vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jftho...@apache.org
Subject svn commit: r1798609 - /vcl/trunk/vcl-upgrade.sh
Date Tue, 13 Jun 2017 15:38:09 GMT
Author: jfthomps
Date: Tue Jun 13 15:38:09 2017
New Revision: 1798609

URL: http://svn.apache.org/viewvc?rev=1798609&view=rev
Log:
VCL-1053 - Prepare VCL 2.5 release 

vcl-upgrade.sh:
-updated VCL_VERSION from 2.4.2 to 2.5
-added code to delete MAXVMLIMIT from conf.php
-added code to change $mcryptkey in secrets.php to $cryptkey; if php version >= 5.3, update
value of $cryptkey to be randomly generated data from openssl
-removed php-gd from list of required php packages
-moved code that installs missing packages to be outside for loop so it is only run once the
full list of missing packages is created
-changed cp commands to include -a parameter so original timestamps from archive are retained
-added code to set ownership of web code
-added code to set selinux context of web code
-added code to set ownership of management node code
-updated line placed in .htaccess for old web code to be "Requre all denied" to match new
httpd configuration

Modified:
    vcl/trunk/vcl-upgrade.sh

Modified: vcl/trunk/vcl-upgrade.sh
URL: http://svn.apache.org/viewvc/vcl/trunk/vcl-upgrade.sh?rev=1798609&r1=1798608&r2=1798609&view=diff
==============================================================================
--- vcl/trunk/vcl-upgrade.sh (original)
+++ vcl/trunk/vcl-upgrade.sh Tue Jun 13 15:38:09 2017
@@ -62,7 +62,7 @@ if [ $? -ne 0 ]; then help; fi
 eval set -- "$args"
 
 # ------------------------- variables -------------------------------
-VCL_VERSION=2.4.2
+VCL_VERSION=2.5
 OLD_VERSION=""
 DB_NAME=vcl
 WEB_PATH=/var/www/html/vcl
@@ -438,6 +438,23 @@ function confUpgradeFrom22() {
 
 	sed -i '/ENABLE_ITECSAUTH/G' $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php
 	if [ $? -ne 0 ]; then echo "Error: Failed to update conf.php"; exit 1; fi
+
+	if grep -q MAXVMLIMIT $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php; then
+		sed -i '/MAXVMLIMIT/d' $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php
+		if [ $? -ne 0 ]; then echo "Error: Failed to update conf.php"; exit 1; fi
+	fi
+
+	phpver=$(echo '<?php echo PHP_VERSION; ?>' | php | cut -c1-3 | sed 's/\.//')
+	if (( $phpver >= 53 )); then
+		random=$(openssl rand 32 | base64)
+		sed -i "/mcryptkey/a \$cryptkey='$random';" $WEB_PATH-$VCL_VERSION/.ht-inc/secrets.php
+		if [ $? -ne 0 ]; then echo "Error: Failed to update secrets.php"; exit 1; fi
+		sed -i '/mcryptkey/d' $WEB_PATH-$VCL_VERSION/.ht-inc/secrets.php
+		if [ $? -ne 0 ]; then echo "Error: Failed to update secrets.php"; exit 1; fi
+	else
+		sed -i "s/mcryptkey/cryptkey/" $WEB_PATH-$VCL_VERSIONS/.ht-inc/secrets.php
+		if [ $? -ne 0 ]; then echo "Error: Failed to update secrets.php"; exit 1; fi
+	fi
 }
 
 function confUpgradeFrom221() {
@@ -527,6 +544,18 @@ function confUpgradeFrom23() {
 
 	sed -i '/ENABLE_ITECSAUTH/G' $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php
 	if [ $? -ne 0 ]; then echo "Error: Failed to update conf.php"; exit 1; fi
+
+	if grep -q MAXVMLIMIT $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php; then
+		sed -i '/MAXVMLIMIT/d' $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php
+		if [ $? -ne 0 ]; then echo "Error: Failed to update conf.php"; exit 1; fi
+	fi
+
+	phpver=$(echo '<?php echo PHP_VERSION; ?>' | php | cut -c1-3 | sed 's/\.//')
+	if (( $phpver >= 53 )); then
+		random=$(openssl rand 32 | base64)
+		sed -i "s%\$cryptkey.*$%\$cryptkey = '$random';%" $WEB_PATH-$VCL_VERSION/.ht-inc/secrets.php
+		if [ $? -ne 0 ]; then echo "Error: Failed to update secrets.php"; exit 1; fi
+	fi
 }
 
 function confUpgradeFrom231() {
@@ -537,7 +566,21 @@ function confUpgradeFrom232() {
 	confUpgradeFrom23
 }
 
