"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "install/lib/installer_base.lib.php" between
ISPConfig-3.2.6.tar.gz and ISPConfig-3.2.7.tar.gz

About: ISPConfig is an ISP management and Hosting Control Panel (for different Managed Services).

[ To the main ISPConfig source changes report ]

installer_base.lib.php  (ISPConfig-3.2.6):installer_base.lib.php  (ISPConfig-3.2.7)
skipping to change at line 54 skipping to change at line 54
private function install_acme() { private function install_acme() {
$install_cmd = 'wget -O - https://get.acme.sh | sh'; $install_cmd = 'wget -O - https://get.acme.sh | sh';
$ret = null; $ret = null;
$val = 0; $val = 0;
exec($install_cmd . ' 2>&1', $ret, $val); exec($install_cmd . ' 2>&1', $ret, $val);
return ($val == 0 ? true : false); return ($val == 0 ? true : false);
} }
public function update_acme() { public function update_acme() {
$acme = explode("\n", shell_exec('which /usr/local/ispconfig/serv er/scripts/acme.sh /root/.acme.sh/acme.sh')); $acme = explode("\n", shell_exec('which acme.sh /usr/local/ispcon fig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
$acme = reset($acme); $acme = reset($acme);
$val = 0; $val = 0;
if($acme && is_executable($acme)) { if($acme && is_executable($acme)) {
$cmd = $acme . ' --upgrade --auto-upgrade ; ' . $acme . ' --set-default-ca --server letsencrypt'; $cmd = $acme . ' --upgrade --auto-upgrade ; ' . $acme . ' --set-default-ca --server letsencrypt';
$ret = null; $ret = null;
$val = 0; $val = 0;
exec($cmd. ' 2>&1', $ret, $val); exec($cmd. ' 2>&1', $ret, $val);
} }
skipping to change at line 2955 skipping to change at line 2955
$hook = $pre_hook . $post_hook . $renew_hook; $hook = $pre_hook . $post_hook . $renew_hook;
} else { } else {
$hook = $pre_hook . $renew_hook; $hook = $pre_hook . $renew_hook;
} }
// Get the default LE client name and version // Get the default LE client name and version
$le_client = explode("\n", shell_exec('which certbot /roo t/.local/share/letsencrypt/bin/letsencrypt /opt/eff.org/certbot/venv/bin/certbot letsencrypt')); $le_client = explode("\n", shell_exec('which certbot /roo t/.local/share/letsencrypt/bin/letsencrypt /opt/eff.org/certbot/venv/bin/certbot letsencrypt'));
$le_client = reset($le_client); $le_client = reset($le_client);
// Check for Neilpang acme.sh as well // Check for Neilpang acme.sh as well
$acme = explode("\n", shell_exec('which /usr/local/ispcon fig/server/scripts/acme.sh /root/.acme.sh/acme.sh')); $acme = explode("\n", shell_exec('which acme.sh /usr/loca l/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
$acme = reset($acme); $acme = reset($acme);
if((!$acme || !is_executable($acme)) && (!$le_client || ! is_executable($le_client))) { if((!$acme || !is_executable($acme)) && (!$le_client || ! is_executable($le_client))) {
$success = $this->install_acme(); $success = $this->install_acme();
if(!$success) { if(!$success) {
swriteln('Failed installing acme.sh. Will not be able to issue certificate during install.'); swriteln('Failed installing acme.sh. Will not be able to issue certificate during install.');
} else { } else {
$acme = explode("\n", shell_exec('which / usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh')); $acme = explode("\n", shell_exec('which a cme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
$acme = reset($acme); $acme = reset($acme);
if($acme && is_executable($acme)) { if($acme && is_executable($acme)) {
swriteln('Installed acme.sh and u sing it for certificate creation during install.'); swriteln('Installed acme.sh and u sing it for certificate creation during install.');
// we do this even on install to enable automatic updates // we do this even on install to enable automatic updates
$this->update_acme(); $this->update_acme();
} else { } else {
swriteln('Failed installing acme. sh. Will not be able to issue certificate during install.'); swriteln('Failed installing acme. sh. Will not be able to issue certificate during install.');
} }
} }
skipping to change at line 3006 skipping to change at line 3006
if($this->is_update) { if($this->is_update) {
system($this->getinitcommand($conf[$serve r]['init_script'], 'force-reload').' &> /dev/null || ' . $this->getinitcommand($ conf[$server]['init_script'], 'restart').' &> /dev/null'); system($this->getinitcommand($conf[$serve r]['init_script'], 'force-reload').' &> /dev/null || ' . $this->getinitcommand($ conf[$server]['init_script'], 'restart').' &> /dev/null');
} else { } else {
system($this->getinitcommand($conf[$serve r]['init_script'], 'restart').' &> /dev/null'); system($this->getinitcommand($conf[$serve r]['init_script'], 'restart').' &> /dev/null');
} }
} }
$issued_successfully = false; $issued_successfully = false;
// Backup existing ispserver ssl files // Backup existing ispserver ssl files
if(file_exists($ssl_crt_file) || is_link($ssl_crt_file)) //
{ // We may find valid or broken symlinks or actual files h
copy($ssl_crt_file, $ssl_crt_file . '-temporary.b ere.
ak'); //
} // - dangling links are broken and get perm renamed (shou
if(file_exists($ssl_key_file) || is_link($ssl_key_file)) ld just delete?).
