From 46e9ceba150ff3217a938cc7caf9a9af0ecab872 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lebleu?= Date: Sun, 15 May 2016 23:46:33 +0200 Subject: [PATCH 01/53] [fix] Prefix the installation path to .well-known in nginx.conf --- conf/nginx.conf | 47 ++++++++++++++++++++++++----------------------- scripts/install | 6 +++--- scripts/upgrade | 6 +++--- 3 files changed, 30 insertions(+), 29 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index d7b75ab..336e2ae 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,27 +1,28 @@ -location #LOCATION# { - alias #DESTDIR#/html; - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - - index index.php; - - location ~ ^(.+\.php)(.*)$ { - fastcgi_split_path_info ^(.+\.php)(.*)$; - fastcgi_pass unix:/var/run/php5-fpm.sock; - include fastcgi_params; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - } +location = {PATH}/.well-known/carddav { + return 301 https://$server_name{PATH}/card.php; +} +location = {PATH}/.well-known/caldav { + return 301 https://$server_name{PATH}/cal.php; } -location ~ ^#PATH#/(\.|Core|Specific) { +location {LOCATION} { + alias {DESTDIR}/html/; + + if ($scheme = http) { + return 301 https://$server_name$request_uri; + } + + index index.php; + + location ~ ^(.+\.php)(.*)$ { + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass unix:/var/run/php5-fpm.sock; + include fastcgi_params; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + + location ~ ^{PATH}/(\.|Core|Specific) { deny all; -} - -location /.well-known/carddav { - rewrite ^(.*)$ #PATH#/card.php redirect; -} -location /.well-known/caldav { - rewrite ^(.*)$ #PATH#/cal.php redirect; + } } diff --git a/scripts/install b/scripts/install index 30635e2..fad3fcf 100644 --- a/scripts/install +++ b/scripts/install @@ -64,9 +64,9 @@ sudo chown -R www-data: "$DESTDIR" # Copy and set nginx configuration nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -sed -i "s@#PATH#@${path}@g" ../conf/nginx.conf -sed -i "s@#LOCATION#@${path:-/}@g" ../conf/nginx.conf -sed -i "s@#DESTDIR#@${DESTDIR}@g" ../conf/nginx.conf +sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf +sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf +sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf sudo cp ../conf/nginx.conf "$nginx_conf" # Save app settings diff --git a/scripts/upgrade b/scripts/upgrade index e7b3dff..06e5bd1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -45,9 +45,9 @@ sudo chown -R www-data: "$DESTDIR" # Copy and set nginx configuration nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -sed -i "s@#PATH#@${path}@g" ../conf/nginx.conf -sed -i "s@#LOCATION#@${path:-/}@g" ../conf/nginx.conf -sed -i "s@#DESTDIR#@${DESTDIR}@g" ../conf/nginx.conf +sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf +sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf +sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf sudo cp ../conf/nginx.conf "$nginx_conf" # Set SSOwat rules From f38ed83384e365029675ff3f7b58c5a148404333 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lebleu?= Date: Mon, 23 May 2016 21:59:51 +0200 Subject: [PATCH 02/53] =?UTF-8?q?[enh]=C2=A0Add=20a=20specific=20PHP-FPM?= =?UTF-8?q?=20pool=20for=20the=20app?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/nginx.conf | 4 +-- conf/php-fpm.conf | 68 +++++++++++++++++++++++++++++++++++++++++++++++ scripts/backup | 1 + scripts/install | 8 ++++++ scripts/remove | 2 ++ scripts/restore | 6 +++++ scripts/upgrade | 8 ++++++ 7 files changed, 95 insertions(+), 2 deletions(-) create mode 100644 conf/php-fpm.conf diff --git a/conf/nginx.conf b/conf/nginx.conf index 336e2ae..71a8be1 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -15,11 +15,11 @@ location {LOCATION} { index index.php; location ~ ^(.+\.php)(.*)$ { - fastcgi_split_path_info ^(.+\.php)(.*)$; - fastcgi_pass unix:/var/run/php5-fpm.sock; include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; } location ~ ^{PATH}/(\.