Merge pull request #21 from YunoHost-Apps/refactoring

Fix install + refactoring
2024-09-03 18:16:11 +02:00 · 2017-10-31 12:35:37 +01:00 · 2017-10-31 12:35:37 +01:00 · 13868c1bb7
commit 13868c1bb7
parent db23077fef 6fa823fa03
15 changed files with 493 additions and 302 deletions
--- a/19
+++ b/19
@ -1,9 +1,8 @@
 ;; Test complet
-	auto_remove=1
 	; Manifest
 		domain="domain.tld"	(DOMAIN)
 		path="/path"	(PATH)
-		password="mysecret"	(PASSWORD)
+		password="mysecret"
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=1
@ -14,22 +13,22 @@
 		upgrade=1
 		backup_restore=1
 		multi_instance=0
-		wrong_user=0
-		wrong_path=1
 		incorrect_path=1
-		corrupt_source=0
-		fail_download_source=0
 		port_already_use=0
-		final_path_already_use=0
+		change_url=0
 ;;; Levels
 	Level 1=auto
 	Level 2=auto
 	Level 3=auto
-# Niveau 4 ignoré, mais c'est à confirmé par le mainteneur de l'application.
-	Level 4=na
-	Level 5=auto
+# Patch add-ldap-auth
+	Level 4=1
+# https://github.com/YunoHost-Apps/baikal_ynh/issues/19
+	Level 5=1
 	Level 6=auto
 	Level 7=auto
 	Level 8=0
 	Level 9=0
 	Level 10=0
+;;; Options
+Email=
+Notification=none
--- a/conf/app.src
+++ b/conf/app.src
@ -0,0 +1,6 @@
+SOURCE_URL=https://github.com/fruux/Baikal/releases/download/0.4.6/baikal-0.4.6.zip
+SOURCE_SUM=946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=zip
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=
--- a/conf/config.php
+++ b/conf/config.php
@ -3,7 +3,7 @@
 #
 #	Copyright notice
 #
-#	(c) 2016 Jérôme Schneider <mail@jeromeschneider.fr>
+#	(c) 2017 Jérôme Schneider <mail@jeromeschneider.fr>
 #	All rights reserved
 #
 #	http://baikal-server.com
--- a/conf/config.system.php
+++ b/conf/config.system.php
@ -3,7 +3,7 @@
 #
 #	Copyright notice
 #
-#	(c) 2016 Jérôme Schneider <mail@jeromeschneider.fr>
+#	(c) 2017 Jérôme Schneider <mail@jeromeschneider.fr>
 #	All rights reserved
 #
 #	http://baikal-server.com
@ -69,4 +69,4 @@ define("PROJECT_DB_MYSQL_PASSWORD", '#DBPASS#');
 define("BAIKAL_ENCRYPTION_KEY", '#DESKEY#');

 # The currently configured Baïkal version
-define("BAIKAL_CONFIGURED_VERSION", '0.4.4');
+define("BAIKAL_CONFIGURED_VERSION", '0.4.6');
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,15 +1,16 @@
 location = /.well-known/carddav {
-  return 301 https://$server_name{PATH}/card.php;
+  return 301 https://$server_name__PATH__/card.php;
 }
 location = /.well-known/caldav {
-  return 301 https://$server_name{PATH}/cal.php;
+  return 301 https://$server_name__PATH__/cal.php;
 }

-location {LOCATION} {
-  alias {DESTDIR}/html/;
+location __PATH__ {
+  alias __FINALPATH__/html/;

  if ($scheme = http) {
    return 301 https://$server_name$request_uri;
+#    rewrite ^ https://$server_name$request_uri? permanent;
  }

  index index.php;
@ -19,10 +20,10 @@ location {LOCATION} {
    fastcgi_split_path_info ^(.+\.php)(.*)$;
    fastcgi_param PATH_INFO       $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $request_filename;
-    fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock;
+    fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
  }

-  location ~ ^{PATH}/(\.|Core|Specific) {
+  location ~ ^__PATH__/(\.|Core|Specific) {
    deny all;
  }
 }
--- a/conf/php-fpm.conf
+++ b/conf/php-fpm.conf
@ -1,6 +1,6 @@
-[{POOLNAME}]
+[__NAMETOCHANGE__]
 ; The address on which to accept FastCGI requests.
-listen = /var/run/php5-fpm-{POOLNAME}.sock
+listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock

 ; Set permissions for unix socket, if one is used.
 listen.owner = www-data
@ -8,8 +8,8 @@ listen.group = www-data
 listen.mode = 0600

 ; Unix user/group of processes.
-user = {USER}
-group = {GROUP}
+user = __USER__
+group = __USER__

 ; Choose how the process manager will control the number of child processes.
 pm = dynamic
@ -47,7 +47,7 @@ request_terminate_timeout = 1d
 request_slowlog_timeout = 5s

 ; The log file for slow requests.
-slowlog = /var/log/nginx/{POOLNAME}.slow.log
+slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log

 ; Set open file descriptor rlimit.
 rlimit_files = 4096
@ -56,7 +56,7 @@ rlimit_files = 4096
 rlimit_core = 0

 ; Chdir to this directory at the start.
-chdir = {DESTDIR}
+chdir = __FINALPATH__

 ; Redirect worker stdout and stderr into main error log.
 catch_workers_output = yes
--- a/manifest.json
+++ b/manifest.json
@ -1,27 +1,27 @@
 {
-    "packaging_format": 1,
    "id": "baikal",
    "name": "Baikal",
+    "packaging_format": 1,
    "description": {
        "en": "Lightweight CalDAV+CardDAV server",
        "fr": "Serveur CalDAV+CardDAV léger"
    },
    "url": "http://baikal-server.com/",
-    "license": "GPL-3",
+    "license": "GPL-3.0",
    "version": "0.4.6",
    "maintainer": {
        "name": "julien",
        "email": "julien.malik@paraiso.me"
    },
    "multi_instance": false,
-    "requirements": {
-        "yunohost": ">= 2.3.16"
-    },
    "services": [
        "nginx",
        "php5-fpm",
        "mysql"
    ],
+    "requirements": {
+        "yunohost": ">= 2.7.2"
+    },
    "arguments": {
        "install" : [
            {
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -1,43 +0,0 @@
-#
-# Common variables
-#
-
-# Baikal version
-VERSION=0.4.6
-
-# Baikal source archive checksum
-BAIKAL_SOURCE_SHA256="946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6"
-
-# Remote URL to fetch Baikal source archive
-BAIKAL_SOURCE_URL="https://github.com/fruux/Baikal/releases/download/${VERSION}/baikal-${VERSION}.zip"
-
-# App package root directory should be the parent folder
-PKGDIR=$(cd ../; pwd)
-
-#
-# Common helpers
-#
-
-# Source app helpers
-source /usr/share/yunohost/helpers
-
-# Download and extract Baikal sources to the given directory
-# usage: extract_baikal DESTDIR
-extract_baikal() {
-  local DESTDIR=$1
-  local bk_archive="${DESTDIR}/baikal.zip"
-
-  wget -q -O "$bk_archive" "$BAIKAL_SOURCE_URL" \
-    || ynh_die "Unable to download Baikal archive"
-  echo "$BAIKAL_SOURCE_SHA256 $bk_archive" | sha256sum -c >/dev/null \
-    || ynh_die "Invalid checksum of downloaded archive"
-  unzip -q "$bk_archive" -d "$DESTDIR" \
-    || ynh_die "Unable to extract Baikal archive"
-  mv "${DESTDIR}/baikal/"* "$DESTDIR"
-  rm -rf "$bk_archive" "${DESTDIR}/baikal"
-
-  # apply patches
-  (cd "$DESTDIR" \
-   && for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \
-    || die "Unable to apply patches to Baikal"
-}
--- a/scripts/backup
+++ b/scripts/backup
@ -1,30 +1,59 @@
 #!/bin/bash

-# Exit on command errors and treat unset variables as an error
+#=================================================
+# GENERIC START
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+# Exit on command errors and treat access to unset variables as an error
 set -eu

-# Retrieve app id
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+#if [ ! -e _common.sh ]; then
+#	# Get the _common.sh file if it's not in the current directory
+#	cp ../settings/scripts/_common.sh ./_common.sh
+#	chmod a+rx _common.sh
+#fi
+#source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+
 app=$YNH_APP_INSTANCE_NAME

-# Set app specific variables
-dbname=$app
-dbuser=$app
+final_path=$(ynh_app_setting_get $app final_path)
+domain=$(ynh_app_setting_get $app domain)
+db_name=$(ynh_app_setting_get $app db_name)
+db_pwd=$(ynh_app_setting_get $app mysqlpwd)

