diff options
-rw-r--r-- | satellit_installer/includes/50-copyscripts.inc | 3 | ||||
-rwxr-xr-x | satellit_installer/static_files/lighttpd/opt/openslx/slx-cert | 10 | ||||
-rwxr-xr-x | satellit_installer/static_files/lighttpd/usr/share/lighttpd/auto-ssl.sh | 8 | ||||
-rw-r--r-- | satellit_installer/static_files/system-base/etc/apt/apt.conf.d/99update-config (renamed from satellit_installer/static_files/system/etc/apt/apt.conf.d/99update-config) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-base/etc/issue (renamed from satellit_installer/static_files/system/etc/issue) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-base/etc/issue.disabled (renamed from satellit_installer/static_files/system/etc/issue.disabled) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-base/etc/mysql/conf.d/99-openslx.cnf (renamed from satellit_installer/static_files/system/etc/mysql/conf.d/99-openslx.cnf) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-base/etc/systemd/system/firstboot.service (renamed from satellit_installer/static_files/system/etc/systemd/system/firstboot.service) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-base/etc/tmux.conf (renamed from satellit_installer/static_files/system/etc/tmux.conf) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-base/etc/vim/vimrc.local (renamed from satellit_installer/static_files/system/etc/vim/vimrc.local) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-base/opt/openslx/bashrc.inc (renamed from satellit_installer/static_files/system/opt/openslx/bashrc.inc) | 0 | ||||
-rwxr-xr-x | satellit_installer/static_files/system-base/opt/openslx/firstboot.sh (renamed from satellit_installer/static_files/system/opt/openslx/firstboot.sh) | 0 | ||||
-rwxr-xr-x | satellit_installer/static_files/system-base/opt/openslx/firstrun.sh (renamed from satellit_installer/static_files/system/opt/openslx/firstrun.sh) | 0 | ||||
-rwxr-xr-x | satellit_installer/static_files/system-base/usr/local/bin/finalize (renamed from satellit_installer/static_files/system/usr/local/bin/finalize) | 0 | ||||
-rwxr-xr-x | satellit_installer/static_files/system-base/usr/local/bin/netsetup (renamed from satellit_installer/static_files/system/usr/local/bin/netsetup) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-updates/etc/apt/apt.conf.d/80java-restart | 1 | ||||
-rw-r--r-- | satellit_installer/static_files/system-updates/etc/cron.d/java-restart-init | 1 | ||||
-rwxr-xr-x | satellit_installer/static_files/system-updates/etc/cron.daily/tmpdelete.sh (renamed from satellit_installer/static_files/system/etc/cron.daily/tmpdelete.sh) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-updates/etc/locale.conf (renamed from satellit_installer/static_files/system/etc/locale.conf) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-updates/etc/sudoers.d/openslx-overrides (renamed from satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-updates/etc/systemd/journald.conf.d/slx-overrides.conf (renamed from satellit_installer/static_files/system/etc/systemd/journald.conf.d/slx-overrides.conf) | 0 | ||||
-rw-r--r-- | satellit_installer/static_files/system-updates/etc/systemd/system.conf.d/10-openslx.conf (renamed from satellit_installer/static_files/system/etc/systemd/system.conf.d/10-openslx.conf) | 0 | ||||
-rwxr-xr-x | satellit_installer/static_files/system-updates/opt/openslx/dpkg-post.sh | 17 | ||||
