From 714ff54bf570cb2912c3b44f7cb431ac91593774 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 20 Oct 2017 10:15:17 +0200 Subject: [PATCH 01/19] Fix linter and remove every sudo --- check_process | 32 ++++++++++++++++++++++++++ manifest.json | 4 ++-- scripts/backup | 12 ++++++---- scripts/install | 61 ++++++++++++++++++++++++++----------------------- scripts/remove | 21 +++++++++-------- scripts/restore | 48 +++++++++++++++++++++----------------- scripts/upgrade | 44 +++++++++++++++++++---------------- 7 files changed, 138 insertions(+), 84 deletions(-) create mode 100644 check_process diff --git a/check_process b/check_process new file mode 100644 index 0000000..2f63183 --- /dev/null +++ b/check_process @@ -0,0 +1,32 @@ +;; Test complet + auto_remove=1 + ; Manifest + domain="domain.tld" (DOMAIN) + path="/path" (PATH) + language="fr" + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_nourl=0 + setup_private=0 + setup_public=0 + upgrade=0 + backup_restore=0 + multi_instance=0 + incorrect_path=0 + corrupt_source=0 + fail_download_source=0 + port_already_use=0 + final_path_already_use=0 +;;; Levels + Level 1=auto + Level 2=auto + Level 3=auto + Level 4=1 + Level 5=auto + Level 6=auto + Level 7=auto + Level 8=0 + Level 9=0 + Level 10=0 diff --git a/manifest.json b/manifest.json index 6d5dacd..2c57fe1 100644 --- a/manifest.json +++ b/manifest.json @@ -7,7 +7,7 @@ "fr": "Client web pour CalDAV" }, "url": "http://agendav.org/", - "license": "GPL-3", + "license": "GPL-3.0", "version": "2.0.0", "maintainer": { "name": "julien", @@ -15,7 +15,7 @@ }, "multi_instance": false, "requirements": { - "yunohost": ">= 2.4.0" + "yunohost": ">= 2.7.0" }, "services": [ "nginx", diff --git a/scripts/backup b/scripts/backup index 7b57653..eb67ce2 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,15 +1,19 @@ #!/bin/bash -set -eu +# Source local helpers +source ./_common.sh + +# Source app helpers +source /usr/share/yunohost/helpers + +# Abort script if errors +ynh_abort_if_errors # Set app specific variables app="$YNH_APP_INSTANCE_NAME" dbname=$app dbuser=$app -# Source YunoHost helpers -source /usr/share/yunohost/helpers - # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) path=$(ynh_app_setting_get "$app" path) diff --git a/scripts/install b/scripts/install index 8a895c2..c90863c 100644 --- a/scripts/install +++ b/scripts/install @@ -1,23 +1,28 @@ #!/bin/bash -set -eu - -# Retrieve arguments -domain=$1 -path=${2%/} -language=$3 - -# Source common variables and helpers +# Source local helpers source ./_common.sh +# Source app helpers +source /usr/share/yunohost/helpers + +# Abort script if errors +ynh_abort_if_errors + +# Retrieve arguments +domain=$YNH_APP_ARG_DOMAIN +path=$YNH_APP_ARG_PATH +language=$YNH_APP_ARG_LANGUAGE + # Set app specific variables -app="$YNH_APP_INSTANCE_NAME" +app=$YNH_APP_INSTANCE_NAME dbname=$app dbuser=$app -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || exit 1 +# Check web path availability +ynh_webpath_available "$domain" "$path" +# Register (book) web path +ynh_webpath_register "$app" "$domain" "$path" # Set and store language language=${LANGUAGES[$3]} @@ -33,10 +38,10 @@ DESTDIR="/var/www/${app}" You should safely delete it before installing this app." # Check whether Baïkal or Radicale is installed -if sudo yunohost app list --installed -f baikal | grep -q id ; then +if yunohost app list --installed -f baikal | grep -q id ; then caldav_app="baikal" caldav_baseurl="/cal.php/" -elif sudo yunohost app list --installed -f radicale | grep -q id ; then +elif yunohost app list --installed -f radicale | grep -q id ; then caldav_app="radicale" caldav_baseurl="/" else @@ -76,31 +81,31 @@ sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" # Install files and set permissions -sudo mv "$TMPDIR" "$DESTDIR" +mv "$TMPDIR" "$DESTDIR" -sudo useradd -c "$app system account" \ +useradd -c "$app system account" \ -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ || ynh_die "Unable to create $app system account" # Protect source code against modifications -sudo find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; -sudo find "${DESTDIR}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; +find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; +find "${DESTDIR}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; # Only agendav user should write here -sudo chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} -sudo chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} +chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} +chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -sudo find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -sudo find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; +find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; +find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; # Create log directory -sudo install -m 750 -o $app -g adm -d "$LOGDIR" +install -m 750 -o $app -g adm -d "$LOGDIR" # Initialize database ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -(cd "$DESTDIR" && sudo sudo -u $app \ +(cd "$DESTDIR" && -u $app \ php agendavcli migrations:migrate --no-interaction) \ || ynh_die "Unable to create AgenDAV tables" @@ -112,7 +117,7 @@ sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf # comment redirection in case of an installation at root [[ -n "$path" ]] || sed -i '$s/^/#/' ../conf/nginx.conf -sudo cp ../conf/nginx.conf "$nginx_conf" +cp ../conf/nginx.conf "$nginx_conf" # Copy and set php-fpm configuration phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" @@ -120,8 +125,8 @@ sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf "$phpfpm_conf" +cp ../conf/php-fpm.conf "$phpfpm_conf" # Reload services -sudo service php5-fpm restart -sudo service nginx reload +service php5-fpm restart +service nginx reload diff --git a/scripts/remove b/scripts/remove index 3c22df3..a2e4b3d 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,13 +1,16 @@ #!/bin/bash +# Source local helpers +source ./_common.sh + +# Source app helpers +source /usr/share/yunohost/helpers + # Set app specific variables app="$YNH_APP_INSTANCE_NAME" dbname=$app dbuser=$app -# Source YunoHost helpers -source /usr/share/yunohost/helpers - # Drop MySQL database and user ynh_mysql_drop_db "$dbname" || true ynh_mysql_drop_user "$dbuser" || true @@ -16,16 +19,16 @@ ynh_mysql_drop_user "$dbuser" || true domain=$(ynh_app_setting_get "$app" domain) # Delete app directory and configurations -sudo rm -rf "/var/www/${app}" "/var/log/${app}" -sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf" -[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" +rm -rf "/var/www/${app}" "/var/log/${app}" +rm -f "/etc/php5/fpm/pool.d/${app}.conf" +[[ -n $domain ]] && rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" # Reload services -sudo service php5-fpm restart || true -sudo service nginx reload || true +service php5-fpm restart || true +service nginx reload || true # Remove the user account # (must be done after php-fpm restart) id "$app" >/dev/null 2>&1 \ - && sudo deluser --quiet --remove-home "$app" >/dev/null \ + && deluser --quiet --remove-home "$app" >/dev/null \ || true diff --git a/scripts/restore b/scripts/restore index 8a8bca2..98befe9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,6 +1,13 @@ #!/bin/bash -set -eu +# Source local helpers +source ./_common.sh + +# Source app helpers +source /usr/share/yunohost/helpers + +# Abort script if errors +ynh_abort_if_errors # Set app specific variables app="$YNH_APP_INSTANCE_NAME" @@ -15,9 +22,8 @@ domain=$(ynh_app_setting_get "$app" domain) path=$(ynh_app_setting_get "$app" path) dbpass=$(ynh_app_setting_get "$app" mysqlpwd) -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || exit 1 +# Check web path availability +ynh_webpath_available "$domain" "$path" # Check destination directory DESTDIR="/var/www/$app" @@ -36,10 +42,10 @@ phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" You should safely delete it before restoring this app." # Check whether Baïkal or Radicale is installed -if sudo yunohost app list --installed -f baikal | grep -q id ; then +if yunohost app list --installed -f baikal | grep -q id ; then caldav_app="baikal" caldav_baseurl="/cal.php/" -elif sudo yunohost app list --installed -f radicale | grep -q id ; then +elif yunohost app list --installed -f radicale | grep -q id ; then caldav_app="radicale" caldav_baseurl="/" else @@ -47,50 +53,50 @@ else fi if ! id -u $app > /dev/null 2>&1 ; then - sudo useradd -c "$app system account" \ + useradd -c "$app system account" \ -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ || ynh_die "Unable to create $app system account" fi # Restore the app files and set permissions -sudo cp -a ./sources "$DESTDIR" +cp -a ./sources "$DESTDIR" # Protect source code against modifications -sudo chown -hR root: "$DESTDIR" +chown -hR root: "$DESTDIR" # Only agendav user should write here -sudo chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} -sudo chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} +chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} +chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -sudo find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -sudo find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; +find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; +find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; # Clean caches -sudo rm -rf "${DESTDIR}/web/var/cache/"{profiler,twig}/* +rm -rf "${DESTDIR}/web/var/cache/"{profiler,twig}/* # CalDAV config caldav_domain=$(ynh_app_setting_get "$caldav_app" domain) caldav_path=$(ynh_app_setting_get "$caldav_app" path) caldav_url="https://${caldav_domain}${caldav_path%/}" conf_path="${DESTDIR}/web/config/settings.php" -sudo sed -i "s@^\(\$app\['caldav.baseurl'\] = \).*\ +sed -i "s@^\(\$app\['caldav.baseurl'\] = \).*\ @\1'${caldav_url}${caldav_baseurl}';@g" "$conf_path" -sudo sed -i "s@^\(\$app\['caldav.baseurl.public'\] = \).*\ +sed -i "s@^\(\$app\['caldav.baseurl.public'\] = \).*\ @\1'${caldav_domain}';@g" "$conf_path" # Create log directory -sudo install -m 750 -o www-data -g adm -d "/var/log/${app}" +install -m 750 -o www-data -g adm -d "/var/log/${app}" # Create and restore the database ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql # Restore configuration files -sudo cp -a ./nginx.conf "$nginx_conf" -sudo cp -a ./php-fpm.conf "$phpfpm_conf" +cp -a ./nginx.conf "$nginx_conf" +cp -a ./php-fpm.conf "$phpfpm_conf" # Reload services -sudo service php5-fpm restart -sudo service nginx reload +service php5-fpm restart +service nginx reload diff --git a/scripts/upgrade b/scripts/upgrade index 7ab8868..17ce37a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,10 +1,14 @@ #!