X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=mod-security-cn.git;a=blobdiff_plain;f=debian%2Fpostinst;h=2f61213ca9a3f8dd757696e66103923263400b46;hp=02d680dd0e7dea823de8726c9f72a78cb1dcc2d9;hb=d6d471ca8237b76920e6c78385214ffe26ce6dc6;hpb=ec48dc950b35445e2c742e644d62e4fc5425705a

diff --git a/debian/postinst b/debian/postinst
index 02d680d..2f61213 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -29,18 +29,31 @@ esac
 PKG="mod-security-cn"
 A2DIR="/etc/apache2"
 CONF="$A2DIR/apache2.conf"
-CONFDIR="$A2DIR/conf.d"
-A2MODEDIR="$A2DIR/mods-enabled"
+CONFDIR="$A2DIR/conf-available"
 MODSECDIR="$A2DIR/mod-security"
 MODSECCONF="$MODSECDIR/mod-security-cn.conf"
 MODSECRBL="$MODSECDIR/rbl_lookup.conf"
-MODSECLNK="$CONFDIR/$(basename $MODSECCONF)"
+MODSECLNK="$CONFDIR/security2-cn.conf"
 MODSECTPL="/usr/share/mod-security-cn"
 
 temp_files=
-need_restart=0
 
 
+if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
+    . /usr/share/apache2/apache2-maintscript-helper
+
+    modsecurity_enable() {
+        cp_echo "CN: Enabling $PKG configuration for Apache2."
+        return 0
+    }
+else
+    cp_echo "CN: Could not load Apache 2.4 maintainer script helper."
+
+    modsecurity_enable() {
+        return 1
+    }
+fi
+
 # cleanup()
 #
 #   Cleanup all temp files or directories.
@@ -84,22 +97,10 @@ chk_conf_tag () {
 trap cleanup 0 1 2 15
 
 
-# Enable ModSecurity and unique_id Apache2 modules.
+# Remove obsolete symbolic link.
 #
-if [ -e "$CONF" ]; then
-    # Enable mod-security.load
-    if [ ! -e "$A2MODEDIR/mod-security.load" ]; then
-        cp_echo "CN: Enabling ModSecurity module for Apache2 web server."
-        a2enmod mod-security >/dev/null || true
-        need_restart=1
-    fi
-
-    # Enable unique_id.load
-    if [ ! -e "$A2MODEDIR/unique_id.load" ]; then
-        cp_echo "CN: Enabling unique_id module for Apache2 web server."
-        a2enmod unique_id >/dev/null || true
-        need_restart=1
-    fi
+if [ "`readlink -q -m /etc/apache2/conf.d/$PKG.conf`" = "$MODSECCONF" ]; then
+    rm -f /etc/apache2/conf.d/$PKG.conf
 fi
 
 
@@ -109,7 +110,7 @@ fi
 chk_conf_tag "$MODSECCONF"
 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
 
-    # Create /etc/apache2/conf.d/ directory if missing.
+    # Create /etc/apache2/conf-available/ directory if missing.
     if [ ! -d "$CONFDIR" ]; then
         cp_echo "CN: Creating configuration directory $CONFDIR/"
         mkdir -p $CONFDIR/
@@ -134,12 +135,10 @@ if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
             if [ $RET -eq 1 ]; then
                 cp_echo "CN: Creating configuration file $MODSECRBL"
                 cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
-                need_restart=1
             else
                 if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then
                     cp_echo "CN: Updating configuration file $MODSECRBL"
                     cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
-                    need_restart=1
                 fi
             fi
         fi
@@ -152,13 +151,11 @@ if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
                 cp_echo "CN: Updating configuration file $MODSECCONF"
                 mv -f "$out" "$MODSECCONF"
                 cp_echo "CN: Enabled ModSecurity RBL lookup."
-                need_restart=1
             fi
         else
             cp_echo "CN: Creating configuration file $MODSECCONF"
             mv "$out" "$MODSECCONF"
             cp_echo "CN: Enabled ModSecurity RBL lookup."
-            need_restart=1
         fi
     else
 
@@ -171,20 +168,17 @@ if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
                 cp_echo "CN: Updating configuration file $MODSECCONF"
                 mv -f "$out" "$MODSECCONF"
                 cp_echo "CN: Disabled ModSecurity RBL lookup."
-                need_restart=1
             fi
         else
             cp_echo "CN: Creating configuration file $MODSECCONF"
             mv "$out" "$MODSECCONF"
             cp_echo "CN: Disabled ModSecurity RBL lookup."
-            need_restart=1
         fi
 
         chk_conf_tag "$MODSECRBL"
         if [ $RET -eq 0 ]; then
             cp_echo "CN: Removing configuration file $MODSECRBL"
             rm -f "$MODSECRBL"
-            need_restart=1
         fi
     fi
 
@@ -192,27 +186,19 @@ if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
 
     # Enable ModSecurity configuration.
     if [ ! -e "$MODSECLNK" ]; then
-        cp_echo "CN: Enabling ModSecurity configuration."
         ln -fs "$MODSECCONF" "$MODSECLNK"
-        need_restart=1
+    fi
+    if modsecurity_enable; then
+        apache2_invoke enmod security2
+        apache2_invoke enconf security2-cn
     fi
 fi
 
 db_stop || true
 
-
-# Restart Apache2 web server if needed.
-#
-if [ $need_restart -eq 1 ]; then
-
-    # Check Apache2 web server configuration.
-    if apache2ctl configtest 2>/dev/null; then
-        invoke-rc.d apache2 force-reload || true
-    else
-        # Something is broken.
-        cp_echo "CN: Your Apache2 configuration is broken."
-        cp_echo "CN: Please, check the service after the installation finishes!"
-    fi
+if ! apache2ctl configtest >/dev/null 2>&1; then
+    cp_echo "CN: Your Apache2 configuration seems to be broken."
+    cp_echo "CN: Please, check the service after the installation finishes!"
 fi