|Core|Specific) { diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf new file mode 100644 index 0000000..e249310 --- /dev/null +++ b/conf/php-fpm.conf @@ -0,0 +1,68 @@ +[{POOLNAME}] +; The address on which to accept FastCGI requests. +listen = /var/run/php5-fpm-{POOLNAME}.sock + +; Set permissions for unix socket, if one is used. +listen.owner = www-data +listen.group = www-data +listen.mode = 0600 + +; Unix user/group of processes. +user = www-data +group = www-data + +; Choose how the process manager will control the number of child processes. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes to be created when pm is set to 'dynamic'. +pm.max_children = 6 + +; The number of child processes created on startup. +pm.start_servers = 3 + +; The desired minimum number of idle server processes. +pm.min_spare_servers = 3 + +; The desired maximum number of idle server processes. +pm.max_spare_servers = 5 + +; The number of requests each child process should execute before respawning. +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. +pm.status_path = /fpm-status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. +ping.path = /ping + +; The timeout for serving a single request after which the worker process will +; be killed. +request_terminate_timeout = 1d + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +request_slowlog_timeout = 5s + +; The log file for slow requests. +slowlog = /var/log/nginx/{POOLNAME}.slow.log + +; Set open file descriptor rlimit. +rlimit_files = 4096 + +; Set max core size rlimit. +rlimit_core = 0 + +; Chdir to this directory at the start. +chdir = {DESTDIR} + +; Redirect worker stdout and stderr into main error log. +catch_workers_output = yes + +; Do not clear environment in FPM workers. +clear_env = no + +; Additional php.ini defines, specific to this pool of workers. +; ... diff --git a/scripts/backup b/scripts/backup index d0fb5e7..e88426f 100644 --- a/scripts/backup +++ b/scripts/backup @@ -22,6 +22,7 @@ ynh_backup "$DESTDIR" "sources" # Copy the conf files ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" +ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf" # Dump the database mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql diff --git a/scripts/install b/scripts/install index fad3fcf..a91bbd6 100644 --- a/scripts/install +++ b/scripts/install @@ -67,8 +67,15 @@ nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf +sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf sudo cp ../conf/nginx.conf "$nginx_conf" +# Copy and set php-fpm configuration +phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" +sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf +sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf +sudo cp ../conf/php-fpm.conf "$phpfpm_conf" + # Save app settings ynh_app_setting_set "$app" password "$password" ynh_app_setting_set "$app" encrypt_key "$deskey" @@ -79,4 +86,5 @@ ynh_app_setting_set "$app" skipped_uris "/" ynh_app_setting_set "$app" protected_uris "/admin/" # Reload services +sudo service php5-fpm restart || true sudo service nginx reload || true diff --git a/scripts/remove b/scripts/remove index 19f22e6..0b0af86 100644 --- a/scripts/remove +++ b/scripts/remove @@ -19,7 +19,9 @@ domain=$(ynh_app_setting_get $app domain) # Delete app directory and configurations sudo rm -rf "/var/www/${app}" +sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf" [[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" # Reload services +sudo service php5-fpm restart || true sudo service nginx reload || true diff --git a/scripts/restore b/scripts/restore index 4e6184f..bb43be9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -31,6 +31,10 @@ nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" [[ -f $nginx_conf ]] && ynh_die \ "The NGINX configuration already exists at '${nginx_conf}'. You should safely delete it before restoring this app." +phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" +[[ -f $phpfpm_conf ]] && ynh_die \ +"The PHP FPM configuration already exists at '${phpfpm_conf}'. + You should safely delete it before restoring this app." # Restore the app files and set permissions sudo cp -a ./sources "$DESTDIR" @@ -42,6 +46,8 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql # Restore configuration files sudo cp -a ./nginx.conf "$nginx_conf" +sudo cp -a ./php-fpm.conf "$phpfpm_conf" # Reload services +sudo service php5-fpm restart || true sudo service nginx reload || true diff --git a/scripts/upgrade b/scripts/upgrade index 06e5bd1..2897a13 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -48,11 +48,19 @@ nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf +sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf sudo cp ../conf/nginx.conf "$nginx_conf" +# Copy and set php-fpm configuration +phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" +sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf +sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf +sudo cp ../conf/php-fpm.conf "$phpfpm_conf" + # Set SSOwat rules ynh_app_setting_set "$app" skipped_uris "/" ynh_app_setting_set "$app" protected_uris "/admin/" # Reload services +sudo service php5-fpm restart || true sudo service nginx reload || true From e065a1afc2fe57c87c299e528fcc95fffd03383d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lebleu?= Date: Mon, 23 May 2016 22:03:55 +0200 Subject: [PATCH 03/53] [fix] Harden set options in scripts and remove silently --- scripts/backup | 8 +++++--- scripts/install | 9 ++++++--- scripts/remove | 12 ++++++------ scripts/restore | 14 ++++++++------ scripts/upgrade | 17 ++++++++++------- 5 files changed, 35 insertions(+), 25 deletions(-) diff --git a/scripts/backup b/scripts/backup index e88426f..bc978f0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,8 +1,10 @@ #!/bin/bash -# Retrieve arguments -backup_dir=$1 -app=$2 +# Exit on command errors and treat unset variables as an error +set -eu + +# Retrieve app id +app=$YNH_APP_INSTANCE_NAME # Set app specific variables dbname=$app diff --git a/scripts/install b/scripts/install index a91bbd6..74c1aeb 100644 --- a/scripts/install +++ b/scripts/install @@ -1,15 +1,18 @@ #!/bin/bash -set -e +# Exit on command errors and treat unset variables as an error +set -eu + +# Retrieve app id +app=$YNH_APP_INSTANCE_NAME # Retrieve arguments domain=$1 path=${2%/} password=$3 -app=${!#} # Load common variables and helpers -source ./_common.sh +. ./_common.sh # Set app specific variables dbname=$app diff --git a/scripts/remove b/scripts/remove index 0b0af86..ae74e55 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,21 +1,21 @@ #!/bin/bash -# Retrieve arguments -app=${!#} +# Retrieve app id +app=$YNH_APP_INSTANCE_NAME # Load common variables and helpers -source ./_common.sh +. ./_common.sh # Set app specific variables dbname=$app dbuser=$app # Drop MySQL database and user -ynh_mysql_drop_db $dbname || true -ynh_mysql_drop_user $dbuser || true +ynh_mysql_drop_db "$dbname" 2>/dev/null || true +ynh_mysql_drop_user "$dbuser" 2>/dev/null || true # Retrieve domain from app settings -domain=$(ynh_app_setting_get $app domain) +domain=$(ynh_app_setting_get "$app" domain) # Delete app directory and configurations sudo rm -rf "/var/www/${app}" diff --git a/scripts/restore b/scripts/restore index bb43be9..e394c7f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,12 +1,10 @@ #!/bin/bash -# Retrieve arguments -backup_dir=$1 -app=$2 +# Exit on command errors and treat unset variables as an error +set -eu -# Set app specific variables -dbname=$app -dbuser=$app +# Retrieve app id +app=$YNH_APP_INSTANCE_NAME # Source app helpers . /usr/share/yunohost/helpers @@ -16,6 +14,10 @@ domain=$(ynh_app_setting_get "$app" domain) path=$(ynh_app_setting_get "$app" path) dbpass=$(ynh_app_setting_get "$app" mysqlpwd) +# Set app specific variables +dbname=$app +dbuser=$app + # Check domain/path availability sudo yunohost app checkurl "${domain}${path}" -a "$app" \ || exit 1 diff --git a/scripts/upgrade b/scripts/upgrade index 2897a13..35491a1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,20 +1,23 @@ #!/bin/bash -set -u +# Exit on command errors and treat unset variables as an error +set -eu + +# Retrieve app id +app=$YNH_APP_INSTANCE_NAME # Load common variables and helpers . ./_common.sh -# Set app specific variables -app=${!