diff options
Diffstat (limited to 'app-admin/webmin/files/gentoo-setup')
| -rwxr-xr-x | app-admin/webmin/files/gentoo-setup | 417 |
1 files changed, 417 insertions, 0 deletions
diff --git a/app-admin/webmin/files/gentoo-setup b/app-admin/webmin/files/gentoo-setup new file mode 100755 index 000000000000..0c2dd2d186d1 --- /dev/null +++ b/app-admin/webmin/files/gentoo-setup @@ -0,0 +1,417 @@ +#!/bin/sh +# gentoo-setup.sh +# +# Version 1.2 +# +# A modified original Webmin setup.sh script to comply with Gentoo specifics +# +# Modification done by: PhobosK <phobosk@kbfx.net> +# +# This script runs after the webmin archive is installed, and in the pkg_config() phase. +# It does setup the various config files of Webmin depending on if it is +# a new install, an upgrade or a reset. + +LANG= +export LANG + +if [ -z ${wadir} ]; then + echo "You can't run this script outside of the 'emerge --config app-admin/webmin' command." + exit 1 +fi + +# All things we do is from the Webmin install dir - $wadir +cd $wadir + + +# Are we hard resetting everything? +# If yes, we do: +# 1. Run the specific Webmin $wadir/run-uninstalls.pl +# It runs all uninstall.pl files in every module's folder. +# They delete all the set specific Webmin cron jobs. +# If bumping you should go through these files using the command: +# find . -name uninstall.pl -exec cat {} \; -print +# 2. Delete the whole /etc/webmin content, keeping only the gentoo .keep_* files +if [ "$reset" = "hard" ]; then + echo "Running Webmin's specific uninstall procedures.. (Please ignore any possible errors)" + (WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir LANG= "$wadir/run-uninstalls.pl") + echo "..done" + echo "" + + echo "Deleting the content of user's config folder: $config_dir .." + find $config_dir ! -name '.keep_*' -delete 2>/dev/null + echo "..done" + echo "" +fi + + +# Are we soft resetting? +# If yes we do: +# - Delete the $config_dir/config file so we get new config values +if [ "$reset" = "soft" ]; then + echo "Deleting the user's $config_dir/config file.." + if [ -f "$config_dir/config" ]; then + rm -f "$config_dir/config" + fi + echo "..done" + echo "" +fi + + +# Get all available modules of this version +allmods=`echo */module.info | sed -e 's/\/module.info//g'` + +# Get current Webmin version +ver=`cat "$wadir/version"` + +if [ -r "$config_dir/config" ]; then + upgrading=1 +fi + + +# Check if upgrading from an old version +if [ "$upgrading" = 1 ]; then + echo "Updating existant Webmin's config files.." + + # Get current var path + if [ -r "$config_dir/var-path" ]; then + _var_dir=`cat $config_dir/var-path` + if [ -n ${_var_dir} ]; then + var_dir=${_var_dir} + fi + fi + + # Get current perl path + if [ -r "$config_dir/perl-path" ]; then + _perl=`cat $config_dir/perl-path` + if [ -n ${_perl} ]; then + perl=${_perl} + fi + fi + + # Get old os name and version + os_type=`grep "^os_type=" $config_dir/config | sed -e 's/os_type=//g'` + os_version=`grep "^os_version=" $config_dir/config | sed -e 's/os_version=//g'` + real_os_type=`grep "^real_os_type=" $config_dir/config | sed -e 's/real_os_type=//g'` + real_os_version=`grep "^real_os_version=" $config_dir/config | sed -e 's/real_os_version=//g'` + + # Get port, ssl, no_ssl2, no_ssl3, ssl_redirect, no_sslcompression and keyfile + port=`grep "^port=" $config_dir/miniserv.conf | sed -e 's/port=//g'` + ssl=`grep "^ssl=" $config_dir/miniserv.conf | sed -e 's/ssl=//g'` + no_ssl2=`grep "^no_ssl2=" $config_dir/miniserv.conf | sed -e 's/no_ssl2=//g'` + no_ssl3=`grep "^no_ssl3=" $config_dir/miniserv.conf | sed -e 's/no_ssl3=//g'` + ssl_redirect=`grep "^ssl_redirect=" $config_dir/miniserv.conf | sed -e 's/ssl_redirect=//g'` + no_sslcompression=`grep "^no_sslcompression=" $config_dir/miniserv.conf | sed -e 's/no_sslcompression=//g'` + keyfile=`grep "^keyfile=" $config_dir/miniserv.conf | sed -e 's/keyfile=//g'` + + # Update ACLs + $perl "$wadir/newmods.pl" $config_dir $allmods + + # Update miniserv.conf with new root directory, mime types file and server info + grep -v "^root=" $config_dir/miniserv.conf | grep -v "^mimetypes=" | grep -v "^server=" >$tempdir/$$.miniserv.conf + mv $tempdir/$$.miniserv.conf $config_dir/miniserv.conf + echo "root=$wadir" >> $config_dir/miniserv.conf + echo "mimetypes=$wadir/mime.types" >> $config_dir/miniserv.conf + echo "server=MiniServ/$ver" >> $config_dir/miniserv.conf + grep logout= $config_dir/miniserv.conf >/dev/null + if [ $? != "0" ]; then + echo "logout=$config_dir/logout-flag" >> $config_dir/miniserv.conf + fi + + # Remove old cache of module infos + rm -f $config_dir/module.infos.cache + echo "..done" + echo "" +else + # Create webserver's new config files + echo "Creating Webmin's new config files.." + + echo $perl > $config_dir/perl-path + echo $var_dir > $config_dir/var-path + + # Create a totally new conf file + cfile=$config_dir/miniserv.conf + echo "port=$port" > $cfile + echo "root=$wadir" >> $cfile + echo "mimetypes=$wadir/mime.types" >> $cfile + echo "addtype_cgi=internal/cgi" >> $cfile + echo "realm=Webmin Server" >> $cfile + echo "logfile=$var_dir/miniserv.log" >> $cfile + echo "errorlog=$var_dir/miniserv.error" >> $cfile + echo "pidfile=$pidfile" >> $cfile + echo "logtime=168" >> $cfile + echo "ppath=$ppath" >> $cfile + echo "ssl=$ssl" >> $cfile + echo "no_ssl2=$no_ssl2" >> $cfile + echo "no_ssl3=$no_ssl3" >> $cfile + echo "ssl_redirect=$ssl_redirect" >> $cfile + echo "no_sslcompression=$no_sslcompression" >> $cfile + echo "keyfile=$keyfile" >> $cfile + echo "env_WEBMIN_CONFIG=$config_dir" >> $cfile + echo "env_WEBMIN_VAR=$var_dir" >> $cfile + echo "atboot=$atboot" >> $cfile + echo "logout=$config_dir/logout-flag" >> $cfile + echo "listen=10000" >> $cfile + echo "denyfile=\\.pl\$" >> $cfile + echo "log=1" >> $cfile + echo "blockhost_failures=5" >> $cfile + echo "blockhost_time=60" >> $cfile + echo "syslog=1" >> $cfile + echo "session=1" >> $cfile + echo "premodules=WebminCore" >> $cfile + echo "server=MiniServ/$ver" >> $cfile + + # Append package-specific info to config file. + # miniserv-conf can be created by upstream or by us in src_install phase (see there). + if [ -f "$wadir/miniserv-conf" ]; then + cat "$wadir/miniserv-conf" >>$cfile + fi + + # Create the default user allowed to login - root only + login="root" + + if [ -r /etc/shadow ]; then + #crypt=`grep "^root:" /etc/shadow | cut -f 2 -d :` + crypt=x + else + crypt=`grep "^root:" /etc/passwd | cut -f 2 -d :` + fi + + ufile=$config_dir/miniserv.users + echo "$login:$crypt:0" > $ufile + chmod 600 $ufile + + + echo "userfile=$ufile" >> $cfile + chmod 600 $cfile + echo "..done" + echo "" + + echo "Creating access control file.." + afile=$config_dir/webmin.acl + echo "$login: $allmods" > $afile + chmod 600 $afile + echo "..done" + echo "" +fi + + +# Create start, stop, restart and reload Gentoo compliant Webmin scripts +# We use sys-apps/openrc functions which is already pulled by sys-apps/baselayout +# or systemctl if we run under systemd +echo "Creating start and stop scripts.." +rm -f $config_dir/{start,stop,restart,reload} + +# The start script in /etc/webmin (Gentoo compliant) +cat <<END >>"$config_dir/start" +#!