More fixes for apache upgrade function.
[carnet-upgrade.git] / src / functions.sh
index 6ef62aa..09821a3 100644 (file)
@@ -323,13 +323,15 @@ remove_group_proc () {
 
 add_group_proc () {
   if ! getent group proc > /dev/null; then
+    # grsec uses gid 99 for /proc files
     groupadd -g 99 proc 
     log "groupadd -g 99 proc"
 
     # update oidentd so it uses the proc group
-    if [ -x /etc/init.d/oidentd -a -f /etc/default/oidentd ]; then
-       check_and_sed 'OIDENT_GROUP.*proc' 's/\(OIDENT_GROUP\).*/\1=proc/' \
-            /etc/default/oident && /etc/init.d/oidentd restart
+    if [ -x /etc/init.d/oidentd ]; then
+        if gpasswd -a oident proc; then
+            /etc/init.d/oidentd restart
+        fi
     fi
   fi
 }
@@ -388,12 +390,20 @@ fix_etc_default_raid2 () {
   fi
 }
 
-# restore distribution config file
+# restore original config file (if the new package version is not
+# installed already)
 restore_config () {
   local file file_backup
+  local pkg=$1 ver=$2
+  shift 2
 
-  for file in "$@"; do
+  # check package version
+  pkg $pkg lt $ver || return 0
+
+  # restore package files
+  for file in $*; do
     file_backup=$file.cn4-upgrade
+
     if [ -e $file -a ! -e $file_backup ]; then
       # backup file
       mv $file $file_backup
@@ -408,39 +418,47 @@ restore_config () {
 # restore modified config to their package defaults
 # so the upgrade doesn't complain so much
 restore_configs () {
-  restore_config /etc/bind/named.conf.options
-  restore_config /etc/default/ntpdate
-  restore_config /etc/default/oidentd
-  restore_config /etc/default/postgrey
-  restore_config /etc/default/saslauthd
-  restore_config /etc/default/slapd
-  restore_config /etc/dovecot/dovecot.conf
-  restore_config /etc/init.d/mysql
-  restore_config /etc/init.d/slapd
-  restore_config /etc/issue
-  restore_config /etc/issue.net
-  restore_config /etc/logrotate.d/mysql-server
-  restore_config /etc/mysql/my.cnf
-  restore_config /etc/ntp.conf
-  restore_config /etc/pam.d/login
-  restore_config /etc/php4/apache/php.ini
-  restore_config /etc/php4/cgi/php.ini
-  restore_config /etc/php4/cli/php.ini
-  restore_config /etc/postgrey/whitelist_clients
-  restore_config /etc/security/limits.conf
-  restore_config /etc/squirrelmail/apache.conf
-  restore_config /etc/sysctl.conf
-  restore_config /etc/vsftpd.conf
-  restore_config /etc/xinetd.conf
+  restore_config base-files 4 /etc/issue /etc/issue.net
+  restore_config bind9 1:9.3.4 /etc/bind/named.conf.options
+  restore_config dovecot-common 1.0 /etc/dovecot/dovecot.conf
+  restore_config libapache-mod-php4 6:4.4.4 /etc/php4/apache/php.ini
+  restore_config libpam-modules 0.79 /etc/security/limits.conf
+  restore_config login 1:4.0.18.1 /etc/pam.d/login
+  restore_config mysql-server 5.0.3 /etc/init.d/mysql \
+                                    /etc/logrotate.d/mysql-server \
+                                    /etc/mysql/my.cnf
+  restore_config ntp 1:4.2.2 /etc/ntp.conf
+  restore_config ntpdate 1:4.2.2 /etc/default/ntpdate
+  restore_config oidentd 2.0.8 /etc/default/oidentd
+  restore_config php4-cgi 6:4.4.4 /etc/php4/cgi/php.ini
+  restore_config php4-cli 6:4.4.4 /etc/php4/cli/php.ini
+  restore_config postgrey 1.27 /etc/default/postgrey \
+                               /etc/postgrey/whitelist_clients
+  restore_config procps 1:3.2.7 /etc/sysctl.conf
+  restore_config sasl2-bin 2.1.22 /etc/default/saslauthd
+  restore_config slapd 2.3.30 /etc/default/slapd /etc/init.d/slapd
+  restore_config squirrelmail 2:1.4.9a /etc/squirrelmail/apache.conf
+  restore_config vsftpd 2.0.5 /etc/vsftpd.conf
+  restore_config xinetd 1:2.3.14 /etc/xinetd.conf
 
