YunoHost-Apps/baikal_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/baikal_ynh.git synced 2024-09-03 18:16:11 +02:00
Code Issues Activity Actions

Fix install + refactoring

Browse source
This commit is contained in:
Maniack Crudelis 2017-08-26 19:19:30 +02:00
parent db23077fef
commit 1aea3f3c49
15 changed files with 629 additions and 291 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
check_process
View file

@ -1,9 +1,8 @@
;; Test complet ;; Test complet
auto_remove=1
; Manifest ; Manifest
domain="domain.tld" (DOMAIN) domain="domain.tld" (DOMAIN)
path="/path" (PATH) path="/path" (PATH)
password="mysecret" (PASSWORD) password="mysecret"
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1
@ -14,22 +13,22 @@
upgrade=1 upgrade=1
backup_restore=1 backup_restore=1
multi_instance=0 multi_instance=0
wrong_user=0
wrong_path=1
incorrect_path=1 incorrect_path=1
corrupt_source=0
fail_download_source=0
port_already_use=0 port_already_use=0
final_path_already_use=0 change_url=0
;;; Levels ;;; Levels
Level 1=auto Level 1=auto
Level 2=auto Level 2=auto
Level 3=auto Level 3=auto
# Niveau 4 ignoré, mais c'est à confirmé par le mainteneur de l'application. # Patch add-ldap-auth
Level 4=na Level 4=1
Level 5=auto # https://github.com/YunoHost-Apps/baikal_ynh/issues/19
Level 5=1
Level 6=auto Level 6=auto
Level 7=auto Level 7=auto
Level 8=0 Level 8=0
Level 9=0 Level 9=0
Level 10=0 Level 10=0
;;; Options
Email=
Notification=none

6
conf/app.src Normal file
View file

@ -0,0 +1,6 @@
SOURCE_URL=https://github.com/fruux/Baikal/releases/download/0.4.6/baikal-0.4.6.zip
SOURCE_SUM=946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

2
conf/config.php
View file

@ -3,7 +3,7 @@
# #
# Copyright notice # Copyright notice
# #
# (c) 2016 Jérôme Schneider <mail@jeromeschneider.fr> # (c) 2017 Jérôme Schneider <mail@jeromeschneider.fr>
# All rights reserved # All rights reserved
# #
# http://baikal-server.com # http://baikal-server.com

4
conf/config.system.php
View file

@ -3,7 +3,7 @@
# #
# Copyright notice # Copyright notice
# #
# (c) 2016 Jérôme Schneider <mail@jeromeschneider.fr> # (c) 2017 Jérôme Schneider <mail@jeromeschneider.fr>
# All rights reserved # All rights reserved
# #
# http://baikal-server.com # http://baikal-server.com
@ -69,4 +69,4 @@ define("PROJECT_DB_MYSQL_PASSWORD", '#DBPASS#');
define("BAIKAL_ENCRYPTION_KEY", '#DESKEY#'); define("BAIKAL_ENCRYPTION_KEY", '#DESKEY#');
# The currently configured Baïkal version # The currently configured Baïkal version
define("BAIKAL_CONFIGURED_VERSION", '0.4.4'); define("BAIKAL_CONFIGURED_VERSION", '0.4.6');

13
conf/nginx.conf
View file

@ -1,15 +1,16 @@
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 https://$server_name{PATH}/card.php; return 301 https://$server_name__PATH__/card.php;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 https://$server_name{PATH}/cal.php; return 301 https://$server_name__PATH__/cal.php;
} }
location {LOCATION} { location __PATH__ {
alias {DESTDIR}/html/; alias __FINALPATH__/html/;
if ($scheme = http) { if ($scheme = http) {
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
# rewrite ^ https://$server_name$request_uri? permanent;
} }
index index.php; index index.php;
@ -19,10 +20,10 @@ location {LOCATION} {
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
} }
location ~ ^{PATH}/(\.|Core|Specific) { location ~ ^__PATH__/(\.|Core|Specific) {
deny all; deny all;
} }
} }

