#!/bin/bash
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.
#

#
# Plesk script
#



#default values

product_default_conf()
{

PRODUCT_ROOT_D=/usr/local/psa
PRODUCT_RC_D=/etc/rc.d/init.d
PRODUCT_ETC_D=/usr/local/psa/etc
PLESK_LIBEXEC_DIR=/usr/lib64/plesk-9.0
HTTPD_VHOSTS_D=/var/www/vhosts
HTTPD_CONF_D=/etc/httpd/conf
HTTPD_INCLUDE_D=/etc/httpd/conf.d
HTTPD_BIN=/usr/sbin/httpd
HTTPD_LOG_D=/var/log/httpd
HTTPD_SERVICE=httpd
QMAIL_ROOT_D=/var/qmail
PLESK_MAILNAMES_D=/var/qmail/mailnames
RBLSMTPD=/usr/sbin/rblsmtpd
NAMED_RUN_ROOT_D=/var/named/chroot
WEB_STAT=/usr/bin/webalizer
MYSQL_VAR_D=/var/lib/mysql
MYSQL_BIN_D=/usr/bin
MYSQL_SOCKET=/var/lib/mysql/mysql.sock
PGSQL_DATA_D=/var/lib/pgsql/data
PGSQL_CONF_D=/var/lib/pgsql/data
PGSQL_BIN_D=/usr/bin
DUMP_D=/var/lib/psa/dumps
DUMP_TMP_D=/tmp
MAILMAN_ROOT_D=/usr/lib/mailman
MAILMAN_VAR_D=/var/lib/mailman
PYTHON_BIN=/usr/bin/python2
GPG_BIN=/usr/bin/gpg
TAR_BIN=/usr/lib64/plesk-9.0/sw-tar
AWSTATS_ETC_D=/etc/awstats
AWSTATS_BIN_D=/usr/share/awstats/wwwroot/cgi-bin
AWSTATS_TOOLS_D=/usr/share/awstats/tools
AWSTATS_DOC_D=/usr/share/awstats/wwwroot
OPENSSL_BIN=/usr/bin/openssl
LIB_SSL_PATH=/lib/libssl.so
LIB_CRYPTO_PATH=/lib/libcrypto.so
CLIENT_PHP_BIN=/usr/local/psa/bin/php-cli
SNI_SUPPORT=true
APS_DB_DRIVER_LIBRARY=/usr/lib64/sw/libmysqlserver.so.2.0
SA_MAX_MAIL_SIZE=256000

}

deferred_relabel_plesk_directories()
{
	touch "/var/lock/plesk_deferred_relabel_plesk_directories"
}

is_function()
{
	local type_output=$(type -t "$1")
	test "X${type_output}" = "Xfunction"
}

### Copyright 1999-2025. WebPros International GmbH. All rights reserved.

# echo message to product log and console (always visible)
pp_echo()
{
    if [ -n "$product_log" ] ; then
        echo "$@" >> "$product_log" 2>&1
    fi
    echo "$@" >&2
}

# echo message to product log, also to console in debug mode
p_echo()
{
    if [ -n "$product_log" ] ; then
        echo "$@" >> "$product_log" 2>&1
    fi
    if [ -n "$PLESK_INSTALLER_DEBUG" -o -n "$PLESK_INSTALLER_VERBOSE" -o -z "$product_log" ] ; then
        echo "$@" >&2
    fi
}

# same as p_echo, but without new line
pnnl_echo()
{
	p_echo -n "$@"
}

int_err()
{
	report_problem "internal" "Internal error: $@"
	exit 1
}

p_see_product_log()
{
	log_is_in_dev "${product_log}" || printf " (see log file: ${product_log})" >&2
}

die()
{
	report_problem "fatal" "ERROR while trying to $@"
	printf "Check the error reason" >&2
	p_see_product_log
	echo ", fix and try again" >&2

	selinux_close

	exit 1
}

warn()
{
	local inten="$1"

	if [ -n "$PLESK_INSTALLER_DEBUG" -o -n "$PLESK_INSTALLER_VERBOSE" ]; then
		p_echo
		p_echo "WARNING!"
		pnnl_echo "Some problems are found during $inten"
		p_see_product_log
		p_echo
		p_echo "Continue..."
		p_echo
	fi

	report_problem "warning" "Warning: $inten"
}

echo_try()
{
	msg="$*"
	pnnl_echo " Trying to $msg... "
}

suc()
{
	p_echo "done"
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.
reexec_with_clean_env()
{
	# Usage: call this function as 'reexec_with_clean_env "$@"' at the start of a script.
	#        Don't use with scripts that require sensitive environment variables.
	#        Don't put the call under any input/output redirection.
	# Purpose: make sure the script is executed with a sane environment.

	local lc="`get_default_locale`"
	export LANG="$lc" LC_MESSAGES="$lc" LC_ALL="$lc"
	export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
	umask 022

	PLESK_SCRIPT_COMMAND_LINE="$0 $*"
	[ -z "$PLESK_INSTALLER_ENV_CLEANED" ] || { unset PLESK_INSTALLER_ENV_CLEANED; return 0; }
	[ -n "$BASH" ] || exec /bin/bash "$0" "$@"

