { |
} else { |
print &mt('Run command? ~[Y/n~]'); |
print &mt('Run command? ~[Y/n~]'); |
Line 1982 if (!$gotprereqs) {
|
Line 2110 if (!$gotprereqs) {
|
&mt('Stopping execution.')."\n"; |
&mt('Stopping execution.')."\n"; |
exit; |
exit; |
} else { |
} else { |
($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow, |
($distro,$gotprereqs,$localecmd,$langcmd,$packagecmd,$updatecmd,$installnow, |
$mysqlrestart,$recommended,$dbh,$has_pass,$mysql_unix_socket, |
$mysqlrestart,$recommended,$dbh,$has_pass,$mysql_unix_socket, |
$has_lcdb,$downloadstatus,$filetouse,$production,$testing,$apachefw, |
$has_lcdb,$downloadstatus,$filetouse,$production,$testing,$apachefw, |
$uses_systemctl,$hostname,$hostip,$sslhostsfiles,$has_std,$has_int, |
$uses_systemctl,$hostname,$hostip,$sslhostsfiles,$has_std,$has_int, |
Line 2136 if ($callsub{'apache'}) {
|
Line 2264 if ($callsub{'apache'}) {
|
print_and_log(&mt('Skipping configuration of Apache web server.')."\n"); |
print_and_log(&mt('Skipping configuration of Apache web server.')."\n"); |
} |
} |
|
|
|
if ($callsub{'systemd'}) { |
|
&check_systemd_update($distro); |
|
} else { |
|
print_and_log('Skipping systemd configuration update for web server'); |
|
} |
|
|
if ($callsub{'apachessl'}) { |
if ($callsub{'apachessl'}) { |
my $targetdir = '/etc/httpd/conf.d'; |
my $targetdir = '/etc/httpd/conf.d'; |
if ($distro =~ /^(suse|sles)/) { |
if ($distro =~ /^(suse|sles)/) { |
Line 2259 if ($callsub{'firewall'}) {
|
Line 2393 if ($callsub{'firewall'}) {
|
'ssh, http')."\n"; |
'ssh, http')."\n"; |
} else { |
} else { |
my $version; |
my $version; |
if ($distro =~ /^(redhat|centos)(\d+)/) { |
if ($distro =~ /^(redhat|centos|rocky|alma)(\d+)/) { |
$version = $1; |
$version = $1; |
} |
} |
if ($version > 5) { |
if ($version > 5) { |
Line 2290 if ($callsub{'download'}) {
|
Line 2424 if ($callsub{'download'}) {
|
print &mt('LON-CAPA is available for download from: [_1]', |
print &mt('LON-CAPA is available for download from: [_1]', |
'http://install.loncapa.org/')."\n"; |
'http://install.loncapa.org/')."\n"; |
if (!-e '/etc/loncapa-release') { |
if (!-e '/etc/loncapa-release') { |
&print_and_log(&mt('LON-CAPA is not yet installed on your system.')."\n\n"; |
&print_and_log(&mt('LON-CAPA is not yet installed on your system.')."\n\n"); |
unless ($filetouse) { |
unless ($filetouse) { |
&print_and_log(&mt('You may retrieve the source for LON-CAPA by executing:')."\n". |
&print_and_log(&mt('You may retrieve the source for LON-CAPA by executing:')."\n". |
"wget http://install.loncapa.org/versions/$lctarball\n"); |
"wget http://install.loncapa.org/versions/$lctarball\n"); |
Line 2349 if ($have_tarball && !$updateshown) {
|
Line 2483 if ($have_tarball && !$updateshown) {
|
$lc_uses_systemctl = 1; |
$lc_uses_systemctl = 1; |
} |
} |
$uses_sudo = 1; |
$uses_sudo = 1; |
|
} elsif ($distro =~ /^debian(\d+)$/) { |
|
if ($1 >= 10) { |
|
$lc_uses_systemctl = 1; |
|
} |
} elsif ($distro =~ /^sles(\d+)$/) { |
} elsif ($distro =~ /^sles(\d+)$/) { |
if ($1 > 12) { |
if ($1 > 12) { |
$lc_uses_systemctl = 1; |
$lc_uses_systemctl = 1; |
} |
} |
|
} elsif ($distro =~ /^fedora(\d+)$/) { |
|
if ($1 > 25) { |
|
$lc_uses_systemctl = 1; |
|
} |
} |
} |
if (!-e '/etc/loncapa-release') { |
if (!-e '/etc/loncapa-release') { |
print &mt('If you are now ready to install LON-CAPA, enter the following commands:')."\n\n"; |
