root/alternc/tags/0.9.8/debian/postinst

Revision 2117, 6.4 kB (checked in by anarcat, 8 months ago)

Major redesign of the MySQL backend interface to fix a security issue.
See: #318.

As of now, the MySQL configuration used everywhere by AlternC is not
stored in the main configuration file (/etc/alternc/local.sh) but in a
MySQL configuration file in /etc/alternc/my.cnf, which enables us to
call mysql without exposing the password on the commandline.

The changes here are quite invasive but will allow us to factor out
the MySQL configuration better. See #364.

This includes a partial rewrite of the mysql.sh logic, which is now ran
from the postinst script (and not alternc.install) which will allow us
to actually change the MySQL root user properly. See #601.

This commit was tested like this:

  • clean install on etch (working)
  • upgrade from a clean 0.9.7 (working)
Line 
1 #!/bin/sh
2
3 set -e
4
5 # Source debconf library.
6 . /usr/share/debconf/confmodule
7
8 CONFIGFILE="/etc/alternc/local.sh"
9
10 update_var() {
11     local question="$1"
12     local var="$2"
13     db_get "$question"
14     if [ ! -z "$RET" ]; then
15         grep -Eq "^ *$var=" $CONFIGFILE || echo "$var=" >> $CONFIGFILE
16         SED_SCRIPT="$SED_SCRIPT;s\\^ *$var=.*\\$var=\"$RET\"\\"
17     fi
18 }
19
20 # summary of how this script can be called:
21 #        * <postinst> `configure' <most-recently-configured-version>
22 #        * <old-postinst> `abort-upgrade' <new version>
23 #        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
24 #          <new-version>
25 #        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
26 #          <failed-install-package> <version> `removing'
27 #          <conflicting-package> <version>
28 # for details, see http://www.debian.org/doc/debian-policy/ or
29 # the debian-policy package
30 #
31 # quoting from the policy:
32 #     Any necessary prompting should almost always be confined to the
33 #     post-installation script, and should be protected with a conditional
34 #     so that unnecessary prompting doesn't happen if a package's
35 #     installation fails and the `postinst' is called with `abort-upgrade',
36 #     `abort-remove' or `abort-deconfigure'.
37
38 case "$1" in
39   configure)
40
41     # ajoute l'user postfix au groupe sasl
42     adduser --quiet postfix sasl
43
44     # corriger les permissions du chroot
45     mkdir -p /var/spool/postfix/var/run/saslauthd || true
46     dpkg-statoverride --quiet --update --add root sasl 710 /var/spool/postfix/var/run/saslauthd  || true
47
48     # build local.sh if it does not exist
49     if [ ! -f $CONFIGFILE ]; then
50         cat > $CONFIGFILE <<EOF
51 #!/bin/sh
52 #
53 # AlternC - Web Hosting System - Configuration
54 # This file will be modified on package configuration
55 # (e.g. upgrade or dpkg-reconfigure alternc)
56
57 # Hosting service name
58 HOSTING=""
59
60 # Primary hostname for this box (will be used to access the management panel)
61 FQDN=""
62
63 # Public IP
64 PUBLIC_IP=""
65
66 # Internal IP
67 # (most of the time, should be equal to PUBLIC_IP, unless you are behind
68 # firewall doing address translation)
69 INTERNAL_IP=""
70
71 # Monitoring IP or network (will be allowed to access Apache status)
72 MONITOR_IP=""
73
74 # Primary DNS hostname
75 NS1_HOSTNAME=""
76
77 # Secondary DNS hostname
78 NS2_HOSTNAME=""
79
80 # IP that have privilegied access to the DNS server. Separated by ';'.
81 BIND_INTERNAL=""
82
83 # Mail server hostname
84 DEFAULT_MX=""
85
86 # Note: MySQL username/password configuration now stored in /etc/alternc/my.cnf
87
88 # quels clients mysql sont permis (%, localhost, etc)
89 MYSQL_CLIENT=""
90
91 # Folder holding data (used for quota management)
92 ALTERNC_LOC=""
93
94 # Networks that SMTP should relay, separated with spaces
95 SMTP_RELAY_NETWORKS=""
96 EOF
97
98         chown root:www-data $CONFIGFILE
99         chmod 640 $CONFIGFILE
100     fi
101
102     # Update local.sh
103     # 1. use cp to keep permissions
104     # 2. add missing variable to local.sh
105     # 3. use sed to set variables with current values
