Context Navigation

source: alternc/trunk/install/alternc.install @ 2260

Revision 2260, 10.7 KB checked in by anarcat, 5 years ago (diff)
security precaution: leave the my.cnf readable only to the webserver. we're protected by the openbasedir

Line
1	#!/bin/sh
2	#
3	# AlternC Main install script.
4	# This script should be launched only once, when installing AlternC
5	# on a new server. THIS SCRIPT ERASE ALL DATA ON THE AlternC SYSTEM !!
6	# YOU HAVE BEEN WARNED !
7
8	# This script now assumes it has MySQL connectivity through
9	# /etc/alternc/my.cnf
10
11	set -e
12
13	. /usr/lib/alternc/functions.sh
14
15	#######################################################################
16	# Script configuration
17	#
18
19	# Configuration template location
20	TEMPLATE_DIR="/etc/alternc/templates"
21
22	# Find needed configuration files (without the initial '/')
23	# replace this one unconditionnally
24	CONFIG_FILES="etc/alternc/bureau.conf"
25
26	if [ -e /etc/bind/named.conf ]; then
27	CONFIG_FILES="$CONFIG_FILES etc/bind/templates/zone.template
28	etc/bind/templates/named.template etc/bind/named.conf"
29	fi
30	if [ -e /etc/courier/authdaemonrc ]; then
31	CONFIG_FILES="$CONFIG_FILES etc/courier/authdaemonrc
32	etc/courier/authmysqlrc"
33	fi
34	if [ -d /etc/postfix ]; then
35	CONFIG_FILES="$CONFIG_FILES etc/postfix/main.cf etc/postfix/myalias.cf
36	etc/postfix/mydomain.cf etc/postfix/mygid.cf
37	etc/postfix/myvirtual.cf etc/postfix/sasl/smtpd.conf"
38	fi
39	if [ -e /etc/proftpd/proftpd.conf ]; then
40	CONFIG_FILES="$CONFIG_FILES etc/proftpd/proftpd.conf etc/proftpd/welcome.msg etc/proftpd/modules.conf"
41	fi
42	if [ -e /etc/squirrelmail/apache.conf ]; then
43	CONFIG_FILES="$CONFIG_FILES etc/squirrelmail/apache.conf"
44	fi
45
46	if [ -e /etc/default/saslauthd ]; then
47	CONFIG_FILES="$CONFIG_FILES etc/default/saslauthd"
48	fi
49
50	INSTALLED_CONFIG_TAR="/var/backups/alternc/etc-installed.tar.gz"
51
52	#######################################################################
53	# Look for modified configuration files
54	#
55	if [ -f "$INSTALLED_CONFIG_TAR" ]; then
56	CHANGED="`tar -zdf "$INSTALLED_CONFIG_TAR" -C / 2> /dev/null \|
57	grep -v 'Uid differs'\|grep -v 'Gid differs' \|grep -v 'Mode differs' \|
58	sed -e 's/^\([^:]\)./ \1/' \| sort -u`"
59	if [ ! -z "$CHANGED" ]; then
60	echo "The following configuration files has changed since last AlternC"
61	echo "installation :"
62	echo "$CHANGED"
63	echo ""
64	if [ "$1" = "force" ]; then
65	echo "Replacing them as you requested."
66	else
67	echo "These configuration files should normally be modified by"
68	echo "changing the template in $TEMPLATE_DIR and then calling"
69	echo "$0 to perform the update."
70	echo ""
71	echo "Please examine the situation closely and call '$0 force'"
72	echo "if you still want to actually overwrite these files."
73	exit 1
74	fi
75	fi
76	fi
77
78	#######################################################################
79	# Prepare template expansions
80	#
81
82	. /etc/alternc/local.sh
83
84	# XXX: copy-paste from debian/config
85	if [ -r /etc/alternc/my.cnf ]; then
86	# make mysql configuration available as shell variables
87	# to convert from .cnf to shell syntax, we:
88	# * match only lines with "equal" in them (/=/)
89	# * remove whitespace around the = and add a left quote operator ' (;s)
90	# * add a right quote operator at the end of line (;s)
91	# * convert mysql variables into our MYSQL_ naming convention (;s)
92	# * print the result (;p)
93	eval `sed -n -e "/=/{s/ = \"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_USER/;s/password/MYSQL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my.cnf`
94	chown root:www-data /etc/alternc/my.cnf
95	chmod 640 /etc/alternc/my.cnf
96	fi
97
98	WARNING="WARNING: Do not edit this file, edit the one in /etc/alternc/templates and launch alternc.install again."