/bin/bash -set -eu - -# Source common variables and helpers +# Source local helpers source ./_common.sh +# Source app helpers +source /usr/share/yunohost/helpers + +# Abort script if errors +ynh_abort_if_errors + # Set app specific variables app="$YNH_APP_INSTANCE_NAME" dbname=$app @@ -39,10 +43,10 @@ DESTDIR="/var/www/$app" The app is not correctly installed, you should remove it first." # Check whether Baïkal or Radicale is installed -if sudo yunohost app list --installed -f baikal | grep -q id ; then +if yunohost app list --installed -f baikal | grep -q id ; then caldav_app="baikal" caldav_baseurl="/cal.php/" -elif sudo yunohost app list --installed -f radicale | grep -q id ; then +elif yunohost app list --installed -f radicale | grep -q id ; then caldav_app="radicale" caldav_baseurl="/" else @@ -76,32 +80,32 @@ sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" # Replace files and set permissions -sudo rm -rf "$DESTDIR" -sudo mv "$TMPDIR" "$DESTDIR" +rm -rf "$DESTDIR" +mv "$TMPDIR" "$DESTDIR" if ! id -u $app > /dev/null 2>&1 ; then - sudo useradd -c "$app system account" \ + useradd -c "$app system account" \ -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ || ynh_die "Unable to create $app system account" fi # Protect source code against modifications -sudo find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; -sudo find "${DESTDIR}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; +find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; +find "${DESTDIR}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; # Only agendav user should write here -sudo chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} -sudo chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} +chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} +chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -sudo find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -sudo find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; +find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; +find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; # Create log directory -sudo install -m 750 -o $app -g adm -d "$LOGDIR" +install -m 750 -o $app -g adm -d "$LOGDIR" # Run database migrations -(cd "$DESTDIR" && sudo sudo -u $app \ +(cd "$DESTDIR" && -u $app \ php agendavcli migrations:migrate --no-interaction) \ || ynh_die "Unable to run AgenDAV database migration" @@ -113,7 +117,7 @@ sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf # comment redirection in case of an installation at root [[ -n "$path" ]] || sed -i '$s/^/#/' ../conf/nginx.conf -sudo cp ../conf/nginx.conf "$nginx_conf" +cp ../conf/nginx.conf "$nginx_conf" # Copy and set php-fpm configuration phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" @@ -121,8 +125,8 @@ sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf "$phpfpm_conf" +cp ../conf/php-fpm.conf "$phpfpm_conf" # Reload services -sudo service php5-fpm restart || true -sudo service nginx reload || true +service php5-fpm restart || true +service nginx reload || true From 5e79a11f754404c4ee97caa474a70ccc02301950 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 20 Oct 2017 10:37:55 +0200 Subject: [PATCH 02/19] use dependencies helpers and ynh_setup_source to clean common.sh --- conf/app.src | 4 +++ scripts/_common.sh | 36 +------------------ scripts/install | 5 ++- scripts/remove | 3 ++ scripts/restore | 6 ++-- scripts/upgrade | 5 ++- .../patches/app-00-add-http-auth.patch | 0 7 files changed, 15 insertions(+), 44 deletions(-) create mode 100644 conf/app.src rename patches/00-add-http-auth.patch => sources/patches/app-00-add-http-auth.patch (100%) diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..3878db1 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,4 @@ +SOURCE_URL=https://github.com/adobo/agendav/releases/download/2.0.0/agendav-2.0.0.tar.gz +SOURCE_SUM=142e8d9ea0e3e6feacd1523c5cabc834fe8bc3e9dbae03034089758b9c3abb92 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz diff --git a/scripts/_common.sh b/scripts/_common.sh index 5e0f815..f3afb88 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,19 +1,8 @@ +#!/bin/bash # # Common variables # -# AgenDAV version -VERSION="2.0.0" - -# Source tarball checksum -SOURCE_SHA256="142e8d9ea0e3e6feacd1523c5cabc834fe8bc3e9dbae03034089758b9c3abb92" - -# Source tarball URL -SOURCE_URL="https://github.com/adobo/agendav/releases/download/${VERSION}/agendav-${VERSION}.tar.gz" - -# App package root directory should be the parent folder -PKGDIR=$(cd ../; pwd) - # Associative array of languages declare -A LANGUAGES=( [nl]=nl_NL @@ -28,27 +17,4 @@ declare -A LANGUAGES=( # Common helpers # -# Source app helpers -source /usr/share/yunohost/helpers -# Download and extract AgenDAV sources to the given directory -# usage: extract_agendav DESTDIR -extract_agendav() { - local DESTDIR=$1 - - # retrieve and extract tarball - tarball_path="/tmp/agendav.tar.gz" - rm -f "$tarball_path" - wget -q -O "$tarball_path" "$SOURCE_URL" \ - || ynh_die "Unable to download AgenDAV archive" - echo "$SOURCE_SHA256 $tarball_path" | sha256sum -c >/dev/null \ - || ynh_die "Invalid checksum of downloaded archive" - tar xf "$tarball_path" -C "$DESTDIR" --strip-components 1 \ - || ynh_die "Unable to extract AgenDAV archive" - rm -rf "$tarball_path" - - # apply patches - (cd "$DESTDIR" \ - && for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \ - || die "Unable to apply patches to AgenDAV" -} diff --git a/scripts/install b/scripts/install index c90863c..f444aeb 100644 --- a/scripts/install +++ b/scripts/install @@ -49,12 +49,11 @@ else fi # Install dependencies -ynh_package_is_installed "php5-cli" \ - || ynh_package_install "php5-cli" +ynh_install_app_dependencies "php5-cli" # Create tmp directory and fetch app inside TMPDIR=$(mktemp -d) -extract_agendav "$TMPDIR" +ynh_setup_source "$TMPDIR" # Generate random password and encryption key dbpass=$(ynh_string_random) diff --git a/scripts/remove b/scripts/remove index a2e4b3d..b209a6f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -23,6 +23,9 @@ rm -rf "/var/www/${app}" "/var/log/${app}" rm -f "/etc/php5/fpm/pool.d/${app}.conf" [[ -n $domain ]] && rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + # Reload services service php5-fpm restart || true service nginx reload || true diff --git a/scripts/restore b/scripts/restore index 98befe9..e56308b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -14,9 +14,6 @@ app="$YNH_APP_INSTANCE_NAME" dbname=$app dbuser=$app -# Source app helpers -source /usr/share/yunohost/helpers - # Retrieve old app settings domain=$(ynh_app_setting_get "$app" domain) path=$(ynh_app_setting_get "$app" path) @@ -25,6 +22,9 @@ dbpass=$(ynh_app_setting_get "$app" mysqlpwd) # Check web path availability ynh_webpath_available "$domain" "$path" +# Install dependencies +ynh_install_app_dependencies "php5-cli" + # Check destination directory DESTDIR="/var/www/$app" [[ -d $DESTDIR ]] && ynh_die \ diff --git a/scripts/upgrade b/scripts/upgrade index 17ce37a..25019f6 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -54,12 +54,11 @@ else fi # Install dependencies -ynh_package_is_installed "php5-cli" \ - || ynh_package_install "php5-cli" +ynh_install_app_dependencies "php5-cli" # Create tmp directory and fetch app inside TMPDIR=$(mktemp -d) -extract_agendav "$TMPDIR" +ynh_setup_source "$TMPDIR" # Copy and set AgenDAV configuration conf_path="${TMPDIR}/web/config/settings.php" diff --git a/patches/00-add-http-auth.patch b/sources/patches/app-00-add-http-auth.patch similarity index 100% rename from patches/00-add-http-auth.patch rename to sources/patches/app-00-add-http-auth.patch From 0a8e8a77d337fcc7fed6f70162006f7cfcbfc67f Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 20 Oct 2017 14:51:27 +0200 Subject: [PATCH 03/19] Add is_public, use ynh_system_user_create --- check_process | 17 ++++++------ conf/nginx.conf | 62 +++++++++++++++++++++---------------------- manifest.json | 8 ++++++ scripts/_common.sh | 4 ++- scripts/install | 66 +++++++++++++++++++++++++++++++--------------- scripts/upgrade | 56 +++++++++++++++++++++++++-------------- 6 files changed, 131 insertions(+), 82 deletions(-) diff --git a/check_process b/check_process index 2f63183..f2f497d 100644 --- a/check_process +++ b/check_process @@ -3,22 +3,21 @@ ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) + is_public=1 (PUBLIC|public=1|private=0) language="fr" ; Checks pkg_linter=1 setup_sub_dir=1 setup_root=1 setup_nourl=0 - setup_private=0 - setup_public=0 - upgrade=0 - backup_restore=0 - multi_instance=0 - incorrect_path=0 - corrupt_source=0 - fail_download_source=0 + setup_private=1 + setup_public=1 + upgrade=1 + backup_restore=1 + multi_instance=1 + incorrect_path=1 port_already_use=0 - final_path_already_use=0 + change_url=0 ;;; Levels Level 1=auto Level 2=auto diff --git a/conf/nginx.conf b/conf/nginx.conf index baeceae..e611ce7 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,41 +1,41 @@ location {PATH}/ { - alias {DESTDIR}/web/public/; - index index.php; + alias {DESTDIR}/web/public/; + index index.php; - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } - # The seemingly weird syntax is due to a long-standing bug in nginx, - # see: https://trac.nginx.org/nginx/ticket/97 - try_files $uri {PATH}/{PATH}/index.php$is_args$args; + # The seemingly weird syntax is due to a long-standing bug in nginx, + # see: https://trac.nginx.org/nginx/ticket/97 + try_files $uri {PATH}/{PATH}/index.php$is_args$args; - # Another alternative to the weird try_files is to use a rewrite, like this : - # - #  if (-f $request_filename) { - # break; - # } - #  rewrite (.*) {LOCATION}/index.php$request_uri; - # - # But remember that if-is-evil : - # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#check-if-file-exists + # Another alternative to the weird try_files is to use a rewrite, like this : + # + #  if (-f $request_filename) { + # break; + # } + #  rewrite (.*) {LOCATION}/index.php$request_uri; + # + # But remember that if-is-evil : + # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#check-if-file-exists - location ~ ^{PATH}/index\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - } + location ~ ^{PATH}/index\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } - location ~ \.php$ { - return 404; - } + location ~ \.php$ { + return 404; + } - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } # append trailing slash in case of a subpath diff --git a/manifest.json b/manifest.json index 2c57fe1..63dd6d8 100644 --- a/manifest.json +++ b/manifest.json @@ -43,6 +43,14 @@ "example": "/agendav", "default": "/agendav" }, + { + "name": "is_public", + "type": "boolean", + "ask": { + "en": "Should Agendav be publicly accessible?" + }, + "default": "0" + }, { "name": "language", "ask": { diff --git a/scripts/_common.sh b/scripts/_common.sh index f3afb88..65e9d26 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -17,4 +17,6 @@ declare -A LANGUAGES=( # Common helpers # - +agendav_app_check_installation() { + echo $(yunohost app list --installed -f "$1" | grep "id:") +} diff --git a/scripts/install b/scripts/install index f444aeb..a9d51a0 100644 --- a/scripts/install +++ b/scripts/install @@ -13,21 +13,27 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path=$YNH_APP_ARG_PATH language=$YNH_APP_ARG_LANGUAGE +is_public=$YNH_APP_ARG_IS_PUBLIC # Set app specific variables app=$YNH_APP_INSTANCE_NAME dbname=$app dbuser=$app +path=$(ynh_normalize_url_path "$path") + +# Set and store language +language=${LANGUAGES[$language]} + +ynh_app_setting_set "$app" language "$language" +ynh_app_setting_set "$app" is_public "$is_public" +ynh_app_setting_set "$app" path "$path" + # Check web path availability ynh_webpath_available "$domain" "$path" # Register (book) web path ynh_webpath_register "$app" "$domain" "$path" -# Set and store language -language=${LANGUAGES[$3]} -ynh_app_setting_set "$app" language "$language" - # Define LOGDIR (create it later when user is created) LOGDIR=/var/log/$app @@ -37,23 +43,27 @@ DESTDIR="/var/www/${app}" "The destination directory '${DESTDIR}' already exists.