	# N.B.: the following code requires Bash. On Dash it would cause syntax error upon parse w/o eval.
	eval '
	local extra_vars=()                     # list of variables to preserve
	for var in "${!PLESK_@}"; do            # enumerate all PLESK_* variables
		extra_vars+=("$var=${!var}")
	done
	extra_vars+=("PLESK_INSTALLER_ENV_CLEANED=1")

	# Exec self with clean env except for extra_vars, shell opts, and arguments.
	exec /usr/bin/env -i "${extra_vars[@]}" /bin/bash ${-:+-$-} "$0" "$@" || {
		echo "Failed to reexec self ($0) with clean environment" >&2
		exit 91		# Just some relatively unique error code
	}
	'
}

get_default_locale()
{
	# Note that CentOS 7 typically doesn't have C.UTF-8
	for lc in "C.UTF-8" "en_US.UTF-8" "C"; do
		if [ -z "`LC_ALL=$lc locale 2>&1 >/dev/null`" ]; then
			echo "$lc"
			return 0
		fi
	done
	echo "C"
}

# accumulates chown and chmod
set_ac()
{
	local u_owner g_owner perms node
	u_owner="$1"
	g_owner="$2"
	perms="$3"
	node="$4"

	# A very small optimization - replacing of two execs by one,
	#    it works only if the following conditions are observed:
	#       - u_owner is username (not UID);
	#       - g_owner is group (not GID);
	#       - perms is in octal mode.
	# If some conditions aren't observed,
	#    optimization doesn't work,
	#    but it doesn't break function
	[ "$(stat -c '%U:%G 0%a' $node)" != "$u_owner:$g_owner $perms" ] || return 0
	chown $u_owner:$g_owner $node || die "chown $u_owner:$g_owner $node"
	chmod $perms $node || die "chmod $perms $node"
}

detect_vz()
{
	[ -z "$PLESK_VZ_RESULT" ] || return $PLESK_VZ_RESULT

	PLESK_VZ_RESULT=1
	PLESK_VZ=0
	PLESK_VE_HW_NODE=0
	PLESK_VZ_TYPE=

	local issue_file="/etc/issue"
	local vzcheck_file="/proc/self/status"
	[ -f "$vzcheck_file" ] || return 1

	local env_id=`sed -ne 's|^envID\:[[:space:]]*\([[:digit:]]\+\)$|\1|p' "$vzcheck_file"`
	[ -n "$env_id" ] || return 1
	if [ "$env_id" = "0" ]; then
		# Either VZ/OpenVZ HW node or unjailed CloudLinux
		PLESK_VE_HW_NODE=1
		return 1
	fi

	if grep -q "CloudLinux" "$issue_file" >/dev/null 2>&1 ; then
		return 1
	fi

	if [ -f "/proc/vz/veredir" ]; then
		PLESK_VZ_TYPE="vz"
	elif [ -d "/proc/vz" ]; then
		PLESK_VZ_TYPE="openvz"
	fi

	PLESK_VZ=1
	PLESK_VZ_RESULT=0
	return 0
}

# detects lxc and docker containers
detect_lxc()
{
	[ -z "$PLESK_LXC_RESULT" ] || return $PLESK_LXC_RESULT
	PLESK_LXC_RESULT=1
	PLESK_LXC=0
	if  { [ -f /proc/1/cgroup ] && grep -q 'docker\|lxc' /proc/1/cgroup; } || \
		{ [ -f /proc/1/environ ] && cat /proc/1/environ | tr \\0 \\n | grep -q "container=lxc"; };
	then
		PLESK_LXC_RESULT=0
		PLESK_LXC=1
	fi
	return "$PLESK_LXC_RESULT"
}

call_optional_function()
{
	local type_output="`LC_ALL=C type \"$1\" 2>/dev/null | head -n 1`"
	case "$type_output" in
		*function)
			"$@"
			;;
		*)
			return 0
			;;
	esac
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.
#-*- vim:syntax=sh

product_log_name_ex()
{
	local aux_descr="$1"
	local action="${CUSTOM_LOG_ACTION_NAME-installation}"

	if [ -n "$aux_descr" ]; then
		aux_descr="_${aux_descr}"
	fi

	if [ -n "$CUSTOM_LOG_NAME" ]; then
		echo "${CUSTOM_LOG_NAME}${action:+_$action}${aux_descr}.log"
	else
		get_product_versions
		echo "plesk_${product_this_version}${action:+_$action}${aux_descr}.log"
	fi
}

product_log_name()
{
	product_log_name_ex
}

product_problems_log_name()
{
	product_log_name_ex "problems"
}

problems_log_tail()
{
	[ -f "$product_problems_log" ] || return 0
	{
		tac "$product_problems_log" | awk '/^START/ { exit } { print }' | tac
	} 2>/dev/null
}

product_log_tail()
{
	[ -f "$product_log" ] || return 0
	{
		tac "$product_log" | awk '/^START/ { exit } { print }' | tac
	} 2>/dev/null
}

product_and_problems_log_tail()
{
	product_log_tail
	[ "$product_log" = "$product_problems_log" ] || problems_log_tail
}

