From efcba04e69e03fa428d417afac63b38073852eaf Mon Sep 17 00:00:00 2001 From: Dragan Dosen Date: Fri, 22 Jul 2016 00:52:31 +0200 Subject: [PATCH] Prva inacica paketa za Debian jessie distribuciju. --- README.CARNet | 5 +- carnet-generate-ssl | 16 +-- debian/changelog | 16 +++ debian/compat | 2 +- debian/config | 9 +- debian/control | 8 +- debian/copyright | 2 +- debian/postinst | 324 +++++++++++++++++++++++++++++++++++---------------- debian/postrm | 86 ++++++-------- debian/prerm | 98 +++++++--------- 10 files changed, 340 insertions(+), 226 deletions(-) diff --git a/README.CARNet b/README.CARNet index 1ad99a8..8db1809 100644 --- a/README.CARNet +++ b/README.CARNet @@ -2,7 +2,7 @@ apache2-cn ~~~~~~~~~~ Ovaj paket donosi CARNetovu dodatnu konfiguraciju za apache2 paket -iz Debian wheezy distribucije. +iz Debian jessie distribucije. Paket dodaje VirtualHost zapise za sljedece webove: @@ -23,6 +23,7 @@ biti postavljen u: Apache2 moduli koji su automatski ukljuceni: + * prefork MPM * PHP5 * SSL * rewrite @@ -30,4 +31,4 @@ Apache2 moduli koji su automatski ukljuceni: * suexec * CGI - -- Dragan Dosen Tue, 13 Aug 2013 10:20:06 +0200 + -- Dragan Dosen Sat, 30 Apr 2016 13:21:01 +0200 diff --git a/carnet-generate-ssl b/carnet-generate-ssl index 9a17f02..d3976ee 100755 --- a/carnet-generate-ssl +++ b/carnet-generate-ssl @@ -71,7 +71,7 @@ emailAddress = $WEBMASTER EOF - openssl req -config $TMPFILE -new -key ${SSLKEYDIR}/apache2-ca.key -out ${SSLKEYDIR}/apache2-ca.csr + openssl req -sha256 -config $TMPFILE -new -key ${SSLKEYDIR}/apache2-ca.key -out ${SSLKEYDIR}/apache2-ca.csr fi if [ ! -f ${SSLCRTDIR}/apache2-ca.pem ] || [ -n "$KEYS" ]; then @@ -85,14 +85,14 @@ nsComment = "CARNet apache2-cn package generated custom CA certificate" nsCertType = sslCA EOT - openssl x509 -extfile $TMPFILE -days 3651 -signkey ${SSLKEYDIR}/apache2-ca.key \ + openssl x509 -sha256 -extfile $TMPFILE -days 3651 -signkey ${SSLKEYDIR}/apache2-ca.key \ -in ${SSLKEYDIR}/apache2-ca.csr -req -out ${SSLCRTDIR}/apache2-ca.pem KEYS="${KEYS} - ${SSLCRTDIR}/apache2-ca.pem" fi -mod1=`openssl x509 -noout -modulus -in ${SSLCRTDIR}/apache2-ca.pem` +mod1=`openssl x509 -sha256 -noout -modulus -in ${SSLCRTDIR}/apache2-ca.pem` mod2=`openssl rsa -noout -modulus -in ${SSLKEYDIR}/apache2-ca.key` if [ "$mod1" != "$mod2" ]; then @@ -101,7 +101,7 @@ if [ "$mod1" != "$mod2" ]; then fi cd ${SSLCRTDIR} -ln -sf apache2-ca.pem $(openssl x509 -hash -noout -in apache2-ca.pem) +ln -sf apache2-ca.pem $(openssl x509 -sha256 -hash -noout -in apache2-ca.pem) # Generate server certificate @@ -112,13 +112,13 @@ echo 01 > "$TMPFILE2" sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \ < $A2CNDIR/templates/openssl.cnf > "$TMPFILE" -openssl req -config "$TMPFILE" -new -nodes \ +openssl req -sha256 -config "$TMPFILE" -new -nodes \ -key ${SSLKEYDIR}/apache2.key -out ${SSLKEYDIR}/apache2.csr -openssl x509 -extfile "$TMPFILE" -days 3650 \ +openssl x509 -sha256 -extfile "$TMPFILE" -days 3650 \ -CAserial "$TMPFILE2" -CA ${SSLCRTDIR}/apache2-ca.pem -CAkey ${SSLKEYDIR}/apache2-ca.key \ -in ${SSLKEYDIR}/apache2.csr -req -out ${SSLCRTDIR}/apache2.pem -mod1=`openssl x509 -noout -modulus -in ${SSLCRTDIR}/apache2.pem` +mod1=`openssl x509 -sha256 -noout -modulus -in ${SSLCRTDIR}/apache2.pem` mod2=`openssl rsa -noout -modulus -in ${SSLKEYDIR}/apache2.key` if [ "$mod1" != "$mod2" ]; then @@ -132,7 +132,7 @@ KEYS="${KEYS} - ${SSLKEYDIR}/apache2.key" cd ${SSLCRTDIR} -ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem) +ln -sf apache2.pem $(openssl x509 -sha256 -hash -noout -in apache2.pem) # Fix file access permissions. diff --git a/debian/changelog b/debian/changelog index 55bf11d..8026cd0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,19 @@ +apache2-cn (2.4.10+1) stable; urgency=low + + * Prva inacica paketa za Debian jessie distribuciju. + * Azurirane ovisnosti unutar debian/control. + * Migracija konfiguracije za Apache2 iz /etc/apache2/conf.d/ direktorija + u direktorij /etc/apache2/conf-available/. + * Preimenovanje konfiguracijskih datoteka da sadrze .conf ekstenziju. + * Azuriranje IncludeOptional linija unutar konfiguracijske datoteke + /etc/apache2/apache2.conf - ucitavanje konfiguracijskih datoteka + sa .conf ekstenzijom, ostale se ignoriraju. + * Izmijenjene metode za aktivaciju i deaktivaciju konfiguracijskih + datoteka za Apache2. + * Koristi SHA-256 prilikom generiranja SSL certifikata. + + -- Dragan Dosen Sat, 30 Apr 2016 13:21:01 +0200 + apache2-cn (2.2.22+1) stable; urgency=low * Prva inacica paketa za Debian wheezy distribuciju. diff --git a/debian/compat b/debian/compat index 45a4fb7..ec63514 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -8 +9 diff --git a/debian/config b/debian/config index d2ae8b4..831ea0e 100755 --- a/debian/config +++ b/debian/config @@ -27,12 +27,11 @@ DOMAIN=$(hostname -d) # Check for existing SSL VirtualHosts. # has_listen_ssl=0 - -if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then - listen_ssl_mask=$CONFDIR/conf.d/* +if [ -d "$CONFDIR/conf-enabled" ] && [ -n "$(ls -A $CONFDIR/conf-enabled/)" ]; then + listen_ssl_mask=$CONFDIR/conf-enabled/*.conf fi -if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then - listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/* +if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls -A $CONFDIR/sites-enabled/)" ]; then + listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*.conf fi for file in $CONF $listen_ssl_mask; do diff --git a/debian/control b/debian/control index cf71a49..d7960af 100644 --- a/debian/control +++ b/debian/control @@ -2,12 +2,13 @@ Source: apache2-cn Section: httpd Priority: optional Maintainer: Dragan Dosen -Build-Depends: debhelper (>= 8.0.0), po-debconf -Standards-Version: 3.9.3 +Build-Depends: debhelper (>> 9), po-debconf +Standards-Version: 3.9.6 +Homepage: http://httpd.apache.org/ Package: apache2-cn Architecture: all -Depends: apache2-mpm-prefork (>= 2.2.22-13), apache2 (>= 2.2.22-13), apache2-suexec (>= 2.2.22-13), apache2 (<< 2.3), php5-cn (>= 5.3.3+1), carnet-tools-cn (>= 3.0.4), ssl-cert, procps, debconf (>= 0.5) | debconf-2.0, postfix | mail-transport-agent, ${misc:Depends} +Depends: apache2 (>= 2.4.10-10+deb8u5), apache2-suexec-pristine (>= 2.4.10-10+deb8u5), php5-cn (>= 5.4.4+4), carnet-tools-cn (>= 3.1.0), ssl-cert, procps, debconf (>= 1.5.56), postfix | mail-transport-agent, ${misc:Depends} Suggests: mod-security-cn, apache2-doc, ca-certificates, monit-cn Description: Apache HTTP Server - traditional non-threaded model Each Apache Multi-Processing Module provides a different "flavor" of @@ -23,4 +24,3 @@ Description: Apache HTTP Server - traditional non-threaded model . This is a CARNet Debian package which configures a simple https enabled web service with PHP5. -Homepage: http://httpd.apache.org/ diff --git a/debian/copyright b/debian/copyright index dd9254d..235dba3 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,4 +1,4 @@ -Copyright 2013 CARNet +Copyright 2013-2016 CARNet You are free to distribute this software package under the terms of the GNU General Public License. diff --git a/debian/postinst b/debian/postinst index 1d09c19..ebebc6b 100755 --- a/debian/postinst +++ b/debian/postinst @@ -27,15 +27,13 @@ esac . /usr/share/carnet-tools/functions.sh PKG="apache2-cn" -VERSION="2.2.22+1" +VERSION="2.4.10+1" CONFDIR="/etc/apache2" CONF="$CONFDIR/apache2.conf" -A2MODEDIR="$CONFDIR/mods-enabled" PORTCONF="$CONFDIR/ports.conf" A2CNDIR=/usr/share/apache2-cn TMPLDIR=$A2CNDIR/templates CERTDIR=/etc/ssl/certs -A2PHPINI="/etc/php5/apache2/php.ini" HOST=$(hostname) FQDN=$(hostname --fqdn) @@ -43,7 +41,6 @@ WEBMASTER="webmaster@$FQDN" DOMAIN=$(hostname -d) BACKUPDIR="/var/backups/apache2-cn" -backup_done=0 need_restart=0 apache2_sslcf= apache2_sslckf= @@ -150,17 +147,18 @@ listen_ssl() { # install_conf() { conftmpl="$A2CNDIR/$1.conf" - conf="$CONFDIR/conf.d/$2.conf" + conf="$CONFDIR/conf-available/$2.conf" if [ ! -e "$conf" ]; then - - cp_echo "CN: Enabling CARNet specific configuration." + cp_echo "CN: Generating CARNet specific configuration." cp "$conftmpl" "$conf" - - need_restart=1 else cp_echo "CN: $conf already exists, left untouched." 1>&2 fi + + cp_echo "CN: Enabling CARNet specific configuration." + a2enconf -m -q "$2" + need_restart=1 } # install_vhost() @@ -177,8 +175,9 @@ install_conf() { # -n - set ServerName # -s X - symlink DocumentRoot to X (all in /var/www) # -# site - name of file in sites-available, host part of ServerName unless -r or -n is used -# site-enabled-symlink - name of symlink in sites-enabled +# site - host part of ServerName unless -r or -n is used +# site-enabled-symlink - name of file/symlink in sites-available/sites-enabled +# (without .conf suffix) # install_vhost() { add_namevirthost= @@ -220,7 +219,8 @@ install_vhost() { vhosttmpl="$1.template" vhost="$2" - venabled="$3" + vsite="$3" + venabled="$3.conf" [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}') force_vhost= @@ -243,10 +243,10 @@ install_vhost() { # - adding is forced OR # - it doesn't exist # - if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$vhost" -a ! -e "$venabledir/$venabled" \) ]; then + if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$venabled" -a ! -e "$venabledir/$venabled" \) ]; then cp_echo "CN: Adding $vhost VirtualHost." - out=$(mktemp $vhostdir/$vhost.XXXXXX) + out=$(mktemp $vhostdir/$venabled.XXXXXX) temp_files="${temp_files} ${out}" # CARNet header. @@ -260,9 +260,9 @@ install_vhost() { sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g; s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out - cp_mv $out $vhostdir/$vhost - chmod 644 $vhostdir/$vhost - ln -fs ../sites-available/$vhost $venabledir/$venabled + cp_mv $out $vhostdir/$venabled + chmod 644 $vhostdir/$venabled + a2ensite -m -q "$vsite" if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then mkdir "$docroot" @@ -275,84 +275,205 @@ install_vhost() { fi } +# backup_conf() +# +# Backup configuration files located in specified directory. +# +backup_conf () { + local dir file backup_dir + + dir="$1" + + if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then + cp_echo "CN: Doing backup for all files in $dir" + for file in ${dir}/*; do + if [ -f "$file" ]; then + if [ -z "$(echo $file | egrep '^/.