Merge pull request #2130 from webmin/dev/disable-manual-upgrades

Fix to correctly disable manual upgrades
webmin · Apr 20, 2024 · f33b433 · f33b433
2 parents 97e4545 + 6eb674b
commit f33b433
Show file tree

Hide file tree

Showing 6 changed files with 83 additions and 13 deletions.
diff --git a/system-status/system_info.pl b/system-status/system_info.pl
@@ -328,6 +328,9 @@ sub list_system_info
 	push(@table, { 'desc' => $text{'right_updates'},
 		       'value' => $msg,
 		       'wide' => 1 });
+	# Check for repos
+	&foreign_require("webmin");
+	&webmin::has_repos(1);
 	}
 
 return @rv;

diff --git a/usermin/usermin-lib.pl b/usermin/usermin-lib.pl
@@ -18,6 +18,14 @@ =head1 usermin-lib.pl
 &foreign_require("acl");
 %text = ( %webmin::text, %text );
 
+if (!defined($gconfig{'noselfwebminup'})) {
+	$access{'upgrade'} = 0
+		if (&webmin::has_repos());
+	}
+else {
+	$access{'upgrade'} = !$gconfig{'noselfwebminup'};
+	}
+
 $usermin_miniserv_config = "$config{'usermin_dir'}/miniserv.conf";
 $usermin_config = "$config{'usermin_dir'}/config";
 

diff --git a/webmin/change_startpage.cgi b/webmin/change_startpage.cgi
@@ -18,8 +18,6 @@ $gconfig{'gotoone'} = $in{'gotoone'};
 $gconfig{'deftab'} = $in{'deftab'};
 $gconfig{'nohostname'} = $in{'nohostname'};
 $gconfig{'gotomodule'} = $in{'gotomodule'};
-$gconfig{'nowebminup'} = !$in{'webminup'};
-$gconfig{'nomoduleup'} = !$in{'moduleup'};
 &write_file("$config_directory/config", \%gconfig);
 &unlock_file("$config_directory/config");
 &webmin_log("startpage", undef, undef, \%in);

diff --git a/webmin/edit_startpage.cgi b/webmin/edit_startpage.cgi
@@ -38,12 +38,6 @@ print &ui_table_row($text{'startpage_gotomodule'},
 		      sort { $a->{'desc'} cmp $b->{'desc'} } 
 		        grep { !$_->{'hidden'} && !$_->{'webmin_hidden'} } @modules ]));
 
-print &ui_table_row($text{'startpage_webminup'},
-	&ui_yesno_radio("webminup", !$gconfig{'nowebminup'}));
-
-print &ui_table_row($text{'startpage_moduleup'},
-	&ui_yesno_radio("moduleup", !$gconfig{'nomoduleup'}));
-
 print &ui_table_end();
 print &ui_form_end([ [ "", $text{'save'} ] ]);
 

diff --git a/webmin/index.cgi b/webmin/index.cgi
@@ -64,6 +64,13 @@ push(@wicons, "images/ssl.gif", "images/ca.gif");
 # Hide dis-allowed pages
 my %allow = map { $_, 1 } split(/\s+/, $access{'allow'});
 my %disallow = map { $_, 1 } split(/\s+/, $access{'disallow'});
+
+# Enfoce to disable Webmin self-upgrades
+# if repos are enabled
+if ($gconfig{'noselfwebminup'}) {
+	$disallow{'upgrade'} = 1;
+	}
+
 for(my $i=0; $i<@wlinks; $i++) {
 	$wlinks[$i] =~ /edit_(\S+)\.cgi/;
 	if (%allow && !$allow{$1} ||

diff --git a/webmin/webmin-lib.pl b/webmin/webmin-lib.pl
@@ -108,6 +108,68 @@ =head1 webmin-lib.pl
 our $password_change_mod = "passwd";
 our $password_change_path = "/".$password_change_mod."/change_passwd.cgi";
 
+if (!defined($gconfig{'noselfwebminup'})) {
+	&has_repos();
+	}
+
+=head2 has_repos
+
+Checks if package manager repositories are
+available for Webmin and Usermin updates.
+
+=cut
+sub has_repos
+{
+my ($force) = @_;
+my $has_repos = 0;
+my @paths = (
+    '/etc/apt/sources.list',
+    '/etc/apt/sources.list.d',
+    '/etc/yum.repos.d'
+);
+my $pattern =
+	qr/webmin\.com|webmin\.dev|virtualmin\.com|virtualmin\.dev/i;
+my $process_file = sub {
+	my $file = shift;
+	return unless -f $file;
+	return unless $file =~ /\.list$|\.repo$/i;
+	open(my $fh, '<', $file) || return;
+	while (my $line = <$fh>) {
+		if ($line =~ /$pattern/) {
+			$has_repos = 1;
+			last;
+			}
+		}
+	close $fh;
+};
+# Check given repos paths
+foreach my $path (@paths) {
+	if (-d $path) {
+		# It's a directory, open and read each file
+		opendir(my $dh, $path) || next;
+		my @files = readdir($dh);
+		closedir($dh);
+		foreach my $file (@files) {
+			next if $file eq '.' or $file eq '..';
+			$process_file->("$path/$file");
+			}
+		}
+	elsif (-f $path) {
+		# It's a file
+		$process_file->($path);
+		}
+	}
+# Store the result in the config
+if ($force || !defined($gconfig{'noselfwebminup'}) ||
+    $gconfig{'noselfwebminup'} ne $has_repos) {
+	&lock_file("$config_directory/config");
+	$gconfig{'noselfwebminup'} = $has_repos;
+	&write_file("$config_directory/config", \%gconfig);
+	&unlock_file("$config_directory/config");
+	}
+return $has_repos;
+}
+
 =head2 setup_ca
 
 Internal function to create all the configuration files needed for the Webmin
@@ -1264,14 +1326,12 @@ sub get_webmin_notifications
 	}
 
 # New Webmin version is available, but only once per day
-my %raccess = &get_module_acl('root');
-my %rdisallow = map { $_, 1 } split(/\s+/, $raccess{'disallow'} || "");
 my %access = &get_module_acl();
 my %disallow = map { $_, 1 } split(/\s+/, $access{'disallow'} || "");
 my %allow = map { $_, 1 } split(/\s+/, $access{'allow'} || "");
-if (&foreign_available($module_name) && !$gconfig{'nowebminup'} &&
-    !$noupdates && ($allow{'upgrade'} ||
-		    (!$disallow{'upgrade'} && !$rdisallow{'upgrade'}))) {
+if (&foreign_available($module_name) && !$gconfig{'nowebminup'} && 
+    !$gconfig{'noselfwebminup'} && !$noupdates &&
+    ($allow{'upgrade'} || !$disallow{'upgrade'})) {
 	if (!$config{'last_version_check'} ||
 	    $now - $config{'last_version_check'} > 24*60*60) {
 		# Cached last version has expired .. re-fetch