   # orphaned config file - no owner
-  rm -f /etc/logcheck/ignore.d.server/imap
+  if pkg logcheck-database lt 1.2.54; then
+      rm -f /etc/logcheck/ignore.d.server/imap
+  fi
 
   # aide switched to ucf, move old configs aside
-  for file in /etc/aide/aide.conf /etc/cron.daily/aide /etc/default/aide; do
-      [ ! -e "$file.cn4-upgrade" ] && mv "$file" "$file.cn4-upgrade"
-      rm -f "$file"
-  done
+  if pkg aide lt 0.13.1; then
+      for file in /etc/aide/aide.conf \
+                  /etc/cron.daily/aide \
+                  /etc/default/aide;
+      do
+          if [ ! -e "$file.cn4-upgrade" ]; then
+              mv "$file" "$file.cn4-upgrade"
+          fi
+
+          rm -f "$file"
+      done
+  fi
 }
 
 # make a silent installation of carnet and srce keyrings
@@ -452,6 +470,16 @@ install_keyrings () {
   update
 }
 
+# remove skey (not supported anymore)
+remove_skey () {
+  pkgrm skey-cn libpam-skey
+
+  if getent group skey > /dev/null; then
+    groupdel skey || true
+    log "groupdel skey"
+  fi
+}
+
 # make a silent upgrade to new libc6
 upgrade_libc () {
   DEBIAN_FRONTEND=noninteractive pkgadd libc6
@@ -459,25 +487,46 @@ upgrade_libc () {
 
 # upgrade apache -> apache2
 upgrade_apache () {
+
   # bugfix for apache2-cn postinst
   mkdir -p /etc/apache2
   touch /etc/apache2/httpd.conf
 
-  pkgadd php4-odbc php4-xslt
+  # register cn changes in modules.conf
+  modules_conf=/etc/apache/modules.conf
+  if [ ! -e "$modules_conf.cn4-upgrade" ]; then
+      cp "$modules_conf" "$modules_conf.cn4-upgrade"
+      ucf $modules_conf $modules_conf
+  fi
+
+  # temporary remove packages conflicting with apache2
+  delpkg=""
+  for p in aosi-aai aosi-www-aai \
+           php4-cn php4-odbc php4-xslt \
+           squirrelmail-cn; do
 
-  # apache2 conflicts with these
-  pkgrm apache aosi-aai aosi-www-aai php4-cn squirrelmail-cn
+     # remember installed packages
+     if pkg $p; then
+         delpkg="$delpkg $p"
+     fi
+  done
+
+  # remove problematic stuff
+  if [ "$delpkg" ]; then
+      eval apt-get --yes remove $delpkg
+  fi
 
-  # apache2-cn postinst needs new mktemp
-  #pkgadd apache2-cn php5-cn aosi-aai aosi-www-aai # squirrelmail-cn
+  # remove old apache
+  pkgrm apache apache-common
 
-  pkgadd apache2 apache2-mpm-prefork libapache2-mod-php4 ssl-cert
-  pkgadd apache2-cn php4-cn
-  pkgadd aosi-aai aosi-www-aai squirrelmail-cn
+  # install new packages
+  eval pkgadd apache2-cn apache2-mpm-prefork \
+              php4-cn libapache2-mod-php4 \
+              $delpkg
 }
 
 upgrade_amavis () {
-  # remove diversion
+  # remove init script diversion
   if [ -L /etc/init.d/amavis -a -f /etc/init.d/amavis.amavisd-new ]; then
     rm -f /etc/init.d/amavis
     dpkg-divert --quiet --remove /etc/init.d/amavis
@@ -489,12 +538,15 @@ upgrade_amavis () {
     mv $conf $conf.cn4-upgrade
   fi
 
+  # install new packages
   pkgadd amavisd-cn amavisd-new
 
+  # fix new packages
   check_and_sed '^clamd.*5.clamav.log$' \
                 's/^\(clamd.*\)5.clamav.log$/\14\tsocket/g' \
                 /etc/init.d/amavisd-cn || true
 
+  # start new packages
   /etc/init.d/amavis restart
 }