12
conf/php-fpm.conf
View file

@ -1,6 +1,6 @@
[{POOLNAME}] [__NAMETOCHANGE__]
; The address on which to accept FastCGI requests. ; The address on which to accept FastCGI requests.
listen = /var/run/php5-fpm-{POOLNAME}.sock listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
; Set permissions for unix socket, if one is used. ; Set permissions for unix socket, if one is used.
listen.owner = www-data listen.owner = www-data
@ -8,8 +8,8 @@ listen.group = www-data
listen.mode = 0600 listen.mode = 0600
; Unix user/group of processes. ; Unix user/group of processes.
user = {USER} user = __USER__
group = {GROUP} group = __USER__
; Choose how the process manager will control the number of child processes. ; Choose how the process manager will control the number of child processes.
pm = dynamic pm = dynamic
@ -47,7 +47,7 @@ request_terminate_timeout = 1d
request_slowlog_timeout = 5s request_slowlog_timeout = 5s
; The log file for slow requests. ; The log file for slow requests.
slowlog = /var/log/nginx/{POOLNAME}.slow.log slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log
; Set open file descriptor rlimit. ; Set open file descriptor rlimit.
rlimit_files = 4096 rlimit_files = 4096
@ -56,7 +56,7 @@ rlimit_files = 4096
rlimit_core = 0 rlimit_core = 0
; Chdir to this directory at the start. ; Chdir to this directory at the start.
chdir = {DESTDIR} chdir = __FINALPATH__
; Redirect worker stdout and stderr into main error log. ; Redirect worker stdout and stderr into main error log.
catch_workers_output = yes catch_workers_output = yes

8
manifest.json
View file

@ -1,7 +1,7 @@
{ {
"packaging_format": 1,
"id": "baikal", "id": "baikal",
"name": "Baikal", "name": "Baikal",
"packaging_format": 1,
"description": { "description": {
"en": "Lightweight CalDAV+CardDAV server", "en": "Lightweight CalDAV+CardDAV server",
"fr": "Serveur CalDAV+CardDAV léger" "fr": "Serveur CalDAV+CardDAV léger"
@ -14,14 +14,14 @@
"email": "julien.malik@paraiso.me" "email": "julien.malik@paraiso.me"
}, },
"multi_instance": false, "multi_instance": false,
"requirements": {
"yunohost": ">= 2.3.16"
},
"services": [ "services": [
"nginx", "nginx",
"php5-fpm", "php5-fpm",
"mysql" "mysql"
], ],
"requirements": {
"yunohost": ">= 2.6.4"
},
"arguments": { "arguments": {
"install" : [ "install" : [
{ {

