From: Dragan Dosen Date: Mon, 7 Apr 2008 11:11:07 +0000 (+0200) Subject: Fix file access permissions and group ownership for Apache2 SSL X-Git-Tag: v2.2+2~9 X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=commitdiff_plain;h=d0545bc48a700b22c3def9c648d97c6b80398cfe;p=apache2-cn.git Fix file access permissions and group ownership for Apache2 SSL certificate files, new file names for CA (carnet-generate-ssl). Problems in debian/postrm - not removing all DocumentRoot directories, $CONFDIR was not defined. Script debian/postinst - check for both PHP5 and PHP4 modules. Changed dependencies in debian/control. Changes in debian/prerm script. Added dh_installdebconf in debian/rules. --- diff --git a/carnet-generate-ssl b/carnet-generate-ssl index 093a22b..34af61f 100755 --- a/carnet-generate-ssl +++ b/carnet-generate-ssl @@ -43,19 +43,19 @@ cd /etc/ssl # Generate CA # -if [ ! -f ${sslkey}/ca.key ]; then +if [ ! -f ${sslkey}/apache2-ca.key ]; then - openssl genrsa -out ${sslkey}/ca.key 1024 + openssl genrsa -out ${sslkey}/apache2-ca.key 1024 KEYS="${KEYS} - - ${sslkey}/ca.key" + - ${sslkey}/apache2-ca.key" fi -if [ ! -f ${sslkey}/ca.csr ] || [ -n "$KEYS" ]; then +if [ ! -f ${sslkey}/apache2-ca.csr ] || [ -n "$KEYS" ]; then cat < $TMPFILE [ req ] default_bits = 1024 -default_keyfile = ca.pem +default_keyfile = apache2-ca.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no @@ -70,10 +70,10 @@ emailAddress = $WEBMASTER EOF - openssl req -config $TMPFILE -new -key ${sslkey}/ca.key -out ${sslkey}/ca.csr + openssl req -config $TMPFILE -new -key ${sslkey}/apache2-ca.key -out ${sslkey}/apache2-ca.csr fi -if [ ! -f ${sslcrt}/ca.pem ] || [ -n "$KEYS" ]; then +if [ ! -f ${sslcrt}/apache2-ca.pem ] || [ -n "$KEYS" ]; then cat >$TMPFILE <= 2.2), apache2 (>= 2.2), apache2 (<< 2.3), php5-cn | php4-cn, carnet-tools-cn (>= 2.0), ${perl:Depends}, ssl-cert, procps, mail-transport-agent +Depends: apache2-mpm-prefork (>= 2.2), apache2 (>= 2.2), apache2 (<< 2.3), php5-cn | php4-cn, carnet-tools-cn (>= 2.0), ${perl:Depends}, ssl-cert, procps, debconf (>= 0.5) | debconf-2.0, postfix | mail-transport-agent Suggests: apache2-doc, ca-certificates, monit-cn Conflicts: apache-cn (<< 2:1.3.33-6), apache-ssl, squirrelmail-cn (<< 2:1.4.2-6) Description: Apache web server with mod_ssl enabled diff --git a/debian/postinst b/debian/postinst index 335fabb..cca66c1 100755 --- a/debian/postinst +++ b/debian/postinst @@ -396,9 +396,19 @@ if [ -e "$CONF" ]; then fi if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then + if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then cp_echo "CN: Enabling PHP5 module for Apache2 web server." a2enmod php5 >/dev/null || true need_restart=1 + fi + fi + + if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then + if [ -e "/usr/lib/apache2/modules/libphp4.so" ]; then + cp_echo "CN: Enabling PHP4 module for Apache2 web server." + a2enmod php4 >/dev/null || true + need_restart=1 + fi fi if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then diff --git a/debian/postrm b/debian/postrm index 6681ea5..3814404 100755 --- a/debian/postrm +++ b/debian/postrm @@ -8,11 +8,11 @@ set -e # Include CARNet functions. . /usr/share/carnet-tools/functions.sh - +CONFDIR="/etc/apache2" +sitesdir=${CONFDIR}/sites-available HOST=$(hostname -f) DOMAIN=$(hostname -d) -sitefiles="000-$HOST www.