diff options
Diffstat (limited to 'tools/etc/icpc')
| -rwxr-xr-x | tools/etc/icpc/becomeserver.sh | 213 | ||||
| -rwxr-xr-x | tools/etc/icpc/bocaserver.sh | 1 | ||||
| -rwxr-xr-x | tools/etc/icpc/cleandisk.sh | 4 | ||||
| -rwxr-xr-x | tools/etc/icpc/createbocajail.sh | 122 | ||||
| -rwxr-xr-x | tools/etc/icpc/doclean.sh | 29 | ||||
| -rwxr-xr-x | tools/etc/icpc/installboca.sh | 190 | ||||
| -rwxr-xr-x | tools/etc/icpc/restart.sh | 31 | ||||
| -rwxr-xr-x | tools/etc/icpc/setup.sh | 91 | ||||
| -rw-r--r-- | tools/etc/icpc/update.sh | 14 | ||||
| -rw-r--r-- | tools/etc/icpc/update.sh.tmp | 40 | ||||
| -rwxr-xr-x | tools/etc/icpc/updatedbpass.sh | 84 |
11 files changed, 819 insertions, 0 deletions
diff --git a/tools/etc/icpc/becomeserver.sh b/tools/etc/icpc/becomeserver.sh new file mode 100755 index 0000000..4de2084 --- /dev/null +++ b/tools/etc/icpc/becomeserver.sh @@ -0,0 +1,213 @@ +#!/bin/bash +# //////////////////////////////////////////////////////////////////////////////// +# //BOCA Online Contest Administrator +# // Copyright (C) 2003-2012 by BOCA Development Team (bocasystem@gmail.com) +# // +# // This program is free software: you can redistribute it and/or modify +# // it under the terms of the GNU General Public License as published by +# // the Free Software Foundation, either version 3 of the License, or +# // (at your option) any later version. +# // +# // This program is distributed in the hope that it will be useful, +# // but WITHOUT ANY WARRANTY; without even the implied warranty of +# // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# // GNU General Public License for more details. +# // You should have received a copy of the GNU General Public License +# // along with this program. If not, see <http://www.gnu.org/licenses/>. +# //////////////////////////////////////////////////////////////////////////////// +# // Last modified 06/aug/2012 by cassio@ime.usp.br +for i in id chown chmod cut awk grep cat sed makepasswd ifconfig iptables php touch mkdir update-rc.d su rm mv; do + p=`which $i` + if [ -x "$p" ]; then + echo -n "" + else + echo command "$i" not found + exit 1 + fi +done + +if [ "`id -u`" != "0" ]; then + echo "Must be run as root" + exit 1 +fi +bocadir=/var/www/boca +[ -r /etc/boca.conf ] && . /etc/boca.conf + +privatedir=$bocadir/src/private +if [ ! -d $privatedir ]; then + echo "Could not find directory $privatedir" + exit 1 +fi + +apacheuser= +[ -r /etc/icpc/apacheuser ] && apacheuser=`cat /etc/icpc/apacheuser | sed 's/ \t\n//g'` +[ "$apacheuser" == "" ] && apacheuser=www-data +id -u $apacheuser >/dev/null 2>/dev/null +if [ $? != 0 ]; then + echo "User $apacheuser not found -- error to set permissions with chown/chmod" + apacheuser=root +fi + +postgresuser=postgres +id -u $postgresuser >/dev/null 2>/dev/null +if [ $? != 0 ]; then + echo "User $postgresuser not found -- maybe you use another name (then update this script) or postgres is not installed" + exit 1 +fi + +grep -iq "iface.*eth0.*inet.*static" /etc/network/interfaces +if [ $? != 0 ]; then + echo "*****************************************" + echo "IMPORTANT NOTICE ************************" + echo "Network interface eth0 has to be set with" + echo "a static IP address for this computer to " + echo "be a proper server -- DO IT ASAP ********" + echo "*****************************************" + sleep 2 +fi + +BOCASERVER=localhost +if [ -f /etc/icpc/postgresql.version ]; then + . /etc/icpc/postgresql.version +else +POSTGRESV="" +if [ ! -f /etc/init.d/postgresql ]; then + POSTGRESV="-8.4" +fi +fi +if [ ! -f /etc/init.d/postgresql$POSTGRESV ]; then + echo "I did not find the correct version of postgres -- please check it and update this script" + exit 1 +fi + +for i in `ls /etc/postgresql/*/main/pg_hba.conf`; do + grep -q "host.*bocadb.