--- doc/install/linux/install.pl 2020/07/08 17:40:18 1.45.2.8 +++ doc/install/linux/install.pl 2024/07/27 18:40:15 1.45.2.20 @@ -27,6 +27,7 @@ use strict; use File::Copy; use Term::ReadKey; use DBI; +use File::Spec; use Cwd(); use File::Basename(); use lib File::Basename::dirname(Cwd::abs_path($0)); @@ -75,7 +76,7 @@ if (!open(LOG,">>loncapa_install.log")) &mt('Stopping execution.')."\n"; exit; } else { - print LOG '$Id: install.pl,v 1.45.2.8 2020/07/08 17:40:18 raeburn Exp $'."\n"; + print LOG '$Id: install.pl,v 1.45.2.20 2024/07/27 18:40:15 raeburn Exp $'."\n"; } # @@ -209,8 +210,11 @@ sub get_distro { $distro = 'rhes'.$1; $updatecmd = 'dnf install LONCAPA-prerequisites'; $installnow = 'dnf -y install LONCAPA-prerequisites'; - } elsif ($versionstring =~ /CentOS(?:| Linux) release (\d+)/) { - $distro = 'centos'.$1; + } elsif ($versionstring =~ /CentOS(| Linux| Stream) release (\d+)/) { + $distro = 'centos'.$2; + if ($1 eq ' Stream') { + $distro .= '-stream'; + } $updatecmd = 'yum install LONCAPA-prerequisites'; $installnow = 'yum -y install LONCAPA-prerequisites'; } elsif ($versionstring =~ /Scientific Linux (?:SL )?release ([\d.]+) /) { @@ -219,6 +223,18 @@ sub get_distro { $distro = 'scientific'.$ver; $updatecmd = 'yum install LONCAPA-prerequisites'; $installnow = 'yum -y install LONCAPA-prerequisites'; + } elsif ($versionstring =~ /Rocky Linux release ([\d.]+)/) { + my $ver = $1; + $ver =~ s/\.\d+$//; + $distro = 'rocky'.$ver; + $updatecmd = 'dnf install LONCAPA-prerequisites'; + $installnow = 'dnf -y install LONCAPA-prerequisites'; + } elsif ($versionstring =~ /AlmaLinux release ([\d.]+) /) { + my $ver = $1; + $ver =~ s/\.\d+$//; + $distro = 'alma'.$ver; + $updatecmd = 'dnf install LONCAPA-prerequisites'; + $installnow = 'dnf -y install LONCAPA-prerequisites'; } else { print &mt('Unable to interpret [_1] to determine system type.', '/etc/redhat-release')."\n"; @@ -392,7 +408,7 @@ sub check_locale { '/etc/sysconfig/i18n'); $earlyout = 1; } - } elsif ($distro =~ /^(?:rhes|centos|scientific|oracle)(\d+)/) { + } elsif ($distro =~ /^(?:rhes|centos|scientific|oracle|rocky|alma)(\d+)/) { if ($1 >= 7) { if (!open($fh,"{'apache'})) { + $recommended{'systemd'} = &check_systemd_security($distro); + } $recommended{'apache'} = &chkapache($distro,$instdir); $recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop); ($recommended{'download'},$downloadstatus,$filetouse,$production,$testing) - = &need_download(); + = &need_download($distro,$instdir); return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow, - $mysqlrestart,\%recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus, - $filetouse,$production,$testing,$apachefw,$uses_systemctl); + $mysqlrestart,\%recommended,$dbh,$has_pass,$mysql_unix_socket, + $has_lcdb,$downloadstatus,$filetouse,$production,$testing,$apachefw, + $uses_systemctl); } sub check_mysql_running { @@ -518,6 +538,20 @@ sub check_mysql_running { $process = 'mysqld'; $proc_owner = 'mysql'; } + if ($1 >= 16) { + $use_systemctl = 1; + } + } elsif ($distro =~ /^debian(\w+)/) { + if ($1 >= 10) { + $process = 'mysql'; + $proc_owner = 'mysql'; + } + if ($1 >= 11) { + $mysqldaemon = 'mariadb'; + } + if ($1 >= 9) { + $use_systemctl = 1; + } } elsif ($distro =~ /^fedora(\d+)/) { if ($1 >= 16) { $process = 'mysqld'; @@ -527,13 +561,19 @@ sub check_mysql_running { if ($1 >= 19) { $mysqldaemon ='mariadb'; } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { + if ($1 >= 34) { + $process = 'mariadb'; + } + } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { if ($1 >= 7) { $mysqldaemon ='mariadb'; $process = 'mysqld'; $proc_owner = 'mysql'; $use_systemctl = 1; } + if ($1 >= 9) { + $process = 'mariadb'; + } } elsif ($distro =~ /^sles(\d+)/) { if ($1 >= 12) { $use_systemctl = 1; @@ -654,9 +694,13 @@ sub chkconfig { if (($distro =~ /^ubuntu/) && ($version <= 8)) { $daemon{'cups'} = 'cupsys'; } - if (($distro =~ /^ubuntu/) && ($version >= 18)) { + if ((($distro =~ /^ubuntu/) && ($version >= 18)) || + (($distro =~ /^debian/) && ($version >= 10))) { $daemon{'ntp'} = 'chrony'; } + if (($distro =~ /^debian/) && ($version >= 11)) { + $daemon{'mysql'} = 'mariadb'; + } } elsif ($distro =~ /^fedora(\d+)/) { my $version = $1; if ($version >= 15) { @@ -674,7 +718,7 @@ sub chkconfig { if ($version >= 26) { $daemon{'ntp'} = 'chronyd'; } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { + } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { my $version = $1; if ($version >= 7) { $uses_systemctl{'ntp'} = 1; @@ -779,6 +823,26 @@ sub chkconfig { return (\%needfix,\%tostop,\%uses_systemctl); } +sub check_systemd_security { + my ($distro) = @_; + my $service = 'httpd.service'; + if ($distro =~ /^(suse|sles|ubuntu|debian)/) { + $service = 'apache2.service'; + } + system("systemctl daemon-reload"); + if (open(PIPE,"systemctl show $service --property=ProtectHome 2>/dev/null |")) { + my $protection = ; + close(PIPE); + chomp($protection); + if ($protection =~ /^ProtectHome=(read-only|yes)$/i) { + return 1; + } + } else { + print &mt('Could not check systemctl configuration for Apache')."