File: //cpanel_installer/Common.pm
package Common;
# cpanel - installd/Common.pm Copyright 2021 cPanel, L.L.C.
# All rights reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
use strict;
use warnings;
use Sys::Hostname ();
use Socket;
use IO::Handle ();
use IO::Select ();
use IPC::Open3 ();
# Helper routines for the log.
our $message_caller_depth = 1;
our $lock_file = '/root/installer.lock';
my $log_file = '/var/log/cpanel-install.log';
our $log_fh;
my $COLOR_RED = 31;
my $COLOR_YELLOW = 33;
my $collect_output = undef;
my %TIER_CACHE;
our $DEFAULT_MYIP_URL = q[https://myip.cpanel.net/v1.0/]; # default value
use constant PRODUCT_DNSONLY => 64;
# Populate some globals determined by functions
my $gpg_bin = gpg_bin();
################################################################################
# Set up output handling code
sub colorize_bold {
my ( $color, $msg ) = @_;
return $msg if !defined $color || -e q{/var/cpanel/disable_cpanel_terminal_colors};
$msg ||= '';
return chr(27) . '[1;' . $color . 'm' . $msg . chr(27) . '[0;m';
}
# space pad debug messages.
sub DEBUG($) { return _MSG( 'DEBUG', " " . shift ) }
sub ERROR($) { return _MSG( 'ERROR', colorize_bold( $COLOR_RED, shift ) ) }
sub WARN($) { return _MSG( 'WARN', colorize_bold( $COLOR_YELLOW, shift ) ) }
sub INFO($) { return _MSG( 'INFO', shift ) }
sub FATAL($) { _MSG( 'FATAL', colorize_bold( $COLOR_RED, shift ) ); die "\n"; }
# Make things nicer for tests
our $prefix = '';
sub _MSG {
my $level = shift;
my $msg = shift || '';
chomp $msg;
my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst ) = localtime;
my ( $package, $filename, $line ) = caller($message_caller_depth);
my $stamp_msg = sprintf( "%s%04d-%02d-%02d %02d:%02d:%02d %4s [%d] (%5s): %s\n", $prefix, $year + 1900, $mon + 1, $mday, $hour, $min, $sec, $line, $$, $level, $msg );
print {$log_fh} $stamp_msg;
if ( defined $collect_output ) {
$collect_output .= $stamp_msg;
}
else {
print $stamp_msg;
}
return;
}
################################################################################
sub get_lts_version {
my $cpanel_version = get_cpanel_version();
my ( undef, $lts_version ) = split( qr/\./, $cpanel_version );
return $lts_version;
}
sub get_cpanel_version {
my $tier = get_cpanel_tier();
my $version = guess_version_from_tier($tier);
return $version;
}
sub get_staging_dir {
return '' if !-e '/etc/cpupdate.conf';
my $cpupdate_conf = read_config('/etc/cpupdate.conf');
return $cpupdate_conf->{'STAGING_DIR'} // '';
}
sub get_cpanel_tier {
# Pull in cpupdate.conf settings.
my $cpupdate_conf = read_config('/etc/cpupdate.conf');
# Determine tier or assume defaults.
my $tier = $cpupdate_conf->{'CPANEL'} || 'release';
# version numbers without 11.
if ( $tier =~ /^\d+/ && $tier !~ /^11\./ ) {
$tier = '11.' . $tier;
}
return $tier;
}
sub cleanup_lock_file_and_gpg_homedir {
if ( open my $fh, '<', $lock_file ) {
my $pid = <$fh>;
close $fh;
chomp $pid if ($pid);
if ( !$pid || $pid == $$ ) {
print "Removing $lock_file.\n";
unlink $lock_file;
}
}
if ( -d gpg_homedir() ) {
opendir( my $dh, gpg_homedir() );
my @files = readdir($dh);
closedir($dh);
@files = map { gpg_homedir() . "/" . $_ } grep { !/^\.{1,2}/ } @files;
unlink($_) for @files;
rmdir( gpg_homedir() );
}
return;
}
sub invalid_system {
my $message = shift || '';
chomp $message;
ERROR("$message");
ERROR "The system detected an unsupported distribution. cPanel & WHM only supports CentOS 7 and 8, AlmaLinux 8, Red Hat Enterprise Linux® 6 and 7 and CloudLinux™ 6, 7, and 8 and Ubuntu 20.04.";
FATAL("Please reinstall cPanel & WHM from a valid distribution.");
return;
}
sub clean_install_check {
INFO('Checking for any control panels...');
my @server_detected;
push @server_detected, 'DirectAdmin' if ( -e '/usr/local/directadmin' );
push @server_detected, 'Plesk' if ( -e '/etc/psa' );
push @server_detected, 'Ensim' if ( -e '/etc/appliance' || -d '/etc/virtualhosting' );
#push @server_detected, 'Alabanza' if ( -e '/etc/mail/mailertable' );
push @server_detected, 'Zervex' if ( -e '/var/db/dsm' );
push @server_detected, 'Web Server Director' if ( -e '/bin/rpm' && `/bin/rpm -q ServerDirector` =~ /^ServerDirector/ms ); ## no critic(ProhibitQxAndBackticks)
