-
Notifications
You must be signed in to change notification settings - Fork 66
/
alternc.postinst
317 lines (261 loc) · 11 KB
/
alternc.postinst
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
#!/bin/bash -e
# Source debconf library.
. /usr/share/debconf/confmodule
CONFIGFILE="/etc/alternc/local.sh"
update_var() {
local question
local var
question="$1"
var="$2"
db_get "$question"
grep -Eq "^ *$var=" $CONFIGFILE || echo "$var=" >> $CONFIGFILE
SED_SCRIPT="$SED_SCRIPT;s\\^ *$var=.*\\$var=\"$RET\"\\"
}
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#
# quoting from the policy:
# Any necessary prompting should almost always be confined to the
# post-installation script, and should be protected with a conditional
# so that unnecessary prompting doesn't happen if a package's
# installation fails and the `postinst' is called with `abort-upgrade',
# `abort-remove' or `abort-deconfigure'.
case "$1" in
configure)
# ajoute l'user postfix au groupe sasl
adduser --quiet postfix sasl
# corriger les permissions du chroot
mkdir -p /var/spool/postfix/var/run/saslauthd || true
if ! dpkg-statoverride --list /var/spool/postfix/var/run/saslauthd >/dev/null ; then
dpkg-statoverride --quiet --update --add root sasl 710 /var/spool/postfix/var/run/saslauthd || true
fi
db_get "alternc/alternc_mail"
VMAIL_HOME="$RET"
if ! getent group vmail; then
addgroup --gid 1998 vmail
fi
if ! getent passwd vmail; then
useradd -g vmail -u 1998 vmail -d "$VMAIL_HOME" -m
fi
test -d "$VMAIL_HOME" || mkdir -p "$VMAIL_HOME"
chown vmail:vmail "$VMAIL_HOME"
chown vmail:vmail "$VMAIL_HOME"/* 2>/dev/null || true # It may be empty
chmod 770 "$VMAIL_HOME"
chmod 770 "$VMAIL_HOME"/* 2>/dev/null || true # It may be empty
# build local.sh if it does not exist
if [ ! -f $CONFIGFILE ]; then
cat > $CONFIGFILE <<EOF
#!/bin/bash
#
# AlternC - Web Hosting System - Configuration
# This file will be modified on package configuration
# (e.g. upgrade or dpkg-reconfigure alternc)
# Hosting service name
HOSTING=""
# Primary hostname for this box (will be used to access the management panel)
FQDN=""
# Public IP
PUBLIC_IP=""
# Internal IP
# (most of the time, should be equal to PUBLIC_IP, unless you are behind
# firewall doing address translation)
INTERNAL_IP=""
# Monitoring IP or network (will be allowed to access Apache status)
MONITOR_IP=""
# Primary DNS hostname
NS1_HOSTNAME=""
# Secondary DNS hostname
NS2_HOSTNAME=""
# Mail server hostname
DEFAULT_MX=""
# Secondary mail server hostname
DEFAULT_SECONDARY_MX=""
# Note: MySQL username/password configuration now stored in /etc/alternc/my.cnf
# quels clients mysql sont permis (%, localhost, etc)
MYSQL_CLIENT=""
# the type of backup created by the sql backup script
# valid options are "rotate" (newsyslog-style) or "date" (suffix is the date)
SQLBACKUP_TYPE=""
# overwrite existing files when backing up
SQLBACKUP_OVERWRITE=""
# known slave servers, empty for none, localhost is special (no ssh)
ALTERNC_SLAVES=""
# File to look at for forced launch of update_domain (use incron)
INOTIFY_UPDATE_DOMAIN="/run/alternc/incron/inotify_update_domain.lock"
# File to look at for forced launch of do_actions (use incron)
INOTIFY_DO_ACTION="/run/alternc/incron/inotify_do_action.lock"
# AlternC Locations
ALTERNC_HTML=""
ALTERNC_MAIL=""
ALTERNC_LOGS=""