\n"; + } + return 0; +} + sub uses_firewalld { my ($distro) = @_; my ($inuse,$checkfirewalld,$zone); @@ -790,20 +854,20 @@ sub uses_firewalld { if ($1 >= 18) { $checkfirewalld = 1; } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { + } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { if ($1 >= 7) { $checkfirewalld = 1; } } if ($checkfirewalld) { my ($loaded,$active); - if (open(PIPE,"systemctl status firewalld |")) { + if (open(PIPE,"systemctl status firewalld 2>/dev/null |")) { while () { chomp(); if (/^\s*Loaded:\s+(\w+)/) { $loaded = $1; } - if (/^\s*Active\s+(\w+)/) { + if (/^\s*Active:\s+(\w+)/) { $active = $1; } } @@ -882,7 +946,8 @@ sub chkapache { my $distname = $1; my $version = $2; my ($stdconf,$stdsite); - if (($distname eq 'ubuntu') && ($version > 12)) { + if ((($distname eq 'ubuntu') && ($version > 12)) || + (($distname eq 'debian') && ($version >= 10))) { $stdconf = "$instdir/debian-ubuntu/ubuntu14/loncapa_conf"; $stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_sites"; } else { @@ -893,11 +958,12 @@ sub chkapache { print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n"; } else { my ($configfile,$sitefile); - if (($distname eq 'ubuntu') && ($version > 12)) { - $sitefile = '/etc/apache2/sites-available/loncapa'; - $configfile = "/etc/apache2/conf-available/loncapa"; + if ((($distname eq 'ubuntu') && ($version > 12)) || + (($distname eq 'debian') && ($version >= 10))) { + $sitefile = '/etc/apache2/sites-available/loncapa.conf'; + $configfile = '/etc/apache2/conf-available/loncapa.conf'; } else { - $configfile = "/etc/apache2/sites-available/loncapa"; + $configfile = '/etc/apache2/sites-available/loncapa'; } if (($configfile ne '') && (-e $configfile) && (-e $stdconf)) { if (open(PIPE, "diff --brief $stdconf $configfile |")) { @@ -909,13 +975,16 @@ sub chkapache { } } } - if ((!$fixapache) && ($distname eq 'ubuntu') && ($version > 12)) { + if ((!$fixapache) && ((($distname eq 'ubuntu') && ($version > 12)) || + (($distname eq 'debian') && ($version >= 10)))) { if (($sitefile ne '') && (-e $sitefile) && (-e $stdsite)) { if (open(PIPE, "diff --brief $stdsite $sitefile |")) { my $diffres = ; close(PIPE); chomp($diffres); - unless ($diffres) { + if ($diffres) { + $fixapache = 1; + } else { $fixapache = 0; } } @@ -929,7 +998,7 @@ sub chkapache { } } } - if ((!$fixapache) && ($distname eq 'ubuntu')) { + if ((!$fixapache) && (($distname eq 'ubuntu') || ($distname eq 'debian'))) { my $sitestatus = "/etc/apache2/mods-available/status.conf"; my $stdstatus = "$instdir/debian-ubuntu/status.conf"; if ((-e $stdstatus) && (-e $sitestatus)) { @@ -983,7 +1052,7 @@ sub chkapache { } else { my $configfile = 'httpd.conf'; my $mpmfile = 'mpm.conf'; - if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { + if ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { if ($1 >= 7) { $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 5) { @@ -1063,12 +1132,12 @@ sub chksrvcs { } sub need_download { + my ($distro,$instdir) = @_; my $needs_download = 1; my ($production,$testing,$stdsizes) = &download_versionslist(); - my ($rootdir,$localcurrent,$localtesting,%tarball,%localsize,%bymodtime, + my ($localcurrent,$localtesting,%tarball,%localsize,%bymodtime, %bysize,$filetouse,$downloadstatus); - $rootdir = '/root'; - if (opendir(my $dir,"$rootdir")) { + if (opendir(my $dir,$instdir)) { my (@lcdownloads,$version); foreach my $file (readdir($dir)) { if ($file =~ /^loncapa\-([\w\-.]+)\.tar\.gz$/) { @@ -1078,14 +1147,14 @@ sub need_download { } if (ref($stdsizes) eq 'HASH') { if ($version eq 'current') { - my @stats = stat("$rootdir/$file"); + my @stats = stat("$instdir/$file"); $localcurrent = $stats[7]; if ($localcurrent == $stdsizes->{$production}) { $needs_download = 0; $filetouse = $file; } } elsif ($version eq 'testing') { - my @stats = stat("$rootdir/$file"); + my @stats = stat("$instdir/$file"); $localtesting = $stats[7]; if ($localtesting == $stdsizes->{$testing}) { $needs_download = 0; @@ -1099,7 +1168,7 @@ sub need_download { if ($needs_download) { if (@lcdownloads > 0) { foreach my $version (@lcdownloads) { - my @stats = stat("$rootdir/$tarball{$version}"); + my @stats = stat("$instdir/$tarball{$version}"); my $mtime = $stats[9]; $localsize{$version} = $stats[7]; if ($mtime) { @@ -1132,31 +1201,68 @@ sub need_download { my $newest = $sorted[0]; if (ref($bymodtime{$newest}) eq 'ARRAY') { $downloadstatus = - "Latest LON-CAPA source download in $rootdir is: ". + "Latest LON-CAPA source download in $instdir is: ". join(',',@{$bymodtime{$newest}})." (downloaded ". localtime($newest).")\n"; } } else { $downloadstatus = - "The $rootdir directory already contains the latest LON-CAPA version:". + "The $instdir directory already contains the latest LON-CAPA version:". "\n".$filetouse."\n"."which can be used for installation.\n"; } } else { - $downloadstatus = "The $rootdir directory does not appear to contain any downloaded LON-CAPA source code files which can be used for installation.\n"; + $downloadstatus = "The $instdir directory does not appear to contain any downloaded LON-CAPA source code files which can be used for installation.\n"; } } } else { - $downloadstatus = "Could not open $rootdir directory to look for existing downloads of LON-CAPA source code.\n"; + $downloadstatus = "Could not open $instdir directory to look for existing downloads of LON-CAPA source code.