Prva inacica paketa za Debian jessie distribuciju.

diff --git a/README.CARNet b/README.CARNet
index 1ad99a8..8db1809 100644 (file)
--- a/README.CARNet
+++ b/README.CARNet
@@ -2,7 +2,7 @@ apache2-cn
 ~~~~~~~~~~
 
 Ovaj paket donosi CARNetovu dodatnu konfiguraciju za apache2 paket
 ~~~~~~~~~~
 
 Ovaj paket donosi CARNetovu dodatnu konfiguraciju za apache2 paket

-iz Debian wheezy distribucije.
+iz Debian jessie distribucije.

 
 Paket dodaje VirtualHost zapise za sljedece webove:
 
 
 Paket dodaje VirtualHost zapise za sljedece webove:
 

@@ -23,6 +23,7 @@ biti postavljen u:
 
 Apache2 moduli koji su automatski ukljuceni:
 
 
 Apache2 moduli koji su automatski ukljuceni:
 

+  * prefork MPM

   * PHP5
   * SSL
   * rewrite
   * PHP5
   * SSL
   * rewrite

@@ -30,4 +31,4 @@ Apache2 moduli koji su automatski ukljuceni:
   * suexec
   * CGI
 
   * suexec
   * CGI
 

- -- Dragan Dosen <Dragan.Dosen@CARNet.hr>  Tue, 13 Aug 2013 10:20:06 +0200
+ -- Dragan Dosen <Dragan.Dosen@CARNet.hr>  Sat, 30 Apr 2016 13:21:01 +0200

diff --git a/carnet-generate-ssl b/carnet-generate-ssl
index 9a17f02..d3976ee 100755 (executable)
--- a/carnet-generate-ssl
+++ b/carnet-generate-ssl
@@ -71,7 +71,7 @@ emailAddress           = $WEBMASTER
 
 EOF
 
 
 EOF
 

-    openssl req -config $TMPFILE -new -key ${SSLKEYDIR}/apache2-ca.key -out ${SSLKEYDIR}/apache2-ca.csr
+    openssl req -sha256 -config $TMPFILE -new -key ${SSLKEYDIR}/apache2-ca.key -out ${SSLKEYDIR}/apache2-ca.csr

 fi
 
 if [ ! -f ${SSLCRTDIR}/apache2-ca.pem ] || [ -n "$KEYS" ]; then
 fi
 
 if [ ! -f ${SSLCRTDIR}/apache2-ca.pem ] || [ -n "$KEYS" ]; then

@@ -85,14 +85,14 @@ nsComment        = "CARNet apache2-cn package generated custom CA certificate"
 nsCertType       = sslCA
 EOT
 
 nsCertType       = sslCA
 EOT
 

-    openssl x509 -extfile $TMPFILE -days 3651 -signkey ${SSLKEYDIR}/apache2-ca.key \
+    openssl x509 -sha256 -extfile $TMPFILE -days 3651 -signkey ${SSLKEYDIR}/apache2-ca.key \

            -in ${SSLKEYDIR}/apache2-ca.csr -req -out ${SSLCRTDIR}/apache2-ca.pem
 
     KEYS="${KEYS}
  - ${SSLCRTDIR}/apache2-ca.pem"
 fi
 
            -in ${SSLKEYDIR}/apache2-ca.csr -req -out ${SSLCRTDIR}/apache2-ca.pem
 
     KEYS="${KEYS}
  - ${SSLCRTDIR}/apache2-ca.pem"
 fi
 

-mod1=`openssl x509 -noout -modulus -in ${SSLCRTDIR}/apache2-ca.pem`
+mod1=`openssl x509 -sha256 -noout -modulus -in ${SSLCRTDIR}/apache2-ca.pem`

 mod2=`openssl rsa -noout -modulus -in ${SSLKEYDIR}/apache2-ca.key`
 
 if [ "$mod1" != "$mod2" ]; then
 mod2=`openssl rsa -noout -modulus -in ${SSLKEYDIR}/apache2-ca.key`
 
 if [ "$mod1" != "$mod2" ]; then

@@ -101,7 +101,7 @@ if [ "$mod1" != "$mod2" ]; then
 fi
 
 cd ${SSLCRTDIR}
 fi
 
 cd ${SSLCRTDIR}

-ln -sf apache2-ca.pem $(openssl x509 -hash -noout -in apache2-ca.pem)
+ln -sf apache2-ca.pem $(openssl x509 -sha256 -hash -noout -in apache2-ca.pem)

 
 
 # Generate server certificate
 
 
 # Generate server certificate

@@ -112,13 +112,13 @@ echo 01 > "$TMPFILE2"
 sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
   <  $A2CNDIR/templates/openssl.cnf > "$TMPFILE"
 
 sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
   <  $A2CNDIR/templates/openssl.cnf > "$TMPFILE"
 

-openssl req -config "$TMPFILE" -new -nodes \
+openssl req -sha256 -config "$TMPFILE" -new -nodes \

        -key ${SSLKEYDIR}/apache2.key -out ${SSLKEYDIR}/apache2.csr
        -key ${SSLKEYDIR}/apache2.key -out ${SSLKEYDIR}/apache2.csr

-openssl x509 -extfile "$TMPFILE" -days 3650 \
+openssl x509 -sha256 -extfile "$TMPFILE" -days 3650 \

