X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Ffunctions.sh;h=1e831f4533feaa0407090905c8f81174d7d9693e;hb=a25e4b35569bc4c08a26a2be54c2271e0531d9a0;hp=fa0406b4d1dd695347c89b5d7c3cdcab9dad719c;hpb=b96e54139101f1fcf0208eb9cd08131470fdf181;p=carnet-upgrade.git

diff --git a/src/functions.sh b/src/functions.sh
index fa0406b..1e831f4 100644
--- a/src/functions.sh
+++ b/src/functions.sh
@@ -128,11 +128,26 @@ apt_autoremove () {
   }
 }
 
+# remove stale package information from available
+#   warning, in file '/var/lib/dpkg/available'
+#   near line 58185 package 'vim-cn': missing architecture
+cleanup_available () {
+  log "Cleaning dpkg available file"
+
+  available=$(mktemp /var/lib/carnet-upgrade/available.XXXXXX)
+  apt-cache dumpavail > $available
+
+  dpkg --clear-avail
+  dpkg --update-avail $available
+
+  rm -f $available
+}
+
 remove_x() {
   LC_MESSAGES=hr_HR dialog --backtitle "$title" --yesno "$msg_remove_x" 18 75
   if [ $? -eq 0 ]; then
     log "Removing X Window System"
-    pkgrm x11-common
+    pkgrm xserver-xorg
   else
     log "Skipping X Window System removal"
   fi
@@ -186,6 +201,7 @@ remove_bloat() {
       fi
     done
   done
+  IFS="$oldifs"
   [ "$DEBUG" ] && echo "DEBUG: pkgs_to_remove=$pkgs_to_remove" 1>&2
   # Finally, remove those
   if [ -n "$update_selections" ]; then
@@ -464,7 +480,9 @@ reboot_required () {
   running_version=$( uname -v )
   log "Running kernel: $running_release $running_version"
 
-  if grep -q "$running_release .* $running_version" $default_kernel; then
+  if [ "$kernel_package" != "${kernel_package#linux-image-3.2.0-}" ] ||
+     grep -q "$running_release .* $running_version" $default_kernel
+  then
       log "Latest kernel version is running." 
       return 1
   else
@@ -772,15 +790,14 @@ apt_listchanges () {
       case $command in
            disable)
                if [ -f $file ]; then
-                   dpkg-divert --local --rename --divert $file.$backup_ext \
+                   dpkg-divert --local --rename --divert $file.disabled \
                                --add $file || true
                fi
                ;;
 
            enable)
-               if [ -f $file.$backup_ext ]; then
-                   dpkg-divert --remove $file || true
-               fi
+               # cleanup the diversion even if the file is already removed
+               dpkg-divert --rename --remove $file || true
                ;;
      esac
   done
@@ -814,15 +831,20 @@ is_orphaned () {
 
 # remove old and unused libraries
 remove_orphaned () {
-  local package
+  local package remove
 
   apt_autoremove
 
+  remove=
   for package in $orphaned_packages; do
     if is_orphaned $package; then
-      pkgrm $package
+      remove="$remove $package"
     fi
   done
+
+  if [ "$remove" ]; then
+    pkgrm $remove
+  fi
 }
 
 # monit it causing problems for postinst scripts
@@ -883,8 +905,9 @@ upgrade_libc () {
 # upgrade apache2/php5
 upgrade_apache2 () {
   pkgrm apache-common # prevents installation of apache2-suexec
+  pkgrm php5-suhosin # not available for wheezy
   pkgupgrade libapache2-mod-php5 php5-cli php5-cn apache2-cn \
-    php5-odbc php5-suhosin php-suhosin-cn
+    php5-odbc
 }
 
 upgrade_amavis () {
@@ -906,20 +929,36 @@ upgrade_amavis () {
 
 # handle freerdius upgrade
 upgrade_freeradius () {
-  pkg freeradius-aai lt 2.1.10-1 || return 0
+  local password
+
+  pkg freeradius-aai lt 2.1.12~srce1 || return 0
 