# Don't just check for /usr/local/cpanel, as some people will have created
# that directory as a mount point for the install.
push @server_detected, 'cPanel & WHM' if -e '/usr/local/cpanel/cpkeyclt';
return if ( !@server_detected );
ERROR("The installation process found evidence that the following control panels were installed on this server:");
ERROR($_) foreach (@server_detected);
FATAL('You must install cPanel & WHM on a clean server.');
return;
}
sub check_resolv_conf {
check_remote_resolvers();
INFO("Validating whether the system can look up domains...");
my @domains = qw(
httpupdate.cpanel.net
securedownloads.cpanel.net
);
foreach my $domain (@domains) {
DEBUG("Testing $domain...");
next if ( gethostbyname($domain) );
ERROR( '!' x 105 . "\n" );
ERROR("The system cannot resolve the $domain domain. Check the /etc/resolv.conf file. The system has terminated the installation process.\n");
FATAL( '!' x 105 . "\n" );
}
return;
}
sub open_logs {
my $installstart = time();
if ( my $mtime = ( stat($log_file) )[9] ) {
my $bu_file = $log_file . '.' . $mtime;
system( '/bin/cp', $log_file, $bu_file ) unless -e $bu_file;
}
my $orig_umask = umask(0077);
open( $log_fh, '>>', $log_file ) or die "Could not open log: $!";
$log_fh->autoflush(1);
umask($orig_umask);
my $installstarttime = localtime($installstart);
INFO("cPanel & WHM installation started at: ${installstarttime}!");
INFO("This installation will require 10-50 minutes, depending on your hardware and network.");
INFO("Now is the time to go get another cup of coffee/jolt.");
INFO("The install will log to the /var/log/cpanel-install.log file.");
INFO("");
INFO("Beginning Installation v3...");
return $installstart;
}
sub get_hostname_via_getnameinfo {
return undef if !Socket->can('getaddrinfo');
my ( $err, @getaddr ) = Socket::getaddrinfo(
get_main_ip(),
undef,
{
family => Socket::AF_UNSPEC(),
protocol => Socket::IPPROTO_TCP(),
}
);
for my $addr (@getaddr) {
my ( $err, $host, $service ) = Socket::getnameinfo( $addr->{addr}, Socket::NI_NAMEREQD() );
if ( defined $host ) {
return $host;
}
}
return undef;
}
# Copied from Cpanel::DIp::MainIP
sub get_main_ip {
foreach my $ip ( split( /\n/, `/sbin/ip -4 addr show` ) ) { ## no critic(ProhibitQxAndBackticks)
if ( $ip =~ m{ [\s\:] (\d+ [.] \d+ [.] \d+ [.] \d+) }xms ) {
my $thisip = $1;
if ( !is_loopback($thisip) ) {
return $thisip;
}
}
}
return 0;
}
# Copied from Cpanel::IP::Loopback
sub is_loopback {
return (
length $_[0]
&& (
$_[0] eq 'localhost' #
|| $_[0] eq 'localhost.localdomain' #
|| $_[0] eq '0000:0000:0000:0000:0000:0000:0000:0001' #
|| ( length $_[0] >= 32 && substr( $_[0], 0, 32 ) eq '0000:0000:0000:0000:0000:ffff:7f' ) # ipv4 inside of ipv6 match 127.*
|| ( length $_[0] >= 11 && substr( $_[0], 0, 11 ) eq '::ffff:127.' ) # ipv4 inside of ipv6 match 127.*
|| ( length $_[0] >= 4 && substr( $_[0], 0, 4 ) eq '127.' ) # ipv4 needs to match 127.*
|| $_[0] eq '0:0:0:0:0:0:0:1' #
|| $_[0] eq ':1' #
|| $_[0] eq '::1' #
|| $_[0] eq '(null)' #
|| $_[0] eq '(null):0000:0000:0000:0000:0000:0000:0000' #
|| $_[0] eq '0000:0000:0000:0000:0000:0000:0000:0000' #
|| $_[0] eq '0.0.0.0'
) #
) ? 1 : 0;
}
# Copied from Cpanel::Sys::Hostname::FQDN
sub get_fqdn_hostname {
my $hostname_from_sys_hostname = Sys::Hostname::hostname();
$hostname_from_sys_hostname =~ tr{A-Z}{a-z};
my $hostname_from_getnameinfo = get_hostname_via_getnameinfo() || "";
if ( !length $hostname_from_getnameinfo ) {
return $hostname_from_sys_hostname;
}
$hostname_from_getnameinfo =~ tr{A-Z}{a-z};
if ( index( $hostname_from_getnameinfo, $hostname_from_sys_hostname ) == 0 ) {
return $hostname_from_getnameinfo;
}
return $hostname_from_sys_hostname;
}
sub check_hostname {
my $hostname = get_fqdn_hostname();
INFO "Validating that the system hostname ('$hostname') is a FQDN...";
if ( $hostname =~ /^www\./ ) {
FATAL "The installation process detected the following hostname: $hostname\n Hostnames cannot start with www! Use a valid hostname.";
}
if ( !is_valid_hostname($hostname) ) {
ERROR "";
ERROR "********************* ERROR *********************";
ERROR "";
ERROR "Your hostname ($hostname) is invalid, and must be";
ERROR "set to a fully qualified domain name before installing cPanel.";
ERROR "";
ERROR "A fully qualified domain name must contain two dots, and consists of two parts: the hostname and the domain name.";
ERROR "You can update your hostname by running `hostname your-hostname.example.com`, then re-running the installer.";
ERROR "********************* ERROR *********************";
FATAL "Exiting...";
}
return;
}
sub check_files {
INFO "Checking for essential system files...";
unless ( -f '/etc/fstab' ) {
ERROR "Your system is missing the file /etc/fstab. This is an";
ERROR "essential system file that is part of the base system.";
FATAL "Please ensure the system has been properly installed.";
}
my $selinux_config_dir = '/etc/selinux';
my $selinux_config_file = "$selinux_config_dir/config";
unless ( -f $selinux_config_file ) {
INFO "Creating SELinux config file: $selinux_config_file";
mkdir $selinux_config_dir unless -d $selinux_config_dir;
open my $fh, '>', $selinux_config_file or FATAL "Unable to create $selinux_config_file";
print {$fh} "SELINUX=disabled\n";
close $fh;
}
return;
}
sub ssystem {
my @cmd = @_;
my $conf_hr = ref( $cmd[-1] ) eq 'HASH' ? pop(@cmd) : {};
local $message_caller_depth = $message_caller_depth + 1; # Set caller depth deeper during this sub so debugging it clearer.
