--- doc/install/linux/install.pl 2011/03/21 13:32:44 1.4 +++ doc/install/linux/install.pl 2011/04/24 22:44:50 1.10 @@ -72,7 +72,7 @@ if (!open(LOG,">>loncapa_install.log")) &mt('Stopping execution.')."\n"; exit; } else { - print LOG '$Id: install.pl,v 1.4 2011/03/21 13:32:44 raeburn Exp $'."\n"; + print LOG '$Id: install.pl,v 1.10 2011/04/24 22:44:50 raeburn Exp $'."\n"; } # @@ -293,7 +293,7 @@ sub check_prerequisites { } else { my $line = ; chomp($line); - if ($line =~ /^LONCAPA-prerequisites\-([\d\-]+)\.(\w+)$/) { + if ($line =~ /^LONCAPA\-prerequisites\-([\d\-]+)\.(?:[.\w]+)$/) { $gotprereqs = $1; } } @@ -305,6 +305,50 @@ sub check_prerequisites { return $gotprereqs; } +sub check_locale { + my ($distro) = @_; + my ($fh,$langvar,$command); + $langvar = 'LANG'; + if ($distro =~ /^(ubuntu|debian)/) { + if (!open($fh,"; + chomp(@data); + foreach my $item (@data) { + if ($item =~ /^\Q$langvar\E=\"([^\"]*)\"/) { + my $default = $1; + if ($default ne 'en_US.UTF-8') { + if ($distro =~ /^debian/) { + $command = 'dpkg-reconfigure locales'; + } elsif ($distro =~ /^ubuntu/) { + $command = 'sudo set-language-env -E'; + } elsif ($distro =~ /^(suse|sles)/) { + $command = 'yast language'; + } else { + $command = 'system-config-language'; + } + } + last; + } + } + close($fh); + return $command; +} + sub check_required { my ($instdir,$dsn) = @_; my ($distro,$packagecmd,$updatecmd,$installnow) = &get_distro(); @@ -313,10 +357,14 @@ sub check_required { } my $gotprereqs = &check_prerequisites($packagecmd,$distro); if ($gotprereqs eq '') { - return ($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow); + return ($distro,$gotprereqs); + } + my $localecmd = &check_locale($distro); + unless ($localecmd eq '') { + return ($distro,$gotprereqs,$localecmd); } my ($mysqlon,$mysqlsetup,$dbh,$has_pass,$has_lcdb,%recommended,$downloadstatus, - $filetouse,$production,$testing); + $filetouse,$production,$testing,$apachefw,$tostop); my $wwwuid = &uid_of_www(); my $wwwgid = getgrnam('www'); if (($wwwuid eq '') || ($wwwgid eq '')) { @@ -344,16 +392,15 @@ sub check_required { $recommended{'mysql'} = 1; } } - my $tostop; - $recommended{'firewall'} = &chkfirewall($distro); - ($recommended{'runlevels'},$tostop) = &chkconfig($distro); + ($recommended{'firewall'},$apachefw) = &chkfirewall($distro); + ($recommended{'runlevels'},$tostop) = &chkconfig($distro,$instdir); $recommended{'apache'} = &chkapache($distro,$instdir); $recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop); ($recommended{'download'},$downloadstatus,$filetouse,$production,$testing) = &need_download(); - return ($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow, + return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow, \%recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus, - $filetouse,$production,$testing); + $filetouse,$production,$testing,$apachefw); } sub check_mysql_running { @@ -362,11 +409,19 @@ sub check_mysql_running { if ($distro =~ /^(suse|sles|debian|ubuntu)/) { $mysqldaemon = 'mysql'; } - if (open(PIPE,"ps -ef |grep mysqld_safe |grep -v grep 2>&1 |")) { + my $process = 'mysqld_safe'; + my $proc_owner = 'root'; + if ($distro =~ /^ubuntu(\w+)/) { + if ($1 >= 10) { + $process = 'mysqld'; + $proc_owner = 'mysql'; + } + } + if (open(PIPE,"ps -ef |grep $process |grep -v grep 2>&1 |")) { my $status = ; close(PIPE); chomp($status); - if ($status =~ /^root\s+\d+\s+/) { + if ($status =~ /^\Q$proc_owner\E\s+\d+\s+/) { print_and_log(&mt('MySQL is running.')