add_group_proc () {
if ! getent group proc > /dev/null; then
+ # grsec uses gid 99 for /proc files
groupadd -g 99 proc
log "groupadd -g 99 proc"
# update oidentd so it uses the proc group
- if [ -x /etc/init.d/oidentd -a -f /etc/default/oidentd ]; then
- check_and_sed 'OIDENT_GROUP.*proc' 's/\(OIDENT_GROUP\).*/\1=proc/' \
- /etc/default/oident && /etc/init.d/oidentd restart
+ if [ -x /etc/init.d/oidentd ]; then
+ if gpasswd -a oident proc; then
+ /etc/init.d/oidentd restart
+ fi
fi
fi
}
fi
}
-# restore distribution config file
+# restore original config file (if the new package version is not
+# installed already)
restore_config () {
local file file_backup
+ local pkg=$1 ver=$2
+ shift 2
- for file in "$@"; do
+ # check package version
+ pkg $pkg lt $ver || return 0
+
+ # restore package files
+ for file in $*; do
file_backup=$file.cn4-upgrade
+
if [ -e $file -a ! -e $file_backup ]; then
# backup file
mv $file $file_backup
# restore modified config to their package defaults
# so the upgrade doesn't complain so much
restore_configs () {
- restore_config /etc/bind/named.conf.options
- restore_config /etc/default/ntpdate
- restore_config /etc/default/oidentd
- restore_config /etc/default/postgrey
- restore_config /etc/default/saslauthd
- restore_config /etc/default/slapd
- restore_config /etc/dovecot/dovecot.conf
- restore_config /etc/init.d/mysql
- restore_config /etc/init.d/slapd
- restore_config /etc/issue
- restore_config /etc/issue.net
- restore_config /etc/logrotate.d/mysql-server
- restore_config /etc/mysql/my.cnf
- restore_config /etc/ntp.conf
- restore_config /etc/pam.d/login
- restore_config /etc/php4/apache/php.ini
- restore_config /etc/php4/cgi/php.ini
- restore_config /etc/php4/cli/php.ini
- restore_config /etc/postgrey/whitelist_clients
- restore_config /etc/security/limits.conf
- restore_config /etc/squirrelmail/apache.conf
- restore_config /etc/sysctl.conf
- restore_config /etc/vsftpd.conf
- restore_config /etc/xinetd.conf
+ restore_config base-files 4 /etc/issue /etc/issue.net
+ restore_config bind9 1:9.3.4 /etc/bind/named.conf.options
+ restore_config dovecot-common 1.0 /etc/dovecot/dovecot.conf
+ restore_config libapache-mod-php4 6:4.4.4 /etc/php4/apache/php.ini
+ restore_config libpam-modules 0.79 /etc/security/limits.conf
+ restore_config login 1:4.0.18.1 /etc/pam.d/login
+ restore_config mysql-server 5.0.3 /etc/init.d/mysql \
+ /etc/logrotate.d/mysql-server \
+ /etc/mysql/my.cnf
+ restore_config ntp 1:4.2.2 /etc/ntp.conf
+ restore_config ntpdate 1:4.2.2 /etc/default/ntpdate
+ restore_config oidentd 2.0.8 /etc/default/oidentd
+ restore_config php4-cgi 6:4.4.4 /etc/php4/cgi/php.ini
+ restore_config php4-cli 6:4.4.4 /etc/php4/cli/php.ini
+ restore_config postgrey 1.27 /etc/default/postgrey \
+ /etc/postgrey/whitelist_clients
+ restore_config procps 1:3.2.7 /etc/sysctl.conf
+ restore_config sasl2-bin 2.1.22 /etc/default/saslauthd
