doc/install/linux/install.pl - diff

Return to install.pl CVS log

Up to [LON-CAPA] / doc / install / linux

Diff for /doc/install/linux/install.pl between versions 1.96 and 1.98

version 1.96, 2024/11/26 22:08:36	version 1.98, 2024/11/27 16:24:20
Line 988 sub check_systemd_security {	Line 988 sub check_systemd_security {
$service = 'apache2.service';	$service = 'apache2.service';
}	}
system("systemctl daemon-reload");	system("systemctl daemon-reload");
if (open(PIPE,"systemctl show $service --property=ProtectHome 2>/dev/null \|")) {	if (open(PIPE,"systemctl show $service --property=ProtectHome --property=RestrictSUIDSGID 2>/dev/null \|")) {
my $protection = <PIPE>;	my ($protecthome,$suidsgid);
	while (my $line = <PIPE>) {
	chomp($line);
	if ($line =~ /^ProtectHome=(read-only\|yes)$/i) {
	$protecthome = 1;
	} elsif ($line =~ /^RestrictSUIDSGID=yes$/i) {
	$suidsgid = 1;
	}
	}
close(PIPE);	close(PIPE);
chomp($protection);	if ($protecthome) {
if ($protection =~ /^ProtectHome=(read-only\|yes)$/i) {	return 1;
	}
	if ($suidsgid) {
return 1;	return 1;
}	}
} else {	} else {
Line 2979 sub check_systemd_update {	Line 2989 sub check_systemd_update {
if (-d '/etc/systemd/system/'.$service.'.d') {	if (-d '/etc/systemd/system/'.$service.'.d') {
if (-e '/etc/systemd/system/'.$service.'.d/override.conf') {	if (-e '/etc/systemd/system/'.$service.'.d/override.conf') {
if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) {	if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) {
my ($category,$addservice,$protectoff,$linenum,$change,	my ($category,$addservice,$needs_update,$linenum,%is_no,%lines,
%lines,@move,@nocat,@ordered);	@move,@nocat,@ordered);
$linenum = 0;	$linenum = 0;
while (my $entry = <$fh>) {	while (my $entry = <$fh>) {
$linenum ++;	$linenum ++;
Line 2988 sub check_systemd_update {	Line 2998 sub check_systemd_update {
if ($entry =~ /^\s\[([^\]]+)\]\s$/) {	if ($entry =~ /^\s\[([^\]]+)\]\s$/) {
$category = $1;	$category = $1;
if ($category =~ /^Service$/i) {	if ($category =~ /^Service$/i) {
push(@ordered,'Service');	unless (grep(/^Service$/,@ordered)) {
	push(@ordered,'Service');
	}
} else {	} else {
push(@ordered,$category);	unless (grep(/^\Q$category\E$/,@ordered)) {
	push(@ordered,$category);
	}
}	}
} elsif ($entry =~ /^ProtectHome\s=\s([\w-]+)\s*$/) {	} elsif ($entry =~ /^(ProtectHome\|RestrictSUIDSGID)\s=\s([\w-]+)\s*$/) {
my $value = $1;	my ($key,$value) = ($1,$2);
next if ($protectoff);	next if ($is_no{$key});
if (lc($value) eq 'no') {	if (lc($value) eq 'no') {
if ($category =~ /^Service$/i) {	if ($category =~ /^Service$/i) {
push(@{$lines{'Service'}},$entry);	push(@{$lines{'Service'}},$entry);
} else {	} else {
push(@move,$entry);	push(@move,$entry);
$change = $linenum;	$needs_update = 1;
}	}
} else {	} else {
	my $offstr = $key.'=no';
if ($category =~ /^Service$/i) {	if ($category =~ /^Service$/i) {
push(@{$lines{'Service'}},'ProtectHome=no');	push(@{$lines{'Service'}},$offstr);
} else {	} else {
push(@move,'ProtectHome=no');	push(@move,$offstr);
}	}
$change = $linenum;	$needs_update = 1;
}	}
$protectoff = $linenum;	$is_no{$key} = $linenum;
} else {	} else {
next if ($entry =~ /^\s*$/);	next if ($entry =~ /^\s*$/);
if ($category =~ /^Service$/i) {	if ($category =~ /^Service$/i) {
Line 3027 sub check_systemd_update {	Line 3042 sub check_systemd_update {
$addservice = 1;	$addservice = 1;
unshift(@ordered,'Service');	unshift(@ordered,'Service');
}	}
if (!$protectoff) {	foreach my $item ('ProtectHome','RestrictSUIDSGID') {
push(@{$lines{'Service'}},'ProtectHome=no');	unless (exists($is_no{$item})) {
	push(@{$lines{'Service'}},$item.'=no');
	$needs_update = 1;
	}
}	}
if ($addservice \|\| $change \|\| !$protectoff) {	if ($addservice \|\| $needs_update) {
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {	if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
if (@ordered) {	if (@ordered) {
foreach my $category (@ordered) {	foreach my $category (@ordered) {
Line 3043 sub check_systemd_update {	Line 3061 sub check_systemd_update {
if ($category eq 'Service') {	if ($category eq 'Service') {
if (@move) {	if (@move) {
foreach my $item (@move) {	foreach my $item (@move) {
if ($item =~ /^ProtectHome\s=\sno\s*$/i) {	if ($item =~ /^(ProtectHome\|RestrictSUIDSGID)\s=\sno\s*$/i) {
unless (grep/^ProtectHome\s=\sno\s*$/i,@{$lines{$category}}) {	my $key = $1;
	unless (grep/^$key\s=\sno\s*$/i,@{$lines{$category}}) {
print $fh "$item\n";	print $fh "$item\n";
}	}
} else {	} else {
Line 3075 sub check_systemd_update {	Line 3094 sub check_systemd_update {
}	}
} else {	} else {
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {	if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
print $fh '[Service]'."\n".'ProtectHome=no'."\n";	print $fh '[Service]'."\n".'ProtectHome=no'."\n".'RestrictSUIDSGID=no'."\n";
close($fh);	close($fh);
print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf');	print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf');
system('systemctl daemon-reload');	system('systemctl daemon-reload');
	} else {
	print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for writing.');
}	}
}	}
} else {	} else {

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.96
changed lines
	Added in v.1.98