[LON-CAPA-cvs] cvs: doc(version_2_11_X) /install/linux install.pl
raeburn
raeburn at source.lon-capa.org
Wed Nov 27 12:27:55 EST 2024
raeburn Wed Nov 27 17:27:55 2024 EDT
Modified files: (Branch: version_2_11_X)
/doc/install/linux install.pl
Log:
- For 2.11
Include changes in 1.96, 1.97, 1.98
-------------- next part --------------
Index: doc/install/linux/install.pl
diff -u doc/install/linux/install.pl:1.45.2.23 doc/install/linux/install.pl:1.45.2.24
--- doc/install/linux/install.pl:1.45.2.23 Mon Aug 5 13:42:44 2024
+++ doc/install/linux/install.pl Wed Nov 27 17:27:54 2024
@@ -76,7 +76,7 @@
&mt('Stopping execution.')."\n";
exit;
} else {
- print LOG '$Id: install.pl,v 1.45.2.23 2024/08/05 13:42:44 raeburn Exp $'."\n";
+ print LOG '$Id: install.pl,v 1.45.2.24 2024/11/27 17:27:54 raeburn Exp $'."\n";
}
#
@@ -901,11 +901,21 @@
$service = 'apache2.service';
}
system("systemctl daemon-reload");
- if (open(PIPE,"systemctl show $service --property=ProtectHome 2>/dev/null |")) {
- my $protection = <PIPE>;
+ if (open(PIPE,"systemctl show $service --property=ProtectHome --property=RestrictSUIDSGID 2>/dev/null |")) {
+ my ($protecthome,$suidsgid);
+ while (my $line = <PIPE>) {
+ chomp($line);
+ if ($line =~ /^ProtectHome=(read-only|yes)$/i) {
+ $protecthome = 1;
+ } elsif ($line =~ /^RestrictSUIDSGID=yes$/i) {
+ $suidsgid = 1;
+ }
+ }
close(PIPE);
- chomp($protection);
- if ($protection =~ /^ProtectHome=(read-only|yes)$/i) {
+ if ($protecthome) {
+ return 1;
+ }
+ if ($suidsgid) {
return 1;
}
} else {
@@ -2559,46 +2569,96 @@
if (-d '/etc/systemd/system/'.$service.'.d') {
if (-e '/etc/systemd/system/'.$service.'.d/override.conf') {
if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) {
- my ($inservice,$addservice,$protectoff,$linenum,$change, at lines);
+ my ($category,$addservice,$needs_update,$linenum,%is_no,%lines,
+ @move, at nocat, at ordered);
+ $linenum = 0;
while (my $entry = <$fh>) {
$linenum ++;
chomp($entry);
- if ($entry eq '[Service]') {
- if (!$protectoff) {
- $inservice = $linenum;
- push(@lines,$entry);
+ if ($entry =~ /^\s*\[([^\]]+)\]\s*$/) {
+ $category = $1;
+ if ($category =~ /^Service$/i) {
+ unless (grep(/^Service$/, at ordered)) {
+ push(@ordered,'Service');
+ }
} else {
- $addservice = 1;
- next;
+ unless (grep(/^\Q$category\E$/, at ordered)) {
+ push(@ordered,$category);
+ }
}
- }
- if ($entry =~ /^ProtectHome\s*=\s*([\w-]+)\s*$/) {
- my $value = $1;
- if ($protectoff) {
- next;
- if (lc($value) eq 'no') {
- $protectoff = $linenum;
- push(@lines,$entry);
+ } elsif ($entry =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*([\w-]+)\s*$/) {
+ my ($key,$value) = ($1,$2);
+ next if ($is_no{$key});
+ if (lc($value) eq 'no') {
+ if ($category =~ /^Service$/i) {
+ push(@{$lines{'Service'}},$entry);
} else {
- if ($protectoff) {
- next;
- } else {
- push(@lines,'ProtectHome=no');
- $protectoff = $linenum;
- $change = $linenum;
- }
+ push(@move,$entry);
+ $needs_update = 1;
+ }
+ } else {
+ my $offstr = $key.'=no';
+ if ($category =~ /^Service$/i) {
+ push(@{$lines{'Service'}},$offstr);
+ } else {
+ push(@move,$offstr);
}
+ $needs_update = 1;
+ }
+ $is_no{$key} = $linenum;
+ } else {
+ next if ($entry =~ /^\s*$/);
+ if ($category =~ /^Service$/i) {
+ push(@{$lines{'Service'}},$entry);
+ } elsif ($category ne '') {
+ push(@{$lines{$category}},$entry);
+ } else {
+ push(@nocat,$entry);
}
}
}
close($fh);
- if ($addservice || $change || !$protectoff) {
+ unless (grep(/^Service$/, at ordered)) {
+ $addservice = 1;
+ unshift(@ordered,'Service');
+ }
+ foreach my $item ('ProtectHome','RestrictSUIDSGID') {
+ unless (exists($is_no{$item})) {
+ push(@{$lines{'Service'}},$item.'=no');
+ $needs_update = 1;
+ }
+ }
+ if ($addservice || $needs_update) {
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
- if ($addservice) {
- print $fh "[Service]\n";
+ if (@ordered) {
+ foreach my $category (@ordered) {
+ print $fh "[$category]\n";
+ if (ref($lines{$category}) eq 'ARRAY') {
+ foreach my $item (@{$lines{$category}}) {
+ print $fh "$item\n";
+ }
+ }
+ if ($category eq 'Service') {
+ if (@move) {
+ foreach my $item (@move) {
+ if ($item =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*no\s*$/i) {
+ my $key = $1;
+ unless (grep/^$key\s*=\s*no\s*$/i,@{$lines{$category}}) {
+ print $fh "$item\n";
+ }
+ } else {
+ print $fh "$item\n";
+ }
+ }
+ }
+ }
+ print $fh "\n";
+ }
}
- foreach my $entry (@lines) {
- print $fh "$entry\n";
+ if (@nocat) {
+ foreach my $item (@nocat) {
+ print $fh "$item\n";
+ }
}
close($fh);
print_and_log('Updated /etc/systemd/system/'.$service.'.d/override.conf');
@@ -2614,10 +2674,12 @@
}
} else {
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
- print $fh '[Service]'."\n".'ProtectHome=no'."\n";
+ print $fh '[Service]'."\n".'ProtectHome=no'."\n".'RestrictSUIDSGID=no'."\n";
close($fh);
print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf');
system('systemctl daemon-reload');
+ } else {
+ print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for writing.');
}
}
} else {
More information about the LON-CAPA-cvs
mailing list