HOME

Mini Shell 1.0
Current File : //cpanel_installer/Common.pm
package Common;

# cpanel - installd/Common.pm                      Copyright 2021 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use strict;
use warnings;

use Sys::Hostname ();
use Socket;
use IO::Handle ();
use IO::Select ();
use IPC::Open3 ();

# Helper routines for the log.
our $message_caller_depth = 1;
our $lock_file            = '/root/installer.lock';

my $log_file = '/var/log/cpanel-install.log';

our $log_fh;
my $COLOR_RED      = 31;
my $COLOR_YELLOW   = 33;
my $collect_output = undef;
my %TIER_CACHE;
our $DEFAULT_MYIP_URL = q[https://myip.cpanel.net/v1.0/];    # default value
use constant PRODUCT_DNSONLY => 64;

# Populate some globals determined by functions
my $gpg_bin = gpg_bin();

################################################################################
# Set up output handling code
sub colorize_bold {
    my ( $color, $msg ) = @_;

    return $msg if !defined $color || -e q{/var/cpanel/disable_cpanel_terminal_colors};
    $msg ||= '';

    return chr(27) . '[1;' . $color . 'm' . $msg . chr(27) . '[0;m';
}

# space pad debug messages.
sub DEBUG($) { return _MSG( 'DEBUG', "  " . shift ) }
sub ERROR($) { return _MSG( 'ERROR', colorize_bold( $COLOR_RED, shift ) ) }
sub WARN($)  { return _MSG( 'WARN',  colorize_bold( $COLOR_YELLOW, shift ) ) }
sub INFO($)  { return _MSG( 'INFO',  shift ) }
sub FATAL($) { _MSG( 'FATAL', colorize_bold( $COLOR_RED, shift ) ); die "\n"; }

# Make things nicer for tests
our $prefix = '';

sub _MSG {
    my $level = shift;
    my $msg   = shift || '';
    chomp $msg;

    my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst ) = localtime;
    my ( $package, $filename, $line ) = caller($message_caller_depth);
    my $stamp_msg = sprintf( "%s%04d-%02d-%02d %02d:%02d:%02d %4s [%d] (%5s): %s\n", $prefix, $year + 1900, $mon + 1, $mday, $hour, $min, $sec, $line, $$, $level, $msg );

    print {$log_fh} $stamp_msg;
    if ( defined $collect_output ) {
        $collect_output .= $stamp_msg;
    }
    else {
        print $stamp_msg;
    }
    return;
}

################################################################################

sub get_lts_version {

    my $cpanel_version = get_cpanel_version();
    my ( undef, $lts_version ) = split( qr/\./, $cpanel_version );

    return $lts_version;
}

sub get_cpanel_version {
    my $tier    = get_cpanel_tier();
    my $version = guess_version_from_tier($tier);
    return $version;
}

sub get_staging_dir {
    return '' if !-e '/etc/cpupdate.conf';
    my $cpupdate_conf = read_config('/etc/cpupdate.conf');
    return $cpupdate_conf->{'STAGING_DIR'} // '';
}

sub get_cpanel_tier {

    # Pull in cpupdate.conf settings.
    my $cpupdate_conf = read_config('/etc/cpupdate.conf');

    # Determine tier or assume defaults.
    my $tier = $cpupdate_conf->{'CPANEL'} || 'release';

    # version numbers without 11.
    if ( $tier =~ /^\d+/ && $tier !~ /^11\./ ) {
        $tier = '11.' . $tier;
    }

    return $tier;
}

sub cleanup_lock_file_and_gpg_homedir {
    if ( open my $fh, '<', $lock_file ) {
        my $pid = <$fh>;
        close $fh;

        chomp $pid if ($pid);
        if ( !$pid || $pid == $$ ) {
            print "Removing $lock_file.\n";
            unlink $lock_file;
        }
    }

    if ( -d gpg_homedir() ) {
        opendir( my $dh, gpg_homedir() );
        my @files = readdir($dh);
        closedir($dh);
        @files = map { gpg_homedir() . "/" . $_ } grep { !/^\.{1,2}/ } @files;
        unlink($_) for @files;
        rmdir( gpg_homedir() );
    }

    return;
}

sub invalid_system {
    my $message = shift || '';
    chomp $message;
    ERROR("$message");
    ERROR "The system detected an unsupported distribution. cPanel & WHM only supports CentOS 7 and 8, AlmaLinux 8, Red Hat Enterprise Linux® 6 and 7 and CloudLinux™ 6, 7, and 8 and Ubuntu 20.04.";
    FATAL("Please reinstall cPanel & WHM from a valid distribution.");
    return;
}

sub clean_install_check {

    INFO('Checking for any control panels...');
    my @server_detected;
    push @server_detected, 'DirectAdmin' if ( -e '/usr/local/directadmin' );
    push @server_detected, 'Plesk'       if ( -e '/etc/psa' );
    push @server_detected, 'Ensim'       if ( -e '/etc/appliance' || -d '/etc/virtualhosting' );

    #push @server_detected, 'Alabanza'    if ( -e '/etc/mail/mailertable' );
    push @server_detected, 'Zervex'              if ( -e '/var/db/dsm' );
    push @server_detected, 'Web Server Director' if ( -e '/bin/rpm' && `/bin/rpm -q ServerDirector` =~ /^ServerDirector/ms );    ## no critic(ProhibitQxAndBackticks)

    # Don't just check for /usr/local/cpanel, as some people will have created
    # that directory as a mount point for the install.
    push @server_detected, 'cPanel & WHM' if -e '/usr/local/cpanel/cpkeyclt';

    return if ( !@server_detected );

    ERROR("The installation process found evidence that the following control panels were installed on this server:");
    ERROR($_) foreach (@server_detected);
    FATAL('You must install cPanel & WHM on a clean server.');
    return;
}

sub check_resolv_conf {

    check_remote_resolvers();