#} -dbname=$app -dbuser=$app - -# Retrieve arguments +# Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) path=$(ynh_app_setting_get "$app" path) path=${path%/} +# Set app specific variables +dbname=$app +dbuser=$app + # Check destination directory DESTDIR="/var/www/$app" [[ ! -d $DESTDIR ]] && ynh_die \ From fa9af34fff81881b6a37b2053f85ede29c190cc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lebleu?= Date: Sat, 28 May 2016 21:06:58 +0200 Subject: [PATCH 04/53] [fix] Serve .well-known paths at the root to be discovered --- README.md | 15 +++++++++++---- conf/nginx.conf | 4 ++-- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 911586d..2322f2f 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,19 @@ sabre/dav, that includes an administrative interface for easy management. **Shipped version:** 0.4.4 +## Features + +In addition to Baïkal core features, the following are made available with +this package: + + * Serve `/.well-known` paths for CalDAV and CardDAV on the domain + ## TODO * Update `config.php` and `config.system.php` at upgrade -## Links ## +## Links -**Baïkal**: http://baikal-server.com/ - -**YunoHost**: https://yunohost.org/ + * Report a bug: https://dev.yunohost.org/projects/apps/issues + * Baïkal website: http://baikal-server.com/ + * YunoHost website: https://yunohost.org/ diff --git a/conf/nginx.conf b/conf/nginx.conf index 71a8be1..98b3d93 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,7 +1,7 @@ -location = {PATH}/.well-known/carddav { +location = /.well-known/carddav { return 301 https://$server_name{PATH}/card.php; } -location = {PATH}/.well-known/caldav { +location = /.well-known/caldav { return 301 https://$server_name{PATH}/cal.php; } From 5e48f9774f30db52adfb273de5495dbc165ed3a2 Mon Sep 17 00:00:00 2001 From: Julien Malik Date: Fri, 26 Aug 2016 15:45:40 +0200 Subject: [PATCH 05/53] Fix up README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2322f2f..db78309 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ Baïkal for YunoHost ------------------- -[Baïkal](http://baikal-server.com/) is a Cal and CardDAV server, based on -sabre/dav, that includes an administrative interface for easy management. +[Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on +sabre/dav, that includes an administration interface for easy management. **Shipped version:** 0.4.4 From ea5d35eb588843ddc811caf9a815cb404029e7ad Mon Sep 17 00:00:00 2001 From: Julien Malik Date: Fri, 26 Aug 2016 15:45:56 +0200 Subject: [PATCH 06/53] Switch to 0.4.6 --- scripts/_common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index b743839..40e967d 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,10 +3,10 @@ # # Baikal version -VERSION=0.4.4 +VERSION=0.4.6 # Baikal source archive checksum -BAIKAL_SOURCE_SHA256="cced612353862bce532ed458eda0675b5e1e5790f92969bf13992c6567943efc" +BAIKAL_SOURCE_SHA256="946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6" # Remote URL to fetch Baikal source archive BAIKAL_SOURCE_URL="https://github.com/fruux/Baikal/releases/download/${VERSION}/baikal-${VERSION}.zip" From 9823ac263c62ad7c219e4ad222a483c52738b118 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lebleu?= Date: Sun, 28 Aug 2016 19:19:24 +0200 Subject: [PATCH 07/53] [doc] Also update README.md and manifest.json with new version --- README.md | 2 +- manifest.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index db78309..cd044a0 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Baïkal for YunoHost [Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on sabre/dav, that includes an administration interface for easy management. -**Shipped version:** 0.4.4 +**Shipped version:** 0.4.6 ## Features diff --git a/manifest.json b/manifest.json index 8500857..4a38fa6 100644 --- a/manifest.json +++ b/manifest.json @@ -8,7 +8,7 @@ }, "url": "http://baikal-server.com/", "license": "GPL-3", - "version": "0.4.4", + "version": "0.4.6", "maintainer": { "name": "julien", "email": "julien.malik@paraiso.me" From 521dfc72dcaa9db6becf1eb96f5e1d2fe528294f Mon Sep 17 00:00:00 2001 From: Julien Malik Date: Mon, 5 Sep 2016 12:19:13 +0200 Subject: [PATCH 08/53] [enh] Run under a