2941 |
rexy |
1 |
#!/bin/bash
|
|
|
2 |
|
|
|
3 |
# alcasar-rpm.sh
|
|
|
4 |
# by 3abtux and Rexy
|
|
|
5 |
# This script is distributed under the Gnu General Public License (GPL)
|
|
|
6 |
|
2990 |
rexy |
7 |
# script de mise en place des dépots RPM + installation des RPM complémentaires
|
|
|
8 |
# configure the RPM repository + complementary RPM installation
|
2941 |
rexy |
9 |
|
|
|
10 |
Lang=`echo $LANG|cut -c 1-2`
|
2971 |
rexy |
11 |
SED="/bin/sed -i"
|
3077 |
rexy |
12 |
VERSION="8"
|
2941 |
rexy |
13 |
ARCH="x86_64"
|
|
|
14 |
# The kernel version we compile netflow for
|
3103 |
rexy |
15 |
KERNEL="kernel-server-5.15.82-1.mga8-1-1.mga8"
|
2941 |
rexy |
16 |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
|
|
|
17 |
# (old) perl-Socket6 : needed by nfsen
|
|
|
18 |
# "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf
|
3077 |
rexy |
19 |
# "lsscsi" & nvme-cli" & "php-dom" : needed by phpsysinfo
|
2941 |
rexy |
20 |
# "socat" : avoid a warning when run the install script of letsencrypt ("acme.sh")
|
|
|
21 |
# "sudo" : needed after a reinstallation (to be investigated)
|
2990 |
rexy |
22 |
# "clamav" + "clamav-db" : needed because of a lack of mutual dependance
|
3053 |
rexy |
23 |
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method
|
3099 |
rexy |
24 |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
|
2941 |
rexy |
25 |
|
|
|
26 |
rpm_repository_sync ()
|
|
|
27 |
{
|
|
|
28 |
cat <<EOF > /etc/urpmi/urpmi.cfg
|
|
|
29 |
{
|
|
|
30 |
downloader: wget
|
|
|
31 |
}
|
|
|
32 |
EOF
|
|
|
33 |
echo ${!MIRRORLIST}
|
|
|
34 |
urpmi.addmedia core --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/core/release
|
|
|
35 |
urpmi.addmedia core-updates --update --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/core/updates
|
|
|
36 |
urpmi.addmedia nonfree --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/nonfree/release
|
|
|
37 |
urpmi.addmedia nonfree-updates --update --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/nonfree/updates
|
|
|
38 |
}
|
|
|
39 |
|
|
|
40 |
rpm_error ()
|
|
|
41 |
{
|
|
|
42 |
echo
|
|
|
43 |
if [ $Lang == "fr" ]
|
|
|
44 |
then
|
|
|
45 |
echo "Relancez l'installation ultérieurement."
|
|
|
46 |
echo "Si vous rencontrez à nouveau ce problème, modifier les variables MIRRORLIST[1&2] du fichier 'scripts/alcasar-rpm.sh'"
|
|
|
47 |
else
|
|
|
48 |
echo "Try an other install later."