cleanup_problems_log()
{
	[ -f "$product_problems_log" ] || return 0
	touch "$product_problems_log.tmp"
	chmod 0600 "$product_problems_log.tmp"
	awk 'BEGIN 							{ st = "" }
		/^START/ && (st ~ /^START/) 	{ print st; }
		/^START/ 						{ st=$0; next }
		/^STOP/ && (st ~ /^START/) 		{ st=""; next }
		(st != "") 						{ print st; st="" }
										{ print }
		' "$product_problems_log" > "$product_problems_log.tmp" && \
	mv -f "$product_problems_log.tmp" "$product_problems_log" || \
	rm -f "$product_problems_log.tmp"

	if [ ! -s "$product_problems_log" ]; then
		rm -f "$product_problems_log"
	fi
}

mktemp_log()
{
	local logname="$1"
	local dir="$2"

	if [ "${logname:0:1}" != "/" ]; then
		logname="$dir/$logname"
	fi
	dir="`dirname $logname`"
	if [ ! -d "$dir" ]; then
		mkdir -p "$dir" || { echo "Unable to create log directory : $dir"; exit 1; }
		if [ "$EUID" -eq "0" ]; then
			set_ac root root 0700 "$dir"
		fi
	fi

	if [ "${logname%XXX}" != "$logname" ]; then
		mktemp "$logname"
	else
		echo "$logname"
	fi
}

log_is_in_dev()
{
	test "${1:0:5}" = "/dev/"
}

start_writing_logfile()
{
	local logfile="$1"
	local title="$2"
	! log_is_in_dev "$logfile" || return 0
	echo "START $title" >> "$logfile" || { echo "Cannot write installation log $logfile" >&2; exit 1; }
	[ "$EUID" -ne "0" ] || set_ac root root 0600 "$logfile"
}

log_start()
{
	true product_log_name product_problems_log_name mktemp_log

	local title="$1"
	local custom_log="$2"
	local custom_problems_log="$3"

	local product_log_dir="/var/log/plesk/install"

	product_log="$product_log_dir/`product_log_name`"
	product_problems_log="$product_log_dir/`product_problems_log_name`"
	problems_occured=0

	# init product log
	[ ! -n "$custom_log" ] || product_log="$custom_log"
	product_log=`mktemp_log "$product_log" "$product_log_dir"`

	# init problems log
	if [ -n "$custom_problems_log" ]; then
		product_problems_log=`mktemp_log "$custom_problems_log" "$product_log_dir"`
	elif [ -n "$custom_log" ]; then
		product_problems_log="$product_log"
	else
		product_problems_log=`mktemp_log "$product_problems_log" "$product_log_dir"`
	fi

	# write starting message into logs
	start_writing_logfile "$product_log" "$title"
	if [ "$product_log" != "$product_problems_log" ]; then
		start_writing_logfile "$product_problems_log" "$title"
	fi

	is_function profiler_setup && profiler_setup "$title" || :
}

log_stop()
{
	local title="$1"
	local subject="$2"

	if [ "$product_log" = "$product_problems_log" ] || \
			log_is_in_dev "$product_problems_log"; then
		[ -e "$product_log" ] && echo "STOP $title" >>"$product_log"
		is_function profiler_stop && profiler_stop || :
		return
	fi

	if [ -z "$subject" ]; then
		subject="[${title}]"
	fi

	# check if problems are non-empty, check for problems_occured
	local status
	local problem_lines="`problems_log_tail | wc -l`"
	if [ "$problem_lines" -eq 0 ]; then
		status="completed successfully"
	else
		if [ $problems_occured -ne 0 ]; then
			status="failed"
		else
			status="completed with warnings"
		fi
	fi

	if [ -e "$product_log" ]; then
		p_echo
		p_echo "**** $subject $status."
		p_echo
	fi

	if [ "$problem_lines" -ne 0 ]; then
		[ ! -e "$product_log" ] || problems_log_tail >>"$product_log" 2>&1
		problems_log_tail
	fi

	[ ! -e "$product_log" ] || echo "STOP $title" >>"$product_log"
	if [ $problems_occured -ne 0 ]; then
		echo "STOP $title: PROBLEMS FOUND" >>"$product_problems_log"
	else
		[ ! -s "$product_problems_log" ] || echo "STOP $title: OK" >>"$product_problems_log"
	fi

	if [ "X${PLESK_INSTALLER_KEEP_PROBLEMS_LOG}" = "X" ]; then
		cleanup_problems_log
	fi

	is_function profiler_stop && profiler_stop || :
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.

# here goes functions

package_script_begin_rpm()
{
	package_script_begin
}

package_script_end_rpm()
{
	package_script_end
}

package_script_begin()
{
	if [ -z "$process" ]; then
		if [ "$do_reconfigure" = "1" ]; then
			process="reconfiguration"
		elif [ "$do_upgrade" = "1" ]; then
			process="upgrade"
		elif [ -n "$PACKAGE_TRIGGERING_NAMES" ]; then
			process="trigger"
		else
			process="installation"
		fi
	fi

	log_start "`package_script_log_title`"
	set_error_report_context "`package_script_log_title`. `report_context_action`"