."\n"); return 1; } else { @@ -394,51 +449,62 @@ sub check_mysql_running { } sub chkconfig { - my ($distro) = @_; + my ($distro,$instdir) = @_; my (%needfix,%tostop); my $checker_bin = '/sbin/chkconfig'; - my $mysqldaemon ='mysqld'; - my $webserver = 'httpd'; - my $cupsdaemon = 'cups'; + my %daemon = ( + mysql => 'mysqld', + apache => 'httpd', + cups => 'cups', + ntp => 'ntpd', + memcached => 'memcached', + ); my @runlevels = qw/3 4 5/; my @norunlevels = qw/0 1 6/; if ($distro =~ /^(suse|sles)/) { @runlevels = qw/3 5/; @norunlevels = qw/0 2 1 6/; - $mysqldaemon = 'mysql'; - $webserver = 'apache2'; + $daemon{'mysql'} = 'mysql'; + $daemon{'apache'} = 'apache2'; + $daemon{'ntp'} = 'ntp'; if ($distro =~ /^(suse|sles)9/) { - $webserver = 'apache'; + $daemon{'apache'} = 'apache'; } - } elsif ($distro =~ /^(debian|ubuntu)/) { + } elsif ($distro =~ /^(?:debian|ubuntu)(\d+)/) { + my $version = $1; @runlevels = qw/2 3 4 5/; @norunlevels = qw/0 1 6/; $checker_bin = '/usr/sbin/sysv-rc-conf'; - $mysqldaemon = 'mysql'; - $webserver = 'apache2'; + $daemon{'mysql'} = 'mysql'; + $daemon{'apache'} = 'apache2'; + $daemon{'ntp'} = 'ntp'; + if (($distro =~ /^ubuntu/) && ($version <= 8)) { + $daemon{'cups'} = 'cupsys'; + } } if (! -x $checker_bin) { - print &mt('Could not check runlevel status for MySQL or Apache.')."\n"; + print &mt('Could not check runlevel status for MySQL or Apache')."\n"; return; } my $rlstr = join('',@runlevels); my $nrlstr = join('',@norunlevels); - foreach my $type ('apache','mysql','cups') { - my $service; - if ($type eq 'apache') { - $service = $webserver; - } elsif ($type eq 'mysql') { - $service = $mysqldaemon; - } elsif ($type eq 'cups') { - $service = $cupsdaemon; - } + foreach my $type ('apache','mysql','ntp','cups','memcached') { + my $service = $daemon{$type}; my $command = $checker_bin.' --list '.$service; + if ($type eq 'cups') { + if ($distro =~ /^(?:debian|ubuntu)(\d+)/) { + my $version = $1; + if (($distro =~ /^ubuntu/) && ($version <= 8)) { + $command = $checker_bin.' --list cupsys'; + } + } + } my $results = `$command`; my $tofix; if ($results eq '') { - if (($type eq 'apache') || ($type eq 'mysql')) { + if (($type eq 'apache') || ($type eq 'mysql') || ($type eq 'ntp')) { if ($distro =~ /^(debian|ubuntu)/) { - $tofix = "$checker_bin --level $nrlstr $service off\n"; + $tofix = "update-rc.d $type defaults"; } else { $tofix = "$checker_bin --add $service\n"; } @@ -448,7 +514,7 @@ sub chkconfig { for (my $rl=0; $rl<=6; $rl++) { if ($results =~ /$rl:on/) { $curr_runlevels{$rl}++; } } - if (($type eq 'apache') || ($type eq 'mysql')) { + if (($type eq 'apache') || ($type eq 'mysql') || ($type eq 'ntp')) { my $warning; foreach my $rl (@runlevels) { if (!exists($curr_runlevels{$rl})) { @@ -464,7 +530,7 @@ sub chkconfig { } if ($tofix) { $needfix{$type} = $tofix; - } + } } if ($distro =~ /^(suse|sles)([\d\.]+)$/) { my $name = $1; @@ -476,26 +542,29 @@ sub chkconfig { $major = $version; } if ($major > 10) { - $needfix{'insserv'} = &check_SuSEfirewall2_setup(); + if (&check_SuSEfirewall2_setup($instdir)) { + $needfix{'insserv'} = 1; + } } } return (\%needfix,\%tostop); } sub chkfirewall { + my ($distro) = @_; my $configfirewall = 1; my %ports = ( http => 80, https => 443, ); + my %activefw; if (&firewall_is_active()) { my $iptables = &get_pathto_iptables(); if ($iptables eq '') { print &mt('Firewall not checked as path to iptables not determined.')