|
|
|
49 |
echo "If this problem occurs again, change the MIRRORLIST[1&2] variables in the file 'scripts/alcasar-rpm.sh'"
|
|
|
50 |
fi
|
|
|
51 |
}
|
|
|
52 |
|
|
|
53 |
# extract the current Mageia version and hardware architecture (i586 ou X64)
|
|
|
54 |
fic=`cat /etc/product.id`
|
|
|
55 |
old="$IFS"
|
|
|
56 |
IFS=","
|
|
|
57 |
set $fic
|
|
|
58 |
for i in $*
|
|
|
59 |
do
|
|
|
60 |
if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]
|
|
|
61 |
then
|
|
|
62 |
DISTRIBUTION=`echo $i|cut -d"=" -f2`
|
|
|
63 |
fi
|
|
|
64 |
if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]
|
|
|
65 |
then
|
|
|
66 |
CURRENT_VERSION=`echo $i|cut -d"=" -f2`
|
|
|
67 |
fi
|
|
|
68 |
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
|
|
|
69 |
then
|
|
|
70 |
ARCH=`echo $i|cut -d"=" -f2`
|
|
|
71 |
fi
|
|
|
72 |
done
|
|
|
73 |
IFS="$old"
|
|
|
74 |
|
|
|
75 |
# We prefer wget than curl
|
|
|
76 |
urpmi --no-verify-rpm --auto rpms/$ARCH/wget*.rpm
|
|
|
77 |
|
|
|
78 |
# Set the RPM repository (if not already set)
|
|
|
79 |
ACTIVE_REPO=`cat /etc/urpmi/urpmi.cfg|grep "mageia.org"|wc -l`
|
2990 |
rexy |
80 |
MIRROR_NBR=3
|
|
|
81 |
# For French
|
|
|
82 |
MIRRORLIST1="http://ftp.free.fr/mirrors/mageia.org/distrib/$VERSION/$ARCH"
|
2941 |
rexy |
83 |
# For Europeans
|
2990 |
rexy |
84 |
MIRRORLIST2="https://www.mirrorservice.org/pub/mageia/distrib/$VERSION/$ARCH"
|
|
|
85 |
# For everybody
|
|
|
86 |
MIRRORLIST3="https://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list"
|
2941 |
rexy |
87 |
try_nb="0"; nb_repository="0"
|
|
|
88 |
while [ "$nb_repository" != "4" ]
|
|
|
89 |
do
|
|
|
90 |
try_nb=`expr $try_nb + 1`
|
|
|
91 |
MIRRORLIST="MIRRORLIST$try_nb"
|
|
|
92 |
rpm_repository_sync
|
|
|
93 |
nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l`
|
|
|
94 |
if [ "$nb_repository" != "4" ]
|
|
|
95 |
then
|
|
|
96 |
if [ $Lang == "fr" ]
|
|
|
97 |
then
|
|
|
98 |
echo "Une erreur a été détectée lors de la synchronisation avec le dépot N°$try_nb."
|
|
|
99 |
else
|
|
|
100 |
echo "An error occurs when synchronising the repositories N°$try_nb"
|
|
|
101 |
fi
|
|
|
102 |
if [ $(expr $try_nb) -eq $MIRROR_NBR ]
|
|
|
103 |
then
|
|
|
104 |
rpm_error
|
|
|
105 |
exit 1
|
|
|
106 |
fi
|
|
|
107 |
if [ $Lang == "fr" ]
|
|
|
108 |
then
|
|
|
109 |
echo "Voulez-vous tenter une synchronisation avec un autre dépôt ? (O/n)"
|
|
|
110 |
else
|
|
|
111 |
echo "Do you want to try a synchronisation with an other repository? (Y/n)"
|
|
|
112 |
fi
|
|
|
113 |
response=0
|
|
|
114 |
PTN='^[oOnNyY]?$'
|
|
|
115 |
until [[ "$response" =~ $PTN ]]
|
|
|
116 |
do
|
|
|
117 |
read response
|
|
|
118 |
done
|
|
|
119 |
if [ "$response" = "n" ] || [ "$response" = "N" ]
|
|
|
120 |
then
|
|
|
121 |
exit 1
|
|
|
122 |
fi
|
|
|
123 |
fi
|
|
|
124 |
done
|
3093 |
rexy |
125 |
|
|
|
126 |
# At this time, we only skip Kernel update
|
|
|
127 |
echo "/^kernel/" > /etc/urpmi/skip.list
|
|
|
128 |
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
|
|
|
129 |
$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
|
|
|
130 |
else
|
|
|
131 |
echo "exclude=kernel*" >> /etc/dnf/dnf.conf
|
|
|
132 |
fi
|
|
|
133 |
|
|
|
134 |
# Remove some RPMs in order to avoid error and automatic update
|
|
|
135 |
urpme wkhtmltopdf freeradius-ldap
|
|
|
136 |
|
2941 |
rexy |
137 |
# download the kernel used by ALCASAR
|
|
|
138 |
if [ $Lang == "fr" ]
|
|
|
139 |
then
|
|
|
140 |
echo "Récupération du noyau Linux exploité par ALCASAR. Veuillez patienter ..."