        -CAserial "$TMPFILE2" -CA ${SSLCRTDIR}/apache2-ca.pem -CAkey ${SSLKEYDIR}/apache2-ca.key \
        -in ${SSLKEYDIR}/apache2.csr -req -out ${SSLCRTDIR}/apache2.pem
 
        -CAserial "$TMPFILE2" -CA ${SSLCRTDIR}/apache2-ca.pem -CAkey ${SSLKEYDIR}/apache2-ca.key \
        -in ${SSLKEYDIR}/apache2.csr -req -out ${SSLCRTDIR}/apache2.pem
 

-mod1=`openssl x509 -noout -modulus -in ${SSLCRTDIR}/apache2.pem`
+mod1=`openssl x509 -sha256 -noout -modulus -in ${SSLCRTDIR}/apache2.pem`

 mod2=`openssl rsa -noout -modulus -in ${SSLKEYDIR}/apache2.key`
 
 if [ "$mod1" != "$mod2" ]; then
 mod2=`openssl rsa -noout -modulus -in ${SSLKEYDIR}/apache2.key`
 
 if [ "$mod1" != "$mod2" ]; then

@@ -132,7 +132,7 @@ KEYS="${KEYS}
  - ${SSLKEYDIR}/apache2.key"
 
 cd ${SSLCRTDIR}
  - ${SSLKEYDIR}/apache2.key"
 
 cd ${SSLCRTDIR}

-ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
+ln -sf apache2.pem $(openssl x509 -sha256 -hash -noout -in apache2.pem)

 
 
 # Fix file access permissions.
 
 
 # Fix file access permissions.

diff --git a/debian/changelog b/debian/changelog
index 55bf11d..8026cd0 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+apache2-cn (2.4.10+1) stable; urgency=low
+
+  * Prva inacica paketa za Debian jessie distribuciju.
+  * Azurirane ovisnosti unutar debian/control.
+  * Migracija konfiguracije za Apache2 iz /etc/apache2/conf.d/ direktorija
+    u direktorij /etc/apache2/conf-available/.
+  * Preimenovanje konfiguracijskih datoteka da sadrze .conf ekstenziju.
+  * Azuriranje IncludeOptional linija unutar konfiguracijske datoteke
+    /etc/apache2/apache2.conf - ucitavanje konfiguracijskih datoteka
+    sa .conf ekstenzijom, ostale se ignoriraju.
+  * Izmijenjene metode za aktivaciju i deaktivaciju konfiguracijskih
+    datoteka za Apache2.
+  * Koristi SHA-256 prilikom generiranja SSL certifikata.
+
+ -- Dragan Dosen <Dragan.Dosen@CARNet.hr>  Sat, 30 Apr 2016 13:21:01 +0200
+

 apache2-cn (2.2.22+1) stable; urgency=low
 
   * Prva inacica paketa za Debian wheezy distribuciju.
 apache2-cn (2.2.22+1) stable; urgency=low
 
   * Prva inacica paketa za Debian wheezy distribuciju.

diff --git a/debian/compat b/debian/compat
index 45a4fb7..ec63514 100644 (file)
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-8
+9

diff --git a/debian/config b/debian/config
index d2ae8b4..831ea0e 100755 (executable)
--- a/debian/config
+++ b/debian/config
@@ -27,12 +27,11 @@ DOMAIN=$(hostname -d)
 # Check for existing SSL VirtualHosts.
 #
 has_listen_ssl=0
 # Check for existing SSL VirtualHosts.
 #
 has_listen_ssl=0

-
-if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
-    listen_ssl_mask=$CONFDIR/conf.d/*
+if [ -d "$CONFDIR/conf-enabled" ] && [ -n "$(ls -A $CONFDIR/conf-enabled/)" ]; then
+    listen_ssl_mask=$CONFDIR/conf-enabled/*.conf

 fi
 fi

-if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then
-    listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*
+if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls -A $CONFDIR/sites-enabled/)" ]; then
+    listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*.conf

 fi
 
 for file in $CONF $listen_ssl_mask; do
 fi
 
 for file in $CONF $listen_ssl_mask; do

diff --git a/debian/control b/debian/control
index cf71a49..d7960af 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -2,12 +2,13 @@ Source: apache2-cn
 Section: httpd
 Priority: optional
 Maintainer: Dragan Dosen <Dragan.Dosen@CARNet.hr>
 Section: httpd
 Priority: optional
 Maintainer: Dragan Dosen <Dragan.Dosen@CARNet.hr>

-Build-Depends: debhelper (>= 8.0.0), po-debconf
-Standards-Version: 3.9.3
+Build-Depends: debhelper (>> 9), po-debconf
+Standards-Version: 3.9.6
+Homepage: http://httpd.apache.org/

 
 Package: apache2-cn
 Architecture: all
 
 Package: apache2-cn
 Architecture: all

-Depends: apache2-mpm-prefork (>= 2.2.22-13), apache2 (>= 2.2.22-13), apache2-suexec (>= 2.2.22-13), apache2 (<< 2.3), php5-cn (>= 5.3.3+1), carnet-tools-cn (>= 3.0.4), ssl-cert, procps, debconf (>= 0.5) | debconf-2.0, postfix | mail-transport-agent, ${misc:Depends}
+Depends: apache2 (>= 2.4.10-10+deb8u5), apache2-suexec-pristine (>= 2.4.10-10+deb8u5), php5-cn (>= 5.4.4+4), carnet-tools-cn (>= 3.1.0), ssl-cert, procps, debconf (>= 1.5.56), postfix | mail-transport-agent, ${misc:Depends}

 Suggests: mod-security-cn, apache2-doc, ca-certificates, monit-cn
 Description: Apache HTTP Server - traditional non-threaded model
  Each Apache Multi-Processing Module provides a different "flavor" of
 Suggests: mod-security-cn, apache2-doc, ca-certificates, monit-cn
 Description: Apache HTTP Server - traditional non-threaded model
  Each Apache Multi-Processing Module provides a different "flavor" of

@@ -23,4 +24,3 @@ Description: Apache HTTP Server - traditional non-threaded model
  .
  This is a CARNet Debian package which configures a simple https enabled
  web service with PHP5.
  .
  This is a CARNet Debian package which configures a simple https enabled
  web service with PHP5.

