Server IP : 103.53.40.154 / Your IP : 3.144.40.216 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /backup3/../cpanel_installer/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
package Common; # cpanel - installd/Common.pm Copyright 2021 cPanel, L.L.C. # All rights reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited use strict; use warnings; use Sys::Hostname (); use Socket; use IO::Handle (); use IO::Select (); use IPC::Open3 (); # Helper routines for the log. our $message_caller_depth = 1; our $lock_file = '/root/installer.lock'; my $log_file = '/var/log/cpanel-install.log'; our $log_fh; my $COLOR_RED = 31; my $COLOR_YELLOW = 33; my $collect_output = undef; my %TIER_CACHE; our $DEFAULT_MYIP_URL = q[https://myip.cpanel.net/v1.0/]; # default value use constant PRODUCT_DNSONLY => 64; # Populate some globals determined by functions my $gpg_bin = gpg_bin(); ################################################################################ # Set up output handling code sub colorize_bold { my ( $color, $msg ) = @_; return $msg if !defined $color || -e q{/var/cpanel/disable_cpanel_terminal_colors}; $msg ||= ''; return chr(27) . '[1;' . $color . 'm' . $msg . chr(27) . '[0;m'; } # space pad debug messages. sub DEBUG($) { return _MSG( 'DEBUG', " " . shift ) } sub ERROR($) { return _MSG( 'ERROR', colorize_bold( $COLOR_RED, shift ) ) } sub WARN($) { return _MSG( 'WARN', colorize_bold( $COLOR_YELLOW, shift ) ) } sub INFO($) { return _MSG( 'INFO', shift ) } sub FATAL($) { _MSG( 'FATAL', colorize_bold( $COLOR_RED, shift ) ); die "\n"; } # Make things nicer for tests our $prefix = ''; sub _MSG { my $level = shift; my $msg = shift || ''; chomp $msg; my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst ) = localtime; my ( $package, $filename, $line ) = caller($message_caller_depth); my $stamp_msg = sprintf( "%s%04d-%02d-%02d %02d:%02d:%02d %4s [%d] (%5s): %s\n", $prefix, $year + 1900, $mon + 1, $mday, $hour, $min, $sec, $line, $$, $level, $msg ); print {$log_fh} $stamp_msg; if ( defined $collect_output ) { $collect_output .= $stamp_msg; } else { print $stamp_msg; } return; } ################################################################################ sub get_lts_version { my $cpanel_version = get_cpanel_version(); my ( undef, $lts_version ) = split( qr/\./, $cpanel_version ); return $lts_version; } sub get_cpanel_version { my $tier = get_cpanel_tier(); my $version = guess_version_from_tier($tier); return $version; } sub get_staging_dir { return '' if !-e '/etc/cpupdate.conf'; my $cpupdate_conf = read_config('/etc/cpupdate.conf'); return $cpupdate_conf->{'STAGING_DIR'} // ''; } sub get_cpanel_tier { # Pull in cpupdate.conf settings. my $cpupdate_conf = read_config('/etc/cpupdate.conf'); # Determine tier or assume defaults. my $tier = $cpupdate_conf->{'CPANEL'} || 'release'; # version numbers without 11. if ( $tier =~ /^\d+/ && $tier !~ /^11\./ ) { $tier = '11.' . $tier; } return $tier; } sub cleanup_lock_file_and_gpg_homedir { if ( open my $fh, '<', $lock_file ) { my $pid = <$fh>; close $fh; chomp $pid if ($pid); if ( !$pid || $pid == $$ ) { print "Removing $lock_file.\n"; unlink $lock_file; } } if ( -d gpg_homedir() ) { opendir( my $dh, gpg_homedir() ); my @files = readdir($dh); closedir($dh); @files = map { gpg_homedir() . "/" . $_ } grep { !/^\.{1,2}/ } @files; unlink($_) for @files; rmdir( gpg_homedir() ); } return; } sub invalid_system { my $message = shift || ''; chomp $message; ERROR("$message"); ERROR "The system detected an unsupported distribution. cPanel & WHM only supports CentOS 7 and 8, AlmaLinux 8, Red Hat Enterprise Linux® 6 and 7 and CloudLinux™ 6, 7, and 8 and Ubuntu 20.04."; FATAL("Please reinstall cPanel & WHM from a valid distribution."); return; } sub clean_install_check { INFO('Checking for any control panels...'); my @server_detected; push @server_detected, 'DirectAdmin' if ( -e '/usr/local/directadmin' ); push @server_detected, 'Plesk' if ( -e '/etc/psa' ); push @server_detected, 'Ensim' if ( -e '/etc/appliance' || -d '/etc/virtualhosting' ); #push @server_detected, 'Alabanza' if ( -e '/etc/mail/mailertable' ); push @server_detected, 'Zervex' if ( -e '/var/db/dsm' ); push @server_detected, 'Web Server Director' if ( -e '/bin/rpm' && `/bin/rpm -q ServerDirector` =~ /^ServerDirector/ms ); ## no critic(ProhibitQxAndBackticks) # Don't just check for /usr/local/cpanel, as some people will have created # that directory as a mount point for the install. push @server_detected, 'cPanel & WHM' if -e '/usr/local/cpanel/cpkeyclt'; return if ( !