|
|
|
141 |
else
|
|
|
142 |
echo "Download the Linux kernel used by ALCASAR. Please wait ..."
|
|
|
143 |
fi
|
|
|
144 |
urpmi --auto --quiet $KERNEL
|
3093 |
rexy |
145 |
|
2941 |
rexy |
146 |
# download updated RPM in cache
|
|
|
147 |
if [ $Lang == "fr" ]
|
|
|
148 |
then
|
|
|
149 |
echo "Récupération des paquetages de mise à jour. Veuillez patienter ..."
|
|
|
150 |
echo "Il est temps d'aller prendre un café (ou une bonne bière) ;-)"
|
|
|
151 |
else
|
|
|
152 |
echo "Updated RPM download. Please wait ..."
|
|
|
153 |
echo "You should now take a coffe (or a good beer) ;-)"
|
|
|
154 |
fi
|
|
|
155 |
urpmi --auto --auto-update --quiet --test --retry 2
|
|
|
156 |
if [ "$?" != "0" ]
|
|
|
157 |
then
|
|
|
158 |
echo
|
|
|
159 |
if [ $Lang == "fr" ]
|
|
|
160 |
then
|
|
|
161 |
echo "Une erreur a été détectée lors de la récupération des paquetages."
|
|
|
162 |
else
|
|
|
163 |
echo "An error occurs when downloading RPMS"
|
|
|
164 |
fi
|
|
|
165 |
rpm_error
|
|
|
166 |
exit 1
|
|
|
167 |
fi
|
|
|
168 |
|
|
|
169 |
# update with cached RPM
|
|
|
170 |
urpmi --auto --auto-update
|
|
|
171 |
if [ "$?" != "0" ]
|
|
|
172 |
then
|
|
|
173 |
echo
|
|
|
174 |
if [ $Lang == "fr" ]
|
|
|
175 |
then
|
|
|
176 |
echo "Une erreur a été détectée lors de la mise à jour des paquetages."
|
|
|
177 |
else
|
|
|
178 |
echo "An error occurs when updating packages"
|
|
|
179 |
fi
|
|
|
180 |
rpm_error
|
|
|
181 |
exit 1
|
|
|
182 |
fi
|
|
|
183 |
# Clean the RPM cache
|
|
|
184 |
urpmi --clean
|
|
|
185 |
|
|
|
186 |
# Download of ALCASAR specifics RPM in cache (and test)
|
|
|
187 |
if [ $Lang == "fr" ]
|
|
|
188 |
then
|
|
|
189 |
echo "Récupération des paquetages complémentaires. Veuillez patienter ..."
|
|
|
190 |
else
|
|
|
191 |
echo "Download of complementary packages. Please wait ..."
|
|
|
192 |
fi
|
|
|
193 |
urpmi --auto --no-recommends $PACKAGES --quiet --test --retry 2
|
|
|
194 |
if [ "$?" != "0" ]
|
|
|
195 |
then
|
|
|
196 |
echo
|
|
|
197 |
if [ $Lang == "fr" ]
|
|
|
198 |
then
|
|
|
199 |
echo "Une erreur a été détectée lors de la récupération des paquetages complémentaires."
|
|
|
200 |
else
|
|
|
201 |
echo "An error occurs when downloading complementary packages"
|
|
|
202 |
fi
|
|
|
203 |
rpm_error
|
|
|
204 |
exit 1
|
|
|
205 |
fi
|
|
|
206 |
|
|
|
207 |
# update with cached RPM
|
|
|
208 |
urpmi --auto --no-recommends $PACKAGES
|
|
|
209 |
if [ "$?" != "0" ]
|
|
|
210 |
then
|
|
|
211 |
echo
|
|
|
212 |
if [ $Lang == "fr" ]
|
|
|
213 |
then
|
|
|
214 |
echo "Une erreur a été détectée lors de l'installation des paquetages complémentaires."
