X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Ffunctions.sh;h=09821a311c563e7f725c1b365a125e5e9889c0f2;hb=2674096de9a4b914d574bde48c7be14c9e33a80e;hp=ac21431a1d3007a9874bbd76c7a35e422272b826;hpb=44ca3c64e35e1753189d1b17266371b7327f338f;p=carnet-upgrade.git

diff --git a/src/functions.sh b/src/functions.sh
index ac21431..09821a3 100644
--- a/src/functions.sh
+++ b/src/functions.sh
@@ -323,13 +323,15 @@ remove_group_proc () {
 
 add_group_proc () {
   if ! getent group proc > /dev/null; then
+    # grsec uses gid 99 for /proc files
     groupadd -g 99 proc 
     log "groupadd -g 99 proc"
 
     # update oidentd so it uses the proc group
-    if [ -x /etc/init.d/oidentd -a -f /etc/default/oidentd ];
-	check_and_sed 'OIDENT_GROUP.*proc' 's/\(OIDENT_GROUP\).*/\1=proc/' \
-            /etc/default/oident && /etc/init.d/oidentd restart
+    if [ -x /etc/init.d/oidentd ]; then
+        if gpasswd -a oident proc; then
+            /etc/init.d/oidentd restart
+        fi
     fi
   fi
 }
@@ -388,12 +390,20 @@ fix_etc_default_raid2 () {
   fi
 }
 
-# restore distribution config file
+# restore original config file (if the new package version is not
+# installed already)
 restore_config () {
   local file file_backup
+  local pkg=$1 ver=$2
+  shift 2
 
-  for file in "$@"; do
+  # check package version
+  pkg $pkg lt $ver || return 0
+
+  # restore package files
+  for file in $*; do
     file_backup=$file.cn4-upgrade
+
     if [ -e $file -a ! -e $file_backup ]; then
       # backup file
       mv $file $file_backup
@@ -408,39 +418,47 @@ restore_config () {
 # restore modified config to their package defaults
 # so the upgrade doesn't complain so much
 restore_configs () {
-  restore_config /etc/bind/named.conf.options
-  restore_config /etc/default/ntpdate
-  restore_config /etc/default/oidentd
-  restore_config /etc/default/postgrey
-  restore_config /etc/default/saslauthd
-  restore_config /etc/default/slapd
-  restore_config /etc/dovecot/dovecot.conf
-  restore_config /etc/init.d/mysql
-  restore_config /etc/init.d/slapd
-  restore_config /etc/issue
-  restore_config /etc/issue.net
-  restore_config /etc/logrotate.d/mysql-server
-  restore_config /etc/mysql/my.cnf
-  restore_config /etc/ntp.conf
-  restore_config /etc/pam.d/login
-  restore_config /etc/php4/apache/php.ini
-  restore_config /etc/php4/cgi/php.ini
-  restore_config /etc/php4/cli/php.ini
-  restore_config /etc/postgrey/whitelist_clients
-  restore_config /etc/security/limits.conf
-  restore_config /etc/squirrelmail/apache.conf
-  restore_config /etc/sysctl.conf
-  restore_config /etc/vsftpd.conf
-  restore_config /etc/xinetd.conf
+  restore_config base-files 4 /etc/issue /etc/issue.net
+  restore_config bind9 1:9.3.4 /etc/bind/named.conf.options
+  restore_config dovecot-common 1.0 /etc/dovecot/dovecot.conf
+  restore_config libapache-mod-php4 6:4.4.4 /etc/php4/apache/php.ini
+  restore_config libpam-modules 0.79 /etc/security/limits.conf
+  restore_config login 1:4.0.18.1 /etc/pam.d/login
+  restore_config mysql-server 5.0.3 /etc/init.d/mysql \
+                                    /etc/logrotate.d/mysql-server \
+                                    /etc/mysql/my.cnf
+  restore_config ntp 1:4.2.2 /etc/ntp.conf
+  restore_config ntpdate 1:4.2.2 /etc/default/ntpdate
+  restore_config oidentd 2.0.8 /etc/default/oidentd
+  restore_config php4-cgi 6:4.4.4 /etc/php4/cgi/php.ini
+  restore_config php4-cli 6:4.4.4 /etc/php4/cli/php.ini
+  restore_config postgrey 1.27 /etc/default/postgrey \
+                               /etc/postgrey/whitelist_clients
+  restore_config procps 1:3.2.7 /etc/sysctl.conf
+  restore_config sasl2-bin 2.1.22 /etc/default/saslauthd
+  restore_config slapd 2.3.30 /etc/default/slapd /etc/init.d/slapd
+  restore_config squirrelmail 2:1.4.9a /etc/squirrelmail/apache.conf
+  restore_config vsftpd 2.0.5 /etc/vsftpd.conf
+  restore_config xinetd 1:2.3.14 /etc/xinetd.conf
 