."\n"; } else { - my @fwchains = &get_fw_chains($iptables); + my @fwchains = &get_fw_chains($iptables,$distro); if (@fwchains) { - my %activefw; foreach my $service ('http','https') { foreach my $fwchain (@fwchains) { if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) { @@ -514,18 +583,18 @@ sub chkfirewall { } else { print &mt('Firewall not enabled.')."\n"; } - return $configfirewall; + return ($configfirewall,\%activefw); } sub chkapache { my ($distro,$instdir) = @_; my $fixapache = 1; if ($distro =~ /^(debian|ubuntu)/) { - if (!-e "$instdir/apache2.conf") { + if (!-e "$instdir/debian-ubuntu/apache2.conf") { $fixapache = 0; print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n"; - } elsif ((-e "/etc/apache2/sites-available/loncapa") && (-e "$instdir/apache2.conf")) { - if (open(PIPE, "diff --brief $instdir/apache2.conf /etc/apache2/sites-available/loncapa |")) { + } elsif ((-e "/etc/apache2/sites-available/loncapa") && (-e "$instdir/debian-ubuntu/apache2.conf")) { + if (open(PIPE, "diff --brief $instdir/debian-ubuntu/apache2.conf /etc/apache2/sites-available/loncapa |")) { my $diffres = ; close(PIPE); chomp($diffres); @@ -534,16 +603,37 @@ sub chkapache { } } } + if (!$fixapache) { + foreach my $module ('headers.load','expires.load') { + unless (-l "/etc/apache2/mods-enabled/$module") { + $fixapache = 1; + } + } + } } elsif ($distro =~ /^(?:suse|sles)([\d\.]+)$/) { my $apache = 'apache'; if ($1 >= 10) { - my $apache = 'apache2'; + $apache = 'apache2'; + } + if (!-e "$instdir/sles-suse/default-server.conf") { + $fixapache = 0; + print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n"; + } elsif ((-e "/etc/$apache/default-server.conf") && (-e "$instdir/sles-suse/default-server.conf")) { + if (open(PIPE, "diff --brief $instdir/sles-suse/default-server.conf /etc/$apache/default-server.conf |")) { + my $diffres = ; + close(PIPE); + chomp($diffres); + unless ($diffres) { + $fixapache = 0; + } + } } - if (!-e "$instdir/default-server.conf") { + } elsif ($distro eq 'rhes4') { + if (!-e "$instdir/rhes4/httpd.conf") { $fixapache = 0; print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n"; - } elsif ((-e "/etc/$apache/default-server.conf") && (-e "$instdir/default-server.conf")) { - if (open(PIPE, "diff --brief $instdir/default-server.conf /etc/$apache/default-server.conf |")) { + } elsif ((-e "/etc/httpd/conf/httpd.conf") && (-e "$instdir/rhes4/httpd.conf")) { + if (open(PIPE, "diff --brief $instdir/rhes4/httpd.conf /etc/httpd/conf/httpd.conf |")) { my $diffres = ; close(PIPE); chomp($diffres); @@ -553,15 +643,14 @@ sub chkapache { } } } else { - if (!-e "$instdir/httpd.conf") { + if (!