specific baikal system user, and lock down permissions to strict minimum --- conf/php-fpm.conf | 4 ++-- scripts/install | 9 ++++++++- scripts/remove | 6 ++++++ scripts/restore | 9 ++++++++- scripts/upgrade | 19 ++++++++++++++++--- 5 files changed, 40 insertions(+), 7 deletions(-) diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index e249310..49fb4a9 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -8,8 +8,8 @@ listen.group = www-data listen.mode = 0600 ; Unix user/group of processes. -user = www-data -group = www-data +user = {USER} +group = {GROUP} ; Choose how the process manager will control the number of child processes. pm = dynamic diff --git a/scripts/install b/scripts/install index 74c1aeb..4ff3d5c 100644 --- a/scripts/install +++ b/scripts/install @@ -62,8 +62,13 @@ sed -i "s@#DESKEY#@${deskey}@g" "$bk_conf" touch "${TMPDIR}/Specific/INSTALL_DISABLED" # Install files and set permissions +sudo useradd -c "$app system account" \ + -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ + || ynh_die "Unable to create $app system account" sudo mv "$TMPDIR" "$DESTDIR" -sudo chown -R www-data: "$DESTDIR" +sudo chown -hR root: "$DESTDIR" +sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php} +sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php} # Copy and set nginx configuration nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" @@ -77,6 +82,8 @@ sudo cp ../conf/nginx.conf "$nginx_conf" phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf +sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf +sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf sudo cp ../conf/php-fpm.conf "$phpfpm_conf" # Save app settings diff --git a/scripts/remove b/scripts/remove index ae74e55..1549569 100644 --- a/scripts/remove +++ b/scripts/remove @@ -25,3 +25,9 @@ sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf" # Reload services sudo service php5-fpm restart || true sudo service nginx reload || true + +# Remove the user account +# (must be done after php-fpm restart) +id "$app" >/dev/null 2>&1 \ + && sudo deluser --quiet --remove-home "$app" >/dev/null \ + || true diff --git a/scripts/restore b/scripts/restore index e394c7f..a6cfe00 100644 --- a/scripts/restore +++ b/scripts/restore @@ -40,7 +40,14 @@ phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" # Restore the app files and set permissions sudo cp -a ./sources "$DESTDIR" -sudo chown -R www-data: "$DESTDIR" +if ! id -u $app > /dev/null 2>&1 ; then + sudo useradd -c "$app system account" \ + -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ + || ynh_die "Unable to create $app system account" +fi +sudo chown -hR root: "$DESTDIR" +sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php} +sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php} # Create and restore the database ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" diff --git a/scripts/upgrade b/scripts/upgrade index 35491a1..4666b56 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -31,8 +31,8 @@ extract_baikal "$TMPDIR" # Get Specific folder from current installation # FIXME: config.php and config.system.php are not updated with possible # new or changed configurations -rm -rf "${TMPDIR}/Specific" -sudo cp -r "${DESTDIR}/Specific" "$TMPDIR" +rm -rf "${TMPDIR}/Specific/*" +sudo cp -r "${DESTDIR}/Specific/"{config.php,config.system.php} "$TMPDIR/Specific" sudo chown -hR "${USER}" "${TMPDIR}/Specific" # Run Baikal upgrade from tmp directory @@ -42,9 +42,20 @@ php "${TMPDIR}/bin/upgrade.sh" \ "https://${domain}${path}/admin/install" # Install new app and set permissions +if ! id -u $app > /dev/null 2>&1 ; then + sudo useradd -c "$app system account" \ + -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ + || ynh_die "Unable to create $app system account" +fi sudo rm -rf "$DESTDIR" sudo mv "$TMPDIR" "$DESTDIR" -sudo chown -R www-data: "$DESTDIR" +sudo chown -hR root: "$DESTDIR" +sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php} +sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php} + +# Cleanup old baikal-admin sessions +# since we may have changed owner of the