   # orphaned config file - no owner
-  rm -f /etc/logcheck/ignore.d.server/imap
+  if pkg logcheck-database lt 1.2.54; then
+      rm -f /etc/logcheck/ignore.d.server/imap
+  fi
 
   # aide switched to ucf, move old configs aside
-  for file in /etc/aide/aide.conf /etc/cron.daily/aide /etc/default/aide; do
-      [ ! -e "$file.cn4-upgrade" ] && mv "$file" "$file.cn4-upgrade"
-      rm -f "$file"
-  done
+  if pkg aide lt 0.13.1; then
+      for file in /etc/aide/aide.conf \
+                  /etc/cron.daily/aide \
+                  /etc/default/aide;
+      do
+          if [ ! -e "$file.cn4-upgrade" ]; then
+              mv "$file" "$file.cn4-upgrade"
+          fi
+
+          rm -f "$file"
+      done
+  fi
 }
 
 # make a silent installation of carnet and srce keyrings
@@ -452,6 +470,16 @@ install_keyrings () {
   update
 }
 
+# remove skey (not supported anymore)
+remove_skey () {
+  pkgrm skey-cn libpam-skey
+
+  if getent group skey > /dev/null; then
+    groupdel skey || true
+    log "groupdel skey"
+  fi
+}
+
 # make a silent upgrade to new libc6
 upgrade_libc () {
   DEBIAN_FRONTEND=noninteractive pkgadd libc6
@@ -459,25 +487,46 @@ upgrade_libc () {
 
 # upgrade apache -> apache2
 upgrade_apache () {
+
   # bugfix for apache2-cn postinst
   mkdir -p /etc/apache2
   touch /etc/apache2/httpd.conf
 
-  pkgadd php4-odbc php4-xslt
+  # register cn changes in modules.conf
+  modules_conf=/etc/apache/modules.conf
+  if [ ! -e "$modules_conf.cn4-upgrade" ]; then
+      cp "$modules_conf" "$modules_conf.cn4-upgrade"
+      ucf $modules_conf $modules_conf
+  fi
 
-  # apache2 conflicts with these
-  pkgrm apache aosi-aai aosi-www-aai php4-cn squirrelmail-cn
+  # temporary remove packages conflicting with apache2
+  delpkg=""
+  for p in aosi-aai aosi-www-aai \
+           php4-cn php4-odbc php4-xslt \
+           squirrelmail-cn; do
 
-  # apache2-cn postinst needs new mktemp
-  #pkgadd apache2-cn php5-cn aosi-aai aosi-www-aai # squirrelmail-cn
+     # remember installed packages
+     if pkg $p; then
+         delpkg="$delpkg $p"
+     fi
+  done
 
-  pkgadd apache2 apache2-mpm-prefork libapache2-mod-php4 ssl-cert
-  pkgadd apache2-cn php4-cn
-  pkgadd aosi-aai aosi-www-aai squirrelmail-cn
+  # remove problematic stuff
+  if [ "$delpkg" ]; then
+      eval apt-get --yes remove $delpkg
+  fi
+
+  # remove old apache
+  pkgrm apache apache-common
+
+  # install new packages
+  eval pkgadd apache2-cn apache2-mpm-prefork \
+              php4-cn libapache2-mod-php4 \
+              $delpkg
 }
 
 upgrade_amavis () {
-  # remove diversion
+  # remove init script diversion
   if [ -L /etc/init.d/amavis -a -f /etc/init.d/amavis.amavisd-new ]; then
     rm -f /etc/init.d/amavis
     dpkg-divert --quiet --remove /etc/init.d/amavis
@@ -489,12 +538,15 @@ upgrade_amavis () {
     mv $conf $conf.cn4-upgrade
   fi
 
+  # install new packages
   pkgadd amavisd-cn amavisd-new
 
+  # fix new packages
   check_and_sed '^clamd.*5.clamav.log$' \
                 's/^\(clamd.*\)5.clamav.log$/\14\tsocket/g' \
                 /etc/init.d/amavisd-cn || true
 
+  # start new packages
   /etc/init.d/amavis restart
 }
 
@@ -507,33 +559,6 @@ upgrade_openldap () {
   dpkg --configure -a # try postinst again
 }
 