-Homepage: http://httpd.apache.org/

diff --git a/debian/copyright b/debian/copyright
index dd9254d..235dba3 100644 (file)
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,4 +1,4 @@
-Copyright 2013 CARNet
+Copyright 2013-2016 CARNet

 
 You are free to distribute this software package under the terms of the
 GNU General Public License.
 
 You are free to distribute this software package under the terms of the
 GNU General Public License.

diff --git a/debian/postinst b/debian/postinst
index 1d09c19..ebebc6b 100755 (executable)
--- a/debian/postinst
+++ b/debian/postinst
@@ -27,15 +27,13 @@ esac
 . /usr/share/carnet-tools/functions.sh
 
 PKG="apache2-cn"
 . /usr/share/carnet-tools/functions.sh
 
 PKG="apache2-cn"

-VERSION="2.2.22+1"
+VERSION="2.4.10+1"

 CONFDIR="/etc/apache2"
 CONF="$CONFDIR/apache2.conf"
 CONFDIR="/etc/apache2"
 CONF="$CONFDIR/apache2.conf"

-A2MODEDIR="$CONFDIR/mods-enabled"

 PORTCONF="$CONFDIR/ports.conf"
 A2CNDIR=/usr/share/apache2-cn
 TMPLDIR=$A2CNDIR/templates
 CERTDIR=/etc/ssl/certs
 PORTCONF="$CONFDIR/ports.conf"
 A2CNDIR=/usr/share/apache2-cn
 TMPLDIR=$A2CNDIR/templates
 CERTDIR=/etc/ssl/certs

-A2PHPINI="/etc/php5/apache2/php.ini"

 
 HOST=$(hostname)
 FQDN=$(hostname --fqdn)
 
 HOST=$(hostname)
 FQDN=$(hostname --fqdn)

@@ -43,7 +41,6 @@ WEBMASTER="webmaster@$FQDN"
 DOMAIN=$(hostname -d)
 BACKUPDIR="/var/backups/apache2-cn"
 
 DOMAIN=$(hostname -d)
 BACKUPDIR="/var/backups/apache2-cn"
 

-backup_done=0

 need_restart=0
 apache2_sslcf=
 apache2_sslckf=
 need_restart=0
 apache2_sslcf=
 apache2_sslckf=

@@ -150,17 +147,18 @@ listen_ssl() {
 #
 install_conf() {
     conftmpl="$A2CNDIR/$1.conf"
 #
 install_conf() {
     conftmpl="$A2CNDIR/$1.conf"

-    conf="$CONFDIR/conf.d/$2.conf"
+    conf="$CONFDIR/conf-available/$2.conf"

 
     if [ ! -e "$conf" ]; then
 
     if [ ! -e "$conf" ]; then

-
-        cp_echo "CN: Enabling CARNet specific configuration."
+        cp_echo "CN: Generating CARNet specific configuration."

         cp "$conftmpl" "$conf"
         cp "$conftmpl" "$conf"

-
-        need_restart=1

     else
         cp_echo "CN: $conf already exists, left untouched." 1>&2
     fi
     else
         cp_echo "CN: $conf already exists, left untouched." 1>&2
     fi

+
+    cp_echo "CN: Enabling CARNet specific configuration."
+    a2enconf -m -q "$2"
+    need_restart=1

 }
 
 # install_vhost()
 }
 
 # install_vhost()

@@ -177,8 +175,9 @@ install_conf() {
 #     -n   - set ServerName
 #     -s X - symlink DocumentRoot to X (all in /var/www)
 #
 #     -n   - set ServerName
 #     -s X - symlink DocumentRoot to X (all in /var/www)
 #

-#   site - name of file in sites-available, host part of ServerName unless -r or -n is used
-#   site-enabled-symlink - name of symlink in sites-enabled
+#   site - host part of ServerName unless -r or -n is used
+#   site-enabled-symlink - name of file/symlink in sites-available/sites-enabled
+#                          (without .conf suffix)

 #
 install_vhost() {
     add_namevirthost=
 #
 install_vhost() {
     add_namevirthost=

@@ -220,7 +219,8 @@ install_vhost() {
 
     vhosttmpl="$1.template"
     vhost="$2"
 
     vhosttmpl="$1.template"
     vhost="$2"

-    venabled="$3"
+    vsite="$3"
+    venabled="$3.conf"

     [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}')
     force_vhost=
 
     [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}')
     force_vhost=
 

@@ -243,10 +243,10 @@ install_vhost() {
     # - adding is forced OR
     # - it doesn't exist
     #
     # - adding is forced OR
     # - it doesn't exist
     #

-    if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$vhost" -a ! -e "$venabledir/$venabled" \) ]; then
+    if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$venabled" -a ! -e "$venabledir/$venabled" \) ]; then

 
         cp_echo "CN: Adding $vhost VirtualHost."
 
         cp_echo "CN: Adding $vhost VirtualHost."

