Subversion Repositories ALCASAR

Rev

Rev 3111 | Rev 3147 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2941 rexy 1
#!/bin/bash
2
 
3
# alcasar-rpm.sh
4
# by 3abtux and Rexy
5
# This script is distributed under the Gnu General Public License (GPL)
6
 
2990 rexy 7
# script de mise en place des dépots RPM + installation des RPM complémentaires
8
# configure the RPM repository + complementary RPM installation
2941 rexy 9
 
10
Lang=`echo $LANG|cut -c 1-2`
2971 rexy 11
SED="/bin/sed -i"
3077 rexy 12
VERSION="8"
2941 rexy 13
ARCH="x86_64"
14
# The kernel version we compile netflow for
3103 rexy 15
KERNEL="kernel-server-5.15.82-1.mga8-1-1.mga8"
2941 rexy 16
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
17
# (old) perl-Socket6 : needed by nfsen
18
# "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf
3077 rexy 19
# "lsscsi" & nvme-cli" & "php-dom" : needed by phpsysinfo
2941 rexy 20
# "socat" : avoid a warning when run the install script of letsencrypt ("acme.sh")
21
# "sudo" : needed after a reinstallation (to be investigated)
2990 rexy 22
# "clamav" + "clamav-db" : needed because of a lack of mutual dependance
3053 rexy 23
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method
3114 rexy 24
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom php-filter unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
2941 rexy 25
 
26
rpm_repository_sync ()
27
{
3111 rexy 28
	cat <<EOF > /etc/urpmi/urpmi.cfg
2941 rexy 29
{
30
downloader: wget
31
}
32
EOF
3111 rexy 33
	echo ${!MIRRORLIST}
34
	urpmi.addmedia core --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/core/release
35
	urpmi.addmedia core-updates --update --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/core/updates
36
	urpmi.addmedia nonfree --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/nonfree/release
37
	urpmi.addmedia nonfree-updates --update --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/nonfree/updates
2941 rexy 38
}
39
 
40
rpm_error ()
41
{
3111 rexy 42
	# restore previous rpm conf file & removed RPMs
43
	[ -e /etc/urpmi/urpmi.cfg.old ] && mv /etc/urpmi/urpmi.cfg.old /etc/urpmi/urpmi.cfg
44
	urpmi --no-verify-rpm --auto rpms/$ARCH/wkhtmltopdf*.rpm
45
	urpmi --auto --quiet freeradius-ldap lighttpd-mod_auth
46
	echo
47
	if [ $Lang == "fr" ]
48
	then
49
		echo "Relancez l'installation ultérieurement."
50
		echo "Si vous rencontrez à nouveau ce problème, modifier les variables MIRRORLIST[1&2] du fichier 'scripts/alcasar-rpm.sh'"
51
	else
52
		echo "Try an other install later."
53
		echo "If this problem occurs again, change the MIRRORLIST[1&2] variables in the file 'scripts/alcasar-rpm.sh'"
54
	fi
2941 rexy 55
}
56
 
57
# extract the current Mageia version and hardware architecture (i586 ou X64)
58
fic=`cat /etc/product.id`
59
old="$IFS"
60
IFS=","
61
set $fic
62
for i in $*
63
do
64
	if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]
65
	then
66
		DISTRIBUTION=`echo $i|cut -d"=" -f2`
67
	fi
68
	if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]
69
	then
70
		CURRENT_VERSION=`echo $i|cut -d"=" -f2`
71
	fi
72
	if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
73
	then
74
		ARCH=`echo $i|cut -d"=" -f2`
75
	fi
76
done
77
IFS="$old"
78
 
79
# We prefer wget than curl
80
urpmi --no-verify-rpm --auto rpms/$ARCH/wget*.rpm
81
 