	product_default_conf
	initial_conf
	set_common_params
	read_conf
}

package_script_end()
{
	packagemng_set_dirty_flag

	log_stop "`package_script_log_title`" "Package $PACKAGE_NAME scriptlet"
}

package_script_log_title()
{
	local stage
	case "$do_upgrade" in
		0) stage="installing";;
		1) stage="upgrading";;
		*) stage="installing";;
	esac
	[ -z "$PACKAGE_TRIGGERING_NAMES" ] || stage="triggered (by $PACKAGE_TRIGGERING_NAMES)"
	echo "$PACKAGE_NAME-$PACKAGE_VERSION $stage AT `date`"
}

report_context_action()
{
	local action
	get_product_versions
	if [ "X$do_upgrade" = "X1" -o "$product_prev_version" != "$product_this_version" ]; then
		action="Doing $product_name upgrade from $product_prev_version to $product_this_version"
	else
		action="Doing $product_name $product_this_version installation"
	fi
	echo "$action"
}

package_script_call_main_function_begin()
{
	PACKAGE_NAME="$1"
	PACKAGE_VERSION="$2"
	package_script_begin_this_system

	trap "package_script_end_handler error" HUP PIPE INT QUIT TERM EXIT
}

package_script_end_handler()
{
	if [ "$1" = "error" ]; then
		report_problem "fatal" "Package script failed"
	fi

	trap - EXIT
	package_script_end_this_system
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.

package_script_begin_this_system()
{
    package_script_begin_rpm
}

package_script_end_this_system()
{
    package_script_end_rpm
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.

construct_report_template()
{
	local severity="${1:-error}"
	local summary="$2"

	local update_ticket="`get_update_ticket`"

	set_error_report_source
	set_error_report_component
	set_error_report_params
	set_error_report_environment

	true construct_report_code construct_report_debug construct_report_message

cat <<-EOL
<?xml version="1.0" encoding="UTF-8" ?>
<error>
  <source>$report_source</source>
  <severity>$severity</severity>
  <datetime>`date --iso-8601=seconds`</datetime>

  <component>$report_component</component>
  <summary><![CDATA[`echo "$summary" | sed -e 's/\]\]>/] ]>/g'`]]></summary>
  <message encoding="base64">`construct_report_message | base64`</message>

  <additional_info>
    <component_params encoding="base64">$report_params</component_params>
    <code encoding="base64">`construct_report_code | base64`</code>
    <debug encoding="base64">`construct_report_debug | base64`</debug>
    <environment encoding="base64">$report_environment</environment>
    <update_ticket>$update_ticket</update_ticket>
  </additional_info>
</error>
EOL
}

construct_report_code()
{
	local call_level=${1:-5}
	local func_level=$[call_level - 1]
	local lineno_func=${BASH_LINENO[ $func_level ]}
	local script_name=${BASH_SOURCE[ $[func_level + 1] ]}

	echo "# Call of ${FUNCNAME[$func_level]}() from ${FUNCNAME[$[func_level + 1]]}() at `readlink -m $script_name`:${BASH_LINENO[$func_level]}"
	head -n $[lineno_func + 4] "$script_name" 2>/dev/null | tail -n 8
}

construct_report_debug()
{
	local call_level=${1:-5}
	call_level=$[call_level-1]

	# Generate calls stack trace.
	for i in `seq $call_level ${#FUNCNAME[@]}`; do
		[ "${FUNCNAME[$i]}" != "main" ] || break

		local func_call="`sed -n -e "${BASH_LINENO[$i]}p" "${BASH_SOURCE[$[i+1]]}" 2>/dev/null |
			sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'`"
		[ -n "$func_call" -a -z "${func_call##*${FUNCNAME[$i]}*}" ] || func_call="${FUNCNAME[$i]}"
		echo "#$[i - $call_level] `readlink -m ${BASH_SOURCE[$[i+1]]}`(${BASH_LINENO[$i]}): $func_call"
	done
}

construct_report_message()
{
	product_and_problems_log_tail

	echo ""
	if [ -n "$report_context" ]; then
		echo "Context: $report_context"
		echo ""
	fi
	if [ -n "$RP_LOADED_PATCHES" ]; then
		echo "Loaded runtime patches: $RP_LOADED_PATCHES"
		echo ""
	fi
}

# Construct report to send it to our errors tracker
construct_report()
{
	local severity="${1:-error}"
	local summary="$2"

	[ -n "$summary" ] || int_err "Unable to send error report. Some parameters are not defined."

	set_error_report_source
	get_product_versions

	construct_report_template "$severity" "$summary" \
		| $PRODUCT_ROOT_D/admin/bin/send-error-report --version "$product_this_version" $report_source >/dev/null 2>&1
}

# Use this function to report failed actions.
# Typical report should contain
# - reason or problem description (example: file copying failed)
# - how to resolve or investigate problem (example: check file permissions, free disk space)
# - how to re-run action (example: perform specific command, restart bootstrapper script, run installation again)
report_problem()
{
	local severity="${1:-error}"

	# Get first string of error as a summary of report
	shift

	local summary="$1"

	[ -n "$product_problems_log" ] || product_problems_log="/dev/stderr"

	p_echo
	if [ "0$problems_occured" -eq 0 ]; then
		echo "***** $process problem report *****" >> "$product_problems_log" 2>&1
	fi
	for problem_message in "$@"; do
		p_echo "$problem_message"
		if [ "$product_log" != "$product_problems_log" ]; then
			echo "$problem_message" >> "$product_problems_log" 2>&1
		fi
	done
	p_echo

	construct_report "$severity" "$summary"