\n"; } return ($needs_download,$downloadstatus,$filetouse,$production,$testing); } sub check_mysql_setup { - my ($instdir,$dsn,$distro,$mysql_has_wwwuser) = @_; - my ($mysqlsetup,$has_pass); + my ($instdir,$dsn,$distro) = @_; + my ($mysqlsetup,$has_pass,$mysql_unix_socket,$mysql_has_wwwuser); my $dbh = DBI->connect($dsn,'root','',{'PrintError'=>0}); + my ($mysqlversion,$mysqlminorversion,$mysqlsubver,$mysqlname) = &get_mysql_version(); + if (($mysqlname =~ /^MariaDB/i) && (($mysqlversion == 10 && $mysqlminorversion >= 4) || ($mysqlversion >= 11))) { + if ($dbh) { + my $sth = $dbh->prepare("SELECT Priv FROM mysql.global_priv WHERE (User = 'root' AND Host ='localhost')"); + $sth->execute(); + while (my $priv = $sth->fetchrow_array) { + if ($priv =~ /unix_socket/) { + $mysql_unix_socket = 1; + last; + } + } + $sth->finish(); + if ($mysql_unix_socket) { + print_and_log(&mt('MariaDB using unix_socket for root access from localhost.')."\n"); + $mysqlsetup = 'rootok'; + $mysql_has_wwwuser = &check_mysql_wwwuser($dbh); + return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser,$mysql_unix_socket); + } + } + } if ($dbh) { - $mysqlsetup = 'noroot'; + $mysqlsetup = 'noroot'; + if (($mysqlname !~ /^MariaDB/i) && (($mysqlversion == 5 && $mysqlminorversion >= 7) || ($mysqlversion >= 6))) { + my $sth = $dbh->prepare("SELECT plugin from mysql.user where User='root'"); + $sth->execute(); + while (my $priv = $sth->fetchrow_array) { + if ($priv =~ /auth_socket/) { + $mysql_unix_socket = 1; + last; + } + } + $sth->finish(); + if ($mysql_unix_socket) { + print_and_log(&mt('MySQL using unix_socket for root access from localhost.')."\n"); + $mysqlsetup = 'rootok'; + $mysql_has_wwwuser = &check_mysql_wwwuser($dbh); + return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser,$mysql_unix_socket); + } + } } elsif ($DBI::err =~ /1045/) { $has_pass = 1; } elsif ($distro =~ /^ubuntu(\d+)$/) { @@ -1169,16 +1275,15 @@ sub check_mysql_setup { } close(PIPE); } - unless ($mysql_has_wwwuser) { - $mysql_has_wwwuser = &check_mysql_wwwuser(); - } $dbh = DBI->connect($dsn,'root','',{'PrintError'=>0}); if ($dbh) { $mysqlsetup = 'noroot'; + $mysql_has_wwwuser = &check_mysql_wwwuser($dbh); } elsif ($DBI::err =~ /1045/) { $has_pass = 1; } else { $mysqlsetup = 'needsrestart'; + $mysql_has_wwwuser = &check_mysql_wwwuser(); return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser); } } @@ -1190,6 +1295,7 @@ sub check_mysql_setup { if ($dbh) { $mysqlsetup = 'rootok'; print_and_log(&mt('Password accepted.')."\n"); + $mysql_has_wwwuser = &check_mysql_wwwuser($dbh); } else { $mysqlsetup = 'rootfail'; print_and_log(&mt('Problem accessing MySQL.')."\n"); @@ -1201,27 +1307,35 @@ sub check_mysql_setup { if ($dbh) { $mysqlsetup = 'rootok'; print_and_log(&mt('Password accepted.')."\n"); + $mysql_has_wwwuser = &check_mysql_wwwuser($dbh); } else { if ($DBI::err =~ /1045/) { print_and_log(&mt('Incorrect password.')."\n"); } + $mysql_has_wwwuser = &check_mysql_wwwuser(); } } } } elsif ($mysqlsetup ne 'noroot') { print_and_log(&mt('Problem accessing MySQL.')."\n"); $mysqlsetup = 'rootfail'; + $mysql_has_wwwuser = &check_mysql_wwwuser(); } return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser); } sub check_mysql_wwwuser { + my ($dbh) = @_; my $mysql_wwwuser; - my $dbhn = DBI->connect("DBI:mysql:database=information_schema",'www','localhostkey', - {PrintError => +0}) || return; - if ($dbhn) { - $mysql_wwwuser = 1; - $dbhn->disconnect; + if ($dbh) { + $mysql_wwwuser = $dbh->selectrow_array("SELECT COUNT(User) FROM mysql.user WHERE (User = 'www' AND Host ='localhost')"); + } else { + my $dbhn = DBI->connect("DBI:mysql:database=information_schema",'www','localhostkey', + {PrintError => +0}) || return; + if ($dbhn) { + $mysql_wwwuser = 1; + $dbhn->disconnect; + } } return $mysql_wwwuser; } @@ -1257,14 +1371,30 @@ sub get_pathto_iptables { sub firewall_is_active { if (-e '/proc/net/ip_tables_names') { + my $status; if (open(PIPE,'cat /proc/net/ip_tables_names |grep filter |')) { - my $status = ; + $status = ; close(PIPE); chomp($status); if ($status eq 'filter') { return 1; } } + unless ($status) { + if (open(PIPE,'nft list tables |')) { + while() { + chomp(); + if (/filter$/) { + $status = 1; + last; + } + } + close(PIPE); + if ($status) { + return 1; + } + } + } } return 0; } @@ -1426,11 +1556,12 @@ print " ".&mt('3.')." ".&mt('Set-up the MySQL database.')." ".&mt('4.')." ".&mt('Set-up MySQL permissions.')." ".&mt('5.')." ".&mt('Configure Apache web server.')." -".&mt('6.')." ".&mt('Configure start-up of services.')." -".&mt('7.')." ".&mt('Check firewall settings.')." -".&mt('8.')." ".&mt('Stop services not used by LON-CAPA,')." +".&mt('6.')." ".&mt('Configure systemd security settings for Apache web server.')." +".&mt('7.')." ".&mt('Configure start-up of services.')." +".&mt('8.')." ".&mt('Check firewall settings.')." +".&mt('9.')." ".&mt('Stop services not used by LON-CAPA,')." ".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")." -".&mt('9.')." ".&mt('Download LON-CAPA source code in readiness for installation.')." +".&mt('10.')." ".&mt('Download LON-CAPA source code in readiness for installation.')." ".