DEBUG( '- ssystem [BEGIN]: ' . join( ' ', @cmd ) );
open( my $rnull, '<', '/dev/null' ) or die "Can't open /dev/null: $!";
my $io = IO::Handle->new;
my $pid = IPC::Open3::open3( $rnull, $io, $io, @cmd );
$io->blocking(0);
my $select = IO::Select->new($io);
my $exit_status;
my $buffer = '';
my $buffered_waiting_count = 0;
while ( !defined $exit_status ) {
while ( my $line = readline($io) ) {
# Push the buffer lacking a newline onto the front of this.
if ($buffer) {
$line = $buffer . $line;
$buffer = '';
}
$line =~ s/\r//msg; # Strip ^M from output for better log output.
# Internally buffer on newlines.
if ( $line =~ m/\n$/ms ) {
DEBUG( " " . $line );
$buffered_waiting_count = 0;
}
else {
print "." if ( $buffered_waiting_count++ > 1 );
$buffer = $line;
}
}
# Parse exit status or yield time to the CPU.
if ( waitpid( $pid, 1 ) == $pid ) {
$exit_status = $? >> 8;
}
else {
# Watch the file handle for output.
$select->can_read(0.01);
}
}
ERROR(" - ssystem [EXIT_CODE] '$cmd[0]' exited with $exit_status (ignored)") if $exit_status && !$conf_hr->{'ignore_errors'};
close($rnull);
$io->close();
DEBUG('- ssystem [END]');
return $exit_status;
}
sub is_valid_hostname {
my $domain = shift;
if ( !defined $domain ) {
return;
}
# No blank or space characters
if ( $domain =~ m/\s+/ ) {
return;
}
if ( $domain =~ m/[.]{2,}/ ) {
return;
}
# Can not end with period
if ( $domain =~ m/[.]$/ ) {
return;
}
# Can not end with minus sign
if ( $domain =~ m/[-](?=[.]|\z)/ ) {
return;
}
# Must be able to fit in struct utsname
if ( length $domain > 64 ) {
return;
}
# Can't have an all-numeric TLD or be an IP address
if ( $domain =~ m/\.\d+\z/ ) {
return;
}
# Must start with alpha numeric, and must have atleast one 'label' part - i.e., label.domain.tld
if ( $domain =~ /^(?:[a-z0-9][a-z0-9\-]*\.){2,}[a-z0-9][a-z0-9\-]*$/i ) {
return 1;
}
return;
}
sub updatenow {
my (%flags) = @_;
INFO("Downloading updatenow.static");
# Download the tar.gz files and extract them instead.
my $install_version = get_cpanel_version();
my $source = "/cpanelsync/$install_version/cpanel/scripts/updatenow.static.bz2";
DEBUG("Retrieving the updatenow.static file from $source...");
# download file in current directory (inside the self extracted tarball)
unlink 'updatenow.static';
cpfetch($source);
chmod 0755, 'updatenow.static';
my $exit;
my @passed_flags = map { ( "--$_" => $flags{$_} ) } sort keys %flags;
for ( 1 .. 5 ) { # Re-try updatenow if it fails.