    INFO("Validating whether the system can look up domains...");
    my @domains = qw(
      httpupdate.cpanel.net
      securedownloads.cpanel.net
    );

    foreach my $domain (@domains) {
        DEBUG("Testing $domain...");
        next if ( gethostbyname($domain) );
        ERROR( '!' x 105 . "\n" );
        ERROR("The system cannot resolve the $domain domain. Check the /etc/resolv.conf file. The system has terminated the installation process.\n");
        FATAL( '!' x 105 . "\n" );
    }
    return;
}

sub open_logs {
    my $installstart = time();

    if ( my $mtime = ( stat($log_file) )[9] ) {
        my $bu_file = $log_file . '.' . $mtime;
        system( '/bin/cp', $log_file, $bu_file ) unless -e $bu_file;
    }

    my $orig_umask = umask(0077);
    open( $log_fh, '>>', $log_file ) or die "Could not open log: $!";
    $log_fh->autoflush(1);
    umask($orig_umask);

    my $installstarttime = localtime($installstart);
    INFO("cPanel & WHM installation started at: ${installstarttime}!");
    INFO("This installation will require 10-50 minutes, depending on your hardware and network.");
    INFO("Now is the time to go get another cup of coffee/jolt.");
    INFO("The install will log to the /var/log/cpanel-install.log file.");
    INFO("");
    INFO("Beginning Installation v3...");
    return $installstart;
}

sub get_hostname_via_getnameinfo {
    return undef if !Socket->can('getaddrinfo');

    my ( $err, @getaddr ) = Socket::getaddrinfo(
        get_main_ip(),
        undef,
        {
            family   => Socket::AF_UNSPEC(),
            protocol => Socket::IPPROTO_TCP(),
        }
    );

    for my $addr (@getaddr) {
        my ( $err, $host, $service ) = Socket::getnameinfo( $addr->{addr}, Socket::NI_NAMEREQD() );
        if ( defined $host ) {
            return $host;
        }
    }

    return undef;
}

# Copied from Cpanel::DIp::MainIP
sub get_main_ip {
    foreach my $ip ( split( /\n/, `/sbin/ip -4 addr show` ) ) {    ## no critic(ProhibitQxAndBackticks)
        if ( $ip =~ m{ [\s\:] (\d+ [.] \d+ [.] \d+ [.] \d+) }xms ) {
            my $thisip = $1;
            if ( !is_loopback($thisip) ) {
                return $thisip;
            }
        }
    }
    return 0;
}

# Copied from Cpanel::IP::Loopback
sub is_loopback {
    return (
        length $_[0]
          && (
            $_[0] eq 'localhost'                                                                         #
            || $_[0] eq 'localhost.localdomain'                                                          #
            || $_[0] eq '0000:0000:0000:0000:0000:0000:0000:0001'                                        #
            || ( length $_[0] >= 32 && substr( $_[0], 0, 32 ) eq '0000:0000:0000:0000:0000:ffff:7f' )    # ipv4 inside of ipv6 match 127.*
            || ( length $_[0] >= 11 && substr( $_[0], 0, 11 ) eq '::ffff:127.' )                         # ipv4 inside of ipv6 match 127.*
            || ( length $_[0] >= 4  && substr( $_[0], 0, 4 ) eq '127.' )                                 # ipv4 needs to match 127.*
            || $_[0] eq '0:0:0:0:0:0:0:1'                                                                #
            || $_[0] eq ':1'                                                                             #
            || $_[0] eq '::1'                                                                            #
            || $_[0] eq '(null)'                                                                         #
            || $_[0] eq '(null):0000:0000:0000:0000:0000:0000:0000'                                      #
            || $_[0] eq '0000:0000:0000:0000:0000:0000:0000:0000'                                        #
            || $_[0] eq '0.0.0.0'
          )                                                                                              #
    ) ? 1 : 0;
}

# Copied from Cpanel::Sys::Hostname::FQDN
sub get_fqdn_hostname {
    my $hostname_from_sys_hostname = Sys::Hostname::hostname();
    $hostname_from_sys_hostname =~ tr{A-Z}{a-z};

    my $hostname_from_getnameinfo = get_hostname_via_getnameinfo() || "";

    if ( !length $hostname_from_getnameinfo ) {
        return $hostname_from_sys_hostname;
    }

    $hostname_from_getnameinfo =~ tr{A-Z}{a-z};

    if ( index( $hostname_from_getnameinfo, $hostname_from_sys_hostname ) == 0 ) {
        return $hostname_from_getnameinfo;
    }

    return $hostname_from_sys_hostname;
}

sub check_hostname {
    my $hostname = get_fqdn_hostname();
    INFO "Validating that the system hostname ('$hostname') is a FQDN...";
    if ( $hostname =~ /^www\./ ) {
        FATAL "The installation process detected the following hostname: $hostname\n Hostnames cannot start with www! Use a valid hostname.";
    }

    if ( !is_valid_hostname($hostname) ) {
        ERROR "";
        ERROR "********************* ERROR *********************";
        ERROR "";
        ERROR "Your hostname ($hostname) is invalid, and must be";
        ERROR "set to a fully qualified domain name before installing cPanel.";
        ERROR "";
        ERROR "A fully qualified domain name must contain two dots, and consists of two parts: the hostname and the domain name.";
        ERROR "You can update your hostname by running `hostname your-hostname.example.com`, then re-running the installer.";

