/[gentoo-x86]/app-admin/webmin/files/gentoo-setup
Gentoo

Contents of /app-admin/webmin/files/gentoo-setup

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.4 - (show annotations) (download)
Mon Jan 5 03:23:01 2015 UTC (2 years, 11 months ago) by dlan
Branch: MAIN
CVS Tags: HEAD
Changes since 1.3: +28 -4 lines
drop old due to security issue, bug 511624; bump new, bug 534092, thanks PhobosK

(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)

1 #!/bin/sh
2 # gentoo-setup.sh
3 #
4 # Version 1.2
5 #
6 # A modified original Webmin setup.sh script to comply with Gentoo specifics
7 #
8 # Modification done by: PhobosK <phobosk@kbfx.net>
9 #
10 # This script runs after the webmin archive is installed, and in the pkg_config() phase.
11 # It does setup the various config files of Webmin depending on if it is
12 # a new install, an upgrade or a reset.
13
14 LANG=
15 export LANG
16
17 if [ -z ${wadir} ]; then
18 echo "You can't run this script outside of the 'emerge --config app-admin/webmin' command."
19 exit 1
20 fi
21
22 # All things we do is from the Webmin install dir - $wadir
23 cd $wadir
24
25
26 # Are we hard resetting everything?
27 # If yes, we do:
28 # 1. Run the specific Webmin $wadir/run-uninstalls.pl
29 # It runs all uninstall.pl files in every module's folder.
30 # They delete all the set specific Webmin cron jobs.
31 # If bumping you should go through these files using the command:
32 # find . -name uninstall.pl -exec cat {} \; -print
33 # 2. Delete the whole /etc/webmin content, keeping only the gentoo .keep_* files
34 if [ "$reset" = "hard" ]; then
35 echo "Running Webmin's specific uninstall procedures.. (Please ignore any possible errors)"
36 (WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir LANG= "$wadir/run-uninstalls.pl")
37 echo "..done"
38 echo ""
39
40 echo "Deleting the content of user's config folder: $config_dir .."
41 find $config_dir ! -name '.keep_*' -delete 2>/dev/null
42 echo "..done"
43 echo ""
44 fi
45
46
47 # Are we soft resetting?
48 # If yes we do:
49 # - Delete the $config_dir/config file so we get new config values
50 if [ "$reset" = "soft" ]; then
51 echo "Deleting the user's $config_dir/config file.."
52 if [ -f "$config_dir/config" ]; then
53 rm -f "$config_dir/config"
54 fi
55 echo "..done"
56 echo ""
57 fi
58
59
60 # Get all available modules of this version
61 allmods=`echo */module.info | sed -e 's/\/module.info//g'`
62
63 # Get current Webmin version
64 ver=`cat "$wadir/version"`
65
66 if [ -r "$config_dir/config" ]; then
67 upgrading=1
68 fi
69
70
71 # Check if upgrading from an old version
72 if [ "$upgrading" = 1 ]; then
73 echo "Updating existant Webmin's config files.."
74
75 # Get current var path
76 if [ -r "$config_dir/var-path" ]; then
77 _var_dir=`cat $config_dir/var-path`
78 if [ -n ${_var_dir} ]; then
79 var_dir=${_var_dir}
80 fi
81 fi
82
83 # Get current perl path
84 if [ -r "$config_dir/perl-path" ]; then
85 _perl=`cat $config_dir/perl-path`
86 if [ -n ${_perl} ]; then
87 perl=${_perl}
88 fi
89 fi
90
91 # Get old os name and version
92 os_type=`grep "^os_type=" $config_dir/config | sed -e 's/os_type=//g'`
93 os_version=`grep "^os_version=" $config_dir/config | sed -e 's/os_version=//g'`
94 real_os_type=`grep "^real_os_type=" $config_dir/config | sed -e 's/real_os_type=//g'`
95 real_os_version=`grep "^real_os_version=" $config_dir/config | sed -e 's/real_os_version=//g'`
96
97 # Get port, ssl, no_ssl2, no_ssl3, ssl_redirect, no_sslcompression and keyfile