INFO("Closing the installation log and passing output control to the updatenow.static file...");
# close $log_fh so it can be re-opened by updatenow.
close $log_fh;
$exit = system( './updatenow.static', '--upcp', '--force', "--log=$log_file", @passed_flags );
# Re-open the log regardless of success.
my $log_file = '/var/log/cpanel-install.log';
open( $log_fh, '>>', $log_file ) or die "Can't open log file: $!";
$log_fh->autoflush(1);
return if ( !$exit );
DEBUG("The installation process detected a failed synchronization. The system will reattempt the synchronization with the updatenow.static file...");
}
my $signal = $exit % 256;
$exit = $exit >> 8;
FATAL("The installation process was unable to synchronize cPanel & WHM. Verify that your network can connect to httpupdate.cpanel.net and rerun the installer.");
FATAL("The updatenow.static process terminated with the following exit code: $exit ($signal); The cPanel & WHM installation process cannot proceed.");
return;
}
# Remote resolvers are required, since we remove local BIND during installation.
sub check_remote_resolvers {
open my $resolv_conf_fh, '<', '/etc/resolv.conf' or FATAL("Could not open /etc/resolv.conf: $!");
if ( !grep { m/^\s*nameserver\s+/ && !m/\s+127.0.0.1$/ } <$resolv_conf_fh> ) {
FATAL("/etc/resolv.conf must be configured with non-local resolvers for installations to complete.");
}
return;
}
sub _create_gpg_homedir {
mkdir( gpg_homedir(), 0700 ) if !-e gpg_homedir();
return;
}
sub signatures_enabled {
my $config = read_config('/var/cpanel/cpanel.config');
my $is_enabled = ( defined $config->{'signature_validation'} && $config->{'signature_validation'} eq 'Off' ) ? 0 : 1;
return $is_enabled;
}
sub read_config {
my $file = shift or die;
my $config = {};
open( my $fh, "<", $file ) or return $config;
while ( my $line = readline $fh ) {
chomp $line;
if ( $line =~ m/^\s*([^=]+?)\s*$/ ) {
my $key = $1 or next; # Skip loading the key if it's undef or 0
$config->{$key} = undef;
}
elsif ( $line =~ m/^\s*([^=]+?)\s*=\s*(.*?)\s*$/ ) {
my $key = $1 or next; # Skip loading the key if it's undef or 0
$config->{$key} = $2;
}
}
return $config;
}
sub check_if_we_can_get_to_httpupdate {
foreach my $src ( 'index.html', 'modules/index.html' ) {
my $page = _wget_url( 'http://httpupdate.cpanel.net/pub/CPAN/' . $src, '-' );
if ( $page =~ m/perl/i && $page =~ m/CPAN/ ) {
INFO("The system successfully connected to the httpupdate.cpanel.net server.");
return;
}
}
FATAL("The system cannot currently download from the httpupdate.cpanel.net servers.");
return;
}
our $_gpg_setup;
sub fetch_gpg_key_once {
return if $_gpg_setup;
my $pub_keys = public_keys();
_create_gpg_homedir();
foreach my $key ( @{ keys_to_download() } ) {
INFO("Downloading GPG public key, $pub_keys->{$key}");
my $target = secure_downloads() . $pub_keys->{$key};
my $dest = gpg_homedir() . "/" . $pub_keys->{$key};
_wget_url( $target, $dest );
if ( !-e $dest ) {
FATAL("Could not download GPG public key at “$target”.");
return;
}
INFO("Importing downloaded GPG public key from “$dest”.");
my $gpg_cmd = $gpg_bin . " -q --homedir " . gpg_homedir() . " --import " . $dest;
my $output = `$gpg_cmd 2>&1`; ## no critic(ProhibitQxAndBackticks)
if ( $? != 0 ) {
WARN("Failed to import GPG public key from “$dest”: $output");
}
}
$ENV{'CPANEL_BASE_INSTALL_GPG_KEYS_IMPORTED'} = 1; # in v82+ fix-cpanel-perl will skip gpg keyimport if set
$_gpg_setup = 1;
return;
}
sub keys_to_download {
my $config = read_config('/var/cpanel/cpanel.config');
my $keyrings = gpg_keyrings();
if ( !defined $config->{'signature_validation'} ) {
my $mirror = get_update_source();
if ( $mirror =~ /^(?:.*\.dev|qa-build|next)\.cpanel\.net$/ ) {
return $keyrings->{'development'};
}
else {
return $keyrings->{'release'};
}
}
elsif ( $config->{'signature_validation'} =~ /^Release and (?:Development|Test) Keyrings$/ ) {
return $keyrings->{'development'};
}
else {
return $keyrings->{'release'};
}
}
sub gpg_homedir {
return '/var/cpanel/.gpgtmpdir';
}
sub public_keys {
return {
'release' => 'cPanelPublicKey.asc',
'development' => 'cPanelDevelopmentKey.asc',
};
}
sub secure_downloads {
return 'https://securedownloads.cpanel.net/';
}
sub gpg_keyrings {
return {
'release' => ['release'],
'development' => [ 'release', 'development' ],
};
}
# Place customer provided cpanel.config in place early in case we need to block on any of the settings.
sub setup_custom_cpanel_config {
mkdir '/var/cpanel';
chmod 0755, '/var/cpanel';
my $custom_cpanel_config_file = '/root/cpanel_profile/cpanel.config';
if ( -e $custom_cpanel_config_file ) {
INFO("The system is placing the custom cpanel.config file from $custom_cpanel_config_file.");
unlink '/var/cpanel/cpanel.config';
system( '/bin/cp', $custom_cpanel_config_file, '/var/cpanel/cpanel.config' );
}
return;
}
sub verify_file {
my ( $file, $sig, $url ) = @_;
fetch_gpg_key_once();
my @gpg_args = (
'--logger-fd', '1',
'--status-fd', '1',
'--homedir', gpg_homedir(),
'--verify', $sig,
$file,
);