*bocauser" $i + if [ $? != 0 ]; then + echo "############" + echo "I AM GIVING ACCESS TO THE DATABASE FROM ANY IP (AS LONG AS THE PASSWORD IS OK)" + echo "In order to improve security, it is possible to alter the file $i" + echo "and perform a finer tune. Nevertheless, if the password of the DB is safe, there is no big threat" + echo "For doing that, I am using the line:" + echo "" + echo -e "echo \"host bocadb bocauser 0/0 md5\" >> $i" + echo "" + echo "==> IDEALLY FOR IMPROVED SECURITY, REPLACE THE 0/0 ABOVE (IN THAT FILE) WITH THE IP ADDRESS OF THE AUTOJUDGE MACHINE <==" + echo "==> IF YOU HAVE MULTIPLE AUTOJUDGE MACHINES, WRITE ONE LINE FOR EACH IP ADDRESS THERE IN THE FILE <==" + echo "############" + echo "host bocadb bocauser 0/0 md5" >> $i + else + echo "############" + echo "IT SEEMS YOU ALREADY HAVE MODIFIED THE FILE $i WITH BOCA'S INFORMATION" + echo "I WOULD USE THE LINE:" + echo "" + echo -e "echo \"host bocadb bocauser 0/0 md5\" >> $i" + echo "" + echo "to give access to the database to other computers, but" + echo ">>> I'M NOT DOING IT -- PLEASE CHECK IT <<<" + echo "############" + fi +done + +for i in `ls /etc/postgresql/*/main/postgresql.conf`; do +grep -q "^[^\#]*listen_addresses" $i +if [ $? != 0 ]; then + echo "listen_addresses = '*'" >> $i +fi +done +for i in `ls /etc/postgresql/*/main/postgresql.conf`; do +grep -q "^[^\#]*max_connections" $i +if [ $? != 0 ]; then + echo "max_connections = 100" >> $i +fi +done +for i in `ls /etc/postgresql/*/main/postgresql.conf`; do +grep -q "^[^\#]*maintenance_work_mem" $i +if [ $? != 0 ]; then + echo "maintenance_work_mem = 64MB" >> $i +fi +done +for i in `ls /etc/postgresql/*/main/postgresql.conf`; do +grep -q "^[^\#]*shared_buffers" $i +if [ $? != 0 ]; then + echo "shared_buffers = 128MB" >> $i +fi +done +for i in `ls /etc/postgresql/*/main/postgresql.conf`; do +grep -q "^[^\#]*work_mem" $i +if [ $? != 0 ]; then + echo "work_mem = 4MB" >> $i +fi +done + +echo "You need to define a password to be used in the database." +echo -n "It is possible generate a random one. Want a random password " +read -p "[Y/n]? " OK +if [ "$OK" = "n" ]; then + read -p "Enter DB password: " -s PASS +else + PASS=`makepasswd --char 8` + echo "The DB password is $PASS" +fi +echo "Keep the DB password safe!" +echo "The IP address that is computer is using is" +echo "(check using the command ifconfig, if desired. Use this address to configure other computers)" +ifconfig eth0 | grep -i "inet addr" + +PASSK=`makepasswd --chars 20` +awk -v boca="$BOCASERVER" -v pass="$PASS" -v passk="$PASSK" '{ if(index($0,"[\"dbpass\"]")>0) \ + print "$conf[\"dbpass\"]=\"" pass "\";"; \ + else if(index($0,"[\"dbhost\"]")>0) print "$conf[\"dbhost\"]=\"" boca "\";"; \ + else if(index($0,"[\"dbsuperpass\"]")>0) print "$conf[\"dbsuperpass\"]=\"" pass "\";"; \ + else if(index($0,"[\"key\"]")>0) print "$conf[\"key\"]=\"" passk "\";"; else print $0; }' \ + < $privatedir/conf.php > $privatedir/conf.php1 +mv -f $privatedir/conf.php1 $privatedir/conf.php +echo "Deny from all" > $privatedir/.htaccess +chown -R $apacheuser.root $privatedir +chmod -R u+rw,g+rw,o-rw $privatedir +iptables -F +echo "BOCASERVER=0/0" > /etc/icpc/bocaserver.sh + + +grep -iq "^[^\#]*ServerName" /etc/apache2/apache2.conf +if [ $? != 0 ]; then + echo "ServerName boca" >> /etc/apache2/apache2.conf +fi + +/etc/init.d/apache2 restart +mkdir -p /var/run/postgresql +chown $postgresuser.