From raeburn at msu.edu  Tue Dec 31 23:34:59 2024
From: raeburn at msu.edu (Raeburn, Stuart)
Date: Wed, 1 Jan 2025 04:34:59 +0000
Subject: [LON-CAPA-admin] LON-CAPA version 2.11.6
Message-ID: <BL1PR12MB51416D73ED59BF9EDFCA5653B60B2@BL1PR12MB5141.namprd12.prod.outlook.com>

New Version 2.11.6 released.

Update of 2.11.5 (and older) installations to 2.11.6 is recommended.
Changes from 2.11.5:

Student Interface
- On Roles/Courses page for mobile users, all options in "Roles options"   
  drop-down (activated on hover) are now visible.
- When listing Portfolio directory contents, the help to the right of the
  "Current Access Status" heading links to a file appropriate for portfolio type.
- Any unicode 2212 character ("Math" minus) will now be replaced with ascii 
  minus when pasted into numericalresponse textbox for pre-ECMA2018 browsers
  (Chrome <64, Firefox <78, Opera <51); 2.11.5 included this for newer browsers.
- If the Remote Control is set to be used for current user, it is no longer 
  launched on a load-balancer server session, as it will be switched immediately.
- If a Remote Control window has been launched it is closed when switching server.


Course Management
- Use of a modal window for setting start and end dates for a role is supported
  when using "Modify a user's information" on the "List Users" screen.


Printouts
- All 12 combinations of orientation (portrait or landscape), columns (1 or 2),
  paper (letter, legal or a4) are now supported.
- Amount of vertical space at top of each page reduced for RHEL/Oracle/CentOS
  7 or later.
- "Suppress display of tries" can now apply when printing a CODEd exam.
- For two column printouts, column number is added to right side of header 
  line for even-numbered columns, unless the course uses a customized header.
- Correct name/section are displayed in header on the last page when printing 
  for other people on RHEL/Oracle/Alma/Rocky/CentOS 9 for 1-column or landscape 
  2-column and a4 paper.
- A footer containing page number displayed below the bottom of the page/column 
  will be absent unless the course uses a customized header.
- When questiontype is not exam, suppress printing of line number for 
  radiobuttonresponse where direction attribute is set to horizontal. 


Authoring
- Functions menu includes "Options" icon/link when called in course context.
- When Remote Control is in use, the Authoring Space screen header menu is 
  now consistent with other screens: i.e., Name (no drop-down on hover),
  Context, Help, and "Switch to Inline Menu Mode" are shown.
  
  
Domain Coordination/Domain Settings
- When setting font color in default color schemes for domain prepend #, if
  missing and convert value to lower case.
  

Documentation
- Information about file sharing in a Group portfolio added to Course 
  Coordination manual.


Third-party modules
- CKeditor version 4.22.1
  (a) Accessibility Checker added to toolbar
  (b) Display of pop-up with version information now suppressed on launch.
  (c) Simplified Chinese added to included languages.


Other bug fixes
- Background color included in standard CSS for body tag for WCAG 2 compliance
 (success criterion 1.4.3).
- Support printing of both <tex>\somecommand</tex> and <tex>$somevar</tex> 
  without the need to add extra white space after the opening tex tag.
- Support checking whether RPMs need updating on Rocky and AlmaLinux 8 & 9.


Internals
- For LON-CAPA servers/VMs using firewalld: firewall rules added by lciptables 
  made "permanent" so they persist after firewall-cmd --reload.
- pstops is used instead of psnup for 2-column landscape printouts if psnup
  version does not support "scale" arg -- RHEL/Oracle/Alma/Rocky/CentOS 9).
- OK reported when the PerlCleanupHandler has successfully finished execution.
- When Remote Control is on and "links_disabled" is included in args passed 
  to &start_page(), apply this to links in the top navigation menu.
- Disable links in the Switch Server page header menu, because the session 
  will have been ended on the server from which switch is to be made.
- Eliminate loading of javascript files for Switch Server page because they
  will not be used.
- If answer attribute is perl array of floats coerce floating point to string 
  to prevent TypeError in 'caparesponse_capa_check_answer' (perl 5.20 or later).
- Authoritative "name" servers for LON-CAPA production cluster updated.
- All calls to routines in customizable localenroll.pm occur with an eval{}
  so current lond child process will not be killed when a condition in 
  localenroll.pm causes execution to exit with a "die".
- Nightly loncron will check if /home/httpd/html/lon-status/loncron_simple.txt
  can be written to before attempting to do so.
- To support Fedora 40 and 41, check if RestrictSUIDSGID property is set to yes 
  for httpd.service, and if so, include RestrictSUIDSGID=no in override.conf
  

Supported Linux Distributions
- Fedora 41 added


Specific enhancement requests/bugs addressed: (see https://bugs.loncapa.org)
5907, 5919, 5968, 6772, 6814, 6819, 6880, 6992, 6993, 6994, 6995


Installation Notes:
 
To use this release you need to have version 1-35 of LONCAPA-prerequisites
installed.