82
# Set the RPM repository (if not already set)
3111 rexy 83
cp /etc/urpmi/urpmi.cfg /etc/urpmi/urpmi.cfg.old
2941 rexy 84
ACTIVE_REPO=`cat /etc/urpmi/urpmi.cfg|grep "mageia.org"|wc -l`
2990 rexy 85
MIRROR_NBR=3
86
#                       For French
87
MIRRORLIST1="http://ftp.free.fr/mirrors/mageia.org/distrib/$VERSION/$ARCH"
2941 rexy 88
#                       For Europeans
2990 rexy 89
MIRRORLIST2="https://www.mirrorservice.org/pub/mageia/distrib/$VERSION/$ARCH"
90
#                       For everybody
91
MIRRORLIST3="https://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list"
2941 rexy 92
try_nb="0"; nb_repository="0"
93
while [ "$nb_repository" != "4" ]
94
do
95
	try_nb=`expr $try_nb + 1`
96
	MIRRORLIST="MIRRORLIST$try_nb"
97
	rpm_repository_sync
98
	nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l`
99
	if [ "$nb_repository" != "4" ]
100
	then
101
		if [ $Lang == "fr" ]
102
		then
103
			echo "Une erreur a été détectée lors de la synchronisation avec le dépot N°$try_nb."
104
		else
105
			echo "An error occurs when synchronising the repositories N°$try_nb"
106
		fi
107
		if [ $(expr $try_nb) -eq $MIRROR_NBR ]
108
		then
109
			rpm_error
110
			exit 1
111
		fi
112
		if [ $Lang == "fr" ]
113
		then
114
			echo "Voulez-vous tenter une synchronisation avec un autre dépôt ? (O/n)"
115
		else
116
			echo "Do you want to try a synchronisation with an other repository? (Y/n)"
117
		fi
118
		response=0
119
		PTN='^[oOnNyY]?$'
120
		until [[ "$response" =~ $PTN ]]
121
		do
122
			read response
123
		done
124
		if [ "$response" = "n" ] || [ "$response" = "N" ]
125
		then
3111 rexy 126
			[ -e /etc/urpmi/urpmi.cfg.old ] && mv /etc/urpmi/urpmi.cfg.old /etc/urpmi/urpmi.cfg # restore previous rpm conf file
2941 rexy 127
			exit 1
128
		fi
129
	fi
130
done
3093 rexy 131
 
132
# At this time, we only skip Kernel update
133
echo "/^kernel/" > /etc/urpmi/skip.list
134
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
135
	$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
136
else
137
	echo "exclude=kernel*" >> /etc/dnf/dnf.conf
138
fi
139
 
140
# Remove some RPMs in order to avoid error and automatic update
3111 rexy 141
urpme wkhtmltopdf freeradius-ldap lighttpd-mod_auth
3093 rexy 142
 
2941 rexy 143
# download the kernel used by ALCASAR
144
if [ $Lang == "fr" ]
145
then
146
	echo "Récupération du noyau Linux exploité par ALCASAR. Veuillez patienter ..."
147
else
148
	echo "Download the Linux kernel used by ALCASAR. Please wait ..."
149
fi
150
urpmi --auto --quiet $KERNEL
3093 rexy 151
 
2941 rexy 152
# download updated RPM in cache
153
if [ $Lang == "fr" ]
154
then
155
	echo "Récupération des paquetages de mise à jour. Veuillez patienter ..."
156
	echo "Il est temps d'aller prendre un café (ou une bonne bière) ;-)"
157
else
158
	echo "Updated RPM download. Please wait ..."
159
	echo "You should now take a coffe (or a good beer) ;-)"
160
fi
161
urpmi --auto --auto-update --quiet --test --retry 2
162
if [ "$?" != "0" ]
163
then
164
	echo
165
	if [ $Lang == "fr" ]
166
	then
167
		echo "Une erreur a été détectée lors de la récupération des paquetages."
168
	else
169
		echo "An error occurs when downloading RPMS"
170
	fi
171
	rpm_error
172
	exit 1
173
fi
174
 