-rwxr-xr-x | satellit_installer/static_files/system-updates/usr/local/bin/slxlog (renamed from satellit_installer/static_files/system/usr/local/bin/slxlog) | 0 | ||||
-rwxr-xr-x | satellit_installer/static_files/system-updates/usr/local/sbin/slx-wait-online (renamed from satellit_installer/static_files/system/usr/local/sbin/slx-wait-online) | 0 | ||||
-rw-r--r-- | satellit_upgrader/updater.template.sh | 13 |
26 files changed, 28 insertions, 25 deletions
diff --git a/satellit_installer/includes/50-copyscripts.inc b/satellit_installer/includes/50-copyscripts.inc index aee3944..5348bb9 100644 --- a/satellit_installer/includes/50-copyscripts.inc +++ b/satellit_installer/includes/50-copyscripts.inc @@ -1,6 +1,7 @@ install_system_scripts() { # Different stuff like slxlog, finalize, firstrun, netsetup - install_files "system" + install_files "system-base" + install_files "system-updates" } install_timesync() { diff --git a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert index 3409244..b2dd5cb 100755 --- a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert +++ b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert @@ -249,13 +249,12 @@ done # with our generated stuff for whatever reason. if [ -n "$have_srv" ] || [ -z "$makenew" ]; then if [ -s "${LIGHTDIR}/ca-chain.pem" ]; then - unt_list=( "-untrusted" "${LIGHTDIR}/ca-chain.pem" ) - else - unt_list=() + # Don't need this anymore, it never worked as separate file anyways, so make new + rm -f -- "${LIGHTDIR}/ca-chain.pem" fi valid= for ca in "${ca_list[@]}"; do - openssl verify -CAfile "$ca" "${unt_list[@]}" \ + openssl verify -CAfile "$ca" \ "${LIGHTDIR}/server.pem" &> /dev/null || continue valid=1 break @@ -316,9 +315,6 @@ if [ -z "$have_srv" ] || [ -n "$makenew" ]; then cat "${CERTDIR}/srv-${srv_new_ts}.crt" "${PRIVDIR}/srv-${srv_new_ts}.key" > "${LIGHTDIR}/server.pem" || exit 10 chmod 0600 "${LIGHTDIR}/server.pem" - # Don't need this anymore - rm -f -- "${LIGHTDIR}/ca-chain.pem" - if [ "$1" = "--restart" ] || [ -t 0 ]; then echo "Restarting lighttpd..." systemctl restart lighttpd.service diff --git a/satellit_installer/static_files/lighttpd/usr/share/lighttpd/auto-ssl.sh b/satellit_installer/static_files/lighttpd/usr/share/lighttpd/auto-ssl.sh index 7cc1dfc..b522596 100755 --- a/satellit_installer/static_files/lighttpd/usr/share/lighttpd/auto-ssl.sh +++ b/satellit_installer/static_files/lighttpd/usr/share/lighttpd/auto-ssl.sh @@ -1,11 +1,9 @@ #!/bin/bash declare -rg PUBLIC_BOTH="/etc/lighttpd/server.pem" -declare -rg CHAIN="/etc/lighttpd/chain.pem" declare -rg DHPARAM="/etc/lighttpd/dhparam.pem" declare -rg REDIR_FLAG="/etc/lighttpd/redirect.flag" declare -rg INTERNAL_BOTH="/etc/ssl/openslx/lighttpd/server.pem" -declare -g INTERNAL_CHAIN="/etc/ssl/openslx/lighttpd/ca-chain.pem" if ! [ -s "$DHPARAM" ]; then curl -sS -m 10 "https://ssl-config.mozilla.org/ffdhe2048.txt" > "$DHPARAM" @@ -25,9 +23,6 @@ if ! openssl dhparam -noout -in "$DHPARAM" >&2; then rm -f -- "$DHPARAM" fi -[ -s "$INTERNAL_CHAIN" ] || INTERNAL_CHAIN= -readonly INTERNAL_CHAIN - if [ -f "/usr/lib/lighttpd/mod_openssl.so" ]; then echo 'server.modules += ( "mod_openssl" )' fi @@ -71,10 +66,8 @@ echo " # pemfile is cert+privkey, ca-file is the intermediate chain in one file" if [ -s "$PUBLIC_BOTH" ]; then echo " ssl.pemfile = \"${PUBLIC_BOTH}\"" - [ -s "$CHAIN" ] && echo " ssl.ca-file = \"${CHAIN}\"" elif [ -s "$INTERNAL_BOTH" ]; then echo " ssl.pemfile = \"${INTERNAL_BOTH}\"" - echo " ssl.ca-file = \"${INTERNAL_CHAIN}\"" fi [ -s "$DHPARAM" ] && echo " ssl.dh-file = \"${DHPARAM}\"" @@ -84,7 +77,6 @@ if [ -s "${INTERNAL_BOTH}" ]; then cat <<HEREDOC \$HTTP["host"] == "satellite.bwlehrpool" { ssl.pemfile = "${INTERNAL_BOTH}" - ssl.ca-file = "${INTERNAL_CHAIN}" } HEREDOC # diff --git a/satellit_installer/static_files/system/etc/apt/apt.conf.d/99update-config b/satellit_installer/static_files/system-base/etc/apt/apt.conf.d/99update-config index 0f66e29..0f66e29 100644 --- a/satellit_installer/static_files/system/etc/apt/apt.conf.d/99update-config +++ b/satellit_installer/static_files/system-base/etc/apt/apt.conf.d/99update-config diff --git a/satellit_installer/static_files/system/etc/issue b/satellit_installer/static_files/system-base/etc/issue index a097cee..a097cee 100644 --- a/satellit_installer/static_files/system/etc/issue +++ b/satellit_installer/static_files/system-base/etc/issue diff --git a/satellit_installer/static_files/system/etc/issue.disabled b/satellit_installer/static_files/system-base/etc/issue.disabled index 078ef2a..078ef2a 100644 --- a/satellit_installer/static_files/system/etc/issue.disabled +++ b/satellit_installer/static_files/system-base/etc/issue.disabled diff --git a/satellit_installer/static_files/system/etc/mysql/conf.d/99-openslx.cnf b/satellit_installer/static_files/system-base/etc/mysql/conf.d/99-openslx.cnf index f4ff6f7..f4ff6f7 100644 --- a/satellit_installer/static_files/system/etc/mysql/conf.d/99-openslx.cnf +++ b/satellit_installer/static_files/system-base/etc/mysql/conf.d/99-openslx.cnf diff --git a/satellit_installer/static_files/system/etc/systemd/system/firstboot.service b/satellit_installer/static_files/system-base/etc/systemd/system/firstboot.service index f19b51a..f19b51a 100644 --- a/satellit_installer/static_files/system/etc/systemd/system/firstboot.service +++ b/satellit_installer/static_files/system-base/etc/systemd/system/firstboot.service diff --git a/satellit_installer/static_files/system/etc/tmux.conf b/satellit_installer/static_files/system-base/etc/tmux.conf index 537f52c..537f52c 100644 --- a/satellit_installer/static_files/system/etc/tmux.conf +++ b/satellit_installer/static_files/system-base/etc/tmux.conf diff --git a/satellit_installer/static_files/system/etc/vim/vimrc.local b/satellit_installer/static_files/system-base/etc/vim/vimrc.local index 4bfb95d..4bfb95d 100644 --- a/satellit_installer/static_files/system/etc/vim/vimrc.local +++ b/satellit_installer/static_files/system-base/etc/vim/vimrc.local diff --git a/satellit_installer/static_files/system/opt/openslx/bashrc.inc b/satellit_installer/static_files/system-base/opt/openslx/bashrc.inc index b5fa467..b5fa467 100644 --- a/satellit_installer/static_files/system/opt/openslx/bashrc.inc +++ b/satellit_installer/static_files/system-base/opt/openslx/bashrc.inc diff --git a/satellit_installer/static_files/system/opt/openslx/firstboot.sh b/satellit_installer/static_files/system-base/opt/openslx/firstboot.sh index fe75c1d..fe75c1d 100755 --- a/satellit_installer/static_files/system/opt/openslx/firstboot.sh +++ b/satellit_installer/static_files/system-base/opt/openslx/firstboot.sh diff --git a/satellit_installer/static_files/system/opt/openslx/firstrun.sh