$DOMAIN 001-ssl" -sitesdir=/etc/apache2/sites-available +sitefiles= case "$1" in @@ -20,7 +20,6 @@ case "$1" in # Get CARNet config files in /etc/apache2/sites-available directory. if [ -d "${sitesdir}" ] && [ -n "$(ls ${sitesdir}/)" ]; then - sitefiles="" for file in ${sitesdir}/*; do if [ -f "$file" ]; then if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then @@ -32,17 +31,19 @@ case "$1" in fi # Remove our vhosts. - for site in $sitefiles; do + if [ -n "$sitefiles" ]; then + for site in $sitefiles; do - if [ -e "$sitesdir/$site" ]; then + if [ -e "$sitesdir/$site" ]; then - cp_echo "CN: Removing $site site configuration file." - rm -f $sitesdir/$site - fi - done + cp_echo "CN: Removing $site site configuration file." + rm -f $sitesdir/$site + fi + done + fi # Remove default DocumentRoot if there's only a one line index.html there - docroots="/var/www/$HOST.$DOMAIN /var/www/www.$DOMAIN" + docroots="/var/www/$HOST /var/www/www.$DOMAIN" if [ -d "/var/www" ]; then @@ -62,11 +63,13 @@ case "$1" in fi # Remove CARNet specific configuration. - if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then + if [ -d "${CONFDIR}/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then cp_echo "CN: Disabling CARNet specific configuration." - for file in /etc/apache2/conf.d/*; do - if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then - rm -f $file + for file in ${CONFDIR}/conf.d/*; do + if [ -f "$file" ]; then + if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then + rm -f $file + fi fi done fi diff --git a/debian/prerm b/debian/prerm index ce3ced3..c282b40 100755 --- a/debian/prerm +++ b/debian/prerm @@ -5,11 +5,9 @@ set -e # Include CARNet functions. . /usr/share/carnet-tools/functions.sh - -HOST=$(hostname -f) -DOMAIN=$(hostname -d) -sites="000-$HOST 001-ssl www.$DOMAIN" -sitesendir=/etc/apache2/sites-enabled +CONFDIR="/etc/apache2" +sitesendir=${CONFDIR}/sites-enabled +sites= case "$1" in @@ -18,7 +16,6 @@ case "$1" in # Get CARNet config files in /etc/apache2/sites-enabled directory. if [ -d "${sitesendir}" ] && [ -n "$(ls ${sitesendir}/)" ]; then - sites="" for file in ${sitesendir}/*; do if [ -f "$file" ]; then if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then @@ -30,17 +27,21 @@ case "$1" in fi # Deconfigure our web sites, do nothing else - for site in $sites; do + if [ -n "$sites" ]; then + for site in $sites; do - if [ -e "$sitesendir/$site" ]; then + if [ -e "$sitesendir/$site" ]; then - cp_echo "CN: Disabling $site site configuration." - a2dissite $site >/dev/null || true - fi - done + cp_echo "CN: Disabling $site site configuration." + a2dissite $site >/dev/null || true + fi + done + fi - cp_echo "CN: Enabling default site configuration for Apache2 web server." - a2ensite default >/dev/null || true + if [ -f "${CONFDIR}/sites-available/default" ]; then + cp_echo "CN: Enabling default site configuration for Apache2 web server." + a2ensite default >/dev/null || true + fi # Restart Apache2 web server. if apache2ctl configtest 2>/dev/null; then diff --git a/debian/rules b/debian/rules index eadc17c..59380b1 100755 --- a/debian/rules +++ b/debian/rules @@ -62,7 +62,7 @@ binary-arch: build install dh_installexamples dh_install -X.svn # dh_installmenu -# dh_installdebconf + dh_installdebconf # dh_installlogrotate # dh_installemacsen # dh_installpam