|
|
|
215 |
else
|
|
|
216 |
echo "An error occurs when installing complementary packages"
|
|
|
217 |
fi
|
|
|
218 |
rpm_error
|
|
|
219 |
exit 1
|
|
|
220 |
fi
|
|
|
221 |
|
|
|
222 |
# Keep only the kernel version we compil netflow with, and remove all others
|
|
|
223 |
kernelVersion=$(rpm -qa | grep -e ^kernel-server -e ^kernel-desktop)
|
|
|
224 |
for i in $kernelVersion
|
|
|
225 |
do
|
|
|
226 |
if [ $i != $KERNEL ];then
|
|
|
227 |
urpme --auto $i
|
|
|
228 |
fi
|
|
|
229 |
done
|
3093 |
rexy |
230 |
|
2941 |
rexy |
231 |
# delete unused RPMs
|
|
|
232 |
if [ $Lang == "fr" ]
|
|
|
233 |
then
|
|
|
234 |
echo "Cleaning the system : "
|
|
|
235 |
else
|
|
|
236 |
echo "Nettoyage du système : "
|
|
|
237 |
fi
|
3104 |
rexy |
238 |
unused_rpm="shorewall mandi plymouth squid polkit pm-utils dnsmasq"
|
2988 |
rexy |
239 |
/usr/sbin/urpme --auto -a $unused_rpm
|
3093 |
rexy |
240 |
for rpm in `rpm -qa|grep mga7`; do urpme --auto $rpm; done
|
2941 |
rexy |
241 |
/usr/sbin/urpme --auto --auto-orphans
|
|
|
242 |
|
|
|
243 |
# Save chilli launch script (erase with new rpm one)
|
|
|
244 |
[ -e /etc/chilli.conf ] && cp /etc/chilli.conf /tmp/
|
|
|
245 |
# Install home made RPMs
|
|
|
246 |
for pkg in `ls rpms/$ARCH/*.rpm`
|
|
|
247 |
do
|
|
|
248 |
urpmi --no-verify --auto $pkg
|
|
|
249 |
done
|
|
|
250 |
# restore chilli launch script
|
|
|
251 |
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/
|
3093 |
rexy |
252 |
|
2941 |
rexy |
253 |
# Clean the RPM cache
|
|
|
254 |
urpmi --clean
|
|
|
255 |
# the ipt-netflow RPM add the kernel module ipt_NETFLOW (the modules dependance tree need to be updated). "2>/dev/null" in order not to display a error (the running kernel is not the ALCASAR one during the installation process)
|
|
|
256 |
/sbin/depmod -a 2>/dev/null
|
|
|
257 |
# test if all needed rpms are correctly installed
|
|
|
258 |
count_pkg=0; nb_pkg=0;
|
|
|
259 |
for pkg in $PACKAGES
|
|
|
260 |
do
|
|
|
261 |
nb_pkg=`expr $nb_pkg + 1`
|
|
|
262 |
if rpm -q --quiet $pkg ; then
|
|
|
263 |
count_pkg=`expr $count_pkg + 1`
|
|
|
264 |
else
|
|
|
265 |
echo "error installing $pkg"
|
|
|
266 |
fi
|
|
|
267 |
done
|
|
|
268 |
if [ $count_pkg -ne $nb_pkg ]
|
|
|
269 |
then
|
|
|
270 |
exit 1
|
|
|
271 |
fi
|
3093 |
rexy |
272 |
|
2941 |
rexy |
273 |
# test if all custom rpms are correctly installed
|
|
|
274 |
count_pkg=0; nb_pkg=0;
|
|
|
275 |
for pkg in `ls rpms/$ARCH/|sed 's/.x86_64.rpm//'`
|
|
|
276 |
do
|
|
|
277 |
nb_pkg=`expr $nb_pkg + 1`
|
|
|
278 |
if rpm -q --quiet $pkg ; then