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')." @@ -1459,7 +1590,7 @@ my $instdir = `pwd`; chomp($instdir); my %callsub; -my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache', +my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache','systemd', 'runlevels','firewall','stopsrvcs','download'); my %prompts = &texthash( wwwuser => "Create the 'www' user?", @@ -1467,6 +1598,7 @@ my %prompts = &texthash( mysql => 'Set-up the MySQL database?', mysqlperms => 'Set-up MySQL permissions?', apache => 'Configure Apache web server?', + systemd => 'Configure systemd security settings for Apache web server?', runlevels => 'Set overrides for start-up order of services?', firewall => 'Configure firewall settings for Apache', stopsrvcs => 'Stop extra services not required on a LON-CAPA server?', @@ -1477,8 +1609,8 @@ print "\n".&mt('Checking system status . my $dsn = "DBI:mysql:database=mysql"; my ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart, - $recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,$filetouse,$production, - $testing,$apachefw,$uses_systemctl) = &check_required($instdir,$dsn); + $recommended,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb,$downloadstatus, + $filetouse,$production,$testing,$apachefw,$uses_systemctl) = &check_required($instdir,$dsn); if ($distro eq '') { print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n". &mt('The following are supported: [_1].', @@ -1521,9 +1653,9 @@ if (!$gotprereqs) { exit; } else { ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow, - $mysqlrestart,$recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus, - $filetouse,$production,$testing,$apachefw,$uses_systemctl) = - &check_required($instdir,$dsn); + $mysqlrestart,$recommended,$dbh,$has_pass,$mysql_unix_socket, + $has_lcdb,$downloadstatus,$filetouse,$production,$testing,$apachefw, + $uses_systemctl) = &check_required($instdir,$dsn); } } else { print &mt('Failed to run command to install LONCAPA-prerequisites')."\n"; @@ -1577,26 +1709,41 @@ my $lctarball = 'loncapa-current.tar.gz' my $sourcetarball = $lctarball; if ($callsub{'download'}) { my ($production,$testing,$sizes) = &download_versionslist(); + my $homedir = '/root'; + if ($distro =~ /^ubuntu/) { + if ($instdir ne $homedir) { + ($homedir) = ($instdir =~ m{^(.*)/[^/]+$}); + } + } if ($production && $testing) { if ($production ne $testing) { print &mt('Two recent LON-CAPA releases are available: ')."\n". &mt('1.').' '.&mt('A production release - version: [_1].',$production)."\n". &mt('2.').' '.&mt('A testing release - version: [_1].',$testing)."\n\n". - &mt('Download the production release? ~[Y/n~]'); + &mt("After download, the tar.gz file will be extracted into $homedir")."\n\n". + &mt("Download the production release into $instdir? ~[Y/n~]"); if (&get_user_selection(1)) { $sourcetarball = 'loncapa-'.$production.'.tar.gz'; + print "$sourcetarball will be downloaded into $instdir\n"; } else { print "\n".&mt('Download the testing release? ~[Y/n~]'); if (&get_user_selection(1)) { $sourcetarball = 'loncapa-'.$testing.'.tar.gz'; + print "$sourcetarball will be downloaded into $instdir\n"; + } else { + $callsub{'download'} = 0; } } } } elsif ($production) { print &mt('The most recent LON-CAPA release is version: [_1].',$production)."\n". - &mt('Download the production release? ~[Y/n~]'); + &mt("After download, the tar.gz file will be extracted into $homedir")."\n\n". + &mt("Download the production release into $instdir? ~[Y/n~]"); if (&get_user_selection(1)) { $sourcetarball = 'loncapa-'.$production.'.tar.gz'; + print "$sourcetarball will be downloaded into $instdir\n"; + } else { + $callsub{'download'} = 0; } } } elsif ($filetouse ne '') { @@ -1620,7 +1767,8 @@ if ($callsub{'pwauth'}) { if ($callsub{'mysql'}) { if ($dbh) { - &setup_mysql($callsub{'mysqlperms'},$distro,$dbh,$has_pass,$has_lcdb); + &setup_mysql($callsub{'mysqlperms'},$dbh,$has_pass, + $mysql_unix_socket,$has_lcdb,$distro); } else { print &mt('Unable to configure MySQL because access is denied.')."\n"; } @@ -1628,7 +1776,7 @@ if ($callsub{'mysql'}) { &print_and_log(&mt('Skipping configuration of MySQL.')."\n"); if ($callsub{'mysqlperms'}) { if ($dbh) { - &setup_mysql_permissions($dbh,$has_pass); + &setup_mysql_permissions($dbh,$has_pass,$mysql_unix_socket); } else { print &mt('Unable to configure MySQL because access is denied.')."\n"; } @@ -1657,6 +1805,12 @@ if ($callsub{'apache'}) { print_and_log(&mt('Skipping configuration of Apache web server.')."\n"); } +if ($callsub{'systemd'}) { + &check_systemd_update($distro); +} else { + print_and_log('Skipping systemd configuration update for web server'); +} + if ($callsub{'runlevels'}) { my $count = 0; if (ref($recommended) eq 'HASH') { @@ -1707,14 +1861,16 @@ if ($callsub{'firewall'}) { if (keys(%added) > 0) { print &mt('Firewall configured to allow access for: [_1].', join(', ',sort(keys(%added))))."\n"; + system('firewall-cmd --reload'); } if ($current{'http'} || $current{'https'}) { print &mt('Firewall already configured to allow access for:[_1].', (($current{'http'})? ' http':'').(($current{'https'})? ' https':''))."\n"; } unless ($current{'ssh'}) { - print &mt('If you would the like to allow access to ssh from outside, use the command[_1].', - "firewall-cmd --permanent --zone=$zone --add-service=ssh")."\n"; + print &mt('If you would like to allow access to ssh from outside, use the commands:')."