175
scripts/_common.sh
View file

@ -1,43 +1,152 @@
#
# Common variables
#
# Baikal version
VERSION=0.4.6
# Baikal source archive checksum # =============================================================================
BAIKAL_SOURCE_SHA256="946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6" # COMMON VARIABLES
# =============================================================================
# Remote URL to fetch Baikal source archive
BAIKAL_SOURCE_URL="https://github.com/fruux/Baikal/releases/download/${VERSION}/baikal-${VERSION}.zip"
# App package root directory should be the parent folder # App package root directory should be the parent folder
PKGDIR=$(cd ../; pwd) # PKGDIR=$(cd ../; pwd)
# =============================================================================
# YUNOHOST 2.7 FORTHCOMING HELPERS
# =============================================================================
# Create a dedicated nginx config
# #
# Common helpers # This will use a template in ../conf/nginx.conf
# __PATH__ by $path_url
# __DOMAIN__ by $domain
# __PORT__ by $port
# __NAME__ by $app
# __FINALPATH__ by $final_path
# #
# usage: ynh_add_nginx_config
ynh_add_nginx_config () {
finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalnginxconf"
sudo cp ../conf/nginx.conf "$finalnginxconf"
# Source app helpers # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
source /usr/share/yunohost/helpers # Substitute in a nginx config file only if the variable is not empty
if test -n "${path_url:-}"; then
ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf"
fi
if test -n "${domain:-}"; then
ynh_replace_string "__DOMAIN__" "$domain" "$finalnginxconf"
fi
if test -n "${port:-}"; then
ynh_replace_string "__PORT__" "$port" "$finalnginxconf"
fi
if test -n "${app:-}"; then
ynh_replace_string "__NAME__" "$app" "$finalnginxconf"
fi
if test -n "${final_path:-}"; then
ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf"
fi
ynh_store_file_checksum "$finalnginxconf"
# Download and extract Baikal sources to the given directory sudo systemctl reload nginx
# usage: extract_baikal DESTDIR }
extract_baikal() {
local DESTDIR=$1 # Remove the dedicated nginx config
local bk_archive="${DESTDIR}/baikal.zip" #
# usage: ynh_remove_nginx_config
wget -q -O "$bk_archive" "$BAIKAL_SOURCE_URL" \ ynh_remove_nginx_config () {
|| ynh_die "Unable to download Baikal archive" ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf"
echo "$BAIKAL_SOURCE_SHA256 $bk_archive" | sha256sum -c >/dev/null \ sudo systemctl reload nginx
|| ynh_die "Invalid checksum of downloaded archive" }
unzip -q "$bk_archive" -d "$DESTDIR" \
|| ynh_die "Unable to extract Baikal archive" # Create a dedicated php-fpm config
mv "${DESTDIR}/baikal/"* "$DESTDIR" #
rm -rf "$bk_archive" "${DESTDIR}/baikal" # usage: ynh_add_fpm_config
ynh_add_fpm_config () {
# apply patches finalphpconf="/etc/php5/fpm/pool.d/$app.conf"
(cd "$DESTDIR" \ ynh_backup_if_checksum_is_different "$finalphpconf"
&& for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \ sudo cp ../conf/php-fpm.conf "$finalphpconf"
|| die "Unable to apply patches to Baikal" ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf"
ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf"
ynh_replace_string "__USER__" "$app" "$finalphpconf"
sudo chown root: "$finalphpconf"
ynh_store_file_checksum "$finalphpconf"
if [ -e "../conf/php-fpm.ini" ]
then
finalphpini="/etc/php5/fpm/conf.d/20-$app.ini"
ynh_backup_if_checksum_is_different "$finalphpini"
sudo cp ../conf/php-fpm.ini "$finalphpini"
sudo chown root: "$finalphpini"
ynh_store_file_checksum "$finalphpini"
fi
sudo systemctl reload php5-fpm
}
# Remove the dedicated php-fpm config
#
# usage: ynh_remove_fpm_config
ynh_remove_fpm_config () {
ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf"
ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" 2>&1
sudo systemctl reload php5-fpm
}
# Restore a previous backup if the upgrade process failed
#
# usage:
# ynh_backup_before_upgrade
# ynh_clean_setup () {
# ynh_restore_upgradebackup
# }
# ynh_abort_if_errors
#
ynh_restore_upgradebackup () {
echo "Upgrade failed." >&2
app_bck=${app//_/-} # Replace all '_' by '-'
# Check if an existing backup can be found before removing and restoring the application.
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number
then
# Remove the application then restore it
sudo yunohost app remove $app
# Restore the backup
sudo yunohost backup restore --ignore-system $app_bck-pre-upgrade$backup_number --apps $app --force
ynh_die "The app was restored to the way it was before the failed upgrade."
fi
}
# Make a backup in case of failed upgrade
#
# usage:
# ynh_backup_before_upgrade
# ynh_clean_setup () {
# ynh_restore_upgradebackup
# }
# ynh_abort_if_errors
#
ynh_backup_before_upgrade () {
backup_number=1
old_backup_number=2
app_bck=${app//_/-} # Replace all '_' by '-'
# Check if a backup already exists with the prefix 1
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1
then
# Prefix becomes 2 to preserve the previous backup
backup_number=2
old_backup_number=1
fi
# Create backup
sudo yunohost backup create --ignore-system --apps $app --name $app_bck-pre-upgrade$backup_number
if [ "$?" -eq 0 ]
then
# If the backup succeeded, remove the previous backup
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number
then
# Remove the previous backup only if it exists
sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null
fi
else
ynh_die "Backup failed, the upgrade process was aborted."
fi
} }