To install this update:

1) You will need to be running RHEL 7, 8 or 9; Oracle Linux 7, 8 or 9;
SLES 12 or 15; AlmaLinux 8 or 9, Rocky Linux 8 or 9, Ubuntu LTS 16, 18, 20, 22 or 24
Debian 10, 11 or 12; CentOS Stream 9; or Fedora 40 or 41 

(CentOS/Scientific Linux 7, SLES 11, Ubuntu LTS 14, Fedora 35-39,
and CentOS Stream 8 should continue to work, but are deprecated).

You will need to be root to use the commands listed at steps 1(a) - 1(d) and
2 to 11 below. On Ubuntu LTS servers either prepend sudo for each command, or
use sudo -i.

To accompany the earlier 2.11.3 release, the GPG key for LON-CAPA's repositories
was updated to reflect modern standards.  If you are updating from LON-CAPA 2.11.2
or earlier, and have not already updated the GPG key, it is recommended to clear
cached packages previously downloaded from the LON-CAPA repository for your Linux
distro, before removing the old GPG key and importing the new one.

(a) You can display the currently installed LON-CAPA package signing GPG key 
as follows:

(i) CentOS/RHEL/Scientific Linux/Fedora/SLES
rpm -q gpg-pubkey --qf '%{VERSION}\t%{SUMMARY}\n' |grep LON

For CentOS/RHEL/Scientific Linux/Fedora/SLES the GPG key used in 2020 and earlier is:
155cf773    MSU LON-CAPA group (LON-CAPA installer) <lon-capa at lon-capa.org>

For CentOS/RHEL/Scientific Linux/Fedora/SLES the GPG key used in 2021 and beyond is:
c11f2266    LONCAPA Academic Consortium (Package signing) <certificate at loncapa.org>

(ii) Ubuntu 20 and older
sudo apt-key list

For Ubuntu the GPG key used in 2020 and earlier is:
155CF773    MSU LON-CAPA group (LON-CAPA installer) <lon-capa at lon-capa.org>

For Ubuntu the GPG key used in 2021 and beyond is:
BF2CDADF    MSU LON-CAPA group (LON-CAPA installer) <loncapa at loncapa.org>


(b) If you have a pre-2021 key clear the cache and import the new GPG key as follows:

(i) CentOS
yum clean all --disablerepo="*" --enablerepo=loncapa-updates-basearch --enablerepo=loncapa-updates-noarch
rpm -e gpg-pubkey-155cf773-431738a8
rpm --import 'https://install.loncapa.org/versions/centos/RPM-GPG-KEY-loncapa'

(ii) RHEL
yum clean all --disablerepo="*" --enablerepo=loncapa-updates-basearch --enablerepo=loncapa-updates-noarch
rpm -e gpg-pubkey-155cf773-431738a8
rpm --import 'https://install.loncapa.org/versions/redhat/RPM-GPG-KEY-loncapa'

(iii) SLES
zypper refresh 'LON-CAPA'

(iv) Ubuntu
sudo apt-key del 155CF773
sudo apt-get clean
wget -O ~/APT-GPG-KEY-loncapa.asc 'https://install.loncapa.org/versions/ubuntu/APT-GPG-KEY-loncapa.asc'
sudo apt-key add ~/APT-GPG-KEY-loncapa.asc

(v) Fedora
yum clean all --disablerepo="*" --enablerepo=loncapa-updates-basearch --enablerepo=loncapa-updates-noarch
rpm -e gpg-pubkey-155cf773-431738a8
rpm --import 'https://install.loncapa.org/versions/fedora/RPM-GPG-KEY-loncapa'


(c) After you have imported the new key for 2021 (and beyond)

(i) CentOS/RHEL/Fedora/SLES/
rpm -q gpg-pubkey --qf '%{VERSION}\t%{SUMMARY}\n' |grep LON

will now report:
c11f2266   LONCAPA Academic Consortium (Package signing) <certificate at loncapa.org>

(ii) Ubuntu 20 and older
sudo apt-key list

will now report:
BF2CDADF    MSU LON-CAPA group (LON-CAPA installer) <loncapa at loncapa.org>


(d) The EPEL repository is used by LON-CAPA for CentOS/RHEL/Oracle/Alma/Rocky Linux
and epel-release is a dependency in LONCAPA-prerequisites 1-35 for those distros. 