98 port=`grep "^port=" $config_dir/miniserv.conf | sed -e 's/port=//g'`
99 ssl=`grep "^ssl=" $config_dir/miniserv.conf | sed -e 's/ssl=//g'`
100 no_ssl2=`grep "^no_ssl2=" $config_dir/miniserv.conf | sed -e 's/no_ssl2=//g'`
101 no_ssl3=`grep "^no_ssl3=" $config_dir/miniserv.conf | sed -e 's/no_ssl3=//g'`
102 ssl_redirect=`grep "^ssl_redirect=" $config_dir/miniserv.conf | sed -e 's/ssl_redirect=//g'`
103 no_sslcompression=`grep "^no_sslcompression=" $config_dir/miniserv.conf | sed -e 's/no_sslcompression=//g'`
104 keyfile=`grep "^keyfile=" $config_dir/miniserv.conf | sed -e 's/keyfile=//g'`
105
106 # Update ACLs
107 $perl "$wadir/newmods.pl" $config_dir $allmods
108
109 # Update miniserv.conf with new root directory, mime types file and server info
110 grep -v "^root=" $config_dir/miniserv.conf | grep -v "^mimetypes=" | grep -v "^server=" >$tempdir/$$.miniserv.conf
111 mv $tempdir/$$.miniserv.conf $config_dir/miniserv.conf
112 echo "root=$wadir" >> $config_dir/miniserv.conf
113 echo "mimetypes=$wadir/mime.types" >> $config_dir/miniserv.conf
114 echo "server=MiniServ/$ver" >> $config_dir/miniserv.conf
115 grep logout= $config_dir/miniserv.conf >/dev/null
116 if [ $? != "0" ]; then
117 echo "logout=$config_dir/logout-flag" >> $config_dir/miniserv.conf
118 fi
119
120 # Remove old cache of module infos
121 rm -f $config_dir/module.infos.cache
122 echo "..done"
123 echo ""
124 else
125 # Create webserver's new config files
126 echo "Creating Webmin's new config files.."
127
128 echo $perl > $config_dir/perl-path
129 echo $var_dir > $config_dir/var-path
130
131 # Create a totally new conf file
132 cfile=$config_dir/miniserv.conf
133 echo "port=$port" > $cfile
134 echo "root=$wadir" >> $cfile
135 echo "mimetypes=$wadir/mime.types" >> $cfile
136 echo "addtype_cgi=internal/cgi" >> $cfile
137 echo "realm=Webmin Server" >> $cfile
138 echo "logfile=$var_dir/miniserv.log" >> $cfile
139 echo "errorlog=$var_dir/miniserv.error" >> $cfile
140 echo "pidfile=$pidfile" >> $cfile
141 echo "logtime=168" >> $cfile
142 echo "ppath=$ppath" >> $cfile
143 echo "ssl=$ssl" >> $cfile
144 echo "no_ssl2=$no_ssl2" >> $cfile
145 echo "no_ssl3=$no_ssl3" >> $cfile
146 echo "ssl_redirect=$ssl_redirect" >> $cfile
147 echo "no_sslcompression=$no_sslcompression" >> $cfile
148 echo "keyfile=$keyfile" >> $cfile
149 echo "env_WEBMIN_CONFIG=$config_dir" >> $cfile
150 echo "env_WEBMIN_VAR=$var_dir" >> $cfile
151 echo "atboot=$atboot" >> $cfile
152 echo "logout=$config_dir/logout-flag" >> $cfile
153 echo "listen=10000" >> $cfile
154 echo "denyfile=\\.pl\$" >> $cfile
155 echo "log=1" >> $cfile
156 echo "blockhost_failures=5" >> $cfile
157 echo "blockhost_time=60" >> $cfile
158 echo "syslog=1" >> $cfile
159 echo "session=1" >> $cfile
160 echo "premodules=WebminCore" >> $cfile
161 echo "server=MiniServ/$ver" >> $cfile
162
163 # Append package-specific info to config file.
164 # miniserv-conf can be created by upstream or by us in src_install phase (see there).
165 if [ -f "$wadir/miniserv-conf" ]; then
166 cat "$wadir/miniserv-conf" >>$cfile
167 fi
168
169 # Create the default user allowed to login - root only
170 login="root"
171
172 if [ -r /etc/shadow ]; then
173 #crypt=`grep "^root:" /etc/shadow | cut -f 2 -d :`
174 crypt=x
175 else
176 crypt=`grep "^root:" /etc/passwd | cut -f 2 -d :`
177 fi
178
179 ufile=$config_dir/miniserv.users
180 echo "$login:$crypt:0" > $ufile
181 chmod 600 $ufile
182
183
184 echo "userfile=$ufile" >> $cfile
185 chmod 600 $cfile
186 echo "..done"
187 echo ""
188
189 echo "Creating access control file.."