67
scripts/backup
View file

@ -1,30 +1,59 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
# GENERIC START
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit on command errors and treat access to unset variables as an error
set -eu set -eu
# Retrieve app id #=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Get the _common.sh file if it's not in the current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Set app specific variables final_path=$(ynh_app_setting_get $app final_path)
dbname=$app domain=$(ynh_app_setting_get $app domain)
dbuser=$app db_name=$(ynh_app_setting_get $app db_name)
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
# Source app helpers #=================================================
. /usr/share/yunohost/helpers # STANDARD BACKUP STEPS
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
# Retrieve app settings ynh_backup "$final_path" "${YNH_APP_BACKUP_DIR}$final_path"
domain=$(ynh_app_setting_get "$app" domain)
path=$(ynh_app_setting_get "$app" path)
dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
# Copy the app files #=================================================
DESTDIR="/var/www/$app" # BACKUP THE NGINX CONFIGURATION
ynh_backup "$DESTDIR" "sources" #=================================================
# Copy the conf files ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "${YNH_APP_BACKUP_DIR}/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf"
# Dump the database #=================================================
mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql # BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_backup "/etc/php5/fpm/pool.d/$app.conf" "${YNH_APP_BACKUP_DIR}/etc/php5/fpm/pool.d/$app.conf"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_mysql_dump_db "$db_name" > db.sql

202
scripts/install
View file

@ -1,100 +1,156 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source ./_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
password=$YNH_APP_ARG_PASSWORD
# Retrieve app id
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Retrieve arguments #=================================================
domain=$1 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
path=${2%/} #=================================================
password=$3
# Load common variables and helpers # Normalize the url path syntax
. ./_common.sh path_url=$(ynh_normalize_url_path $path_url)
# Set app specific variables final_path=/var/www/$app
dbname=$app test ! -e "$final_path" || ynh_die "This path already contains a folder"
dbuser=$app
# Check domain/path availability # Check web path availability
sudo yunohost app checkurl "${domain}${path}" -a "$app" \ ynh_webpath_available $domain $path_url
|| exit 1 # Register (book) web path
ynh_webpath_register $app $domain $path_url
# Check destination directory #=================================================
DESTDIR="/var/www/${app}" # STORE SETTINGS FROM MANIFEST
[[ -d "$DESTDIR" ]] && ynh_die \ #=================================================
"The destination directory '${DESTDIR}' already exists.\
You should safely delete it before installing this app."
# Create tmp directory and fetch app inside ynh_app_setting_set $app domain $domain
TMPDIR=$(ynh_mkdir_tmp) ynh_app_setting_set $app path $path_url
extract_baikal "$TMPDIR"
# Generate random DES key & password #=================================================
deskey=$(ynh_string_random 24) # STANDARD MODIFICATIONS
dbpass=$(ynh_string_random) #=================================================
# CREATE A MYSQL DATABASE
#=================================================
# Initialize database db_name=$(ynh_sanitize_dbid $app)
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" ynh_app_setting_set $app db_name $db_name
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" \ ynh_mysql_setup_db $db_name $db_name
< "${TMPDIR}/Core/Resources/Db/MySQL/db.sql"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_app_setting_set $app final_path $final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
# Create a system user
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC SETUP
#=================================================
# INITIALIZE DATABASE
#=================================================
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \
< "${final_path}/Core/Resources/Db/MySQL/db.sql"
#=================================================
# CONFIGURE BAIKAL
#=================================================
bk_conf="${final_path}/Specific/config.php"
cp ../conf/config.php "$bk_conf"
ynh_replace_string "#TIMEZONE#" "$(cat /etc/timezone)" "$bk_conf"
# Create admin password hash # Create admin password hash
password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1)
ynh_replace_string "#PASSWORDHASH#" "${password_hash}" "$bk_conf"
ynh_app_setting_set $app password_hash $password_hash
# Copy and set Baikal configuration # Store the config file checksum into the app settings
bk_conf="${TMPDIR}/Specific/config.php" ynh_store_file_checksum "$bk_conf"
cp ../conf/config.php "$bk_conf"
sed -i "s@#TIMEZONE#@$(cat /etc/timezone)@g" "$bk_conf"
sed -i "s@#PASSWORDHASH#@${password_hash}@g" "$bk_conf"
bk_conf="${TMPDIR}/Specific/config.system.php" bk_conf="${final_path}/Specific/config.system.php"
cp ../conf/config.system.php "$bk_conf" cp ../conf/config.system.php "$bk_conf"
sed -i "s@#PATH#@${path}@g" "$bk_conf" ynh_replace_string "#PATH#" "$path_url" "$bk_conf"
sed -i "s@#DBNAME#@${dbname}@g" "$bk_conf" ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf"
sed -i "s@#DBUSER#@${dbuser}@g" "$bk_conf" ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf"
sed -i "s@#DBPASS#@${dbpass}@g" "$bk_conf" ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf"
sed -i "s@#DESKEY#@${deskey}@g" "$bk_conf"
deskey=$(ynh_string_random 24)
ynh_app_setting_set "$app" encrypt_key "$deskey"
ynh_replace_string "#DESKEY#" "$deskey" "$bk_conf"
# Store the config file checksum into the app settings
ynh_store_file_checksum "$bk_conf"
# Disable installation # Disable installation
touch "${TMPDIR}/Specific/INSTALL_DISABLED" touch "${final_path}/Specific/INSTALL_DISABLED"
# Install files and set permissions #=================================================
sudo useradd -c "$app system account" \ # GENERIC FINALIZATION
-d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ #=================================================
|| ynh_die "Unable to create $app system account" # SECURE FILES AND DIRECTORIES
sudo mv "$TMPDIR" "$DESTDIR" #=================================================
sudo chown -hR root: "$DESTDIR"
sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php}
sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php}
# Copy and set nginx configuration # Set permissions
nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" chown -R root: "$final_path"
sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf chown $app "$final_path/Specific/"{config.php,config.system.php}
sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf chmod 640 "$final_path/Specific/"{config.php,config.system.php}
sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf
sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf
sudo cp ../conf/nginx.conf "$nginx_conf"
# Copy and set php-fpm configuration #=================================================
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" # SETUP SSOWAT
sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf #=================================================
sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf
sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf
sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf
sudo cp ../conf/php-fpm.conf "$phpfpm_conf"
# Save app settings # Allow public access on /
ynh_app_setting_set "$app" password "$password"
ynh_app_setting_set "$app" encrypt_key "$deskey"
ynh_app_setting_set "$app" mysqlpwd "$dbpass"
# Set SSOwat rules
ynh_app_setting_set "$app" skipped_uris "/" ynh_app_setting_set "$app" skipped_uris "/"
# But restrain on /admin
ynh_app_setting_set "$app" protected_uris "/admin/" ynh_app_setting_set "$app" protected_uris "/admin/"
# Reload services #=================================================
sudo service php5-fpm restart || true # RELOAD NGINX
sudo service nginx reload || true #=================================================
systemctl reload nginx

78
scripts/remove
View file

@ -1,33 +1,65 @@
#!/bin/bash #!/bin/bash
# Retrieve app id #=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Get file fonction if not been to the current directory
sudo cp ../settings/scripts/_common.sh ./_common.sh
sudo chmod a+rx _common.sh
fi
# Source app helpers
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Load common variables and helpers domain=$(ynh_app_setting_get $app domain)
. ./_common.sh db_name=$(ynh_app_setting_get $app db_name)
final_path=$(ynh_app_setting_get $app final_path)
# Set app specific variables #=================================================
dbname=$app # STANDARD REMOVE
dbuser=$app #=================================================
# REMOVE THE MYSQL DATABASE
#=================================================
# Drop MySQL database and user # Remove a database if it exists, along with the associated user
ynh_mysql_drop_db "$dbname" 2>/dev/null || true ynh_mysql_remove_db $db_name $db_name
ynh_mysql_drop_user "$dbuser" 2>/dev/null || true
# Retrieve domain from app settings #=================================================
domain=$(ynh_app_setting_get "$app" domain) # REMOVE APP MAIN DIR
#=================================================
# Delete app directory and configurations # Remove the app directory securely
sudo rm -rf "/var/www/${app}" ynh_secure_remove "$final_path"
sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf"
[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Reload services #=================================================
sudo service php5-fpm restart || true # REMOVE NGINX CONFIGURATION
sudo service nginx reload || true #=================================================
# Remove the user account # Remove the dedicated nginx config
# (must be done after php-fpm restart) ynh_remove_nginx_config
id "$app" >/dev/null 2>&1 \
&& sudo deluser --quiet --remove-home "$app" >/dev/null \ #=================================================
|| true # REMOVE PHP-FPM CONFIGURATION
#=================================================
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
# Delete a system user
ynh_system_user_delete $app