{ // possibly web server can't start because vhost file p
copy($ssl_key_file, $ssl_key_file . '-temporary.b oints to non-existing cert files,
ak'); // we're not trying to catch or fix that (and not makin
} g it worse)
if(file_exists($ssl_pem_file) || is_link($ssl_pem_file)) //
{ // - link to valid file is tmp renamed, and file copied t
copy($ssl_pem_file, $ssl_pem_file . '-temporary.b o original name.
ak'); // if cert request is successful, remove the old symlin
k;
// if cert request fails, remove file copy and rename s
ymlink to original name
//
// - actual file copied to tmp name.
// if cert request is successful, rename tmp copy to pe
rm rename;
// if cert request fails, delete tmp copy
$cert_files = array( $ssl_crt_file, $ssl_key_file, $ssl_p
em_file );
foreach ($cert_files as $f) {
if (is_link($f) && ! file_exists($f)) {
rename($f, $f.'-'.$date->format('YmdHis')
.'.bak');
} elseif (is_link($f)) {
rename($f, $f.'-temporary.bak');
copy($f.'-temporary.bak', $f);
} elseif(file_exists($f)) {
copy($f, $f.'-temporary.bak');
}
} }
// Attempt to use Neilpang acme.sh first, as it is now th e preferred LE client // Attempt to use Neilpang acme.sh first, as it is now th e preferred LE client
if (is_executable($acme)) { if (is_executable($acme)) {
$acme_cert_dir = dirname($acme) . '/' . $hostname ; $acme_cert_dir = dirname($acme) . '/' . $hostname ;
swriteln('acme.sh is installed, overriding certif icate path to use ' . $acme_cert_dir); swriteln('acme.sh is installed, overriding certif icate path to use ' . $acme_cert_dir);
# acme.sh does not set umask, resulting in incorr ect permissions (ispconfig issue #6015) # acme.sh does not set umask, resulting in incorr ect permissions (ispconfig issue #6015)
$old_umask = umask(0022); $old_umask = umask(0022);
skipping to change at line 3052 skipping to change at line 3068
// Define LE certs name and path, then in stall them // Define LE certs name and path, then in stall them
//$acme_cert = "--cert-file $acme_cert_di r/cert.pem"; //$acme_cert = "--cert-file $acme_cert_di r/cert.pem";
$acme_key = "--key-file " . escapeshellar g($ssl_key_file); $acme_key = "--key-file " . escapeshellar g($ssl_key_file);
$acme_chain = "--fullchain-file " . escap eshellarg($ssl_crt_file); $acme_chain = "--fullchain-file " . escap eshellarg($ssl_crt_file);
exec("$acme --install-cert --log $acme_lo g -d " . escapeshellarg($hostname) . " $acme_key $acme_chain"); exec("$acme --install-cert --log $acme_lo g -d " . escapeshellarg($hostname) . " $acme_key $acme_chain");
$issued_successfully = true; $issued_successfully = true;
umask($old_umask); umask($old_umask);
// Make temporary backup of self-signed c erts permanent // Make temporary backup of self-signed c erts permanent
if(file_exists($ssl_crt_file.'-temporary. foreach ($cert_files as $f) {
bak') || is_link($ssl_crt_file.'-temporary.bak')) if (is_link($f.'-temporary.bak'))
rename($ssl_crt_file.'-temporary. {
bak', $ssl_crt_file.'-'.$date->format('YmdHis').'.bak'); unlink($f.'-temporary.bak
if(file_exists($ssl_key_file.'-temporary. ');
bak') || is_link($ssl_key_file.'-temporary.bak')) } elseif(file_exists($f.'-tempora
rename($ssl_key_file.'-temporary. ry.bak')) {
bak', $ssl_key_file.'-'.$date->format('YmdHis').'.bak'); rename($f.'-temporary.bak
if(file_exists($ssl_pem_file.'-temporary. ', $f.'-'.$date->format('YmdHis').'.bak');
bak') || is_link($ssl_pem_file.'-temporary.bak')) }
rename($ssl_pem_file.'-temporary. }
bak', $ssl_pem_file.'-'.$date->format('YmdHis').'.bak');
} else { } else {
swriteln('Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt'); swriteln('Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt');
umask($old_umask); umask($old_umask);
// Restore temporary backup of self-signe // Restore/cleanup temporary backup of se
d certs lf-signed certs
if(file_exists($ssl_crt_file.'-temporary. foreach ($cert_files as $f) {
bak') || is_link($ssl_crt_file.'-temporary.bak')) if (is_link($f.'-temporary.bak'))
rename($ssl_crt_file.'-temporary. {
bak', $ssl_crt_file); @unlink($f);
if(file_exists($ssl_key_file.'-temporary. rename($f.'-temporary.bak