99
100	VERSION="`dpkg -s alternc \| sed -n -e 's/^Version: \(.*\)/\1/p'`"
101
102	# /var/alternc/dns/d/www.example.com
103	FQDN_LETTER="`echo $FQDN \| sed -e 's/.\.\([^\.]\)[^\.]\.[^\.]*$/\1/'`"
104	if [ "$FQDN_LETTER" = "$FQDN" ]
105	then
106	FQDN_LETTER="_"
107	fi
108
109	NS2_IP=`perl -e "\\$h = (gethostbyname(\"$NS2_HOSTNAME\"))[4];
110	@ip = unpack('C4', \\$h);
111	print join (\".\", @ip);"`
112
113	if [ ! -z "$BIND_INTERNAL" ]; then
114	BIND_INTERNAL="$BIND_INTERNAL;"
115	fi
116
117	if [ -z "$MONITOR_IP" ]; then
118	MONITOR_IP="127.0.0.1"
119	fi
120
121	# XXX: I assume this is secure if /tmp is sticky (+t)
122	# we should have a better way to deal with templating, of course.
123	SED_SCRIPT=`mktemp`
124	cat > $SED_SCRIPT <<EOF
125	s\\%%hosting%%\\$HOSTING\\;
126	s\\%%fqdn%%\\$FQDN\\;
127	s\\%%public_ip%%\\$PUBLIC_IP\\;
128	s\\%%internal_ip%%\\$INTERNAL_IP\\;
129	s\\%%monitor_ip%%\\$MONITOR_IP\\;
130	s\\%%ns1%%\\$NS1_HOSTNAME\\;
131	s\\%%ns2%%\\$NS2_HOSTNAME\\;
132	s\\%%bind_internal%%\\$BIND_INTERNAL\\;
133	s\\%%mx%%\\$DEFAULT_MX\\;
134	s\\%%dbhost%%\\$MYSQL_HOST\\;
135	s\\%%dbname%%\\$MYSQL_DATABASE\\;
136	s\\%%dbuser%%\\$MYSQL_USER\\;
137	s\\%%dbpwd%%\\$MYSQL_PASS\\;
138	s\\%%ALTERNC_LOC%%\\$ALTERNC_LOC\\;
139	s\\%%mynetwork%%\\$SMTP_RELAY_NETWORKS\\;
140	s\\%%warning_message%%\\$WARNING\\;
141	s\\%%fqdn_lettre%%\\$FQDN_LETTER\\;
142	s\\%%version%%\\$VERSION\\;
143	s\\%%ns2_ip%%\\$NS2_IP\\;
144	EOF
145
146	#######################################################################
147	# Backup configuration files
148	#
149	BACKUP_FILE="/var/backups/alternc/etc-original-`date +%Y%m%d-%H%M`.tar.gz"
150
151	# Only backup what we are really going to replace
152	BACKUPS=""
153	for file in $CONFIG_FILES; do
154	TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
155	if [ -f "$TEMPLATE" ]; then
156	BACKUPS="$BACKUPS $file"
157	fi
158	done
159
160	tar -zcf "$BACKUP_FILE" -C / $BACKUPS 2>/dev/null \|\| true
161
162	#######################################################################
163	# Expand templates in the right place
164	#
165	echo -n "Expanding variables in configuration files:"
166	for file in $CONFIG_FILES; do
167	TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
168	echo -n " $file"
169	if [ -f "$TEMPLATE" ]; then
170	sed -f "$SED_SCRIPT" < $TEMPLATE > /$file
171	fi
172	done
173	echo "."
174	rm -f $SED_SCRIPT
175
176	#######################################################################
177	# Save installed files to check them during next install
178	#
179	tar -zcf "$INSTALLED_CONFIG_TAR" -C / $CONFIG_FILES
180
181	########################################################################
182	# Ad-hoc fixes
183	#
184	# Add access to the management panel
185	ln -nsf /var/alternc/bureau /var/alternc/dns/$FQDN_LETTER/$FQDN
186
187	# Update l18n files
188	/usr/share/alternc/install/dopo.sh
189
190	# Bind stuff
191	touch /var/alternc/bind/automatic.conf /var/alternc/bind/slaveip.conf
192	chown root:bind /var/alternc/bind/automatic.conf /var/alternc/bind/slaveip.conf
193	chmod 640 /var/alternc/bind/automatic.conf /var/alternc/bind/slaveip.conf
194	touch /var/run/alternc/refresh_slave
195	/usr/lib/alternc/slave_dns
196
197	# Apache will not start without this file
198	touch /var/alternc/apacheconf/override_php.conf
199	php="`ls /usr/lib/apache//php.so \| sed -e 's/^.*libphp\(.\)\.so$/php\1/' \| tail -1`"
200	if [ -x /usr/sbin/apache ]
201	then
202	# Enable vhost_alias apache module at the right place (ie: BEFORE mod_alias)
203	if ! grep -q "vhost_alias_module" /etc/apache/modules.conf
204	then
205	sed -i -e 's/^\(LoadModule.config_log.\)$/LoadModule vhost_alias_module \/usr\/lib\/apache\/1.3\/mod_vhost_alias.so\n\1/' /etc/apache/modules.conf
206	fi
207	echo "LoadModule ${php}_module /usr/lib/apache/1.3/lib${php}.so" \| append_no_dupe /etc/apache/modules.conf