*~')" ]; then + backup_dir="$BACKUPDIR/$(basename $(dirname "$file"))" + cp_backup_conffile -d "$backup_dir" -p "$file" + fi + fi + done + fi +} + +# move_conf() +# +# Move configuration files from one directory to another. The .conf suffix +# will be added. Will try to enable the configuration if -e is specified. +# +move_conf () { + local toenable ctype dir newdir file newfile + + if [ "$1" = "-e" ]; then + toenable="$1" + shift + fi + + ctype="$1" + dir="$2" + newdir="$3" + + case "$ctype" in + site|conf) + # continue below + ;; + *) + return 1 + ;; + esac + + if [ -z "$newdir" ]; then + newdir="$dir" + fi + + if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then + mkdir -p "$newdir" + for file in ${dir}/*; do + newfile="${newdir}/$(basename "$file" .conf).conf" + if [ ! -e "$newfile" ]; then + cp_echo "CN: Preserving changes to $newfile (renamed from $file)." + cp_mv "$file" "$newfile" + if [ -n "$toenable" ]; then + cp_echo "CN: Enabling configuration $newfile" + a2en$ctype -m -q "$(basename "$newfile" .conf)" || true + fi + need_restart=1 + fi + done + fi +} + +# rename_conf() +# +# Append the .conf suffix to all configuration files located in specified +# available and enabled directories. Updated symlinks if necessary. +# +# +rename_conf () { + local ctype adir edir afile efile newfile + + ctype="$1" + adir="$2" + edir="$3" + + case "$ctype" in + site|conf) + # continue below + ;; + *) + return 1 + ;; + esac + + if [ -d "${edir}" ] && [ -n "$(ls -A ${edir}/)" ]; then + mkdir -p "$adir" + for efile in ${edir}/*; do + [ ! -e "${edir}/$(basename "$efile" .conf).conf" ] || continue + + afile="$(readlink -q -m "$efile")" + + [ "$(dirname "$afile")" = "$adir" ] || continue + [ "$(basename "$afile" .conf)" = "$(basename "$efile" .conf)" ] || continue + + newfile="${adir}/$(basename "$afile" .conf).conf" + [ ! -e "$newfile" ] || continue + + cp_echo "CN: Preserving changes to $newfile (renamed from $afile)." + cp_mv "$afile" "$newfile" + + cp_echo "CN: Removing obsolete symlink $efile" + rm -f "$efile" + + cp_echo "CN: Enabling configuration $newfile" + a2en$ctype -m -q "$(basename "$newfile" .conf)" || true + need_restart=1 + done + fi +} + # Set trap for deleting all temp files. # trap cleanup 0 1 2 15 -# Backup all configuration located in /etc/apache2/conf.d/ and -# /etc/apache2/sites-available/ directories. +# Backup all configuration located in /etc/apache2/conf.d/, +# /etc/apache2/conf-available/ and /etc/apache2/sites-available/ +# directories. # if [ -e "$CONF" ]; then cp_echo "CN: Doing backup for $CONF" cp_backup_conffile -d $BACKUPDIR -p $CONF - backup_done=1 fi -if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then - cp_echo "CN: Doing backup for all files in /etc/apache2/conf.d/" - for file in /etc/apache2/conf.d/*; do - if [ -z "$(echo $file | egrep '^/.*~')" ]; then - cp_backup_conffile -d $BACKUPDIR -p $file - fi - done - backup_done=1 -fi -if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls ${CONFDIR}/sites-available/)" ]; then - cp_echo "CN: Doing backup for all files in /etc/apache2/sites-available/" - for file in /etc/apache2/sites-available/*; do - if [ -z "$(echo $file | egrep '^/.