calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c8128ee917'
${ noResults }
gentoo-overlay/app-admin/webmin/files/gentoo-setup-1.791

439 lines
13 KiB
Raw Blame History

#!/bin/sh
# gentoo-setup.sh
#
# Version 1.2
#
# A modified original Webmin setup.sh script to comply with Gentoo specifics
#
# Modification done by: PhobosK <phobosk@kbfx.net>
#
# This script runs after the webmin archive is installed, and in the pkg_config() phase.
# It does setup the various config files of Webmin depending on if it is
# a new install, an upgrade or a reset.
LANG=
export LANG
if [ -z ${wadir} ]; then
echo "You can't run this script outside of the 'emerge --config app-admin/webmin' command."
exit 1
fi
# All things we do is from the Webmin install dir - $wadir
cd $wadir
# Are we hard resetting everything?
# If yes, we do:
# 1. Run the specific Webmin $wadir/run-uninstalls.pl
# It runs all uninstall.pl files in every module's folder.
# They delete all the set specific Webmin cron jobs.
# If bumping you should go through these files using the command:
# find . -name uninstall.pl -exec cat {} \; -print
# 2. Delete the whole /etc/webmin content, keeping only the gentoo .keep_* files
if [ "$reset" = "hard" ]; then
echo "Running Webmin's specific uninstall procedures.. (Please ignore any possible errors)"
(WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir LANG= "$wadir/run-uninstalls.pl")
echo "..done"
echo ""
echo "Deleting the content of user's config folder: $config_dir .."
find $config_dir ! -name '.keep_*' -delete 2>/dev/null
echo "..done"
echo ""
fi
# Are we soft resetting?
# If yes we do:
# - Delete the $config_dir/config file so we get new config values
if [ "$reset" = "soft" ]; then
echo "Deleting the user's $config_dir/config file.."
if [ -f "$config_dir/config" ]; then
rm -f "$config_dir/config"
fi
echo "..done"
echo ""
fi
# Get all available modules of this version
allmods=`echo */module.info | sed -e 's/\/module.info//g'`
# Get current Webmin version
ver=`cat "$wadir/version"`
if [ -r "$config_dir/config" ]; then
upgrading=1
fi
# Check if upgrading from an old version
if [ "$upgrading" = 1 ]; then
echo "Updating existant Webmin's config files.."
# Get current var path
if [ -r "$config_dir/var-path" ]; then
_var_dir=`cat $config_dir/var-path`
if [ -n ${_var_dir} ]; then
var_dir=${_var_dir}
fi
fi
# Get current perl path
if [ -r "$config_dir/perl-path" ]; then
_perl=`cat $config_dir/perl-path`
if [ -n ${_perl} ]; then
perl=${_perl}
fi
fi
# Get old os name and version
os_type=`grep "^os_type=" $config_dir/config | sed -e 's/os_type=//g'`
os_version=`grep "^os_version=" $config_dir/config | sed -e 's/os_version=//g'`
real_os_type=`grep "^real_os_type=" $config_dir/config | sed -e 's/real_os_type=//g'`
real_os_version=`grep "^real_os_version=" $config_dir/config | sed -e 's/real_os_version=//g'`
# Get port, ssl, no_ssl2, no_ssl3, ssl_redirect, no_sslcompression, ssl_honorcipherorder, no_tls1, no_tls1_1 and keyfile
port=`grep "^port=" $config_dir/miniserv.conf | sed -e 's/port=//g'`
ssl=`grep "^ssl=" $config_dir/miniserv.conf | sed -e 's/ssl=//g'`
no_ssl2=`grep "^no_ssl2=" $config_dir/miniserv.conf | sed -e 's/no_ssl2=//g'`
no_ssl3=`grep "^no_ssl3=" $config_dir/miniserv.conf | sed -e 's/no_ssl3=//g'`