@server_detected ); ERROR("The installation process found evidence that the following control panels were installed on this server:"); ERROR($_) foreach (@server_detected); FATAL('You must install cPanel & WHM on a clean server.'); return; } sub check_resolv_conf { check_remote_resolvers(); INFO("Validating whether the system can look up domains..."); my @domains = qw( httpupdate.cpanel.net securedownloads.cpanel.net ); foreach my $domain (@domains) { DEBUG("Testing $domain..."); next if ( gethostbyname($domain) ); ERROR( '!' x 105 . "\n" ); ERROR("The system cannot resolve the $domain domain. Check the /etc/resolv.conf file. The system has terminated the installation process.\n"); FATAL( '!' x 105 . "\n" ); } return; } sub open_logs { my $installstart = time(); if ( my $mtime = ( stat($log_file) )[9] ) { my $bu_file = $log_file . '.' . $mtime; system( '/bin/cp', $log_file, $bu_file ) unless -e $bu_file; } my $orig_umask = umask(0077); open( $log_fh, '>>', $log_file ) or die "Could not open log: $!"; $log_fh->autoflush(1); umask($orig_umask); my $installstarttime = localtime($installstart); INFO("cPanel & WHM installation started at: ${installstarttime}!"); INFO("This installation will require 10-50 minutes, depending on your hardware and network."); INFO("Now is the time to go get another cup of coffee/jolt."); INFO("The install will log to the /var/log/cpanel-install.log file."); INFO(""); INFO("Beginning Installation v3..."); return $installstart; } sub get_hostname_via_getnameinfo { return undef if !Socket->can('getaddrinfo'); my ( $err, @getaddr ) = Socket::getaddrinfo( get_main_ip(), undef, { family => Socket::AF_UNSPEC(), protocol => Socket::IPPROTO_TCP(), } ); for my $addr (@getaddr) { my ( $err, $host, $service ) = Socket::getnameinfo( $addr->{addr}, Socket::NI_NAMEREQD() ); if ( defined $host ) { return $host; } } return undef; } # Copied from Cpanel::DIp::MainIP sub get_main_ip { foreach my $ip ( split( /\n/, `/sbin/ip -4 addr show` ) ) { ## no critic(ProhibitQxAndBackticks) if ( $ip =~ m{ [\s\:] (\d+ [.] \d+ [.] \d+ [.] \d+) }xms ) { my $thisip = $1; if ( !is_loopback($thisip) ) { return $thisip; } } } return 0; } # Copied from Cpanel::IP::Loopback sub is_loopback { return ( length $_[0] && ( $_[0] eq 'localhost' # || $_[0] eq 'localhost.localdomain' # || $_[0] eq '0000:0000:0000:0000:0000:0000:0000:0001' # || ( length $_[0] >= 32 && substr( $_[0], 0, 32 ) eq '0000:0000:0000:0000:0000:ffff:7f' ) # ipv4 inside of ipv6 match 127.* || ( length $_[0] >= 11 && substr( $_[0], 0, 11 ) eq '::ffff:127.' ) # ipv4 inside of ipv6 match 127.* || ( length $_[0] >= 4 && substr( $_[0], 0, 4 ) eq '127.' ) # ipv4 needs to match 127.* || $_[0] eq '0:0:0:0:0:0:0:1' # || $_[0] eq ':1' # || $_[0] eq '::1' # || $_[0] eq '(null)' # || $_[0] eq '(null):0000:0000:0000:0000:0000:0000:0000' # || $_[0] eq '0000:0000:0000:0000:0000:0000:0000:0000' # || $_[0] eq '0.0.0.0' ) # ) ? 1 : 0; } # Copied from Cpanel::Sys::Hostname::FQDN sub get_fqdn_hostname { my $hostname_from_sys_hostname = Sys::Hostname::hostname(); $hostname_from_sys_hostname =~ tr{A-Z}{a-z}; my $hostname_from_getnameinfo = get_hostname_via_getnameinfo() || ""; if ( !length $hostname_from_getnameinfo ) { return $hostname_from_sys_hostname; } $hostname_from_getnameinfo =~ tr{A-Z}{a-z}; if ( index( $hostname_from_getnameinfo, $hostname_from_sys_hostname ) == 0 ) { return $hostname_from_getnameinfo; } return $hostname_from_sys_hostname; } sub check_hostname { my $hostname = get_fqdn_hostname(); INFO "Validating that the system hostname ('$hostname') is a FQDN..."; if ( $hostname =~ /^www\./ ) { FATAL "The installation process detected the following hostname: $hostname\n Hostnames cannot start with www! Use a valid hostname."; } if ( !is_valid_hostname($hostname) ) { ERROR ""; ERROR "********************* ERROR *********************"; ERROR ""; ERROR "Your hostname ($hostname) is invalid, and must be"; ERROR "set to a fully qualified domain name before installing cPanel."; ERROR ""; ERROR "A fully qualified domain