190 afile=$config_dir/webmin.acl
191 echo "$login: $allmods" > $afile
192 chmod 600 $afile
193 echo "..done"
194 echo ""
195 fi
196
197
198 # Create start, stop, restart and reload Gentoo compliant Webmin scripts
199 # We use sys-apps/openrc functions which is already pulled by sys-apps/baselayout
200 # or systemctl if we run under systemd
201 echo "Creating start and stop scripts.."
202 rm -f $config_dir/{start,stop,restart,reload}
203
204 # The start script in /etc/webmin (Gentoo compliant)
205 cat <<END >>"$config_dir/start"
206 #!/bin/sh
207
208 if [ ! -f "${pidfile}" ]; then
209 if [[ -d /run/systemd/system ]] ; then
210 systemctl start webmin.service
211 else
212 rc-service --ifexists -- webmin start
213 fi
214 fi
215 END
216
217 # The stop script in /etc/webmin (Gentoo compliant)
218 cat <<END >>"$config_dir/stop"
219 #!/bin/sh
220
221 if [[ -d /run/systemd/system ]] ; then
222 systemctl stop webmin.service
223 else
224 rc-service --ifexists -- webmin --ifstarted stop
225 fi
226 END
227
228 # The restart script in /etc/webmin (Gentoo compliant)
229 cat <<END >>"$config_dir/restart"
230 #!/bin/sh
231
232 if [[ -d /run/systemd/system ]] ; then
233 systemctl try-restart webmin.service
234 else
235 rc-service --ifexists -- webmin --ifstarted restart
236 fi
237 END
238
239 # The reload script in /etc/webmin (Gentoo compliant)
240 cat <<END >>"$config_dir/reload"
241 #!/bin/sh
242
243 if [[ -d /run/systemd/system ]] ; then
244 systemctl reload-or-try-restart webmin.service
245 else
246 rc-service --ifexists -- webmin --ifstarted reload
247 fi
248 END
249
250 chmod 755 $config_dir/{start,stop,restart,reload}
251 echo "..done"
252 echo ""
253
254
255 if [ "$upgrading" = 1 ]; then
256 echo "Updating other config files.."
257 else
258 echo "Copying other config files.."
259 fi
260
261 # This just copies and merges the Webmin's release config files, with user's in the /etc/webmin folder
262 newmods=`$perl "$wadir/copyconfig.pl" "$os_type/$real_os_type" "$os_version/$real_os_version" "$wadir" $config_dir "" $allmods`
263 if [ "$upgrading" != 1 ]; then
264 # Store the OS and version
265 echo "os_type=$os_type" >> $config_dir/config
266 echo "os_version=$os_version" >> $config_dir/config
267 echo "real_os_type=$real_os_type" >> $config_dir/config
268 echo "real_os_version=$real_os_version" >> $config_dir/config
269
270 # Turn on logging by default
271 echo "log=1" >> $config_dir/config
272
273 # Disallow unknown referers by default
274 echo "referers_none=1" >>$config_dir/config
275 else
276 # one-off hack to set log variable in config from miniserv.conf
277 grep log= $config_dir/config >/dev/null
278 if [ "$?" = "1" ]; then
279 grep log= $config_dir/miniserv.conf >> $config_dir/config
280 grep logtime= $config_dir/miniserv.conf >> $config_dir/config
281 grep logclear= $config_dir/miniserv.conf >> $config_dir/config
282 fi
283
284 # Disallow unknown referers if not set
285 grep referers_none= $config_dir/config >/dev/null
286 if [ "$?" != "0" ]; then
287 echo "referers_none=1" >>$config_dir/config
288 fi
289 fi
290 echo $ver > $config_dir/version
291 echo "..done"
292 echo ""
293
294 # Set passwd_ fields in miniserv.conf from global config
295 for field in passwd_file passwd_uindex passwd_pindex passwd_cindex passwd_mindex; do
296 grep $field= $config_dir/miniserv.conf >/dev/null
297 if [ "$?" != "0" ]; then
298 grep $field= $config_dir/config >> $config_dir/miniserv.conf
299 fi
300 done
301 grep passwd_mode= $config_dir/miniserv.conf >/dev/null
302 if [ "$?" != "0" ]; then
303 echo passwd_mode=0 >> $config_dir/miniserv.conf
304 fi
305
306 # Disable SSL compression to defeat BEAST attack
307 grep no_sslcompression= $config_dir/miniserv.conf >/dev/null
308 if [ "$?" != "0" ]; then
309 echo no_sslcompression=1 >> $config_dir/miniserv.conf
310 fi
