X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fpostinst;h=98104f53ea3c76e0b07e564afbc802dac83efe97;hb=446ec0e58006a937133648ba439b056b1982abab;hp=335fabb8818b6206c747013c35537d2d7595cc2d;hpb=4e93316a1006dec0523ce2e169a6c31b78808d57;p=apache2-cn.git diff --git a/debian/postinst b/debian/postinst index 335fabb..98104f5 100755 --- a/debian/postinst +++ b/debian/postinst @@ -27,11 +27,9 @@ esac . /usr/share/carnet-tools/functions.sh PKG="apache2-cn" -VERSION="2.2-1" +VERSION="2.2-5" CONFDIR="/etc/apache2" -CONFDIROLD="/etc/apache" CONF="$CONFDIR/apache2.conf" -CONFOLD="$CONFDIROLD/httpd.conf" A2MODEDIR="$CONFDIR/mods-enabled" PORTCONF="$CONFDIR/ports.conf" A2CNDIR=/usr/share/apache2-cn @@ -116,33 +114,6 @@ chk_conf_tag () { fi } -# conf_log_fix () -# -# Check CustomLog, ErrorLog and TransferLog paths - /var/log/apache/ is replaced -# with /var/log/apache2/. -# -conf_log_fix () { - - local conf_file out - conf_file="$1" - - if [ -f "$conf_file" ]; then - - if egrep -iq '^[[:space:]]*(Error|Custom|Transfer)Log[[:space:]]*\/var\/log\/apache\/' "$conf_file"; then - - out=$(mktemp ${conf_file}.XXXXXX) - temp_files="${temp_files} ${out}" - - sed 's/\(^[[:space:]]*\(Error\|Custom\|Transfer\)Log[[:space:]]*\)\/var\/log\/apache\//\1\/var\/log\/apache2\//I' \ - $conf_file > $out - mv $out $conf_file - fi - - # Be sure.. - chmod 644 $conf_file - fi -} - # generate_ssl() # # Generate Apache2 web server SSL certificate. @@ -318,24 +289,6 @@ install_vhost() { trap cleanup 0 1 2 15 -# Make sure that monit conf for Apache is disabled. -# -if [ -f "/etc/monit.d/apache1.conf" ]; then - mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled - pkill -9 -f /usr/sbin/monit || true -fi - - -# Make sure Apache is NOT running. -# -if [ -x /usr/sbin/invoke-rc.d ]; then - [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true - pkill -9 -f /usr/sbin/apache || true -else - [ -x /etc/init.d/apache ] && /etc/init.d/apache stop || true -fi - - # Backup all configuration located in /etc/apache2/conf.d/ and # /etc/apache2/sites-available/ directories. # @@ -396,9 +349,11 @@ if [ -e "$CONF" ]; then fi if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then + if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then cp_echo "CN: Enabling PHP5 module for Apache2 web server." a2enmod php5 >/dev/null || true need_restart=1 + fi fi if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then @@ -477,9 +432,9 @@ fi # Add VirtualHosts. +# - on fresh install # -db_fget apache2-cn/wwwhost seen -if [ "$RET" != "true" ]; then +if [ -z "$2" ]; then db_get apache2-cn/wwwhost || true if [ "$RET" = "true" ]; then @@ -493,13 +448,13 @@ if [ "$RET" != "true" ]; then fi chk_conf_tag "$CONFDIR/sites-available/$FQDN" - if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then + if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN need_restart=1 fi chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN" - if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then + if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then install_vhost default www.$DOMAIN www.$DOMAIN need_restart=1 fi @@ -511,7 +466,7 @@ if [ "$RET" != "true" ]; then fi chk_conf_tag "$CONFDIR/sites-available/$FQDN" - if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then + if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN need_restart=1 fi @@ -529,7 +484,7 @@ if [ $apache2_sslcert -eq 0 ]; then # No active SSL VirtualHosts found - add new one. chk_conf_tag "$CONFDIR/sites-available/ssl" - if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then + if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 ]; then install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl need_restart=1 fi @@ -544,7 +499,7 @@ if [ $apache2_sslcert -eq 0 ]; then if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX) - temp_files="${temp_files} ${SSLTMP}" + temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old" cp ${CONFDIR}/sites-available/ssl $SSLTMP # SSLCertificateFile @@ -569,35 +524,39 @@ if [ $apache2_sslcert -eq 0 ]; then need_restart=1 # Just to be sure. - if [ -e "$SSLTMP" ]; then - rm -f $SSLTMP - fi + [ -e "${SSLTMP}" ] && rm -f ${SSLTMP} + [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old fi fi -# Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration. +# Check file access permissions for SSL certificates. # -cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives." -if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then - log_mask=$CONFDIR/conf.d/* -fi -if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls $CONFDIR/sites-available)" ]; then - log_mask=$log_mask" "$CONFDIR/sites-available/* -fi -for file in $CONF $log_mask; do - chk_conf_tag "$file" - if [ $RET -eq 0 ]; then - conf_log_fix "$file" +cp_echo "CN: Checking file access permissions for Apache2 SSL certificates." +sslkey=/etc/ssl/private +sslcerts="${sslkey}/ca.key ${sslkey}/apache2-ca.key ${sslkey}/apache2.key" +for certf in $sslcerts; do + if [ -f "$certf" ]; then + chmod 600 $certf fi done -# Start Apache2 web server on boot? -# This will enable Apache2 in /etc/default/apache2 file. +# Check and remove obsolete "Include /etc/apache2/sites-enabled/[^.#]*" from +# /etc/apache2/apache2.conf. # -if egrep -q "^[[:space:]]*NO_START=1" /etc/default/apache2; then - cp_check_and_sed NO_START=1 s/NO_START=1/NO_START=0/ /etc/default/apache2 || true +if egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$" "$CONF"; then + + cp_echo "CN: Fixing obsolete Include line in $CONF." + CONFTMP=`mktemp $CONF.tmp.XXXXXX` + sed -r "/^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$/Id" \ + "$CONF" > "$CONFTMP" + + if ! egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/$" "$CONFTMP"; then + echo "Include /etc/apache2/sites-enabled/" >> "$CONFTMP" + fi + + cp_mv "$CONFTMP" "$CONF" need_restart=1 fi @@ -615,43 +574,6 @@ fi [ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf -# Stop Apache web server and disable Apache automatic start on boot. -# -if [ -x "/etc/init.d/apache" ]; then - - # Stop Apache. - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache stop || true - else - /etc/init.d/apache stop || true - fi - - # Disable automatic start on boot. - if [ -x "`which update-rc.d 2>/dev/null`" ]; then - update-rc.d -f apache remove > /dev/null 2>&1 || true - update-rc.d apache stop 90 6 . > /dev/null 2>&1 || true - fi -fi - -# Also check for Apache-SSL web server. -# -if [ -x "/etc/init.d/apache-ssl" ]; then - - # Stop Apache-SSL. - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache-ssl stop || true - else - /etc/init.d/apache-ssl stop || true - fi - - # Disable automatic start on boot. - if [ -x "`which update-rc.d 2>/dev/null`" ]; then - update-rc.d -f apache-ssl remove > /dev/null 2>&1 || true - update-rc.d apache-ssl stop 90 6 . > /dev/null 2>&1 || true - fi -fi - - # Restart Apache2 web server if needed. # if [ $need_restart -eq 1 ]; then @@ -662,9 +584,9 @@ if [ $need_restart -eq 1 ]; then # Restart Apache2 web server. if [ -x "/etc/init.d/apache2" ]; then if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache2 force-reload || true + invoke-rc.d apache2 restart || true else - /etc/init.d/apache2 force-reload || true + /etc/init.d/apache2 restart || true fi fi else @@ -684,6 +606,7 @@ cp_mail "$PKG" # (re)generate monit.d files if monit-cn is installed. # if [ -x "/usr/sbin/update-monit.d" ]; then + cp_echo "CN: Updating monit configuration..." update-monit.d || true fi