\n". + "firewall-cmd --permanent --zone=$zone --add-service=ssh\n". + "firewall-cmd --reload\n"; } } elsif ($distro =~ /^(suse|sles)/) { print &mt('Use [_1] to configure the firewall to allow access for [_2].', @@ -1742,7 +1898,7 @@ if ($callsub{'firewall'}) { 'ssh, http')."\n"; } else { my $version; - if ($distro =~ /^(redhat|centos)(\d+)$/) { + if ($distro =~ /^(redhat|centos|rocky|alma)(\d+)/) { $version = $1; } if ($version > 5) { @@ -1773,10 +1929,11 @@ if ($callsub{'download'}) { print &mt('LON-CAPA is available for download from: [_1]', 'http://install.loncapa.org/')."\n"; if (!-e '/etc/loncapa-release') { - &print_and_log(&mt('LON-CAPA is not yet installed on your system.'). - "\n\n". - &mt('You may retrieve the source for LON-CAPA by executing:')."\n". - "wget http://install.loncapa.org/versions/$lctarball\n"); + &print_and_log(&mt('LON-CAPA is not yet installed on your system.')."\n\n"); + unless ($filetouse) { + &print_and_log(&mt('You may retrieve the source for LON-CAPA by executing:')."\n". + "wget http://install.loncapa.org/versions/$lctarball\n"); + } } else { my $currentversion; if (open(my $fh," 6) { + $lc_uses_systemctl = 1; + } + } elsif ($distro =~ /^(?:rhes|centos|rocky|alma)(\d+)/) { + if ($1 > 7) { + $lc_uses_systemctl = 1; + } + } elsif ($distro =~ /^ubuntu(\d+)$/) { + if ($1 > 16) { + $lc_uses_systemctl = 1; + } + $uses_sudo = 1; + } elsif ($distro =~ /^debian(\d+)$/) { + if ($1 >= 10) { + $lc_uses_systemctl = 1; + } + } elsif ($distro =~ /^sles(\d+)$/) { + if ($1 > 12) { + $lc_uses_systemctl = 1; + } + } elsif ($distro =~ /^fedora(\d+)$/) { + if ($1 > 25) { + $lc_uses_systemctl = 1; + } + } + if (!-e '/etc/loncapa-release') { + print &mt('If you are now ready to install LON-CAPA, enter the following commands:')."\n\n"; + } else { + my $lcstop = '/etc/init.d/loncontrol stop'; + if ($lc_uses_systemctl) { + $lcstop = 'systemctl stop loncontrol'; + } + my $apachestop = "/etc/init.d/$apachename stop"; + if ($uses_systemctl) { + $apachestop = "systemctl stop $apachename"; + } + if ($uses_sudo) { + $lcstop = 'sudo '.$lcstop; + $apachestop = 'sudo '.$apachestop; + } + print &mt('If you are now ready to update LON-CAPA, enter the following commands:'). + "\n\n$lcstop\n$apachestop\n"; + } + my ($extract,$update); + my $homedir = '/root'; + if ($uses_sudo) { + $extract = 'sudo '; + $update = 'sudo '; + if ($instdir ne $homedir) { + ($homedir) = ($instdir =~ m{^(.*)/[^/]+$}); + } + } + $extract .= "tar zxf $sourcetarball --directory $homedir"; + $update .= './UPDATE'; + print "$extract\n". + "cd $homedir/$lcdir\n". + "$update\n"; if (-e '/etc/loncapa-release') { - print "/etc/init.d/loncontrol start\n"; - print "/etc/init.d/$apachename start\n"; + my $lcstart = '/etc/init.d/loncontrol start'; + if ($lc_uses_systemctl) { + $lcstart = '/home/httpd/perl/loncontrol start'; + } + my $apachestart = "/etc/init.d/$apachename start"; + if ($uses_systemctl) { + $apachestart = "systemctl start $apachename"; + } + if ($uses_sudo) { + $lcstart = 'sudo '.$lcstart; + $apachestart = 'sudo '.$apachestart; + } + print "$lcstart\n"; + print "$apachestart\n"; } } exit; @@ -1897,6 +2116,29 @@ sub build_and_install_mod_auth_external > #define SERVER_UIDS $num /* user "www" */ ENDPATCH + my $patch_code = <<"ENDPATCH"; +127a128 +> #include +214a216 +> #include +566c568 +< check_fails() +--- +> int check_fails() +589c591 +< log_failure() +--- +> void log_failure() +629c631 +< snooze(int seconds) +--- +> void snooze(int seconds) +653c655 +< main(int argc, char **argv) +--- +> int main(int argc, char **argv) +ENDPATCH + if (! -e "/usr/bin/patch") { print_and_log(&mt('You must install the software development tools package: [_1], when installing Linux.',"'patch'")."\n"); print_and_log(&mt('Authentication installation not completed.')."\n"); @@ -1907,9 +2149,17 @@ ENDPATCH return; } my $dir = "/tmp/pwauth-2.2.8"; + my $patchedok; if (open(PATCH,"| patch $dir/config.h")) { print PATCH $patch; close(PATCH); + if (open(PATCH,"| patch $dir/pwauth.c")) { + print PATCH $patch_code; + close(PATCH); + $patchedok = 1; + } + } + if ($patchedok) { print_and_log("\n"); ## ## Compile patched pwauth @@ -1980,7 +2230,8 @@ sub kill_extra_services { &print_and_log(&mt('Removing [_1] from startup.',$service)."\n"); if ($distro =~ /^(?:debian|ubuntu)(\d+)/) { my $version = $1; - if (($distro =~ /^ubuntu/) && ($version > 16)) { + if ((($distro =~ /^ubuntu/) && ($version > 16)) || + (($distro =~ /^debian/) && ($version >= 10))) { if (ref($uses_systemctl) eq 'HASH') { if ($uses_systemctl->{$service}) { if (`systemctl is-enabled $service`) { @@ -2012,17 +2263,27 @@ sub kill_extra_services { } sub setup_mysql { - my ($setup_mysql_permissions,$distro,$dbh,$has_pass,$has_lcdb) = @_; + my ($setup_mysql_permissions,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb,$distro) = @_; my @mysql_lc_commands; unless ($has_lcdb) { - push(@mysql_lc_commands,"CREATE DATABASE loncapa"); + my $createcmd = 'CREATE DATABASE loncapa'; + if ($distro =~ /^sles(\d+)/) { + if ($1 > 11) { + $createcmd .= ' CHARACTER SET utf8 COLLATE utf8_general_ci'; + } + } elsif ($distro =~ /^ubuntu(\d+)/) { + if ($1 > 16) { + $createcmd .