print &mt('If you are now ready to install LON-CAPA, enter the following commands:')."\n\n"; |
Line 2469 sub build_and_install_mod_auth_external
|
Line 2611 sub build_and_install_mod_auth_external
|
> #define SERVER_UIDS $num /* user "www" */ |
> #define SERVER_UIDS $num /* user "www" */ |
ENDPATCH |
ENDPATCH |
|
|
|
my $patch_code = <<"ENDPATCH"; |
|
127a128 |
|
> #include <string.h> |
|
214a216 |
|
> #include <time.h> |
|
566c568 |
|
< check_fails() |
|
--- |
|
> int check_fails() |
|
589c591 |
|
< log_failure() |
|
--- |
|
> void log_failure() |
|
629c631 |
|
< snooze(int seconds) |
|
--- |
|
> void snooze(int seconds) |
|
653c655 |
|
< main(int argc, char **argv) |
|
--- |
|
> int main(int argc, char **argv) |
|
ENDPATCH |
|
|
if (! -e "/usr/bin/patch") { |
if (! -e "/usr/bin/patch") { |
print_and_log(&mt('You must install the software development tools package: [_1], when installing Linux.',"'patch'")."\n"); |
print_and_log(&mt('You must install the software development tools package: [_1], when installing Linux.',"'patch'")."\n"); |
print_and_log(&mt('Authentication installation not completed.')."\n"); |
print_and_log(&mt('Authentication installation not completed.')."\n"); |
Line 2479 ENDPATCH
|
Line 2644 ENDPATCH
|
return; |
return; |
} |
} |
my $dir = "/tmp/pwauth-2.2.8"; |
my $dir = "/tmp/pwauth-2.2.8"; |
|
my $patchedok; |
if (open(PATCH,"| patch $dir/config.h")) { |
if (open(PATCH,"| patch $dir/config.h")) { |
print PATCH $patch; |
print PATCH $patch; |
close(PATCH); |
close(PATCH); |
|
if (open(PATCH,"| patch $dir/pwauth.c")) { |
|
print PATCH $patch_code; |
|
close(PATCH); |
|
$patchedok = 1; |
|
} |
|
} |
|
if ($patchedok) { |
print_and_log("\n"); |
print_and_log("\n"); |
## |
## |
## Compile patched pwauth |
## Compile patched pwauth |
Line 2552 sub kill_extra_services {
|
Line 2725 sub kill_extra_services {
|
&print_and_log(&mt('Removing [_1] from startup.',$service)."\n"); |
&print_and_log(&mt('Removing [_1] from startup.',$service)."\n"); |
if ($distro =~ /^(?:debian|ubuntu)(\d+)/) { |
if ($distro =~ /^(?:debian|ubuntu)(\d+)/) { |
my $version = $1; |
my $version = $1; |
if (($distro =~ /^ubuntu/) && ($version > 16)) { |
if ((($distro =~ /^ubuntu/) && ($version > 16)) || |
|
(($distro =~ /^debian/) && ($version >= 10))) { |
if (ref($uses_systemctl) eq 'HASH') { |
if (ref($uses_systemctl) eq 'HASH') { |
if ($uses_systemctl->{$service}) { |
if ($uses_systemctl->{$service}) { |
if (`systemctl is-enabled $service`) { |
if (`systemctl is-enabled $service`) { |
Line 2622 CREATE TABLE IF NOT EXISTS metadata (tit
|
Line 2796 CREATE TABLE IF NOT EXISTS metadata (tit
|
|
|
sub setup_mysql_permissions { |
sub setup_mysql_permissions { |
my ($dbh,$has_pass,$mysql_unix_socket,@mysql_lc_commands) = @_; |
my ($dbh,$has_pass,$mysql_unix_socket,@mysql_lc_commands) = @_; |
my ($mysqlversion,$mysqlsubver,$mysqlname) = &get_mysql_version(); |
my ($mysqlversion,$mysqlminorversion,$mysqlsubver,$mysqlname) = &get_mysql_version(); |
my ($usescreate,$usesauth,$is_mariadb,$hasauthcol,@mysql_commands); |
my ($usescreate,$usesauth,$is_mariadb,$hasauthcol,@mysql_commands); |
if ($mysqlname =~ /^MariaDB/i) { |
if ($mysqlname =~ /^MariaDB/i) { |
$is_mariadb = 1; |
$is_mariadb = 1; |
if ($mysqlversion >= 10.4) { |