# Verify the validity of the GPG signature.
# Information on these return values can be found in 'doc/DETAILS' in the GnuPG source.
my ( %notes, $curnote );
my ( $gpg_out, $success, $status );
my $gpg_pid = IPC::Open3::open3( undef, $gpg_out, undef, $gpg_bin, @gpg_args );
while ( my $line = readline($gpg_out) ) {
if ( $line =~ /^\[GNUPG:\] VALIDSIG ([A-F0-9]+) (\d+-\d+-\d+) (\d+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+)$/ ) {
$status = "Valid signature for $file";
$success = 1;
}
elsif ( $line =~ /^\[GNUPG:\] NOTATION_NAME (.+)$/ ) {
$curnote = $1;
$notes{$curnote} = '';
}
elsif ( $line =~ /^\[GNUPG:\] NOTATION_DATA (.+)$/ ) {
$notes{$curnote} .= $1;
}
elsif ( $line =~ /^\[GNUPG:\] BADSIG ([A-F0-9]+) (.+)$/ ) {
$status = "Invalid signature for $file.";
}
elsif ( $line =~ /^\[GNUPG:\] NO_PUBKEY ([A-F0-9]+)$/ ) {
$status = "Could not find public key ($1) in keychain.";
}
elsif ( $line =~ /^\[GNUPG:\] NODATA ([A-F0-9]+)$/ ) {
$status = "Could not find a GnuPG signature in the signature file.";
}
}
waitpid( $gpg_pid, 0 );
$status ||= "Unknown error from gpg.";
$status .= " (file:$file, sig:$sig)";
if ($success) {
INFO $status;
}
else {
FATAL $status;
}
# At this point, the signature should be valid.
# We now need to check to see if the filename signature notation is correct.
$url =~ s/\.bz2$//;
if ( defined( $notes{'filename@gpg.notations.cpanel.net'} ) ) {
my $file_note = $notes{'filename@gpg.notations.cpanel.net'};
if ( $file_note ne $url ) {
FATAL "Filename notation ($file_note) does not match URL ($url).";
}
}
else {
FATAL "Signature does not contain a filename notation.";
}
return;
}
# We use this all over the place.
# It should be redefinable in tests,
# so I added that here.
our $var_cpanel = '/var/cpanel';
sub is_dnsonly {
return -e "$var_cpanel/dnsonly" ? 1 : 0;
}
sub get_install_type {
my @args = @_;
# TYPE could be DNSONLY
my $type = 'standard';
if (@args) {
foreach my $val (@args) {
next if $val =~ m/^--/;
$type = $val;
last;
}
}
if ( $type =~ m/dnsonly/i ) {
INFO("cPanel DNSONLY installation requested.");
touch("$var_cpanel/dnsonly");
}
INFO("Install type: $type\n");
# This used to return undef,
# which is interesting given the subroutine name
# As such, may as well make this return it :/
return $type;
}
sub check_no_mysql {
# This can cause failures if the database is newer than the version we're
# going to install.
Common::INFO('Checking for an existing MySQL or MariaDB instance...');
my $mysql_dir = '/var/lib/mysql';
return unless -d $mysql_dir;
my $nitems = 0;
if ( opendir( my $dh, $mysql_dir ) ) {
$nitems = scalar grep { !/\A(?:\.{1,2}|lost\+found)\z/ } readdir $dh;
closedir($dh);
}
return unless $nitems;
ERROR "The installation process found evidence that MySQL or MariaDB was installed on this server:";
ERROR "The $mysql_dir directory is present and not completely empty.";
FATAL 'You must install cPanel & WHM on a clean server.';
return;
}
sub create_slash_scripts_symlink {
# Install cPanel files.
INFO('Installing /usr/local/cpanel files...');
DEBUG( "HTTPUPDATE is set to " . get_update_source() );
if ( -e '/scripts' && !-l '/scripts' ) {
if ( !-d '/scripts' ) {
WARN "The system detected /scripts as a file. Moving it to a new location...";
ssystem( qw{/bin/mv /scripts}, "/scripts.o.$$" );
}
else {
WARN "The system detected the /scripts directory. Moving its contents to the /usr/local/cpanel/scripts directory...";
ssystem(qw{mkdir -p /usr/local/cpanel/scripts});
ssystem('cd / && tar -cf - scripts | (cd /usr/local/cpanel && tar -xvf -)');
ssystem(qw{/bin/rm -rf /scripts});
}
}
unlink qw{/scripts};
symlink(qw{/usr/local/cpanel/scripts /scripts}) unless -e '/scripts';
if ( !-l '/scripts' ) {
WARN("The /scripts directory must be a symlink to the /usr/local/cpanel/scripts directory. cPanel & WHM does not use the /scripts directory.");
}
else {
DEBUG('/scripts symlink is set to point to /usr/local/cpanel/scripts');
}
return;
}
sub bootstrap_cpanel_perl {
my ($install_version) = @_;
# Force $install_version to be passed so we know the TIERS
# file has already been downloaded
die "bootstrap_cpanel_perl requires the \$install_version" if !$install_version;