= ' CHARACTER SET latin1 COLLATE latin1_swedish_ci'; + } + } + push(@mysql_lc_commands,$createcmd); } push(@mysql_lc_commands,"USE loncapa"); push(@mysql_lc_commands,qq{ CREATE TABLE IF NOT EXISTS metadata (title TEXT, author TEXT, subject TEXT, url TEXT, keywords TEXT, version TEXT, notes TEXT, abstract TEXT, mime TEXT, language TEXT, creationdate DATETIME, lastrevisiondate DATETIME, owner TEXT, copyright TEXT, domain TEXT, dependencies TEXT, modifyinguser TEXT, authorspace TEXT, lowestgradelevel TEXT, highestgradelevel TEXT, standards TEXT, count INT, course INT, course_list TEXT, goto INT, goto_list TEXT, comefrom INT, comefrom_list TEXT, sequsage INT, sequsage_list TEXT, stdno INT, stdno_list TEXT, avetries FLOAT, avetries_list TEXT, difficulty FLOAT, difficulty_list TEXT, disc FLOAT, disc_list TEXT, clear FLOAT, technical FLOAT, correct FLOAT, helpful FLOAT, depth FLOAT, hostname TEXT, FULLTEXT idx_title (title), FULLTEXT idx_author (author), FULLTEXT idx_subject (subject), FULLTEXT idx_url (url), FULLTEXT idx_keywords (keywords), FULLTEXT idx_version (version), FULLTEXT idx_notes (notes), FULLTEXT idx_abstract (abstract), FULLTEXT idx_mime (mime), FULLTEXT idx_language (language), FULLTEXT idx_owner (owner), FULLTEXT idx_copyright (copyright)) ENGINE=MYISAM }); if ($setup_mysql_permissions) { - &setup_mysql_permissions($dbh,$has_pass,@mysql_lc_commands); + &setup_mysql_permissions($dbh,$has_pass,$mysql_unix_socket,@mysql_lc_commands); } else { print_and_log(&mt('Skipping MySQL permissions setup.')."\n"); if ($dbh) { @@ -2039,25 +2300,32 @@ CREATE TABLE IF NOT EXISTS metadata (tit } sub setup_mysql_permissions { - my ($dbh,$has_pass,@mysql_lc_commands) = @_; - my ($mysqlversion,$mysqlsubver,$mysqlname) = &get_mysql_version(); - my ($usesauth,$is_mariadb,$hasauthcol,@mysql_commands); + my ($dbh,$has_pass,$mysql_unix_socket,@mysql_lc_commands) = @_; + my ($mysqlversion,$mysqlminorversion,$mysqlsubver,$mysqlname) = &get_mysql_version(); + my ($usescreate,$usesauth,$is_mariadb,$hasauthcol,@mysql_commands); if ($mysqlname =~ /^MariaDB/i) { $is_mariadb = 1; - if ($mysqlversion >= 10.2) { + if ((($mysqlversion == 10) && ($mysqlminorversion >= 4)) || ($mysqlversion >= 11)) { + $usescreate = 1; + } elsif (($mysqlversion == 10) && ($mysqlminorversion >= 2)) { $usesauth = 1; - } elsif ($mysqlversion >= 5.5) { + } elsif (($mysqlversion == 5) && ($mysqlminorversion >= 5)) { $hasauthcol = 1; } } else { - if (($mysqlversion > 5.7) || (($mysqlversion == 5.7) && ($mysqlsubver > 5))) { + if (($mysqlversion > 5) || (($mysqlminorversion == 5) && ($mysqlminorversion > 7)) || + (($mysqlversion == 5) && ($mysqlminorversion == 7) && ($mysqlsubver > 5))) { $usesauth = 1; - } elsif (($mysqlversion >= 5.6) || (($mysqlversion == 5.5) && ($mysqlsubver >= 7))) { + } elsif (($mysqlversion == 5) && + (($mysqlminorversion >= 6) || (($mysqlminorversion == 5) && ($mysqlsubver >= 7)))) { $hasauthcol = 1; } } - if ($usesauth) { - @mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')"); + if ($usescreate) { + @mysql_commands = ("CREATE USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); + } elsif ($usesauth) { + @mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')", + "FLUSH PRIVILEGES"); if ($is_mariadb) { push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); } else { @@ -2076,7 +2344,7 @@ INSERT db (Host,Db,User,Select_priv,Inse INSERT db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv) VALUES('localhost','loncapa','www','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y')"); } push(@mysql_commands,"DELETE FROM user WHERE host<>'localhost'"); - if ($has_pass) { + if (($has_pass) || ($mysql_unix_socket)) { if ($dbh) { push(@mysql_commands,"FLUSH PRIVILEGES"); if (@mysql_commands) { @@ -2163,17 +2431,127 @@ sub new_mysql_rootpasswd { } sub get_mysql_version { - my ($version,$subversion,$name); + my ($version,$minorversion,$subversion,$name); if (open(PIPE," mysql -V |")) { my $info = ; chomp($info); close(PIPE); - ($version,$subversion,$name) = ($info =~ /(\d+\.\d+)\.(\d+)(?:\-?(\w*),|)/); + ($version,$minorversion,$subversion,$name) = ($info =~ /(\d+)\.(\d+)\.(\d+)(?:\-?(\w*),|)/); } else { print &mt('Could not determine which version of MySQL is installed.'). "\n"; } - return ($version,$subversion,$name); + return ($version,$minorversion,$subversion,$name); +} + +sub check_systemd_update { + my ($distro) = @_; + my ($use_systemctl,$service); + $service = 'apache2.service'; + if ($distro =~ /^ubuntu(\w+)/) { + if ($1 >= 16) { + $use_systemctl = 1; + } + } elsif ($distro =~ /^debian(\w+)/) { + if ($1 >= 9) { + $use_systemctl = 1; + } + } elsif ($distro =~ /^fedora(\d+)/) { + $service = 'httpd.service'; + if ($1 >= 16) { + $use_systemctl = 1; + } + } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { + $service = 'httpd.service'; + if ($1 >= 7) { + $use_systemctl = 1; + } + } elsif ($distro =~ /^sles(\d+)/) { + if ($1 >= 12) { + $use_systemctl = 1; + } + } elsif ($distro =~ /^suse(\d+)/) { + if ($1 >= 13) { + $use_systemctl = 1; + } + } + if ($use_systemctl) { + my $needsupdate = &check_systemd_security($distro); + if ($needsupdate) { + if (!-d '/etc/systemd/system/'.$service.'.d') { + mkdir '/etc/systemd/system/'.$service.'.d', 0755; + } + if (-d '/etc/systemd/system/'.$service.'.d') { + if (-e '/etc/systemd/system/'.$service.'.d/override.conf') { + if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) { + my ($inservice,$addservice,$protectoff,$linenum,$change,@lines); + while (my $entry = <$fh>) { + $linenum ++; + chomp($entry); + if ($entry eq '[Service]') { + if (!