$postgresuser /var/run/postgresql +/etc/init.d/postgresql$POSTGRESV restart +update-rc.d apache2 defaults +update-rc.d postgresql$POSTGRESV defaults + +rm -f /tmp/.boca.tmp +su - $postgresuser -c "echo select contestnumber from contesttable | psql -d bocadb | grep contestnumber >/tmp/.boca.tmp 2>/tmp/.boca.tmp" +su - $postgresuser -c "echo drop user bocauser | psql -d template1 >/dev/null 2>/dev/null" +su - $postgresuser -c "echo create user bocauser createdb password \'$PASS\' | psql -d template1" +su - $postgresuser -c "echo alter user bocauser createdb password \'$PASS\' | psql -d template1" + +OK=y +grep -qi contestnumber /tmp/.boca.tmp +if [ $? == 0 ]; then + OK=x + while [ "$OK" != "y" -a "$OK" != "n" ]; do + echo "====== An old database seems to exist. I can keep it, but it might not work with the version" + echo -n "of BOCA being installed. May I erase all the content of the bocadb database [y/n]" + OK=x + read -p "?" OK + done +fi +if [ "$OK" == "y" ]; then +cd $bocadir/src +php private/createdb.php +cd - >/dev/null 2>/dev/null + echo "database renewed. Data on bocadb has been lost" +else + echo "*** database not erased. Check if BOCA is compatible. You can always erase the database and" + echo "*** fix the problem by running (as root) cd $bocadir/src; php private/createdb.php" + echo "*** still, all data regarding BOCA in the database will be lost" +fi +touch /etc/icpc/.isserver + +echo "configuration finished. Boca should be available at http://localhost/boca/" +echo "reboot might not be required, but is advised." diff --git a/tools/etc/icpc/bocaserver.sh b/tools/etc/icpc/bocaserver.sh new file mode 100755 index 0000000..8bb6c2c --- /dev/null +++ b/tools/etc/icpc/bocaserver.sh @@ -0,0 +1 @@ +BOCASERVER=127.0.0.1 diff --git a/tools/etc/icpc/cleandisk.sh b/tools/etc/icpc/cleandisk.sh new file mode 100755 index 0000000..0d177de --- /dev/null +++ b/tools/etc/icpc/cleandisk.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +mkdir -p /home/icpc +/usr/bin/touch /home/icpc/.cleandisk.sh diff --git a/tools/etc/icpc/createbocajail.sh b/tools/etc/icpc/createbocajail.sh new file mode 100755 index 0000000..bd8bd5d --- /dev/null +++ b/tools/etc/icpc/createbocajail.sh @@ -0,0 +1,122 @@ +#!/bin/bash +homejail=/home/bocajail +[ "$1" != "" ] && homejail=$1 +echo "=================================================================================" +echo "============= CREATING $homejail (this might take some time) ===============" +echo "=================================================================================" +for i in setquota ln id chown chmod dirname useradd mkdir cp rm mv apt-get dpkg uname debootstrap schroot; do + p=`which $i` + if [ -x "$p" ]; then + echo -n "" + else + echo command "$i" not found + exit 1 + fi +done +if [ "`id -u`" != "0" ]; then + echo "Must be run as root" + exit 1 +fi +if [ ! -r /etc/lsb-release ]; then + echo "File /etc/lsb-release not found. Is this a ubuntu or debian-like distro?" + echo "If so, execute the command" + echo "" + echo "DISTRIB_CODENAME=WXYZ > /etc/lsb-release" + echo "" + echo "to save the release name to that file (replace WXYZ with your distro codename)" + exit 1 +fi +. /etc/lsb-release +if [ -d /bocajail/ ]; then + echo "You seem to have already a /bocajail installed" + echo "If you want to reinstall, remove it first (e.g. rm /bocajail) and then run /etc/icpc/createbocajail.sh" + exit 1 +fi + +if [ -f $homejail/proc/cpuinfo ]; then + echo "You seem to have already installed /bocajail and the /bocajail/proc seems to be mounted" + chroot $homejail umount /sys >/dev/nul 2>/dev/null + chroot $homejail umount /proc >/dev/nul 2>/dev/null + echo "Please reboot the system to remove such mounted point" + exit 1 +fi + +id -u bocajail >/dev/null 2>/dev/null +if [ $? != 0 ]; then + useradd -m -s /bin/bash -d $homejail -g users bocajail + if [ -d /etc/gdm ]; then + echo -e "[greeter]\nExclude=bocajail,nobody\n" >> /etc/gdm/custom.conf + fi + sleep 1 +else + echo "user bocajail already exists" + echo "if you want to proceed, first remove it (e.g. userdel bocajail) and then run /etc/icpc/createbocajail.sh" + exit 1 +fi +setquota -u bocajail 0 500000 0 10000 -a + +rm -rf /bocajail +mkdir -p $homejail/tmp +chmod 1777 $homejail/tmp +ln -s $homejail /bocajail +[ -x /usr/bin/safeexec ] && cp -a /usr/bin/safeexec /bocajail/usr/bin/ +#for i in usr lib var bin sbin etc dev; do +# [ -d $homejail/$i ] && rm -rf $homejail/$i +# cp -ar /$i $homejail +#done +#rm -rf $homejail/var/lib/postgres* +#rm -rf $homejail/var/www/* +#mkdir -p $homejail/proc +#mkdir -p $homejail/sys +uname -m | grep -q 64 +if [ $? == 0 ]; then + archt=amd64 +else + archt=i386 +fi + +cat <<FIM > /etc/schroot/chroot.d/bocajail.conf +[bocajail] +description=Jail +location=$homejail +directory=$homejail +root-users=root +type=directory +users=bocajail,nobody,root +FIM + +#debootstrap --arch $archt $DISTRIB_CODENAME $homejail +debootstrap $DISTRIB_CODENAME $homejail +if [ $? != 0 ]; then + echo "bocajail failed to debootstrap" + exit 1 +else +schroot -l | grep -q bocajail +if [ $? == 0 ]; then + echo "bocajail successfully installed at $homejail" +else + echo "*** some error has caused bocajail not to install properly -- I will try it again with different parameters" + grep -v "^location" /etc/schroot/chroot.d/bocajail.conf > /tmp/.boca.tmp + mv /tmp/.boca.tmp /etc/schroot/chroot.d/bocajail.conf + debootstrap $DISTRIB_CODENAME $homejail + schroot -l | grep -q bocajail + if [ $? == 0 ]; then + echo "*** bocajail successfully installed at $homejail" + else + echo "*** bocajail failed to install" + exit 1 + fi +fi +fi + +echo "*** Populating $homejail" +cat <<EOF > /home/bocajail/tmp/populate.sh +#!/bin/bash +mount -t proc proc /proc +apt-get -y update +apt-get -y install g++ gcc libstdc++6 sharutils default-jdk default-jre +umount /proc +EOF +cp -f /etc/apt/sources.list $homejail/etc/apt/ +chmod 755 /home/bocajail/tmp/populate.sh +cd / ; chroot $homejail /tmp/populate.sh diff --git a/tools/etc/icpc/doclean.sh b/tools/etc/icpc/doclean.sh new file mode 100755 index 0000000..40b49c1 --- /dev/null +++ b/tools/etc/icpc/doclean.sh @@ -0,0 +1,29 @@ +#!/bin/bash +cd /home +if [ -f /home/icpc/.cleandisk.sh ]; then +rm -rf /home/icpc +find /home -user icpc -delete +if [ -x /usr/bin/makepasswd ]; then + pass=`echo -n icpc | /usr/bin/makepasswd --clearfrom - --crypt-md5 | cut -d'$' -f2-` + pass=\$`echo $pass` + id -u icpc >/dev/null 2>/dev/null + if [ $? != 0 ]; then + useradd -d /home/icpc -k /etc/skel -m -p "$pass" -s /bin/bash -g users icpc + else + usermod -d /home/icpc -p "$pass" -s /bin/bash -g users icpc + fi +fi +for i in media mnt var opt tmp usr; do + find /$i -user icpc -delete +done +if [ ! -d /home/icpc ]; then + rm -rf /home/icpc + rm -rf /home/skel + cp -ar /etc/skel/ /home + mv /home/skel /home/icpc +fi +chown -R icpc.users /home/icpc +chmod -R u+rwx /home/icpc +fi +cd - >/dev/null +exit 0 diff --git a/tools/etc/icpc/installboca.sh b/tools/etc/icpc/installboca.sh new file mode 100755 index 0000000..55d8d18 --- /dev/null +++ b/tools/etc/icpc/installboca.sh @@ -0,0 +1,190 @@ +#!/bin/bash +if [ "`id -u`" != "0" ]; then + echo "Script must run as root" +fi + +di=`date +%s` +echo "===================================================" +echo "=================== obtaining BOCA ===============" +echo "===================================================" + +wget -O /tmp/.boca.tmp "http://www.ime.usp.br/~cassio/boca/boca.date.txt" +echo ">>>>>>>>>>" +echo ">>>>>>>>>> Downloading boca release `cat /tmp/.boca.tmp`" +echo ">>>>>>>>>>" + +if [ "$1" == "" ]; then +wget -O /tmp/.boca.tmp "http://www.ime.usp.br/~cassio/boca/bocaver.txt" +bocaver=`cat /tmp/.boca.tmp` +else +bocaver=$1 +fi + +if [ "$2" == "" ]; then +basedir=/var/www +else +if [ -d "$2" ]; then +basedir=$2 +else +echo "Directory $2 does not exist" +exit 1 +fi +fi + +OK=y +read -p "I will install boca at $basedir is it correct (otherwise, run this script as: $0 $bocaver <installdir> to choose the place) [Y/n]? " OK +if [ "$OK" == "y" -o "$OK" == "Y" ]; then +echo "Install directory is $basedir" +else +echo "Aborted" +exit 1 +fi + +echo "Looking for BOCA version $bocaver from http://www.ime.usp.br/~cassio/boca/" +cd $basedir +rm -f boca-$bocaver.tgz +wget -O boca-$bocaver.tgz "http://www.ime.usp.br/~cassio/boca/download.php?filename=boca-$bocaver.tgz" +if [ "$?" != "0" -o ! -f boca-$bocaver.tgz ]; then + echo "ERROR downloading BOCA package version $bocaver. Aborting *****************" + exit 1 +fi +grep -qi "bad parameters" boca-$bocaver.tgz +if [ "$?" == "0" ]; then + echo "ERROR downloading BOCA package version $bocaver. Aborting *****************" + exit 1 +fi +echo "===========================================================" +echo "====================== BACKUPING OLD BOCA ===============" +echo "===========================================================" +if [ -d boca-$bocaver ]; then + mv boca-$bocaver boca-$bocaver.