# Install cPanel files.
INFO("Installing bootstrap cPanel Perl");
# Download the tar.gz files and extract them instead.
my $script = 'fix-cpanel-perl';
my $source = "/cpanelsync/$install_version/cpanel/scripts/${script}.xz";
unlink $script;
DEBUG("Retrieving the $script file from $source if available...");
# download file in current directory (inside the self extracted tarball)
cpfetch( $source, is_optional => 1 );
if ( !-e $script ) {
WARN("Script '$script' is not available for cPanel & WHM version $install_version. Continuing installation...");
return;
}
chmod 0700, $script;
INFO("Running script $script to bootstrap cPanel Perl.");
my $exit;
# Retry a few times if one of the http request failed
my $max = 3;
foreach my $iter ( 1 .. $max ) {
$exit = system("./$script");
if ( $exit == 0 ) {
INFO("Successfully installed cPanel Perl minimal version.");
return;
}
WARN("Run #$iter/$max failed to run script $script.");
last if $iter == $max;
sleep 5;
}
my $signal = $exit % 256;
$exit = $exit >> 8;
FATAL("Failed to run script $script to bootstrap cPanel Perl.");
FATAL("The script $script terminated with the following exit code: $exit ($signal); The cPanel & WHM installation process cannot proceed.");
return;
}
sub cpfetch {
my ( $url, %opts ) = @_;
if ( !$url ) {
FATAL("The system called the cpfetch process without a URL.");
}
my $file = _get_file( $url, %opts );
return unless defined $file;
if ( $file =~ /\.bz2$/ ) {
ssystem( "/usr/bin/bunzip2", $file );
}
if ( signatures_enabled() ) {
$url =~ s/\.bz2$//g;
$file =~ s/\.bz2$//g;
my $sig = _get_file("$url.asc");
verify_file( $file, $sig, $url );
}
# the xz file itself is signed only extract it after checking the signature
if ( $file =~ /\.xz$/ ) {
ssystem( "/usr/bin/unxz", $file );
}
return;
}
sub guess_version_from_tier {
my $tier = shift || 'release';
if ( defined( $TIER_CACHE{$tier} ) ) {
return $TIER_CACHE{$tier};
}
# Support version numbers as tiers.
if ( $tier =~ /^\s*\d+\.\d+\.\d+\.\d+\s*$/ ) {
$TIER_CACHE{$tier} = $tier;
return $tier;
}
# Download the file.
cpfetch('/cpanelsync/TIERS');
-e 'TIERS' or FATAL('The installation process could not fetch the /cpanelsync/TIERS file from the httpupdate server.');
# Parse the downloaded TIERS data for our tier. (Stolen from Cpanel::Update)
open( my $fh, '<', 'TIERS' ) or FATAL("The system could not read the downloaded TIERS file.");
while ( my $tier_definition = <$fh> ) {
chomp $tier_definition;
next if ( $tier_definition =~ m/^\s*#/ ); # Skip commented lines.
## e.g. edge:11.29.0 (requires two dots)
next if ( $tier_definition !~ m/^\s*([^:\s]+)\s*:\s*(\S+)/ );
my ( $remote_tier, $remote_version ) = ( $1, $2 );
$TIER_CACHE{$remote_tier} = $remote_version;
}
close $fh;
# Set any disabled tiers to install-fallback if possible.
foreach my $key ( keys %TIER_CACHE ) {
next if $key eq 'install-fallback';
if ( $TIER_CACHE{$key} && $TIER_CACHE{'install-fallback'} && $TIER_CACHE{$key} eq 'disabled' ) {
$TIER_CACHE{$key} = $TIER_CACHE{'install-fallback'};
}
}
# Fail if the tier is not present.
if ( !$TIER_CACHE{$tier} ) {
FATAL("The specified tier ('$tier') in the /etc/cpupdate.conf file is not a valid cPanel & WHM tier.");
}
# Fail if the tier is still disabled.
if ( $TIER_CACHE{$tier} eq 'disabled' ) {
FATAL("cPanel has temporarily disabled updates on the central httpupdate servers. Please try again later.");
}
return $TIER_CACHE{$tier};
}
sub create_feature_showcase_dir {
return if -e '/var/cpanel/activate/features';
Common::ssystem( 'mkdir', '-p', '/var/cpanel/activate/features' );
Common::ssystem( 'chown', '-R', 'root:root', '/var/cpanel/activate' );
Common::ssystem( 'chmod', '-R', '0700', '/var/cpanel/activate' );
return;
}
# Determine whether mysql-version set in config is MariaDB
sub version_is_mariadb {
my ($version) = @_;
if ( $version =~ m{^([0-9]{1,2})(?:\.[0-9])?} ) {
return ( $1 >= 10.0 ? 1 : 0 );
}
}
sub get_db_identifiers {
my ($db_version) = @_;
if ( version_is_mariadb($db_version) ) {
return ( 'plain' => 'mariadb', 'stylized' => 'MariaDB' );
}
else {
return ( 'plain' => 'mysql', 'stylized' => 'MySQL®' );
}
}
sub _get_file {
my ( $url, %opts ) = @_;
$url = 'http://' . get_update_source() . $url;
my @FILE = split( /\//, $url );
my $file = pop(@FILE);
if ( -e $file ) {
WARN("Warning: Overwriting the $file file...");
unlink $file;
FATAL("The system could not remove the $file file.") if ( -e $file );
}
DEBUG("Retrieving $url to the $file file...");
my ( $rc, $out ) = _wget_url( $url, $file );
if ( !-e $file || -z $file ) {
unlink $file;
if ( $opts{is_optional} ) {
WARN("The system could not fetch the optional $file file: $out");
return;
}
FATAL("The system could not fetch the $file file: $out");
}
return $file;
}
sub get_update_source {
my $update_source = 'httpupdate.cpanel.net';
my $source_file = '/etc/cpsources.conf';
if ( -r $source_file && -s $source_file ) { # pull in from cpsources.conf if it's set.