106     echo "Updating $CONFIGFILE"
107     cp -a -f $CONFIGFILE $CONFIGFILE.tmp
108     # SED_SCRIPT will be modified by update_var
109     SED_SCRIPT=""
110     update_var alternc/hostingname HOSTING
111     update_var alternc/desktopname FQDN
112     update_var alternc/public_ip PUBLIC_IP
113     update_var alternc/internal_ip INTERNAL_IP
114     update_var alternc/monitor_ip MONITOR_IP
115     update_var alternc/ns1 NS1_HOSTNAME
116     update_var alternc/ns2 NS2_HOSTNAME
117     update_var alternc/bind_internal BIND_INTERNAL
118     update_var alternc/default_mx DEFAULT_MX
119     update_var alternc/mysql/client MYSQL_CLIENT
120     update_var alternc/alternc_location ALTERNC_LOC
121     update_var alternc/mynetwork SMTP_RELAY_NETWORKS
122     sed -e "$SED_SCRIPT" < $CONFIGFILE > $CONFIGFILE.tmp
123     mv -f $CONFIGFILE.tmp $CONFIGFILE
124
125     # Setup grants
126     db_get "alternc/mysql/host"
127     MYSQL_HOST="$RET"
128     if [ "$MYSQL_HOST" != "localhost" -o -e /usr/sbin/mysqld ]; then
129         # compatibility shims with my.cnf
130         host="$RET"
131         db_get "alternc/mysql/db"
132         database="$RET"
133         db_get "alternc/mysql/user"
134         user="$RET"
135         db_get "alternc/mysql/password"
136         password="$RET"
137        
138         # we source (instead of forking) mysql.sh so that it gets the local environment above
139         . /usr/share/alternc/install/mysql.sh
140     fi
141
142     # forget the password
143     db_reset alternc/mysql/password || true
144     db_fset alternc/mysql/password "seen" "false" || true
145
146     if [ -e $CONFIGFILE ]; then
147       # source local.sh variables
148       . $CONFIGFILE
149     fi
150
151     # Erase all apacheconf file
152     # They will be regenerated without the bug by upgrade_check.sh below.
153     if dpkg --compare-versions "$2" le "0.9.3.9-globenet14"; then
154         rm -f /var/alternc/apacheconf/*/*
155         rm -f /var/alternc/apacheconf/override_php.conf
156     fi
157
158     echo "checking for upgrades"
159     /usr/share/alternc/install/upgrade_check.sh $2
160
161     echo "config phpmyadmin"
162     include_str='include("/etc/alternc/phpmyadmin.inc.php")'
163     pma_config=/etc/phpmyadmin/config.inc.php
164     if ! grep -e "$include_str" $pma_config > /dev/null 2>&1; then
165         echo "<?php $include_str ?>" >> $pma_config
166     fi
167
168     # important: postinst gele sans ca
169     db_stop
170
171     echo "running alternc.install"
172     alternc.install
173
174     if [ -x /usr/sbin/apache ]; then
175         if [ ! -h /etc/apache-ssl/conf.d/alternc.conf ]; then
176             ln -sf /etc/alternc/apache-ssl.conf \
177                 /etc/apache-ssl/conf.d/alternc.conf
178         fi
179
180         if [ ! -h /etc/apache/conf.d/alternc.conf ]; then
181             ln -sf /etc/alternc/apache.conf \
182                 /etc/apache/conf.d/alternc.conf
183         fi
184
185         if [ ! -h /etc/apache/conf.d/override_php.conf ]; then
186             ln -sf /var/alternc/apacheconf/override_php.conf \
187                 /etc/apache/conf.d/override_php.conf
188         fi
189     fi
190     if [ -x /usr/sbin/apache2 ]; then
191         if [ ! -h /etc/apache2/conf.d/alternc.conf ]; then
192             ln -sf /etc/alternc/apache.conf \
193                 /etc/apache/conf.d/alternc.conf
194         fi
195         if [ ! -h /etc/apache2/conf.d/override_php.conf ]; then
196             ln -sf /var/alternc/apacheconf/override_php.conf \
197                 /etc/apache/conf.d/override_php.conf
198         fi
199
200     fi
201     ;;
202
203     abort-upgrade|abort-remove|abort-deconfigure)
204
205     ;;
206
207     *)
208         echo "postinst called with unknown argument \`$1'" >&2
209         exit 1
210     ;;
211
212 esac
213
214 # dh_installdeb will replace this with shell code automatically
215 # generated by other debhelper scripts.
216
217 #DEBHELPER#
218
219 exit 0
220
221 # vim: et sw=4
222
Note: See TracBrowser for help on using the browser.