ssl_redirect=`grep "^ssl_redirect=" $config_dir/miniserv.conf | sed -e 's/ssl_redirect=//g'`
ssl_honorcipherorder=`grep "^ssl_honorcipherorder=" $config_dir/miniserv.conf | sed -e 's/ssl_honorcipherorder=//g'`
no_sslcompression=`grep "^no_sslcompression=" $config_dir/miniserv.conf | sed -e 's/no_sslcompression=//g'`
no_tls1=`grep "^no_tls1=" $config_dir/miniserv.conf | sed -e 's/no_tls1=//g'`
no_tls1_1=`grep "^no_tls1_1=" $config_dir/miniserv.conf | sed -e 's/no_tls1_1=//g'`
keyfile=`grep "^keyfile=" $config_dir/miniserv.conf | sed -e 's/keyfile=//g'`
# Update ACLs
$perl "$wadir/newmods.pl" $config_dir $allmods
# Update miniserv.conf with new root directory, mime types file and server info
grep -v "^root=" $config_dir/miniserv.conf | grep -v "^mimetypes=" | grep -v "^server=" >$tempdir/$$.miniserv.conf
mv $tempdir/$$.miniserv.conf $config_dir/miniserv.conf
echo "root=$wadir" >> $config_dir/miniserv.conf
echo "mimetypes=$wadir/mime.types" >> $config_dir/miniserv.conf
echo "server=MiniServ/$ver" >> $config_dir/miniserv.conf
grep logout= $config_dir/miniserv.conf >/dev/null
if [ $? != "0" ]; then
echo "logout=$config_dir/logout-flag" >> $config_dir/miniserv.conf
fi
# Remove old cache of module infos
rm -f $config_dir/module.infos.cache
echo "..done"
echo ""
else
# Create webserver's new config files
echo "Creating Webmin's new config files.."
echo $perl > $config_dir/perl-path
echo $var_dir > $config_dir/var-path
# Create a totally new conf file
cfile=$config_dir/miniserv.conf
echo "port=$port" > $cfile
echo "root=$wadir" >> $cfile
echo "mimetypes=$wadir/mime.types" >> $cfile
echo "addtype_cgi=internal/cgi" >> $cfile
echo "realm=Webmin Server" >> $cfile
echo "logfile=$var_dir/miniserv.log" >> $cfile
echo "errorlog=$var_dir/miniserv.error" >> $cfile
echo "pidfile=$pidfile" >> $cfile
echo "logtime=168" >> $cfile
echo "ppath=$ppath" >> $cfile
echo "ssl=$ssl" >> $cfile
echo "no_ssl2=$no_ssl2" >> $cfile
echo "no_ssl3=$no_ssl3" >> $cfile
echo "ssl_redirect=$ssl_redirect" >> $cfile
echo "ssl_honorcipherorder=$ssl_honorcipherorder" >> $cfile
echo "no_sslcompression=$no_sslcompression" >> $cfile
echo "no_tls1=$no_tls1" >> $cfile
echo "no_tls1_1=$no_tls1_1" >> $cfile
echo "keyfile=$keyfile" >> $cfile
echo "env_WEBMIN_CONFIG=$config_dir" >> $cfile
echo "env_WEBMIN_VAR=$var_dir" >> $cfile
echo "atboot=$atboot" >> $cfile
echo "logout=$config_dir/logout-flag" >> $cfile
echo "listen=10000" >> $cfile
echo "denyfile=\\.pl\$" >> $cfile
echo "log=1" >> $cfile
echo "blockhost_failures=5" >> $cfile
echo "blockhost_time=60" >> $cfile
echo "syslog=1" >> $cfile
echo "session=1" >> $cfile
echo "premodules=WebminCore" >> $cfile
echo "server=MiniServ/$ver" >> $cfile
# Append package-specific info to config file.
# miniserv-conf can be created by upstream or by us in src_install phase (see there).
if [ -f "$wadir/miniserv-conf" ]; then
cat "$wadir/miniserv-conf" >>$cfile
fi
# Create the default user allowed to login - root only
login="root"
if [ -r /etc/shadow ]; then
#crypt=`grep "^root:" /etc/shadow | cut -f 2 -d :`
crypt=x
else
crypt=`grep "^root:" /etc/passwd | cut -f 2 -d :`
fi
ufile=$config_dir/miniserv.users
echo "$login:$crypt:0" > $ufile
chmod 600 $ufile
echo "userfile=$ufile" >> $cfile
chmod 600 $cfile
echo "..done"
echo ""
echo "Creating access control file.."