-# Source app helpers
-. /usr/share/yunohost/helpers
+#=================================================
+# STANDARD BACKUP STEPS
+#=================================================
+# BACKUP THE APP MAIN DIR
+#=================================================

-# Retrieve app settings
-domain=$(ynh_app_setting_get "$app" domain)
-path=$(ynh_app_setting_get "$app" path)
-dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
+ynh_backup "$final_path"

-# Copy the app files
-DESTDIR="/var/www/$app"
-ynh_backup "$DESTDIR" "sources"
+#=================================================
+# BACKUP THE NGINX CONFIGURATION
+#=================================================

-# Copy the conf files
-ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
-ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf"
+ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"

-# Dump the database
-mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql
+#=================================================
+# BACKUP THE PHP-FPM CONFIGURATION
+#=================================================
+
+ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
+
+#=================================================
+# BACKUP THE MYSQL DATABASE
+#=================================================
+
+ynh_mysql_dump_db "$db_name" > db.sql
--- a/scripts/install
+++ b/scripts/install
@ -1,100 +1,156 @@
 #!/bin/bash

-# Exit on command errors and treat unset variables as an error
-set -eu
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+#source ./_common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# RETRIEVE ARGUMENTS FROM THE MANIFEST
+#=================================================
+
+domain=$YNH_APP_ARG_DOMAIN
+path_url=$YNH_APP_ARG_PATH
+password=$YNH_APP_ARG_PASSWORD

-# Retrieve app id
 app=$YNH_APP_INSTANCE_NAME

-# Retrieve arguments
-domain=$1
-path=${2%/}
-password=$3
+#=================================================
+# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
+#=================================================

-# Load common variables and helpers
-. ./_common.sh
+# Normalize the url path syntax
+path_url=$(ynh_normalize_url_path $path_url)

-# Set app specific variables
-dbname=$app
-dbuser=$app
+final_path=/var/www/$app
+test ! -e "$final_path" || ynh_die "This path already contains a folder"

-# Check domain/path availability
-sudo yunohost app checkurl "${domain}${path}" -a "$app" \
-  || exit 1
+# Check web path availability
+ynh_webpath_available $domain $path_url
+# Register (book) web path
+ynh_webpath_register $app $domain $path_url

-# Check destination directory
-DESTDIR="/var/www/${app}"
-[[ -d "$DESTDIR" ]] && ynh_die \
-"The destination directory '${DESTDIR}' already exists.\
- You should safely delete it before installing this app."
+#=================================================
+# STORE SETTINGS FROM MANIFEST
+#=================================================

-# Create tmp directory and fetch app inside
-TMPDIR=$(ynh_mkdir_tmp)
-extract_baikal "$TMPDIR"
+ynh_app_setting_set $app domain $domain
+ynh_app_setting_set $app path $path_url

-# Generate random DES key & password
-deskey=$(ynh_string_random 24)
-dbpass=$(ynh_string_random)
+#=================================================
+# STANDARD MODIFICATIONS
+#=================================================
+# CREATE A MYSQL DATABASE
+#=================================================

-# Initialize database
-ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
-ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" \
-    < "${TMPDIR}/Core/Resources/Db/MySQL/db.sql"
+db_name=$(ynh_sanitize_dbid $app)
+ynh_app_setting_set $app db_name $db_name
+ynh_mysql_setup_db $db_name $db_name

+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+
+ynh_app_setting_set $app final_path $final_path
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source "$final_path"
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+
+# Create a dedicated nginx config
+ynh_add_nginx_config
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+
+# Create a system user
+ynh_system_user_create $app
+
+#=================================================
+# PHP-FPM CONFIGURATION
+#=================================================
+
+# Create a dedicated php-fpm config
+ynh_add_fpm_config
+
+#=================================================
+# SPECIFIC SETUP
+#=================================================
+# INITIALIZE DATABASE
+#=================================================
+
+ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \
+    < "${final_path}/Core/Resources/Db/MySQL/db.sql"
+
+#=================================================
+# CONFIGURE BAIKAL
+#=================================================
+
+bk_conf="${final_path}/Specific/config.php"
+cp ../conf/config.php "$bk_conf"
+
+ynh_replace_string "#TIMEZONE#" "$(cat /etc/timezone)" "$bk_conf"
 # Create admin password hash
 password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1)
+ynh_replace_string "#PASSWORDHASH#" "${password_hash}" "$bk_conf"
+ynh_app_setting_set $app password_hash $password_hash