-e "$instdir/centos-rhes-fedora-sl/httpd.conf") { $fixapache = 0; print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n"; - } elsif ((-e "/etc/httpd/conf/httpd.conf") && (-e "$instdir/httpd.conf")) { - if (open(PIPE, "diff --brief $instdir/httpd.conf /etc/httpd/conf/httpd.conf |")) { + } elsif ((-e "/etc/httpd/conf/httpd.conf") && (-e "$instdir/centos-rhes-fedora-sl/httpd.conf")) { + if (open(PIPE, "diff --brief $instdir/centos-rhes-fedora-sl/httpd.conf /etc/httpd/conf/httpd.conf |")) { my $diffres = ; close(PIPE); chomp($diffres); - print "Diff is ||$diffres||\n"; unless ($diffres) { $fixapache = 0; } @@ -577,7 +666,7 @@ sub chksrvcs { if (ref($tostop) eq 'HASH') { %stopsrvcs = %{$tostop}; } - foreach my $service ('cups') { + foreach my $service ('cups','memcached') { next if (exists($stopsrvcs{$service})); my $daemon = $service; if ($service eq 'cups') { @@ -589,10 +678,16 @@ sub chksrvcs { chomp($daemonrunning); close(PIPE); if ($daemonrunning) { - $stopsrvcs{$service} = 1; + if ($service eq 'memcached') { + unless ($daemonrunning =~ m{^www[^/]+\Q/usr/sbin/memcached -m 400 -v\E$}) { + $stopsrvcs{$service} = 1; + } + } else { + $stopsrvcs{$service} = 1; + } } } - } + } return \%stopsrvcs; } @@ -774,7 +869,7 @@ sub firewall_is_active { } sub get_fw_chains { - my ($iptables) = @_; + my ($iptables,$distro) = @_; my @fw_chains; my $suse_config = "/etc/sysconfig/SuSEfirewall2"; my $ubuntu_config = "/etc/ufw/ufw.conf"; @@ -784,6 +879,8 @@ sub get_fw_chains { my @posschains; if (-e $ubuntu_config) { @posschains = ('ufw-user-input','INPUT'); + } elsif ($distro =~ /^debian5/) { + @posschains = ('INPUT'); } else { @posschains = ('RH-Firewall-1-INPUT','INPUT'); if (!-e '/etc/sysconfig/iptables') { @@ -863,8 +960,8 @@ sub get_mysql_password { sub check_SuSEfirewall2_setup { my ($instdir) = @_; my $need_override = 1; - if ((-e "/etc/insserv/overrides/SuSEfirewall2_setup") && (-e "$instdir/SuSEfirewall2_setup")) { - if (open(PIPE, "diff --brief $instdir/SuSEfirewall2_setup /etc/insserv/overrides/SuSEfirewall2_setup |")) { + if ((-e "/etc/insserv/overrides/SuSEfirewall2_setup") && (-e "$instdir/sles-suse/SuSEfirewall2_setup")) { + if (open(PIPE, "diff --brief $instdir/sles-suse/SuSEfirewall2_setup /etc/insserv/overrides/SuSEfirewall2_setup |")) { my $diffres = ; close(PIPE); chomp($diffres); @@ -976,9 +1073,9 @@ my %prompts = &texthash( print "\n".&mt('Checking system status ...')."\n"; my $dsn = "DBI:mysql:database=mysql"; -my ($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow,$recommended, +my ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$recommended, $dbh,$has_pass,$has_lcdb,$downloadstatus,$filetouse,$production, - $testing) = &check_required($instdir,$dsn); + $testing,$apachefw) = &check_required($instdir,$dsn); if ($distro eq '') { print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n". &mt('The following are supported: [_1].', @@ -987,6 +1084,13 @@ if ($distro eq '') { &mt('Stopping execution.')."\n"; exit; } +if ($localecmd ne '') { + print "\n".&mt('Although the LON-CAPA application itself is localized for a number of different languages, the default locale language for the Linux OS on which it runs should be US English.')."\n"; + print "\n".&mt('Run the following command from the command line to set the default language for your OS, and then run this LON-CAPA installation set-up script again.')."\n\n". + $localecmd."\n\n". + &mt('Stopping execution.')."\n"; + exit; +} if (!$gotprereqs) { print "\n".&mt('The LONCAPA-prequisites package is not installed.')."\n". &mt('The following command can be used to install the package (and dependencies):')."\n\n". @@ -1006,9 +1110,10 @@ if (!$gotprereqs) { &mt('Stopping execution.')