-# ------------------- download/validate arvhice ---------------------
+function confUpgradeFrom242() {
+	if grep -q MAXVMLIMIT $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php; then
+		sed -i '/MAXVMLIMIT/d' $WEB_PATH-$VCL_VERSION/.ht-inc/conf.php
+		if [ $? -ne 0 ]; then echo "Error: Failed to update conf.php"; exit 1; fi
+	fi
+
+	phpver=$(echo '<?php echo PHP_VERSION; ?>' | php | cut -c1-3 | sed 's/\.//')
+	if (( $phpver >= 53 )); then
+		random=$(openssl rand 32 | base64)
+		sed -i "s%\$cryptkey.*$%\$cryptkey = '$random';%" $WEB_PATH-$VCL_VERSION/.ht-inc/secrets.php
+		if [ $? -ne 0 ]; then echo "Error: Failed to update secrets.php"; exit 1; fi
+	fi
+}
+
+# ------------------- download/validate archive ---------------------
 print_break
 cd $WORKPATH
 if [[ ! -f $ARCHIVE ]]; then
@@ -630,7 +673,7 @@ if [[ $DOWEB -eq 1 ]]; then
 	if [ $? -ne 0 ]; then generic_error "Failed to create backup of web code at $WEB_PATH";
exit 1; fi;
 fi
 
-# -------------------------- backup web code -------------------------
+# -------------------------- backup mn code -------------------------
 if [[ $DOMN -eq 1 ]]; then
 	echo "Backing up management node code..."
 	tar czf $WORKPATH/managmentnode-${OLD_VERSION}-backup.tar.gz $MN_PATH
@@ -642,7 +685,7 @@ if [[ $DOWEB -eq 1 ]]; then
 	print_break
 	echo "Ensuring required php components are installed..."
 	missing=
-	for pkg in php php-gd php-mysql php-xml php-xmlrpc php-ldap php-mbstring; do
+	for pkg in php php-mysql php-xml php-xmlrpc php-ldap php-mbstring; do
 		alt=$(echo $pkg | sed 's/php/php53/')
 		if ! (rpm --quiet -q $pkg || rpm --quiet -q $alt); then
 			missing="$missing $pkg"
@@ -650,31 +693,44 @@ if [[ $DOWEB -eq 1 ]]; then
 		if rpm -qa | grep -q php53; then
 			missing=$(echo $missing | sed 's/php/php53/g')
 		fi
-		if [[ $missing != "" ]]; then
-			echo "yum -q -y install $missing"
-			yum -q -y install $missing
-			if [ $? -ne 0 ]; then generic_error "Failed to install php components"; exit 1;
-			else echo "php components successfully installed"; fi
-		fi
 	done
+	if [[ $missing != "" ]]; then
+		echo "yum -q -y install $missing"
+		yum -q -y install $missing
+		if [ $? -ne 0 ]; then generic_error "Failed to install php components"; exit 1;
+		else echo "php components successfully installed"; fi
+	fi
 fi
 
 # ------------------------- copy web code in place -------------------------
 if [[ $DOWEB -eq 1 ]]; then
 	print_break
 	echo "Installing new VCL web code..."
-	/bin/cp -r $WORKPATH/apache-VCL-$VCL_VERSION/web/ ${WEB_PATH}-$VCL_VERSION
+	/bin/cp -ar $WORKPATH/apache-VCL-$VCL_VERSION/web/ ${WEB_PATH}-$VCL_VERSION
 	if [ $? -ne 0 ]; then generic_error "Failed to install new VCL web code"; exit 1; fi;
+	chown -R root:root ${WEB_PATH}-$VCL_VERSION/
+	if [ $? -ne 0 ]; then generic_error "Failed to set ownership of VCL web code to root"; exit
1; fi;
+	chown apache ${WEB_PATH}-$VCL_VERSION/.ht-inc/cryptkey
+	if [ $? -ne 0 ]; then generic_error "Failed to set ownership of VCL web code cryptkey directory
to apache"; exit 1; fi;
 	chown apache ${WEB_PATH}-$VCL_VERSION/.ht-inc/maintenance
+	if [ $? -ne 0 ]; then generic_error "Failed to set ownership of VCL web code maintenance
directory to apache"; exit 1; fi;
+	if [[ -x /usr/sbin/getenforce ]] && /usr/sbin/getenforce | grep -q -i enforcing;
then
+		chcon -R -t httpd_sys_content_t ${WEB_PATH}-$VCL_VERSION
+		if [ $? -ne 0 ]; then generic_error "Failed to set SELinux context of web directory"; exit
1; fi;
+		chcon -t httpd_sys_rw_content_t ${WEB_PATH}-$VCL_VERSION/.ht-inc/cryptkey
+		if [ $? -ne 0 ]; then generic_error "Failed to set SELinux context of web cryptkey directory";
exit 1; fi;
+		chcon -t httpd_sys_rw_content_t ${WEB_PATH}-$VCL_VERSION/.ht-inc/maintenance
+		if [ $? -ne 0 ]; then generic_error "Failed to set SELinux context of web maintenance directory";
exit 1; fi;
+	fi
 fi
 