if ((($mysqlversion == 10) && ($mysqlminorversion >= 4)) || ($mysqlversion >= 11)) { |
$usescreate = 1; |
$usescreate = 1; |
} elsif ($mysqlversion >= 10.2) { |
} elsif (($mysqlversion == 10) && ($mysqlminorversion >= 2)) { |
$usesauth = 1; |
$usesauth = 1; |
} elsif ($mysqlversion >= 5.5) { |
} elsif (($mysqlversion == 5) && ($mysqlminorversion >= 5)) { |
$hasauthcol = 1; |
$hasauthcol = 1; |
} |
} |
} else { |
} else { |
if (($mysqlversion > 5.7) || (($mysqlversion == 5.7) && ($mysqlsubver > 5))) { |
if (($mysqlversion > 5) || (($mysqlminorversion == 5) && ($mysqlminorversion > 7)) || |
|
(($mysqlversion == 5) && ($mysqlminorversion == 7) && ($mysqlsubver > 5))) { |
$usesauth = 1; |
$usesauth = 1; |
} elsif (($mysqlversion >= 5.6) || (($mysqlversion == 5.5) && ($mysqlsubver >= 7))) { |
} elsif (($mysqlversion == 5) && |
|
(($mysqlminorversion >= 6) || (($mysqlminorversion == 5) && ($mysqlsubver >= 7)))) { |
$hasauthcol = 1; |
$hasauthcol = 1; |
} |
} |
} |
} |
Line 2750 sub new_mysql_rootpasswd {
|
Line 2926 sub new_mysql_rootpasswd {
|
} |
} |
|
|
sub get_mysql_version { |
sub get_mysql_version { |
my ($version,$subversion,$name); |
my ($version,$minorversion,$subversion,$name); |
if (open(PIPE," mysql -V |")) { |
if (open(PIPE," mysql -V |")) { |
my $info = <PIPE>; |
my $info = <PIPE>; |
chomp($info); |
chomp($info); |
close(PIPE); |
close(PIPE); |
($version,$subversion,$name) = ($info =~ /(\d+\.\d+)\.(\d+)(?:\-?(\w*),|)/); |
($version,$minorversion,$subversion,$name) = ($info =~ /(\d+)\.(\d+)\.(\d+)(?:\-?(\w*),|)/); |
} else { |
} else { |
print &mt('Could not determine which version of MySQL is installed.'). |
print &mt('Could not determine which version of MySQL is installed.'). |
"\n"; |
"\n"; |
} |
} |
return ($version,$subversion,$name); |
return ($version,$minorversion,$subversion,$name); |
|
} |
|
|
|
sub check_systemd_update { |
|
my ($distro) = @_; |
|
my ($use_systemctl,$service); |
|
$service = 'apache2.service'; |
|
if ($distro =~ /^ubuntu(\w+)/) { |
|
if ($1 >= 16) { |
|
$use_systemctl = 1; |
|
} |
|
} elsif ($distro =~ /^debian(\w+)/) { |
|
if ($1 >= 9) { |
|
$use_systemctl = 1; |
|
} |
|
} elsif ($distro =~ /^fedora(\d+)/) { |
|
$service = 'httpd.service'; |
|
if ($1 >= 16) { |
|
$use_systemctl = 1; |
|
} |
|
} elsif ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { |
|
$service = 'httpd.service'; |
|
if ($1 >= 7) { |
|
$use_systemctl = 1; |
|
} |
|
} elsif ($distro =~ /^sles(\d+)/) { |
|
if ($1 >= 12) { |
|
$use_systemctl = 1; |
|
} |
|
} elsif ($distro =~ /^suse(\d+)/) { |
|
if ($1 >= 13) { |
|
$use_systemctl = 1; |
|
} |
|
} |
|
if ($use_systemctl) { |
|
my $needsupdate = &check_systemd_security($distro); |
|
if ($needsupdate) { |
|
if (!-d '/etc/systemd/system/'.$service.'.d') { |
|
mkdir '/etc/systemd/system/'.$service.'.d', 0755; |
|
} |
|
if (-d '/etc/systemd/system/'.$service.'.d') { |
|
if (-e '/etc/systemd/system/'.$service.'.d/override.conf') { |
|
if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) { |
|
my ($inservice,$addservice,$protectoff,$linenum,$change,@lines); |
|
while (my $entry = <$fh>) { |
|
$linenum ++; |
|
chomp($entry); |
|
if ($entry eq '[Service]') { |
|
if (!$protectoff) { |
|
$inservice = $linenum; |
|
push(@lines,$entry); |
|
} else { |
|
$addservice = 1; |
|
next; |
|
} |
|
} |
|
if ($entry =~ /^ProtectHome\s*=\s*([\w-]+)\s*$/) { |
|