+ restore_config slapd 2.3.30 /etc/default/slapd /etc/init.d/slapd
+ restore_config squirrelmail 2:1.4.9a /etc/squirrelmail/apache.conf
+ restore_config vsftpd 2.0.5 /etc/vsftpd.conf
+ restore_config xinetd 1:2.3.14 /etc/xinetd.conf
# orphaned config file - no owner
- rm -f /etc/logcheck/ignore.d.server/imap
+ if pkg logcheck-database lt 1.2.54; then
+ rm -f /etc/logcheck/ignore.d.server/imap
+ fi
# aide switched to ucf, move old configs aside
- for file in /etc/aide/aide.conf /etc/cron.daily/aide /etc/default/aide; do
- [ ! -e "$file.cn4-upgrade" ] && mv "$file" "$file.cn4-upgrade"
- rm -f "$file"
- done
+ if pkg aide lt 0.13.1; then
+ for file in /etc/aide/aide.conf \
+ /etc/cron.daily/aide \
+ /etc/default/aide;
+ do
+ if [ ! -e "$file.cn4-upgrade" ]; then
+ mv "$file" "$file.cn4-upgrade"
+ fi
+
+ rm -f "$file"
+ done
+ fi
}
# make a silent installation of carnet and srce keyrings
update
}
+# remove skey (not supported anymore)
+remove_skey () {
+ pkgrm skey-cn libpam-skey
+
+ if getent group skey > /dev/null; then
+ groupdel skey || true
+ log "groupdel skey"
+ fi
+}
+
# make a silent upgrade to new libc6
upgrade_libc () {
DEBIAN_FRONTEND=noninteractive pkgadd libc6
# upgrade apache -> apache2
upgrade_apache () {
+
# bugfix for apache2-cn postinst
mkdir -p /etc/apache2
touch /etc/apache2/httpd.conf
- pkgadd php4-odbc php4-xslt
+ # register cn changes in modules.conf
+ modules_conf=/etc/apache/modules.conf
+ if [ ! -e "$modules_conf.cn4-upgrade" ]; then
+ cp "$modules_conf" "$modules_conf.cn4-upgrade"
+ ucf $modules_conf $modules_conf
+ fi
+
+ # temporary remove packages conflicting with apache2
+ delpkg=""
+ for p in aosi-aai aosi-www-aai \
+ php4-cn php4-odbc php4-xslt \
+ squirrelmail-cn; do
- # apache2 conflicts with these
- pkgrm apache aosi-aai aosi-www-aai php4-cn squirrelmail-cn
+ # remember installed packages
+ if pkg $p; then
+ delpkg="$delpkg $p"
+ fi
+ done
+
+ # remove problematic stuff
+ if [ "$delpkg" ]; then
+ eval apt-get --yes remove $delpkg
+ fi
- # apache2-cn postinst needs new mktemp
- #pkgadd apache2-cn php5-cn aosi-aai aosi-www-aai # squirrelmail-cn
+ # remove old apache
+ pkgrm apache apache-common
- pkgadd apache2 apache2-mpm-prefork libapache2-mod-php4 ssl-cert
- pkgadd apache2-cn php4-cn
- pkgadd aosi-aai aosi-www-aai squirrelmail-cn
+ # install new packages
+ eval pkgadd apache2-cn apache2-mpm-prefork \
+ php4-cn libapache2-mod-php4 \
+ $delpkg
}
upgrade_amavis () {
- # remove diversion
+ # remove init script diversion
if [ -L /etc/init.d/amavis -a -f /etc/init.d/amavis.amavisd-new ]; then
rm -f /etc/init.d/amavis
dpkg-divert --quiet --remove /etc/init.d/amavis
mv $conf $conf.cn4-upgrade
fi
+ # install new packages
pkgadd amavisd-cn amavisd-new
+ # fix new packages
check_and_sed '^clamd.*5.clamav.log$' \
's/^\(clamd.*\)5.clamav.log$/\14\tsocket/g' \
/etc/init.d/amavisd-cn || true
+ # start new packages
/etc/init.d/amavis restart
}
projects / carnet-upgrade.git / blobdiff