126
scripts/restore
View file

@ -1,62 +1,94 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
# GENERIC START
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit on command errors and treat access to unset variables as an error
set -eu set -eu
# Retrieve app id #=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Get the _common.sh file if it's not in the current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Source app helpers domain=$(ynh_app_setting_get $app domain)
. /usr/share/yunohost/helpers path_url=$(ynh_app_setting_get $app path)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
# Retrieve old app settings #=================================================
domain=$(ynh_app_setting_get "$app" domain) # CHECK IF THE APP CAN BE RESTORED
path=$(ynh_app_setting_get "$app" path) #=================================================
dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
# Set app specific variables ynh_webpath_available $domain $path_url \
dbname=$app || ynh_die "Path not available: ${domain}${path_url}"
dbuser=$app test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path "
# Check domain/path availability #=================================================
sudo yunohost app checkurl "${domain}${path}" -a "$app" \ # STANDARD RESTORATION STEPS
|| exit 1 #=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
# Check destination directory ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
DESTDIR="/var/www/$app"
[[ -d $DESTDIR ]] && ynh_die \
"The destination directory '$DESTDIR' already exists.\
You should safely delete it before restoring this app."
# Check configuration files #=================================================
nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" # RESTORE THE APP MAIN DIR
[[ -f $nginx_conf ]] && ynh_die \ #=================================================
"The NGINX configuration already exists at '${nginx_conf}'.
You should safely delete it before restoring this app."
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"
[[ -f $phpfpm_conf ]] && ynh_die \
"The PHP FPM configuration already exists at '${phpfpm_conf}'.
You should safely delete it before restoring this app."
# Restore the app files and set permissions ynh_restore_file "$final_path"
sudo cp -a ./sources "$DESTDIR"
if ! id -u $app > /dev/null 2>&1 ; then
sudo useradd -c "$app system account" \
-d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \
|| ynh_die "Unable to create $app system account"
fi
sudo chown -hR root: "$DESTDIR"
sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php}
sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php}
# Create and restore the database #=================================================
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" # RESTORE THE MYSQL DATABASE
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql #=================================================
# Restore configuration files db_pwd=$(ynh_app_setting_get $app mysqlpwd)
sudo cp -a ./nginx.conf "$nginx_conf" ynh_mysql_setup_db $db_name $db_name $db_pwd
sudo cp -a ./php-fpm.conf "$phpfpm_conf" ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql
# Reload services #=================================================
sudo service php5-fpm restart || true # RECREATE THE DEDICATED USER
sudo service nginx reload || true #=================================================
# Create the dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Set permissions
chown -R root: "$final_path"
chown $app "$final_path/Specific/"{config.php,config.system.php}
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
systemctl reload php5-fpm
systemctl reload nginx