   # aai team prevents a normal upgrade
   cp -av /etc/freeradius /etc/freeradius.$backup_ext
   pkgrm freeradius-aai freeradius-ldap freeradius
   rm -rf /etc/freeradius/certs
   pkgadd freeradius-aai
+
+  # sync localhost passwords
+  if pkg libpam-radius-auth && [ -f "/etc/pam_radius_auth.conf" ]; then
+    pkgadd libpam-radius-auth
+    password=$(
+      sed -n '/^[[:space:]]*client[[:space:]]\+localhost/,/^[[:space:]]*}/ { /^[[:space:]]*secret[[:space:]]*=[[:space:]]*\([^[:space:]]*\)/s//\1/p }' /etc/freeradius/clients.conf
+    )
+    if [ "$password" ] \
+       && ! grep -q "^127.0.0.1\(:[[:digit:]]\+\)\?[[:space:]]\+$password[[:space:]]\+" \
+         /etc/pam_radius_auth.conf
+    then
+      sed -i.$backup_ext "s/^\(127.0.0.1\(:[[:digit:]]\+\)\?[[:space:]]\+\)[^[:space:]]\+\(.*\)/\1$password\3/" /etc/pam_radius_auth.conf
+    fi
+  fi
 }
 
 # handle mysql 5.0 to 5.1 upgrade
 upgrade_mysql () {
-  if pkg mysql-server || pkg mysql-server-5.0; then
+  if pkg mysql-server || pkg mysql-server-5.1; then
      pkgadd mysql-server
-     dpkg -P mysql-server-5.0
+     dpkg -P mysql-server-5.1
      /etc/init.d/mysql restart
   fi
 }
@@ -940,6 +979,44 @@ upgrade_postfix () {
   fi
 }
 
+# upgrade the IMAP server
+upgrade_dovecot() {
+  if [ ! -f /etc/dovecot/conf.d/95-local ]; then
+     pkgrm dovecot-cn
+
+     # restore config
+     if [ ! -f /etc/dovecot/dovecot.conf.$backup_ext ]; then
+        mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.$backup_ext
+        cp /usr/share/dovecot/dovecot.conf /etc/dovecot/dovecot.conf
+     fi
+
+     # copy SSL certificates
+     OLD_SSL_CERT="/etc/ssl/certs/dovecot.pem"
+     OLD_SSL_KEY="/etc/ssl/private/dovecot.pem"
+     SSL_CERT="/etc/dovecot/dovecot.pem"
+     SSL_KEY="/etc/dovecot/private/dovecot.pem"
+     if [ -f $OLD_SSL_CERT -a -f $OLD_SSL_KEY -a ! -f $SSL_CERT -a ! -f $SSL_KEY ]; then
+        if [ ! -e /etc/dovecot/private ]; then
+           install -d -o root -g root -m0700 /etc/dovecot/private
+        fi
+
+        cp -av $OLD_SSL_CERT $SSL_CERT
+        cp -av $OLD_SSL_KEY $SSL_KEY
+
+        chown root:dovecot $SSL_CERT
+        chmod 0644 $SSL_CERT
+        chown root:dovecot $SSL_KEY
+        chmod 0600 $SSL_KEY
+     fi
+
+     # install new version and restore local changes
+     pkgadd dovecot-core
+     doveconf -n -c /etc/dovecot/dovecot.conf.$backup_ext > /etc/dovecot/conf.d/95-local
+
+     pkgadd dovecot-cn
+  fi
+}
+
 # upgrade bind separately so DNS is not down for too long
 # or breaks postinst scripts of other cn packages that depend on
 # working resolver
@@ -947,6 +1024,16 @@ upgrade_bind() {
   pkgadd bind9-cn
 }
 
+# handle fail2ban upgrade due to error:
+# trying to overwrite '/etc/fail2ban/filter.d/dovecot.conf', which is also in package fail2ban-cn
+upgrade_fail2ban() {
+  if pkg fail2ban-cn && dpkg -L fail2ban-cn | grep -qF dovecot.conf; then
+    pkgrm fail2ban-cn
+    pkgadd fail2ban
+    pkgadd fail2ban-cn
+  fi
+}
+
 get_variable () {
   local name=$1 file=$2 val
 