afile=$config_dir/webmin.acl
echo "$login: $allmods" > $afile
chmod 600 $afile
echo "..done"
echo ""
fi
# Create start, stop, restart and reload Gentoo compliant Webmin scripts
# We use sys-apps/openrc functions which is already pulled by sys-apps/baselayout
# or systemctl if we run under systemd
echo "Creating start and stop scripts.."
rm -f $config_dir/{start,stop,restart,reload}
# The start script in /etc/webmin (Gentoo compliant)
cat <<END >>"$config_dir/start"
#!/bin/sh
if [ ! -f "${pidfile}" ]; then
if [[ -d /run/systemd/system ]] ; then
systemctl start webmin.service
else
rc-service --ifexists -- webmin start
fi
fi
END
# The stop script in /etc/webmin (Gentoo compliant)
cat <<END >>"$config_dir/stop"
#!/bin/sh
if [[ -d /run/systemd/system ]] ; then
systemctl stop webmin.service
else
rc-service --ifexists -- webmin --ifstarted stop
fi
END
# The restart script in /etc/webmin (Gentoo compliant)
cat <<END >>"$config_dir/restart"
#!/bin/sh
if [[ -d /run/systemd/system ]] ; then
systemctl try-restart webmin.service
else
rc-service --ifexists -- webmin --ifstarted restart
fi
END
# The reload script in /etc/webmin (Gentoo compliant)
cat <<END >>"$config_dir/reload"
#!/bin/sh
if [[ -d /run/systemd/system ]] ; then
systemctl reload-or-try-restart webmin.service
else
rc-service --ifexists -- webmin --ifstarted reload
fi
END
chmod 755 $config_dir/{start,stop,restart,reload}
echo "..done"
echo ""
if [ "$upgrading" = 1 ]; then
echo "Updating other config files.."
else
echo "Copying other config files.."
fi
# This just copies and merges the Webmin's release config files, with user's in the /etc/webmin folder
newmods=`$perl "$wadir/copyconfig.pl" "$os_type/$real_os_type" "$os_version/$real_os_version" "$wadir" $config_dir "" $allmods`
if [ "$upgrading" != 1 ]; then
# Store the OS and version
echo "os_type=$os_type" >> $config_dir/config
echo "os_version=$os_version" >> $config_dir/config
echo "real_os_type=$real_os_type" >> $config_dir/config
echo "real_os_version=$real_os_version" >> $config_dir/config
# Turn on logging by default
echo "log=1" >> $config_dir/config
# Disallow unknown referers by default
echo "referers_none=1" >>$config_dir/config
else
# one-off hack to set log variable in config from miniserv.conf
grep log= $config_dir/config >/dev/null
if [ "$?" = "1" ]; then
grep log= $config_dir/miniserv.conf >> $config_dir/config
grep logtime= $config_dir/miniserv.conf >> $config_dir/config
grep logclear= $config_dir/miniserv.conf >> $config_dir/config
fi
# Disallow unknown referers if not set
grep referers_none= $config_dir/config >/dev/null
if [ "$?" != "0" ]; then
echo "referers_none=1" >>$config_dir/config
fi
fi
echo $ver > $config_dir/version
echo "..done"
echo ""
# Set passwd_ fields in miniserv.conf from global config
for field in passwd_file passwd_uindex passwd_pindex passwd_cindex passwd_mindex; do
grep $field= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
grep $field= $config_dir/config >> $config_dir/miniserv.conf
fi
done
grep passwd_mode= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
echo passwd_mode=0 >> $config_dir/miniserv.conf
fi
grep ssl_honorcipherorder= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
echo ssl_honorcipherorder=1 >> $config_dir/miniserv.conf
fi
# Disable SSL compression to defeat BEAST attack
grep no_sslcompression= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
echo no_sslcompression=1 >> $config_dir/miniserv.conf
fi
# Tighten SSL security
grep no_ssl2= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