-# Copy and set Baikal configuration
-bk_conf="${TMPDIR}/Specific/config.php"
-cp ../conf/config.php "$bk_conf"
-sed -i "s@#TIMEZONE#@$(cat /etc/timezone)@g" "$bk_conf"
-sed -i "s@#PASSWORDHASH#@${password_hash}@g" "$bk_conf"
+# Store the config file checksum into the app settings
+ynh_store_file_checksum "$bk_conf"

-bk_conf="${TMPDIR}/Specific/config.system.php"
+bk_conf="${final_path}/Specific/config.system.php"
 cp ../conf/config.system.php "$bk_conf"
-sed -i "s@#PATH#@${path}@g"     "$bk_conf"
-sed -i "s@#DBNAME#@${dbname}@g" "$bk_conf"
-sed -i "s@#DBUSER#@${dbuser}@g" "$bk_conf"
-sed -i "s@#DBPASS#@${dbpass}@g" "$bk_conf"
-sed -i "s@#DESKEY#@${deskey}@g" "$bk_conf"
+ynh_replace_string "#PATH#" "$path_url" "$bk_conf"
+ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf"
+ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf"
+ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf"
+
+deskey=$(ynh_string_random 24)
+ynh_app_setting_set "$app" encrypt_key "$deskey"
+ynh_replace_string "#DESKEY#" "$deskey" "$bk_conf"
+
+# Store the config file checksum into the app settings
+ynh_store_file_checksum "$bk_conf"

 # Disable installation
-touch "${TMPDIR}/Specific/INSTALL_DISABLED"
+touch "${final_path}/Specific/INSTALL_DISABLED"

-# Install files and set permissions
-sudo useradd -c "$app system account" \
-  -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \
-  || ynh_die "Unable to create $app system account"
-sudo mv "$TMPDIR" "$DESTDIR"
-sudo chown -hR root: "$DESTDIR"
-sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php}
-sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php}
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SECURE FILES AND DIRECTORIES
+#=================================================

-# Copy and set nginx configuration
-nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
-sed -i "s@{PATH}@${path}@g"        ../conf/nginx.conf
-sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf
-sed -i "s@{DESTDIR}@${DESTDIR}@g"  ../conf/nginx.conf
-sed -i "s@{POOLNAME}@${app}@g"     ../conf/nginx.conf
-sudo cp ../conf/nginx.conf "$nginx_conf"
+# Set permissions
+chown -R root: "$final_path"
+chown $app "$final_path/Specific/"{config.php,config.system.php}
+chmod 640 "$final_path/Specific/"{config.php,config.system.php}

-# Copy and set php-fpm configuration
-phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"
-sed -i "s@{POOLNAME}@${app}@g"     ../conf/php-fpm.conf
-sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf
-sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf
-sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf
-sudo cp ../conf/php-fpm.conf "$phpfpm_conf"
+#=================================================
+# SETUP SSOWAT
+#=================================================

-# Save app settings
-ynh_app_setting_set "$app" password "$password"
-ynh_app_setting_set "$app" encrypt_key "$deskey"
-ynh_app_setting_set "$app" mysqlpwd "$dbpass"
-
-# Set SSOwat rules
+# Allow public access on /
 ynh_app_setting_set "$app" skipped_uris "/"
+# But restrain on /admin
 ynh_app_setting_set "$app" protected_uris "/admin/"

-# Reload services
-sudo service php5-fpm restart || true
-sudo service nginx reload || true
+#=================================================
+# RELOAD NGINX
+#=================================================
+
+systemctl reload nginx
--- a/scripts/remove
+++ b/scripts/remove
@ -1,33 +1,65 @@
 #!/bin/bash

-# Retrieve app id
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+#if [ ! -e _common.sh ]; then
+#	# Get file fonction if not been to the current directory
+#	sudo cp ../settings/scripts/_common.sh ./_common.sh
+#	sudo chmod a+rx _common.sh
+#fi
+# Source app helpers
+#source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+
 app=$YNH_APP_INSTANCE_NAME