."\n"; exit; } else { - ($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow, + ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow, $recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus, - $filetouse) = &check_required($instdir,$dsn); + $filetouse,$production,$testing,$apachefw) = + &check_required($instdir,$dsn); } } else { print &mt('Failed to run command to install LONCAPA-prequisites')."\n"; @@ -1166,22 +1271,38 @@ if ($callsub{'runlevels'}) { if ($callsub{'firewall'}) { if ($distro =~ /^(suse|sles)/) { - print &mt('Use [_1].','yast')."\n"; - } elsif ($distro =~ /^(debian|ubuntu)/) { - print &mt('Use [_1].','ufw')."\n"; + print &mt('Use [_1] to configure the firewall to allow access for [_2].', + 'yast -- Security and Users -> Firewall -> Interfaces', + 'ssh, http, https')."\n"; + } elsif ($distro =~ /^(debian|ubuntu)(\d+)/) { + if (($1 eq 'ubuntu') || ($2 > 5)) { + print &mt('Use [_1] to configure the firewall to allow access for [_2].', + 'ufw','ssh, http, https')."\n"; + } else { + my $fwadded = &get_iptables_rules($distro,$instdir,$apachefw); + if ($fwadded) { + print &mt('Enable firewall? ~[Y/n~]'); + my $enable_iptables = &get_user_selection(1); + if ($enable_iptables) { + system('/etc/network/if-pre-up.d/iptables'); + print &mt('Firewall enabled using rules defined in [_1].', + '/etc/iptables.loncapa.rules'); + } + } + } } else { - print &mt('Use [_1].','setup')."\n"; + print &mt('Use [_1] to configure the firewall to allow access for [_2].', + 'setup -- Firewall confiuration -> Customize', + 'ssh, http, https')."\n"; } } else { - if ($distro =~ /^(suse|sles)/) { - &print_and_log(&mt('Skipping Firewall configuration.')."\n"); - } + &print_and_log(&mt('Skipping Firewall configuration.')."\n"); } if ($callsub{'stopsrvcs'}) { &kill_extra_services($distro,$recommended->{'stopsrvcs'}); } else { - &print_and_log(&mt('Skipping stopping unnecessary services ([_1] and [_2] daemons).',"'cups'","'sendmail'")."\n"); + &print_and_log(&mt('Skipping stopping unnecessary service ([_1] daemons).',"'cups','memcached'")."\n"); } my ($have_tarball,$updateshown); @@ -1345,7 +1466,7 @@ END # Install patched pwauth print_and_log(&mt('Copying pwauth to [_1]',' /usr/local/sbin')."\n"); if (copy "$dir/pwauth","/usr/local/sbin/pwauth") { - if (chmod (06755, "/usr/local/sbin/pwauth")) { + if (chmod(06755, "/usr/local/sbin/pwauth")) { print_and_log(&mt('[_1] copied successfully',"'pwauth'"). "\n"); } else { @@ -1370,19 +1491,27 @@ sub kill_extra_services { if (ref($stopsrvcs) eq 'HASH') { my @stopping = sort(keys(%{$stopsrvcs})); if (@stopping) { - my $kill_list = join("',' ",@stopping); + my $kill_list = join("', '",@stopping); if ($kill_list) { $kill_list = "'".$kill_list."'"; - &print_and_log("\n".&mt('Killing unneccessary services ([_1] daemon(s)).',$kill_list)."\n"); - foreach my $daemon (@stopping) { - my $service = $daemon; - &print_and_log(`/etc/init.d/$service stop`); - &print_and_log(&mt('Removing [_1] from startup.',$service)."\n"); - if ($daemon eq 'cupsd') { - $service = 'cups'; + &print_and_log("\n".&mt('Killing unnecessary services ([_1] daemon(s)).',$kill_list)."