	[ -n "$PLESK_INSTALLER_DEBUG" -o -n "$PLESK_INSTALLER_VERBOSE" ] || \
		product_log_tail

	problems_occured=1
}

set_error_report_context()
{
	report_context="$*"
}

set_error_report_source()
{
	[ -z "$1" ] || report_source="$1"
	[ -n "$report_source" ] || {
		if [ -n "$PACKAGE_ID" -o -n "$PACKAGE_ACTION" -o -n "$PACKAGE_NAME" -o -n "$PACKAGE_VERSION" ]; then
			report_source="install"
		else
			report_source="backend"
		fi
	}
}

set_error_report_component()
{
	local component="$1"

	if [ "$report_source" = "install" ]; then
		[ -n "$report_component" ] || report_component="$PACKAGE_ID"
		return 0
	fi

	[ -z "$component" ] || report_component="$1"
	[ -n "$report_component" ] || report_component="`basename $0`"
}

set_error_report_params()
{
	if [ "$report_source" = "install" ]; then
		[ -n "$report_params" ] || report_params="`echo "$PACKAGE_ACTION of $PACKAGE_NAME $PACKAGE_VERSION" | base64`"
		return 0
	fi

	[ -z "$*" ] || report_params="`echo "$*" | base64`"
	[ -n "$report_params" ] || report_params="`echo "$PLESK_SCRIPT_COMMAND_LINE" | base64`"
}

detect_virtualization()
{
	detect_vz
	detect_lxc
	local is_docker="`[ -f "/.dockerenv" ] && echo yes || :`"
	local systemd_detect_virt_ct="`/usr/bin/systemd-detect-virt -c 2>/dev/null | grep -v '^none$' || :`"
	local systemd_detect_virt_vm="`/usr/bin/systemd-detect-virt -v 2>/dev/null | grep -v '^none$' || :`"
	local virt_what="`/usr/sbin/virt-what 2>/dev/null | xargs || :`"

	if [ -n "$is_docker" ]; then
		echo "docker $virt_what"
	elif [ "$PLESK_VZ" = "1" ]; then
		echo "${PLESK_VZ_TYPE:-virtuozzo}"
	elif [ "$PLESK_LXC" = "1" ]; then
		echo "lxc $virt_what"
	elif [ -n "$systemd_detect_virt_ct" ]; then
		echo "$systemd_detect_virt_ct $systemd_detect_virt_vm"
	elif [ -n "$virt_what" ]; then
		echo "$virt_what"
	elif [ -n "$systemd_detect_virt_vm" ]; then
		echo "$systemd_detect_virt_vm"
	fi
}

default_error_report_environment()
{
	local virtualization="`detect_virtualization`"

	if [ -n "$virtualization" ]; then
		echo "virtualization: $virtualization"
	fi
}

set_error_report_environment()
{
	[ -z "$*" ] || report_environment="`echo "$*" | base64`"
	[ -n "$report_environment" ] || report_environment="`default_error_report_environment | base64`"
}

get_update_ticket()
{
	[ -r $PRODUCT_ROOT_D/var/update_ticket ] && cat $PRODUCT_ROOT_D/var/update_ticket | awk '{$1=$1};1'
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.

#
# Support for runtime patching of shell scripts (including utilities and package scripts).
#

# --- Service functions ---

# Load and apply a patch in a relatively safe way
rp_safe_load_patch()
{
	local patch_file="$1"
	echo_try "load shell patch '$patch_file'"
	/bin/sh -n "$RP_BASEDIR/$patch_file" && 
	{
		. "$RP_BASEDIR/$patch_file"
		RP_LOADED_PATCHES="$RP_LOADED_PATCHES $patch_file"
	} &&
	suc
}

# Apply patches specific to the current context (e.g., depending on utility basename or package name)
# This is currently not implemented. This may be overriden by "spark".
rp_patch_runtime_context_specific()
{
	:
}

# --- Main entry points ---

rp_patch_runtime()
{
	# List of loaded patch files
	RP_LOADED_PATCHES=

	local RP_BASEDIR="$PRODUCT_BOOTSTRAPPER_DIR/rp"
	[ -d "$RP_BASEDIR" ] || return 0

	if [ -r "$RP_BASEDIR/spark" ]; then
		rp_safe_load_patch "spark"
	fi

	call_optional_function rp_patch_runtime_context_specific "$@"
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.
# vim:ft=sh

initial_conf()
{
	PRODNAME="psa"
	PRODUCT_NAME="psa"
	product=${PRODNAME}
	PRODUCT_FULL_NAME="Plesk"

	product_etc="/etc/${PRODNAME}"
	prod_conf_t="/etc/psa/psa.conf"

	support_contact="https://support.plesk.com/"

	conceived_os_vendor=RedHat
	conceived_os_version="el8"

	clients_group="psacln"
	clients_GID="10001"

	services_group="psaserv"
	services_GID="10003"

	product_suff="saved_by_${product}".`date "+%m.%d;%H:%M"`
	product_suffo="saved_by_${product}"