On CentOS/RHEL 7 to add the repo you can use:
wget 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm'
yum install epel-release-latest-7.noarch.rpm

Note: if you are still running CentOS 7 (EOL was June 30 2024),
you should change the baseurl in /etc/yum.repos.d/epel.repo to point at:

https://archives.fedoraproject.org/pub/archive/epel/7/$basearch

and change the baseurl for enabled entries in /etc/yum.repos.d/CentOS-Base.repo 
to point at: http://vault.centos.org/7.9.2009/os/$basearch/, 
http://vault.centos.org/7.9.2009/updates/$basearch/ etc.

That said you should update to a newer version of the distro as soon as you can.

If you are still running RHEL 7 (and have a subscription to the Extended Life Cycle Support
(ELS) Add-On, you should also change the baseurl in /etc/yum.repos.d/epel.repo, 
as described above.

If you previously used EPEL but disabled it, by setting enabled=0 for [epel] in
/etc/yum.repos.d/epel.repo, use a text editor to change that to enabled=1.


(e) For Debian 10 - 12 and Ubuntu 22 and 24 apt-key list is no longer in use.
Instead you will import the LON-CAPA repos key into /etc/apt/keyrings and
reference the key in the repo entry in /etc/apt/sources.list.d/loncapa.list
See the installation instructions on the install.loncapa.ogrg site for 
Debian and the latest Ubuntu versions.
 

2) Update LONCAPA-prerequisites to 1-35

(a) CentOS/RHEL/Oracle Linux/Rocky Linux/AlmaLinux 8 and 9

dnf update

(b) CentOS/RHEL/Scientific Linux/Oracle Linux 7 (or older)

yum update

Use:

yum repolist enabled 

to display currently enabled repos (which should include epel).

(c) SLES

To refresh the LON-CAPA repository use:  zypper refresh -fdb
To update LONCAPA-prerequisites use: 
zypper install LONCAPA-prerequisites

(d) Ubuntu 

sudo apt-get update
sudo apt-get upgrade

(e) Debian

apt-get update
apt-get upgrade

(f) Fedora

dnf update

On all distributions, it is recommended that you check that you have
the correct version of LONCAPA-prerequisites installed before proceeding.

(i) CentOS/RHEL/Oracle Linux/Rocky Linux/AlmaLinux/Fedora/SLES
rpm -q LONCAPA-prerequisites

should report:
LONCAPA-prerequisites-1-35.X
(where X is a distro identifier e.g., rhel9.noarch)

(ii) Ubuntu
sudo dpkg -l loncapa-prerequisites

should report
ii loncapa-prerequisites 1.35-X
(where X is a version number which depends on Ubuntu distro)

Note: LONCAPA-prerequisites 1-26 for RHEL/CentOS 7 replaced the
dependency on R with a dependency on R-core.  Accordingly, for
those distros, after updating to 1-35, from 1-25
or earlier you can use:

yum remove R R-core-devel R-devel R-java R-java-devel libMath-devel

and you can also use yum to remove java-1.8.0-openjdk and/or 
java-1.7.0-openjdk (which are R-java dependencies), unless you have
modified a standard LON-CAPA installation with packages which
themselves require java.


3) Download the new LON-CAPA tarball:
wget 'https://install.lon-capa.org/versions/loncapa-2.11.6.tar.gz'

and confirm its integrity by comparison with the checksum available
at https://install.lon-capa.org/checksums/2.11.6.txt , by running

sha256sum loncapa-2.11.6.tar.gz

against the downloaded tarball.

Note: the 2.11.6.txt file has been signed, and to verify the integrity
of the two checksums included in that file (one for loncapa-2.11.6.tar.gz
and one for install.tar, used to prepare a new server/VM for LON-CAPA 
installation), you can use: gpg --verify 2.11.6.txt to check the
file after you have imported the LON-CAPA Release Manager public key, 
(available on request), into your keyring.