-# Load common variables and helpers
-. ./_common.sh
+domain=$(ynh_app_setting_get $app domain)
+db_name=$(ynh_app_setting_get $app db_name)
+final_path=$(ynh_app_setting_get $app final_path)

-# Set app specific variables
-dbname=$app
-dbuser=$app
+#=================================================
+# STANDARD REMOVE
+#=================================================
+# REMOVE THE MYSQL DATABASE
+#=================================================

-# Drop MySQL database and user
-ynh_mysql_drop_db "$dbname" 2>/dev/null || true
-ynh_mysql_drop_user "$dbuser" 2>/dev/null || true
+# Remove a database if it exists, along with the associated user
+ynh_mysql_remove_db $db_name $db_name

-# Retrieve domain from app settings
-domain=$(ynh_app_setting_get "$app" domain)
+#=================================================
+# REMOVE APP MAIN DIR
+#=================================================

-# Delete app directory and configurations
-sudo rm -rf "/var/www/${app}"
-sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf"
-[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf"
+# Remove the app directory securely
+ynh_secure_remove "$final_path"

-# Reload services
-sudo service php5-fpm restart || true
-sudo service nginx reload || true
+#=================================================
+# REMOVE NGINX CONFIGURATION
+#=================================================

-# Remove the user account
-# (must be done after php-fpm restart)
-id "$app" >/dev/null 2>&1 \
-  && sudo deluser --quiet --remove-home "$app" >/dev/null \
-  || true
+# Remove the dedicated nginx config
+ynh_remove_nginx_config
+
+#=================================================
+# REMOVE PHP-FPM CONFIGURATION
+#=================================================
+
+# Remove the dedicated php-fpm config
+ynh_remove_fpm_config
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# REMOVE DEDICATED USER
+#=================================================
+
+# Delete a system user
+ynh_system_user_delete $app
--- a/scripts/restore
+++ b/scripts/restore
@ -1,62 +1,94 @@
 #!/bin/bash

-# Exit on command errors and treat unset variables as an error
+#=================================================
+# GENERIC START
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+# Exit on command errors and treat access to unset variables as an error
 set -eu

-# Retrieve app id
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+#if [ ! -e _common.sh ]; then
+#	# Get the _common.sh file if it's not in the current directory
+#	cp ../settings/scripts/_common.sh ./_common.sh
+#	chmod a+rx _common.sh
+#fi
+#source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+
 app=$YNH_APP_INSTANCE_NAME

-# Source app helpers
-. /usr/share/yunohost/helpers
+domain=$(ynh_app_setting_get $app domain)
+path_url=$(ynh_app_setting_get $app path)
+final_path=$(ynh_app_setting_get $app final_path)
+db_name=$(ynh_app_setting_get $app db_name)

-# Retrieve old app settings
-domain=$(ynh_app_setting_get "$app" domain)
-path=$(ynh_app_setting_get "$app" path)
-dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
+#=================================================
+# CHECK IF THE APP CAN BE RESTORED
+#=================================================

-# Set app specific variables
-dbname=$app
-dbuser=$app
+ynh_webpath_available $domain $path_url \
+	|| ynh_die "Path not available: ${domain}${path_url}"
+test ! -d $final_path \
+	|| ynh_die "There is already a directory: $final_path "

-# Check domain/path availability
-sudo yunohost app checkurl "${domain}${path}" -a "$app" \
-  || exit 1
+#=================================================
+# STANDARD RESTORATION STEPS
+#=================================================
+# RESTORE THE NGINX CONFIGURATION
+#=================================================

-# Check destination directory
-DESTDIR="/var/www/$app"
-[[ -d $DESTDIR ]] && ynh_die \
-"The destination directory '$DESTDIR' already exists.\
- You should safely delete it before restoring this app."
+ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"

-# Check configuration files
-nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
-[[ -f $nginx_conf ]] && ynh_die \
-"The NGINX configuration already exists at '${nginx_conf}'.
- You should safely delete it before restoring this app."
-phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"
-[[ -f $phpfpm_conf ]] && ynh_die \
-"The PHP FPM configuration already exists at '${phpfpm_conf}'.
- You should safely delete it before restoring this app."
+#=================================================
+# RESTORE THE APP MAIN DIR
+#=================================================