-        out=$(mktemp $vhostdir/$vhost.XXXXXX)
+        out=$(mktemp $vhostdir/$venabled.XXXXXX)

         temp_files="${temp_files} ${out}"
 
         # CARNet header.
         temp_files="${temp_files} ${out}"
 
         # CARNet header.

@@ -260,9 +260,9 @@ install_vhost() {
 
         sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g;
             s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out
 
         sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g;
             s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out

-        cp_mv $out $vhostdir/$vhost
-        chmod 644 $vhostdir/$vhost
-        ln -fs ../sites-available/$vhost $venabledir/$venabled
+        cp_mv $out $vhostdir/$venabled
+        chmod 644 $vhostdir/$venabled
+        a2ensite -m -q "$vsite"

 
         if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then
             mkdir "$docroot"
 
         if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then
             mkdir "$docroot"

@@ -275,84 +275,205 @@ install_vhost() {
     fi
 }
 
     fi
 }
 

+# backup_conf()
+#
+#   Backup configuration files located in specified directory.
+#
+backup_conf () {
+    local dir file backup_dir
+
+    dir="$1"
+
+    if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then
+        cp_echo "CN: Doing backup for all files in $dir"
+        for file in ${dir}/*; do
+            if [ -f "$file" ]; then
+                if [ -z "$(echo $file | egrep '^/.*~')" ]; then
+                    backup_dir="$BACKUPDIR/$(basename $(dirname "$file"))"
+                    cp_backup_conffile -d "$backup_dir" -p "$file"
+                fi
+            fi
+        done
+    fi
+}
+
+# move_conf()
+#
+#   Move configuration files from one directory to another. The .conf suffix
+#   will be added. Will try to enable the configuration if -e is specified.
+#
+move_conf () {
+    local toenable ctype dir newdir file newfile
+
+    if [ "$1" = "-e" ]; then
+        toenable="$1"
+        shift
+    fi
+
+    ctype="$1"
+    dir="$2"
+    newdir="$3"
+
+    case "$ctype" in
+        site|conf)
+            # continue below
+            ;;
+        *)
+            return 1
+            ;;
+    esac
+
+    if [ -z "$newdir" ]; then
+        newdir="$dir"
+    fi
+
+    if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then
+        mkdir -p "$newdir"
+        for file in ${dir}/*; do
+            newfile="${newdir}/$(basename "$file" .conf).conf"
+            if [ ! -e "$newfile" ]; then
+                cp_echo "CN: Preserving changes to $newfile (renamed from $file)."
+                cp_mv "$file" "$newfile"
+                if [ -n "$toenable" ]; then
+                    cp_echo "CN: Enabling configuration $newfile"
+                    a2en$ctype -m -q "$(basename "$newfile" .conf)" || true
+                fi
+                need_restart=1
+            fi
+        done
+    fi
+}
+
+# rename_conf()
+#
+#   Append the .conf suffix to all configuration files located in specified
+#   available and enabled directories. Updated symlinks if necessary.
+#
+#
+rename_conf () {
+    local ctype adir edir afile efile newfile
+
+    ctype="$1"
+    adir="$2"
+    edir="$3"
+
+    case "$ctype" in
+        site|conf)
+            # continue below
+            ;;
+        *)
+            return 1
+            ;;
+    esac
+
+    if [ -d "${edir}" ] && [ -n "$(ls -A ${edir}/)" ]; then
+        mkdir -p "$adir"
+        for efile in ${edir}/*; do
+            [ ! -e "${edir}/$(basename "$efile" .conf).conf" ] || continue
+
+            afile="$(readlink -q -m "$efile")"
+
+            [ "$(dirname "$afile")" = "$adir" ] || continue
+            [ "$(basename "$afile" .conf)" = "$(basename "$efile" .conf)" ] || continue
+
+            newfile="${adir}/$(basename "$afile" .conf).conf"
+            [ ! -e "$newfile" ] || continue
+
+            cp_echo "CN: Preserving changes to $newfile (renamed from $afile)."
+            cp_mv "$afile" "$newfile"
+
+            cp_echo "CN: Removing obsolete symlink $efile"
+            rm -f "$efile"
+
+            cp_echo "CN: Enabling configuration $newfile"
+            a2en$ctype -m -q "$(basename "$newfile" .conf)" || true
+            need_restart=1
+        done
+    fi
+}
+

 
 # Set trap for deleting all temp files.
 #
 trap cleanup 0 1 2 15
 
 
 
 # Set trap for deleting all temp files.
 #
 trap cleanup 0 1 2 15
 
 

-# Backup all configuration located in /etc/apache2/conf.d/ and
-# /etc/apache2/sites-available/ directories.
+# Backup all configuration located in /etc/apache2/conf.d/,
+# /etc/apache2/conf-available/ and /etc/apache2/sites-available/
+# directories.