        ERROR "********************* ERROR *********************";
        FATAL "Exiting...";
    }
    return;
}

sub check_files {
    INFO "Checking for essential system files...";

    unless ( -f '/etc/fstab' ) {
        ERROR "Your system is missing the file /etc/fstab.  This is an";
        ERROR "essential system file that is part of the base system.";
        FATAL "Please ensure the system has been properly installed.";
    }

    my $selinux_config_dir  = '/etc/selinux';
    my $selinux_config_file = "$selinux_config_dir/config";

    unless ( -f $selinux_config_file ) {
        INFO "Creating SELinux config file:  $selinux_config_file";
        mkdir $selinux_config_dir unless -d $selinux_config_dir;
        open my $fh, '>', $selinux_config_file or FATAL "Unable to create $selinux_config_file";
        print {$fh} "SELINUX=disabled\n";
        close $fh;
    }

    return;
}

sub ssystem {
    my @cmd     = @_;
    my $conf_hr = ref( $cmd[-1] ) eq 'HASH' ? pop(@cmd) : {};

    local $message_caller_depth = $message_caller_depth + 1;    # Set caller depth deeper during this sub so debugging it clearer.
    DEBUG( '- ssystem [BEGIN]: ' . join( ' ', @cmd ) );
    open( my $rnull, '<', '/dev/null' ) or die "Can't open /dev/null: $!";
    my $io  = IO::Handle->new;
    my $pid = IPC::Open3::open3( $rnull, $io, $io, @cmd );
    $io->blocking(0);

    my $select = IO::Select->new($io);

    my $exit_status;
    my $buffer                 = '';
    my $buffered_waiting_count = 0;
    while ( !defined $exit_status ) {
        while ( my $line = readline($io) ) {

            # Push the buffer lacking a newline onto the front of this.
            if ($buffer) {
                $line   = $buffer . $line;
                $buffer = '';
            }

            $line =~ s/\r//msg;    # Strip ^M from output for better log output.

            # Internally buffer on newlines.
            if ( $line =~ m/\n$/ms ) {
                DEBUG( "  " . $line );
                $buffered_waiting_count = 0;
            }
            else {
                print "." if ( $buffered_waiting_count++ > 1 );
                $buffer = $line;
            }
        }

        # Parse exit status or yield time to the CPU.
        if ( waitpid( $pid, 1 ) == $pid ) {
            $exit_status = $? >> 8;
        }
        else {

            # Watch the file handle for output.
            $select->can_read(0.01);
        }
    }
    ERROR("  - ssystem [EXIT_CODE] '$cmd[0]' exited with $exit_status (ignored)") if $exit_status && !$conf_hr->{'ignore_errors'};

    close($rnull);
    $io->close();

    DEBUG('- ssystem [END]');

    return $exit_status;
}

sub is_valid_hostname {
    my $domain = shift;

    if ( !defined $domain ) {
        return;
    }

    # No blank or space characters
    if ( $domain =~ m/\s+/ ) {
        return;
    }

    if ( $domain =~ m/[.]{2,}/ ) {
        return;
    }

    # Can not end with period
    if ( $domain =~ m/[.]$/ ) {
        return;
    }

    # Can not end with minus sign
    if ( $domain =~ m/[-](?=[.]|\z)/ ) {
        return;
    }

    # Must be able to fit in struct utsname
    if ( length $domain > 64 ) {
        return;
    }

    # Can't have an all-numeric TLD or be an IP address
    if ( $domain =~ m/\.\d+\z/ ) {
        return;
    }

    # Must start with alpha numeric, and must have atleast one 'label' part - i.e., label.domain.tld
    if ( $domain =~ /^(?:[a-z0-9][a-z0-9\-]*\.){2,}[a-z0-9][a-z0-9\-]*$/i ) {
        return 1;
    }

    return;
}

sub updatenow {
    my (%flags) = @_;

    INFO("Downloading updatenow.static");

    # Download the tar.gz files and extract them instead.

    my $install_version = get_cpanel_version();
    my $source          = "/cpanelsync/$install_version/cpanel/scripts/updatenow.static.bz2";

    DEBUG("Retrieving the updatenow.static file from $source...");

    # download file in current directory (inside the self extracted tarball)
    unlink 'updatenow.static';
    cpfetch($source);
    chmod 0755, 'updatenow.static';
    my $exit;

    my @passed_flags = map { ( "--$_" => $flags{$_} ) } sort keys %flags;

    for ( 1 .. 5 ) {    # Re-try updatenow if it fails.
        INFO("Closing the installation log and passing output control to the updatenow.static file...");

        # close $log_fh so it can be re-opened by updatenow.
        close $log_fh;
        $exit = system( './updatenow.static', '--upcp', '--force', "--log=$log_file", @passed_flags );

        # Re-open the log regardless of success.
        my $log_file = '/var/log/cpanel-install.log';
        open( $log_fh, '>>', $log_file ) or die "Can't open log file: $!";
        $log_fh->autoflush(1);

        return if ( !$exit );

        DEBUG("The installation process detected a failed synchronization. The system will reattempt the synchronization with the updatenow.static file...");
    }

    my $signal = $exit % 256;
    $exit = $exit >> 8;

    FATAL("The installation process was unable to synchronize cPanel & WHM. Verify that your network can connect to httpupdate.cpanel.net and rerun the installer.");
    FATAL("The updatenow.static process terminated with the following exit code: $exit ($signal); The cPanel & WHM installation process cannot proceed.");
    return;
}

# Remote resolvers are required, since we remove local BIND during installation.
sub check_remote_resolvers {
    open my $resolv_conf_fh, '<', '/etc/resolv.conf' or FATAL("Could not open /etc/resolv.conf: $!");

    if ( !grep { m/^\s*nameserver\s+/ && !m/\s+127.0.0.1$/ } <$resolv_conf_fh> ) {
        FATAL("/etc/resolv.conf must be configured with non-local resolvers for installations to complete.");
    }

    return;
}

sub _create_gpg_homedir {
    mkdir( gpg_homedir(), 0700 ) if !-e gpg_homedir();
    return;
}

sub signatures_enabled {

    my $config     = read_config('/var/cpanel/cpanel.config');
    my $is_enabled = ( defined $config->{'signature_validation'} && $config->{'signature_validation'} eq 'Off' ) ? 0 : 1;