b/satellit_installer/static_files/system-base/opt/openslx/firstrun.sh index 1238cc5..1238cc5 100755 --- a/satellit_installer/static_files/system/opt/openslx/firstrun.sh +++ b/satellit_installer/static_files/system-base/opt/openslx/firstrun.sh diff --git a/satellit_installer/static_files/system/usr/local/bin/finalize b/satellit_installer/static_files/system-base/usr/local/bin/finalize index 1be85e2..1be85e2 100755 --- a/satellit_installer/static_files/system/usr/local/bin/finalize +++ b/satellit_installer/static_files/system-base/usr/local/bin/finalize diff --git a/satellit_installer/static_files/system/usr/local/bin/netsetup b/satellit_installer/static_files/system-base/usr/local/bin/netsetup index a824739..a824739 100755 --- a/satellit_installer/static_files/system/usr/local/bin/netsetup +++ b/satellit_installer/static_files/system-base/usr/local/bin/netsetup diff --git a/satellit_installer/static_files/system-updates/etc/apt/apt.conf.d/80java-restart b/satellit_installer/static_files/system-updates/etc/apt/apt.conf.d/80java-restart new file mode 100644 index 0000000..cd88f94 --- /dev/null +++ b/satellit_installer/static_files/system-updates/etc/apt/apt.conf.d/80java-restart @@ -0,0 +1 @@ +DPkg::Post-Invoke { "/opt/openslx/dpkg-post.sh || true"; }; diff --git a/satellit_installer/static_files/system-updates/etc/cron.d/java-restart-init b/satellit_installer/static_files/system-updates/etc/cron.d/java-restart-init new file mode 100644 index 0000000..c563036 --- /dev/null +++ b/satellit_installer/static_files/system-updates/etc/cron.d/java-restart-init @@ -0,0 +1 @@ +@reboot root /opt/openslx/dpkg-post.sh --boot diff --git a/satellit_installer/static_files/system/etc/cron.daily/tmpdelete.sh b/satellit_installer/static_files/system-updates/etc/cron.daily/tmpdelete.sh index 9e68658..9e68658 100755 --- a/satellit_installer/static_files/system/etc/cron.daily/tmpdelete.sh +++ b/satellit_installer/static_files/system-updates/etc/cron.daily/tmpdelete.sh diff --git a/satellit_installer/static_files/system/etc/locale.conf b/satellit_installer/static_files/system-updates/etc/locale.conf index f9c983c..f9c983c 100644 --- a/satellit_installer/static_files/system/etc/locale.conf +++ b/satellit_installer/static_files/system-updates/etc/locale.conf diff --git a/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides b/satellit_installer/static_files/system-updates/etc/sudoers.d/openslx-overrides index 5cfa7d0..5cfa7d0 100644 --- a/satellit_installer/static_files/system/etc/sudoers.d/openslx-overrides +++ b/satellit_installer/static_files/system-updates/etc/sudoers.d/openslx-overrides diff --git a/satellit_installer/static_files/system/etc/systemd/journald.conf.d/slx-overrides.conf b/satellit_installer/static_files/system-updates/etc/systemd/journald.conf.d/slx-overrides.conf index 05a33d2..05a33d2 100644 --- a/satellit_installer/static_files/system/etc/systemd/journald.conf.d/slx-overrides.conf +++ b/satellit_installer/static_files/system-updates/etc/systemd/journald.conf.d/slx-overrides.conf diff --git a/satellit_installer/static_files/system/etc/systemd/system.conf.d/10-openslx.conf b/satellit_installer/static_files/system-updates/etc/systemd/system.conf.d/10-openslx.conf index 0e40b02..0e40b02 100644 --- a/satellit_installer/static_files/system/etc/systemd/system.conf.d/10-openslx.conf +++ b/satellit_installer/static_files/system-updates/etc/systemd/system.conf.d/10-openslx.conf diff --git a/satellit_installer/static_files/system-updates/opt/openslx/dpkg-post.sh b/satellit_installer/static_files/system-updates/opt/openslx/dpkg-post.sh new file mode 100755 index 0000000..ab07bba --- /dev/null +++ b/satellit_installer/static_files/system-updates/opt/openslx/dpkg-post.