Author: jfthomps Date: Tue Jun 13 15:38:09 2017 New Revision: 1798609 URL: http://svn.apache.org/viewvc?rev=1798609&view=rev Log: VCL-1053 - Prepare VCL 2.5 release
vcl-upgrade.sh: -updated VCL_VERSION from 2.4.2 to 2.5 -added code to delete MAXVMLIMIT from conf.php -added code to change $mcryptkey in secrets.php to $cryptkey; if php version >= 5.3, update value of $cryptkey to be randomly generated data from openssl -removed php-gd from list of required php packages -moved code that installs missing packages to be outside for loop so it is only run once the full list of missing packages is created -changed cp commands to include -a parameter so original timestamps from archive are retained -added code to set ownership of web code -added code to set selinux context of web code -added code to set ownership of management node code -updated line placed in .htaccess for old web code to be "Requre all denied" to match new httpd configuration Modified: vcl/trunk/vcl-upgrade.sh Modified: vcl/trunk/vcl-upgrade.sh URL: http://svn.apache.org/viewvc/vcl/trunk/vcl-upgrade.sh?rev=1798609&r1=1798608&r2=1798609&view=diff ============================================================================== --- vcl/trunk/vcl-upgrade.sh (original) +++ vcl/trunk/vcl-upgrade.sh Tue Jun 13 15:38:09 2017 @@ -62,7 +62,7 @@ if [ $? -ne 0 ]; then help; fi eval set -- "$args" # ------------------------- variables ------------------------------- -VCL_VERSION=2.4.2 +VCL_VERSION=2.5 OLD_VERSION="" DB_NAME=vcl WEB_PATH=/var/www/html/vcl @@ -438,6 +438,23 @@ function confUpgradeFrom22() { sed -i '/ENABLE_ITECSAUTH/G' $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php if [ $? -ne 0 ]; then echo "Error: Failed to update conf.php"; exit 1; fi + + if grep -q MAXVMLIMIT $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php; then + sed -i '/MAXVMLIMIT/d' $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php + if [ $? -ne 0 ]; then echo "Error: Failed to update conf.php"; exit 1; fi + fi + + phpver=$(echo '<?php echo PHP_VERSION; ?>' | php | cut -c1-3 | sed 's/\.//') + if (( $phpver >= 53 )); then + random=$(openssl rand 32 | base64) + sed -i "/mcryptkey/a \$cryptkey='$random';" $WEB_PATH-$VCL_VERSION/.ht-inc/secrets.php + if [ $? -ne 0 ]; then echo "Error: Failed to update secrets.php"; exit 1; fi + sed -i '/mcryptkey/d' $WEB_PATH-$VCL_VERSION/.ht-inc/secrets.php + if [ $? -ne 0 ]; then echo "Error: Failed to update secrets.php"; exit 1; fi + else + sed -i "s/mcryptkey/cryptkey/" $WEB_PATH-$VCL_VERSIONS/.ht-inc/secrets.php + if [ $? -ne 0 ]; then echo "Error: Failed to update secrets.php"; exit 1; fi + fi } function confUpgradeFrom221() { @@ -527,6 +544,18 @@ function confUpgradeFrom23() { sed -i '/ENABLE_ITECSAUTH/G' $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php if [ $? -ne 0 ]; then echo "Error: Failed to update conf.php"; exit 1; fi + + if grep -q MAXVMLIMIT $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php; then + sed -i '/MAXVMLIMIT/d' $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php + if [ $? -ne 0 ]; then echo "Error: Failed to update conf.php"; exit 1; fi + fi + + phpver=$(echo '<?php echo PHP_VERSION; ?>' | php | cut -c1-3 | sed 's/\.//') + if (( $phpver >= 53 )); then + random=$(openssl rand 32 | base64) + sed -i "s%\$cryptkey.