|
|
|
279 |
count_pkg=`expr $count_pkg + 1`
|
|
|
280 |
else
|
|
|
281 |
echo "error installing $pkg"
|
|
|
282 |
fi
|
|
|
283 |
done
|
|
|
284 |
if [ $count_pkg -ne $nb_pkg ]
|
|
|
285 |
then
|
|
|
286 |
exit 1
|
|
|
287 |
fi
|
3104 |
rexy |
288 |
|
|
|
289 |
# .rpmnew handling (unused with ALCASAR)
|
|
|
290 |
[ -e /etc/shadow.rpmnew ] && rm -f /etc/shadow.rpmnew
|
|
|
291 |
[ -e /etc/sysconfig/system.rpmnew ] && rm -f /etc/sysconfig/system.rpmnew
|
|
|
292 |
[ -e /etc/rpm/macros.rpmnew ] && rm -f /etc/rpm/macros.rpmnew
|
|
|
293 |
[ -e /etc/fstab.rpmnew ] && rm -f /etc/fstab.rpmnew
|
|
|
294 |
[ -e /etc/shells.rpmnew ] && rm -f /etc/shells.rpmnew
|
|
|
295 |
[ -e /etc/hosts.rpmnew ] && rm -f /etc/hosts.rpmnew
|
|
|
296 |
[ -e /etc/systemd/journald.conf.rpmnew ] && rm -f /etc/systemd/journald.conf.rpmnew
|
|
|
297 |
[ -e /etc/raddb/certs/dh.rpmnew ] && rm -f /etc/raddb/certs/dh.rpmnew
|
|
|
298 |
|
|
|
299 |
# .rpmnew handling (used with ALCASAR)
|
|
|
300 |
[ -e /etc/php.ini.rpmnew ] && mv -f /etc/php.ini.rpmnew /etc/php.ini.default
|
|
|
301 |
[ -e /etc/lighttpd/lighttpd.conf.rpmnew ] && mv -f /etc/lighttpd/lighttpd.conf.rpmnew /etc/lighttpd/lighttpd.conf.default
|
|
|
302 |
[ -e /etc/lighttpd/modules.conf.rpmnew ] && mv -f /etc/lighttpd/modules.conf.rpmnew /etc/lighttpd/modules.conf.default
|
|
|
303 |
[ -e /etc/e2guardian/e2guardian.conf.rpmnew ] && mv -f /etc/e2guardian/e2guardian.conf.rpmnew /etc/e2guardian/e2guardian.conf.default
|
|
|
304 |
[ -e /etc/e2guardian/e2guardianf1.conf.rpmnew ] && mv -f /etc/e2guardian/e2guardianf1.conf.rpmnew /etc/e2guardian/e2guardianf1.conf.default
|
|
|
305 |
[ -e /etc/e2guardian/lists/urlregexplist.rpmnew ] && mv -f /etc/e2guardian/lists/urlregexplist.rpmnew /etc/e2guardian/lists/urlregexplist.default
|
|
|
306 |
[ -e /etc/e2guardian/lists/bannedregexpurllist.rpmnew ] && mv -f /etc/e2guardian/lists/bannedregexpurllist.rpmnew /etc/e2guardian/lists/bannedregexpurllist.default
|
|
|
307 |
[ -e /etc/clamd.conf.rpmnew ] && mv -f /etc/clamd.conf.rpmnew /etc/clamd.conf.default
|
|
|
308 |
[ -e /etc/freshclam.conf.rpmnew ] && mv -f /etc/freshclam.conf.rpmnew /etc/freshclam.conf.default
|
|
|
309 |
[ -e /etc/vnstat.conf.rpmnew ] && mv -f /etc/vnstat.conf.rpmnew /etc/vnstat.conf.default
|
|
|
310 |
[ -e /etc/fail2ban/jail.conf.rpmnew ] && mv -f /etc/fail2ban/jail.conf.rpmnew /etc/fail2ban/jail.conf.default
|
|
|
311 |
[ -e /etc/ssh/sshd_config.rpmnew ] && mv -f /etc/ssh/sshd_config.rpmnew /etc/ssh/sshd_config.default
|
|
|
312 |
|
2941 |
rexy |
313 |
exit 0
|