bak') || is_link($ssl_key_file.'-temporary.bak')) ', $f);
rename($ssl_key_file.'-temporary. } elseif(file_exists($f.'-tempora
bak', $ssl_key_file); ry.bak')) {
if(file_exists($ssl_pem_file.'-temporary. unlink($f.'-temporary.bak
bak') || is_link($ssl_pem_file.'-temporary.bak')) ');
rename($ssl_pem_file.'-temporary. }
bak', $ssl_pem_file); }
} }
// Else, we attempt to use the official LE certbot client certbot // Else, we attempt to use the official LE certbot client certbot
} else { } else {
// But only if it is otherwise available // But only if it is otherwise available
if(is_executable($le_client)) { if(is_executable($le_client)) {
$out = null; $out = null;
$ret = null; $ret = null;
// Get its version info due to be used fo r webroot arguement issues // Get its version info due to be used fo r webroot arguement issues
skipping to change at line 3110 skipping to change at line 3128
if($ret == 0) { if($ret == 0) {
// certbot returns with 0 on issu e for already existing certificate // certbot returns with 0 on issu e for already existing certificate
$acme_cert_dir = '/etc/letsencryp t/live/' . $hostname; $acme_cert_dir = '/etc/letsencryp t/live/' . $hostname;
symlink($acme_cert_dir . '/fullch ain.pem', $ssl_crt_file); symlink($acme_cert_dir . '/fullch ain.pem', $ssl_crt_file);
symlink($acme_cert_dir . '/privke y.pem', $ssl_key_file); symlink($acme_cert_dir . '/privke y.pem', $ssl_key_file);
$issued_successfully = true; $issued_successfully = true;
// Make temporary backup of self- signed certs permanent // Make temporary backup of self- signed certs permanent
if(file_exists($ssl_crt_file.'-te foreach ($cert_files as $f) {
mporary.bak') || is_link($ssl_crt_file.'-temporary.bak')) if (is_link($f.'-temporar
rename($ssl_crt_file.'-te y.bak')) {
mporary.bak', $ssl_crt_file.'-'.$date->format('YmdHis').'.bak'); unlink($f.'-tempo
if(file_exists($ssl_key_file.'-te rary.bak');
mporary.bak') || is_link($ssl_key_file.'-temporary.bak')) } elseif(file_exists($f.'
rename($ssl_key_file.'-te -temporary.bak')) {
mporary.bak', $ssl_key_file.'-'.$date->format('YmdHis').'.bak'); rename($f.'-tempo
if(file_exists($ssl_pem_file.'-te rary.bak', $f.'-'.$date->format('YmdHis').'.bak');
mporary.bak') || is_link($ssl_pem_file.'-temporary.bak')) }
rename($ssl_pem_file.'-te }
mporary.bak', $ssl_pem_file.'-'.$date->format('YmdHis').'.bak');
} else { } else {
swriteln('Issuing certificate via certbot failed. Please check log files and make sure that your hostname can be verified by letsencrypt'); swriteln('Issuing certificate via certbot failed. Please check log files and make sure that your hostname can be verified by letsencrypt');
// Restore temporary backup of se // Restore/cleanup temporary back
lf-signed certs up of self-signed certs
if(file_exists($ssl_crt_file.'-te foreach ($cert_files as $f) {
mporary.bak') || is_link($ssl_crt_file.'-temporary.bak')) if (is_link($f.'-temporar
rename($ssl_crt_file.'-te y.bak')) {
mporary.bak', $ssl_crt_file); @unlink($f);
if(file_exists($ssl_key_file.'-te rename($f.'-tempo
mporary.bak') || is_link($ssl_key_file.'-temporary.bak')) rary.bak', $f);
rename($ssl_key_file.'-te } elseif(file_exists($f.'
mporary.bak', $ssl_key_file); -temporary.bak')) {
if(file_exists($ssl_pem_file.'-te unlink($f.'-tempo
mporary.bak') || is_link($ssl_pem_file.'-temporary.bak')) rary.bak');
rename($ssl_pem_file.'-te }
mporary.bak', $ssl_pem_file); }
} }
} else { } else {
swriteln('Did not find any valid acme cli ent (acme.sh or certbot)'); swriteln('Did not find any valid acme cli ent (acme.sh or certbot)');
} }
} }
if($restore_conf_symlink) { if($restore_conf_symlink) {
if(!@is_link($vhost_conf_enabled_dir.'/000-ispcon fig.conf')) { if(!@is_link($vhost_conf_enabled_dir.'/000-ispcon fig.conf')) {
symlink($vhost_conf_dir.'/ispconfig.conf' , $vhost_conf_enabled_dir.'/000-ispconfig.conf'); symlink($vhost_conf_dir.'/ispconfig.conf' , $vhost_conf_enabled_dir.'/000-ispconfig.conf');
 End of changes. 8 change blocks. 
70 lines changed or deleted 87 lines changed or added
To the PHP Programs section of the ISPConfig source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)