4) untar the tarball:
tar xzvf loncapa-2.11.6.tar.gz


5) stop the LON-CAPA system services

RHEL/CentOS/Rocky Linux/AlmaLinux 8 & 9, Oracle Linux 7 - 9,
Ubuntu 18 - 24, SLES15, Debian 10 - 12, Fedora

/home/httpd/perl/loncontrol stop

Other distros/versions:
/etc/init.d/loncontrol stop


6) stop the web server:

RHEL/Oracle Linux/Rocky Linux/AlmaLinux/CentOS 7 (and newer)
systemctl stop httpd

Fedora
service httpd stop

SLES15/Debian, Ubuntu 18 and newer
systemctl stop apache2

SLES12
service apache2 stop

Ubuntu 16 and older
/etc/init.d/apache2 stop


7) Run the UPDATE script as root
(Note: you will be asked to confirm that you wish to remove files
installed by older versions of LON-CAPA which are no longer used by 2.11.6).

cd loncapa-2.11.6
./UPDATE


8) If you are updating a LON-CAPA library server from LON-CAPA version
2.10.1 or earlier, you will need to run a script to migrate Authoring 
Spaces in domain(s) hosted on the server from their old locations in:
/home/ to their new locations in /home/httpd/html/priv

To do this use the command:
perl /home/httpd/perl/debug/move_construction_spaces.pl move

Note: You can perform a dry-run, which will show what would happen, but will
not actually move anything, by omitting the "move" argument.


9) If your Apache web server has been configured to use SSL, and you have
included rewrite rules to rewrite all requests to http://<yourserver>/
to https://<yourserver>/ it is recommended you modify your rewrite rule to
(a) allow internal HEAD requests to /cgi-bin/mimetex.cgi to be served
http://, in order to support vertical alignment of mimetex images
(one of the options for rendering Math content); (b) allow requests
for certain URLs (external resource, annotations, and syllabus)
to be served http:// under certain conditions.

Starting with LON-CAPA 2.10, a config file containing rewrite
rules -- loncapa_rewrite.conf -- is added to /etc/httpd/conf
(CentOS, Red Hat, Scientific Linux, Oracle Linux, Rocky Linux,
AlmaLinux, Fedora) or /etc/apache2 (SLES, Ubuntu, Debian).
By default, rewrites are set to off (using RewriteEngine off).

If you already have you own rewrite rules in place for http -> https
you should either transfer them to loncapa_rewrite.conf, after
completing the LON-CAPA update, or leave your existing file in place 
and comment out the entries in loncapa_rewrite.conf. Otherwise, if you are 
using SSL with Apache, and would like requests to http://<yourserver>/
to be rewritten to https://<yourserver>/, you should copy
rewrites/loncapa_rewrite_on.conf to loncapa_rewrite.conf to enable this.
The rules included in that config file do not rewrite internal
requests (i.e., from 127.0.0.1) to https://, so vertical alignment
of mimetex images is supported. In 2.11 there are also rules to exclude
certain URLs from rewrites to https:// to avoid issues with 
mixed active content.

The 2.11.3 release included updates to rewrites/loncapa_rewrite_on.conf 
and rewrites/loncapa_rewrite_off.conf.  If you are updating from 2.11.2
or earlier and have customized loncapa_rewrite.conf then you should 
edit that file to incorporate the changes, which include addition of
this condition in a couple of places:

RewriteCond %{QUERY_STRING} (^|&(amp;|))usehttp=1($|&)

If you have not customized the file, then to enable rewrites, copy 
rewrites/loncapa_rewrite_on.conf to loncapa_rewrite.conf 
or copy rewrites/loncapa_rewrite_off.conf to loncapa_rewrite.conf 
to disable rewrites.

If your Apache configuration includes Strict-Transport-Security 
with max-age > 0, then http to https rewrites will apply for all URLs, 
so vertical alignment of mimetex images will not be supported, and 
browsers will block mixed active content for external resources and/or 
an external syllabus that uses http within an iframe on an https page.

Once you have the rules for ^/adm/wrapper/ext/(?!https:) and
^/public/.*/syllabus$ in place in loncapa_rewrite.conf, unless you use
Strict-Transport-Security you should also add the following to your 
<VirtualHost *:443> </VirtualHost> block, (the "*" might be:
 _default_ or an IP address or *):

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTPS} =on
  RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:\/\/)
  RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)
  RewriteRule ^/adm/wrapper/ext/(?!https:\/\/) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]
  RewriteCond %{REMOTE_ADDR} 127.0.0.1
  RewriteRule (.*) - [L]
  RewriteCond %{REMOTE_ADDR} <Server IP>
  RewriteRule (.*) - [L]
  RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$
  RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)
  RewriteRule ^/public/.*/syllabus$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]
</IfModule>

replacing <Server IP> with the IP address of the server itself.