open( my $fh, "<", $source_file ) or return $update_source;
while (<$fh>) {
next if ( $_ !~ m/^\s*HTTPUPDATE\s*=\s*(\S+)/ );
$update_source = "$1";
FATAL("HTTPUPDATE is set to '$update_source' in the $source_file file.") if ( !$update_source );
last;
}
}
return $update_source;
}
sub get_myip_url {
my $source_file = '/etc/cpsources.conf';
my $myip_url = $DEFAULT_MYIP_URL;
if ( -r $source_file && -s $source_file ) { # pull in from cpsources.conf if it's set.
open( my $fh, "<", $source_file ) or return $myip_url;
while (<$fh>) {
next unless m/^\s*MYIP\s*=\s*(\S+)/;
$myip_url = "$1";
last;
}
}
DEBUG("Using MyIp URL to detect server IP '$myip_url'.");
return $myip_url;
}
sub guess_ip {
my $url = get_myip_url();
my ( $wget_bin, $wget_args ) = get_download_tool_binary();
FATAL("No wget binary defined at this stage.") unless $wget_bin;
my $file = q[guess.my.ip];
my $max = 3;
foreach my $iter ( 1 .. $max ) {
unlink $file;
_wget_url( $url, $file );
last if $? == 0;
if ( $iter == $max ) {
FATAL("Failed to call URL $url to detect your IP.");
}
WARN("Call to $url fails, giving it another try [$iter/$max]");
sleep 3;
}
my $ip;
{
open( my $fh, '<', $file ) or FATAL("Cannot read file $file.");
$ip = readline($fh);
close($fh);
}
chomp($ip) if defined $ip;
if ( !defined $ip || !length $ip ) {
# could also use FATAL - be relax for now to avoid false positives
WARN("Fail to guess your IP using URL $url.");
return;
}
# sanitize the IP - Ipv4 or Ipv6 character set only
if ( $ip !~ qr{^[0-9a-f\.:]+$}i ) {
# could also use FATAL - be relax for now to avoid false positives
WARN("Invalid IP address '$ip' returned by $url");
return;
}
return $ip;
}
sub verify_url {
my ($ip) = @_;
$ip ||= '';
return qq[https://verify.cpanel.net/xml/verifyfeed?ip=$ip];
}
#
# block cPanel&WHM install when a DNSONLY license is valid for the server
# block DNSONLY license when a cPanel license is valid for the server
#
sub check_license_conflict {
my $ip = guess_ip();
# skip check and continue install if we cannot guess up
return unless defined $ip;
INFO("Checking for existing active license linked to IP '$ip'.");
my $verify_license_xml = q[verify.license.xml];
my $url = verify_url($ip);
# check verify.cpanel.net - the xml one...
_wget_url( $url, $verify_license_xml );
my $active_basepkg = 0;
my $package = "";
{
open( my $fh, '<', $verify_license_xml ) or FATAL("Cannot read file $verify_license_xml.");
while ( my $line = <$fh> ) {
next unless $line =~ m/status="1"/; # package is active
next unless $line =~ m/basepkg="1"/; # package is a base package (skipping packages like kernelcare, cloudlinux & co)
if ( $line =~ m/producttype="([0-9]+)"/ ) {
$active_basepkg = $1;
$line =~ m/package="([^"]+)"/;
$package = $1;
last;
}
}
}
return unless $active_basepkg;
if ( is_dnsonly() ) {
# we cannot install dnsonly if a cPanel license exists
if ( $active_basepkg != 64 ) {
unlink '/var/cpanel/dnsonly';
ERROR("Unexpected license type found for your IP: https://verify.cpanel.net/app/verify?ip=$ip");
ERROR("Current active package is $package");
FATAL("Installation aborted. Perhaps you meant to install latest instead of latest-dnsonly? If not please cancel your cPanel license before installing a cPanel DNSONLY server.");
}
}
else {
# we cannot install cPanel if a dnsonly license exists
if ( $active_basepkg & PRODUCT_DNSONLY ) {
ERROR("Unexpected license type found for your IP: https://verify.cpanel.net/app/verify?ip=$ip");
FATAL("Installation aborted. Perhaps you meant to install latest-dnsonly instead of latest? If not please cancel your DNSONLY license before installing a cPanel & WHM server.");
}
}
# everything is fine at this point
return;
}
# $file can be '-' to return the output as a scalar, or the path to a file to download the given $url
sub _wget_url {
my ( $url, $file ) = @_;
my ( $wget_bin, $wget_args ) = get_download_tool_binary();
FATAL("No wget binary defined at this stage.") unless $wget_bin;
my $max = 3;
foreach my $iter ( 1 .. $max ) {
unlink $file;
my $output = `$wget_bin $wget_args '$file' $url 2>&1`; ## no critic(ProhibitQxAndBackticks)
return ( 1, $output ) if $? == 0;
WARN("Call to URL '$url' failed, attempt [$iter/$max]");
if ( $iter == $max ) {
FATAL("Failed to download URL $url: $output");
}
sleep 3;
}
return;
