--- doc/install/linux/install.pl 2024/11/26 23:54:22 1.97 +++ doc/install/linux/install.pl 2024/11/27 16:24:20 1.98 @@ -78,7 +78,7 @@ if (!open(LOG,">>loncapa_install.log")) &mt('Stopping execution.')."\n"; exit; } else { - print LOG '$Id: install.pl,v 1.97 2024/11/26 23:54:22 raeburn Exp $'."\n"; + print LOG '$Id: install.pl,v 1.98 2024/11/27 16:24:20 raeburn Exp $'."\n"; } # @@ -2989,8 +2989,8 @@ sub check_systemd_update { if (-d '/etc/systemd/system/'.$service.'.d') { if (-e '/etc/systemd/system/'.$service.'.d/override.conf') { if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) { - my ($category,$addservice,$protectoff,$changeprot,$suidsgidok,$changesug, - $linenum,%lines,@move,@nocat,@ordered); + my ($category,$addservice,$needs_update,$linenum,%is_no,%lines, + @move,@nocat,@ordered); $linenum = 0; while (my $entry = <$fh>) { $linenum ++; @@ -2998,48 +2998,34 @@ sub check_systemd_update { if ($entry =~ /^\s*\[([^\]]+)\]\s*$/) { $category = $1; if ($category =~ /^Service$/i) { - push(@ordered,'Service'); - } else { - push(@ordered,$category); - } - } elsif ($entry =~ /^ProtectHome\s*=\s*([\w-]+)\s*$/) { - my $value = $1; - next if ($protectoff); - if (lc($value) eq 'no') { - if ($category =~ /^Service$/i) { - push(@{$lines{'Service'}},$entry); - } else { - push(@move,$entry); - $changeprot = $linenum; + unless (grep(/^Service$/,@ordered)) { + push(@ordered,'Service'); } } else { - if ($category =~ /^Service$/i) { - push(@{$lines{'Service'}},'ProtectHome=no'); - } else { - push(@move,'ProtectHome=no'); + unless (grep(/^\Q$category\E$/,@ordered)) { + push(@ordered,$category); } - $changeprot = $linenum; } - $protectoff = $linenum; - } elsif ($entry =~ /^RestrictSUIDSGID\s*=\s*([\w-]+)\s*$/) { - my $value = $1; - next if ($suidsgidok); + } elsif ($entry =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*([\w-]+)\s*$/) { + my ($key,$value) = ($1,$2); + next if ($is_no{$key}); if (lc($value) eq 'no') { if ($category =~ /^Service$/i) { push(@{$lines{'Service'}},$entry); } else { push(@move,$entry); - $changesug = $linenum; + $needs_update = 1; } } else { + my $offstr = $key.'=no'; if ($category =~ /^Service$/i) { - push(@{$lines{'Service'}},'RestrictSUIDSGID=no'); + push(@{$lines{'Service'}},$offstr); } else { - push(@move,'RestrictSUIDSGID=no'); + push(@move,$offstr); } - $changesug = $linenum; + $needs_update = 1; } - $suidsgidok = $linenum; + $is_no{$key} = $linenum; } else { next if ($entry =~ /^\s*$/); if ($category =~ /^Service$/i) { @@ -3056,13 +3042,13 @@ sub check_systemd_update { $addservice = 1; unshift(@ordered,'Service'); } - if (!$protectoff) { - push(@{$lines{'Service'}},'ProtectHome=no'); - } - if (!$suidsgidok) { - push(@{$lines{'Service'}},'RestrictSUIDSGID=no'); + foreach my $item ('ProtectHome','RestrictSUIDSGID') { + unless (exists($is_no{$item})) { + push(@{$lines{'Service'}},$item.'=no'); + $needs_update = 1; + } } - if ($addservice || $changeprot || !$protectoff || $changesug || !$suidsgidok) { + if ($addservice || $needs_update) { if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { if (@ordered) { foreach my $category (@ordered) { @@ -3075,12 +3061,9 @@ sub check_systemd_update { if ($category eq 'Service') { if (@move) { foreach my $item (@move) { - if ($item =~ /^ProtectHome\s*=\s*no\s*$/i) { - unless (grep/^ProtectHome\s*=\s*no\s*$/i,@{$lines{$category}}) { - print $fh "$item\n"; - } - } elsif ($item =~ /^RestrictSUIDSGID\s*=\s*no\s*$/i) { - unless (grep/^RestrictSUIDSGID\s*=\s*no\s*$/i,@{$lines{$category}}) { + if ($item =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*no\s*$/i) { + my $key = $1; + unless (grep/^$key\s*=\s*no\s*$/i,@{$lines{$category}}) { print $fh "$item\n"; } } else { @@ -3115,6 +3098,8 @@ sub check_systemd_update { close($fh); print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf'); system('systemctl daemon-reload'); + } else { + print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for writing.'); } } } else {