1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-21 04:50:55 +01:00
phorge-phorge/scripts/install/install_rhel-derivs.sh
epriestley 2d7abfd9fa Use HTTPS, not HTTP, in install scripts
Summary:
Via HackerOne. A researcher correctly reports that our install scripts use `HTTP`, not `HTTPS`, to fetch resources and execute them as `root`, which is a potentially significant vulnerability.

Instead, use `HTTPS`.

Test Plan: Verified that these URIs function correctly over `HTTPS`.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16958
2016-11-29 12:11:04 -08:00

145 lines
4 KiB
Bash
Executable file

#!/bin/bash
confirm() {
echo "Press RETURN to continue, or ^C to cancel.";
read -e ignored
}
RHEL_VER_FILE="/etc/redhat-release"
if [[ ! -f $RHEL_VER_FILE ]]
then
echo "It looks like you're not running a Red Hat-derived distribution."
echo "This script is intended to install Phabricator on RHEL-derived"
echo "distributions such as RHEL, Fedora, CentOS, and Scientific Linux."
echo "Proceed with caution."
confirm
fi
echo "PHABRICATOR RED HAT DERIVATIVE INSTALLATION SCRIPT";
echo "This script will install Phabricator and all of its core dependencies.";
echo "Run it from the directory you want to install into.";
echo
RHEL_REGEX="release ([0-9]+)\."
if [[ $(cat $RHEL_VER_FILE) =~ $RHEL_REGEX ]]
then
RHEL_MAJOR_VER=${BASH_REMATCH[1]}
else
echo "Ut oh, we were unable to determine your distribution's major"
echo "version number. Please make sure you're running 6.0+ before"
echo "proceeding."
confirm
fi
if [[ $RHEL_MAJOR_VER < 6 && $RHEL_MAJOR_VER > 0 ]]
then
echo "** WARNING **"
echo "A major version less than 6 was detected. Because of this,"
echo "several needed dependencies are not available via default repos."
echo "Specifically, RHEL 5 does not have a PEAR package for php53-*."
echo "We will attempt to install it manually, for APC. Please be careful."
confirm
fi
echo "Phabricator will be installed to: $(pwd).";
confirm
echo "Testing sudo/root..."
if [[ $EUID -ne 0 ]] # Check if we're root. If we are, continue.
then
sudo true
SUDO="sudo"
if [[ $? -ne 0 ]]
then
echo "ERROR: You must be able to sudo to run this script, or run it as root.";
exit 1
fi
fi
if [[ $RHEL_MAJOR_VER == 5 ]]
then
# RHEL 5's "php" package is actually 5.1. The "php53" package won't let us install php-pecl-apc.
# (it tries to pull in php 5.1 stuff) ...
yum repolist | grep -i epel
if [ $? -ne 0 ]; then
echo "It doesn't look like you have the EPEL repo enabled. We are to add it"
echo "for you, so that we can install git."
$SUDO rpm -Uvh https://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
fi
YUMCOMMAND="$SUDO yum install httpd git php53 php53-cli php53-mysql php53-process php53-devel php53-gd gcc wget make pcre-devel mysql-server"
else
# RHEL 6+ defaults with php 5.3
YUMCOMMAND="$SUDO yum install httpd git php php-cli php-mysql php-process php-devel php-gd php-pecl-apc php-pecl-json php-mbstring mysql-server"
fi
echo "Dropping to yum to install dependencies..."
echo "Running: ${YUMCOMMAND}"
echo "Yum will prompt you with [Y/n] to continue installing."
$YUMCOMMAND
if [[ $? -ne 0 ]]
then
echo "The yum command failed. Please fix the errors and re-run this script."
exit 1
fi
if [[ $RHEL_MAJOR_VER == 5 ]]
then
# Now that we've ensured all the devel packages required for pecl/apc are there, let's
# set up PEAR, and install apc.
echo "Attempting to install PEAR"
wget https://pear.php.net/go-pear.phar
$SUDO php go-pear.phar && $SUDO pecl install apc
fi
if [[ $? -ne 0 ]]
then
echo "The apc install failed. Continuing without APC, performance may be impacted."
fi
pidof httpd 2>&1 > /dev/null
if [[ $? -eq 0 ]]
then
echo "If php was installed above, please run: /etc/init.d/httpd graceful"
else
echo "Please remember to start the httpd with: /etc/init.d/httpd start"
fi
pidof mysqld 2>&1 > /dev/null
if [[ $? -ne 0 ]]
then
echo "Please remember to start the mysql server: /etc/init.d/mysqld start"
fi
confirm
if [[ ! -e libphutil ]]
then
git clone https://github.com/phacility/libphutil.git
else
(cd libphutil && git pull --rebase)
fi
if [[ ! -e arcanist ]]
then
git clone https://github.com/phacility/arcanist.git
else
(cd arcanist && git pull --rebase)
fi
if [[ ! -e phabricator ]]
then
git clone https://github.com/phacility/phabricator.git
else
(cd phabricator && git pull --rebase)
fi
echo
echo
echo "Install probably worked mostly correctly. Continue with the 'Configuration Guide':";
echo
echo " https://secure.phabricator.com/book/phabricator/article/configuration_guide/";