}
# mkdir some directories.
sub setup_empty_directories {
my $distro = shift or die;
INFO('The installation process will now set up the necessary empty cpanel directories.');
foreach my $dir (qw{/usr/local/cpanel /usr/local/cpanel/base /usr/local/cpanel/base/frontend /usr/local/cpanel/logs /var/cpanel /var/cpanel/tmp /var/cpanel/version /var/cpanel/perl}) {
unlink $dir if ( -f $dir || -l $dir );
if ( !-d $dir ) {
DEBUG("mkdir $dir");
mkdir( $dir, 0755 );
}
}
foreach my $dir (qw{/var/cpanel/logs}) {
unlink $dir if ( -f $dir || -l $dir );
if ( !-d $dir ) {
DEBUG("mkdir $dir");
mkdir( $dir, 0700 );
}
}
return;
}
sub get_download_tool_binary {
for my $bin (qw(/bin/wget /usr/bin/wget /usr/local/bin/wget)) {
next if ( !-e $bin );
next if ( !-x _ );
next if ( -z _ );
return ( $bin, '-q --no-dns-cache --tries=20 --timeout=60 --dns-timeout=60 --read-timeout=30 --waitretry=1 --retry-connrefused -O' ) if ( `$bin --version` =~ m/GNU\s+Wget\s+\d+\.\d+/ims ); ## no critic(ProhibitQxAndBackticks)
}
FATAL("The installation process could not find the wget binary. Install it to a standard location.");
return;
}
sub gpg_bin {
for my $bin (qw(/bin/gpg /usr/bin/gpg /usr/local/bin/gpg)) {
next if ( !-e $bin );
next if ( !-x _ );
next if ( -z _ );
return $bin;
}
FATAL("The installation process could not find the gpg binary. Install it to a standard location.");
return;
}
# Code previously located in the bootstrap script.
sub bootstrap {
my ( $distro, $distro_version ) = @_;
# Confirm perl version.
if ( $] < 5.008 ) {
print "This installer requires Perl 5.8.0 or better.\n";
die "Cannot continue.\n";
}
$gpg_bin = gpg_bin();
setup_empty_directories($distro);
fetch_gpg_key_once();
return;
}
sub get_total_memory {
# tests on different architectures show that 15 % is safe
my $tolerance_factor = 1.15;
# MemTotal: Total usable ram (i.e. physical ram minus a few reserved
# bits and the kernel binary code)
# note, another option would be to use "dmidecode --type 17", or dmesg
# but this will require an additional RPM
# we just want to be sure that a customer does not install
# with 512 when 700 or more is required
my $meminfo = q{/proc/meminfo};
if ( open( my $fh, "<", $meminfo ) ) {
while ( my $line = readline $fh ) {
if ( $line =~ m{^MemTotal:\s+([0-9]+)\s*kB}i ) {
return int( int( $1 / 1_024 ) * $tolerance_factor );
}
}
}
return 0; # something is wrong
}
sub five_second_pause {
for ( 1 .. 5 ) { print '.'; sleep(1); }
print "\n";
return;
}
sub warn_clean_server_needed {
Common::INFO("cPanel Layer 1 Installer Starting...");
Common::INFO("Warning !!! Warning !!! WARNING !!! Warning !!! Warning");
Common::INFO("-------------------------------------------------------");
Common::INFO("cPanel requires a fresh, clean server!");
Common::INFO("If you serve websites from this server, this installer");
Common::INFO("will overwrite all of your configuration files.");
Common::INFO("Hit Ctrl+C NOW!");
Common::INFO("If this is a new server, please ignore this message.");
Common::INFO("-------------------------------------------------------");
Common::INFO("Warning !!! Warning !!! WARNING !!! Warning !!! Warning");
Common::INFO("Waiting 5 seconds...");
Common::INFO("");
Common::INFO("");
five_second_pause();
return;
}
sub print_warning_notice {
my ( $advice, $force ) = @_;
FATAL $advice unless $force;
do { WARN($_) }
for split /\n/, $advice;
five_second_pause();
print "\n";
return;
}
# NOTE, this is as "concise" as I could make this, though I'm
# basically copying what Cpanel::FileUtils::TouchFile does.
my @meths = (
sub { return 1 if utime( undef, undef, $_[0] ) },
sub { return !ssystem( 'touch', $_[0] ) },
);
sub touch {
my ($file) = @_;
foreach (@meths) {
return if $_->($file);
}
die "Can't touch file $file";
}
1;