-# Restore the app files and set permissions
-sudo cp -a ./sources "$DESTDIR"
-if ! id -u $app > /dev/null 2>&1 ; then
-  sudo useradd -c "$app system account" \
-    -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \
-    || ynh_die "Unable to create $app system account"
-fi
-sudo chown -hR root: "$DESTDIR"
-sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php}
-sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php}
+ynh_restore_file "$final_path"

-# Create and restore the database
-ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
-ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql
+#=================================================
+# RESTORE THE MYSQL DATABASE
+#=================================================

-# Restore configuration files
-sudo cp -a ./nginx.conf   "$nginx_conf"
-sudo cp -a ./php-fpm.conf "$phpfpm_conf"
+db_pwd=$(ynh_app_setting_get $app mysqlpwd)
+ynh_mysql_setup_db $db_name $db_name $db_pwd
+ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql

-# Reload services
-sudo service php5-fpm restart || true
-sudo service nginx reload || true
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create $app
+
+#=================================================
+# RESTORE USER RIGHTS
+#=================================================
+
+# Set permissions
+chown -R root: "$final_path"
+chown $app "$final_path/Specific/"{config.php,config.system.php}
+
+#=================================================
+# RESTORE THE PHP-FPM CONFIGURATION
+#=================================================
+
+ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# RELOAD NGINX AND PHP-FPM
+#=================================================
+
+systemctl reload php5-fpm
+systemctl reload nginx
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -1,82 +1,161 @@
 #!/bin/bash

-# Exit on command errors and treat unset variables as an error
-set -eu
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+#source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# LOAD SETTINGS
+#=================================================

-# Retrieve app id
 app=$YNH_APP_INSTANCE_NAME

-# Load common variables and helpers
-. ./_common.sh
+domain=$(ynh_app_setting_get $app domain)
+path_url=$(ynh_app_setting_get $app path)
+final_path=$(ynh_app_setting_get $app final_path)
+db_name=$(ynh_app_setting_get $app db_name)

-# Retrieve app settings
-domain=$(ynh_app_setting_get "$app" domain)
-path=$(ynh_app_setting_get "$app" path)
-path=${path%/}
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================

-# Set app specific variables
-dbname=$app
-dbuser=$app
-
-# Check destination directory
-DESTDIR="/var/www/$app"
-[[ ! -d $DESTDIR ]] && ynh_die \
-"The destination directory '$DESTDIR' does not exist.\
- The app is not correctly installed, you should remove it first."
-
-# Create tmp directory and fetch new app inside
-TMPDIR=$(ynh_mkdir_tmp)
-extract_baikal "$TMPDIR"
-
-# Get Specific folder from current installation
-# FIXME: config.php and config.system.php are not updated with possible
-# new or changed configurations
-rm -rf "${TMPDIR}/Specific/*"
-sudo cp -r "${DESTDIR}/Specific/"{config.php,config.system.php} "$TMPDIR/Specific"
-sudo chown -hR "${USER}" "${TMPDIR}/Specific"
-
-# Run Baikal upgrade from tmp directory
-cp -r ../sources/bin "$TMPDIR"
-php "${TMPDIR}/bin/upgrade.sh" \
-  || echo "The Baïkal upgrade failed, you should try to go to " \
-        "https://${domain}${path}/admin/install"
-
-# Install new app and set permissions
-if ! id -u $app > /dev/null 2>&1 ; then
-  sudo useradd -c "$app system account" \
-    -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \
-    || ynh_die "Unable to create $app system account"
+if [ -z $final_path ]; then	# If final_path doesn't exist, create it
+	final_path="/var/www/$app"
+	ynh_app_setting_set $app final_path $final_path
 fi
-sudo rm -rf "$DESTDIR"
-sudo mv "$TMPDIR" "$DESTDIR"
-sudo chown -hR root: "$DESTDIR"
-sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php}
-sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php}
+
+if [ -z $db_name ]; then	# If db_name doesn't exist, create it
+	db_name=$(ynh_sanitize_dbid $app)
+	ynh_app_setting_set $app db_name $db_name
+fi
+
+#=================================================
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+#=================================================
+
+ynh_backup_before_upgrade	# Backup the current version of the app
+ynh_clean_setup () {
+	ynh_restore_upgradebackup	# restore it if the upgrade fails
+}
+ynh_abort_if_errors	# Active trap pour arrêter le script si une erreur est détectée.
+
+#=================================================
+# CHECK THE PATH
+#=================================================
+
+# Normalize the URL path syntax
+path_url=$(ynh_normalize_url_path $path_url)
+
+#=================================================
+# STANDARD UPGRADE STEPS
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source "$final_path"
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+
+# Create a dedicated nginx config
+ynh_add_nginx_config
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+
+# Create a system user
+ynh_system_user_create $app
+
+#=================================================
+# PHP-FPM CONFIGURATION
+#=================================================
+
+# Create a dedicated php-fpm config
+ynh_add_fpm_config
+
+#=================================================
+# SPECIFIC UPGRADE
+#=================================================
+# UPGRADE BAIKAL
+#=================================================
+
+# Run Baikal upgrade
+php "${final_path}/bin/upgrade.sh"