$di + echo "OLD BOCA FOLDER for version $bocaver saved as boca-$bocaver.$di" +fi + +echo "bocadir=$basedir/boca" > /etc/boca.conf +chmod 644 /etc/boca.conf + +echo "=====================================================" +echo "=================== EXTRACTING BOCA ===============" +echo "=====================================================" + +OK=x +conffile=boca/src/private/conf.php +if [ ! -f $conffile ]; then +conffile=boca-$bocaver.$di/src/private/conf.php +fi +if [ -f $conffile ]; then + echo "OLD CONFIG FILE EXISTS" + OK=x + while [ "$OK" != "y" -a "$OK" != "n" ]; do + OK=x + read -p "Do you want to keep the old private/conf.php file [y/n] (note that the old file might be incompatible with this version)? " OK + done + if [ "$OK" == "n" ]; then + echo "You probably need to update the new file boca-$bocaver/src/private/conf.php with the correct passwords - PLEASE CHECK IT - NOT DONE AUTOMATICALLY" + fi +else + echo "OLD Config file not found -- you must set up the new private/conf.php file properly" +fi + +apacheuser= +[ -r /etc/icpc/apacheuser ] && apacheuser=`cat /etc/icpc/apacheuser | sed 's/ \t\n//g'` +[ "$apacheuser" == "" ] && apacheuser=www-data +id -u $apacheuser >/dev/null 2>/dev/null +if [ $? != 0 ]; then + echo "User $apacheuser not found -- error to set permissions with chown/chmod" + apacheuser=root +fi + +tar xzf boca-$bocaver.tgz +chown -R root.$apacheuser boca-$bocaver/ +chmod -R g+rx,u+rwx boca-$bocaver/ + +chmod 600 boca-$bocaver/src/private/*.php +[ -f boca-$bocaver.$di/src/private/remotescores/otherservers ] && cp -f boca-$bocaver.$di/src/private/remotescores/otherservers boca-$bocaver/src/private/remotescores/otherservers +if [ "$OK" == "y" ]; then + cp -f $conffile boca-$bocaver/src/private/conf.php +fi +chmod 700 boca-$bocaver/tools/*.sh + +cat > boca-$bocaver/src/.htaccess <<EOF +php_flag output_buffering on +php_value memory_limit 256M +php_value post_max_size 128M +php_flag magic_quotes_gpc off +php_value upload_max_filesize 128M +EOF +chmod 755 boca-$bocaver/src/.htaccess +cat > boca-$bocaver/tools/.htaccess <<EOF +Deny from all +EOF +chmod 755 boca-$bocaver/tools/.htaccess +cp boca-$bocaver/tools/.htaccess boca-$bocaver/doc/.htaccess +cp boca-$bocaver/tools/.htaccess boca-$bocaver/old/.htaccess +cp boca-$bocaver/tools/.htaccess boca-$bocaver/src/private/.htaccess +cp boca-$bocaver/tools/.htaccess boca-$bocaver/src/webcast/.htaccess + +chmod -R 770 boca-$bocaver/src/private +chmod -R 775 boca-$bocaver/src/balloons + +echo "==========================================================================================" +echo "=========== SETTING UP SOME LINKS (main apache server index.html updated) ===============" +echo "==========================================================================================" + +rm -f $basedir/boca /usr/bin/makebkp.sh +ln -s $basedir/boca-$bocaver $basedir/boca +ln -s $basedir/boca/tools/makebkp.sh /usr/bin/makebkp.sh +chmod 755 $basedir/boca/tools/makebkp.sh +chmod 755 $basedir/boca/tools/singlefilebkp.sh + +echo "==============================================================" +echo "================== COMPILING safeexec utility ===============" +echo "==============================================================" + +cd $basedir/boca/tools +gcc -static -O2 -Wall safeexec.c -o safeexec +if [ $? == 0 ]; then + echo "COMPILATION OK" +fi +strip safeexec +cp -f safeexec /usr/bin +chmod 4555 /usr/bin/safeexec +[ -d /bocajail/usr/bin ] && cp -a /usr/bin/safeexec /bocajail/usr/bin/ + +if [ -f /etc/icpc/installboca.sh ]; then + cp $basedir/boca/tools/etc/icpc/installboca.sh /etc/icpc/installboca.sh + chmod 700 /etc/icpc/installboca.sh +fi + +echo "==================================================" +echo "=================== SERVER SETUP ===============" +echo "==================================================" + +OK=n +echo "You can run at anytime later the script /etc/icpc/becomeserver.sh to prepare the computer to be the BOCA server" +read -p "Do you want me to call the script to make this computer the server (don't do it if this install is for a team or autojudge) [y/N]? " OK +if [ "$OK" == "y" -o "$OK" == "Y" ]; then + OK=n + read -p "Do you really want to make this computer the server (you don't need to do it if you are only upgrading BOCA)? [y/N]? " OK + if [ "$OK" == "y" -o "$OK" == "Y" ]; then + /etc/icpc/becomeserver.sh + fi +fi + +cat > /etc/apache2/conf.d/boca <<EOF +<Directory $basedir/boca/src> + AllowOverride Options AuthConfig Limit + Order Allow,Deny + Allow from all + AddDefaultCharset utf-8 +</Directory> +<Directory $basedir/boca/src/private> + AllowOverride Options AuthConfig Limit + Deny from all +</Directory> +<Directory $basedir/boca> + AllowOverride Options AuthConfig Limit + Deny from all +</Directory> +Alias /boca $basedir/boca/src +EOF diff --git a/tools/etc/icpc/restart.sh b/tools/etc/icpc/restart.sh new file mode 100755 index 0000000..8c6c98c --- /dev/null +++ b/tools/etc/icpc/restart.sh @@ -0,0 +1,31 @@ +#!/bin/bash +uid=`id -u` +if [ "$uid" != "0" ]; then + echo "Must be root to run this script. Use sudo /bin/bash first" + exit 1 +fi + +apt-get clean +if [ -f /etc/icpc/postgresql.version ]; then + . /etc/icpc/postgresql.version +else +POSTGRESV="" +if [ ! -f /etc/init.d/postgresql ]; then + POSTGRESV="-8.4" +fi +fi + +pass=\$`echo -n icpc | makepasswd --clearfrom - --crypt-md5 | cut -d'$' -f2-` +usermod -p "$pass" icpc + +rm -f /etc/icpc/.isserver +rm -f /etc/icpc/.firsttimedone +rm -f /etc/icpc/bocaserver.sh +/etc/icpc/cleandisk.sh +/etc/init.d/apache2 stop +/etc/init.d/postgresql$POSTGRESV stop +rm -f /var/log/apache2/* +rm -f /var/log/postgresql/* +update-rc.d -f apache2 remove +update-rc.d -f postgresql$POSTGRESV remove + diff --git a/tools/etc/icpc/setup.sh b/tools/etc/icpc/setup.sh new file mode 100755 index 0000000..a854581 --- /dev/null +++ b/tools/etc/icpc/setup.sh @@ -0,0 +1,91 @@ +#!/bin/bash + +if [ ! -x /etc/icpc/bocaserver.sh ]; then + OK=1 + while [ "$OK" != "0" ]; do + IP=`zenity --title="Setting up the BOCA server IP number" --text="Enter the IP address of the server (format x.y.w.z)\n\ +If this is supposed to be the server, then leave it empty" --width=500 --height=100 --entry` + [ "$IP" == "" ] && IP=LOCAL + zenity --title="IP confirmation" --text="The chosen IP is $IP\nDo you confirm?" --question + OK=$? + done + if [ "$IP" = "local" -o "$IP" = "LOCAL" ]; then + IP=127.0.0.1 + BOCASERVER=0/0 + fi + echo "BOCASERVER=$IP" > /etc/icpc/bocaserver.sh + echo "$IP boca boca" >> /etc/hosts + chmod 755 /etc/icpc/bocaserver.sh +fi +. /etc/icpc/bocaserver.sh + +if [ ! -f /etc/icpc/.firsttimedone ]; then + + zenity --title="PAY ATTENTION TO THE FOLLOWING:" \ + --text="It is HIGHLY recommended that you set up a super-user password NOW. Set up the super-user password now?" --question + OK=$? + if [ "$OK" == "0" ]; then + id -u icpcadmin 2>\dev\null >\dev\null + if [ "$?" == "0" ]; then + OK=1 + while [ $OK != 0 ]; do + pass=`zenity --title="Setting up a icpcadmin password" --text="Take care \ + to keep it safe. icpcadmin is the user that \n\ + can become root using the command sudo, e.g. \n\ + sudo /bin/bash \n\ + TEAMS WILL USE THE ACCOUNT icpc, WITH PASSWORD\n\ + icpc. THEY MUST NOT KNOW THE PASSWORD YOU\n\ + ARE SETTING UP HERE, WHICH IS A PRIVILEGIED USER.