Note: this is only needed if you are using SSL (i.e., requests to
https://<yourserver>/ are supported) and you want to rewrite external
requests to http://<yourserver>/ to always use https://<yourserver>/
(with the exceptions noted above).


10) Note about /home/httpd/lib/perl/localenroll.pm
When you use UPDATE to update an existing LON-CAPA installation to a newer
version, the customizable localenroll.pm file is not overwritten.  This
is the file which must be customized to support integration of LON-CAPA
with institutional data sources (e.g., for automated update of course
rosters or user information). Whenever new routines are included in
localenroll.pm these will appear in localenroll-std.pm, which is updated
when a new LON-CAPA version is installed.

If you have previously customized localenroll.pm it is recommended that
you compare the contents of localenroll.pm and localenroll-std.pm after
an update to see if there are new subroutines (which exist as stubs in
localenroll-std.pm) which can be copied to your custom localenroll.pm,
and later customized, should you wish to use that functionality.

Recent additions to localenroll.pm included: (a) instsec_reformat(), used
to eliminate ambiguity in extraction of institutional section from
institutional course section, as used for automated enrollment, and when
compiling information shown for official courses in the course catalog,
(b) validate_crosslist_access(), used to check whether an official
course with the institutional code can have access to enrollment data
from a cross-listed institutional section code, given a co-owner, (c)
unamemap_rules() and unamemap_check() used to support authentication of
an alternate username, e.g., username entered in log-in page was email
address (userid at example.tld) instead of just userid, (d) export_grades(),
which can be customized to push grade information for placement tests to 
some other gradebook, LCMS, or administrative system external to LON-CAPA.


11) restart the LON-CAPA system services:

RHEL/CentOS/Rocky/AlmaLinux 8 & 9, Oracle Linux 7 - 9, SLES 15,
Debian 10 - 12, Fedora (and newer)
/home/httpd/perl/loncontrol start

Ubuntu 18 - 24
sudo /home/httpd/perl/loncontrol start  

Other distros/versions
/etc/init.d/loncontrol start


12) restart the webserver:

RHEL/Oracle/Rocky/AlmaLinux/CentOS 7 (and newer)
systemctl start httpd

Fedora 17 (and newer)
service httpd start

SLES15/Debian
systemctl start apache2

Ubuntu 18 (and newer)
sudo systemctl start apache2

Ubuntu 16 (and older)
sudo /etc/init.d/apache2 start

SLES12
service apache2 start


13) It is recommended that loncron is run
(as the www user) after installation/update is complete.
(On Ubuntu LTS servers, first do: sudo -i )

su www
/home/httpd/perl/loncron

This will write to files in /home/httpd/lonTabs used to
store information about LON-CAPA versions on other servers in
the cluster to which the server belongs.  It may take some
minutes to complete as the script will contact other servers
in the LON-CAPA network sequentially.


14) It is also recommended that you check disk usage for courses
and Authoring Spaces, as 2.11 introduced default quotas of 0.5 GB
for each course (content uploaded directly via Course Editor) and
the same for each author.

For courses, log-in as Domain Coordinator and use:
Main Menu -> Status of domain servers -> Display quotas and usage for
Course/Community Content.

For Authoring Spaces, log-in as Domain Coordinator and use:
Main Menu -> Create users or modify the roles and privileges of users
->  Manage Users, and select Author in the "Role" dropdown, then
press the "Display List of Users" button.

The 0.5 GB default quota for Authoring Spaces in domain can be replaced via:
Main Menu -> Set domain configuration -> Blogs, personal web pages,
webDAV/quotas, portfolios

The 0.5 GB default quota for Courses can be replaced via:
Main Menu -> Set domain configuration -> Course/Community defaults

Quotas for individual authors can be set via:
Main Menu -> Create users or modify the roles and privileges of users
-> Add/Modify a User

Quotas for individual courses can be set via:
Main Menu -> View or modify a course or community
then search/select the course and use:
"View/Modify quotas for group portfolio files, and for uploaded content".


----NOTES
1) Defects reports, and enhancements requests can be entered at
         https://bugs.lon-capa.org
2) Mailing lists can be joined and left at https://mail.lon-capa.org
3) Installation/update support is available from helpdesk at loncapa.org

Stuart Raeburn
LON-CAPA Academic Consortium