*~')" ]; then - cp_backup_conffile -d $BACKUPDIR -p $file - fi - done - backup_done=1 + +backup_conf $CONFDIR/conf.d +backup_conf $CONFDIR/conf-available +backup_conf $CONFDIR/sites-available + +cp_echo "CN: Backup is located in directory: $BACKUPDIR/" + + +# Enable Apache2 web server modules (mpm_prefork, cgi, rewrite, userdir, suexec, php5, ssl). +# +if [ -e "$CONF" ]; then + cp_echo "CN: Enabling the prefork Apache2 MPM." + if [ "$(a2query -M || true)" != "prefork" ]; then + a2dismod -m -q "mpm_$(a2query -M || true)" + a2enmod -m -q mpm_prefork + fi + + cp_echo "CN: Enabling required Apache2 web server modules." + a2enmod -m -q cgi + a2enmod -m -q rewrite + a2enmod -m -q userdir + a2enmod -m -q suexec + a2enmod -m -q php5 + a2enmod -m -q ssl fi -if [ $backup_done -eq 1 ]; then - cp_echo "CN: Backup is located in directory: $BACKUPDIR/" + + +# Make sure configuration files have the .conf suffix. Move them +# to appropriate locations. +# +if [ -d "$CONFDIR/conf.d" ]; then + cp_echo "CN: Obsolete configuration directory $CONFDIR/conf.d/ found." + move_conf -e conf $CONFDIR/conf.d $CONFDIR/conf-available fi +rename_conf site $CONFDIR/sites-available $CONFDIR/sites-enabled + -# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl). +# Check and add IncludeOptional lines to /etc/apache2/apache2.conf: +# +# IncludeOptional conf-enabled/*.conf +# IncludeOptional sites-enabled/*.conf # if [ -e "$CONF" ]; then - if [ ! -e "$A2MODEDIR/cgi.load" ]; then - cp_echo "CN: Enabling CGI module for Apache2 web server." - a2enmod cgi >/dev/null || true - need_restart=1 - fi + cp_echo "CN: Checking IncludeOptional lines in $CONF" - if [ ! -e "$A2MODEDIR/rewrite.load" ]; then - cp_echo "CN: Enabling rewrite module for Apache2 web server." - a2enmod rewrite >/dev/null || true - need_restart=1 - fi + CONFTMP=`mktemp $CONF.tmp.XXXXXX` + temp_files="${temp_files} ${CONFTMP}" + cp "$CONF" "$CONFTMP" - if [ ! -e "$A2MODEDIR/userdir.load" ] || [ ! -e "$A2MODEDIR/userdir.conf" ]; then - cp_echo "CN: Enabling userdir module for Apache2 web server." - a2enmod userdir >/dev/null || true - need_restart=1 - fi + sed -r -i 's#^[[:space:]]*Include(Optional)?[[:space:]]+(/etc/apache2/)?conf\.d(/)?$#IncludeOptional conf-enabled/\*\.conf#I' \ + "$CONFTMP" + sed -r -i 's#^[[:space:]]*Include(Optional)?[[:space:]]+(/etc/apache2/)?sites-enabled(/)?$#IncludeOptional sites-enabled/\*\.conf#I' \ + "$CONFTMP" - if [ ! -e "$A2MODEDIR/suexec.load" ]; then - cp_echo "CN: Enabling SUEXEC module for Apache2 web server." - a2enmod suexec >/dev/null || true - need_restart=1 + if ! egrep -iq "^[[:space:]]*IncludeOptional[[:space:]]+conf-enabled/\*\.conf$" "$CONFTMP"; then + echo 'IncludeOptional conf-enabled/*.conf' >> "$CONFTMP" fi - - if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then - if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then - cp_echo "CN: Enabling PHP5 module for Apache2 web server." - a2enmod php5 >/dev/null || true - need_restart=1 - fi + if ! egrep -iq "^[[:space:]]*IncludeOptional[[:space:]]+sites-enabled/\*\.conf$" "$CONFTMP"; then + echo 'IncludeOptional sites-enabled/*.conf' >> "$CONFTMP" fi - if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then - cp_echo "CN: Enabling SSL module for Apache2 web server." - a2enmod ssl >/dev/null || true + if ! cmp -s "$CONFTMP" "$CONF"; then + cp_mv "$CONFTMP" "$CONF" need_restart=1 fi + rm -f "$CONFTMP" fi @@ -367,22 +488,19 @@ listen_ssl # Disable default site configuration. # if [ -e "$CONF" ]; then - if [ -e "$CONFDIR/sites-enabled/000-default" ]; then - cp_echo "CN: Disabling 000-default site configuration." - a2dissite 000-default >/dev/null || true - - need_restart=1 - fi + cp_echo "CN: Disabling default site configuration." + a2dissite -m -f -q 000-default || true + need_restart=1 fi # Apache2 SSL certificate. # -if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then - listen_ssl_mask=$CONFDIR/conf.d/* +if [ -d "$CONFDIR/conf-enabled" ] && [ -n "$(ls -A $CONFDIR/conf-enabled/)" ]; then + listen_ssl_mask=$CONFDIR/conf-enabled/*.conf fi -if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then - listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/* +if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls -A $CONFDIR/sites-enabled/)" ]; then + listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*.conf fi for file in $CONF $listen_ssl_mask; do @@ -429,15 +547,15 @@ if [ -z "$2" ]; then if [ "$RET" = "true" ]; then # Add WWW VirtualHost. - if [ -f "$CONFDIR/sites-available/$FQDN" ]; then - cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN + if [ -f "$CONFDIR/sites-available/000-$FQDN.conf" ]; then + cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/000-$FQDN.conf fi - if [ -f "$CONFDIR/sites-available/www.$DOMAIN" ]; then - cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/www.$DOMAIN + if [ -f "$CONFDIR/sites-available/www.$DOMAIN.conf" ]; then + cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/www.$DOMAIN.conf fi - chk_conf_tag "$CONFDIR/sites-available/$FQDN" - if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then + chk_conf_tag "$CONFDIR/sites-available/000-$FQDN.conf" + if [ ! -f "$CONFDIR/sites-available/000-$FQDN.conf" ] || [ $RET -eq 0 ]; then if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then install_vhost -d -r www.$DOMAIN default $FQDN 000-$FQDN else @@ -446,20 +564,20 @@ if [ -z "$2" ]; then need_restart=1 fi - chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN" - if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then + chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN.conf" + if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN.conf" ] || [ $RET -eq 0 ]; then install_vhost default www.$DOMAIN www.$DOMAIN need_restart=1 fi else # No WWW VirtualHost. - if [ -f "$CONFDIR/sites-available/$FQDN" ]; then - cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN + if [ -f "$CONFDIR/sites-available/000-$FQDN.conf" ]; then + cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/000-$FQDN.conf fi - chk_conf_tag "$CONFDIR/sites-available/$FQDN" - if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then + chk_conf_tag "$CONFDIR/sites-available/000-$FQDN.conf" + if [ ! -f "$CONFDIR/sites-available/000-$FQDN.conf" ] || [ $RET -eq 0 ]; then if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then install_vhost -d -r $FQDN default $FQDN 000-$FQDN else @@ -475,13 +593,13 @@ fi # if [ $has_listen_ssl -eq 0 ]; then - if [ -f "$CONFDIR/sites-available/ssl" ]; then - cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/ssl + if [ -f "$CONFDIR/sites-available/001-ssl.conf" ]; then + cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/001-ssl.conf fi # No active SSL VirtualHosts found - add new one. - chk_conf_tag "$CONFDIR/sites-available/ssl" - if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 ]; then + chk_conf_tag "$CONFDIR/sites-available/001-ssl.conf" + if [ ! -f "$CONFDIR/sites-available/001-ssl.conf" ] || [ $RET -eq 0 ]; then db_get apache2-cn/wwwhost || true if [ "$RET" = "true" ]; then @@ -498,12 +616,12 @@ fi # if [ $has_listen_ssl -eq 0 ]; then - chk_conf_tag "${CONFDIR}/sites-available/ssl" + chk_conf_tag "${CONFDIR}/sites-available/001-ssl.conf" if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX) temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old" - cp ${CONFDIR}/sites-available/ssl $SSLTMP + cp ${CONFDIR}/sites-available/001-ssl.conf $SSLTMP # SSLCertificateFile cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \ @@ -522,7 +640,7 @@ if [ $has_listen_ssl -eq 0 ]; then $SSLTMP || true fi - cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl + cp_mv $SSLTMP ${CONFDIR}/sites-available/001-ssl.conf need_restart=1 @@ -552,6 +670,8 @@ if egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\ cp_echo "CN: Fixing obsolete Include line in $CONF." CONFTMP=`mktemp $CONF.tmp.XXXXXX` + temp_files="${temp_files} ${CONFTMP}" + sed -r "/^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$/Id" \ "$CONF" > "$CONFTMP" @@ -571,10 +691,10 @@ db_stop || true # if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then cp_echo "CN: Removing old AOSI configuration files for Apache2." + rm -f $CONFDIR/conf.d/aosi-www.conf + rm -f $CONFDIR/conf.d/aosi.conf need_restart=1 fi -[ -e "$CONFDIR/conf.d/aosi-www.conf" ] && rm -f $CONFDIR/conf.d/aosi-www.conf -[ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf # Restart Apache2 web server if needed. @@ -585,11 +705,11 @@ if [ $need_restart -eq 1 ]; then if apache2ctl configtest 2>/dev/null; then # Restart Apache2 web server. - invoke-rc.d apache2 restart || true + service apache2 reload || true else # Something is broken. - cp_echo "CN: Your Apache2 configuration seem to be broken." + cp_echo "CN: Your Apache2 configuration seems to be broken." cp_echo "CN: Please, check the service after the installation finishes!" fi fi diff --git a/debian/postrm b/debian/postrm index 5171fe3..325beea 100755 --- a/debian/postrm +++ b/debian/postrm @@ -5,16 +5,6 @@ set -e # Debconf . /usr/share/debconf/confmodule -# Include CARNet functions. -. /usr/share/carnet-tools/functions.sh - -CONFDIR="/etc/apache2" -sitesdir=${CONFDIR}/sites-available -HOST=$(hostname -f) -DOMAIN=$(hostname -d) -sitefiles= - - case "$1" in purge) # continue below @@ -24,27 +14,45 @@ case "$1" in ;; esac -# Get CARNet config files in /etc/apache2/sites-available directory. -if [ -d "${sitesdir}" ] && [ -n "$(ls ${sitesdir}/)" ]; then - for file in ${sitesdir}/*; do - if [ -f "$file" ]; then - if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then - site=`echo "$file" | sed 's/^\/.*\///'` - sitefiles="$sitefiles $site" +CONFDIR="/etc/apache2" +HOST=$(hostname -f) +DOMAIN=$(hostname -d) + +# purge_conf() +# +# Purge Apache2 configuration files located in specified directory. +# +purge_conf () { + local ctype dir file + + ctype="$1" + dir="$2" + + case "$ctype" in + site|conf) + # continue below + ;; + *) + return 1 + ;; + esac + + if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then + for file in ${dir}/*.conf; do + if [ -f "$file" ]; then + if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$file"; then + a2dis$ctype -p -f -q "`basename "$file" .conf`" || exit $? + rm -f "$file" + fi fi - fi - done -fi + done + fi +} -# Remove our vhosts. -if [ -n "$sitefiles" ]; then - for site in $sitefiles; do - if [ -e "$sitesdir/$site" ]; then - cp_echo "CN: Removing $site site configuration file." - rm -f $sitesdir/$site - fi - done -fi +# Configuration generated by this CARNet package. +echo "CN: Purging $PKG configuration for Apache2." +purge_conf site ${CONFDIR}/sites-available +purge_conf conf ${CONFDIR}/conf-available # Remove default DocumentRoot if there's only a one line index.html there docroots="/var/www/$HOST /var/www/www.