$protectoff) { + $inservice = $linenum; + push(@lines,$entry); + } else { + $addservice = 1; + next; + } + } + if ($entry =~ /^ProtectHome\s*=\s*([\w-]+)\s*$/) { + my $value = $1; + if ($protectoff) { + next; + if (lc($value) eq 'no') { + $protectoff = $linenum; + push(@lines,$entry); + } else { + if ($protectoff) { + next; + } else { + push(@lines,'ProtectHome=no'); + $protectoff = $linenum; + $change = $linenum; + } + } + } + } + } + close($fh); + if ($addservice || $change || !$protectoff) { + if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { + if ($addservice) { + print $fh "[Service]\n"; + } + foreach my $entry (@lines) { + print $fh "$entry\n"; + } + close($fh); + print_and_log('Updated /etc/systemd/system/'.$service.'.d/override.conf'); + } else { + print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for writing.'); + } + } else { + print_and_log('No change needed in /etc/systemd/system/'.$service.'.d/override.conf'); + } + } else { + print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for reading.'); + } + } else { + if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { + print $fh '[Service]'."\n".'ProtectHome=no'."\n"; + close($fh); + print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf'); + } + } + } else { + print_and_log('No /etc/systemd/system/'.$service.'.d directory exists and creating one failed,'); + } + } else { + print_and_log('No update needed to systemd security settings for Apache web server.'); + } + } else { + print_and_log('No update needed to systemd, as this Linux distro does not use systemctl'); + } } ########################################################### @@ -2186,7 +2564,7 @@ sub get_mysql_version { sub copy_httpd_conf { my ($instdir,$distro) = @_; my $configfile = 'httpd.conf'; - if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { + if ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { if ($1 >= 7) { $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 5) { @@ -2233,7 +2611,7 @@ sub copy_mpm_conf { print_and_log("\n"); } else { my $logfail; - if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { + if ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { if ($1 > 7) { $logfail = 1; } @@ -2271,16 +2649,19 @@ sub copy_apache2_debconf { my $apache2_sites_enabled_dir = '/etc/apache2/sites-enabled'; my $apache2_sites_available_dir = '/etc/apache2/sites-available'; my $defaultconfig = "$apache2_sites_enabled_dir/000-default"; + my $defaultsite = "$apache2_sites_enabled_dir/loncapa.conf"; my ($distname,$version); if ($distro =~ /^(debian|ubuntu)(\d+)$/) { $distname = $1; $version = $2; } - if (($distname eq 'ubuntu') && ($version > 12)) { + if ((($distname eq 'ubuntu') && ($version > 12)) || + (($distname eq 'debian') && ($version >= 10))) { $defaultconfig = "$apache2_sites_enabled_dir/000-default.conf"; } my ($skipconf,$skipsite,$skipstatus); - if (($distname eq 'ubuntu') && ($version > 12)) { + if ((($distname eq 'ubuntu') && ($version > 12)) || + (($distname eq 'debian') && ($version >= 10))) { my $apache2_conf_enabled_dir = '/etc/apache2/conf-enabled'; my $apache2_conf_available_dir = '/etc/apache2/conf-available'; my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf'; @@ -2290,11 +2671,39 @@ sub copy_apache2_debconf { close(PIPE); chomp($diffres); if ($diffres) { - copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.original"); + copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.conf.original"); + } else { + copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.conf"); + chdir($apache2_conf_enabled_dir); + symlink('../conf-available/loncapa.conf','loncapa.conf'); + chdir($instdir); } if (-l $defaultconf) { my $linkfname = readlink($defaultconf); + if ($linkfname ne '') { + $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_conf_enabled_dir)); + } if ($linkfname eq "$apache2_conf_available_dir/loncapa") { + unlink($defaultconf); + } + } + unlink("$apache2_conf_available_dir/loncapa"); + } + } + if ((-e "$apache2_conf_available_dir/loncapa.conf") && (-e "$instdir/debian-ubuntu/ubuntu14/loncapa_conf")) { + if (open(PIPE, "diff --brief $apache2_conf_available_dir/loncapa.conf $instdir/debian-ubuntu/ubuntu14/loncapa_conf |")) { + my $diffres = ; + close(PIPE); + chomp($diffres); + if ($diffres) { + copy("$apache2_conf_available_dir/loncapa.conf","$apache2_conf_available_dir/loncapa.conf.original"); + } + if (-l $defaultconf) { + my $linkfname = readlink($defaultconf); + if ($linkfname ne '') { + $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_conf_enabled_dir)); + } + if ($linkfname eq "$apache2_conf_available_dir/loncapa.conf") { unless ($diffres) { $skipconf = 1; } @@ -2304,12 +2713,14 @@ sub copy_apache2_debconf { } unless ($skipconf) { print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from conf-enabled.',"'apache2'","'/etc/apache2/conf-available'","'loncapa.conf symlink'")."