name must contain two dots, and consists of two parts: the hostname and the domain name."; ERROR "You can update your hostname by running `hostname your-hostname.example.com`, then re-running the installer."; ERROR "********************* ERROR *********************"; FATAL "Exiting..."; } return; } sub check_files { INFO "Checking for essential system files..."; unless ( -f '/etc/fstab' ) { ERROR "Your system is missing the file /etc/fstab. This is an"; ERROR "essential system file that is part of the base system."; FATAL "Please ensure the system has been properly installed."; } my $selinux_config_dir = '/etc/selinux'; my $selinux_config_file = "$selinux_config_dir/config"; unless ( -f $selinux_config_file ) { INFO "Creating SELinux config file: $selinux_config_file"; mkdir $selinux_config_dir unless -d $selinux_config_dir; open my $fh, '>', $selinux_config_file or FATAL "Unable to create $selinux_config_file"; print {$fh} "SELINUX=disabled\n"; close $fh; } return; } sub ssystem { my @cmd = @_; my $conf_hr = ref( $cmd[-1] ) eq 'HASH' ? pop(@cmd) : {}; local $message_caller_depth = $message_caller_depth + 1; # Set caller depth deeper during this sub so debugging it clearer. DEBUG( '- ssystem [BEGIN]: ' . join( ' ', @cmd ) ); open( my $rnull, '<', '/dev/null' ) or die "Can't open /dev/null: $!"; my $io = IO::Handle->new; my $pid = IPC::Open3::open3( $rnull, $io, $io, @cmd ); $io->blocking(0); my $select = IO::Select->new($io); my $exit_status; my $buffer = ''; my $buffered_waiting_count = 0; while ( !defined $exit_status ) { while ( my $line = readline($io) ) { # Push the buffer lacking a newline onto the front of this. if ($buffer) { $line = $buffer . $line; $buffer = ''; } $line =~ s/\r//msg; # Strip ^M from output for better log output. # Internally buffer on newlines. if ( $line =~ m/\n$/ms ) { DEBUG( " " . $line ); $buffered_waiting_count = 0; } else { print "." if ( $buffered_waiting_count++ > 1 ); $buffer = $line; } } # Parse exit status or yield time to the CPU. if ( waitpid( $pid, 1 ) == $pid ) { $exit_status = $? >> 8; } else { # Watch the file handle for output. $select->can_read(0.01); } } ERROR(" - ssystem [EXIT_CODE] '$cmd[0]' exited with $exit_status (ignored)") if $exit_status && !$conf_hr->{'ignore_errors'}; close($rnull); $io->close(); DEBUG('- ssystem [END]'); return $exit_status; } sub is_valid_hostname { my $domain = shift; if ( !defined $domain ) { return; } # No blank or space characters if ( $domain =~ m/\s+/ ) { return; } if ( $domain =~ m/[.]{2,}/ ) { return; } # Can not end with period if ( $domain =~ m/[.]$/ ) { return; } # Can not end with minus sign if ( $domain =~ m/[-](?=[.]|\z)/ ) { return; } # Must be able to fit in struct utsname if ( length $domain > 64 ) { return; } # Can't have an all-numeric TLD or be an IP address if ( $domain =~ m/\.\d+\z/ ) { return; } # Must start with alpha numeric, and must have atleast one 'label' part - i.e., label.domain.tld if ( $domain =~ /^(?:[a-z0-9][a-z0-9\-]*\.){2,}[a-z0-9][a-z0-9\-]*$/i ) { return 1; } return; } sub updatenow { my (%flags) = @_; INFO("Downloading updatenow.static"); # Download the tar.gz files and extract them instead. my $install_version = get_cpanel_version(); my $source = "/cpanelsync/$install_version/cpanel/scripts/updatenow.static.bz2"; DEBUG("Retrieving the updatenow.static file from $source..."); # download file in current directory (inside the self extracted tarball) unlink 'updatenow.static'; cpfetch($source); chmod 0755, 'updatenow.static'; my $exit; my @passed_flags = map { ( "--$_" => $flags{$_} ) } sort keys %flags; for ( 1 .. 5 ) { # Re-try updatenow if it fails. INFO("Closing the installation log and passing output control to the updatenow.static file..."); # close $log_fh so it can be re-opened by updatenow. close $log_fh; $exit = system( './updatenow.static', '--upcp', '--force', "--log=$log_file", @passed_flags ); # Re-open the log regardless of success. my $log_file = '/var/log/cpanel-install.log'; open( $log_fh, '>>', $log_file ) or die "Can't open log file: $!"; $log_fh->autoflush(1); return if ( !