*$%\$cryptkey = '$random';%" $WEB_PATH-$VCL_VERSION/.ht-inc/secrets.php + if [ $? -ne 0 ]; then echo "Error: Failed to update secrets.php"; exit 1; fi + fi } function confUpgradeFrom231() { @@ -537,7 +566,21 @@ function confUpgradeFrom232() { confUpgradeFrom23 } -# ------------------- download/validate arvhice --------------------- +function confUpgradeFrom242() { + if grep -q MAXVMLIMIT $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php; then + sed -i '/MAXVMLIMIT/d' $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php + if [ $? -ne 0 ]; then echo "Error: Failed to update conf.php"; exit 1; fi + fi + + phpver=$(echo '<?php echo PHP_VERSION; ?>' | php | cut -c1-3 | sed 's/\.//') + if (( $phpver >= 53 )); then + random=$(openssl rand 32 | base64) + sed -i "s%\$cryptkey.*$%\$cryptkey = '$random';%" $WEB_PATH-$VCL_VERSION/.ht-inc/secrets.php + if [ $? -ne 0 ]; then echo "Error: Failed to update secrets.php"; exit 1; fi + fi +} + +# ------------------- download/validate archive --------------------- print_break cd $WORKPATH if [[ ! -f $ARCHIVE ]]; then @@ -630,7 +673,7 @@ if [[ $DOWEB -eq 1 ]]; then if [ $? -ne 0 ]; then generic_error "Failed to create backup of web code at $WEB_PATH"; exit 1; fi; fi -# -------------------------- backup web code ------------------------- +# -------------------------- backup mn code ------------------------- if [[ $DOMN -eq 1 ]]; then echo "Backing up management node code..." tar czf $WORKPATH/managmentnode-${OLD_VERSION}-backup.tar.gz $MN_PATH @@ -642,7 +685,7 @@ if [[ $DOWEB -eq 1 ]]; then print_break echo "Ensuring required php components are installed..." missing= - for pkg in php php-gd php-mysql php-xml php-xmlrpc php-ldap php-mbstring; do + for pkg in php php-mysql php-xml php-xmlrpc php-ldap php-mbstring; do alt=$(echo $pkg | sed 's/php/php53/') if ! (rpm --quiet -q $pkg || rpm --quiet -q $alt); then missing="$missing $pkg" @@ -650,31 +693,44 @@ if [[ $DOWEB -eq 1 ]]; then if rpm -qa | grep -q php53; then missing=$(echo $missing | sed 's/php/php53/g') fi - if [[ $missing != "" ]]; then - echo "yum -q -y install $missing" - yum -q -y install $missing - if [ $? -ne 0 ]; then generic_error "Failed to install php components"; exit 1; - else echo "php components successfully installed"; fi - fi done + if [[ $missing != "" ]]; then + echo "yum -q -y install $missing" + yum -q -y install $missing + if [ $? -ne 0 ]; then generic_error "Failed to install php components"; exit 1; + else echo "php components successfully installed"; fi + fi fi # ------------------------- copy web code in place ------------------------- if [[ $DOWEB -eq 1 ]]; then print_break echo "Installing new VCL web code..." - /bin/cp -r $WORKPATH/apache-VCL-$VCL_VERSION/web/ ${WEB_PATH}-$VCL_VERSION + /bin/cp -ar $WORKPATH/apache-VCL-$VCL_VERSION/web/ ${WEB_PATH}-$VCL_VERSION if [ $? -ne 0 ]; then generic_error "Failed to install new VCL web code"; exit 1; fi; + chown -R root:root ${WEB_PATH}-$VCL_VERSION/ + if [ $? -ne 0 ]; then generic_error "Failed to set ownership of VCL web code to root"; exit 1; fi; + chown apache ${WEB_PATH}-$VCL_VERSION/.ht-inc/cryptkey + if [ $? -ne 0 ]; then generic_error "Failed to set ownership of VCL web code cryptkey directory to apache"; exit 1; fi; chown apache ${WEB_PATH}-$VCL_VERSION/.ht-inc/maintenance + if [ $? -ne 0 ]; then generic_error "Failed to set ownership of VCL web code maintenance directory to apache"; exit 1; fi; + if [[ -x /usr/sbin/getenforce ]] && /usr/sbin/getenforce | grep -q -i enforcing; then + chcon -R -t httpd_sys_content_t ${WEB_PATH}-$VCL_VERSION + if [ $? -ne 0 ]; then generic_error "Failed to set SELinux context of web directory"; exit 1; fi; + chcon -t httpd_sys_rw_content_t ${WEB_PATH}-$VCL_VERSION/.ht-inc/cryptkey + if [ $? -ne 0 ]; then generic_error "Failed to set SELinux context of web cryptkey directory"; exit 1; fi; + chcon -t httpd_sys_rw_content_t ${WEB_PATH}-$VCL_VERSION/.ht-inc/maintenance + if [ $? -ne 0 ]; then generic_error "Failed to set SELinux context of web maintenance directory"; exit 1; fi; + fi fi # ---------------------------- configure web code -------------------------- if [[ $DOWEB -eq 1 ]]; then print_break echo "Copying in web configuration files from previous version" - /bin/cp -f ${WEB_PATH}/.ht-inc/secrets.php ${WEB_PATH}-$VCL_VERSION/.ht-inc/ + /bin/cp -af ${WEB_PATH}/.ht-inc/secrets.php ${WEB_PATH}-$VCL_VERSION/.ht-inc/ if [ $? -ne 0 ]; then echo "Error: Failed to copy secrets.php"; exit 1; fi; - /bin/cp -f ${WEB_PATH}/.ht-inc/conf.php ${WEB_PATH}-$VCL_VERSION/.ht-inc/ + /bin/cp -af ${WEB_PATH}/.ht-inc/conf.php ${WEB_PATH}-$VCL_VERSION/.ht-inc/ if [ $? -ne 0 ]; then echo "Error: Failed to copy conf.php"; exit 1; fi; if [[ $OLD_VERSION = '2.2' ]]; then confUpgradeFrom22; fi @@ -683,10 +739,11 @@ if [[ $DOWEB -eq 1 ]]; then if [[ $OLD_VERSION = '2.3' ]]; then confUpgradeFrom23; fi if [[ $OLD_VERSION = '2.3.1' ]]; then confUpgradeFrom231; fi if [[ $OLD_VERSION = '2.3.2' ]]; then confUpgradeFrom232; fi + if [[ $OLD_VERSION = '2.4.2' ]]; then confUpgradeFrom242; fi - /bin/cp -f ${WEB_PATH}/.ht-inc/pubkey.pem ${WEB_PATH}-$VCL_VERSION/.ht-inc/ + /bin/cp -af ${WEB_PATH}/.ht-inc/pubkey.pem ${WEB_PATH}-$VCL_VERSION/.ht-inc/ if [ $? -ne 0 ]; then echo "Error: Failed to copy pubkey.pem"; exit 1; fi; - /bin/cp -f ${WEB_PATH}/.ht-inc/keys.pem ${WEB_PATH}-$VCL_VERSION/.ht-inc/ + /bin/cp -af ${WEB_PATH}/.ht-inc/keys.pem ${WEB_PATH}-$VCL_VERSION/.ht-inc/ if [ $? -ne 0 ]; then echo "Error: Failed to copy keys.pem"; exit 1; fi; fi @@ -695,12 +752,15 @@ if [[ $DOMN -eq 1 ]]; then print_break echo "Installing management node components..." if [[ ! -d ${MN_PATH}-$OLD_VERSION ]]; then - /bin/cp -r ${MN_PATH} ${MN_PATH}-$VCL_VERSION + /bin/cp -ar ${MN_PATH} ${MN_PATH}-$VCL_VERSION if [ $? -ne 0 ]; then generic_error "Failed to install new VCL management node code (1)"; exit 1; fi; + chown -R root:root ${MN_PATH}-$VCL_VERSION/ + if [ $? -ne 0 ]; then generic_error "Failed to set ownership of VCL management node code to root"; exit 1; fi; fi - /bin/cp -r ${MN_PATH}-$OLD_VERSION ${MN_PATH}-$VCL_VERSION - /bin/cp -r $WORKPATH/apache-VCL-$VCL_VERSION/managementnode/* ${MN_PATH}-$VCL_VERSION + /bin/cp -ar ${MN_PATH}-$OLD_VERSION ${MN_PATH}-$VCL_VERSION if [ $? -ne 0 ]; then generic_error "Failed to install new VCL management node code (2)"; exit 1; fi; + /bin/cp -ar $WORKPATH/apache-VCL-$VCL_VERSION/managementnode/* ${MN_PATH}-$VCL_VERSION + if [ $? -ne 0 ]; then generic_error "Failed to install new VCL management node code (3)"; exit 1; fi; fi # -------------------- configure management node code ------------------ @@ -766,7 +826,7 @@ if [[ $DOWEB -eq 1 ]]; then if [[ -f ${WEB_PATH}-$OLD_VERSION/.htaccess ]]; then mv -f ${WEB_PATH}-$OLD_VERSION/.htaccess ${WEB_PATH}-$OLD_VERSION/.htaccess.preupgrade fi - echo "Deny from all" > ${WEB_PATH}-$OLD_VERSION/.htaccess + echo "Require all denied" > ${WEB_PATH}-$OLD_VERSION/.htaccess if [ $? -ne 0 ]; then echo "Error: Failed to create new ${WEB_PATH}-$OLD_VERSION/.htaccess file"; exit 1; fi fi