 #
 if [ -e "$CONF" ]; then
     cp_echo "CN: Doing backup for $CONF"
     cp_backup_conffile -d $BACKUPDIR -p $CONF
 #
 if [ -e "$CONF" ]; then
     cp_echo "CN: Doing backup for $CONF"
     cp_backup_conffile -d $BACKUPDIR -p $CONF

-    backup_done=1

 fi
 fi

-if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then
-    cp_echo "CN: Doing backup for all files in /etc/apache2/conf.d/"
-    for file in /etc/apache2/conf.d/*; do
-        if [ -z "$(echo $file | egrep '^/.*~')" ]; then
-            cp_backup_conffile -d $BACKUPDIR -p $file
-        fi
-    done
-    backup_done=1
-fi
-if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls ${CONFDIR}/sites-available/)" ]; then
-    cp_echo "CN: Doing backup for all files in /etc/apache2/sites-available/"
-    for file in /etc/apache2/sites-available/*; do
-        if [ -z "$(echo $file | egrep '^/.*~')" ]; then
-            cp_backup_conffile -d $BACKUPDIR -p $file
-        fi
-    done
-    backup_done=1
+
+backup_conf $CONFDIR/conf.d
+backup_conf $CONFDIR/conf-available
+backup_conf $CONFDIR/sites-available
+
+cp_echo "CN: Backup is located in directory: $BACKUPDIR/"
+
+
+# Enable Apache2 web server modules (mpm_prefork, cgi, rewrite, userdir, suexec, php5, ssl).
+#
+if [ -e "$CONF" ]; then
+    cp_echo "CN: Enabling the prefork Apache2 MPM."
+    if [ "$(a2query -M || true)" != "prefork" ]; then
+        a2dismod -m -q "mpm_$(a2query -M || true)"
+        a2enmod -m -q mpm_prefork
+    fi
+
+    cp_echo "CN: Enabling required Apache2 web server modules."
+    a2enmod -m -q cgi
+    a2enmod -m -q rewrite
+    a2enmod -m -q userdir
+    a2enmod -m -q suexec
+    a2enmod -m -q php5
+    a2enmod -m -q ssl

 fi
 fi

-if [ $backup_done -eq 1 ]; then
-    cp_echo "CN: Backup is located in directory: $BACKUPDIR/"
+
+
+# Make sure configuration files have the .conf suffix. Move them
+# to appropriate locations.
+#
+if [ -d "$CONFDIR/conf.d" ]; then
+    cp_echo "CN: Obsolete configuration directory $CONFDIR/conf.d/ found."
+    move_conf -e conf $CONFDIR/conf.d $CONFDIR/conf-available

 fi
 
 fi
 

+rename_conf site $CONFDIR/sites-available $CONFDIR/sites-enabled
+

 
 

-# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl).
+# Check and add IncludeOptional lines to /etc/apache2/apache2.conf:
+#
+#   IncludeOptional conf-enabled/*.conf
+#   IncludeOptional sites-enabled/*.conf

 #
 if [ -e "$CONF" ]; then
 
 #
 if [ -e "$CONF" ]; then
 

-    if [ ! -e "$A2MODEDIR/cgi.load" ]; then
-        cp_echo "CN: Enabling CGI module for Apache2 web server."
-        a2enmod cgi >/dev/null || true
-        need_restart=1
-    fi
+    cp_echo "CN: Checking IncludeOptional lines in $CONF"

 
 

-    if [ ! -e "$A2MODEDIR/rewrite.load" ]; then
-        cp_echo "CN: Enabling rewrite module for Apache2 web server."
-        a2enmod rewrite >/dev/null || true
-        need_restart=1
-    fi
+    CONFTMP=`mktemp $CONF.tmp.XXXXXX`
+    temp_files="${temp_files} ${CONFTMP}"
+    cp "$CONF" "$CONFTMP"

 
 

-    if [ ! -e "$A2MODEDIR/userdir.load" ] || [ ! -e "$A2MODEDIR/userdir.conf" ]; then
-        cp_echo "CN: Enabling userdir module for Apache2 web server."
-        a2enmod userdir >/dev/null || true
-        need_restart=1
-    fi
+    sed -r -i 's#^[[:space:]]*Include(Optional)?[[:space:]]+(/etc/apache2/)?conf\.d(/)?$#IncludeOptional conf-enabled/\*\.conf#I' \
+        "$CONFTMP"
+    sed -r -i 's#^[[:space:]]*Include(Optional)?[[:space:]]+(/etc/apache2/)?sites-enabled(/)?$#IncludeOptional sites-enabled/\*\.conf#I' \
+        "$CONFTMP"

 
 

-    if [ ! -e "$A2MODEDIR/suexec.load" ]; then
-        cp_echo "CN: Enabling SUEXEC module for Apache2 web server."
-        a2enmod suexec >/dev/null || true
-        need_restart=1
+    if ! egrep -iq "^[[:space:]]*IncludeOptional[[:space:]]+conf-enabled/\*\.conf$" "$CONFTMP"; then
+        echo 'IncludeOptional conf-enabled/*.conf' >> "$CONFTMP"

     fi
     fi

-
-    if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then
-        if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then
-            cp_echo "CN: Enabling PHP5 module for Apache2 web server."
-            a2enmod php5 >/dev/null || true
-            need_restart=1
-        fi
+    if ! egrep -iq "^[[:space:]]*IncludeOptional[[:space:]]+sites-enabled/\*\.conf$" "$CONFTMP"; then
+        echo 'IncludeOptional sites-enabled/*.conf' >> "$CONFTMP"

     fi
 
     fi
 

-    if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then
-        cp_echo "CN: Enabling SSL module for Apache2 web server."
-        a2enmod ssl >/dev/null || true
+    if ! cmp -s "$CONFTMP" "$CONF"; then
+        cp_mv "$CONFTMP" "$CONF"

         need_restart=1
     fi
         need_restart=1
     fi

+    rm -f "$CONFTMP"

 fi
 
 
 fi
 
 