$DOMAIN" @@ -54,7 +62,7 @@ if [ -d "/var/www" ]; then if [ -d $docroot ]; then if [ "x$(echo ${docroot}/*)" = "x${docroot}/index.html" ]; then if [ "$(wc -l ${docroot}/index.html | awk '{print $1}')" -eq 1 ]; then - cp_echo "CN: Removing document root directory ${docroot}." + echo "CN: Removing document root directory ${docroot}." rm -f $docroot/index.html rmdir $docroot || true fi @@ -63,24 +71,6 @@ if [ -d "/var/www" ]; then done fi -# Remove CARNet specific configuration. -if [ -d "${CONFDIR}/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then - cp_echo "CN: Disabling CARNet specific configuration." - for file in ${CONFDIR}/conf.d/*; do - if [ -f "$file" ]; then - if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then - rm -f $file - fi - fi - done -fi - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - #DEBHELPER# -# Mail root -cp_mail "apache2-cn" - exit 0 diff --git a/debian/prerm b/debian/prerm index d35ba4f..d4b99f1 100755 --- a/debian/prerm +++ b/debian/prerm @@ -2,71 +2,59 @@ set -e -# Include CARNet functions. -. /usr/share/carnet-tools/functions.sh - +PKG=apache2-cn CONFDIR="/etc/apache2" -sitesendir=${CONFDIR}/sites-enabled -sites= - - -case "$1" in - remove|deconfigure) - # Get CARNet config files in /etc/apache2/sites-enabled directory. - if [ -d "${sitesendir}" ] && [ -n "$(ls ${sitesendir}/)" ]; then - - for file in ${sitesendir}/*; do - if [ -f "$file" ]; then - if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then - site=`echo "$file" | sed 's/^\/.*\///'` - sites="$sites $site" - fi +need_restart=0 + +# disable_conf() +# +# Disable Apache2 configuration files located in specified directory. +# +disable_conf () { + local ctype dir file + + ctype="$1" + dir="$2" + + case "$ctype" in + site|conf) + # continue below + ;; + *) + return 1 + ;; + esac + + if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then + for file in ${dir}/*.conf; do + if [ -f "$file" ]; then + if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$file"; then + a2dis$ctype -m -f -q "`basename "$file" .conf`" + need_restart=1 fi - done - fi - - # Deconfigure our web sites, do nothing else - if [ -n "$sites" ]; then - for site in $sites; do + fi + done + fi +} - if [ -e "$sitesendir/$site" ]; then +if [ "$1" = "remove" ] || [ "$1" = "deconfigure" ]; then - cp_echo "CN: Disabling $site site configuration." - rm -f $sitesendir/$site - fi - done - fi + echo "CN: Disabling $PKG configuration for Apache2." + disable_conf site ${CONFDIR}/sites-enabled + disable_conf conf ${CONFDIR}/conf-enabled - if [ -f "${CONFDIR}/sites-available/default" ]; then - cp_echo "CN: Enabling default site configuration for Apache2 web server." - a2ensite default >/dev/null || true - fi + echo "CN: Enabling default site configuration for Apache2 web server." + a2ensite -m -q 000-default && need_restart=1 - # Restart Apache2 web server. + if [ $need_restart -eq 1 ]; then if apache2ctl configtest 2>/dev/null; then - - # Restart Apache2 web server. - invoke-rc.d apache2 restart || true + service apache2 reload || true else - - # Something is broken. - cp_echo "CN: Your Apache2 configuration seem to be broken." - cp_echo "CN: Please, check the service configuration!" + echo "Your Apache2 configuration seems to be broken." fi - - # Mail root - cp_mail "apache2-cn" - ;; - upgrade) - ;; - failed-upgrade) - ;; - *) - echo "prerm called with unknown argument \`$1'" >&2 - exit 0 - ;; -esac + fi +fi #DEBHELPER# -- 1.7.10.4