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +laststamp=$( cat /run/openslx/java-ts 2> /dev/null ) + +s="$( stat -c %Y /usr/lib/jvm/*/bin/java /usr/lib/jvm/*/lib/jspawnhelper | sort -n | tail -n 1 )" + +# Nothing changed? +[ "$s" = "$laststamp" ] && exit 0 + +if [ -z "$laststamp" ] || [ "$1" = "--boot" ]; then + mkdir -p /run/openslx/ +else + systemctl --no-block try-restart dmsd.service taskmanager.service +fi + +echo "$s" > /run/openslx/java-ts +exit 0 diff --git a/satellit_installer/static_files/system/usr/local/bin/slxlog b/satellit_installer/static_files/system-updates/usr/local/bin/slxlog index 55110ae..55110ae 100755 --- a/satellit_installer/static_files/system/usr/local/bin/slxlog +++ b/satellit_installer/static_files/system-updates/usr/local/bin/slxlog diff --git a/satellit_installer/static_files/system/usr/local/sbin/slx-wait-online b/satellit_installer/static_files/system-updates/usr/local/sbin/slx-wait-online index f4b41dc..f4b41dc 100755 --- a/satellit_installer/static_files/system/usr/local/sbin/slx-wait-online +++ b/satellit_installer/static_files/system-updates/usr/local/sbin/slx-wait-online diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh index 9ecbc88..3a0f3d2 100644 --- a/satellit_upgrader/updater.template.sh +++ b/satellit_upgrader/updater.template.sh @@ -171,7 +171,7 @@ install_files () { local SRC="$FILEDIR/$1" local files file ret [ -d "$SRC" ] || perror "NO SUCH DIRECTORY: $SRC" - readarray -t -d '' files < <( find "$SRC" -type f -print0 ) + readarray -t -d '' files < <( find "$SRC" \( -type f -o -type l \) -print0 ) ret=1 for file in "${files[@]}"; do diffcp "$1" "${file#$SRC}" && ret=0 @@ -378,8 +378,7 @@ failprint apt autoremove -y ## Enable unix socket passwordless local connection (commented out since default in Debian 9+ anyways) #mysql -e "UPDATE user SET plugin = 'unix_socket' WHERE Host = 'localhost' AND User = 'root'" -# Fix locale to C.UTF-8 for systemd -diffcp "system" "/etc/locale.conf" +install_files "system-updates" # ********************** Taskmanager *********************** # Do this first in case one of the later updates depends on the taskmanager @@ -853,7 +852,7 @@ if ! which tmate &> /dev/null && (( MAJOR >= 9 )); then fi if (( MAJOR >= 11 )); then # Fingerprints now need to be SHA256, maybe an old sat got dist-upgraded and still has MD5s in that file - diffcp "system" "/etc/tmux.conf" "Updating tmate config..." + diffcp "system-base" "/etc/tmux.conf" "Updating tmate config..." rm -f -- "/root/.tmate.conf" fi @@ -865,11 +864,7 @@ if ! [ -s /root/.ssh/id_rsa ]; then fi # Timesync -diffcp "system" "/usr/local/sbin/slx-wait-online" -diffcp "timesync" "/etc/systemd/system/redneck-timesync.service" -diffcp "timesync" "/usr/local/sbin/redneck-timesync.sh" -mkdir -p "/etc/systemd/system/network-online.target.wants" -ln -nfs "../redneck-timesync.service" "/etc/systemd/system/network-online.target.wants/redneck-timesync.service" +install_files "timesync" # Wait for webif callbacks and IPXE compile echo -n "Finishing." |