$exit ); DEBUG("The installation process detected a failed synchronization. The system will reattempt the synchronization with the updatenow.static file..."); } my $signal = $exit % 256; $exit = $exit >> 8; FATAL("The installation process was unable to synchronize cPanel & WHM. Verify that your network can connect to httpupdate.cpanel.net and rerun the installer."); FATAL("The updatenow.static process terminated with the following exit code: $exit ($signal); The cPanel & WHM installation process cannot proceed."); return; } # Remote resolvers are required, since we remove local BIND during installation. sub check_remote_resolvers { open my $resolv_conf_fh, '<', '/etc/resolv.conf' or FATAL("Could not open /etc/resolv.conf: $!"); if ( !grep { m/^\s*nameserver\s+/ && !m/\s+127.0.0.1$/ } <$resolv_conf_fh> ) { FATAL("/etc/resolv.conf must be configured with non-local resolvers for installations to complete."); } return; } sub _create_gpg_homedir { mkdir( gpg_homedir(), 0700 ) if !-e gpg_homedir(); return; } sub signatures_enabled { my $config = read_config('/var/cpanel/cpanel.config'); my $is_enabled = ( defined $config->{'signature_validation'} && $config->{'signature_validation'} eq 'Off' ) ? 0 : 1; return $is_enabled; } sub read_config { my $file = shift or die; my $config = {}; open( my $fh, "<", $file ) or return $config; while ( my $line = readline $fh ) { chomp $line; if ( $line =~ m/^\s*([^=]+?)\s*$/ ) { my $key = $1 or next; # Skip loading the key if it's undef or 0 $config->{$key} = undef; } elsif ( $line =~ m/^\s*([^=]+?)\s*=\s*(.*?)\s*$/ ) { my $key = $1 or next; # Skip loading the key if it's undef or 0 $config->{$key} = $2; } } return $config; } sub check_if_we_can_get_to_httpupdate { foreach my $src ( 'index.html', 'modules/index.html' ) { my $page = _wget_url( 'http://httpupdate.cpanel.net/pub/CPAN/' . $src, '-' ); if ( $page =~ m/perl/i && $page =~ m/CPAN/ ) { INFO("The system successfully connected to the httpupdate.cpanel.net server."); return; } } FATAL("The system cannot currently download from the httpupdate.cpanel.net servers."); return; } our $_gpg_setup; sub fetch_gpg_key_once { return if $_gpg_setup; my $pub_keys = public_keys(); _create_gpg_homedir(); foreach my $key ( @{ keys_to_download() } ) { INFO("Downloading GPG public key, $pub_keys->{$key}"); my $target = secure_downloads() . $pub_keys->{$key}; my $dest = gpg_homedir() . "/" . $pub_keys->{$key}; _wget_url( $target, $dest ); if ( !-e $dest ) { FATAL("Could not download GPG public key at “$target”."); return; } INFO("Importing downloaded GPG public key from “$dest”."); if ( -x '/bin/apt-key' ) { print "Adding $dest via apt-key\n"; ssystem( '/bin/apt-key', 'add', $dest ); } my $gpg_cmd = $gpg_bin . " -q --homedir " . gpg_homedir() . " --import " . $dest; my $output = `$gpg_cmd 2>&1`; ## no critic(ProhibitQxAndBackticks) if ( $? != 0 ) { WARN("Failed to import GPG public key from “$dest”: $output"); } } $ENV{'CPANEL_BASE_INSTALL_GPG_KEYS_IMPORTED'} = 1; # in v82+ fix-cpanel-perl will skip gpg keyimport if set $_gpg_setup = 1; return; } sub keys_to_download { my $config = read_config('/var/cpanel/cpanel.config'); my $keyrings = gpg_keyrings(); if ( !defined $config->{'signature_validation'} ) { my $mirror = get_update_source(); if ( $mirror =~ /^(?:.*\.dev|qa-build|next)\.cpanel\.net$/ ) { return $keyrings->{'development'}; } else { return $keyrings->{'release'}; } } elsif ( $config->{'signature_validation'} =~ /^Release and (?:Development|Test) Keyrings$/ ) { return $keyrings->{'development'}; } else { return $keyrings->{'release'}; } } sub gpg_homedir { return '/var/cpanel/.gpgtmpdir'; } sub public_keys { return { 'release' => 'cPanelPublicKey.asc', 'development' => 'cPanelDevelopmentKey.asc', }; } sub secure_downloads { return 'https://securedownloads.cpanel.net/'; } sub gpg_keyrings { return { 'release' => ['release'], 'development' => [ 'release', 'development' ], }; } # Place customer provided cpanel.config in place early in case we need to block on any of the settings. sub setup_custom_cpanel_config { mkdir '/var/cpanel'; chmod 0755, '/var/cpanel'; my $custom_cpanel_config_file = '/root/cpanel_profile/cpanel.config'; if ( -e $custom_cpanel_config_file ) { INFO("The system is placing the custom cpanel.config file from $custom_cpanel_config_file."); unlink '/var/cpanel/cpanel.config'; system( '/bin/cp', $custom_cpanel_config_file, '/var/cpanel/cpanel.config' ); } return; } sub verify_file { my ( $file, $sig, $url ) = @_; fetch_gpg_key_once(); my @gpg_args = ( '--logger-fd', '1', '--status-fd', '1', '--homedir', gpg_homedir(), '--verify', $sig, $file, ); # Verify the validity of the GPG signature. # Information on these return values can be found in 'doc/DETAILS' in the GnuPG source. my ( %notes, $curnote ); my ( $gpg_out, $success, $status ); my $gpg_pid = IPC::Open3::open3( undef, $gpg_out, undef, $gpg_bin, @gpg_args ); while ( my $line = readline($gpg_out) ) { if ( $line =~ /^\[GNUPG:\] VALIDSIG ([A-F0-9]+) (\d+-\d+-\d+) (\d+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+)$/ ) { $status = "Valid signature for $file"; $success = 1; } elsif ( $line =~ /^\[GNUPG:\] NOTATION_NAME (.+)$/ ) { $curnote = $1; $notes{$curnote} = ''; } elsif ( $line =~ /^\[GNUPG:\] NOTATION_DATA (.+)$/ ) { $notes{$curnote} .= $1; } elsif ( $line =~ /^\[GNUPG:\] BADSIG ([A-F0-9]+) (.+)$/ ) { $status = "Invalid signature for $file."; } elsif ( $line =~ /^\[GNUPG:\] NO_PUBKEY ([A-F0-9]+)$/ ) { $status = "Could not find public key ($1) in keychain."; } elsif ( $line =~ /^\[GNUPG:\] NODATA ([A-F0-9]+)$/ ) { $status = "Could not find a GnuPG signature in the signature file."; } } waitpid( $gpg_pid, 0 ); $status ||= "Unknown error from gpg."; $status .= " (file:$file, sig:$sig)"; if ($success) { INFO $status; } else { FATAL $status; } # At this point, the signature should be valid. # We now need to check to see if the filename signature notation is correct. $url =~ s/\.bz2$//; if ( defined( $notes{'filename@gpg.notations.cpanel.net'} ) ) { my $file_note = $notes{'filename@gpg.notations.cpanel.net'}; if ( $file_note ne $url ) { FATAL "Filename notation ($file_note) does not match URL ($url)."; } } else { FATAL "Signature does not contain a filename notation."; } return; } # We use this all over the place. # It should be redefinable in tests, # so I added that here. our $var_cpanel = '/var/cpanel'; sub is_dnsonly { return -e "$var_cpanel/dnsonly" ? 1 : 0; } sub get_install_type { my @args = @_; # TYPE could be DNSONLY my $type = 'standard'; if (@args) { foreach my $val (@args) { next if $val =~ m/^--/; $type = $val; last; } } if ( $type =~ m/dnsonly/i ) { INFO("cPanel DNSONLY installation requested."); touch("$var_cpanel/dnsonly"); } INFO("Install type: $type\n"); # This used to return undef, # which is interesting given the subroutine name # As such, may as well make this return it :/ return $type; } sub check_no_mysql { # This can cause failures if the database is newer than the version we're # going to install. Common::INFO('Checking for an existing MySQL or MariaDB instance...'); my $mysql_dir = '/var/lib/mysql'; return unless -d $mysql_dir; my $nitems = 0; if ( opendir( my $dh, $mysql_dir ) ) { $nitems = scalar grep { !/\A(?:\.{1,2}|lost\+found)\z/ } readdir $dh; closedir($dh); } return unless $nitems; ERROR "The installation process found evidence that MySQL or MariaDB was installed on this server:"; ERROR "The $mysql_dir directory is present and not completely empty."; FATAL 'You must install cPanel & WHM on a clean server.'; return; } sub create_slash_scripts_symlink { # Install cPanel files. INFO('Installing /usr/local/cpanel files...'); DEBUG( "HTTPUPDATE is set to " . get_update_source() ); if ( -e '/scripts' && !-l '/scripts' ) { if ( !-d '/scripts' ) { WARN "The system detected /scripts as a file. Moving it to a new location..."; ssystem( qw{/bin/mv /scripts}, "/scripts.o.$$" ); } else { WARN "The system detected the /scripts directory. Moving its contents to the /usr/local/cpanel/scripts directory..."; ssystem(qw{mkdir -p /usr/local/cpanel/scripts}); ssystem('cd / && tar -cf - scripts | (cd /usr/local/cpanel && tar -xvf -)'); ssystem(qw{/bin/rm -rf /scripts}); } } unlink qw{/scripts}; symlink(qw{/usr/local/cpanel/scripts /scripts}) unless -e '/scripts'; if ( !-l '/scripts' ) { WARN("The /scripts directory must be a symlink to the /usr/local/cpanel/scripts directory. cPanel & WHM does not use the /scripts directory."); } else { DEBUG('/scripts symlink is set to point to /usr/local/cpanel/scripts'); } return; } sub bootstrap_cpanel_perl { my ($install_version) = @_; # Force $install_version to be passed so we know the TIERS # file has already been downloaded die "bootstrap_cpanel_perl requires the \$install_version" if !