175
# update with cached RPM
176
urpmi --auto --auto-update
177
if [ "$?" != "0" ]
178
then
179
	echo
180
	if [ $Lang == "fr" ]
181
	then
182
		echo "Une erreur a été détectée lors de la mise à jour des paquetages."
183
	else
184
		echo "An error occurs when updating packages"
185
	fi
186
	rpm_error
187
	exit 1
188
fi
189
# Clean the RPM cache
190
urpmi --clean
191
 
192
# Download of ALCASAR specifics RPM in cache (and test)
193
if [ $Lang == "fr" ]
194
then
195
	echo "Récupération des paquetages complémentaires. Veuillez patienter ..."
196
else
197
	echo "Download of complementary packages. Please wait ..."
198
fi
199
urpmi --auto --no-recommends $PACKAGES --quiet --test --retry 2
200
if [ "$?" != "0" ]
201
then
202
	echo
203
	if [ $Lang == "fr" ]
204
	then
205
		echo "Une erreur a été détectée lors de la récupération des paquetages complémentaires."
206
	else
207
		echo "An error occurs when downloading complementary packages"
208
	fi
209
	rpm_error
210
	exit 1
211
fi
212
 
213
# update with cached RPM
214
urpmi --auto --no-recommends $PACKAGES
215
if [ "$?" != "0" ]
216
then
217
	echo
218
	if [ $Lang == "fr" ]
219
	then
220
		echo "Une erreur a été détectée lors de l'installation des paquetages complémentaires."
221
	else
222
		echo "An error occurs when installing complementary packages"
223
	fi
224
	rpm_error
225
	exit 1
226
fi
227
 
228
# Keep only the kernel version we compil netflow with, and remove all others
229
kernelVersion=$(rpm -qa | grep -e ^kernel-server -e ^kernel-desktop)
230
for i in $kernelVersion
231
do
232
	if [ $i != $KERNEL ];then
233
		urpme --auto $i
234
	fi
235
done
3093 rexy 236
 
2941 rexy 237
# delete unused RPMs
238
if [ $Lang == "fr" ]
239
then
240
	echo "Cleaning the system : "
241
else
242
	echo "Nettoyage du système : "
243
fi
3104 rexy 244
unused_rpm="shorewall mandi plymouth squid polkit pm-utils dnsmasq"
2988 rexy 245
/usr/sbin/urpme --auto -a $unused_rpm
3093 rexy 246
for rpm in `rpm -qa|grep mga7`; do urpme --auto $rpm; done
2941 rexy 247
/usr/sbin/urpme --auto --auto-orphans
248
 
249
# Save chilli launch script (erase with new rpm one)
250
[ -e /etc/chilli.conf ] && cp /etc/chilli.conf /tmp/
251
# Install home made RPMs
252
for pkg in `ls rpms/$ARCH/*.rpm`
253
do
254
    urpmi --no-verify --auto $pkg
255
done
256
# restore chilli launch script
257
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/
3093 rexy 258
 
2941 rexy 259
# Clean the RPM cache
260
urpmi --clean
261
# the ipt-netflow RPM add the kernel module ipt_NETFLOW (the modules dependance tree need to be updated). "2>/dev/null" in order not to display a error (the running kernel is not the ALCASAR one during the installation process)
262
/sbin/depmod -a 2>/dev/null
263
# test if all needed rpms are correctly installed
264
count_pkg=0; nb_pkg=0;
265
for pkg in $PACKAGES
266
do
267
	nb_pkg=`expr $nb_pkg + 1`
268
	if rpm -q --quiet $pkg ; then
269
		count_pkg=`expr $count_pkg + 1`
270
	else
271
		echo "error installing $pkg"
272
	fi
273
done
274
if [ $count_pkg -ne $nb_pkg ]
275
then
276
	exit 1
277
fi
3093 rexy 278
 