	# plesk default password
	PRODUCT_DEFAULT_PASSWORD="setup"
}

read_conf()
{
	[ -n "$prod_conf_t" ] || prod_conf_t=/etc/psa/psa.conf

	if [ -s $prod_conf_t ]; then
		tmp_var=`perl -e 'undef $/; $_=<>; s/#.*$//gm;
		         s/^\s*(\S+)\s*/$1=/mg;
		         print' $prod_conf_t`
		eval $tmp_var
	else
		if ! is_product_installation; then
			p_echo "Unable to find product configuration file: $prod_conf_t. Default values will be used."
			return 1
		fi
	fi
	return 0
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.
# vim:ft=sh

selinux_is_active()
{
	if [ -z "$SELINUX_ENFORCE" ]; then
		selinux_getenforce
	fi

	case "$SELINUX_ENFORCE" in
	Enforcing|Permissive) return 0;;
	*) return 1;;
	esac
}

selinux_support_is_installed()
{
	# This function checks if Plesk SELinux support component is installed
	set_selinux_params
	[ -s "$selinux_module" ]
}

selinux_configuration_is_required()
{
	# All public functions that modify SELinux state should check that this is true!
	selinux_is_active && selinux_support_is_installed
}

selinux_get_mount_dir()
{
	unset SELINUX_MOUNT_DIR

	if awk '$2 == "/selinux"{exit(1)}' /proc/mounts && mkdir -p /selinux; then
		SELINUX_MOUNT_DIR=/selinux
	else
		SELINUX_MOUNT_DIR="`mktemp -d /tmp/selinuxXXXXXX`"
	fi >>"$product_log" 2>&1
}

selinux_getenforce()
{
	if [ "$1" = "--check" -a -n "$SELINUX_ENFORCE" ]; then
		return
	fi
	unset SELINUX_ENFORCE

	if ! ( command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled ); then
		SELINUX_ENFORCE=Disabled
		return
	fi

	if awk '$3 == "selinuxfs"{exit(1)}' /proc/mounts; then
		selinux_get_mount_dir
		mount -t selinuxfs none "$SELINUX_MOUNT_DIR"
	fi

	if ! command -v getenforce >/dev/null 2>&1; then
		SELINUX_ENFORCE=Disabled
		return
	fi

	SELINUX_ENFORCE="`getenforce`"
	if test $? -ne 0; then
		SELINUX_ENFORCE=Disabled
		return
	fi
}

selinux_close()
{
	if [ -z "$SELINUX_ENFORCE" -o "$SELINUX_ENFORCE" = "Disabled" ]; then
		return
	fi

	setenforce "$SELINUX_ENFORCE"
}

selinux_remove_module()
{
	[ -n "$1" ] || return 0
	if semodule -l | grep -q "^$1\>"; then
		p_echo "disabling selinux module: $1"
		semodule -d "$1"
	fi
}

selinux_fix_booleans_for_nginx_proxy()
{
	set_nginx_params

	local enable="on"
	nginx_is_rc_enabled || enable="off"

	# This boolean is provided by plesk.pp; also managed by nginx_proxy utility.
	setsebool_ifexists httpd_can_bind_all_ports "$enable"
}

selinux_fix_booleans()
{
	{
	setsebool_ifdiffer httpd_unified on
	setsebool_ifdiffer httpd_can_network_connect on
	setsebool_ifdiffer httpd_can_network_connect_db on
	setsebool_ifdiffer httpd_can_network_relay on
	setsebool_ifdiffer httpd_can_sendmail on
	# required for passenger, php 7.3 cgi/fastcgi (JIT)
	setsebool_ifdiffer httpd_execmem on

	# NGINX setrlimit fix (PPP-27350)
	setsebool_ifdiffer httpd_setrlimit on

	# Git access on domain PPP-45248
	setsebool_ifdiffer domain_can_mmap_files on

	# Passive mode reliability (PPP-42401)
	setsebool_ifdiffer ftpd_use_passive_mode on

	selinux_fix_booleans_for_nginx_proxy

	} >> "$product_log" 2>&1
	:
}

selinux_install_plesk_policy_module()
{
	local policy="$1"
	local selinux_module="$2"

	semodule -s "$policy" -i "$selinux_module"
}

selinux_install_module()
{
	set_selinux_params

	selinux_remove_module passenger
	selinux_remove_module qmail
	selinux_remove_module courier

	for dir in `find /etc/selinux -maxdepth 1 -mindepth 1 -type d`; do
		local policy=`basename "$dir"`
		selinux_install_plesk_policy_module "$policy" "$selinux_module"
	done

	if [ -f /tmp/pp-bootstrapper-mode.flag ]; then
		deferred_relabel_plesk_directories
	else
		relabel_plesk_directories
	fi
}


relabel_named_directories()
{
	[ -d "$NAMED_RUN_ROOT_D" ] || return 0
	selinux_configuration_is_required || return 0

	if [ -d "$NAMED_RUN_ROOT_D/proc" ]; then
		# Looks like /proc exists in chroot only on RedHat/CentOS 5
		selinux_relabel_dir -e "$NAMED_RUN_ROOT_D/proc" "$NAMED_RUN_ROOT_D"
	else
		selinux_relabel_dir "$NAMED_RUN_ROOT_D"
	fi
}