\n"); + foreach my $service (@stopping) { + my $daemon = $service; + if ($service eq 'cups') { + $daemon = 'cupsd'; + if ($distro =~ /^(?:debian|ubuntu)(\d+)/) { + my $version = $1; + if (($distro =~ /^ubuntu/) && ($version <= 8)) { + $daemon = 'cupsys'; + } + } elsif ($distro =~ /^(?:suse|sles)/) { + $daemon = 'cups'; + } } + &print_and_log(`/etc/init.d/$daemon stop`); + &print_and_log(&mt('Removing [_1] from startup.',$service)."\n"); if ($distro =~ /^(debian|ubuntu)/) { - &print_and_log(`/usr/sbin/sysv-rc-conf $service off`); + &print_and_log(`update-rc.d -f $daemon remove`); } else { &print_and_log(`chkconfig --del $service`); } @@ -1536,7 +1665,7 @@ sub copy_httpd_conf { "'/etc/httpd/conf/httpd.conf'")."\n"); copy "/etc/httpd/conf/httpd.conf","/etc/httpd/conf/httpd.conf.original"; copy "$instdir/httpd.conf","/etc/httpd/conf/httpd.conf"; - chmod 0444,"/etc/httpd/conf/httpd.conf"; + chmod(0444,"/etc/httpd/conf/httpd.conf"); print_and_log("\n"); } @@ -1550,17 +1679,25 @@ sub copy_httpd_conf { sub copy_apache2_debconf { my ($instdir) = @_; print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default symlink'")."\n"); - my $apache2_enabled_dir = '/etc/apache2/sites-enabled'; - my $apache2_available_dir = '/etc/apache2/sites-available'; - if (-l "$apache2_enabled_dir/000-default") { - unlink("$apache2_enabled_dir/000-default"); - } - if (-e "$apache2_available_dir/loncapa") { - copy("$apache2_available_dir/loncapa","$apache2_available_dir/loncapa.original"); - } - copy("$instdir/apache2.conf","$apache2_available_dir/loncapa"); - chmod(0444,"$apache2_available_dir/loncapa"); - symlink("$apache2_available_dir/loncapa","$apache2_enabled_dir/000-default"); + my $apache2_sites_enabled_dir = '/etc/apache2/sites-enabled'; + my $apache2_sites_available_dir = '/etc/apache2/sites-available'; + if (-l "$apache2_sites_enabled_dir/000-default") { + unlink("$apache2_sites_enabled_dir/000-default"); + } + if (-e "$apache2_sites_available_dir/loncapa") { + copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.original"); + } + copy("$instdir/debian-ubuntu/apache2.conf","$apache2_sites_available_dir/loncapa"); + chmod(0444,"$apache2_sites_available_dir/loncapa"); + symlink("$apache2_sites_available_dir/loncapa","$apache2_sites_enabled_dir/000-default"); + my $apache2_mods_enabled_dir = '/etc/apache2/mods-enabled'; + my $apache2_mods_available_dir = '/etc/apache2/mods-available'; + foreach my $module ('headers.load','expires.load') { + unless (-l "$apache2_mods_enabled_dir/$module") { + symlink("$apache2_mods_available_dir/$module","$apache2_mods_enabled_dir/$module"); + print_and_log(&mt('Enabling "[_1]" Apache module.',$module)."\n"); + } + } print_and_log("\n"); } @@ -1580,8 +1717,8 @@ sub copy_apache2_suseconf { if (!-e "/etc/apache2/default-server.conf.original") { copy "/etc/apache2/default-server.conf","/etc/apache2/default-server.conf.original"; } - copy "$instdir/default-server.conf","/etc/apache2/default-server.conf"; - chmod 0444,"/etc/apache2/default-server.conf"; + copy "$instdir/sles-suse/default-server.conf","/etc/apache2/default-server.conf"; + chmod(0444,"/etc/apache2/default-server.conf"); # Make symlink for conf directory (included in loncapa_apache.conf) my $can_symlink = (eval { symlink('/etc/apache2','/srv/www/conf'); }, $@ eq ''); if ($can_symlink) { @@ -1607,8 +1744,8 @@ sub copy_apache2_conf_files { if (!