@@ -1027,16 +1114,29 @@ check_archives_space() {
   fi
 }
 
-check_kernel_space() {
-  local available_disk_space kernel_size linux_images metapkg pkg ret
-  available_disk_space=$(free_space /)
+# calculate the list of linux-image packages from kernel-2.6-cn dependencies
+get_cn_kernels() {
+  local cn_kernels linux_images metapkg pkg
+
+  cn_kernels=
   linux_images=$(apt-cache show kernel-2.6-cn | grep ^Depends: \
     | grep -o 'linux-image[^, ]*')
   for metapkg in $linux_images; do
     pkg=$(apt-cache show $metapkg | grep ^Depends: \
           | grep -o 'linux-image[^, ]*' | head -1)
-    [ "$pkg" ] || continue
+    [ "$pkg" ] && cn_kernels="$cn_kernels $pkg"
+  done
+
+  echo $cn_kernels
+}
+
+# check if there is enough space on / for the new kernel package
+check_kernel_space() {
+  local available_disk_space kernel_size linux_images pkg ret
+  available_disk_space=$(free_space /)
 
+  linux_images=$( get_cn_kernels )
+  for pkg in $linux_images; do
     kernel_size=$(installed_size $pkg)
     ret=$?
     [ $ret -eq 0 ] && break
@@ -1065,6 +1165,82 @@ check_kernel_space() {
   fi
 }
 
+# free some space on / partition by cleaning old unused kernels
+clean_old_kernels() {
+  local installed keep pkg keep remove delete name dialog_list selection
+
+  # find all installed kernels
+  installed=$(
+    dpkg -l | egrep '^ii  linux-image-[0-9]+[.][0-9]+[.][0-9]+-' \
+    | awk '{print $2}'
+  )
+  log "Found kernel packages: $installed"
+
+  # leave current and new kernels
+  keep="linux-image-$(uname -r) $(get_cn_kernels)"
+  log "Keep kernel packages: $keep"
+
+  # check what to remove
+  remove=
+  for pkg in $installed; do
+    delete=yes
+    for name in $keep; do
+      [ "$pkg" = "$name" ] && delete=
+    done
+    if [ "$delete" = yes ]; then
+      remove="$remove $pkg"
+    fi
+  done
+  log "Obsolete kernel packages: $remove"
+
+  if [ "$remove" ]; then
+    for pkg in $remove; do
+      dialog_list="$dialog_list $pkg '' off"
+    done
+
+    # user selects the packages to delete
+    selection=$( mktemp /var/lib/carnet-upgrade/selection.XXXXXX )
+    eval LC_MESSAGES=hr_HR dialog --nocancel --backtitle \""$title"\" \
+      --checklist \""$msg_remove_kernels"\" 20 75 6 $dialog_list 2>$selection
+
+    selected=$( tr -d \" < $selection )
+    rm -f $selection
+
+    if [ "$selected" ]; then
+      log "Removing kernel packages: $selected"
+      pkgrm $selected
+    fi
+  fi
+}
+
+# prevent sysv-rc migration problems
+clean_initd_packages() {
+  local list removed pkg dialog_list selection selected
+
+  list=$( dpkg -S /etc/init.d/\* | grep -v ^diversion | cut -d: -f1 | sort -u )
+  removed=$( dpkg -l $list | sed -n 's/^r.[[:space:]]\+\([^[:space:]]\+\).*/\1/p' )
+  log "Found removed packages: $removed"
+
+  if [ "$removed" ]; then
+    for pkg in $removed; do
+      dialog_list="$dialog_list $pkg '' off"
+    done
+
+    # user selects the packages to delete
+    selection=$( mktemp /var/lib/carnet-upgrade/selection.XXXXXX )
+    eval LC_MESSAGES=hr_HR dialog --nocancel --backtitle \""$title"\" \
+      --checklist \""$msg_remove_initd"\" 20 75 6 $dialog_list 2>$selection
+
+    selected=$( tr -d \" < $selection )
+    rm -f $selection
+
+    if [ "$selected" ]; then
+      log "Purging packages: $selected"
+      dpkg -P $selected
+    fi
+  fi
+}
+
 free_space() {
   df --portability --block-size=1M "$1" | tail -1 | awk '{print $4}'
 }