relabel_php_fpm()
{
	local ret=0


	[ -z "$do_repair" ] || return $ret
}

relabel_plesk_directories()
{
	selinux_configuration_is_required || return 0

	local ret=0
	local verbose_mode=
	if [ "$1" = "--verbose" ]; then
		verbose_mode="yes"
		shift
	fi

	set_horde_params

	if selinux_is_active; then
		for dir in "$PRODUCT_ROOT_D" \
					/var/log/passenger* \
					"$horde_logdir" \
					"$QMAIL_ROOT_D/alias" "$QMAIL_ROOT_D/bin" "$QMAIL_ROOT_D/boot" "$QMAIL_ROOT_D/control" \
					"$QMAIL_ROOT_D/plugins" "$QMAIL_ROOT_D/popuser" "$QMAIL_ROOT_D/queue" "$QMAIL_ROOT_D/users" \
					/var/db/kav /var/db/Quarantine "$PLESK_DB_DIR" \
					"/usr/libexec/postfix" \
					/var/drweb /opt/drweb "$PLESK_LIBEXEC_DIR" \
					"/etc/nginx" "/usr/sbin/nginx" /var/lib/nginx \
					"/var/log/nginx" "/var/run/nginx.pid" "/usr/share/passenger_temp" \
					"/var/lib/plesk/mail" /opt/kav "/usr/lib64/php/modules" "/var/run" \
					"/var/lib/php/session" \
					/etc/psa/.psa.shadow \
					/etc/resolv.conf \
					/usr/sbin/courierlogger \
					/etc/courier-imap \
					/usr/bin/imapd \
					/usr/sbin/authdaemond \
					/usr/sbin/imaplogin \
					"$@"; do
			[ -e "$dir" ] || continue
			[ -z "$verbose_mode" ] || pp_echo "  Restoring SELinux context on '$dir'"
			selinux_relabel_dir "$dir" || ret=1
		done

		[ -z "$verbose_mode" ] || pp_echo "  Restoring SELinux context on '$NAMED_RUN_ROOT_D'"
		relabel_named_directories || ret=1

		[ -z "$verbose_mode" ] || pp_echo "  Restoring SELinux context for php-fpm services"
		relabel_php_fpm || ret=1
	fi
	[ -z "$do_repair" ] || return $ret
}

selinux_relabel_dir()
{
	selinux_configuration_is_required || return 0

	if ! command -v restorecon >/dev/null 2>&1; then
		return
	fi

	local ret=0
	if ! restorecon -i -R "$@" >>"$product_log" 2>&1; then
		warn "Error while setting SELinux types. Command was: restorecon -i -R $*"
		ret=1
	fi

	[ -z "$do_repair" ] || return $ret
}

# for modules only
selinux_policy_upgrade_trigger()
{
	if [ -n "$PLESK_INSTALLER_DEBUG" ]; then
		set -x
	fi

	if [ "X${PLESK_INSTALLER_STRICT_MODE}" != "X" ]; then
		set -e
	fi

	local module_version="18.0.44"
	package_script_call_main_function_begin \
		"psa-selinux-policy-trigger" "$module_version"

	# This function is called only from the script in the 'psa-selinux' support component,
	# so we assume selinux_support_is_installed is true here.
	if selinux_is_active \
	    && [ "`semodule -l | awk '/plesk/ { print $2 }'`" != "$module_version" ];
	then
	    echo_try "install Plesk SELinux policy module $module"
	    selinux_install_module
	    suc
	else
	    p_echo "Plesk SELinux policy module $module_version is already installed"
	fi

	selinux_remove_module passenger
	selinux_remove_module qmail
	selinux_remove_module courier
	selinux_fix_booleans
	package_script_end_handler ok
}

setsebool_ifexists()
{
	if ! command -v setsebool >/dev/null 2>&1; then
		return
	fi
	if ! getsebool -a|grep -q "$1"; then
		echo "SELinux boolean '$1' is missing. Skipping setting it to '$2'."
		return
	fi
	if [ "$2" != "`getsebool $1 | cut -d' ' -f 3`" ]; then
		setsebool -P "$1" "$2"
	fi
}

setsebool_ifdiffer()
{
	selinux_configuration_is_required || return 0

	if ! command -v setsebool >/dev/null 2>&1; then
		return
	fi

	if [ "$2" != "`getsebool $1 | cut -d' ' -f 3`" ]; then
		setsebool -P "$1" "$2"
	fi
}

### Copyright 1999-2025. WebPros International GmbH. All rights reserved.
# vim:ft=sh

set_selinux_params()
{
	selinux_module="$PRODUCT_ROOT_D/etc/plesk.pp"
}

### Copyright 1999-2025. WebPros International GmbH. All rights reserved.
# vim:ft=sh:

#set_params

set_common_params()
{
	common_var=0

	PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
	LANG="`get_default_locale`"
	export PATH LANG
	unset GREP_OPTIONS
	umask 022
	ulimit -n 65535 2>/dev/null

	get_product_versions

	certificate_file="$PRODUCT_ETC_D/httpsd.pem"
	services="/etc/services"

	crontab="/usr/bin/crontab"