@@ -367,22 +488,19 @@ listen_ssl
 # Disable default site configuration.
 #
 if [ -e "$CONF" ]; then
 # Disable default site configuration.
 #
 if [ -e "$CONF" ]; then

-    if [ -e "$CONFDIR/sites-enabled/000-default" ]; then
-        cp_echo "CN: Disabling 000-default site configuration."
-        a2dissite 000-default >/dev/null || true
-
-        need_restart=1
-    fi
+    cp_echo "CN: Disabling default site configuration."
+    a2dissite -m -f -q 000-default || true
+    need_restart=1

 fi
 
 
 # Apache2 SSL certificate.
 #
 fi
 
 
 # Apache2 SSL certificate.
 #

-if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
-    listen_ssl_mask=$CONFDIR/conf.d/*
+if [ -d "$CONFDIR/conf-enabled" ] && [ -n "$(ls -A $CONFDIR/conf-enabled/)" ]; then
+    listen_ssl_mask=$CONFDIR/conf-enabled/*.conf

 fi
 fi

-if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then
-    listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*
+if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls -A $CONFDIR/sites-enabled/)" ]; then
+    listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*.conf

 fi
 
 for file in $CONF $listen_ssl_mask; do
 fi
 
 for file in $CONF $listen_ssl_mask; do

@@ -429,15 +547,15 @@ if [ -z "$2" ]; then
     if [ "$RET" = "true" ]; then
 
         # Add WWW VirtualHost.
     if [ "$RET" = "true" ]; then
 
         # Add WWW VirtualHost.

-        if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
-            cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
+        if [ -f "$CONFDIR/sites-available/000-$FQDN.conf" ]; then
+            cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/000-$FQDN.conf

         fi
         fi

-        if [ -f "$CONFDIR/sites-available/www.$DOMAIN" ]; then
-            cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/www.$DOMAIN
+        if [ -f "$CONFDIR/sites-available/www.$DOMAIN.conf" ]; then
+            cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/www.$DOMAIN.conf

         fi
 
         fi
 

-        chk_conf_tag "$CONFDIR/sites-available/$FQDN"
-        if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
+        chk_conf_tag "$CONFDIR/sites-available/000-$FQDN.conf"
+        if [ ! -f "$CONFDIR/sites-available/000-$FQDN.conf" ] || [ $RET -eq 0 ]; then

             if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
                 install_vhost -d -r www.$DOMAIN default $FQDN 000-$FQDN
             else
             if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
                 install_vhost -d -r www.$DOMAIN default $FQDN 000-$FQDN
             else

@@ -446,20 +564,20 @@ if [ -z "$2" ]; then
             need_restart=1
         fi
 
             need_restart=1
         fi
 

-        chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
-        if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then
+        chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN.conf"
+        if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN.conf" ] || [ $RET -eq 0 ]; then

             install_vhost default www.$DOMAIN www.$DOMAIN
             need_restart=1
         fi
     else
 
         # No WWW VirtualHost.
             install_vhost default www.$DOMAIN www.$DOMAIN
             need_restart=1
         fi
     else
 
         # No WWW VirtualHost.

-        if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
-            cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
+        if [ -f "$CONFDIR/sites-available/000-$FQDN.conf" ]; then
+            cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/000-$FQDN.conf

         fi
 
         fi
 

-        chk_conf_tag "$CONFDIR/sites-available/$FQDN"
-        if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
+        chk_conf_tag "$CONFDIR/sites-available/000-$FQDN.conf"
+        if [ ! -f "$CONFDIR/sites-available/000-$FQDN.conf" ] || [ $RET -eq 0 ]; then

             if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
                 install_vhost -d -r $FQDN default $FQDN 000-$FQDN
             else
             if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
                 install_vhost -d -r $FQDN default $FQDN 000-$FQDN
             else

@@ -475,13 +593,13 @@ fi
 #
 if [ $has_listen_ssl -eq 0 ]; then
 
 #
 if [ $has_listen_ssl -eq 0 ]; then
 

-    if [ -f "$CONFDIR/sites-available/ssl" ]; then
-        cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/ssl
+    if [ -f "$CONFDIR/sites-available/001-ssl.conf" ]; then
+        cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/001-ssl.conf

     fi
 
     # No active SSL VirtualHosts found - add new one.
     fi
 
     # No active SSL VirtualHosts found - add new one.

-    chk_conf_tag "$CONFDIR/sites-available/ssl"
-    if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 ]; then
+    chk_conf_tag "$CONFDIR/sites-available/001-ssl.conf"
+    if [ ! -f "$CONFDIR/sites-available/001-ssl.conf" ] || [ $RET -eq 0 ]; then

 
         db_get apache2-cn/wwwhost || true
         if [ "$RET" = "true" ]; then
 
         db_get apache2-cn/wwwhost || true
         if [ "$RET" = "true" ]; then

@@ -498,12 +616,12 @@ fi
 #
 if [ $has_listen_ssl -eq 0 ]; then
 
 #
 if [ $has_listen_ssl -eq 0 ]; then
 

-    chk_conf_tag "${CONFDIR}/sites-available/ssl"
+    chk_conf_tag "${CONFDIR}/sites-available/001-ssl.conf"

     if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
 
         SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
         temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old"
     if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
 
         SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
         temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old"

-        cp ${CONFDIR}/sites-available/ssl $SSLTMP
+        cp ${CONFDIR}/sites-available/001-ssl.conf $SSLTMP

 
         # SSLCertificateFile
         cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \
 
         # SSLCertificateFile
         cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \

@@ -522,7 +640,7 @@ if [ $has_listen_ssl -eq 0 ]; then
             $SSLTMP || true
         fi
 
             $SSLTMP || true
         fi
 

-        cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl
+        cp_mv $SSLTMP ${CONFDIR}/sites-available/001-ssl.conf

 
         need_restart=1
 
 
         need_restart=1
 

@@ -552,6 +670,8 @@ if egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\
 
     cp_echo "CN: Fixing obsolete Include line in $CONF."
     CONFTMP=`mktemp $CONF.tmp.XXXXXX`
 
     cp_echo "CN: Fixing obsolete Include line in $CONF."
     CONFTMP=`mktemp $CONF.tmp.XXXXXX`

+    temp_files="${temp_files} ${CONFTMP}"
+

     sed -r "/^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$/Id" \
         "$CONF" > "$CONFTMP"
 
     sed -r "/^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$/Id" \
         "$CONF" > "$CONFTMP"
 

@@ -571,10 +691,10 @@ db_stop || true
 #
 if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then
     cp_echo "CN: Removing old AOSI configuration files for Apache2."
 #
 if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then
     cp_echo "CN: Removing old AOSI configuration files for Apache2."

+    rm -f $CONFDIR/conf.d/aosi-www.conf
+    rm -f $CONFDIR/conf.d/aosi.conf

     need_restart=1
 fi
     need_restart=1
 fi

-[ -e "$CONFDIR/conf.d/aosi-www.conf" ] && rm -f $CONFDIR/conf.d/aosi-www.conf
-[ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf

 
 
 # Restart Apache2 web server if needed.
 
 
 # Restart Apache2 web server if needed.

@@ -585,11 +705,11 @@ if [ $need_restart -eq 1 ]; then
     if apache2ctl configtest 2>/dev/null; then
 
         # Restart Apache2 web server.
     if apache2ctl configtest 2>/dev/null; then
 
         # Restart Apache2 web server.

-        invoke-rc.d apache2 restart || true
+        service apache2 reload || true

     else
 
         # Something is broken.
     else
 
         # Something is broken.

-        cp_echo "CN: Your Apache2 configuration seem to be broken."
+        cp_echo "CN: Your Apache2 configuration seems to be broken."

         cp_echo "CN: Please, check the service after the installation finishes!"
     fi
 fi
         cp_echo "CN: Please, check the service after the installation finishes!"
     fi
 fi

diff --git a/debian/postrm b/debian/postrm
index 5171fe3..325beea 100755 (executable)
--- a/debian/postrm
+++ b/debian/postrm
@@ -5,16 +5,6 @@ set -e
 # Debconf
 . /usr/share/debconf/confmodule
 
 # Debconf
 . /usr/share/debconf/confmodule
 

-# Include CARNet functions.
-. /usr/share/carnet-tools/functions.sh
-
-CONFDIR="/etc/apache2"
-sitesdir=${CONFDIR}/sites-available
-HOST=$(hostname -f)
-DOMAIN=$(hostname -d)
-sitefiles=
-
-

 case "$1" in
     purge)
         # continue below
 case "$1" in
     purge)
         # continue below

@@ -24,27 +14,45 @@ case "$1" in
         ;;
 esac
 
         ;;
 esac
 

-# Get CARNet config files in /etc/apache2/sites-available directory.
-if [ -d "${sitesdir}" ] && [ -n "$(ls ${sitesdir}/)" ]; then
-    for file in ${sitesdir}/*; do
-        if [ -f "$file" ]; then
-            if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then
-                site=`echo "$file" | sed 's/^\/.*\///'`
-                sitefiles="$sitefiles $site"
+CONFDIR="/etc/apache2"
+HOST=$(hostname -f)
+DOMAIN=$(hostname -d)
+
+# purge_conf()
+#
+#   Purge Apache2 configuration files located in specified directory.
+#
+purge_conf () {
+    local ctype dir file
+
+    ctype="$1"
+    dir="$2"
+
+    case "$ctype" in
+        site|conf)
+            # continue below
+            ;;
+        *)
+            return 1
+            ;;
+    esac
+
+    if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then
+        for file in ${dir}/*.conf; do
+            if [ -f "$file" ]; then
+                if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$file"; then
+                    a2dis$ctype -p -f -q "`basename "$file" .conf`" || exit $?
+                    rm -f "$file"
+                fi

             fi
             fi

-        fi
-    done
-fi
+        done
+    fi
+}

 
 

-# Remove our vhosts.
-if [ -n "$sitefiles" ]; then
-    for site in $sitefiles; do
-        if [ -e "$sitesdir/$site" ]; then
-            cp_echo "CN: Removing $site site configuration file."
-            rm -f $sitesdir/$site
-        fi
-    done
-fi
+# Configuration generated by this CARNet package.
+echo "CN: Purging $PKG configuration for Apache2."
+purge_conf site ${CONFDIR}/sites-available
+purge_conf conf ${CONFDIR}/conf-available