-# tentatively remove obsolete option in xinetd.conf
-fix_xinetd_conf () {
-  if [ -f /etc/xinetd.conf ]; then
-    check_and_sed 'log_on_failure.*RECORD' \
-                   's/\(log_on_failure.*\)RECORD/\1/g' \
-                   /etc/xinetd.conf || true
-  fi
-}
-
-# temporarily disable mod_ssl.conf in apache so that upgrade works
-fix_mod_ssl_include() {
-  if [ -f /etc/apache/mod_ssl.conf ]; then
-    check_and_sed '^Include /etc/apache/mod_ssl\.conf' \
-                  's,\(^Include[ 	][ 	]*/etc/apache/mod_ssl\.conf\),#\1,' \
-                  /etc/apache/httpd.conf || true
-  fi
-}
-
-fix_proftpd_conf() {
-  if [ -f /etc/proftpd.conf ]; then
-    check_and_sed '^LsDefaultOptions' \
-                  's,^LsDefaultOptions,ListOptions,' \
-                  /etc/proftpd.conf || true
-  fi
-  [ -x /etc/init.d/proftpd ] && /etc/init.d/proftpd restart || true
-}
-
 # fix /etc/dpkg/dpkg.cfg
 comment_force_overwrite () {
   if [ -f /etc/dpkg/dpkg.cfg ]; then
@@ -545,14 +570,6 @@ comment_force_overwrite () {
   fi
 }
 
-fix_aidexfer_conf() {
-  if [ -f /etc/aide/aidexfer.conf ]; then
-    check_and_sed '/usr/local/lib/aidexfer' \
-                  's,/usr/local/lib/aidexfer,/usr/share/aidexfer,' \
-                  /etc/aide/aidexfer.conf || true
-  fi
-}
-
 fix_issue () {
   cat > /etc/issue <<EOF
 Debian GNU/Linux 4.0 (CARNet Debian 4.0) \\n \\l
@@ -572,79 +589,3 @@ check_disk_space() {
     exit 1
   fi
 }
-
-fix_webalizer_conf () {
-  if [ -f /etc/webalizer.conf ]; then
-    check_and_sed '^/' \
-                  's,^/,#,' \
-                  /etc/webalizer.conf || true
-  fi
-}
-
-# like in sendmail-cn
-fix_smtp_auth() {
-  local tmpl conf tmpldir confdir mv_in_sasl
-
-  # all of these should be installed after dist-upgrade
-  # if we had SMTP AUTH previously
-  if pkg sasl2-bin && pkg sasl-bin && pkg sendmail-cn ge 2:8.13.1-2; then
-    :
-  else
-    return 0
-  fi
-
-  tmpldir=/usr/share/sendmail/examples/sasl
-  tmpl=$tmpldir/Sendmail.conf.2
-  confdir=/etc/mail/sasl
-  conf=$confdir/Sendmail.conf.2
-  if [ "$(sasldblistusers | wc -l)" -gt 0 ]; then
-    if [ "$(sasldblistusers2 | wc -l)" -eq 0 ]; then
-      echo | sasldbconverter2 /etc/sasldb
-      log "Converted /etc/sasldb to /etc/sasldb2."
-    else
-      log "Found users in both /etc/sasldb and /etc/sasldb2, doing nothing!"
-    fi
-  fi
-  if [ -f $conf -a -f $tmpl ] && \
-    ! cmp -s $conf $tmpl; then
-    mv $conf $conf.cn4-upgrade
-    mv_in_sasl=1
-  fi
-  if [ -f $confdir/Sendmail.conf ]; then
-    mv $confdir/Sendmail.conf $confdir/Sendmail.conf.cn4-upgrade
-    mv_in_sasl=1
-  fi
-  if [ -f $confdir/sasl.m4 ] && \
-    ! cmp -s $confdir/sasl.m4 $tmpldir/sasl.m4; then
-    mv -f $confdir/sasl.m4 $confdir/sasl.m4.cn4-upgrade
-    mv_in_sasl=1
-  fi
-  [ "$mv_in_sasl" ] && \
-    log "Renamed old files in $confdir."
-
-  # Regenerate sasl.m4 and friends.
-  /usr/share/sendmail/update_auth | egrep '^(Created template)' || true
-
-  # Hope noone else uses this file. (see doc/sendmail/README.Debian.gz)
-  dpkg-statoverride --remove /etc/sasldb2
-  dpkg-statoverride --update --add smmta smmsp 660 /etc/sasldb2
-  # needed for PLAIN, LOGIN
-  dpkg-statoverride --remove /var/run/saslauthd
-  dpkg-statoverride --update --add root sasl 711 /var/run/saslauthd
-
-  # Enable saslauthd, used by default Debian config
-  if ! egrep -q '^START=yes' /etc/default/saslauthd; then
-    check_and_sed START 's/#\ +START=yes$/START=yes/' /etc/default/saslauthd
-    /etc/init.d/saslauthd restart
-  fi
-
-  /etc/init.d/sendmail reload || true
-}
-
-sources_list() {
-  if [ ! -e /var/lib/carnet-upgrade/stamp-sources_list ]; then
-    install-carnet-sources.list
-    apt-get -y update
-    touch /var/lib/carnet-upgrade/stamp-sources_list
-  fi
-}