[LON-CAPA-cvs] cvs: loncom /build Makefile doc/loncapafiles buildfiles.lpml systemd_config_check.piml
raeburn
raeburn at source.lon-capa.org
Sun Jul 28 15:40:59 EDT 2024
raeburn Sun Jul 28 19:40:59 2024 EDT
Added files:
/doc/loncapafiles systemd_config_check.piml
Modified files:
/doc/loncapafiles buildfiles.lpml
/loncom/build Makefile
Log:
- Include script to check ProtectHome value for systemd service for web
server, and modify/set new value as needed, when using ./UPDATE to
install/update a LON-CAPA instance.
-------------- next part --------------
Index: doc/loncapafiles/buildfiles.lpml
diff -u doc/loncapafiles/buildfiles.lpml:1.33 doc/loncapafiles/buildfiles.lpml:1.34
--- doc/loncapafiles/buildfiles.lpml:1.33 Tue Jul 9 01:25:07 2024
+++ doc/loncapafiles/buildfiles.lpml Sun Jul 28 19:40:59 2024
@@ -2,7 +2,7 @@
"http://lpml.sourceforge.net/DTD/lpml.dtd">
<!-- buildfiles.lpml -->
-<!-- $Id: buildfiles.lpml,v 1.33 2024/07/09 01:25:07 raeburn Exp $ -->
+<!-- $Id: buildfiles.lpml,v 1.34 2024/07/28 19:40:59 raeburn Exp $ -->
<!--
@@ -410,6 +410,18 @@
</note>
</file>
<file>
+ <source>doc/loncapafiles/systemd_config_check.piml</source>
+ <target dist='default'>systemd_config_check.piml</target>
+ <categoryname>system file</categoryname>
+ <description>
+Check for distros/versions which use systemctl, and check if ProtectHome property is set to readonly or yes
+for web server (httpd.service or apache2.service, depending on distro). If so, attempt to set ProtectHome=no
+in /etc/systemd/httpd.service.d/override.conf or /etc/systemd/apache2.service.d/override.conf, as appropriate.
+ </description>
+ <note>
+ </note>
+</file>
+<file>
<source>doc/loncapafiles/lcmathcomplex.piml</source>
<target dist='default'>lcmathcomplex.piml</target>
<categoryname>system file</categoryname>
Index: loncom/build/Makefile
diff -u loncom/build/Makefile:1.225 loncom/build/Makefile:1.226
--- loncom/build/Makefile:1.225 Mon Jul 8 23:46:06 2024
+++ loncom/build/Makefile Sun Jul 28 19:40:59 2024
@@ -1,6 +1,6 @@
# The LearningOnline Network with CAPA
-# $Id: Makefile,v 1.225 2024/07/08 23:46:06 raeburn Exp $
+# $Id: Makefile,v 1.226 2024/07/28 19:40:59 raeburn Exp $
# TYPICAL USAGE of this Makefile is primarily for two targets:
# "make build" and "make install".
@@ -150,6 +150,7 @@
@echo "rpmcheck: test to see if rpms known to confict are installed."
@echo "wrap_setuid: put a C wrapper around setuid scripts."
@echo "bash_config_check: test if enable-bracketed-paste set to on."
+ @echo "systemd_config_check: test if ProtectHome set to readonly."
@echo "latex_fixup: regenerate ls-R database for the latex base."
@echo "picins_check: check for picins.sty, retrieve and rebuild"
@echo " filename databases used by LaTeX"
@@ -555,6 +556,11 @@
perl piml_parse.pl $(CATEGORY) $(DIST) "$(TARGET)" $(LAUNCH) | \
tee -a WARNINGS
+systemd_config_check:
+ cat $(SOURCE)/doc/loncapafiles/systemd_config_check.piml | \
+ perl piml_parse.pl $(CATEGORY) $(DIST) "$(TARGET)" $(LAUNCH) | \
+ tee -a WARNINGS
+
postinstall:
make postaboutVERSION
make webserverconf
@@ -579,6 +585,7 @@
make mimetex_version_check
make verify_domconfiguser
make bash_config_check
+ make systemd_config_check
make latex_fmtutil
make lcmathcomplex
sed -i "s/\x08\x08*/.../g" WARNINGS
Index: doc/loncapafiles/systemd_config_check.piml
+++ doc/loncapafiles/systemd_config_check.piml
<!DOCTYPE piml PUBLIC "-//TUX/DTD piml 1.0 Final//EN"
"http://lpml.sourceforge.net/DTD/piml.dtd">
<!-- systemd_config_check.piml -->
<!-- $Id: systemd_config_check.piml,v 1.1 2024/07/28 19:40:59 raeburn Exp $ -->
<!--
This file is part of the LearningOnline Network with CAPA (LON-CAPA).