 # ---------------------------- configure web code --------------------------
 if [[ $DOWEB -eq 1 ]]; then
 	print_break
 	echo "Copying in web configuration files from previous version"
-	/bin/cp -f ${WEB_PATH}/.ht-inc/secrets.php ${WEB_PATH}-$VCL_VERSION/.ht-inc/
+	/bin/cp -af ${WEB_PATH}/.ht-inc/secrets.php ${WEB_PATH}-$VCL_VERSION/.ht-inc/
 	if [ $? -ne 0 ]; then echo "Error: Failed to copy secrets.php"; exit 1; fi;
-	/bin/cp -f ${WEB_PATH}/.ht-inc/conf.php ${WEB_PATH}-$VCL_VERSION/.ht-inc/
+	/bin/cp -af ${WEB_PATH}/.ht-inc/conf.php ${WEB_PATH}-$VCL_VERSION/.ht-inc/
 	if [ $? -ne 0 ]; then echo "Error: Failed to copy conf.php"; exit 1; fi;
 
 	if [[ $OLD_VERSION = '2.2' ]]; then confUpgradeFrom22; fi
@@ -683,10 +739,11 @@ if [[ $DOWEB -eq 1 ]]; then
 	if [[ $OLD_VERSION = '2.3' ]]; then confUpgradeFrom23; fi
 	if [[ $OLD_VERSION = '2.3.1' ]]; then confUpgradeFrom231; fi
 	if [[ $OLD_VERSION = '2.3.2' ]]; then confUpgradeFrom232; fi
+	if [[ $OLD_VERSION = '2.4.2' ]]; then confUpgradeFrom242; fi
 
-	/bin/cp -f ${WEB_PATH}/.ht-inc/pubkey.pem ${WEB_PATH}-$VCL_VERSION/.ht-inc/
+	/bin/cp -af ${WEB_PATH}/.ht-inc/pubkey.pem ${WEB_PATH}-$VCL_VERSION/.ht-inc/
 	if [ $? -ne 0 ]; then echo "Error: Failed to copy pubkey.pem"; exit 1; fi;
-	/bin/cp -f ${WEB_PATH}/.ht-inc/keys.pem ${WEB_PATH}-$VCL_VERSION/.ht-inc/
+	/bin/cp -af ${WEB_PATH}/.ht-inc/keys.pem ${WEB_PATH}-$VCL_VERSION/.ht-inc/
 	if [ $? -ne 0 ]; then echo "Error: Failed to copy keys.pem"; exit 1; fi;
 fi
 
@@ -695,12 +752,15 @@ if [[ $DOMN -eq 1 ]]; then
 	print_break
 	echo "Installing management node components..."
 	if [[ ! -d ${MN_PATH}-$OLD_VERSION ]]; then
-		/bin/cp -r ${MN_PATH} ${MN_PATH}-$VCL_VERSION
+		/bin/cp -ar ${MN_PATH} ${MN_PATH}-$VCL_VERSION
 		if [ $? -ne 0 ]; then generic_error "Failed to install new VCL management node code (1)";
exit 1; fi;
+		chown -R root:root ${MN_PATH}-$VCL_VERSION/
+		if [ $? -ne 0 ]; then generic_error "Failed to set ownership of VCL management node code
to root"; exit 1; fi;
 	fi
-	/bin/cp -r ${MN_PATH}-$OLD_VERSION ${MN_PATH}-$VCL_VERSION
-	/bin/cp -r $WORKPATH/apache-VCL-$VCL_VERSION/managementnode/* ${MN_PATH}-$VCL_VERSION
+	/bin/cp -ar ${MN_PATH}-$OLD_VERSION ${MN_PATH}-$VCL_VERSION
 	if [ $? -ne 0 ]; then generic_error "Failed to install new VCL management node code (2)";
exit 1; fi;
+	/bin/cp -ar $WORKPATH/apache-VCL-$VCL_VERSION/managementnode/* ${MN_PATH}-$VCL_VERSION
+	if [ $? -ne 0 ]; then generic_error "Failed to install new VCL management node code (3)";
exit 1; fi;
 fi
 
 # -------------------- configure management node code ------------------
@@ -766,7 +826,7 @@ if [[ $DOWEB -eq 1 ]]; then
 	if [[ -f ${WEB_PATH}-$OLD_VERSION/.htaccess ]]; then
 		mv -f ${WEB_PATH}-$OLD_VERSION/.htaccess ${WEB_PATH}-$OLD_VERSION/.htaccess.preupgrade
 	fi
-	echo "Deny from all" > ${WEB_PATH}-$OLD_VERSION/.htaccess
+	echo "Require all denied" > ${WEB_PATH}-$OLD_VERSION/.htaccess
 	if [ $? -ne 0 ]; then echo "Error: Failed to create new ${WEB_PATH}-$OLD_VERSION/.htaccess
file"; exit 1; fi
 fi
 



Mime
View raw message