\n\ + If you need to change the password later, you \n\ + must know the current password and use the \n\ + command-line passwd to change it. Do not forget it" --entry --hide-text` + pass2=`zenity --title="Setting up a icpcadmin password" --text="Re-type it" --entry --hide-text` + if [ "$pass" == "$pass2" -a "$pass" != "" ]; then + OK=0 + else + zenity --info --title="Error" --text="Passwords do not match" + fi + done + pass=\$`/bin/echo -n "$pass2" | /usr/bin/makepasswd --clearfrom - --crypt-md5 | /usr/bin/cut -d'$' -f2-` + pass2="" + /usr/sbin/usermod -p "$pass" icpcadmin + pass=`echo -n icpc | makepasswd --clearfrom - --crypt-md5 | cut -d'$' -f2-` + pass=\$`echo $pass` + /usr/sbin/usermod -p "$pass" icpc + zenity --info --title="Updated" --text="Password of icpcadmin should be updated\nIf not, login in and change it to something safe" + else + zenity --info --title="Update error" --text="User icpcadmin not found -- update your password by yourself." + fi + fi + + if [ "$BOCASERVER" != "0/0" ]; then + OK=1 + while [ $OK != 0 ]; do + pass=`zenity --title="Setting up password of BOCA database" --text="Enter the password of the BOCA database IF AND ONLY IF \n\ +this is NOT a team machine. The password must be entered \n\ +in case this machine will be used for autojudging. \n\ +If you do not enter a password now, it is possible to do \n\ +it later using the command-line /etc/icpc/updatedbpass.sh \n\ +IF THIS IS GOING TO BE USED BY A TEAM, THEN JUST \n\ +PRESS ENTER WITHOUT TYPING ANY PASSWORD\n\ +If this is a server, you may also leave this field empty" --entry --hide-text` + if [ "$pass" == "" ]; then + break + fi + pass2=`zenity --title="Setting up password of BOCA database" --text="Re-type it" --entry --hide-text` + if [ "$pass" == "$pass2" -a "$pass" != "" ]; then + OK=0 + /etc/icpc/updatedbpass.sh "$pass" + else + zenity --info --title="Error" --text="Passwords do not match" + fi + done + fi + touch /etc/icpc/.firsttimedone + zenity --info --title="Setup completed" --text="The setup is completed. If you want to do it again, you might \n\ +run the command-line /etc/icpc/restart.sh\nbut some files in this computer (e.g. from the icpc user) might be lost." +fi + +if [ -x /etc/network/if-pre-up.d/boca ]; then + . /etc/network/if-pre-up.d/boca +fi diff --git a/tools/etc/icpc/update.sh b/tools/etc/icpc/update.sh new file mode 100644 index 0000000..f6b4bb6 --- /dev/null +++ b/tools/etc/icpc/update.sh @@ -0,0 +1,14 @@ +#!/bin/bash +if [ "`id -u`" != "0" ]; then + echo "Script must run as root" +fi +wget -O /tmp/update.sh "http://www.ime.usp.br/~cassio/boca/update.sh" +if [ $? != 0 ]; then + echo "ERROR DOWNLOADING UPDATE" + exit 1 +fi +echo ">>>>>>>>>>" +echo ">>>>>>>>>> Running update script" +echo ">>>>>>>>>>" +/tmp/update.sh +exit $? diff --git a/tools/etc/icpc/update.sh.tmp b/tools/etc/icpc/update.sh.tmp new file mode 100644 index 0000000..63a3858 --- /dev/null +++ b/tools/etc/icpc/update.sh.tmp @@ -0,0 +1,40 @@ +#!/bin/bash +if [ "`id -u`" != "0" ]; then + echo "Script must run as root" +fi + +echo "===================================================" +echo "=================== checking for updates ==========" +echo "===================================================" + +wget -O /tmp/.boca.tmp "http://www.ime.usp.br/~cassio/boca/update.date.txt" +if [ $? != 0 ]; then + echo "ERROR DOWNLOADING UPDATE" + exit 1 +fi +di=`cat /tmp/.boca.tmp` +lastu=0 +if [ -r /etc/icpc/.lastupdate ]; then + lastu=`cat /etc/icpc/.lastupdate` +fi +if [ "$di" == "$lastu" ]; then + echo "NO UPDATES AVAILABLE" + exit 0 +fi + +echo ">>>>>>>>>>" +echo ">>>>>>>>>> Downloading update release `cat /tmp/.boca.tmp`" +echo ">>>>>>>>>>" + +wget -O /tmp/.boca.tmp "http://www.ime.usp.br/~cassio/boca/update.sh" +if [ $? != 0 ]; then + echo "ERROR DOWNLOADING UPDATE" + exit 1 +fi + +echo ">>>>>>>>>>" +echo ">>>>>>>>>> Running update script" +echo ">>>>>>>>>>" +chmod 755 /tmp/.boca.tmp +/tmp/.boca.tmp +exit $? diff --git a/tools/etc/icpc/updatedbpass.sh b/tools/etc/icpc/updatedbpass.sh new file mode 100755 index 0000000..b100af5 --- /dev/null +++ b/tools/etc/icpc/updatedbpass.sh @@ -0,0 +1,84 @@ +#!