}
log() {
+ local old_umask
logfile=${logfile:=/var/log/carnet-upgrade.log}
- touch $logfile
+
+ old_umask=$(umask)
+ umask 0077
+
echo "$(date +'%Y-%m-%d %H:%M:%S') $*" >> $logfile
echo "CN: $*"
+
+ umask $old_umask
+ chmod og= $logfile
}
# find first free uid/gid in range
if [ -z "$default_kernel" -a -r "/boot/grub/menu.lst" ]; then
default_kernel=$( awk '
$1 == "default" { default = $2;
- if (default != /^[[:digit:]]+$/) { exit } }
+ if (default !~ /^[0-9]+$/) { exit } }
$1 == "title" { title+=1 }
$1 == "kernel" && title==default+1 { print $2; exit }' \
/boot/grub/menu.lst 2>/dev/null )
log "Default kernel package: $kernel_package"
- if [ "$kernel_package" != "kernel-2.6-cn" ]; then
- log "Default kernel package is not kernel-2.6-cn"
- return 1
- fi
-
running_release=$( uname -r )
running_version=$( uname -v )
log "Running kernel: $running_release $running_version"
# force reconfiguration at the end if package is not upgraded automatically
if [ "$config_changed" -a "$cn_package" ]; then
cn_version=$( dpkg -s "$cn_package" | awk '/^Version:/ {print $2}' )
- post_upgrade "pkg $cn_package eq $cn_version && dpkg-reconfigure $cn_package"
+ post_upgrade "pkg $cn_package gt $cn_version || dpkg-reconfigure $cn_package"
fi
}
restore_config spamassassin-cn razor 1:2.85-1 /etc/razor/razor-agent.conf
restore_config kernel-2.6-cn libpam-modules 1.0.1-5 /etc/security/limits.conf
restore_config samba-cn samba-common 2:3.2.5-4lenny2 /etc/samba/smb.conf
+ restore_config '' base-files 5lenny2 /etc/issue /etc/issue.net
# check if monitrc is template based
if [ -f /etc/monit/monitrc -a ! -f /etc/monit/monitrc.$backup_ext ]; then
rm -f $config_new
fi
-# restore_config base-files 4 /etc/issue /etc/issue.net
-# restore_config base-files 4 /etc/issue /etc/issue.net
# restore_config login 1:4.0.18.1 /etc/pam.d/login
# restore_config mysql-server 5.0.3 /etc/init.d/mysql \
# /etc/logrotate.d/mysql-server \
fi
}
+# check if package is orphaned (nothing depends on it)
+is_orphaned () {
+ local package deps
+
+ package=$1
+ deps=$(apt-get remove -s $package | grep ^Remv | wc -l)
+ if [ "$deps" -eq 1 ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+# remove old and unused libraries
+remove_orphaned () {
+ local package
+
+ for package in $orphaned_packages; do
+ if is_orphaned $package; then
+ pkgrm $package
+ fi
+ done
+}
+
# monit it causing problems for postinst scripts
# restarting daemons so try to disable it
disable_monit () {
# make a silent upgrade to new libc6
upgrade_libc () {
- DEBIAN_FRONTEND=noninteractive pkgadd libc6
+ DEBIAN_FRONTEND=noninteractive pkgadd libc6 tzdata
}
# upgrade apache2 to etch
local conf
# remove init script diversion before upgrade
- if pkg amavisd-cn lt 3:2.4.2-4; then
+ if pkg amavisd-cn lt 3:2.6.1-1; then
if [ -L /etc/init.d/amavis -a -f /etc/init.d/amavis.amavisd-new ]; then
rm -vf /etc/init.d/amavis
dpkg-divert --remove /etc/init.d/amavis
/etc/init.d/amavis restart
}
-# fix openldap-aai postinst user handling
-upgrade_openldap () {
+# handle freerdius config files upgrade
+upgrade_freeradius () {
+ local template config_new password realm
+
+ pkg freeradius-aai lt 2.1.3-0lenny0 || return 0
+
+ # handle static configs
+ restore_config freeradius-aai freeradius 2.1.3-0lenny0 \
+ /etc/freeradius/clients.conf \
+ /etc/freeradius/hints \
+ /etc/freeradius/ldap.attrmap \
+ /etc/freeradius/radiusd.conf
+
+ # handle template based configs
+ template=/usr/share/carnet-upgrade/files/etc/freeradius/eap.conf.template
+ config_new=$(mktemp /var/lib/carnet-upgrade/eap.conf.XXXXXX)
+ password=$(grep -s '^[[:space:]]*private_key_password[[:space:]]*=' \
+ /etc/freeradius/eap.conf)
+ cp $template $config_new
+ sed -i "s/.*#PASSWORD#.*/$password/" $config_new
+ if cmp -s $config_new /etc/freeradius/eap.conf >/dev/null; then
+ log "Restoring config file /etc/freeradius/eap.conf"
+ cp -v /usr/share/carnet-upgrade/files/etc/freeradius/eap.conf.restore \
+ /etc/freeradius/eap.conf
+ fi
+ rm -f $config_new
+
+ template=/usr/share/carnet-upgrade/files/etc/freeradius/proxy.conf.template
+ config_new=$(mktemp /var/lib/carnet-upgrade/proxy.conf.XXXXXX)
+ realm=$(sed -n '/^[[:space:]]*suffix[[:space:]]*/ {
+ s///; s/"//g; s/,dc=/./g; s/dc=//; s/.hr$//; p; q }' /etc/ldap/slapd.conf)
+ cp $template $config_new
+ sed -i "s/#REALM#/$realm/" $config_new
+ if cmp -s $config_new /etc/freeradius/proxy.conf >/dev/null; then
+ log "Restoring config file /etc/freeradius/proxy.conf"
+ cp -v /usr/share/carnet-upgrade/files/etc/freeradius/proxy.conf.restore \
+ /etc/freeradius/proxy.conf
+ fi
+ rm -f $config_new
+
+ # install the new packages
+ if ! apt-get -y install freeradius; then
+ # freeradius upgrade fails here, try to fix it by creating certificates
+ [ -x /etc/freeradius/certs/bootstrap ] && /etc/freeradius/certs/bootstrap
+
+ dpkg --configure -a
+ apt-get -y -f install
+ fi
+
+ # finally try to cleanup this mess
+ pkgadd freeradius-aai
+}
+
+# prepare for slapd upgrade (caused by freeradius installation)
+prepare_openldap () {
pkg openldap-aai lt 2.4 || return 0
# openldap-aai expects org.ldif to exists
if [ -f $ldif ]; then
cp -v $ldif $ldif_backup
fi
+}
+
+# fix openldap-aai postinst user handling
+upgrade_openldap () {
+ pkg openldap-aai lt 2.4 || return 0
# slapd postinst fails if move_old_database is false
echo 'slapd slapd/move_old_database boolean true' | debconf-set-selections
pkgadd slapd
# slapd removes org.ldif during switch from ldap -> openldap user
+ local ldif=/var/lib/ldap/org.ldif
+ local ldif_backup=/var/lib/carnet-upgrade/org.ldif
if [ -f $ldif_backup -a ! -f $ldif ]; then
cp -v $ldif_backup $ldif
fi
/etc/udev/rules.d/compat.rules
do
if [ -e $config ]; then
- mv -v $config /etc/udev/
+ rm -v -f $config
fi
done
fix_issue () {
cat > /etc/issue <<EOF
Debian GNU/Linux 5.0 (CARNet Debian 5.0) \\n \\l
+
EOF
cat > /etc/issue.net <<EOF