/bin/sh + +if [ ! -f "${pidfile}" ]; then + if [[ -d /run/systemd/system ]] ; then + systemctl start webmin.service + else + rc-service --ifexists -- webmin start + fi +fi +END + +# The stop script in /etc/webmin (Gentoo compliant) +cat <<END >>"$config_dir/stop" +#!/bin/sh + +if [[ -d /run/systemd/system ]] ; then + systemctl stop webmin.service +else + rc-service --ifexists -- webmin --ifstarted stop +fi +END + +# The restart script in /etc/webmin (Gentoo compliant) +cat <<END >>"$config_dir/restart" +#!/bin/sh + +if [[ -d /run/systemd/system ]] ; then + systemctl try-restart webmin.service +else + rc-service --ifexists -- webmin --ifstarted restart +fi +END + +# The reload script in /etc/webmin (Gentoo compliant) +cat <<END >>"$config_dir/reload" +#!/bin/sh + +if [[ -d /run/systemd/system ]] ; then + systemctl reload-or-try-restart webmin.service +else + rc-service --ifexists -- webmin --ifstarted reload +fi +END + +chmod 755 $config_dir/{start,stop,restart,reload} +echo "..done" +echo "" + + +if [ "$upgrading" = 1 ]; then + echo "Updating other config files.." +else + echo "Copying other config files.." +fi + +# This just copies and merges the Webmin's release config files, with user's in the /etc/webmin folder +newmods=`$perl "$wadir/copyconfig.pl" "$os_type/$real_os_type" "$os_version/$real_os_version" "$wadir" $config_dir "" $allmods` +if [ "$upgrading" != 1 ]; then + # Store the OS and version + echo "os_type=$os_type" >> $config_dir/config + echo "os_version=$os_version" >> $config_dir/config + echo "real_os_type=$real_os_type" >> $config_dir/config + echo "real_os_version=$real_os_version" >> $config_dir/config + + # Turn on logging by default + echo "log=1" >> $config_dir/config + + # Disallow unknown referers by default + echo "referers_none=1" >>$config_dir/config +else + # one-off hack to set log variable in config from miniserv.conf + grep log= $config_dir/config >/dev/null + if [ "$?" = "1" ]; then + grep log= $config_dir/miniserv.conf >> $config_dir/config + grep logtime= $config_dir/miniserv.conf >> $config_dir/config + grep logclear= $config_dir/miniserv.conf >> $config_dir/config + fi + + # Disallow unknown referers if not set + grep referers_none= $config_dir/config >/dev/null + if [ "$?" != "0" ]; then + echo "referers_none=1" >>$config_dir/config + fi +fi +echo $ver > $config_dir/version +echo "..done" +echo "" + +# Set passwd_ fields in miniserv.conf from global config +for field in passwd_file passwd_uindex passwd_pindex passwd_cindex passwd_mindex; do + grep $field= $config_dir/miniserv.conf >/dev/null + if [ "$?" != "0" ]; then + grep $field= $config_dir/config >> $config_dir/miniserv.conf + fi +done +grep passwd_mode= $config_dir/miniserv.conf >/dev/null +if [ "$?" != "0" ]; then + echo passwd_mode=0 >> $config_dir/miniserv.conf +fi + +# Disable SSL compression to defeat BEAST attack +grep no_sslcompression= $config_dir/miniserv.conf >/dev/null +if [ "$?" != "0" ]; then + echo no_sslcompression=1 >> $config_dir/miniserv.conf +fi + +# Tighten SSL security +grep no_ssl2= $config_dir/miniserv.conf >/dev/null +if [ "$?" != "0" ]; then + echo no_ssl2=1 >> $config_dir/miniserv.conf +fi + +grep no_ssl3= $config_dir/miniserv.conf >/dev/null +if [ "$?" != "0" ]; then + echo no_ssl3=1 >> $config_dir/miniserv.conf +fi + +# Make Perl crypt MD5 the default +grep md5pass= $config_dir/config >/dev/null +if [ "$?" != "0" ]; then + echo md5pass=1 >> $config_dir/config +fi + +# Set a special theme if none was set before +if [ "$theme" = "" ]; then + theme=`cat "$wadir/defaulttheme" 2>/dev/null` +fi +oldthemeline=`grep "^theme=" $config_dir/config` +oldtheme=`echo $oldthemeline | sed -e 's/theme=//g'` +if [ "$theme" != "" ] && [ "$oldthemeline" = "" ] && [ -d "$wadir/$theme" ]; then + themelist=$theme +fi + +# Set a special overlay if none was set before +if [ "$overlay" = "" ]; then + overlay=`cat "$wadir/defaultoverlay" 2>/dev/null` +fi +if [ "$overlay" != "" ] && [ "$theme" != "" ] && [ -d "$wadir/$overlay" ]; then + themelist="$themelist $overlay" +fi + +# Apply the theme and maybe overlay +if [ "$themelist" != "" ]; then + echo "theme=$themelist" >> $config_dir/config + echo "preroot=$themelist" >> $config_dir/miniserv.conf +fi + +# If the old blue-theme is still in use, change it (new in 1.730) +oldtheme=`grep "^theme=" $config_dir/config | sed -e 's/theme=//g'` +if [ "$oldtheme" = "blue-theme" ]; then + sed -i -e 's/theme=blue-theme/theme=gray-theme/g' $config_dir/config + sed -i -e 's/preroot=blue-theme/preroot=gray-theme/g' $config_dir/miniserv.conf +fi + +# Set the product field in the global config +grep product= $config_dir/config >/dev/null +if [ "$?" != "0" ]; then + echo product=webmin >> $config_dir/config +fi + +# If password delays are not specifically disabled, enable them +grep passdelay= $config_dir/miniserv.conf >/dev/null +if [ "$?" != "0" ]; then + echo passdelay=1 >> $config_dir/miniserv.conf +fi + + +echo "Changing ownership and permissions.." +# Make all config dirs non-world-readable +for m in $newmods; do + chown -R root:root $config_dir/$m + chmod -R og-rw $config_dir/$m +done + +# Make miniserv config files non-world-readable +for f in miniserv.conf miniserv.users; do + chown -R root:root $config_dir/$f + chmod -R og-rw $config_dir/$f +done +chmod +r $config_dir/version + +# Fix up bad permissions from some older installs +for m in ldap-client ldap-server ldap-useradmin mailboxes mysql postgresql servers virtual-server; do + if [ -d "$config_dir/$m" ]; then + chown root:root $config_dir/$m + chmod og-rw $config_dir/$m + chmod og-rw $config_dir/$m/config 2>/dev/null + fi +done +echo "..done" +echo "" + + +# This executes all postinstall.pl for every module +# If you do bump, you should look at the specific changes they do with this command in root folder: +# find . -name postinstall.pl -exec cat {} \; -print +# Generally they are safe to run 'cause they change only user's config in /etc/webmin +# or setup some cron jobs +if [ "$nopostinstall" = "" ]; then + echo "Running postinstall scripts.. (Please ignore any possible errors)" + (cd "$wadir" ; WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir "$wadir/run-postinstalls.pl") + echo "..done" + echo "" +fi + +# Enable background collection +if [ "$upgrading" != 1 -a -r $config_dir/system-status/enable-collection.pl ]; then + echo "Enabling background status collection.. (Please ignore any possible errors)" + $config_dir/system-status/enable-collection.pl 5 + echo "..done" + echo "" +fi |