/bin/bash +# //////////////////////////////////////////////////////////////////////////////// +# //BOCA Online Contest Administrator +# // Copyright (C) 2003-2012 by BOCA Development Team (bocasystem@gmail.com) +# // +# // This program is free software: you can redistribute it and/or modify +# // it under the terms of the GNU General Public License as published by +# // the Free Software Foundation, either version 3 of the License, or +# // (at your option) any later version. +# // +# // This program is distributed in the hope that it will be useful, +# // but WITHOUT ANY WARRANTY; without even the implied warranty of +# // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# // GNU General Public License for more details. +# // You should have received a copy of the GNU General Public License +# // along with this program. If not, see <http://www.gnu.org/licenses/>. +# //////////////////////////////////////////////////////////////////////////////// +# // Last modified 05/aug/2012 by cassio@ime.usp.br +privatedir=/var/www/boca/src/private + +if [ ! -d $privatedir ]; then + echo "Could not find directory $privatedir" + exit 1 +fi +for i in id chown chmod awk grep cat sed mv; do + p=`which $i` + if [ -x "$p" ]; then + echo -n "" + else + echo command "$i" not found + exit 1 + fi +done +if [ "`id -u`" != "0" ]; then + echo "Script must run as root" +fi + +apacheuser= +[ -r /etc/icpc/apacheuser ] && apacheuser=`cat /etc/icpc/apacheuser | sed 's/ \t\n//g'` +[ "$apacheuser" == "" ] && apacheuser=www-data +id -u $apacheuser >/dev/null 2>/dev/null +[ $? != 0 ] && echo "User $apacheuser not found -- error to set permissions with chown/chmod" + +BOCASERVER=localhost +[ -x /etc/icpc/bocaserver.sh ] && . /etc/icpc/bocaserver.sh +if [ "$BOCASERVER" = "0/0" -o "$BOCASERVER" = "" ]; then + BOCASERVER=localhost +fi +echo "BOCA server is configured to be $BOCASERVER" +if [ "$1" == "" ]; then + read -p "DB password: " -s PASS +else + zenity --info --title="Server info" --text="BOCA server is configured to be $BOCASERVER" + PASS=$1 +fi +PASSK=`makepasswd --chars 20` +awk -v boca="$BOCASERVER" -v pass="$PASS" -v passk="$PASSK" '{ if(index($0,"[\"dbpass\"]")>0) \ + print "$conf[\"dbpass\"]=\"" pass "\";"; \ + else if(index($0,"[\"dbhost\"]")>0) print "$conf[\"dbhost\"]=\"" boca "\";"; \ + else if(index($0,"[\"dbsuperpass\"]")>0) print "$conf[\"dbsuperpass\"]=\"" pass "\";"; \ + else if(index($0,"[\"key\"]")>0) print "$conf[\"key\"]=\"" passk "\";"; else print $0; }' \ + < $privatedir/conf.php > $privatedir/conf.php1 +mv -f $privatedir/conf.php1 $privatedir/conf.php +echo "Deny from all" > $privatedir/.htaccess +chown -R $apacheuser.root $privatedir +chmod -R u+rw,g+rw,o-rw $privatedir +echo "passwords updated in $privatedir/conf.php" + +postgresuser=postgres +id -u $postgresuser >/dev/null 2>/dev/null +if [ $? == 0 -a "$BOCASERVER" == "localhost" ]; then + echo "trying to update password for user bocauser in the database"; + rm -f /tmp/.boca.tmp + su - $postgresuser -c "echo select contestnumber from contesttable | psql -d bocadb | grep contestnumber >/tmp/.boca.tmp 2>/tmp/.boca.tmp" + su - $postgresuser -c "echo drop user bocauser | psql -d template1 >/dev/null 2>/dev/null" + su - $postgresuser -c "echo create user bocauser createdb password \'$PASS\' | psql -d template1 2>/dev/null" + su - $postgresuser -c "echo alter user bocauser createdb password \'$PASS\' | psql -d template1" + rm -f /tmp/.boca.tmp +fi + + +if [ "$1" != "" ]; then + zenity --info --title="Updated" --text="Password updated in $privatedir/conf.php file" +fi |