\ You should safely delete it before installing this app." +mkdir -p "$DESTDIR" + # Check whether Baïkal or Radicale is installed -if yunohost app list --installed -f baikal | grep -q id ; then +baikal_install=$(agendav_app_check_installation "baikal") +radicale_install=$(agendav_app_check_installation "radicale") +if [[ -n "$baikal_install" ]] +then caldav_app="baikal" caldav_baseurl="/cal.php/" -elif yunohost app list --installed -f radicale | grep -q id ; then +elif [[ -n "$radicale_install" ]] +then caldav_app="radicale" caldav_baseurl="/" else - ynh_die "You must install Baïkal or Radicale before" + ynh_die "Baikal or Radicale is mandatory" fi # Install dependencies -ynh_install_app_dependencies "php5-cli" +ynh_install_app_dependencies php5-cli -# Create tmp directory and fetch app inside -TMPDIR=$(mktemp -d) -ynh_setup_source "$TMPDIR" +ynh_setup_source "$DESTDIR" # Generate random password and encryption key dbpass=$(ynh_string_random) @@ -62,7 +72,7 @@ ynh_app_setting_set "$app" encryptkey "$encryptkey" ynh_app_setting_set "$app" mysqlpwd "$dbpass" # Copy and set AgenDAV configuration -conf_path="${TMPDIR}/web/config/settings.php" +conf_path="${DESTDIR}/web/config/settings.php" cp ../conf/settings.php "$conf_path" sed -i "s/{DBUSER}/${dbuser}/g" "$conf_path" sed -i "s/{DBPASS}/${dbpass}/g" "$conf_path" @@ -79,12 +89,7 @@ caldav_url="https://${caldav_domain}${caldav_path%/}" sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" -# Install files and set permissions -mv "$TMPDIR" "$DESTDIR" - -useradd -c "$app system account" \ - -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ - || ynh_die "Unable to create $app system account" +ynh_system_user_create "$app" "$DESTDIR" # Protect source code against modifications find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; @@ -104,9 +109,12 @@ install -m 750 -o $app -g adm -d "$LOGDIR" # Initialize database ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -(cd "$DESTDIR" && -u $app \ - php agendavcli migrations:migrate --no-interaction) \ - || ynh_die "Unable to create AgenDAV tables" + +# Run database migrations +( + cd $DESTDIR + php agendavcli migrations:migrate --no-interaction +) # Copy and set nginx configuration nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" @@ -126,6 +134,22 @@ sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf cp ../conf/php-fpm.conf "$phpfpm_conf" +if [ "$is_public" -eq 0 ] +then # Remove the public access + ynh_app_setting_delete "$app" skipped_uris +fi +# Make app public if necessary +if [ "$is_public" -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set "$app" unprotected_uris "/" + + # ynh panel is not needed + ynh_replace_string " include conf.d/" " #include conf.d/" "$nginx_conf" + + ynh_store_file_checksum "$nginx_conf" +fi + # Reload services service php5-fpm restart service nginx reload diff --git a/scripts/upgrade b/scripts/upgrade index 25019f6..d454aec 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -17,10 +17,10 @@ dbuser=$app # Retrieve arguments domain=$(ynh_app_setting_get "$app" domain) path=$(ynh_app_setting_get "$app" path) -path=${path%/} dbpass=$(ynh_app_setting_get "$app" mysqlpwd) encryptkey=$(ynh_app_setting_get "$app" encryptkey) language=$(ynh_app_setting_get "$app" language) +is_public=$(ynh_app_setting_get "$app" is_public) # Set and store language if [[ -z "$language" ]]; then @@ -42,26 +42,30 @@ DESTDIR="/var/www/$app" "The destination directory '$DESTDIR' does not exist.\ The app is not correctly installed, you should remove it first." +mkdir -p "$DESTDIR" + # Check whether Baïkal or Radicale is installed -if yunohost app list --installed -f baikal | grep -q id ; then +baikal_install=$(agendav_app_check_installation "baikal") +radicale_install=$(agendav_app_check_installation "radicale") +if [[ -n "$baikal_install" ]] +then caldav_app="baikal" caldav_baseurl="/cal.php/" -elif yunohost app list --installed -f radicale | grep -q id ; then +elif [[ -n "$radicale_install" ]] +then caldav_app="radicale" caldav_baseurl="/" else - ynh_die "You must install Baïkal or Radicale before" + ynh_die "Baikal or Radicale is mandatory" fi # Install dependencies -ynh_install_app_dependencies "php5-cli" +ynh_install_app_dependencies php5-cli -# Create tmp directory and fetch app inside -TMPDIR=$(mktemp -d) -ynh_setup_source "$TMPDIR" +ynh_setup_source "$DESTDIR" # Copy and set AgenDAV configuration -conf_path="${TMPDIR}/web/config/settings.php" +conf_path="${DESTDIR}/web/config/settings.php" cp ../conf/settings.php "$conf_path" sed -i "s/{DBUSER}/${dbuser}/g" "$conf_path" sed -i "s/{DBPASS}/${dbpass}/g" "$conf_path" @@ -78,14 +82,7 @@ caldav_url="https://${caldav_domain}${caldav_path%/}" sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" -# Replace files and set permissions -rm -rf "$DESTDIR" -mv "$TMPDIR" "$DESTDIR" -if ! id -u $app > /dev/null 2>&1 ; then - useradd -c "$app system account" \ - -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ - || ynh_die "Unable to create $app system account" -fi +ynh_system_user_create "$app" "$DESTDIR" # Protect source code against modifications find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; @@ -104,9 +101,11 @@ find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 install -m 750 -o $app -g adm -d "$LOGDIR" # Run database migrations -(cd "$DESTDIR" && -u $app \ - php agendavcli migrations:migrate --no-interaction) \ - || ynh_die "Unable to run AgenDAV database migration" +( + cd $DESTDIR + php agendavcli migrations:migrate --no-interaction +) + # Copy and set nginx configuration nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" @@ -126,6 +125,23 @@ sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf cp ../conf/php-fpm.conf "$phpfpm_conf" + +if [ $is_public -eq 0 ] +then # Remove the public access + ynh_app_setting_delete "$app" skipped_uris +fi +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway + ynh_app_setting_set "$app" unprotected_uris "/" + + # ynh panel is not needed + ynh_replace_string " include conf.d/" " #include conf.d/" "$nginx_conf" + + ynh_store_file_checksum "$nginx_conf" +fi + # Reload services service php5-fpm restart || true service nginx reload || true From cd8ffbee1c2680e0e88d219bade390cfa73b57fd Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 20 Oct 2017 15:02:20 +0200 Subject: [PATCH 04/19] use ynh_add_nginx_config and ynh_add_fpm_config --- conf/nginx.conf | 15 ++++++--------- conf/php-fpm.conf | 12 ++++++------ scripts/install | 44 +++++++++++++++----------------------------- scripts/upgrade | 45 +++++++++++++++------------------------------ 4 files changed, 42 insertions(+), 74 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index e611ce7..985eb61 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,5 +1,5 @@ -location {PATH}/ { - alias {DESTDIR}/web/public/; +location __PATH__/ { + alias __FINALPATH__/web/public/; index index.php; if ($scheme = http) { @@ -8,21 +8,21 @@ location {PATH}/ { # The seemingly weird syntax is due to a long-standing bug in nginx, # see: https://trac.nginx.org/nginx/ticket/97 - try_files $uri {PATH}/{PATH}/index.php$is_args$args; + try_files $uri __PATH__/__PATH__/index.php$is_args$args; # Another alternative to the weird try_files is to use a rewrite, like this : # #  if (-f $request_filename) { # break; # } - #  rewrite (.*) {LOCATION}/index.php$request_uri; + #  rewrite (.*) __PATH__/index.php$request_uri; # # But remember that if-is-evil : # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#check-if-file-exists - location ~ ^{PATH}/index\.php(/|$) { + location ~ ^__PATH__/index\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; @@ -37,6 +37,3 @@ location {PATH}/ { # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } - -# append trailing slash in case of a subpath -location = {LOCATION} { return 302 {PATH}/; } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 49fb4a9..43613e6 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,6 +1,6 @@ -[{POOLNAME}] +[__NAMETOCHANGE__] ; The address on which to accept FastCGI requests. -listen = /var/run/php5-fpm-{POOLNAME}.sock +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock ; Set permissions for unix socket, if one is used. listen.owner = www-data @@ -8,8 +8,8 @@ listen.group = www-data listen.mode = 0600 ; Unix user/group of processes. -user = {USER} -group = {GROUP} +user = __NAMETOCHANGE__ +group = __NAMETOCHANGE__ ; Choose how the process manager will control the number of child processes. pm = dynamic @@ -47,7 +47,7 @@ request_terminate_timeout = 1d request_slowlog_timeout = 5s ; The log file for slow requests. -slowlog = /var/log/nginx/{POOLNAME}.slow.log +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log ; Set open file descriptor rlimit. rlimit_files = 4096 @@ -56,7 +56,7 @@ rlimit_files = 4096 rlimit_core = 0 ; Chdir to this directory at the start. -chdir = {DESTDIR} +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. catch_workers_output = yes diff --git a/scripts/install b/scripts/install index a9d51a0..bfac8f2 100644 --- a/scripts/install +++ b/scripts/install @@ -38,12 +38,10 @@ ynh_webpath_register "$app" "$domain" "$path" LOGDIR=/var/log/$app # Check destination directory -DESTDIR="/var/www/${app}" -[[ -d "$DESTDIR" ]] && ynh_die \ -"The destination directory '${DESTDIR}' already exists.\ - You should safely delete it before installing this app." +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -mkdir -p "$DESTDIR" +mkdir -p "$final_path" # Check whether Baïkal or Radicale is installed baikal_install=$(agendav_app_check_installation "baikal") @@ -63,7 +61,7 @@ fi # Install dependencies ynh_install_app_dependencies php5-cli -ynh_setup_source "$DESTDIR" +ynh_setup_source "$final_path" # Generate random password and encryption key dbpass=$(ynh_string_random) @@ -72,7 +70,7 @@ ynh_app_setting_set "$app" encryptkey "$encryptkey" ynh_app_setting_set "$app" mysqlpwd "$dbpass" # Copy and set AgenDAV configuration -conf_path="${DESTDIR}/web/config/settings.php" +conf_path="${final_path}/web/config/settings.php" cp ../conf/settings.php "$conf_path" sed -i "s/{DBUSER}/${dbuser}/g" "$conf_path" sed -i "s/{DBPASS}/${dbpass}/g" "$conf_path" @@ -89,20 +87,20 @@ caldav_url="https://${caldav_domain}${caldav_path%/}" sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" -ynh_system_user_create "$app" "$DESTDIR" +ynh_system_user_create "$app" "$final_path" # Protect source code against modifications -find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; -find "${DESTDIR}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; +find "${final_path}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; +find "${final_path}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; # Only agendav user should write here -chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} -chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} +chown -hR $app: "${final_path}/web/var/cache/"{profiler,twig} +chmod -R 750 "${final_path}/web/var/cache/"{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; +find "${final_path}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; +find "${final_path}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; # Create log directory install -m 750 -o $app -g adm -d "$LOGDIR" @@ -112,27 +110,15 @@ ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" # Run database migrations ( - cd $DESTDIR + cd $final_path php agendavcli migrations:migrate --no-interaction ) # Copy and set nginx configuration -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf -sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf -sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf -sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf -# comment redirection in case of an installation at root -[[ -n "$path" ]] || sed -i '$s/^/#/' ../conf/nginx.conf -cp ../conf/nginx.conf "$nginx_conf" +ynh_add_nginx_config # Copy and set php-fpm configuration -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf -sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf -cp ../conf/php-fpm.conf "$phpfpm_conf" +ynh_add_fpm_config if [ "$is_public" -eq 0 ] then # Remove the public access diff --git a/scripts/upgrade b/scripts/upgrade index d454aec..6205fbf 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -37,12 +37,10 @@ fi LOGDIR=/var/log/$app # Check destination directory -DESTDIR="/var/www/$app" -[[ ! -d $DESTDIR ]] && ynh_die \ -"The destination directory '$DESTDIR' does not exist.\ - The app is not correctly installed, you should remove it first." +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -mkdir -p "$DESTDIR" +mkdir -p "$final_path" # Check whether Baïkal or Radicale is installed baikal_install=$(agendav_app_check_installation "baikal") @@ -62,10 +60,10 @@ fi # Install dependencies ynh_install_app_dependencies php5-cli -ynh_setup_source "$DESTDIR" +ynh_setup_source "$final_path" # Copy and set AgenDAV configuration -conf_path="${DESTDIR}/web/config/settings.php" +conf_path="${final_path}/web/config/settings.php" cp ../conf/settings.php "$conf_path" sed -i "s/{DBUSER}/${dbuser}/g" "$conf_path" sed -i "s/{DBPASS}/${dbpass}/g" "$conf_path" @@ -82,49 +80,36 @@ caldav_url="https://${caldav_domain}${caldav_path%/}" sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" -ynh_system_user_create "$app" "$DESTDIR" +ynh_system_user_create "$app" "$final_path" # Protect source code against modifications -find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; -find "${DESTDIR}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; +find "${final_path}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; +find "${final_path}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; # Only agendav user should write here -chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} -chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} +chown -hR $app: "${final_path}/web/var/cache/"{profiler,twig} +chmod -R 750 "${final_path}/web/var/cache/"{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; +find "${final_path}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; +find "${final_path}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; # Create log directory install -m 750 -o $app -g adm -d "$LOGDIR" # Run database migrations ( - cd $DESTDIR + cd $final_path php agendavcli migrations:migrate --no-interaction ) # Copy and set nginx configuration -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf -sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf -sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf -sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf -# comment redirection in case of an installation at root -[[ -n "$path" ]] || sed -i '$s/^/#/' ../conf/nginx.conf -cp ../conf/nginx.conf "$nginx_conf" +ynh_add_nginx_config # Copy and set php-fpm configuration -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf -sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf -cp ../conf/php-fpm.conf "$phpfpm_conf" - +ynh_add_fpm_config if [ $is_public -eq 0 ] then # Remove the public access From d27688b513a11e9e5a40003e288c4ddfee43839d Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 20 Oct 2017 15:05:28 +0200 Subject: [PATCH 05/19] remove || true and finish users helpers --- scripts/remove | 13 +++++-------- scripts/restore | 6 +----- scripts/upgrade | 4 ++-- 3 files changed, 8 insertions(+), 15 deletions(-) diff --git a/scripts/remove b/scripts/remove index b209a6f..1532fdf 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,8 +12,8 @@ dbname=$app dbuser=$app # Drop MySQL database and user -ynh_mysql_drop_db "$dbname" || true -ynh_mysql_drop_user "$dbuser" || true +ynh_mysql_drop_db "$dbname" +ynh_mysql_drop_user "$dbuser" # Retrieve domain from app settings domain=$(ynh_app_setting_get "$app" domain) @@ -27,11 +27,8 @@ rm -f "/etc/php5/fpm/pool.d/${app}.conf" ynh_remove_app_dependencies # Reload services -service php5-fpm restart || true -service nginx reload || true +service php5-fpm restart +service nginx reload # Remove the user account -# (must be done after php-fpm restart) -id "$app" >/dev/null 2>&1 \ - && deluser --quiet --remove-home "$app" >/dev/null \ - || true +ynh_system_user_delete "$app" diff --git a/scripts/restore b/scripts/restore index e56308b..59b5100 100644 --- a/scripts/restore +++ b/scripts/restore @@ -52,11 +52,7 @@ else ynh_die "You must install Baïkal or Radicale before" fi -if ! id -u $app > /dev/null 2>&1 ; then - useradd -c "$app system account" \ - -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ - || ynh_die "Unable to create $app system account" -fi +ynh_system_user_create "$app" "$final_path" # Restore the app files and set permissions cp -a ./sources "$DESTDIR" diff --git a/scripts/upgrade b/scripts/upgrade index 6205fbf..e540f74 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -128,5 +128,5 @@ then fi # Reload services -service php5-fpm restart || true -service nginx reload || true +service php5-fpm restart +service nginx reload From aa5d2e8b987b0894b4fa512d7ff585e8a6d00c12 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 20 Oct 2017 17:55:20 +0200 Subject: [PATCH 06/19] Multiple corrections + using helpers for back and restore --- check_process | 2 +- conf/nginx.conf | 9 ++++++--- scripts/backup | 11 ++++++----- scripts/install | 14 +++++++------- scripts/remove | 7 ++++--- scripts/restore | 41 +++++++++++++---------------------------- scripts/upgrade | 9 +++------ 7 files changed, 40 insertions(+), 53 deletions(-) diff --git a/check_process b/check_process index f2f497d..219b38c 100644 --- a/check_process +++ b/check_process @@ -8,7 +8,7 @@ ; Checks pkg_linter=1 setup_sub_dir=1 - setup_root=1 + setup_root=0 setup_nourl=0 setup_private=1 setup_public=1 diff --git a/conf/nginx.conf b/conf/nginx.conf index 985eb61..a49a1ca 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -3,7 +3,7 @@ location __PATH__/ { index index.php; if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; + rewrite ^ https://$server_name$request_uri? permanent; } # The seemingly weird syntax is due to a long-standing bug in nginx, @@ -12,10 +12,10 @@ location __PATH__/ { # Another alternative to the weird try_files is to use a rewrite, like this : # - #  if (-f $request_filename) { + # if (-f $request_filename) { # break; # } - #  rewrite (.*) __PATH__/index.php$request_uri; + # rewrite (.*) {LOCATION}/index.php$request_uri; # # But remember that if-is-evil : # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#check-if-file-exists @@ -37,3 +37,6 @@ location __PATH__/ { # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } + +# append trailing slash in case of a subpath +location = __PATH__ { return 302 __PATH__/; } diff --git a/scripts/backup b/scripts/backup index eb67ce2..b2c5ea4 100644 --- a/scripts/backup +++ b/scripts/backup @@ -10,7 +10,7 @@ source /usr/share/yunohost/helpers ynh_abort_if_errors # Set app specific variables -app="$YNH_APP_INSTANCE_NAME" +app=$YNH_APP_INSTANCE_NAME dbname=$app dbuser=$app @@ -20,12 +20,13 @@ path=$(ynh_app_setting_get "$app" path) dbpass=$(ynh_app_setting_get "$app" mysqlpwd) # Copy the app files -DESTDIR="/var/www/$app" -ynh_backup "$DESTDIR" "sources" +final_path="/var/www/$app" +ynh_backup "$final_path" # Copy the conf files -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" -ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf" +ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" # Dump the database mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql +ynh_backup ./dump.sql diff --git a/scripts/install b/scripts/install index bfac8f2..f07bd32 100644 --- a/scripts/install +++ b/scripts/install @@ -11,7 +11,7 @@ ynh_abort_if_errors # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN -path=$YNH_APP_ARG_PATH +path_url=$YNH_APP_ARG_PATH language=$YNH_APP_ARG_LANGUAGE is_public=$YNH_APP_ARG_IS_PUBLIC @@ -20,19 +20,19 @@ app=$YNH_APP_INSTANCE_NAME dbname=$app dbuser=$app -path=$(ynh_normalize_url_path "$path") +path_url=$(ynh_normalize_url_path "$path_url") # Set and store language language=${LANGUAGES[$language]} ynh_app_setting_set "$app" language "$language" ynh_app_setting_set "$app" is_public "$is_public" -ynh_app_setting_set "$app" path "$path" +ynh_app_setting_set "$app" path "$path_url" # Check web path availability -ynh_webpath_available "$domain" "$path" +ynh_webpath_available "$domain" "$path_url" # Register (book) web path -ynh_webpath_register "$app" "$domain" "$path" +ynh_webpath_register "$app" "$domain" "$path_url" # Define LOGDIR (create it later when user is created) LOGDIR=/var/log/$app @@ -131,9 +131,9 @@ then ynh_app_setting_set "$app" unprotected_uris "/" # ynh panel is not needed - ynh_replace_string " include conf.d/" " #include conf.d/" "$nginx_conf" + ynh_replace_string " include conf.d/" " #include conf.d/" "$finalnginxconf" - ynh_store_file_checksum "$nginx_conf" + ynh_store_file_checksum "$finalnginxconf" fi # Reload services diff --git a/scripts/remove b/scripts/remove index 1532fdf..0500567 100644 --- a/scripts/remove +++ b/scripts/remove @@ -19,9 +19,10 @@ ynh_mysql_drop_user "$dbuser" domain=$(ynh_app_setting_get "$app" domain) # Delete app directory and configurations -rm -rf "/var/www/${app}" "/var/log/${app}" -rm -f "/etc/php5/fpm/pool.d/${app}.conf" -[[ -n $domain ]] && rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_secure_remove "/var/www/${app}" +ynh_secure_remove "/var/log/${app}" +ynh_remove_fpm_config +ynh_remove_nginx_config # Remove metapackage and its dependencies ynh_remove_app_dependencies diff --git a/scripts/restore b/scripts/restore index 59b5100..ff768dc 100644 --- a/scripts/restore +++ b/scripts/restore @@ -16,30 +16,18 @@ dbuser=$app # Retrieve old app settings domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) +path_url=$(ynh_app_setting_get "$app" path) dbpass=$(ynh_app_setting_get "$app" mysqlpwd) # Check web path availability -ynh_webpath_available "$domain" "$path" +ynh_webpath_available "$domain" "$path_url" # Install dependencies ynh_install_app_dependencies "php5-cli" # Check destination directory -DESTDIR="/var/www/$app" -[[ -d $DESTDIR ]] && ynh_die \ -"The destination directory '$DESTDIR' already exists.\ - You should safely delete it before restoring this app." - -# Check configuration files -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -[[ -f $nginx_conf ]] && ynh_die \ -"The NGINX configuration already exists at '${nginx_conf}'. - You should safely delete it before restoring this app." -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -[[ -f $phpfpm_conf ]] && ynh_die \ -"The PHP FPM configuration already exists at '${phpfpm_conf}'. - You should safely delete it before restoring this app." +final_path="/var/www/$app" +ynh_restore_file "$final_path" # Check whether Baïkal or Radicale is installed if yunohost app list --installed -f baikal | grep -q id ; then @@ -54,29 +42,26 @@ fi ynh_system_user_create "$app" "$final_path" -# Restore the app files and set permissions -cp -a ./sources "$DESTDIR" - # Protect source code against modifications -chown -hR root: "$DESTDIR" +chown -hR root: "$final_path" # Only agendav user should write here -chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} -chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} +chown -hR $app: "${final_path}/web/var/cache/"{profiler,twig} +chmod -R 750 "${final_path}/web/var/cache/"{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; +find "${final_path}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; +find "${final_path}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; # Clean caches -rm -rf "${DESTDIR}/web/var/cache/"{profiler,twig}/* +ynh_secure_remove "${final_path}/web/var/cache/"{profiler,twig}/* # CalDAV config caldav_domain=$(ynh_app_setting_get "$caldav_app" domain) caldav_path=$(ynh_app_setting_get "$caldav_app" path) caldav_url="https://${caldav_domain}${caldav_path%/}" -conf_path="${DESTDIR}/web/config/settings.php" +conf_path="${final_path}/web/config/settings.php" sed -i "s@^\(\$app\['caldav.baseurl'\] = \).*\ @\1'${caldav_url}${caldav_baseurl}';@g" "$conf_path" sed -i "s@^\(\$app\['caldav.baseurl.public'\] = \).*\ @@ -90,8 +75,8 @@ ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql # Restore configuration files -cp -a ./nginx.conf "$nginx_conf" -cp -a ./php-fpm.conf "$phpfpm_conf" +ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_restore_file "/etc/php5/fpm/pool.d/${app}.conf" # Reload services service php5-fpm restart diff --git a/scripts/upgrade b/scripts/upgrade index e540f74..ae137af 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -16,7 +16,7 @@ dbuser=$app # Retrieve arguments domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) +path_url=$(ynh_app_setting_get "$app" path) dbpass=$(ynh_app_setting_get "$app" mysqlpwd) encryptkey=$(ynh_app_setting_get "$app" encryptkey) language=$(ynh_app_setting_get "$app" language) @@ -38,9 +38,6 @@ LOGDIR=/var/log/$app # Check destination directory final_path=/var/www/$app -test ! -e "$final_path" || ynh_die "This path already contains a folder" - -mkdir -p "$final_path" # Check whether Baïkal or Radicale is installed baikal_install=$(agendav_app_check_installation "baikal") @@ -122,9 +119,9 @@ then ynh_app_setting_set "$app" unprotected_uris "/" # ynh panel is not needed - ynh_replace_string " include conf.d/" " #include conf.d/" "$nginx_conf" + ynh_replace_string " include conf.d/" " #include conf.d/" "$finalnginxconf" - ynh_store_file_checksum "$nginx_conf" + ynh_store_file_checksum "$finalnginxconf" fi # Reload services From 6aef7cac93c338b7229d11509268f65f1d802466 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Sat, 21 Oct 2017 00:28:10 +0200 Subject: [PATCH 07/19] Remove is_public --- check_process | 7 +++++-- manifest.json | 8 -------- scripts/install | 20 ++------------------ scripts/upgrade | 17 +---------------- 4 files changed, 8 insertions(+), 44 deletions(-) diff --git a/check_process b/check_process index 219b38c..2db3fc6 100644 --- a/check_process +++ b/check_process @@ -5,13 +5,16 @@ path="/path" (PATH) is_public=1 (PUBLIC|public=1|private=0) language="fr" + ; pre-install + sudo yunohost domain add --verbose baikaldomain.tld --admin-password $PASSWORD + sudo yunohost app install baikal -a "domain=baikaldomain.tld&path=/baikal&password=admin" ; Checks pkg_linter=1 setup_sub_dir=1 - setup_root=0 + setup_root=1 setup_nourl=0 setup_private=1 - setup_public=1 + setup_public=0 upgrade=1 backup_restore=1 multi_instance=1 diff --git a/manifest.json b/manifest.json index 63dd6d8..2c57fe1 100644 --- a/manifest.json +++ b/manifest.json @@ -43,14 +43,6 @@ "example": "/agendav", "default": "/agendav" }, - { - "name": "is_public", - "type": "boolean", - "ask": { - "en": "Should Agendav be publicly accessible?" - }, - "default": "0" - }, { "name": "language", "ask": { diff --git a/scripts/install b/scripts/install index f07bd32..0fb3bb7 100644 --- a/scripts/install +++ b/scripts/install @@ -13,7 +13,6 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH language=$YNH_APP_ARG_LANGUAGE -is_public=$YNH_APP_ARG_IS_PUBLIC # Set app specific variables app=$YNH_APP_INSTANCE_NAME @@ -26,7 +25,6 @@ path_url=$(ynh_normalize_url_path "$path_url") language=${LANGUAGES[$language]} ynh_app_setting_set "$app" language "$language" -ynh_app_setting_set "$app" is_public "$is_public" ynh_app_setting_set "$app" path "$path_url" # Check web path availability @@ -87,7 +85,7 @@ caldav_url="https://${caldav_domain}${caldav_path%/}" sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" -ynh_system_user_create "$app" "$final_path" +ynh_system_user_create "$app" # Protect source code against modifications find "${final_path}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; @@ -120,21 +118,7 @@ ynh_add_nginx_config # Copy and set php-fpm configuration ynh_add_fpm_config -if [ "$is_public" -eq 0 ] -then # Remove the public access - ynh_app_setting_delete "$app" skipped_uris -fi -# Make app public if necessary -if [ "$is_public" -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" - - # ynh panel is not needed - ynh_replace_string " include conf.d/" " #include conf.d/" "$finalnginxconf" - - ynh_store_file_checksum "$finalnginxconf" -fi +ynh_app_setting_delete "$app" skipped_uris # Reload services service php5-fpm restart diff --git a/scripts/upgrade b/scripts/upgrade index ae137af..4df9276 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,7 +20,6 @@ path_url=$(ynh_app_setting_get "$app" path) dbpass=$(ynh_app_setting_get "$app" mysqlpwd) encryptkey=$(ynh_app_setting_get "$app" encryptkey) language=$(ynh_app_setting_get "$app" language) -is_public=$(ynh_app_setting_get "$app" is_public) # Set and store language if [[ -z "$language" ]]; then @@ -108,21 +107,7 @@ ynh_add_nginx_config # Copy and set php-fpm configuration ynh_add_fpm_config -if [ $is_public -eq 0 ] -then # Remove the public access - ynh_app_setting_delete "$app" skipped_uris -fi -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set "$app" unprotected_uris "/" - - # ynh panel is not needed - ynh_replace_string " include conf.d/" " #include conf.d/" "$finalnginxconf" - - ynh_store_file_checksum "$finalnginxconf" -fi +ynh_app_setting_delete "$app" skipped_uris # Reload services service php5-fpm restart From 37249f444a799e2470dca501f762217998e7fa12 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 27 Oct 2017 17:54:59 +0200 Subject: [PATCH 08/19] Update to 2.2 to be able to toggle Certificate checks on will --- check_process | 2 +- conf/app.src | 4 +- conf/php-fpm.conf | 4 +- conf/settings.php | 3 ++ manifest.json | 8 ++++ scripts/install | 23 ++++++--- sources/patches/app-00-add-http-auth.patch | 56 ---------------------- 7 files changed, 33 insertions(+), 67 deletions(-) delete mode 100644 sources/patches/app-00-add-http-auth.patch diff --git a/check_process b/check_process index 2db3fc6..ceaac42 100644 --- a/check_process +++ b/check_process @@ -3,8 +3,8 @@ ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) - is_public=1 (PUBLIC|public=1|private=0) language="fr" + disablecacheck=0 ; pre-install sudo yunohost domain add --verbose baikaldomain.tld --admin-password $PASSWORD sudo yunohost app install baikal -a "domain=baikaldomain.tld&path=/baikal&password=admin" diff --git a/conf/app.src b/conf/app.src index 3878db1..b3de28a 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,4 +1,4 @@ -SOURCE_URL=https://github.com/adobo/agendav/releases/download/2.0.0/agendav-2.0.0.tar.gz -SOURCE_SUM=142e8d9ea0e3e6feacd1523c5cabc834fe8bc3e9dbae03034089758b9c3abb92 +SOURCE_URL=https://github.com/adobo/agendav/releases/download/2.2.0/agendav-2.2.0.tar.gz +SOURCE_SUM=0056154ae0a7aa3401f4f24c51f0f2de3d1e97eaa83e74a2129714b67013129f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 43613e6..3e23b7b 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -8,8 +8,8 @@ listen.group = www-data listen.mode = 0600 ; Unix user/group of processes. -user = __NAMETOCHANGE__ -group = __NAMETOCHANGE__ +user = __USER__ +group = __USER__ ; Choose how the process manager will control the number of child processes. pm = dynamic diff --git a/conf/settings.php b/conf/settings.php index 3398903..ac70cb2 100644 --- a/conf/settings.php +++ b/conf/settings.php @@ -39,6 +39,9 @@ $app['caldav.baseurl'] = '{CALDAV_BASEURL}'; // Authentication method required by CalDAV server (basic or digest) $app['caldav.authmethod'] = 'basic'; +// Do not verify SSL certificate, it is self signed +$app['caldav.certificate.verify'] = __CACHECK__; + // Whether to show public CalDAV urls $app['caldav.publicurls'] = true; diff --git a/manifest.json b/manifest.json index 2c57fe1..814e55b 100644 --- a/manifest.json +++ b/manifest.json @@ -53,6 +53,14 @@ "de", "en", "es", "fr", "it", "nl" ], "default": "en" + }, + { + "name": "disablecacheck", + "ask": { + "en": "Disable certificate checks? (if not using a valid certificate)" + }, + "type": "boolean", + "default": false } ] } diff --git a/scripts/install b/scripts/install index 0fb3bb7..905be7f 100644 --- a/scripts/install +++ b/scripts/install @@ -13,6 +13,7 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH language=$YNH_APP_ARG_LANGUAGE +disablecacheck=$YNH_APP_ARG_DISABLECACHECK # Set app specific variables app=$YNH_APP_INSTANCE_NAME @@ -78,6 +79,12 @@ sed -i "s@{LOGDIR}@${LOGDIR}@g" "$conf_path" sed -i "s@{TIMEZONE}@$(cat /etc/timezone)@g" "$conf_path" sed -i "s@{LANGUAGE}@${language}@g" "$conf_path" +if [ $disablecacheck -eq 0 ]; then + ynh_replace_string "__CACHECK__" "true" "$conf_path" +else + ynh_replace_string "__CACHECK__" "false" "$conf_path" +fi + # CalDAV config caldav_domain=$(ynh_app_setting_get "$caldav_app" domain) caldav_path=$(ynh_app_setting_get "$caldav_app" path) @@ -87,18 +94,22 @@ sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" ynh_system_user_create "$app" +chown -R root: "$final_path" + # Protect source code against modifications -find "${final_path}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; -find "${final_path}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; +#find "${final_path}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; +#find "${final_path}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; # Only agendav user should write here -chown -hR $app: "${final_path}/web/var/cache/"{profiler,twig} -chmod -R 750 "${final_path}/web/var/cache/"{profiler,twig} +chown -R $app "${final_path}/web/var/cache/"{profiler,twig} +#chmod -R 750 "${final_path}/web/var/cache/"{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -find "${final_path}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -find "${final_path}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; +#find "${final_path}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; +#find "${final_path}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; + +chown -R $app "${final_path}/web/config/" # Create log directory install -m 750 -o $app -g adm -d "$LOGDIR" diff --git a/sources/patches/app-00-add-http-auth.patch b/sources/patches/app-00-add-http-auth.patch deleted file mode 100644 index 74153c9..0000000 --- a/sources/patches/app-00-add-http-auth.patch +++ /dev/null @@ -1,56 +0,0 @@ ---- a/web/app/controllers.php -+++ b/web/app/controllers.php -@@ -71,13 +71,20 @@ $controllers->before(function(Request $request, Silex\Application $app) { - // processing the request - if ($app['session']->has('username')) { - $username = $app['session']->get('username'); -- $preferences = $app['preferences.repository']->userPreferences($username); -- $app['user.preferences'] = $preferences; -- $app['user.timezone'] = $preferences->get('timezone'); - -- // Set application language -- $app['locale'] = $preferences->get('language'); -- return; -+ // Clear user session if HTTP authentication changed -+ if (isset($_SERVER['PHP_AUTH_USER']) -+ && $username != $_SERVER['PHP_AUTH_USER']) { -+ $app['session']->clear(); -+ } else { -+ $preferences = $app['preferences.repository']->userPreferences($username); -+ $app['user.preferences'] = $preferences; -+ $app['user.timezone'] = $preferences->get('timezone'); -+ -+ // Set application language -+ $app['locale'] = $preferences->get('language'); -+ return; -+ } - } - - if ($request->isXmlHttpRequest()) { ---- a/web/src/Controller/Authentication.php -+++ b/web/src/Controller/Authentication.php -@@ -33,7 +33,7 @@ class Authentication - { - $template_vars = []; - -- if ($request->isMethod('POST')) { -+ if ($request->isMethod('POST') || isset($_SERVER['PHP_AUTH_USER'])) { - $result = $this->processLogin($request, $app); - - if ($result === true) { -@@ -62,8 +62,13 @@ class Authentication - - protected function processLogin(Request $request, Application $app) - { -- $user = $request->request->get('user'); -- $password = $request->request->get('password'); -+ if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { -+ $user = $_SERVER['PHP_AUTH_USER']; -+ $password = $_SERVER['PHP_AUTH_PW']; -+ } else { -+ $user = $request->request->get('user'); -+ $password = $request->request->get('password'); -+ } - - if (empty($user) || empty($password)) { - return $app['translator']->trans('messages.error_empty_fields'); From 0332ea782e24781eeccbacaf17b429d7485c3ce3 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Mon, 30 Oct 2017 12:48:06 +0100 Subject: [PATCH 09/19] Restructure install script --- scripts/install | 232 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 155 insertions(+), 77 deletions(-) diff --git a/scripts/install b/scripts/install index 905be7f..75827c3 100644 --- a/scripts/install +++ b/scripts/install @@ -1,46 +1,57 @@ #!/bin/bash -# Source local helpers -source ./_common.sh +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers -# Abort script if errors +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script ynh_abort_if_errors -# Retrieve arguments +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH language=$YNH_APP_ARG_LANGUAGE disablecacheck=$YNH_APP_ARG_DISABLECACHECK +# Set and store language +language=${LANGUAGES[$language]} + # Set app specific variables app=$YNH_APP_INSTANCE_NAME dbname=$app dbuser=$app +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= + +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" + +# Define LOGDIR (create it later when user is created) +LOGDIR=/var/log/$app +test ! -e "$LOGDIR" || ynh_die "This log path already contains a folder" + +# Normalize the url path syntax path_url=$(ynh_normalize_url_path "$path_url") -# Set and store language -language=${LANGUAGES[$language]} - -ynh_app_setting_set "$app" language "$language" -ynh_app_setting_set "$app" path "$path_url" - # Check web path availability ynh_webpath_available "$domain" "$path_url" # Register (book) web path ynh_webpath_register "$app" "$domain" "$path_url" -# Define LOGDIR (create it later when user is created) -LOGDIR=/var/log/$app - -# Check destination directory -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die "This path already contains a folder" - -mkdir -p "$final_path" # Check whether Baïkal or Radicale is installed baikal_install=$(agendav_app_check_installation "baikal") @@ -57,80 +68,147 @@ else ynh_die "Baikal or Radicale is mandatory" fi +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= + +ynh_app_setting_set "$app" language "$language" +ynh_app_setting_set "$app" path "$path_url" +ynh_app_setting_set "$app" domain "$domain" +ynh_app_setting_set "$app" disablecacheck "$disablecacheck" +ynh_app_setting_set "$app" final_path "$final_path" + +#================================================= +# STANDARD MODIFICATIONS +#================================================= + # Install dependencies ynh_install_app_dependencies php5-cli -ynh_setup_source "$final_path" - -# Generate random password and encryption key -dbpass=$(ynh_string_random) -encryptkey=$(ynh_string_random 24) -ynh_app_setting_set "$app" encryptkey "$encryptkey" -ynh_app_setting_set "$app" mysqlpwd "$dbpass" - -# Copy and set AgenDAV configuration -conf_path="${final_path}/web/config/settings.php" -cp ../conf/settings.php "$conf_path" -sed -i "s/{DBUSER}/${dbuser}/g" "$conf_path" -sed -i "s/{DBPASS}/${dbpass}/g" "$conf_path" -sed -i "s/{DBNAME}/${dbname}/g" "$conf_path" -sed -i "s/{ENCRYPTKEY}/${encryptkey}/g" "$conf_path" -sed -i "s@{LOGDIR}@${LOGDIR}@g" "$conf_path" -sed -i "s@{TIMEZONE}@$(cat /etc/timezone)@g" "$conf_path" -sed -i "s@{LANGUAGE}@${language}@g" "$conf_path" - -if [ $disablecacheck -eq 0 ]; then - ynh_replace_string "__CACHECK__" "true" "$conf_path" -else - ynh_replace_string "__CACHECK__" "false" "$conf_path" -fi - -# CalDAV config -caldav_domain=$(ynh_app_setting_get "$caldav_app" domain) -caldav_path=$(ynh_app_setting_get "$caldav_app" path) -caldav_url="https://${caldav_domain}${caldav_path%/}" -sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" -sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" - -ynh_system_user_create "$app" - -chown -R root: "$final_path" - -# Protect source code against modifications -#find "${final_path}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; -#find "${final_path}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; - -# Only agendav user should write here -chown -R $app "${final_path}/web/var/cache/"{profiler,twig} -#chmod -R 750 "${final_path}/web/var/cache/"{profiler,twig} - -# The agendav user should read here, but does not need to write -# Other users should not be able to read as it stores passwords. -#find "${final_path}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -#find "${final_path}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; - -chown -R $app "${final_path}/web/config/" - -# Create log directory -install -m 750 -o $app -g adm -d "$LOGDIR" +#================================================= +# CREATE A MYSQL DATABASE +#================================================= # Initialize database +dbpass=$(ynh_string_random) +ynh_app_setting_set "$app" mysqlpwd "$dbpass" + ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -# Run database migrations -( - cd $final_path - php agendavcli migrations:migrate --no-interaction -) +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +ynh_setup_source "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= # Copy and set nginx configuration ynh_add_nginx_config +#================================================= +# CREATE DEDICATED USER +#================================================= + +ynh_system_user_create "$app" + +#================================================= +# PHP-FPM CONFIGURATION +#================================================ + # Copy and set php-fpm configuration ynh_add_fpm_config +#================================================= +# SPECIFIC SETUP +#================================================= +# Create settings.php +#================================================= + +# Generate random encryption key +encryptkey=$(ynh_string_random 24) + +ynh_app_setting_set "$app" encryptkey "$encryptkey" + +# Copy and set AgenDAV configuration +timezone=$(cat /etc/timezone) + +caldav_domain=$(ynh_app_setting_get "$caldav_app" domain) +caldav_path=$(ynh_app_setting_get "$caldav_app" path) +caldav_url="https://${caldav_domain}${caldav_path%/}" + +conf_path="${final_path}/web/config/settings.php" +cp ../conf/settings.php "$conf_path" + +ynh_replace_string "{DBUSER}" "${dbuser}" "$conf_path" +ynh_replace_string "{DBPASS}" "${dbpass}" "$conf_path" +ynh_replace_string "{DBNAME}" "${dbname}" "$conf_path" +ynh_replace_string "{ENCRYPTKEY}" "${encryptkey}" "$conf_path" +ynh_replace_string "{LOGDIR}" "${LOGDIR}" "$conf_path" +ynh_replace_string "{TIMEZONE}" "$timezone" "$conf_path" +ynh_replace_string "{LANGUAGE}" "${language}" "$conf_path" +ynh_replace_string "{CALDAV_BASEURL}" "${caldav_url}${caldav_baseurl}" "$conf_path" +ynh_replace_string "{CALDAV_DOMAIN}" "${caldav_domain}" "$conf_path" + +if [ "$disablecacheck" -eq 0 ]; then + ynh_replace_string "__CACHECK__" "true" "$conf_path" +else + ynh_replace_string "__CACHECK__" "false" "$conf_path" +fi + +#================================================= +# STORE THE CHECKSUM OF THE CONFIG FILE +#================================================= + +ynh_store_file_checksum "$conf_path" + +#================================================= +# Run database migrations (includes initialization) +#================================================= + +( + cd "$final_path" + php agendavcli migrations:migrate --no-interaction +) + +#================================================= +# SETUP LOG directory +#================================================= + +mkdir -p "$LOGDIR" +chown -R "$app": "$LOGDIR" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +chown -R root: "$final_path" + +# Only agendav user should write here +chown -R "$app" "${final_path}/web/var/cache/"{profiler,twig} + +# The agendav user should read here, but does not need to write +chown -R root:"$app" "${final_path}/web/config/" +chmod -R g+rx "${final_path}/web/config/" + +# Other users should not be able to read as it stores passwords. +chmod -R o-rwx "${final_path}/web/config/" + +#================================================= +# SETUP SSOWAT +#================================================= + +# Remove the public access ynh_app_setting_delete "$app" skipped_uris +#================================================= +# RELOAD NGINX and FPM +#================================================= + # Reload services service php5-fpm restart service nginx reload From 4faefcecab3077890e1e9cb0e60938e4709de35d Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Mon, 30 Oct 2017 12:48:42 +0100 Subject: [PATCH 10/19] Restructure backup script --- scripts/backup | 55 ++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 13 deletions(-) diff --git a/scripts/backup b/scripts/backup index b2c5ea4..c990ea4 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,32 +1,61 @@ #!/bin/bash -# Source local helpers -source ./_common.sh -# Source app helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh source /usr/share/yunohost/helpers -# Abort script if errors +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# LOAD SETTINGS +#================================================= + # Set app specific variables app=$YNH_APP_INSTANCE_NAME -dbname=$app -dbuser=$app +db_name=$app # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) +path_url=$(ynh_app_setting_get "$app" path) +final_path=$(ynh_app_setting_get "$app" final_path) + +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= + +# Clean cache files before backup +ynh_secure_remove "${final_path}/web/var/cache/"{profiler,twig}/* -# Copy the app files -final_path="/var/www/$app" ynh_backup "$final_path" -# Copy the conf files +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= + # Dump the database -mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql -ynh_backup ./dump.sql +ynh_mysql_dump_db "$db_name" > db.sql From 79d530f6bc6fc6f4487cd2b08ff66c1fbb5ef79d Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Mon, 30 Oct 2017 12:48:51 +0100 Subject: [PATCH 11/19] Restructure restore script --- scripts/restore | 155 +++++++++++++++++++++++++++++++----------------- 1 file changed, 99 insertions(+), 56 deletions(-) diff --git a/scripts/restore b/scripts/restore index ff768dc..f09260a 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,14 +1,32 @@ #!/bin/bash -# Source local helpers -source ./_common.sh -# Source app helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi + +source _common.sh source /usr/share/yunohost/helpers -# Abort script if errors +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# LOAD SETTINGS +#================================================= + # Set app specific variables app="$YNH_APP_INSTANCE_NAME" dbname=$app @@ -17,67 +35,92 @@ dbuser=$app # Retrieve old app settings domain=$(ynh_app_setting_get "$app" domain) path_url=$(ynh_app_setting_get "$app" path) +final_path=$(ynh_app_setting_get "$app" final_path) dbpass=$(ynh_app_setting_get "$app" mysqlpwd) -# Check web path availability -ynh_webpath_available "$domain" "$path_url" +LOGDIR=/var/log/$app -# Install dependencies -ynh_install_app_dependencies "php5-cli" +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= -# Check destination directory -final_path="/var/www/$app" -ynh_restore_file "$final_path" +ynh_webpath_available "$domain" "$path_url" \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d "$final_path" \ +|| ynh_die "There is already a directory: $final_path " -# Check whether Baïkal or Radicale is installed -if yunohost app list --installed -f baikal | grep -q id ; then - caldav_app="baikal" - caldav_baseurl="/cal.php/" -elif yunohost app list --installed -f radicale | grep -q id ; then - caldav_app="radicale" - caldav_baseurl="/" -else - ynh_die "You must install Baïkal or Radicale before" -fi - -ynh_system_user_create "$app" "$final_path" - -# Protect source code against modifications -chown -hR root: "$final_path" - -# Only agendav user should write here -chown -hR $app: "${final_path}/web/var/cache/"{profiler,twig} -chmod -R 750 "${final_path}/web/var/cache/"{profiler,twig} - -# The agendav user should read here, but does not need to write -# Other users should not be able to read as it stores passwords. -find "${final_path}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -find "${final_path}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; - -# Clean caches -ynh_secure_remove "${final_path}/web/var/cache/"{profiler,twig}/* - -# CalDAV config -caldav_domain=$(ynh_app_setting_get "$caldav_app" domain) -caldav_path=$(ynh_app_setting_get "$caldav_app" path) -caldav_url="https://${caldav_domain}${caldav_path%/}" -conf_path="${final_path}/web/config/settings.php" -sed -i "s@^\(\$app\['caldav.baseurl'\] = \).*\ -@\1'${caldav_url}${caldav_baseurl}';@g" "$conf_path" -sed -i "s@^\(\$app\['caldav.baseurl.public'\] = \).*\ -@\1'${caldav_domain}';@g" "$conf_path" - -# Create log directory -install -m 750 -o www-data -g adm -d "/var/log/${app}" - -# Create and restore the database -ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= # Restore configuration files ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= + +ynh_restore_file "$final_path" + +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= + +# Create and restore the database +ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" +ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= + +ynh_system_user_create "$app" "$final_path" + +#================================================= +# RESTORE USER RIGHTS +#================================================= + +chown -R root: "$final_path" + +# Only agendav user should write here +chown -R "$app" "${final_path}/web/var/cache/"{profiler,twig} + +# The agendav user should read here, but does not need to write +chown -R root:"$app" "${final_path}/web/config/" +chmod -R g+rx "${final_path}/web/config/" + +# Other users should not be able to read as it stores passwords. +chmod -R o-rwx "${final_path}/web/config/" + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + ynh_restore_file "/etc/php5/fpm/pool.d/${app}.conf" -# Reload services +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= + +# Install dependencies +ynh_install_app_dependencies php5-cli + +#================================================= +# SETUP LOG directory +#================================================= + +mkdir -p "$LOGDIR" +chown -R "$app": "$LOGDIR" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= + service php5-fpm restart service nginx reload From 931ce1911060b7e57515a8e9238db75583e8da9c Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Mon, 30 Oct 2017 12:48:59 +0100 Subject: [PATCH 12/19] Restructure upgrade script --- scripts/upgrade | 214 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 163 insertions(+), 51 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 4df9276..9bf2e84 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,13 +1,17 @@ #!/bin/bash -# Source local helpers -source ./_common.sh +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers -# Abort script if errors -ynh_abort_if_errors +#================================================= +# LOAD SETTINGS +#================================================= # Set app specific variables app="$YNH_APP_INSTANCE_NAME" @@ -20,6 +24,13 @@ path_url=$(ynh_app_setting_get "$app" path) dbpass=$(ynh_app_setting_get "$app" mysqlpwd) encryptkey=$(ynh_app_setting_get "$app" encryptkey) language=$(ynh_app_setting_get "$app" language) +disablecacheck=$(ynh_app_setting_get "$app" disablecacheck) + +LOGDIR=/var/log/$app + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= # Set and store language if [[ -z "$language" ]]; then @@ -32,11 +43,27 @@ if [[ -z "$language" ]]; then ynh_app_setting_set "$app" language "$language" fi -# Define LOGDIR (create it later when user is created) -LOGDIR=/var/log/$app -# Check destination directory -final_path=/var/www/$app +# Fix is_public as a boolean value +if [ "$is_public" = "Yes" ]; then + ynh_app_setting_set "$app" is_public 1 + is_public=1 +elif [ "$is_public" = "No" ]; then + ynh_app_setting_set "$app" is_public 0 + is_public=0 +fi + +# If db_name doesn't exist, create it +if [ -z "$db_name" ]; then + db_name=$(ynh_sanitize_dbid "$app") + ynh_app_setting_set "$app" db_name "$db_name" +fi + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set "$app" final_path "$final_path" +fi # Check whether Baïkal or Radicale is installed baikal_install=$(agendav_app_check_installation "baikal") @@ -53,62 +80,147 @@ else ynh_die "Baikal or Radicale is mandatory" fi +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path "$path_url") + +#================================================= +# STANDARD MODIFICATIONS +#================================================= + # Install dependencies ynh_install_app_dependencies php5-cli +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + ynh_setup_source "$final_path" -# Copy and set AgenDAV configuration -conf_path="${final_path}/web/config/settings.php" -cp ../conf/settings.php "$conf_path" -sed -i "s/{DBUSER}/${dbuser}/g" "$conf_path" -sed -i "s/{DBPASS}/${dbpass}/g" "$conf_path" -sed -i "s/{DBNAME}/${dbname}/g" "$conf_path" -sed -i "s/{ENCRYPTKEY}/${encryptkey}/g" "$conf_path" -sed -i "s@{LOGDIR}@${LOGDIR}@g" "$conf_path" -sed -i "s@{TIMEZONE}@$(cat /etc/timezone)@g" "$conf_path" -sed -i "s@{LANGUAGE}@${language}@g" "$conf_path" - -# CalDAV config -caldav_domain=$(ynh_app_setting_get "$caldav_app" domain) -caldav_path=$(ynh_app_setting_get "$caldav_app" path) -caldav_url="https://${caldav_domain}${caldav_path%/}" -sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" -sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" - -ynh_system_user_create "$app" "$final_path" - -# Protect source code against modifications -find "${final_path}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; -find "${final_path}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; - -# Only agendav user should write here -chown -hR $app: "${final_path}/web/var/cache/"{profiler,twig} -chmod -R 750 "${final_path}/web/var/cache/"{profiler,twig} - -# The agendav user should read here, but does not need to write -# Other users should not be able to read as it stores passwords. -find "${final_path}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -find "${final_path}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; - -# Create log directory -install -m 750 -o $app -g adm -d "$LOGDIR" - -# Run database migrations -( - cd $final_path - php agendavcli migrations:migrate --no-interaction -) - +#================================================= +# NGINX CONFIGURATION +#================================================= # Copy and set nginx configuration ynh_add_nginx_config +#================================================= +# CREATE DEDICATED USER +#================================================= + +ynh_system_user_create "$app" + +#================================================= +# PHP-FPM CONFIGURATION +#================================================ + # Copy and set php-fpm configuration ynh_add_fpm_config +#================================================= +# SPECIFIC SETUP +#================================================= +# Create settings.php +#================================================= + +# Generate random encryption key +encryptkey=$(ynh_app_setting_get "$app" encryptkey) + +# Copy and set AgenDAV configuration +timezone=$(cat /etc/timezone) + +caldav_domain=$(ynh_app_setting_get "$caldav_app" domain) +caldav_path=$(ynh_app_setting_get "$caldav_app" path) +caldav_url="https://${caldav_domain}${caldav_path%/}" + +conf_path="${final_path}/web/config/settings.php" +ynh_backup_if_checksum_is_different "$conf_path" + +cp ../conf/settings.php "$conf_path" + +ynh_replace_string "{DBUSER}" "${dbuser}" "$conf_path" +ynh_replace_string "{DBPASS}" "${dbpass}" "$conf_path" +ynh_replace_string "{DBNAME}" "${dbname}" "$conf_path" +ynh_replace_string "{ENCRYPTKEY}" "${encryptkey}" "$conf_path" +ynh_replace_string "{LOGDIR}" "${LOGDIR}" "$conf_path" +ynh_replace_string "{TIMEZONE}" "$timezone" "$conf_path" +ynh_replace_string "{LANGUAGE}" "${language}" "$conf_path" +ynh_replace_string "{CALDAV_BASEURL}" "${caldav_url}${caldav_baseurl}" "$conf_path" +ynh_replace_string "{CALDAV_DOMAIN}" "${caldav_domain}" "$conf_path" + +if [ "$disablecacheck" -eq 0 ]; then + ynh_replace_string "__CACHECK__" "true" "$conf_path" +else + ynh_replace_string "__CACHECK__" "false" "$conf_path" +fi + +#================================================= +# STORE THE CHECKSUM OF THE CONFIG FILE +#================================================= + +ynh_store_file_checksum "$conf_path" + +#================================================= +# Run database migrations (includes initialization) +#================================================= + +( + cd "$final_path" + php agendavcli migrations:migrate --no-interaction +) + +#================================================= +# SETUP LOG directory +#================================================= + +mkdir -p "$LOGDIR" +chown -R "$app": "$LOGDIR" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +chown -R root: "$final_path" + +# Only agendav user should write here +chown -R "$app" "${final_path}/web/var/cache/"{profiler,twig} + +# The agendav user should read here, but does not need to write +chown -R root:"$app" "${final_path}/web/config/" +chmod -R g+rx "${final_path}/web/config/" + +# Other users should not be able to read as it stores passwords. +chmod -R o-rwx "${final_path}/web/config/" + +#================================================= +# SETUP SSOWAT +#================================================= + +# Remove the public access ynh_app_setting_delete "$app" skipped_uris +#================================================= +# RELOAD NGINX and FPM +#================================================= + # Reload services service php5-fpm restart service nginx reload From 6418e0fb579bc6725e523604cd23502cb8bc7045 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Mon, 30 Oct 2017 12:49:20 +0100 Subject: [PATCH 13/19] Remove multi-instance and root tests --- check_process | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/check_process b/check_process index ceaac42..8a4b858 100644 --- a/check_process +++ b/check_process @@ -4,20 +4,20 @@ domain="domain.tld" (DOMAIN) path="/path" (PATH) language="fr" - disablecacheck=0 + disablecacheck=1 ; pre-install sudo yunohost domain add --verbose baikaldomain.tld --admin-password $PASSWORD sudo yunohost app install baikal -a "domain=baikaldomain.tld&path=/baikal&password=admin" ; Checks pkg_linter=1 setup_sub_dir=1 - setup_root=1 + setup_root=0 setup_nourl=0 setup_private=1 setup_public=0 upgrade=1 backup_restore=1 - multi_instance=1 + multi_instance=0 incorrect_path=1 port_already_use=0 change_url=0 From a299c6b5d4b306b07fefbdee674dbcf835f0b40c Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sat, 4 Nov 2017 16:09:07 +0100 Subject: [PATCH 14/19] Report private test --- check_process | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/check_process b/check_process index 8a4b858..93471d0 100644 --- a/check_process +++ b/check_process @@ -13,7 +13,8 @@ setup_sub_dir=1 setup_root=0 setup_nourl=0 - setup_private=1 +# Private test only should be fixed in package check before. +# setup_private=1 setup_public=0 upgrade=1 backup_restore=1 From 949faa6428c1413b59b4de293f8f7ee5ee1c46b6 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Sun, 5 Nov 2017 22:33:17 +0100 Subject: [PATCH 15/19] Rewrite removal --- scripts/remove | 78 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 58 insertions(+), 20 deletions(-) diff --git a/scripts/remove b/scripts/remove index 0500567..e3c4d0d 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,35 +1,73 @@ #!/bin/bash -# Source local helpers -source ./_common.sh +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers -# Set app specific variables +#================================================= +# LOAD SETTINGS +#================================================= + app="$YNH_APP_INSTANCE_NAME" -dbname=$app -dbuser=$app - -# Drop MySQL database and user -ynh_mysql_drop_db "$dbname" -ynh_mysql_drop_user "$dbuser" - -# Retrieve domain from app settings domain=$(ynh_app_setting_get "$app" domain) +final_path=$(ynh_app_setting_get "$app" final_path) -# Delete app directory and configurations -ynh_secure_remove "/var/www/${app}" -ynh_secure_remove "/var/log/${app}" -ynh_remove_fpm_config -ynh_remove_nginx_config +db_name=$app +db_user=$app + +#================================================= +# STANDARD REMOVE +#================================================= +# REMOVE DEPENDENCIES +#================================================= # Remove metapackage and its dependencies ynh_remove_app_dependencies -# Reload services -service php5-fpm restart -service nginx reload +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= + +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db "$db_user" "$db_name" + +#================================================= +# REMOVE APP MAIN DIR +#================================================= + +# Remove the app directory securely +ynh_secure_remove "$final_path" + +#================================================= +# REMOVE APP MAIN DIR +#================================================= + +ynh_secure_remove "/var/log/$app" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= # Remove the user account ynh_system_user_delete "$app" From 0553ce4b9c10d15ef3b9a3f2ed9b8dbdfb075288 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Sun, 5 Nov 2017 22:33:38 +0100 Subject: [PATCH 16/19] Remove skipped_uris and replace restart by reload --- scripts/backup | 6 +++++- scripts/install | 8 +++----- scripts/restore | 2 +- scripts/upgrade | 5 ++--- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/scripts/backup b/scripts/backup index c990ea4..e190c3c 100644 --- a/scripts/backup +++ b/scripts/backup @@ -7,6 +7,11 @@ # IMPORT GENERIC HELPERS #================================================= +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi source _common.sh source /usr/share/yunohost/helpers @@ -27,7 +32,6 @@ db_name=$app # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_app_setting_get "$app" path) final_path=$(ynh_app_setting_get "$app" final_path) #================================================= diff --git a/scripts/install b/scripts/install index 75827c3..829758c 100644 --- a/scripts/install +++ b/scripts/install @@ -91,9 +91,8 @@ ynh_install_app_dependencies php5-cli # Initialize database dbpass=$(ynh_string_random) -ynh_app_setting_set "$app" mysqlpwd "$dbpass" -ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" +ynh_mysql_setup_db "$dbname" "$dbuser" "$dbpass" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -202,13 +201,12 @@ chmod -R o-rwx "${final_path}/web/config/" # SETUP SSOWAT #================================================= -# Remove the public access -ynh_app_setting_delete "$app" skipped_uris +# Nothing to do, this app is private #================================================= # RELOAD NGINX and FPM #================================================= # Reload services -service php5-fpm restart +service php5-fpm reload service nginx reload diff --git a/scripts/restore b/scripts/restore index f09260a..1db77b5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -122,5 +122,5 @@ chown -R "$app": "$LOGDIR" # RELOAD NGINX AND PHP-FPM #================================================= -service php5-fpm restart +service php5-fpm reload service nginx reload diff --git a/scripts/upgrade b/scripts/upgrade index 9bf2e84..5abe27f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -214,13 +214,12 @@ chmod -R o-rwx "${final_path}/web/config/" # SETUP SSOWAT #================================================= -# Remove the public access -ynh_app_setting_delete "$app" skipped_uris +# Nothing to do, this app is private #================================================= # RELOAD NGINX and FPM #================================================= # Reload services -service php5-fpm restart +service php5-fpm reload service nginx reload From 7bf8c770ba263be3eb24fea2036139b89b542cb5 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Mon, 13 Nov 2017 19:04:15 +0100 Subject: [PATCH 17/19] typo --- scripts/remove | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/remove b/scripts/remove index e3c4d0d..6954292 100644 --- a/scripts/remove +++ b/scripts/remove @@ -44,7 +44,7 @@ ynh_mysql_remove_db "$db_user" "$db_name" ynh_secure_remove "$final_path" #================================================= -# REMOVE APP MAIN DIR +# REMOVE LOG #================================================= ynh_secure_remove "/var/log/$app" From f2c682fbe25b5dbed194eebb32bc9aa28c924bd1 Mon Sep 17 00:00:00 2001 From: JimboJoe Date: Sun, 19 Nov 2017 16:29:11 +0100 Subject: [PATCH 18/19] Fetch applications list in pre-install --- check_process | 1 + 1 file changed, 1 insertion(+) diff --git a/check_process b/check_process index 93471d0..6efab9e 100644 --- a/check_process +++ b/check_process @@ -6,6 +6,7 @@ language="fr" disablecacheck=1 ; pre-install + sudo yunohost app fetchlist sudo yunohost domain add --verbose baikaldomain.tld --admin-password $PASSWORD sudo yunohost app install baikal -a "domain=baikaldomain.tld&path=/baikal&password=admin" ; Checks From 625324cf8b07fe0ec66eb189483456d53bd23106 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Wed, 22 Nov 2017 23:39:52 +0100 Subject: [PATCH 19/19] Add default initialization for disablecacheck --- scripts/upgrade | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 5abe27f..b8f016e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -59,6 +59,12 @@ if [ -z "$db_name" ]; then ynh_app_setting_set "$app" db_name "$db_name" fi +# If disablecacheck doesn't exist, create it +if [ -z "$disablecacheck" ]; then + disablecacheck=0 + ynh_app_setting_set "$app" disablecacheck "$disablecacheck" +fi + # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/var/www/$app