$install_version; # Install cPanel files. INFO("Installing bootstrap cPanel Perl"); # Download the tar.gz files and extract them instead. my $script = 'fix-cpanel-perl'; my $source = "/cpanelsync/$install_version/cpanel/scripts/${script}.xz"; unlink $script; DEBUG("Retrieving the $script file from $source if available..."); # download file in current directory (inside the self extracted tarball) cpfetch( $source, is_optional => 1 ); if ( !-e $script ) { WARN("Script '$script' is not available for cPanel & WHM version $install_version. Continuing installation..."); return; } chmod 0700, $script; INFO("Running script $script to bootstrap cPanel Perl."); my $exit; # Retry a few times if one of the http request failed my $max = 3; foreach my $iter ( 1 .. $max ) { $exit = system("./$script"); if ( $exit == 0 ) { INFO("Successfully installed cPanel Perl minimal version."); return; } WARN("Run #$iter/$max failed to run script $script."); last if $iter == $max; sleep 5; } my $signal = $exit % 256; $exit = $exit >> 8; FATAL("Failed to run script $script to bootstrap cPanel Perl."); FATAL("The script $script terminated with the following exit code: $exit ($signal); The cPanel & WHM installation process cannot proceed."); return; } sub cpfetch { my ( $url, %opts ) = @_; if ( !$url ) { FATAL("The system called the cpfetch process without a URL."); } my $file = _get_file( $url, %opts ); return unless defined $file; if ( $file =~ /\.bz2$/ ) { ssystem( "/usr/bin/bunzip2", $file ); } if ( signatures_enabled() ) { $url =~ s/\.bz2$//g; $file =~ s/\.bz2$//g; my $sig = _get_file("$url.asc"); verify_file( $file, $sig, $url ); } # the xz file itself is signed only extract it after checking the signature if ( $file =~ /\.xz$/ ) { ssystem( "/usr/bin/unxz", $file ); } return; } sub guess_version_from_tier { my $tier = shift || 'release'; if ( defined( $TIER_CACHE{$tier} ) ) { return $TIER_CACHE{$tier}; } # Support version numbers as tiers. if ( $tier =~ /^\s*\d+\.\d+\.\d+\.\d+\s*$/ ) { $TIER_CACHE{$tier} = $tier; return $tier; } # Download the file. cpfetch('/cpanelsync/TIERS'); -e 'TIERS' or FATAL('The installation process could not fetch the /cpanelsync/TIERS file from the httpupdate server.'); # Parse the downloaded TIERS data for our tier. (Stolen from Cpanel::Update) open( my $fh, '<', 'TIERS' ) or FATAL("The system could not read the downloaded TIERS file."); while ( my $tier_definition = <$fh> ) { chomp $tier_definition; next if ( $tier_definition =~ m/^\s*#/ ); # Skip commented lines. ## e.g. edge:11.29.0 (requires two dots) next if ( $tier_definition !~ m/^\s*([^:\s]+)\s*:\s*(\S+)/ ); my ( $remote_tier, $remote_version ) = ( $1, $2 ); $TIER_CACHE{$remote_tier} = $remote_version; } close $fh; # Set any disabled tiers to install-fallback if possible. foreach my $key ( keys %TIER_CACHE ) { next if $key eq 'install-fallback'; if ( $TIER_CACHE{$key} && $TIER_CACHE{'install-fallback'} && $TIER_CACHE{$key} eq 'disabled' ) { $TIER_CACHE{$key} = $TIER_CACHE{'install-fallback'}; } } # Fail if the tier is not present. if ( !$TIER_CACHE{$tier} ) { FATAL("The specified tier ('$tier') in the /etc/cpupdate.conf file is not a valid cPanel & WHM tier."); } # Fail if the tier is still disabled. if ( $TIER_CACHE{$tier} eq 'disabled' ) { FATAL("cPanel has temporarily disabled updates on the central httpupdate servers. Please try again later."); } return $TIER_CACHE{$tier}; } sub create_feature_showcase_dir { return if -e '/var/cpanel/activate/features'; Common::ssystem( 'mkdir', '-p', '/var/cpanel/activate/features' ); Common::ssystem( 'chown', '-R', 'root:root', '/var/cpanel/activate' ); Common::ssystem( 'chmod', '-R', '0700', '/var/cpanel/activate' ); return; } # Determine whether mysql-version set in config is MariaDB sub version_is_mariadb { my ($version) = @_; if ( $version =~ m{^([0-9]{1,2})(?:\.[0-9])?} ) { return ( $1 >= 10.0 ? 1 : 0 ); } } sub get_db_identifiers { my ($db_version) = @_; if ( version_is_mariadb($db_version) ) { return ( 'plain' => 'mariadb', 'stylized' => 'MariaDB' ); } else { return ( 'plain' => 'mysql', 'stylized' => 'MySQL®' ); } } sub _get_file { my ( $url, %opts ) = @_; $url = 'http://' . get_update_source() . $url; my @FILE = split( /\//, $url ); my $file = pop(@FILE); if ( -e $file ) { WARN("Warning: Overwriting the $file file..."); unlink $file; FATAL("The system could not remove the $file file.") if ( -e $file ); } DEBUG("Retrieving $url to the $file file..."); my ( $rc, $out ) = _wget_url( $url, $file ); if ( !