    return $is_enabled;
}

sub read_config {
    my $file   = shift or die;
    my $config = {};

    open( my $fh, "<", $file ) or return $config;
    while ( my $line = readline $fh ) {
        chomp $line;
        if ( $line =~ m/^\s*([^=]+?)\s*$/ ) {
            my $key = $1 or next;    # Skip loading the key if it's undef or 0
            $config->{$key} = undef;
        }
        elsif ( $line =~ m/^\s*([^=]+?)\s*=\s*(.*?)\s*$/ ) {
            my $key = $1 or next;    # Skip loading the key if it's undef or 0
            $config->{$key} = $2;
        }
    }
    return $config;
}

sub check_if_we_can_get_to_httpupdate {

    foreach my $src ( 'index.html', 'modules/index.html' ) {
        my $page = _wget_url( 'http://httpupdate.cpanel.net/pub/CPAN/' . $src, '-' );

        if ( $page =~ m/perl/i && $page =~ m/CPAN/ ) {
            INFO("The system successfully connected to the httpupdate.cpanel.net server.");
            return;
        }
    }
    FATAL("The system cannot currently download from the httpupdate.cpanel.net servers.");
    return;
}

our $_gpg_setup;

sub fetch_gpg_key_once {

    return if $_gpg_setup;

    my $pub_keys = public_keys();
    _create_gpg_homedir();

    foreach my $key ( @{ keys_to_download() } ) {
        INFO("Downloading GPG public key, $pub_keys->{$key}");
        my $target = secure_downloads() . $pub_keys->{$key};
        my $dest   = gpg_homedir() . "/" . $pub_keys->{$key};

        _wget_url( $target, $dest );
        if ( !-e $dest ) {
            FATAL("Could not download GPG public key at “$target”.");
            return;
        }
        INFO("Importing downloaded GPG public key from “$dest”.");
        if ( -x '/bin/apt-key' ) {
            print "Adding $dest via apt-key\n";
            ssystem( '/bin/apt-key', 'add', $dest );
        }
        my $gpg_cmd = $gpg_bin . " -q --homedir " . gpg_homedir() . " --import " . $dest;
        my $output  = `$gpg_cmd 2>&1`;                                                      ## no critic(ProhibitQxAndBackticks)
        if ( $? != 0 ) {
            WARN("Failed to import GPG public key from “$dest”: $output");
        }
    }

    $ENV{'CPANEL_BASE_INSTALL_GPG_KEYS_IMPORTED'} = 1;                                      # in v82+ fix-cpanel-perl will skip gpg keyimport if set
    $_gpg_setup = 1;

    return;
}

sub keys_to_download {

    my $config   = read_config('/var/cpanel/cpanel.config');
    my $keyrings = gpg_keyrings();

    if ( !defined $config->{'signature_validation'} ) {
        my $mirror = get_update_source();

        if ( $mirror =~ /^(?:.*\.dev|qa-build|next)\.cpanel\.net$/ ) {
            return $keyrings->{'development'};
        }
        else {
            return $keyrings->{'release'};
        }
    }
    elsif ( $config->{'signature_validation'} =~ /^Release and (?:Development|Test) Keyrings$/ ) {
        return $keyrings->{'development'};
    }
    else {
        return $keyrings->{'release'};
    }
}

sub gpg_homedir {
    return '/var/cpanel/.gpgtmpdir';
}

sub public_keys {
    return {
        'release'     => 'cPanelPublicKey.asc',
        'development' => 'cPanelDevelopmentKey.asc',
    };
}

sub secure_downloads {
    return 'https://securedownloads.cpanel.net/';
}

sub gpg_keyrings {
    return {
        'release'     => ['release'],
        'development' => [ 'release', 'development' ],

    };
}

# Place customer provided cpanel.config in place early in case we need to block on any of the settings.
sub setup_custom_cpanel_config {
    mkdir '/var/cpanel';
    chmod 0755, '/var/cpanel';
    my $custom_cpanel_config_file = '/root/cpanel_profile/cpanel.config';
    if ( -e $custom_cpanel_config_file ) {
        INFO("The system is placing the custom cpanel.config file from $custom_cpanel_config_file.");
        unlink '/var/cpanel/cpanel.config';
        system( '/bin/cp', $custom_cpanel_config_file, '/var/cpanel/cpanel.config' );
    }
    return;
}

sub verify_file {
    my ( $file, $sig, $url ) = @_;

    fetch_gpg_key_once();

    my @gpg_args = (
        '--logger-fd', '1',
        '--status-fd', '1',
        '--homedir',   gpg_homedir(),
        '--verify',    $sig,
        $file,
    );

    # Verify the validity of the GPG signature.
    # Information on these return values can be found in 'doc/DETAILS' in the GnuPG source.

    my ( %notes, $curnote );
    my ( $gpg_out, $success, $status );
    my $gpg_pid = IPC::Open3::open3( undef, $gpg_out, undef, $gpg_bin, @gpg_args );

    while ( my $line = readline($gpg_out) ) {
        if ( $line =~ /^\[GNUPG:\] VALIDSIG ([A-F0-9]+) (\d+-\d+-\d+) (\d+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+) ([A-F0-9]+)$/ ) {
            $status  = "Valid signature for $file";
            $success = 1;
        }
        elsif ( $line =~ /^\[GNUPG:\] NOTATION_NAME (.+)$/ ) {
            $curnote = $1;
            $notes{$curnote} = '';
        }
        elsif ( $line =~ /^\[GNUPG:\] NOTATION_DATA (.+)$/ ) {
            $notes{$curnote} .= $1;
        }
        elsif ( $line =~ /^\[GNUPG:\] BADSIG ([A-F0-9]+) (.+)$/ ) {
            $status = "Invalid signature for $file.";
        }
        elsif ( $line =~ /^\[GNUPG:\] NO_PUBKEY ([A-F0-9]+)$/ ) {
            $status = "Could not find public key ($1) in keychain.";
        }
        elsif ( $line =~ /^\[GNUPG:\] NODATA ([A-F0-9]+)$/ ) {
            $status = "Could not find a GnuPG signature in the signature file.";
        }
    }

    waitpid( $gpg_pid, 0 );

    $status ||= "Unknown error from gpg.";
    $status .= " (file:$file, sig:$sig)";

    if ($success) {
        INFO $status;
    }
    else {
        FATAL $status;
    }

    # At this point, the signature should be valid.
    # We now need to check to see if the filename signature notation is correct.