 
 # Remove default DocumentRoot if there's only a one line index.html there
 docroots="/var/www/$HOST /var/www/www.$DOMAIN"
 
 # Remove default DocumentRoot if there's only a one line index.html there
 docroots="/var/www/$HOST /var/www/www.$DOMAIN"

@@ -54,7 +62,7 @@ if [ -d "/var/www" ]; then
         if [ -d $docroot ]; then
             if [ "x$(echo ${docroot}/*)" = "x${docroot}/index.html" ]; then
                 if [ "$(wc -l ${docroot}/index.html | awk '{print $1}')" -eq 1 ]; then
         if [ -d $docroot ]; then
             if [ "x$(echo ${docroot}/*)" = "x${docroot}/index.html" ]; then
                 if [ "$(wc -l ${docroot}/index.html | awk '{print $1}')" -eq 1 ]; then

-                    cp_echo "CN: Removing document root directory ${docroot}."
+                    echo "CN: Removing document root directory ${docroot}."

                     rm -f $docroot/index.html
                     rmdir $docroot || true
                 fi
                     rm -f $docroot/index.html
                     rmdir $docroot || true
                 fi

@@ -63,24 +71,6 @@ if [ -d "/var/www" ]; then
     done
 fi
 
     done
 fi
 

-# Remove CARNet specific configuration.
-if [ -d "${CONFDIR}/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then
-    cp_echo "CN: Disabling CARNet specific configuration."
-    for file in ${CONFDIR}/conf.d/*; do
-        if [ -f "$file" ]; then
-            if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then
-                rm -f $file
-            fi
-        fi
-    done
-fi
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-

 #DEBHELPER#
 
 #DEBHELPER#
 

-# Mail root
-cp_mail "apache2-cn"
-

 exit 0
 exit 0

diff --git a/debian/prerm b/debian/prerm
index d35ba4f..d4b99f1 100755 (executable)
--- a/debian/prerm
+++ b/debian/prerm
@@ -2,71 +2,59 @@
 
 set -e
 
 
 set -e
 

-# Include CARNet functions.
-. /usr/share/carnet-tools/functions.sh
-
+PKG=apache2-cn

 CONFDIR="/etc/apache2"
 CONFDIR="/etc/apache2"

-sitesendir=${CONFDIR}/sites-enabled
-sites=
-
-
-case "$1" in
-    remove|deconfigure)

 
 

-        # Get CARNet config files in /etc/apache2/sites-enabled directory.
-        if [ -d "${sitesendir}" ] && [ -n "$(ls ${sitesendir}/)" ]; then
-
-            for file in ${sitesendir}/*; do
-                if [ -f "$file" ]; then
-                    if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then
-                        site=`echo "$file" | sed 's/^\/.*\///'`
-                        sites="$sites $site"
-                    fi
+need_restart=0
+
+# disable_conf()
+#
+#   Disable Apache2 configuration files located in specified directory.
+#
+disable_conf () {
+    local ctype dir file
+
+    ctype="$1"
+    dir="$2"
+
+    case "$ctype" in
+        site|conf)
+            # continue below
+            ;;
+        *)
+            return 1
+            ;;
+    esac
+
+    if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then
+        for file in ${dir}/*.conf; do
+            if [ -f "$file" ]; then
+                if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$file"; then
+                    a2dis$ctype -m -f -q "`basename "$file" .conf`"
+                    need_restart=1

                 fi
                 fi

-            done
-        fi
-
-        # Deconfigure our web sites, do nothing else
-        if [ -n "$sites" ]; then
-            for site in $sites; do
+            fi
+        done
+    fi
+}

 
 

-                if [ -e "$sitesendir/$site" ]; then
+if [ "$1" = "remove" ] || [ "$1" = "deconfigure" ]; then

 
 

-                    cp_echo "CN: Disabling $site site configuration."
-                    rm -f $sitesendir/$site
-                fi
-            done
-        fi
+    echo "CN: Disabling $PKG configuration for Apache2."
+    disable_conf site ${CONFDIR}/sites-enabled
+    disable_conf conf ${CONFDIR}/conf-enabled

 
 

-        if [ -f "${CONFDIR}/sites-available/default" ]; then
-            cp_echo "CN: Enabling default site configuration for Apache2 web server."
-            a2ensite default >/dev/null || true
-        fi
+    echo "CN: Enabling default site configuration for Apache2 web server."
+    a2ensite -m -q 000-default && need_restart=1

 
 

-        # Restart Apache2 web server.
+    if [ $need_restart -eq 1 ]; then

         if apache2ctl configtest 2>/dev/null; then
         if apache2ctl configtest 2>/dev/null; then

-
-            # Restart Apache2 web server.
-            invoke-rc.d apache2 restart || true
+            service apache2 reload || true

         else
         else

-
-            # Something is broken.
-                cp_echo "CN: Your Apache2 configuration seem to be broken."
-                cp_echo "CN: Please, check the service configuration!"
+            echo "Your Apache2 configuration seems to be broken."

         fi
         fi

-
-        # Mail root
-        cp_mail "apache2-cn"
-        ;;
-    upgrade)
-        ;;
-    failed-upgrade)
-        ;;
-    *)
-        echo "prerm called with unknown argument \`$1'" >&2
-        exit 0
-        ;;
-esac
+    fi
+fi

 
 #DEBHELPER#
 
 
 #DEBHELPER#