-e $file || -z $file ) { unlink $file; if ( $opts{is_optional} ) { WARN("The system could not fetch the optional $file file: $out"); return; } FATAL("The system could not fetch the $file file: $out"); } return $file; } sub get_update_source { my $update_source = 'httpupdate.cpanel.net'; my $source_file = '/etc/cpsources.conf'; if ( -r $source_file && -s $source_file ) { # pull in from cpsources.conf if it's set. open( my $fh, "<", $source_file ) or return $update_source; while (<$fh>) { next if ( $_ !~ m/^\s*HTTPUPDATE\s*=\s*(\S+)/ ); $update_source = "$1"; FATAL("HTTPUPDATE is set to '$update_source' in the $source_file file.") if ( !$update_source ); last; } } return $update_source; } sub get_myip_url { my $source_file = '/etc/cpsources.conf'; my $myip_url = $DEFAULT_MYIP_URL; if ( -r $source_file && -s $source_file ) { # pull in from cpsources.conf if it's set. open( my $fh, "<", $source_file ) or return $myip_url; while (<$fh>) { next unless m/^\s*MYIP\s*=\s*(\S+)/; $myip_url = "$1"; last; } } DEBUG("Using MyIp URL to detect server IP '$myip_url'."); return $myip_url; } sub guess_ip { my $url = get_myip_url(); my ( $wget_bin, $wget_args ) = get_download_tool_binary(); FATAL("No wget binary defined at this stage.") unless $wget_bin; my $file = q[guess.my.ip]; my $max = 3; foreach my $iter ( 1 .. $max ) { unlink $file; _wget_url( $url, $file ); last if $? == 0; if ( $iter == $max ) { FATAL("Failed to call URL $url to detect your IP."); } WARN("Call to $url fails, giving it another try [$iter/$max]"); sleep 3; } my $ip; { open( my $fh, '<', $file ) or FATAL("Cannot read file $file."); $ip = readline($fh); close($fh); } chomp($ip) if defined $ip; if ( !defined $ip || !length $ip ) { # could also use FATAL - be relax for now to avoid false positives WARN("Fail to guess your IP using URL $url."); return; } # sanitize the IP - Ipv4 or Ipv6 character set only if ( $ip !~ qr{^[0-9a-f\.:]+$}i ) { # could also use FATAL - be relax for now to avoid false positives WARN("Invalid IP address '$ip' returned by $url"); return; } return $ip; } sub verify_url { my ($ip) = @_; $ip ||= ''; return qq[https://verify.cpanel.net/xml/verifyfeed?ip=$ip]; } # # block cPanel&WHM install when a DNSONLY license is valid for the server # block DNSONLY license when a cPanel license is valid for the server # sub check_license_conflict { my $ip = guess_ip(); # skip check and continue install if we cannot guess up return unless defined $ip; INFO("Checking for existing active license linked to IP '$ip'."); my $verify_license_xml = q[verify.license.xml]; my $url = verify_url($ip); # check verify.cpanel.net - the xml one... _wget_url( $url, $verify_license_xml ); my $active_basepkg = 0; my $package = ""; { open( my $fh, '<', $verify_license_xml ) or FATAL("Cannot read file $verify_license_xml."); while ( my $line = <$fh> ) { next unless $line =~ m/status="1"/; # package is active next unless $line =~ m/basepkg="1"/; # package is a base package (skipping packages like kernelcare, cloudlinux & co) if ( $line =~ m/producttype="([0-9]+)"/ ) { $active_basepkg = $1; $line =~ m/package="([^"]+)"/; $package = $1; last; } } } return unless $active_basepkg; if ( is_dnsonly() ) { # we cannot install dnsonly if a cPanel license exists if ( $active_basepkg != 64 ) { unlink '/var/cpanel/dnsonly'; ERROR("Unexpected license type found for your IP: https://verify.cpanel.net/app/verify?ip=$ip"); ERROR("Current active package is $package"); FATAL("Installation aborted. Perhaps you meant to install latest instead of latest-dnsonly? If not please cancel your cPanel license before installing a cPanel DNSONLY server."); } } else { # we cannot install cPanel if a dnsonly license exists if ( $active_basepkg & PRODUCT_DNSONLY ) { ERROR("Unexpected license type found for your IP: https://verify.cpanel.net/app/verify?ip=$ip"); FATAL("Installation aborted. Perhaps you meant to install latest-dnsonly instead of latest? If not please cancel your DNSONLY license before installing a cPanel & WHM server."); } } # everything is fine at this point return; } # $file can be '-' to return the output as a scalar, or the