    $url =~ s/\.bz2$//;

    if ( defined( $notes{'filename@gpg.notations.cpanel.net'} ) ) {
        my $file_note = $notes{'filename@gpg.notations.cpanel.net'};
        if ( $file_note ne $url ) {
            FATAL "Filename notation ($file_note) does not match URL ($url).";
        }
    }
    else {
        FATAL "Signature does not contain a filename notation.";
    }

    return;
}

# We use this all over the place.
# It should be redefinable in tests,
# so I added that here.
our $var_cpanel = '/var/cpanel';

sub is_dnsonly {
    return -e "$var_cpanel/dnsonly" ? 1 : 0;
}

sub get_install_type {
    my @args = @_;

    # TYPE could be DNSONLY
    my $type = 'standard';
    if (@args) {
        foreach my $val (@args) {
            next if $val =~ m/^--/;
            $type = $val;
            last;
        }
    }

    if ( $type =~ m/dnsonly/i ) {
        INFO("cPanel DNSONLY installation requested.");
        touch("$var_cpanel/dnsonly");
    }

    INFO("Install type: $type\n");

    # This used to return undef,
    # which is interesting given the subroutine name
    # As such, may as well make this return it :/
    return $type;
}

sub check_no_mysql {

    # This can cause failures if the database is newer than the version we're
    # going to install.
    Common::INFO('Checking for an existing MySQL or MariaDB instance...');

    my $mysql_dir = '/var/lib/mysql';
    return unless -d $mysql_dir;
    my $nitems = 0;
    if ( opendir( my $dh, $mysql_dir ) ) {
        $nitems = scalar grep { !/\A(?:\.{1,2}|lost\+found)\z/ } readdir $dh;
        closedir($dh);
    }
    return unless $nitems;

    ERROR "The installation process found evidence that MySQL or MariaDB was installed on this server:";
    ERROR "The $mysql_dir directory is present and not completely empty.";
    FATAL 'You must install cPanel & WHM on a clean server.';
    return;
}

sub create_slash_scripts_symlink {

    # Install cPanel files.
    INFO('Installing /usr/local/cpanel files...');
    DEBUG( "HTTPUPDATE is set to " . get_update_source() );

    if ( -e '/scripts' && !-l '/scripts' ) {
        if ( !-d '/scripts' ) {
            WARN "The system detected /scripts as a file. Moving it to a new location...";
            ssystem( qw{/bin/mv /scripts}, "/scripts.o.$$" );
        }
        else {
            WARN "The system detected the /scripts directory. Moving its contents to the /usr/local/cpanel/scripts directory...";
            ssystem(qw{mkdir -p /usr/local/cpanel/scripts});
            ssystem('cd / && tar -cf - scripts | (cd /usr/local/cpanel && tar -xvf -)');
            ssystem(qw{/bin/rm -rf /scripts});
        }
    }
    unlink qw{/scripts};
    symlink(qw{/usr/local/cpanel/scripts /scripts}) unless -e '/scripts';

    if ( !-l '/scripts' ) {
        WARN("The /scripts directory must be a symlink to the /usr/local/cpanel/scripts directory. cPanel & WHM does not use the /scripts directory.");
    }
    else {
        DEBUG('/scripts symlink is set to point to /usr/local/cpanel/scripts');
    }

    return;
}

sub bootstrap_cpanel_perl {
    my ($install_version) = @_;

    # Force $install_version to be passed so we know the TIERS
    # file has already been downloaded
    die "bootstrap_cpanel_perl requires the \$install_version" if !$install_version;

    # Install cPanel files.
    INFO("Installing bootstrap cPanel Perl");

    # Download the tar.gz files and extract them instead.

    my $script = 'fix-cpanel-perl';
    my $source = "/cpanelsync/$install_version/cpanel/scripts/${script}.xz";

    unlink $script;

    DEBUG("Retrieving the $script file from $source if available...");

    # download file in current directory (inside the self extracted tarball)
    cpfetch( $source, is_optional => 1 );

    if ( !-e $script ) {
        WARN("Script '$script' is not available for cPanel & WHM version $install_version. Continuing installation...");
        return;
    }

    chmod 0700, $script;

    INFO("Running script $script to bootstrap cPanel Perl.");

    my $exit;

    # Retry a few times if one of the http request failed
    my $max = 3;
    foreach my $iter ( 1 .. $max ) {
        $exit = system("./$script");
        if ( $exit == 0 ) {
            INFO("Successfully installed cPanel Perl minimal version.");
            return;
        }

        WARN("Run #$iter/$max failed to run script $script.");
        last if $iter == $max;
        sleep 5;
    }

    my $signal = $exit % 256;
    $exit = $exit >> 8;