2941 rexy 279
# test if all custom rpms are correctly installed
280
count_pkg=0; nb_pkg=0;
281
for pkg in `ls rpms/$ARCH/|sed 's/.x86_64.rpm//'`
282
do
283
	nb_pkg=`expr $nb_pkg + 1`
284
	if rpm -q --quiet $pkg ; then
285
		count_pkg=`expr $count_pkg + 1`
286
	else
287
		echo "error installing $pkg"
288
	fi
289
done
290
if [ $count_pkg -ne $nb_pkg ]
291
then
292
	exit 1
293
fi
3104 rexy 294
 
295
# .rpmnew handling (unused with ALCASAR)
296
[ -e /etc/shadow.rpmnew ] && rm -f /etc/shadow.rpmnew
297
[ -e /etc/sysconfig/system.rpmnew ] && rm -f /etc/sysconfig/system.rpmnew
298
[ -e /etc/rpm/macros.rpmnew ] && rm -f /etc/rpm/macros.rpmnew
299
[ -e /etc/fstab.rpmnew ] && rm -f /etc/fstab.rpmnew
300
[ -e /etc/shells.rpmnew ] && rm -f /etc/shells.rpmnew
301
[ -e /etc/hosts.rpmnew ] && rm -f /etc/hosts.rpmnew
302
[ -e /etc/systemd/journald.conf.rpmnew ] && rm -f /etc/systemd/journald.conf.rpmnew
303
[ -e /etc/raddb/certs/dh.rpmnew ] && rm -f /etc/raddb/certs/dh.rpmnew
304
 
305
# .rpmnew handling (used with ALCASAR)
306
[ -e /etc/php.ini.rpmnew ] && mv -f /etc/php.ini.rpmnew /etc/php.ini.default
307
[ -e /etc/lighttpd/lighttpd.conf.rpmnew ] && mv -f /etc/lighttpd/lighttpd.conf.rpmnew /etc/lighttpd/lighttpd.conf.default
308
[ -e /etc/lighttpd/modules.conf.rpmnew ] && mv -f /etc/lighttpd/modules.conf.rpmnew /etc/lighttpd/modules.conf.default
309
[ -e /etc/e2guardian/e2guardian.conf.rpmnew ] && mv -f /etc/e2guardian/e2guardian.conf.rpmnew /etc/e2guardian/e2guardian.conf.default
310
[ -e /etc/e2guardian/e2guardianf1.conf.rpmnew ] && mv -f /etc/e2guardian/e2guardianf1.conf.rpmnew /etc/e2guardian/e2guardianf1.conf.default
311
[ -e /etc/e2guardian/lists/urlregexplist.rpmnew ] && mv -f /etc/e2guardian/lists/urlregexplist.rpmnew /etc/e2guardian/lists/urlregexplist.default
312
[ -e /etc/e2guardian/lists/bannedregexpurllist.rpmnew ] && mv -f /etc/e2guardian/lists/bannedregexpurllist.rpmnew /etc/e2guardian/lists/bannedregexpurllist.default
313
[ -e /etc/clamd.conf.rpmnew ] && mv -f /etc/clamd.conf.rpmnew /etc/clamd.conf.default
314
[ -e /etc/freshclam.conf.rpmnew ] && mv -f /etc/freshclam.conf.rpmnew /etc/freshclam.conf.default
315
[ -e /etc/vnstat.conf.rpmnew ] && mv -f /etc/vnstat.conf.rpmnew /etc/vnstat.conf.default
316
[ -e /etc/fail2ban/jail.conf.rpmnew ] && mv -f /etc/fail2ban/jail.conf.rpmnew /etc/fail2ban/jail.conf.default
317
[ -e /etc/ssh/sshd_config.rpmnew ] && mv -f /etc/ssh/sshd_config.rpmnew /etc/ssh/sshd_config.default
318
 
2941 rexy 319
exit 0