path to a file to download the given $url sub _wget_url { my ( $url, $file ) = @_; my ( $wget_bin, $wget_args ) = get_download_tool_binary(); FATAL("No wget binary defined at this stage.") unless $wget_bin; my $max = 3; foreach my $iter ( 1 .. $max ) { unlink $file; my $output = `$wget_bin $wget_args '$file' $url 2>&1`; ## no critic(ProhibitQxAndBackticks) return ( 1, $output ) if $? == 0; WARN("Call to URL '$url' failed, attempt [$iter/$max]"); if ( $iter == $max ) { FATAL("Failed to download URL $url: $output"); } sleep 3; } return; } # mkdir some directories. sub setup_empty_directories { my $distro = shift or die; INFO('The installation process will now set up the necessary empty cpanel directories.'); foreach my $dir (qw{/usr/local/cpanel /usr/local/cpanel/base /usr/local/cpanel/base/frontend /usr/local/cpanel/logs /var/cpanel /var/cpanel/tmp /var/cpanel/version /var/cpanel/perl /var/named}) { unlink $dir if ( -f $dir || -l $dir ); if ( !-d $dir ) { DEBUG("mkdir $dir"); mkdir( $dir, 0755 ); } } foreach my $dir (qw{/var/cpanel/logs}) { unlink $dir if ( -f $dir || -l $dir ); if ( !-d $dir ) { DEBUG("mkdir $dir"); mkdir( $dir, 0700 ); } } return; } sub get_download_tool_binary { for my $bin (qw(/bin/wget /usr/bin/wget /usr/local/bin/wget)) { next if ( !-e $bin ); next if ( !-x _ ); next if ( -z _ ); return ( $bin, '-q --no-dns-cache --tries=20 --timeout=60 --dns-timeout=60 --read-timeout=30 --waitretry=1 --retry-connrefused -O' ) if ( `$bin --version` =~ m/GNU\s+Wget\s+\d+\.\d+/ims ); ## no critic(ProhibitQxAndBackticks) } FATAL("The installation process could not find the wget binary. Install it to a standard location."); return; } sub gpg_bin { for my $bin (qw(/bin/gpg /usr/bin/gpg /usr/local/bin/gpg)) { next if ( !-e $bin ); next if ( !-x _ ); next if ( -z _ ); return $bin; } FATAL("The installation process could not find the gpg binary. Install it to a standard location."); return; } # Code previously located in the bootstrap script. sub bootstrap { my ( $distro, $distro_version ) = @_; # Confirm perl version. if ( $] < 5.008 ) { print "This installer requires Perl 5.8.0 or better.\n"; die "Cannot continue.\n"; } $gpg_bin = gpg_bin(); setup_empty_directories($distro); fetch_gpg_key_once(); return; } sub get_total_memory { # tests on different architectures show that 15 % is safe my $tolerance_factor = 1.15; # MemTotal: Total usable ram (i.e. physical ram minus a few reserved # bits and the kernel binary code) # note, another option would be to use "dmidecode --type 17", or dmesg # but this will require an additional RPM # we just want to be sure that a customer does not install # with 512 when 700 or more is required my $meminfo = q{/proc/meminfo}; if ( open( my $fh, "<", $meminfo ) ) { while ( my $line = readline $fh ) { if ( $line =~ m{^MemTotal:\s+([0-9]+)\s*kB}i ) { return int( int( $1 / 1_024 ) * $tolerance_factor ); } } } return 0; # something is wrong } sub five_second_pause { for ( 1 .. 5 ) { print '.'; sleep(1); } print "\n"; return; } sub warn_clean_server_needed { Common::INFO("cPanel Layer 1 Installer Starting..."); Common::INFO("Warning !!! Warning !!! WARNING !!! Warning !!! Warning"); Common::INFO("-------------------------------------------------------"); Common::INFO("cPanel requires a fresh, clean server!"); Common::INFO("If you serve websites from this server, this installer"); Common::INFO("will overwrite all of your configuration files."); Common::INFO("Hit Ctrl+C NOW!"); Common::INFO("If this is a new server, please ignore this message."); Common::INFO("-------------------------------------------------------"); Common::INFO("Warning !!! Warning !!! WARNING !!! Warning !!! Warning"); Common::INFO("Waiting 5 seconds..."); Common::INFO(""); Common::INFO(""); five_second_pause(); return; } sub print_warning_notice { my ( $advice, $force ) = @_; FATAL $advice unless $force; do { WARN($_) } for split /\n/, $advice; five_second_pause(); print "\n"; return; } # NOTE, this is as "concise" as I could make this, though I'm # basically copying what Cpanel::FileUtils::TouchFile does. my @meths = ( sub { return 1 if utime( undef, undef, $_[0] ) }, sub { return !ssystem( 'touch', $_[0] ) }, ); sub touch { my ($file) = @_; foreach (@meths) { return if $_->($file); } die "Can't touch file $file"; } 1;