    FATAL("Failed to run script $script to bootstrap cPanel Perl.");
    FATAL("The script $script terminated with the following exit code: $exit ($signal); The cPanel & WHM installation process cannot proceed.");

    return;
}

sub cpfetch {
    my ( $url, %opts ) = @_;

    if ( !$url ) {
        FATAL("The system called the cpfetch process without a URL.");
    }

    my $file = _get_file( $url, %opts );
    return unless defined $file;

    if ( $file =~ /\.bz2$/ ) {
        ssystem( "/usr/bin/bunzip2", $file );
    }

    if ( signatures_enabled() ) {
        $url  =~ s/\.bz2$//g;
        $file =~ s/\.bz2$//g;

        my $sig = _get_file("$url.asc");
        verify_file( $file, $sig, $url );
    }

    # the xz file itself is signed only extract it after checking the signature
    if ( $file =~ /\.xz$/ ) {
        ssystem( "/usr/bin/unxz", $file );
    }

    return;
}

sub guess_version_from_tier {
    my $tier = shift || 'release';

    if ( defined( $TIER_CACHE{$tier} ) ) {
        return $TIER_CACHE{$tier};
    }

    # Support version numbers as tiers.
    if ( $tier =~ /^\s*\d+\.\d+\.\d+\.\d+\s*$/ ) {
        $TIER_CACHE{$tier} = $tier;
        return $tier;
    }

    # Download the file.
    cpfetch('/cpanelsync/TIERS');
    -e 'TIERS' or FATAL('The installation process could not fetch the /cpanelsync/TIERS file from the httpupdate server.');

    # Parse the downloaded TIERS data for our tier. (Stolen from Cpanel::Update)
    open( my $fh, '<', 'TIERS' ) or FATAL("The system could not read the downloaded TIERS file.");
    while ( my $tier_definition = <$fh> ) {
        chomp $tier_definition;
        next if ( $tier_definition =~ m/^\s*#/ );    # Skip commented lines.
        ## e.g. edge:11.29.0 (requires two dots)
        next if ( $tier_definition !~ m/^\s*([^:\s]+)\s*:\s*(\S+)/ );

        my ( $remote_tier, $remote_version ) = ( $1, $2 );
        $TIER_CACHE{$remote_tier} = $remote_version;
    }
    close $fh;

    # Set any disabled tiers to install-fallback if possible.
    foreach my $key ( keys %TIER_CACHE ) {
        next if $key eq 'install-fallback';
        if ( $TIER_CACHE{$key} && $TIER_CACHE{'install-fallback'} && $TIER_CACHE{$key} eq 'disabled' ) {
            $TIER_CACHE{$key} = $TIER_CACHE{'install-fallback'};
        }
    }

    # Fail if the tier is not present.
    if ( !$TIER_CACHE{$tier} ) {
        FATAL("The specified tier ('$tier') in the /etc/cpupdate.conf file is not a valid cPanel & WHM tier.");
    }

    # Fail if the tier is still disabled.
    if ( $TIER_CACHE{$tier} eq 'disabled' ) {
        FATAL("cPanel has temporarily disabled updates on the central httpupdate servers. Please try again later.");
    }

    return $TIER_CACHE{$tier};
}

sub create_feature_showcase_dir {
    return if -e '/var/cpanel/activate/features';
    Common::ssystem( 'mkdir', '-p', '/var/cpanel/activate/features' );
    Common::ssystem( 'chown', '-R', 'root:root', '/var/cpanel/activate' );
    Common::ssystem( 'chmod', '-R', '0700',      '/var/cpanel/activate' );
    return;
}

# Determine whether mysql-version set in config is MariaDB
sub version_is_mariadb {
    my ($version) = @_;

    if ( $version =~ m{^([0-9]{1,2})(?:\.[0-9])?} ) {
        return ( $1 >= 10.0 ? 1 : 0 );
    }
}

sub get_db_identifiers {
    my ($db_version) = @_;

    if ( version_is_mariadb($db_version) ) {
        return ( 'plain' => 'mariadb', 'stylized' => 'MariaDB' );
    }
    else {
        return ( 'plain' => 'mysql', 'stylized' => 'MySQL®' );
    }
}

sub _get_file {
    my ( $url, %opts ) = @_;

    $url = 'http://' . get_update_source() . $url;

    # NOTE: assumes no query or fragment in URL
    my @FILE = split( /\//, $url );
    my $file = pop(@FILE);

    if ( -e $file ) {
        WARN("Warning: Overwriting the $file file...");
        unlink $file;
        FATAL("The system could not remove the $file file.") if ( -e $file );
    }

    DEBUG("Retrieving $url to the $file file...");
    my ( $rc, $out ) = _wget_url( $url, $file );

    if ( !-e $file || -z $file ) {
        unlink $file;
        if ( $opts{is_optional} ) {
            WARN("The system could not fetch the optional $file file: $out");
            return;
        }
        FATAL("The system could not fetch the $file file: $out");
    }

    return $file;
}

sub get_update_source {

    my $update_source = 'httpupdate.cpanel.net';
    my $source_file   = '/etc/cpsources.conf';
    if ( -r $source_file && -s $source_file ) {    # pull in from cpsources.conf if it's set.
        open( my $fh, "<", $source_file ) or return $update_source;
        while (<$fh>) {
            next if ( $_ !~ m/^\s*HTTPUPDATE\s*=\s*(\S+)/ );
            $update_source = "$1";
            FATAL("HTTPUPDATE is set to '$update_source' in the $source_file file.") if ( !$update_source );
            last;
        }
    }

    return $update_source;
}

sub get_myip_url {
    my $source_file = '/etc/cpsources.conf';
    my $myip_url    = $DEFAULT_MYIP_URL;
    if ( -r $source_file && -s $source_file ) {    # pull in from cpsources.conf if it's set.
        open( my $fh, "<", $source_file ) or return $myip_url;
        while (<$fh>) {
            next unless m/^\s*MYIP\s*=\s*(\S+)/;
            $myip_url = "$1";
            last;
        }
    }

    DEBUG("Using MyIp URL to detect server IP '$myip_url'.");

    return $myip_url;
}

sub guess_ip {
    my $url = get_myip_url();

    my ( $wget_bin, $wget_args ) = get_download_tool_binary();
    FATAL("No wget binary defined at this stage.") unless $wget_bin;

    my $file = q[guess.my.ip];

    my $max = 3;
    foreach my $iter ( 1 .. $max ) {
        unlink $file;
        _wget_url( $url, $file );
        last if $? == 0;
        if ( $iter == $max ) {
            FATAL("Failed to call URL $url to detect your IP.");
        }
        WARN("Call to $url fails, giving it another try [$iter/$max]");
        sleep 3;
    }

    my $ip;