 # Cleanup old baikal-admin sessions
 # since we may have changed owner of the session file
-sudo grep -lr "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs sudo rm
+grep -lr "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs rm -f

-# Copy and set nginx configuration
-nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
-sed -i "s@{PATH}@${path}@g"        ../conf/nginx.conf
-sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf
-sed -i "s@{DESTDIR}@${DESTDIR}@g"  ../conf/nginx.conf
-sed -i "s@{POOLNAME}@${app}@g"     ../conf/nginx.conf
-sudo cp ../conf/nginx.conf "$nginx_conf"
+#=================================================
+# UPGRADE BAIKAL CONFIGURATION
+#=================================================

-# Copy and set php-fpm configuration
-phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"
-sed -i "s@{POOLNAME}@${app}@g"     ../conf/php-fpm.conf
-sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf
-sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf
-sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf
-sudo cp ../conf/php-fpm.conf "$phpfpm_conf"
+bk_conf="${final_path}/Specific/config.php"
+# Verify the checksum and backup the file if it's different
+ynh_backup_if_checksum_is_different "$bk_conf"
+cp ../conf/config.php "$bk_conf"

-# Set SSOwat rules
+ynh_replace_string "#TIMEZONE#" "$(cat /etc/timezone)" "$bk_conf"
+
+password_hash=$(ynh_app_setting_get $app password_hash)
+# If the password_hash is not in the app's config, recreate it from the password.
+if [ -z "$password_hash" ]; then
+    password=$(ynh_app_setting_get $app password)
+    password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1)
+    ynh_app_setting_set $app password_hash $password_hash
+fi
+ynh_replace_string "#PASSWORDHASH#" "${password_hash}" "$bk_conf"
+
+# Store the config file checksum into the app settings
+ynh_store_file_checksum "$bk_conf"
+
+bk_conf="${final_path}/Specific/config.system.php"
+# Verify the checksum and backup the file if it's different
+ynh_backup_if_checksum_is_different "$bk_conf"
+cp ../conf/config.system.php "$bk_conf"
+
+ynh_replace_string "#PATH#" "$path_url" "$bk_conf"
+ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf"
+ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf"
+db_pwd=$(ynh_app_setting_get $app mysqlpwd)
+ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf"
+
+deskey=$(ynh_app_setting_get $app deskey)
+ynh_replace_string "#DESKEY#" "$deskey" "$bk_conf"
+
+# Store the config file checksum into the app settings
+ynh_store_file_checksum "$bk_conf"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SECURE FILES AND DIRECTORIES
+#=================================================
+
+# Set permissions
+chown -R root: "$final_path"
+chown $app "$final_path/Specific/"{config.php,config.system.php}
+chmod 640 "$final_path/Specific/"{config.php,config.system.php}
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+
+# Allow public access on /
 ynh_app_setting_set "$app" skipped_uris "/"
+# But restrain on /admin
 ynh_app_setting_set "$app" protected_uris "/admin/"

-# Reload services
-sudo service php5-fpm restart || true
-sudo service nginx reload || true
+#=================================================
+# RELOAD NGINX
+#=================================================
+
+systemctl reload nginx
--- a/sources/extra_files/app/bin/upgrade.sh
+++ b/sources/extra_files/app/bin/upgrade.sh
--- a/sources/patches/app-add-ldap-auth.patch
+++ b/sources/patches/app-add-ldap-auth.patch
@ -1,4 +1,4 @@
--- /dev/null
+--- b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php
 +++ b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php
@@ -0,0 +1,130 @@
 +<?php
@ -131,7 +131,7 @@
 +    }
 +
 +}
--- /dev/null
+--- b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
 +++ b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
@@ -0,0 +1,75 @@
 +<?php