session file +sudo grep -lr "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs sudo rm # Copy and set nginx configuration nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" @@ -58,6 +69,8 @@ sudo cp ../conf/nginx.conf "$nginx_conf" phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf +sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf +sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf sudo cp ../conf/php-fpm.conf "$phpfpm_conf" # Set SSOwat rules From b1c02d453139a40d32db5d62a71612b431e735db Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sat, 17 Dec 2016 13:52:20 +0100 Subject: [PATCH 09/53] Retour issues sur github MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Suite à la décision sur les issues des applications. https://forum.yunohost.org/t/tickets-pour-la-gestion-des-applications/2154/37 Les issues reviennent sur github. --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index cd044a0..926274c 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,5 @@ this package: ## Links - * Report a bug: https://dev.yunohost.org/projects/apps/issues * Baïkal website: http://baikal-server.com/ * YunoHost website: https://yunohost.org/ From daf27cf50a3426e93c406661037ca841196542e7 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Tue, 17 Jan 2017 11:16:38 +0100 Subject: [PATCH 10/53] Create check_process --- check_process | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 check_process diff --git a/check_process b/check_process new file mode 100644 index 0000000..b689da8 --- /dev/null +++ b/check_process @@ -0,0 +1,34 @@ +;; Test complet + auto_remove=1 + ; Manifest + domain="domain.tld" (DOMAIN) + path="/path" (PATH) + password="mysecret" (PASSWORD) + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_nourl=0 + setup_private=0 + setup_public=0 + upgrade=1 + backup_restore=1 + multi_instance=0 + wrong_user=0 + wrong_path=1 + incorrect_path=1 + corrupt_source=0 + fail_download_source=0 + port_already_use=0 + final_path_already_use=0 +;; Levels + Level 1=auto + Level 2=auto + Level 3=auto + Level 4=0 + Level 5=auto + Level 6=auto + Level 7=auto + Level 8=0 + Level 9=0 + Level 10=0 From dd9e4adb0752fc50ec5b52debecf5e34c9d756ac Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Wed, 18 Jan 2017 00:05:33 +0100 Subject: [PATCH 11/53] Update check_process --- check_process | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/check_process b/check_process index b689da8..3bbb9aa 100644 --- a/check_process +++ b/check_process @@ -21,11 +21,12 @@ fail_download_source=0 port_already_use=0 final_path_already_use=0 -;; Levels +;;; Levels Level 1=auto Level 2=auto Level 3=auto - Level 4=0 +# Niveau 4 ignoré, mais c'est à confirmé par le mainteneur de l'application. + Level 4=na Level 5=auto Level 6=auto Level 7=auto From 1aea3f3c4943c83135f7f287e6ac10c03df56323 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sat, 26 Aug 2017 19:19:30 +0200 Subject: [PATCH 12/53] Fix install + refactoring --- check_process | 19 +- conf/app.src | 6 + conf/config.php | 2 +- conf/config.system.php | 4 +- conf/nginx.conf | 13 +- conf/php-fpm.conf | 12 +- manifest.json | 8 +- scripts/_common.sh | 175 ++++++++++++--- scripts/backup | 67 ++++-- scripts/install | 202 ++++++++++------- scripts/remove | 78 +++++-- scripts/restore | 126 +++++++---- scripts/upgrade | 204 ++++++++++++------ sources/{ => extra_files/app}/bin/upgrade.sh | 0 .../patches/app-add-ldap-auth.patch | 4 +- 15 files changed, 629 insertions(+), 291 deletions(-) create mode 100644 conf/app.src rename sources/{ => extra_files/app}/bin/upgrade.sh (100%) rename patches/add-ldap-auth.patch => sources/patches/app-add-ldap-auth.patch (98%) diff --git a/check_process b/check_process index 3bbb9aa..e3daf19 100644 --- a/check_process +++ b/check_process @@ -1,9 +1,8 @@ ;; Test complet - auto_remove=1 ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) - password="mysecret" (PASSWORD) + password="mysecret" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -14,22 +13,22 @@ upgrade=1 backup_restore=1 multi_instance=0 - wrong_user=0 - wrong_path=1 incorrect_path=1 - corrupt_source=0 - fail_download_source=0 port_already_use=0 - final_path_already_use=0 + change_url=0 ;;; Levels Level 1=auto Level 2=auto Level 3=auto -# Niveau 4 ignoré, mais c'est à confirmé par le mainteneur de l'application. - Level 4=na - Level 5=auto +# Patch add-ldap-auth + Level 4=1 +# https://github.com/YunoHost-Apps/baikal_ynh/issues/19 + Level 5=1 Level 6=auto Level 7=auto Level 8=0 Level 9=0 Level 10=0 +;;; Options +Email= +Notification=none diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..f26db38 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/fruux/Baikal/releases/download/0.4.6/baikal-0.4.6.zip +SOURCE_SUM=946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=zip +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/config.php b/conf/config.php index 5b71d3a..6fa21a3 100644 --- a/conf/config.php +++ b/conf/config.php @@ -3,7 +3,7 @@ # # Copyright notice # -# (c) 2016 Jérôme Schneider +# (c) 2017 Jérôme Schneider # All rights reserved # # http://baikal-server.com diff --git a/conf/config.system.php b/conf/config.system.php index 72af22d..c0cb660 100644 --- a/conf/config.system.php +++ b/conf/config.system.php @@ -3,7 +3,7 @@ # # Copyright notice # -# (c) 2016 Jérôme Schneider +# (c) 2017 Jérôme Schneider # All rights reserved # # http://baikal-server.com @@ -69,4 +69,4 @@ define("PROJECT_DB_MYSQL_PASSWORD", '#DBPASS#'); define("BAIKAL_ENCRYPTION_KEY", '#DESKEY#'); # The currently configured Baïkal version -define("BAIKAL_CONFIGURED_VERSION", '0.4.4'); +define("BAIKAL_CONFIGURED_VERSION", '0.4.6'); diff --git a/conf/nginx.conf b/conf/nginx.conf index 98b3d93..c3b5621 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,15 +1,16 @@ location = /.well-known/carddav { - return 301 https://$server_name{PATH}/card.php; + return 301 https://$server_name__PATH__/card.php; } location = /.well-known/caldav { - return 301 https://$server_name{PATH}/cal.php; + return 301 https://$server_name__PATH__/cal.php; } -location {LOCATION} { - alias {DESTDIR}/html/; +location __PATH__ { + alias __FINALPATH__/html/; if ($scheme = http) { return 301 https://$server_name$request_uri; +# rewrite ^ https://$server_name$request_uri? permanent; } index index.php; @@ -19,10 +20,10 @@ location {LOCATION} { fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; } - location ~ ^{PATH}/(\.|Core|Specific) { + location ~ ^__PATH__/(\.|Core|Specific) { deny all; } } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 49fb4a9..3e23b7b 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,6 +1,6 @@ -[{POOLNAME}] +[__NAMETOCHANGE__] ; The address on which to accept FastCGI requests. -listen = /var/run/php5-fpm-{POOLNAME}.sock +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock ; Set permissions for unix socket, if one is used. listen.owner = www-data @@ -8,8 +8,8 @@ listen.group = www-data listen.mode = 0600 ; Unix user/group of processes. -user = {USER} -group = {GROUP} +user = __USER__ +group = __USER__ ; Choose how the process manager will control the number of child processes. pm = dynamic @@ -47,7 +47,7 @@ request_terminate_timeout = 1d request_slowlog_timeout = 5s ; The log file for slow requests. -slowlog = /var/log/nginx/{POOLNAME}.slow.log +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log ; Set open file descriptor rlimit. rlimit_files = 4096 @@ -56,7 +56,7 @@ rlimit_files = 4096 rlimit_core = 0 ; Chdir to this directory at the start. -chdir = {DESTDIR} +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. catch_workers_output = yes diff --git a/manifest.json b/manifest.json index 4a38fa6..55dd286 100644 --- a/manifest.json +++ b/manifest.json @@ -1,7 +1,7 @@ { - "packaging_format": 1, "id": "baikal", "name": "Baikal", + "packaging_format": 1, "description": { "en": "Lightweight CalDAV+CardDAV server", "fr": "Serveur CalDAV+CardDAV léger" @@ -14,14 +14,14 @@ "email": "julien.malik@paraiso.me" }, "multi_instance": false, - "requirements": { - "yunohost": ">= 2.3.16" - }, "services": [ "nginx", "php5-fpm", "mysql" ], + "requirements": { + "yunohost": ">= 2.6.4" + }, "arguments": { "install" : [ { diff --git