LON-CAPA is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
LON-CAPA is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with LON-CAPA; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
/home/httpd/html/adm/gpl.txt
http://www.lon-capa.org/
-->
<piml>
<targetroot>/</targetroot>
<files>
<file>
<target dist="default">/home/httpd/perl</target>
<perlscript mode="fg">
use strict;
my $service = 'apache2.service';
my $use_systemctl;
my ($dist,$version) = ('<DIST />' =~ /^([A-Za-z]+)([\d\.]+)$/);
if (($dist eq 'sles') || ($dist eq 'suse')) {
if ($version >= 12) {
$use_systemctl = 1;
}
} elsif ($dist eq 'fedora') {
if ($version >= 16) {
$use_systemctl = 1;
}
$service = 'httpd.service';
} elsif ($dist =~ /^(centos|rhes|scientific|oracle|rocky|alma)$/) {
if ($version >= 7) {
$use_systemctl = 1;
}
$service = 'httpd.service';
} elsif ($dist eq 'ubuntu') {
if ($version >= 16) {
$use_systemctl = 1;
}
} elsif ($dist eq 'debian') {
if ($version >= 9) {
$use_systemctl = 1;
}
}
if ($use_systemctl) {
system('systemctl daemon-reload');
if (open(PIPE,"systemctl show $service --property=ProtectHome 2>/dev/null |")) {
my $protection = <PIPE>;
close(PIPE);
chomp($protection);
if ($protection =~ /^ProtectHome=(read-only|yes)$/i) {
if (!-d '/etc/systemd/system/'.$service.'.d') {
mkdir '/etc/systemd/system/'.$service.'.d', 0755;
}
if (-d '/etc/systemd/system/'.$service.'.d') {
if (-e '/etc/systemd/system/'.$service.'.d/override.conf') {
if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) {
my ($inservice,$addservice,$protectoff,$linenum,$change, at lines);
while (my $entry = <$fh>) {
$linenum ++;
chomp($entry);
if ($entry eq '[Service]') {
if (!$protectoff) {
$inservice = $linenum;
push(@lines,$entry);
} else {
$addservice = 1;
next;
}
}
if ($entry =~ /^ProtectHome\s*=\s*([\w-]+)\s*$/) {
my $value = $1;
if ($protectoff) {
next;
if (lc($value) eq 'no') {
$protectoff = $linenum;
push(@lines,$entry);
} else {
if ($protectoff) {
next;
} else {
push(@lines,'ProtectHome=no');
$protectoff = $linenum;
$change = $linenum;
}
}
}
}
}
close($fh);
if ($addservice || $change || !$protectoff) {
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
if ($addservice) {
print $fh "[Service]\n";
}
foreach my $entry (@lines) {
print $fh "$entry\n";
}
close($fh);
print 'Updated /etc/systemd/system/'.$service.'.d/override.conf'."\n";
system('systemctl daemon-reload');
} else {
print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n".
'LON-CAPA web interface will not be usable.'."\n";
}
}
}
} else {
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
print $fh '[Service]'."\n".'ProtectHome=no'."\n";
close($fh);
print 'Created /etc/systemd/system/'.$service.'.d/override.conf'."\n";
system('systemctl daemon-reload');
} else {
print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n".
'LON-CAPA web interface will not be usable.'."\n";
}
}
} else {
print '**** ERROR: No /etc/systemd/system/'.$service.'.d directory exists and creating one failed.'."\n".
'LON-CAPA web interface will not be usable.'."\n";
}
}
} else {
print '**** WARNING *** Could not determine status of ProtectHome property for systemd '.$service.".\n".
'It was not possible to determine whether LON-CAPA web interface will be usable.'."\n";
}
}
</perlscript>
</file>
</files>
</piml>
More information about the LON-CAPA-cvs
mailing list