204
scripts/upgrade
View file

@ -1,82 +1,156 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
# Retrieve app id
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Load common variables and helpers domain=$(ynh_app_setting_get $app domain)
. ./_common.sh path_url=$(ynh_app_setting_get $app path)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
# Retrieve app settings #=================================================
domain=$(ynh_app_setting_get "$app" domain) # ENSURE DOWNWARD COMPATIBILITY
path=$(ynh_app_setting_get "$app" path) #=================================================
path=${path%/}
# Set app specific variables if [ -z $final_path ]; then # If final_path doesn't exist, create it
dbname=$app final_path="/var/www/$app"
dbuser=$app ynh_app_setting_set $app final_path $final_path
# Check destination directory
DESTDIR="/var/www/$app"
[[ ! -d $DESTDIR ]] && ynh_die \
"The destination directory '$DESTDIR' does not exist.\
The app is not correctly installed, you should remove it first."
# Create tmp directory and fetch new app inside
TMPDIR=$(ynh_mkdir_tmp)
extract_baikal "$TMPDIR"
# Get Specific folder from current installation
# FIXME: config.php and config.system.php are not updated with possible
# new or changed configurations
rm -rf "${TMPDIR}/Specific/*"
sudo cp -r "${DESTDIR}/Specific/"{config.php,config.system.php} "$TMPDIR/Specific"
sudo chown -hR "${USER}" "${TMPDIR}/Specific"
# Run Baikal upgrade from tmp directory
cp -r ../sources/bin "$TMPDIR"
php "${TMPDIR}/bin/upgrade.sh" \
|| echo "The Baïkal upgrade failed, you should try to go to " \
"https://${domain}${path}/admin/install"
# Install new app and set permissions
if ! id -u $app > /dev/null 2>&1 ; then
sudo useradd -c "$app system account" \
-d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \
|| ynh_die "Unable to create $app system account"
fi fi
sudo rm -rf "$DESTDIR"
sudo mv "$TMPDIR" "$DESTDIR" #=================================================
sudo chown -hR root: "$DESTDIR" # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php} #=================================================
sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php}
ynh_backup_before_upgrade # Backup the current version of the app
ynh_clean_setup () {
ynh_restore_upgradebackup # restore it if the upgrade fails
}
ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée.
#=================================================
# CHECK THE PATH
#=================================================
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
# Create a system user
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# UPGRADE BAIKAL
#=================================================
# Run Baikal upgrade
php "${final_path}/bin/upgrade.sh"
# Cleanup old baikal-admin sessions # Cleanup old baikal-admin sessions
# since we may have changed owner of the session file # since we may have changed owner of the session file
sudo grep -lr "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs sudo rm grep -lr "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs rm -f
# Copy and set nginx configuration #=================================================
nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" # UPGRADE BAIKAL CONFIGURATION
sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf #=================================================
sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf
sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf
sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf
sudo cp ../conf/nginx.conf "$nginx_conf"
# Copy and set php-fpm configuration bk_conf="${final_path}/Specific/config.php"
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" # Verify the checksum and backup the file if it's different
sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf ynh_backup_if_checksum_is_different "$bk_conf"
sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf cp ../conf/config.php "$bk_conf"
sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf
sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf
sudo cp ../conf/php-fpm.conf "$phpfpm_conf"
# Set SSOwat rules ynh_replace_string "#TIMEZONE#" "$(cat /etc/timezone)" "$bk_conf"
password_hash=$(ynh_app_setting_get $app password_hash)
# If the password_hash is not in the app's config, recreate it from the password.
if [ -z "$password_hash" ]; then
password=$(ynh_app_setting_get $app password)
password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1)
ynh_app_setting_set $app password_hash $password_hash
fi
ynh_replace_string "#PASSWORDHASH#" "${password_hash}" "$bk_conf"
# Store the config file checksum into the app settings
ynh_store_file_checksum "$bk_conf"
bk_conf="${final_path}/Specific/config.system.php"
# Verify the checksum and backup the file if it's different
ynh_backup_if_checksum_is_different "$bk_conf"
cp ../conf/config.system.php "$bk_conf"
ynh_replace_string "#PATH#" "$path_url" "$bk_conf"
ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf"
ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf"
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf"
deskey=$(ynh_app_setting_get $app deskey)
ynh_replace_string "#DESKEY#" "$deskey" "$bk_conf"
# Store the config file checksum into the app settings
ynh_store_file_checksum "$bk_conf"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Set permissions
chown -R root: "$final_path"
chown $app "$final_path/Specific/"{config.php,config.system.php}
chmod 640 "$final_path/Specific/"{config.php,config.system.php}
#=================================================
# SETUP SSOWAT
#=================================================
# Allow public access on /
ynh_app_setting_set "$app" skipped_uris "/" ynh_app_setting_set "$app" skipped_uris "/"
# But restrain on /admin
ynh_app_setting_set "$app" protected_uris "/admin/" ynh_app_setting_set "$app" protected_uris "/admin/"
# Reload services #=================================================
sudo service php5-fpm restart || true # RELOAD NGINX
sudo service nginx reload || true #=================================================
systemctl reload nginx

0
sources/bin/upgrade.sh → sources/extra_files/app/bin/upgrade.sh
View file

4
patches/add-ldap-auth.patch → sources/patches/app-add-ldap-auth.patch
View file

@ -1,4 +1,4 @@
--- /dev/null --- b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php
+++ b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php +++ b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php
@@ -0,0 +1,130 @@ @@ -0,0 +1,130 @@
+<?php +<?php
@ -131,7 +131,7 @@
+ } + }
+ +
+} +}
--- /dev/null --- b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
+++ b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php +++ b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
@@ -0,0 +1,75 @@ @@ -0,0 +1,75 @@
+<?php +<?php