208	echo "LoadModule ${php}_module /usr/lib/apache/1.3/lib${php}.so" \| append_no_dupe /etc/apache-ssl/modules.conf
209	SERVICES="$SERVICES apache apache-ssl"
210	fi
211	if [ -x /usr/sbin/apache2 ] && ! ( [ -L /etc/apache2/mods-enabled/vhost_alias.load ] && [ -L /etc/apache2/mods-enabled/$php.load ] )
212	then
213	a2enmod vhost_alias
214	a2enmod $php
215	SERVICES="$SERVICES apache2"
216	fi
217
218	# Copy postfix *_checks if they do not exist
219	for file in body_checks header_checks; do
220	if [ ! -e "/etc/postfix/$file" ]; then
221	cp /usr/share/alternc/install/$file /etc/postfix
222	fi
223	done
224
225	# Attribute the correct rights to critical postfix files
226	if [ -e /etc/postfix/myalias.cf -o -e /etc/postfix/mydomain.cf -o -e /etc/postfix/mygid.cf -o -e /etc/postfix/myvirtual.cf ]; then
227	chown root:postfix /etc/postfix/my*
228	chmod 640 /etc/postfix/my*
229	fi
230
231	if [ -e /etc/courier/authmysqlrc ] ; then
232	chown root:root /etc/courier/authmysqlrc
233	chmod 640 /etc/courier/authmysqlrc
234	fi
235
236	if [ -e /etc/proftpd.conf ] ; then
237	chmod 640 /etc/proftpd/proftpd.conf
238	fi
239
240	if [ -x /usr/sbin/locale-gen ] ; then
241	touch /etc/locale.gen
242	LOCALECHANGED=""
243	# Add de_DE ISO-8859-1, en_US ISO-8859-1, es_ES ISO-8859-1, fr_FR ISO-8859-1 to the locales :
244	if ! grep -q "^de_DE ISO-8859-1$" /etc/locale.gen ; then
245	echo "de_DE ISO-8859-1" >>/etc/locale.gen
246	LOCALECHANGED=1
247	fi
248	if ! grep -q "^en_US ISO-8859-1$" /etc/locale.gen ; then
249	echo "en_US ISO-8859-1" >>/etc/locale.gen
250	LOCALECHANGED=1
251	fi
252	if ! grep -q "^es_ES ISO-8859-1$" /etc/locale.gen ; then
253	echo "es_ES ISO-8859-1" >>/etc/locale.gen
254	LOCALECHANGED=1
255	fi
256	if ! grep -q "^fr_FR ISO-8859-1$" /etc/locale.gen ; then
257	echo "fr_FR ISO-8859-1" >>/etc/locale.gen
258	LOCALECHANGED=1
259	fi
260	if [ "$LOCALECHANGED" ] ; then
261	locale-gen
262	fi
263	fi
264
265	#######################################################################
266	# Reload services
267	#
268	for service in $SERVICES postfix bind9 courier-authdaemon \
269	courier-imap courier-imap-ssl courier-pop courier-pop-ssl \
270	cron proftpd; do
271	invoke-rc.d $service reload \|\| true
272	done
273
274	#######################################################################
275	# Last touches
276	#
277
278	# Add basedir protection
279	/usr/lib/alternc/basedir_prot.sh
280
281	# Creating admin user if needed
282	HAS_ROOT=`mysql --defaults-file=/etc/alternc/my.cnf -e "SELECT COUNT(*) FROM membres WHERE login = 'admin' OR login = 'root' and su = 1" \| tail -1`
283	if [ "$HAS_ROOT" != "1" ]; then
284	echo "Creating admin user..."
285	echo ""
286
287	if su - www-data -c /usr/share/alternc/install/newone.php
288	then
289	echo "*******************************************"
290	echo "* *"
291	echo "* Admin account *"
292	echo "* ------------ *"
293	echo "* *"
294	echo "* user: admin password: admin *"
295	echo "* *"
296	echo "* Please change this as soon as possible! *"
297	echo "* *"
298	echo "*******************************************"
299	else
300	echo "Il a été impossible de créer un nouveau membre alternc. newone.php a retourné un code d'erreur $?. Vérifiez si la base MySQL, PHP, ainsi que le fichier local.sh sont bien configurés. Vérifiez aussi si des erreurs ne sont pas apparues plus haut dans l'installation."
301	fi
302	fi
303
304	# We should restart apaches after all configuration stuff ...
305	for service in apache apache-ssl apache2 ; do
306	test -x /etc/init.d/$service && invoke-rc.d $service stop \|\| true
307	done
308	for service in apache apache-ssl apache2 ; do
309	test -x /etc/init.d/$service && invoke-rc.d $service start \|\| true
310	done

Note: See TracBrowser for help on using the repository browser.

Download in other formats: