YunoHost-Apps/baikal_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/baikal_ynh.git synced 2024-09-03 18:16:11 +02:00
Code Issues Activity Actions

Merge pull request #21 from YunoHost-Apps/refactoring

Browse source 
Fix install + refactoring
This commit is contained in:
Maniack Crudelis 2017-10-31 12:35:37 +01:00 committed by GitHub
commit 13868c1bb7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 493 additions and 302 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
check_process
View file

@ -1,9 +1,8 @@
;; Test complet ;; Test complet
auto_remove=1
; Manifest ; Manifest
domain="domain.tld" (DOMAIN) domain="domain.tld" (DOMAIN)
path="/path" (PATH) path="/path" (PATH)
password="mysecret" (PASSWORD) password="mysecret"
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1
@ -14,22 +13,22 @@
upgrade=1 upgrade=1
backup_restore=1 backup_restore=1
multi_instance=0 multi_instance=0
wrong_user=0
wrong_path=1
incorrect_path=1 incorrect_path=1
corrupt_source=0
fail_download_source=0
port_already_use=0 port_already_use=0
final_path_already_use=0 change_url=0
;;; Levels ;;; Levels
Level 1=auto Level 1=auto
Level 2=auto Level 2=auto
Level 3=auto Level 3=auto
# Niveau 4 ignoré, mais c'est à confirmé par le mainteneur de l'application. # Patch add-ldap-auth
Level 4=na Level 4=1
Level 5=auto # https://github.com/YunoHost-Apps/baikal_ynh/issues/19
Level 5=1
Level 6=auto Level 6=auto
Level 7=auto Level 7=auto
Level 8=0 Level 8=0
Level 9=0 Level 9=0
Level 10=0 Level 10=0
;;; Options
Email=
Notification=none

6
conf/app.src Normal file
View file

@ -0,0 +1,6 @@
SOURCE_URL=https://github.com/fruux/Baikal/releases/download/0.4.6/baikal-0.4.6.zip
SOURCE_SUM=946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

2
conf/config.php
View file

@ -3,7 +3,7 @@
# #
# Copyright notice # Copyright notice
# #
# (c) 2016 Jérôme Schneider <mail@jeromeschneider.fr> # (c) 2017 Jérôme Schneider <mail@jeromeschneider.fr>
# All rights reserved # All rights reserved
# #
# http://baikal-server.com # http://baikal-server.com

4
conf/config.system.php
View file

@ -3,7 +3,7 @@
# #
# Copyright notice # Copyright notice
# #
# (c) 2016 Jérôme Schneider <mail@jeromeschneider.fr> # (c) 2017 Jérôme Schneider <mail@jeromeschneider.fr>
# All rights reserved # All rights reserved
# #
# http://baikal-server.com # http://baikal-server.com
@ -69,4 +69,4 @@ define("PROJECT_DB_MYSQL_PASSWORD", '#DBPASS#');
define("BAIKAL_ENCRYPTION_KEY", '#DESKEY#'); define("BAIKAL_ENCRYPTION_KEY", '#DESKEY#');
# The currently configured Baïkal version # The currently configured Baïkal version
define("BAIKAL_CONFIGURED_VERSION", '0.4.4'); define("BAIKAL_CONFIGURED_VERSION", '0.4.6');

13
conf/nginx.conf
View file

@ -1,15 +1,16 @@
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 https://$server_name{PATH}/card.php; return 301 https://$server_name__PATH__/card.php;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 https://$server_name{PATH}/cal.php; return 301 https://$server_name__PATH__/cal.php;
} }
location {LOCATION} { location __PATH__ {
alias {DESTDIR}/html/; alias __FINALPATH__/html/;
if ($scheme = http) { if ($scheme = http) {
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
# rewrite ^ https://$server_name$request_uri? permanent;
} }
index index.php; index index.php;
@ -19,10 +20,10 @@ location {LOCATION} {
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
} }
location ~ ^{PATH}/(\.|Core|Specific) { location ~ ^__PATH__/(\.|Core|Specific) {
deny all; deny all;
} }
} }

12
conf/php-fpm.conf
View file

@ -1,6 +1,6 @@
[{POOLNAME}] [__NAMETOCHANGE__]
; The address on which to accept FastCGI requests. ; The address on which to accept FastCGI requests.
listen = /var/run/php5-fpm-{POOLNAME}.sock listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
; Set permissions for unix socket, if one is used. ; Set permissions for unix socket, if one is used.
listen.owner = www-data listen.owner = www-data
@ -8,8 +8,8 @@ listen.group = www-data
listen.mode = 0600 listen.mode = 0600
; Unix user/group of processes. ; Unix user/group of processes.
user = {USER} user = __USER__
group = {GROUP} group = __USER__
; Choose how the process manager will control the number of child processes. ; Choose how the process manager will control the number of child processes.
pm = dynamic pm = dynamic
@ -47,7 +47,7 @@ request_terminate_timeout = 1d
request_slowlog_timeout = 5s request_slowlog_timeout = 5s
; The log file for slow requests. ; The log file for slow requests.
slowlog = /var/log/nginx/{POOLNAME}.slow.log slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log
; Set open file descriptor rlimit. ; Set open file descriptor rlimit.
rlimit_files = 4096 rlimit_files = 4096
@ -56,7 +56,7 @@ rlimit_files = 4096
rlimit_core = 0 rlimit_core = 0
; Chdir to this directory at the start. ; Chdir to this directory at the start.
chdir = {DESTDIR} chdir = __FINALPATH__
; Redirect worker stdout and stderr into main error log. ; Redirect worker stdout and stderr into main error log.
catch_workers_output = yes catch_workers_output = yes

10
manifest.json
View file

@ -1,27 +1,27 @@
{ {
"packaging_format": 1,
"id": "baikal", "id": "baikal",
"name": "Baikal", "name": "Baikal",
"packaging_format": 1,
"description": { "description": {
"en": "Lightweight CalDAV+CardDAV server", "en": "Lightweight CalDAV+CardDAV server",
"fr": "Serveur CalDAV+CardDAV léger" "fr": "Serveur CalDAV+CardDAV léger"
}, },
"url": "http://baikal-server.com/", "url": "http://baikal-server.com/",
"license": "GPL-3", "license": "GPL-3.0",
"version": "0.4.6", "version": "0.4.6",
"maintainer": { "maintainer": {
"name": "julien", "name": "julien",
"email": "julien.malik@paraiso.me" "email": "julien.malik@paraiso.me"
}, },
"multi_instance": false, "multi_instance": false,
"requirements": {
"yunohost": ">= 2.3.16"
},
"services": [ "services": [
"nginx", "nginx",
"php5-fpm", "php5-fpm",
"mysql" "mysql"
], ],
"requirements": {
"yunohost": ">= 2.7.2"
},
"arguments": { "arguments": {
"install" : [ "install" : [
{ {

43
scripts/_common.sh
View file

@ -1,43 +0,0 @@
#
# Common variables
#
# Baikal version
VERSION=0.4.6
# Baikal source archive checksum
BAIKAL_SOURCE_SHA256="946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6"
# Remote URL to fetch Baikal source archive
BAIKAL_SOURCE_URL="https://github.com/fruux/Baikal/releases/download/${VERSION}/baikal-${VERSION}.zip"
# App package root directory should be the parent folder
PKGDIR=$(cd ../; pwd)
#
# Common helpers
#
# Source app helpers
source /usr/share/yunohost/helpers
# Download and extract Baikal sources to the given directory
# usage: extract_baikal DESTDIR
extract_baikal() {
local DESTDIR=$1
local bk_archive="${DESTDIR}/baikal.zip"
wget -q -O "$bk_archive" "$BAIKAL_SOURCE_URL" \
|| ynh_die "Unable to download Baikal archive"
echo "$BAIKAL_SOURCE_SHA256 $bk_archive" | sha256sum -c >/dev/null \
|| ynh_die "Invalid checksum of downloaded archive"
unzip -q "$bk_archive" -d "$DESTDIR" \
|| ynh_die "Unable to extract Baikal archive"
mv "${DESTDIR}/baikal/"* "$DESTDIR"
rm -rf "$bk_archive" "${DESTDIR}/baikal"
# apply patches
(cd "$DESTDIR" \
&& for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \
|| die "Unable to apply patches to Baikal"
}

67
scripts/backup
View file

@ -1,30 +1,59 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
# GENERIC START
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit on command errors and treat access to unset variables as an error
set -eu set -eu
# Retrieve app id #=================================================
# IMPORT GENERIC HELPERS
#=================================================
#if [ ! -e _common.sh ]; then
# # Get the _common.sh file if it's not in the current directory
# cp ../settings/scripts/_common.sh ./_common.sh
# chmod a+rx _common.sh
#fi
#source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Set app specific variables final_path=$(ynh_app_setting_get $app final_path)
dbname=$app domain=$(ynh_app_setting_get $app domain)
dbuser=$app db_name=$(ynh_app_setting_get $app db_name)
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
# Source app helpers #=================================================
. /usr/share/yunohost/helpers # STANDARD BACKUP STEPS
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
# Retrieve app settings ynh_backup "$final_path"
domain=$(ynh_app_setting_get "$app" domain)
path=$(ynh_app_setting_get "$app" path)
dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
# Copy the app files #=================================================
DESTDIR="/var/www/$app" # BACKUP THE NGINX CONFIGURATION
ynh_backup "$DESTDIR" "sources" #=================================================
# Copy the conf files ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf"
# Dump the database #=================================================
mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql # BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_mysql_dump_db "$db_name" > db.sql

202
scripts/install
View file

@ -1,100 +1,156 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
#source ./_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
password=$YNH_APP_ARG_PASSWORD
# Retrieve app id
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Retrieve arguments #=================================================
domain=$1 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
path=${2%/} #=================================================
password=$3
# Load common variables and helpers # Normalize the url path syntax
. ./_common.sh path_url=$(ynh_normalize_url_path $path_url)
# Set app specific variables final_path=/var/www/$app
dbname=$app test ! -e "$final_path" || ynh_die "This path already contains a folder"
dbuser=$app
# Check domain/path availability # Check web path availability
sudo yunohost app checkurl "${domain}${path}" -a "$app" \ ynh_webpath_available $domain $path_url
|| exit 1 # Register (book) web path
ynh_webpath_register $app $domain $path_url
# Check destination directory #=================================================
DESTDIR="/var/www/${app}" # STORE SETTINGS FROM MANIFEST
[[ -d "$DESTDIR" ]] && ynh_die \ #=================================================
"The destination directory '${DESTDIR}' already exists.\
You should safely delete it before installing this app."
# Create tmp directory and fetch app inside ynh_app_setting_set $app domain $domain
TMPDIR=$(ynh_mkdir_tmp) ynh_app_setting_set $app path $path_url
extract_baikal "$TMPDIR"
# Generate random DES key & password #=================================================
deskey=$(ynh_string_random 24) # STANDARD MODIFICATIONS
dbpass=$(ynh_string_random) #=================================================
# CREATE A MYSQL DATABASE
#=================================================
# Initialize database db_name=$(ynh_sanitize_dbid $app)
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" ynh_app_setting_set $app db_name $db_name
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" \ ynh_mysql_setup_db $db_name $db_name
< "${TMPDIR}/Core/Resources/Db/MySQL/db.sql"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_app_setting_set $app final_path $final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
# Create a system user
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC SETUP
#=================================================
# INITIALIZE DATABASE
#=================================================
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \
< "${final_path}/Core/Resources/Db/MySQL/db.sql"
#=================================================
# CONFIGURE BAIKAL
#=================================================
bk_conf="${final_path}/Specific/config.php"
cp ../conf/config.php "$bk_conf"
ynh_replace_string "#TIMEZONE#" "$(cat /etc/timezone)" "$bk_conf"
# Create admin password hash # Create admin password hash
password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1)
ynh_replace_string "#PASSWORDHASH#" "${password_hash}" "$bk_conf"
ynh_app_setting_set $app password_hash $password_hash
# Copy and set Baikal configuration # Store the config file checksum into the app settings
bk_conf="${TMPDIR}/Specific/config.php" ynh_store_file_checksum "$bk_conf"
cp ../conf/config.php "$bk_conf"
sed -i "s@#TIMEZONE#@$(cat /etc/timezone)@g" "$bk_conf"
sed -i "s@#PASSWORDHASH#@${password_hash}@g" "$bk_conf"
bk_conf="${TMPDIR}/Specific/config.system.php" bk_conf="${final_path}/Specific/config.system.php"
cp ../conf/config.system.php "$bk_conf" cp ../conf/config.system.php "$bk_conf"
sed -i "s@#PATH#@${path}@g" "$bk_conf" ynh_replace_string "#PATH#" "$path_url" "$bk_conf"
sed -i "s@#DBNAME#@${dbname}@g" "$bk_conf" ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf"
sed -i "s@#DBUSER#@${dbuser}@g" "$bk_conf" ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf"
sed -i "s@#DBPASS#@${dbpass}@g" "$bk_conf" ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf"
sed -i "s@#DESKEY#@${deskey}@g" "$bk_conf"
deskey=$(ynh_string_random 24)
ynh_app_setting_set "$app" encrypt_key "$deskey"
ynh_replace_string "#DESKEY#" "$deskey" "$bk_conf"
# Store the config file checksum into the app settings
ynh_store_file_checksum "$bk_conf"
# Disable installation # Disable installation
touch "${TMPDIR}/Specific/INSTALL_DISABLED" touch "${final_path}/Specific/INSTALL_DISABLED"
# Install files and set permissions #=================================================
sudo useradd -c "$app system account" \ # GENERIC FINALIZATION
-d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ #=================================================
|| ynh_die "Unable to create $app system account" # SECURE FILES AND DIRECTORIES
sudo mv "$TMPDIR" "$DESTDIR" #=================================================
sudo chown -hR root: "$DESTDIR"
sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php}
sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php}
# Copy and set nginx configuration # Set permissions
nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" chown -R root: "$final_path"
sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf chown $app "$final_path/Specific/"{config.php,config.system.php}
sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf chmod 640 "$final_path/Specific/"{config.php,config.system.php}
sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf
sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf
sudo cp ../conf/nginx.conf "$nginx_conf"
# Copy and set php-fpm configuration #=================================================
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" # SETUP SSOWAT
sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf #=================================================
sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf
sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf
sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf
sudo cp ../conf/php-fpm.conf "$phpfpm_conf"
# Save app settings # Allow public access on /
ynh_app_setting_set "$app" password "$password"
ynh_app_setting_set "$app" encrypt_key "$deskey"
ynh_app_setting_set "$app" mysqlpwd "$dbpass"
# Set SSOwat rules
ynh_app_setting_set "$app" skipped_uris "/" ynh_app_setting_set "$app" skipped_uris "/"
# But restrain on /admin
ynh_app_setting_set "$app" protected_uris "/admin/" ynh_app_setting_set "$app" protected_uris "/admin/"
# Reload services #=================================================
sudo service php5-fpm restart || true # RELOAD NGINX
sudo service nginx reload || true #=================================================
systemctl reload nginx

78
scripts/remove
View file

@ -1,33 +1,65 @@
#!/bin/bash #!/bin/bash
# Retrieve app id #=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
#if [ ! -e _common.sh ]; then
# # Get file fonction if not been to the current directory
# sudo cp ../settings/scripts/_common.sh ./_common.sh
# sudo chmod a+rx _common.sh
#fi
# Source app helpers
#source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Load common variables and helpers domain=$(ynh_app_setting_get $app domain)
. ./_common.sh db_name=$(ynh_app_setting_get $app db_name)
final_path=$(ynh_app_setting_get $app final_path)
# Set app specific variables #=================================================
dbname=$app # STANDARD REMOVE
dbuser=$app #=================================================
# REMOVE THE MYSQL DATABASE
#=================================================
# Drop MySQL database and user # Remove a database if it exists, along with the associated user
ynh_mysql_drop_db "$dbname" 2>/dev/null || true ynh_mysql_remove_db $db_name $db_name
ynh_mysql_drop_user "$dbuser" 2>/dev/null || true
# Retrieve domain from app settings #=================================================
domain=$(ynh_app_setting_get "$app" domain) # REMOVE APP MAIN DIR
#=================================================
# Delete app directory and configurations # Remove the app directory securely
sudo rm -rf "/var/www/${app}" ynh_secure_remove "$final_path"
sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf"
[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Reload services #=================================================
sudo service php5-fpm restart || true # REMOVE NGINX CONFIGURATION
sudo service nginx reload || true #=================================================
# Remove the user account # Remove the dedicated nginx config
# (must be done after php-fpm restart) ynh_remove_nginx_config
id "$app" >/dev/null 2>&1 \
&& sudo deluser --quiet --remove-home "$app" >/dev/null \ #=================================================
|| true # REMOVE PHP-FPM CONFIGURATION
#=================================================
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
# Delete a system user
ynh_system_user_delete $app

126
scripts/restore
View file

@ -1,62 +1,94 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
# GENERIC START
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit on command errors and treat access to unset variables as an error
set -eu set -eu
# Retrieve app id #=================================================
# IMPORT GENERIC HELPERS
#=================================================
#if [ ! -e _common.sh ]; then
# # Get the _common.sh file if it's not in the current directory
# cp ../settings/scripts/_common.sh ./_common.sh
# chmod a+rx _common.sh
#fi
#source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Source app helpers domain=$(ynh_app_setting_get $app domain)
. /usr/share/yunohost/helpers path_url=$(ynh_app_setting_get $app path)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
# Retrieve old app settings #=================================================
domain=$(ynh_app_setting_get "$app" domain) # CHECK IF THE APP CAN BE RESTORED
path=$(ynh_app_setting_get "$app" path) #=================================================
dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
# Set app specific variables ynh_webpath_available $domain $path_url \
dbname=$app || ynh_die "Path not available: ${domain}${path_url}"
dbuser=$app test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path "
# Check domain/path availability #=================================================
sudo yunohost app checkurl "${domain}${path}" -a "$app" \ # STANDARD RESTORATION STEPS
|| exit 1 #=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
# Check destination directory ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
DESTDIR="/var/www/$app"
[[ -d $DESTDIR ]] && ynh_die \
"The destination directory '$DESTDIR' already exists.\
You should safely delete it before restoring this app."
# Check configuration files #=================================================
nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" # RESTORE THE APP MAIN DIR
[[ -f $nginx_conf ]] && ynh_die \ #=================================================
"The NGINX configuration already exists at '${nginx_conf}'.
You should safely delete it before restoring this app."
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"
[[ -f $phpfpm_conf ]] && ynh_die \
"The PHP FPM configuration already exists at '${phpfpm_conf}'.
You should safely delete it before restoring this app."
# Restore the app files and set permissions ynh_restore_file "$final_path"
sudo cp -a ./sources "$DESTDIR"
if ! id -u $app > /dev/null 2>&1 ; then
sudo useradd -c "$app system account" \
-d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \
|| ynh_die "Unable to create $app system account"
fi
sudo chown -hR root: "$DESTDIR"
sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php}
sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php}
# Create and restore the database #=================================================
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" # RESTORE THE MYSQL DATABASE
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql #=================================================
# Restore configuration files db_pwd=$(ynh_app_setting_get $app mysqlpwd)
sudo cp -a ./nginx.conf "$nginx_conf" ynh_mysql_setup_db $db_name $db_name $db_pwd
sudo cp -a ./php-fpm.conf "$phpfpm_conf" ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql
# Reload services #=================================================
sudo service php5-fpm restart || true # RECREATE THE DEDICATED USER
sudo service nginx reload || true #=================================================
# Create the dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Set permissions
chown -R root: "$final_path"
chown $app "$final_path/Specific/"{config.php,config.system.php}
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
systemctl reload php5-fpm
systemctl reload nginx

209
scripts/upgrade
View file

@ -1,82 +1,161 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
#source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
# Retrieve app id
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Load common variables and helpers domain=$(ynh_app_setting_get $app domain)
. ./_common.sh path_url=$(ynh_app_setting_get $app path)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
# Retrieve app settings #=================================================
domain=$(ynh_app_setting_get "$app" domain) # ENSURE DOWNWARD COMPATIBILITY
path=$(ynh_app_setting_get "$app" path) #=================================================
path=${path%/}
# Set app specific variables if [ -z $final_path ]; then # If final_path doesn't exist, create it
dbname=$app final_path="/var/www/$app"
dbuser=$app ynh_app_setting_set $app final_path $final_path
# Check destination directory
DESTDIR="/var/www/$app"
[[ ! -d $DESTDIR ]] && ynh_die \
"The destination directory '$DESTDIR' does not exist.\
The app is not correctly installed, you should remove it first."
# Create tmp directory and fetch new app inside
TMPDIR=$(ynh_mkdir_tmp)
extract_baikal "$TMPDIR"
# Get Specific folder from current installation
# FIXME: config.php and config.system.php are not updated with possible
# new or changed configurations
rm -rf "${TMPDIR}/Specific/*"
sudo cp -r "${DESTDIR}/Specific/"{config.php,config.system.php} "$TMPDIR/Specific"
sudo chown -hR "${USER}" "${TMPDIR}/Specific"
# Run Baikal upgrade from tmp directory
cp -r ../sources/bin "$TMPDIR"
php "${TMPDIR}/bin/upgrade.sh" \
|| echo "The Baïkal upgrade failed, you should try to go to " \
"https://${domain}${path}/admin/install"
# Install new app and set permissions
if ! id -u $app > /dev/null 2>&1 ; then
sudo useradd -c "$app system account" \
-d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \
|| ynh_die "Unable to create $app system account"
fi fi
sudo rm -rf "$DESTDIR"
sudo mv "$TMPDIR" "$DESTDIR" if [ -z $db_name ]; then # If db_name doesn't exist, create it
sudo chown -hR root: "$DESTDIR" db_name=$(ynh_sanitize_dbid $app)
sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php} ynh_app_setting_set $app db_name $db_name
sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php} fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_backup_before_upgrade # Backup the current version of the app
ynh_clean_setup () {
ynh_restore_upgradebackup # restore it if the upgrade fails
}
ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée.
#=================================================
# CHECK THE PATH
#=================================================
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
# Create a system user
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# UPGRADE BAIKAL
#=================================================
# Run Baikal upgrade
php "${final_path}/bin/upgrade.sh"
# Cleanup old baikal-admin sessions # Cleanup old baikal-admin sessions
# since we may have changed owner of the session file # since we may have changed owner of the session file
sudo grep -lr "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs sudo rm grep -lr "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs rm -f
# Copy and set nginx configuration #=================================================
nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" # UPGRADE BAIKAL CONFIGURATION
sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf #=================================================
sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf
sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf
sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf
sudo cp ../conf/nginx.conf "$nginx_conf"
# Copy and set php-fpm configuration bk_conf="${final_path}/Specific/config.php"
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" # Verify the checksum and backup the file if it's different
sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf ynh_backup_if_checksum_is_different "$bk_conf"
sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf cp ../conf/config.php "$bk_conf"
sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf
sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf
sudo cp ../conf/php-fpm.conf "$phpfpm_conf"
# Set SSOwat rules ynh_replace_string "#TIMEZONE#" "$(cat /etc/timezone)" "$bk_conf"
password_hash=$(ynh_app_setting_get $app password_hash)
# If the password_hash is not in the app's config, recreate it from the password.
if [ -z "$password_hash" ]; then
password=$(ynh_app_setting_get $app password)
password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1)
ynh_app_setting_set $app password_hash $password_hash
fi
ynh_replace_string "#PASSWORDHASH#" "${password_hash}" "$bk_conf"
# Store the config file checksum into the app settings
ynh_store_file_checksum "$bk_conf"
bk_conf="${final_path}/Specific/config.system.php"
# Verify the checksum and backup the file if it's different
ynh_backup_if_checksum_is_different "$bk_conf"
cp ../conf/config.system.php "$bk_conf"
ynh_replace_string "#PATH#" "$path_url" "$bk_conf"
ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf"
ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf"
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf"
deskey=$(ynh_app_setting_get $app deskey)
ynh_replace_string "#DESKEY#" "$deskey" "$bk_conf"
# Store the config file checksum into the app settings
ynh_store_file_checksum "$bk_conf"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Set permissions
chown -R root: "$final_path"
chown $app "$final_path/Specific/"{config.php,config.system.php}
chmod 640 "$final_path/Specific/"{config.php,config.system.php}
#=================================================
# SETUP SSOWAT
#=================================================
# Allow public access on /
ynh_app_setting_set "$app" skipped_uris "/" ynh_app_setting_set "$app" skipped_uris "/"
# But restrain on /admin
ynh_app_setting_set "$app" protected_uris "/admin/" ynh_app_setting_set "$app" protected_uris "/admin/"
# Reload services #=================================================
sudo service php5-fpm restart || true # RELOAD NGINX
sudo service nginx reload || true #=================================================
systemctl reload nginx

0
sources/bin/upgrade.sh → sources/extra_files/app/bin/upgrade.sh
View file

4
patches/add-ldap-auth.patch → sources/patches/app-add-ldap-auth.patch
View file

@ -1,4 +1,4 @@
--- /dev/null --- b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php
+++ b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php +++ b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php
@@ -0,0 +1,130 @@ @@ -0,0 +1,130 @@
+<?php +<?php
@ -131,7 +131,7 @@
+ } + }
+ +
+} +}
--- /dev/null --- b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
+++ b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php +++ b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
@@ -0,0 +1,75 @@ @@ -0,0 +1,75 @@
+<?php +<?php