	SYSTEM_RC_D="/etc/rc.d/init.d"
	PLESK_LIBEXEC_DIR="/usr/lib64/plesk-9.0"
	PLESK_DB_DIR="/var/lib/plesk"
	PRODUCT_BOOTSTRAPPER_DIR="`printf "/usr/local/psa/bootstrapper/pp%s-bootstrapper" "$product_this_version"`"
	AUTOGENERATED_CONFIGS="#ATTENTION!\n#\n#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,\n#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.\n"
	AUTOGENERATED_CONFIGS_UPGRADE="#ATTENTION!\n#\n#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,\n#SO ALL YOUR CHANGES WILL BE LOST AFTER YOU UPGRADE PLESK.\n"
	PRODUCT_LOGS_D="/var/log/plesk"

	sendmail="/usr/sbin/sendmail"
	ps="ps axw"
	ifconfig="/sbin/ifconfig -a"

	machine="linux"
	if [ -f /etc/debian_version ]; then
		linux_distr="debian"
	else
		linux_distr="redhat"
	fi

	dummy_home="/"
	if [ -x /usr/sbin/nologin ]; then
		dummy_shell="/usr/sbin/nologin"
	else
		dummy_shell="/bin/false"
	fi

	rp_patch_runtime
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.
# -*- vim:syntax=sh

packagemng_set_dirty_flag()
{
	if [ -f ${PRODUCT_ROOT_D}/admin/bin/packagemng ]; then
		${PRODUCT_ROOT_D}/admin/bin/packagemng --set-dirty-flag 1>>$product_log 2>&1
	fi
}

get_product_versions()
{
	# Don't use global variables set elsewhere in this code. Use substitutions if needed.
	local prod_root_d="/usr/local/psa"

	product_name="psa"

	if [ -z "$product_this_version" ]; then
		# 1. Try to fetch version from file created by bootstrapper (should be 3-component).
		product_this_version="`cat "/var/lock/plesk-target-version" 2>/dev/null`"
		# 2. Fallback to $PRODUCT_ROOT_D/version (should be 3-component).
		if [ -z "$product_this_version" -a -r "$prod_root_d/version" ]; then
			product_this_version="`awk '{ print $1 }' "$prod_root_d/version"`"
		fi
		# 3. Fallback to hardcoded version (2-component). This may cause some other code to fail.
		if [ -z "$product_this_version" ]; then
			product_this_version="18.0"
			echo "Unable to determine \$product_this_version, will use less precise value '$product_this_version'" >&2
		fi
	fi

	product_version="$product_this_version"

	if [ -z "$product_prev_version" ]; then
		if [ -r "$prod_root_d/version.upg" ]; then
			product_prev_version=`awk '{ print $1 }' "$prod_root_d/version.upg"`
		elif [ -r "$prod_root_d/version" ]; then
			product_prev_version=`awk '{ print $1 }' "$prod_root_d/version"`
		else
			product_prev_version="$product_this_version"
		fi
	fi
}

# Clean installation of the product is being performed
is_product_installation()
{
	[ "X$do_upgrade" != "X1" -a ! -s "/usr/local/psa/version.upg" ]
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.
# vim:syntax=sh

set_nginx_params()
{
	nginx_service=nginx
	nginx_rc_config="/etc/sysconfig/nginx"
	nginx_user="nginx"
	nginx_bin="/usr/sbin/nginx"
}

nginx_is_rc_enabled()
{
	grep -q '^\s*NGINX_ENABLED=\s*"\?yes"\?\s*\(#.*\)\?$' "$nginx_rc_config" >/dev/null 2>&1
}
### Copyright 1999-2025. WebPros International GmbH. All rights reserved.
set_horde_params()
{
	horde_datadir="/usr/share/psa-horde"
	horde_confdir="/etc/psa-webmail/horde"
	horde_sysconfd="$horde_confdir/horde"
	horde_logdir="/var/log/psa-horde"
	horde_passwd_file="/etc/psa-webmail/horde/.horde.shadow"
	horde_title="Horde Web Based mail client"

	imp_datadir="$horde_datadir/imp"
	imp_sysconfd="$horde_confdir/imp"
	
	turba_datadir="$horde_datadir/turba"
	turba_sysconfd="$horde_confdir/turba"

	kronolith_datadir="$horde_datadir/kronolith"
	kronolith_sysconfd="$horde_confdir/kronolith"

	ingo_datadir="$horde_datadir/ingo"
	ingo_sysconfd="$horde_confdir/ingo"

	mnemo_datadir="$horde_datadir/mnemo"
	mnemo_sysconfd="$horde_confdir/mnemo"
	
	passwd_datadir="$horde_datadir/passwd"
	passwd_sysconfd="$horde_confdir/passwd"

	horde_user="horde_sysuser"
	horde_group="horde_sysgroup"

	horde_php_ini="/etc/psa-webmail/horde/horde/php.ini"
	horde_conf_php="/etc/psa-webmail/horde/horde/conf.php"

	horde_db_user_privileges=(
		"ALTER"
		"CREATE"
		"DELETE"
		"DROP"
		"INDEX"
		"INSERT"
		"REFERENCES"
		"SELECT"
		"UPDATE"
	)
}

### Copyright 1999-2025. WebPros International GmbH. All rights reserved.

reexec_with_clean_env "$@"

selinux_policy_upgrade_trigger