my $value = $1; |
|
if ($protectoff) { |
|
next; |
|
if (lc($value) eq 'no') { |
|
$protectoff = $linenum; |
|
push(@lines,$entry); |
|
} else { |
|
if ($protectoff) { |
|
next; |
|
} else { |
|
push(@lines,'ProtectHome=no'); |
|
$protectoff = $linenum; |
|
$change = $linenum; |
|
} |
|
} |
|
} |
|
} |
|
} |
|
close($fh); |
|
if ($addservice || $change || !$protectoff) { |
|
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { |
|
if ($addservice) { |
|
print $fh "[Service]\n"; |
|
} |
|
foreach my $entry (@lines) { |
|
print $fh "$entry\n"; |
|
} |
|
close($fh); |
|
print_and_log('Updated /etc/systemd/system/'.$service.'.d/override.conf'); |
|
system('systemctl daemon-reload'); |
|
} else { |
|
print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for writing.'); |
|
} |
|
} else { |
|
print_and_log('No change needed in /etc/systemd/system/'.$service.'.d/override.conf'); |
|
} |
|
} else { |
|
print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for reading.'); |
|
} |
|
} else { |
|
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { |
|
print $fh '[Service]'."\n".'ProtectHome=no'."\n"; |
|
close($fh); |
|
print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf'); |
|
system('systemctl daemon-reload'); |
|
} |
|
} |
|
} else { |
|
print_and_log('No /etc/systemd/system/'.$service.'.d directory exists and creating one failed,'); |
|
} |
|
} else { |
|
print_and_log('No update needed to systemd security settings for Apache web server.'); |
|
} |
|
} else { |
|
print_and_log('No update needed to systemd, as this Linux distro does not use systemctl'); |
|
} |
} |
} |
|
|
########################################################### |
########################################################### |
Line 3341 sub copy_apache2_debconf {
|
Line 3629 sub copy_apache2_debconf {
|
$distname = $1; |
$distname = $1; |
$version = $2; |
$version = $2; |
} |
} |
if (($distname eq 'ubuntu') && ($version > 12)) { |
if ((($distname eq 'ubuntu') && ($version > 12)) || |
|
(($distname eq 'debian') && ($version >= 10))) { |
$defaultconfig = "$apache2_sites_enabled_dir/000-default.conf"; |
$defaultconfig = "$apache2_sites_enabled_dir/000-default.conf"; |
} |
} |
my ($skipconf,$skipsite,$skipstatus); |
my ($skipconf,$skipsite,$skipstatus); |
if (($distname eq 'ubuntu') && ($version > 12)) { |
if ((($distname eq 'ubuntu') && ($version > 12)) || |
|
(($distname eq 'debian') && ($version >= 10))) { |
my $apache2_conf_enabled_dir = '/etc/apache2/conf-enabled'; |
my $apache2_conf_enabled_dir = '/etc/apache2/conf-enabled'; |
my $apache2_conf_available_dir = '/etc/apache2/conf-available'; |
my $apache2_conf_available_dir = '/etc/apache2/conf-available'; |
my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf'; |
my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf'; |
Line 3498 sub copy_apache2_debconf {
|
Line 3788 sub copy_apache2_debconf {
|
} |
} |
} |
} |
} |
} |
if ($distname eq 'ubuntu') { |
if (($distname eq 'ubuntu') || ($distname eq 'debian')) { |
my $sitestatus = "$apache2_mods_available_dir/status.conf"; |
my $sitestatus = "$apache2_mods_available_dir/status.conf"; |
my $stdstatus = "$instdir/debian-ubuntu/status.conf"; |
my $stdstatus = "$instdir/debian-ubuntu/status.conf"; |
if ((-e $sitestatus) && (-e $stdstatus)) { |
if ((-e $sitestatus) && (-e $stdstatus)) { |