\n"); - copy("$instdir/debian-ubuntu/ubuntu14/loncapa_conf","$apache2_conf_available_dir/loncapa"); - chmod(0444,"$apache2_conf_available_dir/loncapa"); + copy("$instdir/debian-ubuntu/ubuntu14/loncapa_conf","$apache2_conf_available_dir/loncapa.conf"); + chmod(0444,"$apache2_conf_available_dir/loncapa.conf"); if (-l $defaultconf) { unlink($defaultconf); } - symlink("$apache2_conf_available_dir/loncapa","$defaultconf"); + chdir($apache2_conf_enabled_dir); + symlink('../conf-available/loncapa.conf','loncapa.conf'); + chdir($instdir); } my $stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_site"; if ((-e $stdsite) && (-e "$apache2_sites_available_dir/loncapa")) { @@ -2318,11 +2729,36 @@ sub copy_apache2_debconf { close(PIPE); chomp($diffres); if ($diffres) { - copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.original"); + copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.conf.original"); + } else { + copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.conf"); } if (-l $defaultconfig) { my $linkfname = readlink($defaultconfig); + if ($linkfname ne '') { + $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_sites_enabled_dir)); + } if ($linkfname eq "$apache2_sites_available_dir/loncapa") { + unlink($defaultconfig); + } + } + unlink("$apache2_sites_available_dir/loncapa"); + } + } + if ((-e $stdsite) && (-e "$apache2_sites_available_dir/loncapa.conf")) { + if (open(PIPE, "diff --brief $stdsite $apache2_sites_available_dir/loncapa.conf |")) { + my $diffres = ; + close(PIPE); + chomp($diffres); + if ($diffres) { + copy("$apache2_sites_available_dir/loncapa.conf","$apache2_sites_available_dir/loncapa.conf.original"); + } + if (-l $defaultsite) { + my $linkfname = readlink($defaultsite); + if ($linkfname ne '') { + $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_sites_enabled_dir)); + } + if ($linkfname eq "$apache2_sites_available_dir/loncapa.conf") { unless ($diffres) { $skipsite = 1; } @@ -2331,10 +2767,21 @@ sub copy_apache2_debconf { } } unless ($skipsite) { - print_and_log(&mt('Copying loncapa [_1] site file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default.conf symlink'")."\n"); - copy("$instdir/debian-ubuntu/ubuntu14/loncapa_site","$apache2_sites_available_dir/loncapa"); - chmod(0444,"$apache2_sites_available_dir/loncapa"); - symlink("$apache2_sites_available_dir/loncapa","$defaultconfig"); + print_and_log(&mt('Copying loncapa [_1] site file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'loncapa.conf symlink'")."\n"); + copy("$instdir/debian-ubuntu/ubuntu14/loncapa_site","$apache2_sites_available_dir/loncapa.conf"); + chmod(0444,"$apache2_sites_available_dir/loncapa.conf"); + chdir($apache2_sites_enabled_dir); + symlink('../sites-available/loncapa.conf','loncapa.conf'); + chdir($instdir); + } + if (-l $defaultconfig) { + my $linkfname = readlink($defaultconfig); + if ($linkfname ne '') { + $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_sites_enabled_dir)); + } + if ($linkfname eq "$apache2_sites_available_dir/000-default.conf") { + unlink($defaultconfig); + } } } else { if ((-e "$instdir/debian-ubuntu/loncapa") && (-e "$apache2_sites_available_dir/loncapa")) { @@ -2367,7 +2814,7 @@ sub copy_apache2_debconf { } } } - if ($distname eq 'ubuntu') { + if (($distname eq 'ubuntu') || ($distname eq 'debian')) { my $sitestatus = "$apache2_mods_available_dir/status.conf"; my $stdstatus = "$instdir/debian-ubuntu/status.conf"; if ((-e $sitestatus) && (-e $stdstatus)) { @@ -2568,31 +3015,47 @@ sub download_loncapa { print_and_log(" ------------------------------------------------------------------------ -".&mt('You seem to have a version of loncapa-current.tar.gz in [_1]',$instdir)."\n". +".&mt('You seem to have a version of [_1] in [_2]',$lctarball,$instdir)."\n". &mt('This copy will be used and a new version will NOT be downloaded.')."\n". &mt('If you wish, you may download a new version by executing:')." -wget http://install.loncapa.org/versions/loncapa-current.tar.gz +wget http://install.loncapa.org/versions/$lctarball ------------------------------------------------------------------------ "); } ## - ## untar loncapa.tar.gz + ## untar loncapa-X.Y.Z.tar.gz ## if ($have_tarball) { + my $homedir = '/root'; + my ($targetdir,$chdircmd,$updatecmd); + if (($distro =~ /^ubuntu/) && ($instdir ne $homedir)) { + ($homedir) = ($instdir =~ m{^(.*)/[^/]+$}); + $updatecmd = 'sudo ./UPDATE'; + } else { + $updatecmd = './UPDATE'; + } print_and_log(&mt('Extracting LON-CAPA source files')."\n"); - writelog(`cd ~root; tar zxf $instdir/$lctarball`); + if (-e $homedir) { + writelog(`tar zxf $instdir/$lctarball --directory $homedir`); + $targetdir = $homedir; + } else { + writelog(`tar zxf $instdir/$lctarball`); + $targetdir = $instdir; + } + if ($lctarball =~ /^loncapa\-(\d+\.\d+\.\d+(?:|[^.]+))\.tar\.gz$/) { + $chdircmd = "cd $targetdir/loncapa-".$1; + } else { + $chdircmd = "cd $targetdir/loncapa-X.Y.Z (X.Y.Z should correspond to a version number like '2.11.3')"; + } print_and_log("\n"); print &mt('LON-CAPA source files extracted.')."\n". - &mt('It remains for you to execute the following commands:')." - -cd /root/loncapa-X.Y.Z (X.Y.Z should correspond to a version number like '2.11.3') -./UPDATE - -".&mt('If you have any trouble, please see [_1] and [_2]', - 'http://install.loncapa.org/','http://help.loncapa.org/')."\n"; + &mt('It remains for you to execute the following commands:'). + "\n$chdircmd\n$updatecmd\n". + &mt('If you have any trouble, please see [_1] and [_2]', + 'http://install.loncapa.org/','http://help.loncapa.org/')."\n"; $updateshown = 1; } return ($have_tarball,$updateshown);