echo no_ssl2=1 >> $config_dir/miniserv.conf
fi
grep no_ssl3= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
echo no_ssl3=1 >> $config_dir/miniserv.conf
fi
grep no_tls1= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
echo no_tls1=1 >> $config_dir/miniserv.conf
fi
grep no_tls1_1= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
echo no_tls1_1=1 >> $config_dir/miniserv.conf
fi
# Make Perl crypt MD5 the default
grep md5pass= $config_dir/config >/dev/null
if [ "$?" != "0" ]; then
echo md5pass=1 >> $config_dir/config
fi
# Set a special theme if none was set before
if [ "$theme" = "" ]; then
theme=`cat "$wadir/defaulttheme" 2>/dev/null`
fi
oldthemeline=`grep "^theme=" $config_dir/config`
oldtheme=`echo $oldthemeline | sed -e 's/theme=//g'`
if [ "$theme" != "" ] && [ "$oldthemeline" = "" ] && [ -d "$wadir/$theme" ]; then
themelist=$theme
fi
# Set a special overlay if none was set before
if [ "$overlay" = "" ]; then
overlay=`cat "$wadir/defaultoverlay" 2>/dev/null`
fi
if [ "$overlay" != "" ] && [ "$theme" != "" ] && [ -d "$wadir/$overlay" ]; then
themelist="$themelist $overlay"
fi
# Apply the theme and maybe overlay
if [ "$themelist" != "" ]; then
echo "theme=$themelist" >> $config_dir/config
echo "preroot=$themelist" >> $config_dir/miniserv.conf
fi
# If the old blue-theme is still in use, change it (new in 1.730)
oldtheme=`grep "^theme=" $config_dir/config | sed -e 's/theme=//g'`
if [ "$oldtheme" = "blue-theme" ]; then
sed -i -e 's/theme=blue-theme/theme=gray-theme/g' $config_dir/config
sed -i -e 's/preroot=blue-theme/preroot=gray-theme/g' $config_dir/miniserv.conf
fi
# Set the product field in the global config
grep product= $config_dir/config >/dev/null
if [ "$?" != "0" ]; then
echo product=webmin >> $config_dir/config
fi
# If password delays are not specifically disabled, enable them
grep passdelay= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
echo passdelay=1 >> $config_dir/miniserv.conf
fi
echo "Changing ownership and permissions.."
# Make all config dirs non-world-readable
for m in $newmods; do
chown -R root:root $config_dir/$m
chmod -R og-rw $config_dir/$m
done
# Make miniserv config files non-world-readable
for f in miniserv.conf miniserv.users; do
chown -R root:root $config_dir/$f
chmod -R og-rw $config_dir/$f
done
chmod +r $config_dir/version
# Fix up bad permissions from some older installs
for m in ldap-client ldap-server ldap-useradmin mailboxes mysql postgresql servers virtual-server; do
if [ -d "$config_dir/$m" ]; then
chown root:root $config_dir/$m
chmod og-rw $config_dir/$m
chmod og-rw $config_dir/$m/config 2>/dev/null
fi
done
echo "..done"
echo ""
# This executes all postinstall.pl for every module
# If you do bump, you should look at the specific changes they do with this command in root folder:
# find . -name postinstall.pl -exec cat {} \; -print
# Generally they are safe to run 'cause they change only user's config in /etc/webmin
# or setup some cron jobs
if [ "$nopostinstall" = "" ]; then
echo "Running postinstall scripts.. (Please ignore any possible errors)"
(cd "$wadir" ; WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir "$wadir/run-postinstalls.pl")
echo "..done"
echo ""
fi
# Enable background collection
if [ "$upgrading" != 1 -a -r $config_dir/system-status/enable-collection.pl ]; then
echo "Enabling background status collection.. (Please ignore any possible errors)"
$config_dir/system-status/enable-collection.pl 5
echo "..done"
echo ""
fi
Reference in new issue View Git Blame Copy Permalink