    {
        open( my $fh, '<', $file ) or FATAL("Cannot read file $file.");
        $ip = readline($fh);
        close($fh);
    }

    chomp($ip) if defined $ip;

    if ( !defined $ip || !length $ip ) {

        # could also use FATAL - be relax for now to avoid false positives
        WARN("Fail to guess your IP using URL $url.");
        return;
    }

    # sanitize the IP - Ipv4 or Ipv6 character set only
    if ( $ip !~ qr{^[0-9a-f\.:]+$}i ) {

        # could also use FATAL - be relax for now to avoid false positives
        WARN("Invalid IP address '$ip' returned by $url");
        return;
    }

    return $ip;
}

sub verify_url {
    my ($ip) = @_;
    $ip ||= '';

    return qq[https://verify.cpanel.net/xml/verifyfeed?ip=$ip];
}

#
#   block cPanel&WHM install when a DNSONLY license is valid for the server
#   block DNSONLY license when a cPanel license is valid for the server
#
sub check_license_conflict {

    my $ip = guess_ip();

    # skip check and continue install if we cannot guess up
    return unless defined $ip;

    INFO("Checking for existing active license linked to IP '$ip'.");

    my $verify_license_xml = q[verify.license.xml];

    my $url = verify_url($ip);

    # check verify.cpanel.net - the xml one...
    _wget_url( $url, $verify_license_xml );

    my $active_basepkg = 0;
    my $package        = "";
    {
        open( my $fh, '<', $verify_license_xml ) or FATAL("Cannot read file $verify_license_xml.");
        while ( my $line = <$fh> ) {
            next unless $line =~ m/status="1"/;     # package is active
            next unless $line =~ m/basepkg="1"/;    # package is a base package (skipping packages like kernelcare, cloudlinux & co)
            if ( $line =~ m/producttype="([0-9]+)"/ ) {
                $active_basepkg = $1;

                $line =~ m/package="([^"]+)"/;
                $package = $1;

                last;
            }
        }
    }

    return unless $active_basepkg;

    if ( is_dnsonly() ) {

        # we cannot install dnsonly if a cPanel license exists
        if ( $active_basepkg != 64 ) {
            unlink '/var/cpanel/dnsonly';
            ERROR("Unexpected license type found for your IP: https://verify.cpanel.net/app/verify?ip=$ip");
            ERROR("Current active package is $package");
            FATAL("Installation aborted. Perhaps you meant to install latest instead of latest-dnsonly? If not please cancel your cPanel license before installing a cPanel DNSONLY server.");
        }
    }
    else {
        # we cannot install cPanel if a dnsonly license exists
        if ( $active_basepkg & PRODUCT_DNSONLY ) {
            ERROR("Unexpected license type found for your IP: https://verify.cpanel.net/app/verify?ip=$ip");
            FATAL("Installation aborted. Perhaps you meant to install latest-dnsonly instead of latest? If not please cancel your DNSONLY license before installing a cPanel & WHM server.");
        }
    }

    # everything is fine at this point
    return;
}

# $file can be '-' to return the output as a scalar, or the path to a file to download the given $url
sub _wget_url {
    my ( $url, $file ) = @_;

    my ( $wget_bin, $wget_args ) = get_download_tool_binary();
    FATAL("No wget binary defined at this stage.") unless $wget_bin;

    my $max = 3;
    foreach my $iter ( 1 .. $max ) {
        unlink $file;
        my $output = `$wget_bin $wget_args '$file' $url 2>&1`;    ## no critic(ProhibitQxAndBackticks)
        return ( 1, $output ) if $? == 0;
        WARN("Call to URL '$url' failed, attempt [$iter/$max]");
        if ( $iter == $max ) {
            my $type = substr( $url, -4 ) eq '.asc' ? 'signature' : 'file';
            FATAL("Failed to download $type at URL $url: $output");
        }
        sleep 3;
    }

    return;
}

# mkdir some directories.
sub setup_empty_directories {
    my $distro = shift or die;

    INFO('The installation process will now set up the necessary empty cpanel directories.');

    foreach my $dir (qw{/usr/local/cpanel /usr/local/cpanel/base /usr/local/cpanel/base/frontend /usr/local/cpanel/logs /var/cpanel /var/cpanel/tmp /var/cpanel/version /var/cpanel/perl /var/named}) {
        unlink $dir if ( -f $dir || -l $dir );

        if ( !-d $dir ) {
            DEBUG("mkdir $dir");
            mkdir( $dir, 0755 );
        }
    }

    foreach my $dir (qw{/var/cpanel/logs}) {
        unlink $dir if ( -f $dir || -l $dir );

        if ( !-d $dir ) {
            DEBUG("mkdir $dir");
            mkdir( $dir, 0700 );
        }
    }

    return;
}

sub get_download_tool_binary {

    for my $bin (qw(/bin/wget /usr/bin/wget /usr/local/bin/wget)) {
        next if ( !-e $bin );
        next if ( !-x _ );
        next if ( -z _ );

        return ( $bin, '-q --no-dns-cache --tries=20 --timeout=60 --dns-timeout=60 --read-timeout=30 --waitretry=1 --retry-connrefused -O' ) if ( `$bin --version` =~ m/GNU\s+Wget\s+\d+\.\d+/ims );    ## no critic(ProhibitQxAndBackticks)
    }

    FATAL("The installation process could not find the wget binary. Install it to a standard location.");
    return;
}

sub gpg_bin {

    for my $bin (qw(/bin/gpg /usr/bin/gpg /usr/local/bin/gpg)) {
        next if ( !-e $bin );
        next if ( !-x _ );
        next if ( -z _ );
        return $bin;
    }