# Custom directory for archived logs. ALTERNC_LOGS is used by default to view logs files on the panel.
# But you may merge your logs in other directory. In order to view them,
# Uncomment and complete the following variable to use it instead of ALTERNC_LOGS.
#ALTERNC_LOGS_ARCHIVE=""
# Shall we enable QUOTA over NFS ?
# the default is NO, since this dramatically block /usr/lib/alternc/quota* functions
# called from the panel. To enable quota-over-NFS, put yes here
NFS_QUOTA=no
EOF
chown root:alterncpanel $CONFIGFILE
chmod 640 $CONFIGFILE
fi
# Update local.sh
# 1. use cp to keep permissions
# 2. add missing variable to local.sh
# 3. use sed to set variables with current values
echo "Updating $CONFIGFILE"
cp -a -f $CONFIGFILE $CONFIGFILE.tmp
# SED_SCRIPT will be modified by update_var
SED_SCRIPT=""
update_var alternc/hostingname HOSTING
update_var alternc/desktopname FQDN
update_var alternc/public_ip PUBLIC_IP
update_var alternc/internal_ip INTERNAL_IP
update_var alternc/monitor_ip MONITOR_IP
update_var alternc/ns1 NS1_HOSTNAME
update_var alternc/ns2 NS2_HOSTNAME
update_var alternc/default_mx DEFAULT_MX
update_var alternc/default_mx2 DEFAULT_SECONDARY_MX
update_var alternc/mysql/client MYSQL_CLIENT
update_var alternc/sql/backup_type SQLBACKUP_TYPE
update_var alternc/sql/backup_overwrite SQLBACKUP_OVERWRITE
update_var alternc/slaves ALTERNC_SLAVES
update_var alternc/alternc_html ALTERNC_HTML
update_var alternc/alternc_mail ALTERNC_MAIL
update_var alternc/alternc_logs ALTERNC_LOGS
sed -e "$SED_SCRIPT" < $CONFIGFILE > $CONFIGFILE.tmp
mv -f $CONFIGFILE.tmp $CONFIGFILE
# Add NFS_QUOTA instructions if they are not in the config file:
grep -Eq "^ *NFS_QUOTA=" $CONFIGFILE || echo "
# Shall we enable QUOTA over NFS ?
# the default is NO, since this dramatically block /usr/lib/alternc/quota* functions
# called from the panel. To enable quota-over-NFS, put yes here
NFS_QUOTA=no" >> $CONFIGFILE
# Erase all apacheconf file
# They will be regenerated without the bug by upgrade_check.sh below.
if dpkg --compare-versions "$2" le "0.9.3.9-globenet14"; then
rm -f /var/alternc/apacheconf/*/* # Old AlternC version
fi
# we store the version where we upgrade from, for AlternC < 3.1.1 || < 3.2.1
# where we switch to database-based version control
echo "$2" >/var/lib/alternc/backups/lastversion
# Setup grants
db_get "alternc/mysql/host"
MYSQL_HOST="$RET"
if [ "$MYSQL_HOST" != "localhost" -o -e /usr/sbin/mysqld ]; then
# compatibility shims with my.cnf
host="$RET"
db_get "alternc/mysql/db"
database="$RET"
db_get "alternc/mysql/user"
user="$RET"
db_get "alternc/mysql/password"
password="$RET"
db_get "alternc/mysql/alternc_mail_user"
alternc_mail_user="$RET"
db_get "alternc/mysql/alternc_mail_password"
alternc_mail_password="$RET"
# we source (instead of forking) mysql.sh so that it gets the local environment above
. /usr/share/alternc/install/mysql.sh
fi
if [ -e $CONFIGFILE ]; then
# source local.sh variables
. $CONFIGFILE
fi
# multi-server configuration: we create an alternc account with
# authorized keys. since this is the master, we do not give him a
# valid shell, but we still need the user for proper perms
ALTERNC_USER_HOME="$ALTERNC_HTML"