311
312 # Tighten SSL security
313 grep no_ssl2= $config_dir/miniserv.conf >/dev/null
314 if [ "$?" != "0" ]; then
315 echo no_ssl2=1 >> $config_dir/miniserv.conf
316 fi
317
318 grep no_ssl3= $config_dir/miniserv.conf >/dev/null
319 if [ "$?" != "0" ]; then
320 echo no_ssl3=1 >> $config_dir/miniserv.conf
321 fi
322
323 # Make Perl crypt MD5 the default
324 grep md5pass= $config_dir/config >/dev/null
325 if [ "$?" != "0" ]; then
326 echo md5pass=1 >> $config_dir/config
327 fi
328
329 # Set a special theme if none was set before
330 if [ "$theme" = "" ]; then
331 theme=`cat "$wadir/defaulttheme" 2>/dev/null`
332 fi
333 oldthemeline=`grep "^theme=" $config_dir/config`
334 oldtheme=`echo $oldthemeline | sed -e 's/theme=//g'`
335 if [ "$theme" != "" ] && [ "$oldthemeline" = "" ] && [ -d "$wadir/$theme" ]; then
336 themelist=$theme
337 fi
338
339 # Set a special overlay if none was set before
340 if [ "$overlay" = "" ]; then
341 overlay=`cat "$wadir/defaultoverlay" 2>/dev/null`
342 fi
343 if [ "$overlay" != "" ] && [ "$theme" != "" ] && [ -d "$wadir/$overlay" ]; then
344 themelist="$themelist $overlay"
345 fi
346
347 # Apply the theme and maybe overlay
348 if [ "$themelist" != "" ]; then
349 echo "theme=$themelist" >> $config_dir/config
350 echo "preroot=$themelist" >> $config_dir/miniserv.conf
351 fi
352
353 # If the old blue-theme is still in use, change it (new in 1.730)
354 oldtheme=`grep "^theme=" $config_dir/config | sed -e 's/theme=//g'`
355 if [ "$oldtheme" = "blue-theme" ]; then
356 sed -i -e 's/theme=blue-theme/theme=gray-theme/g' $config_dir/config
357 sed -i -e 's/preroot=blue-theme/preroot=gray-theme/g' $config_dir/miniserv.conf
358 fi
359
360 # Set the product field in the global config
361 grep product= $config_dir/config >/dev/null
362 if [ "$?" != "0" ]; then
363 echo product=webmin >> $config_dir/config
364 fi
365
366 # If password delays are not specifically disabled, enable them
367 grep passdelay= $config_dir/miniserv.conf >/dev/null
368 if [ "$?" != "0" ]; then
369 echo passdelay=1 >> $config_dir/miniserv.conf
370 fi
371
372
373 echo "Changing ownership and permissions.."
374 # Make all config dirs non-world-readable
375 for m in $newmods; do
376 chown -R root:root $config_dir/$m
377 chmod -R og-rw $config_dir/$m
378 done
379
380 # Make miniserv config files non-world-readable
381 for f in miniserv.conf miniserv.users; do
382 chown -R root:root $config_dir/$f
383 chmod -R og-rw $config_dir/$f
384 done
385 chmod +r $config_dir/version
386
387 # Fix up bad permissions from some older installs
388 for m in ldap-client ldap-server ldap-useradmin mailboxes mysql postgresql servers virtual-server; do
389 if [ -d "$config_dir/$m" ]; then
390 chown root:root $config_dir/$m
391 chmod og-rw $config_dir/$m
392 chmod og-rw $config_dir/$m/config 2>/dev/null
393 fi
394 done
395 echo "..done"
396 echo ""
397
398
399 # This executes all postinstall.pl for every module
400 # If you do bump, you should look at the specific changes they do with this command in root folder:
401 # find . -name postinstall.pl -exec cat {} \; -print
402 # Generally they are safe to run 'cause they change only user's config in /etc/webmin
403 # or setup some cron jobs
404 if [ "$nopostinstall" = "" ]; then
405 echo "Running postinstall scripts.. (Please ignore any possible errors)"
406 (cd "$wadir" ; WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir "$wadir/run-postinstalls.pl")
407 echo "..done"
408 echo ""
409 fi
410
411 # Enable background collection
412 if [ "$upgrading" != 1 -a -r $config_dir/system-status/enable-collection.pl ]; then
413 echo "Enabling background status collection.. (Please ignore any possible errors)"
414 $config_dir/system-status/enable-collection.pl 5
415 echo "..done"
416 echo ""
417 fi

  ViewVC Help
Powered by ViewVC 1.1.20