    FATAL("The installation process could not find the gpg binary. Install it to a standard location.");
    return;
}

# Code previously located in the bootstrap script.
sub bootstrap {
    my ( $distro, $distro_version ) = @_;

    # Confirm perl version.
    if ( $] < 5.008 ) {
        print "This installer requires Perl 5.8.0 or better.\n";
        die "Cannot continue.\n";
    }

    $gpg_bin = gpg_bin();

    setup_empty_directories($distro);

    fetch_gpg_key_once();
    return;
}

sub get_total_memory {

    # tests on different architectures show that 15 % is safe
    my $tolerance_factor = 1.15;

    # MemTotal: Total usable ram (i.e. physical ram minus a few reserved
    #          bits and the kernel binary code)
    # note, another option would be to use "dmidecode --type 17", or dmesg
    #   but this will require an additional RPM
    #   we just want to be sure that a customer does not install
    #   with 512 when 700 or more is required
    my $meminfo = q{/proc/meminfo};
    if ( open( my $fh, "<", $meminfo ) ) {
        while ( my $line = readline $fh ) {
            if ( $line =~ m{^MemTotal:\s+([0-9]+)\s*kB}i ) {
                return int( int( $1 / 1_024 ) * $tolerance_factor );
            }
        }
    }

    return 0;    # something is wrong
}

sub five_second_pause {
    for ( 1 .. 5 ) { print '.'; sleep(1); }
    print "\n";
    return;
}

sub warn_clean_server_needed {
    Common::INFO("cPanel Layer 1 Installer Starting...");
    Common::INFO("Warning !!! Warning !!! WARNING !!! Warning !!! Warning");
    Common::INFO("-------------------------------------------------------");
    Common::INFO("cPanel requires a fresh, clean server!");
    Common::INFO("If you serve websites from this server, this installer");
    Common::INFO("will overwrite all of your configuration files.");
    Common::INFO("Hit Ctrl+C NOW!");
    Common::INFO("If this is a new server, please ignore this message.");
    Common::INFO("-------------------------------------------------------");
    Common::INFO("Warning !!! Warning !!! WARNING !!! Warning !!! Warning");
    Common::INFO("Waiting 5 seconds...");
    Common::INFO("");
    Common::INFO("");
    five_second_pause();
    return;
}

sub print_warning_notice {
    my ( $advice, $force ) = @_;

    FATAL $advice unless $force;

    do { WARN($_) }
      for split /\n/, $advice;

    five_second_pause();
    print "\n";

    return;
}

# NOTE, this is as "concise" as I could make this, though I'm
# basically copying what Cpanel::FileUtils::TouchFile does.
my @meths = (
    sub { return 1 if utime( undef, undef, $_[0] ) },
    sub { return !ssystem( 'touch', $_[0] ) },
);

sub touch {
    my ($file) = @_;

    foreach (@meths) {
        return if $_->($file);
    }

    die "Can't touch file $file";
}

sub get_max_allowed_db_version {
    my ( $cpanel_version, $db_type ) = @_;

    # cpver is the first cpanel version that allows the database version defined by dbver
    # For example, v87 is the first version that allows MySQL 8 to be installed.
    # All cPanel versions lower than 87 will allow up to MySQL 5.7.
    my %max_combos = (
        mysql => [
            {
                cpver => '87',
                dbver => '8'
            },
            {
                cpver => '1',
                dbver => '5.7',
            },
        ],
        mariadb => [
            {
                cpver => '97',
                dbver => '10.5',
            },
            {
                cpver => '99',
                dbver => '10.6',
            },
            {
                cpver => '1',
                dbver => '10.3',
            },
        ],
    );

    my ($max) = sort { $b->{'cpver'} <=> $a->{'cpver'} } grep { my $ver = $_; $cpanel_version >= $ver->{cpver} } @{ $max_combos{$db_type} };
    return $max->{'dbver'};

}

sub get_min_allowed_db_version {
    my ( $cpversion, $osver, $type ) = @_;

    # If OS Version is 8 or higher, enforce MySQL 8/Maria 10.3 as default.
    # Otherwise, use 5.5, 5.6 or 5.7 as is outlined in our version matrix.
    $type ||= 'mysql';
    my %at_least_req_combos = (
        'mariadb' => [
            {
                'osver' => 8,
                'cpver' => 91,
                'dbver' => 10.3,
            },
            {
                'osver' => 6,
                'cpver' => 48,
                'dbver' => 10.2,    # MariaDB 10.2 reaches EOL May 23, 2022
            },
        ],
        'mysql' => [
            {
                'osver' => 8,
                'cpver' => 91,
                'dbver' => 8.0,
            },
            {
                'osver' => 6,
                'cpver' => 80,
                'dbver' => 5.6,
            },
            {
                'osver' => 6,
                'cpver' => 48,
                'dbver' => 5.5,
            },
        ],
    );

    # Choose the possible combo with the cpversion "closest" to passed in.
    # Sorting the grep result will enable this rather straightforwardly.
    my ($winning_combo) = sort { $b->{'cpver'} <=> $a->{'cpver'} } grep {
        my $hr = $_;
        $osver >= $hr->{'osver'} && $cpversion >= $hr->{'cpver'}
    } @{ $at_least_req_combos{$type} };

    return $winning_combo->{'dbver'};
}

sub get_db_version_advice {
    my ( $db_version, $cpanel_version, $os_version, $db_type ) = @_;

    my $max = get_max_allowed_db_version( $cpanel_version, $db_type );
    my $min = get_min_allowed_db_version( $cpanel_version, $os_version, $db_type );

    my $advice;
    my $rec_version;
    if ( $db_version < $min ) {
        $advice      = 'higher';
        $rec_version = $min;
    }
    elsif ( $db_version > $max ) {
        $advice      = 'lower';
        $rec_version = $max;
    }

    return { action => $advice, ver => $rec_version };
}

1;