if [ ! -z "$ALTERNC_SLAVES" ] && [ "$ALTERNC_SLAVES" != "localhost" ] ; then
if ! grep -q alternc /etc/passwd ; then
echo "Creating alternc account"
adduser --quiet --system --uid 342 --home $ALTERNC_HTML --shell /bin/false --ingroup adm alternc
fi
chown alternc "$ALTERNC_USER_HOME"
if [ -r ~root/.ssh/id_dsa.pub ]; then
key=`cat ~root/.ssh/id_dsa.pub`
if ! grep -q "$key" $ALTERNC_USER_HOME/.ssh/authorized_keys ; then
echo "Authorizing root ssh key to access the common alternc account"
mkdir -p $ALTERNC_USER_HOME/.ssh
echo "$key" >> $ALTERNC_USER_HOME/.ssh/authorized_keys
chown -R alternc:adm $ALTERNC_USER_HOME/.ssh
chmod -R og-rwx $ALTERNC_USER_HOME/.ssh
fi
else
echo "No SSH key in "~root/.ssh/id_dsa.pub
echo "create one and reconfigure alternc to propagate SSH keys"
fi
else
echo "AlternC slaves not configured ($ALTERNC_SLAVES)"
fi
# /var/alternc/dns/d/www.example.com
FQDN_LETTER="`echo $FQDN | sed -e 's/.*\.\([^\.]\)[^\.]*\.[^\.]*$/\1/'`"
if [ "$FQDN_LETTER" = "$FQDN" ]
then
FQDN_LETTER="_"
fi
#clean old access to the management panel
# We don't use this anymore : (FIXME : shall we remove /var/alternc/dns while upgrading ?)
#find /var/alternc/dns/ -type l -lname /var/alternc/bureau -exec rm {} \;
# Bind stuff
touch /var/lib/alternc/bind/automatic.conf /var/lib/alternc/bind/slaveip.conf
chown root:bind /var/lib/alternc/bind/automatic.conf /var/lib/alternc/bind/slaveip.conf
chmod 640 /var/lib/alternc/bind/automatic.conf /var/lib/alternc/bind/slaveip.conf
mkdir -p /run/alternc && chown alterncpanel:alterncpanel /run/alternc
# Bind Apparmor Override, required by default on >= Buster
if [ -f '/etc/apparmor.d/usr.sbin.named' ] ; then
if ! grep -q 'usr.sbin.named-alternc' /etc/apparmor.d/usr.sbin.named ; then
sed -i 's/\(#include <local\/usr.sbin.named>\)/\1\n #include <local\/usr.sbin.named-alternc>/' /etc/apparmor.d/usr.sbin.named
fi
# This section is based on the fragment generated by dh_apparmor:
# $> dh_apparmor --profile=usr.sbin.named-alternc -p alternc
# Add the local/ include
LOCAL_APP_PROFILE="/etc/apparmor.d/local/usr.sbin.named-alternc"
test -e "$LOCAL_APP_PROFILE" || {
mkdir -p `dirname "$LOCAL_APP_PROFILE"`
install --mode 644 /usr/share/alternc/install/apparmor/usr.sbin.named-alternc "$LOCAL_APP_PROFILE"
}
# Reload the profile, including any abstraction updates
if aa-enabled --quiet 2>/dev/null; then
apparmor_parser -r -T -W "usr.sbin.named" || true
fi
fi
mkdir -p /run/alternc/incron && chown alterncpanel:alterncpanel /run/alternc/incron
touch /run/alternc/refresh_slave
/usr/lib/alternc/slave_dns
# Apache will not start without this file
touch /var/lib/alternc/apache-vhost/vhosts_all.conf
# important: postinst freezes without that:
db_stop
echo -e "\033[31m**********************************************"
echo "* *"
echo "* ALTERNC ACTION REQUESTED *"
echo "* *"
echo "* Please run alternc.install to fully deploy *"
echo "* *"
echo "**********************************************"
echo -e "\033[0m"
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
# important: postrm freezes withtout that:
db_stop
exit 0
# vim: et sw=4