-e "/etc/apache2/uid.conf.original") { copy "/etc/apache2/uid.conf","/etc/apache2/uid.conf.original"; } - copy "$instdir/uid.conf","/etc/apache2/uid.conf"; - chmod 0444,"/etc/apache2/uid.conf"; + copy "$instdir/sles-suse/uid.conf","/etc/apache2/uid.conf"; + chmod(0444,"/etc/apache2/uid.conf"); } ############################################### @@ -1622,8 +1759,8 @@ sub copy_sysconfig_apache2_file { if (!-e "/etc/sysconfig/apache2.original") { copy "/etc/sysconfig/apache2","/etc/sysconfig/apache2.original"; } - copy "$instdir/sysconfig_apache2","/etc/sysconfig/apache2"; - chmod 0444,"/etc/sysconfig/apache2"; + copy "$instdir/sles-suse/sysconfig_apache2","/etc/sysconfig/apache2"; + chmod(0444,"/etc/sysconfig/apache2"); } ############################################### @@ -1645,8 +1782,69 @@ sub update_SuSEfirewall2_setup { } elsif (!-e "/etc/insserv/overrides/SuSEfirewall2_setup.original") { copy "/etc/insserv/overrides/SuSEfirewall2_setup","/etc/insserv/overrides/SuSEfirewall2_setup.original" } - copy "$instdir/SuSEfirewall2_setup","/etc/insserv/overrides/SuSEfirewall2_setup"; - chmod 0444,"/etc/insserv/overrides/SuSEfirewall2_setup"; + copy "$instdir/sles-suse/SuSEfirewall2_setup","/etc/insserv/overrides/SuSEfirewall2_setup"; + chmod(0444,"/etc/insserv/overrides/SuSEfirewall2_setup"); +} + +sub get_iptables_rules { + my ($distro,$instdir,$apachefw) = @_; + my (@fwchains,@ports); + if (&firewall_is_active()) { + my $iptables = &get_pathto_iptables(); + if ($iptables ne '') { + @fwchains = &get_fw_chains($iptables,$distro); + } + } + if (ref($apachefw) eq 'HASH') { + foreach my $service ('http','https') { + unless ($apachefw->{$service}) { + push (@ports,$service); + } + } + } else { + @ports = ('http','https'); + } + if (@ports == 0) { + return; + } + my $ask_to_enable; + if (-e "/etc/iptables.loncapa.rules") { + if (open(PIPE, "diff --brief $instdir/debian-ubuntu/iptables.loncapa.rules /etc/iptables.loncapa.rules |")) { + my $diffres = ; + close(PIPE); + chomp($diffres); + if ($diffres) { + print &mt('Warning: [_1] exists but differs from LON-CAPA supplied file.','/etc/iptables.loncapa.rules')."\n"; + } + } else { + print &mt('Error: unable to open [_1] to compare contents with LON-CAPA supplied file.','/etc/iptables.loncapa.rules')."\n"; + } + } else { + if (-e "$instdir/debian-ubuntu/iptables.loncapa.rules") { + copy "$instdir/debian-ubuntu/iptables.loncapa.rules","/etc/iptables.loncapa.rules"; + chmod(0600,"/etc/iptables.loncapa.rules"); + } + } + if (-e "/etc/iptables.loncapa.rules") { + if (-e "/etc/network/if-pre-up.d/iptables") { + if (open(PIPE, "diff --brief $instdir/debian-ubuntu/iptables /etc/network/if-pre-up/iptables |")) { + my $diffres = ; + close(PIPE); + chomp($diffres); + if ($diffres) { + print &mt('Warning: [_1] exists but differs from LON-CAPA supplied file.','/etc/network/if-pre-up.d/iptables')."\n"; + } + } else { + print &mt('Error: unable to open [_1] to compare contents with LON-CAPA supplied file.','/etc/network/if-pre-up.d/iptables')."\n"; + } + } else { + copy "$instdir/debian-ubuntu/iptables","/etc/network/if-pre-up.d/iptables"; + chmod(0755,"/etc/network/if-pre-up.d/iptables"); + print_and_log(&mt('Installed script "[_1]" to add iptables rules to block all ports except 22, 80, and 443 when network is enabled during boot.','/etc/network/if-pre-up.d/iptables')); + $ask_to_enable = 1; + } + } + return $ask_to_enable; } sub download_loncapa {