a/scripts/_common.sh b/scripts/_common.sh index 40e967d..51d76c8 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,43 +1,152 @@ -# -# Common variables -# -# Baikal version -VERSION=0.4.6 -# Baikal source archive checksum -BAIKAL_SOURCE_SHA256="946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6" - -# Remote URL to fetch Baikal source archive -BAIKAL_SOURCE_URL="https://github.com/fruux/Baikal/releases/download/${VERSION}/baikal-${VERSION}.zip" +# ============================================================================= +# COMMON VARIABLES +# ============================================================================= # App package root directory should be the parent folder -PKGDIR=$(cd ../; pwd) +# PKGDIR=$(cd ../; pwd) +# ============================================================================= +# YUNOHOST 2.7 FORTHCOMING HELPERS +# ============================================================================= + +# Create a dedicated nginx config # -# Common helpers +# This will use a template in ../conf/nginx.conf +# __PATH__ by $path_url +# __DOMAIN__ by $domain +# __PORT__ by $port +# __NAME__ by $app +# __FINALPATH__ by $final_path # +# usage: ynh_add_nginx_config +ynh_add_nginx_config () { + finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" + ynh_backup_if_checksum_is_different "$finalnginxconf" + sudo cp ../conf/nginx.conf "$finalnginxconf" -# Source app helpers -source /usr/share/yunohost/helpers + # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. + # Substitute in a nginx config file only if the variable is not empty + if test -n "${path_url:-}"; then + ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf" + fi + if test -n "${domain:-}"; then + ynh_replace_string "__DOMAIN__" "$domain" "$finalnginxconf" + fi + if test -n "${port:-}"; then + ynh_replace_string "__PORT__" "$port" "$finalnginxconf" + fi + if test -n "${app:-}"; then + ynh_replace_string "__NAME__" "$app" "$finalnginxconf" + fi + if test -n "${final_path:-}"; then + ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf" + fi + ynh_store_file_checksum "$finalnginxconf" -# Download and extract Baikal sources to the given directory -# usage: extract_baikal DESTDIR -extract_baikal() { - local DESTDIR=$1 - local bk_archive="${DESTDIR}/baikal.zip" - - wget -q -O "$bk_archive" "$BAIKAL_SOURCE_URL" \ - || ynh_die "Unable to download Baikal archive" - echo "$BAIKAL_SOURCE_SHA256 $bk_archive" | sha256sum -c >/dev/null \ - || ynh_die "Invalid checksum of downloaded archive" - unzip -q "$bk_archive" -d "$DESTDIR" \ - || ynh_die "Unable to extract Baikal archive" - mv "${DESTDIR}/baikal/"* "$DESTDIR" - rm -rf "$bk_archive" "${DESTDIR}/baikal" - - # apply patches - (cd "$DESTDIR" \ - && for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \ - || die "Unable to apply patches to Baikal" + sudo systemctl reload nginx +} + +# Remove the dedicated nginx config +# +# usage: ynh_remove_nginx_config +ynh_remove_nginx_config () { + ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" + sudo systemctl reload nginx +} + +# Create a dedicated php-fpm config +# +# usage: ynh_add_fpm_config +ynh_add_fpm_config () { + finalphpconf="/etc/php5/fpm/pool.d/$app.conf" + ynh_backup_if_checksum_is_different "$finalphpconf" + sudo cp ../conf/php-fpm.conf "$finalphpconf" + ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" + ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf" + ynh_replace_string "__USER__" "$app" "$finalphpconf" + sudo chown root: "$finalphpconf" + ynh_store_file_checksum "$finalphpconf" + + if [ -e "../conf/php-fpm.ini" ] + then + finalphpini="/etc/php5/fpm/conf.d/20-$app.ini" + ynh_backup_if_checksum_is_different "$finalphpini" + sudo cp ../conf/php-fpm.ini "$finalphpini" + sudo chown root: "$finalphpini" + ynh_store_file_checksum "$finalphpini" + fi + + sudo systemctl reload php5-fpm +} + +# Remove the dedicated php-fpm config +# +# usage: ynh_remove_fpm_config +ynh_remove_fpm_config () { + ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf" + ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" 2>&1 + sudo systemctl reload php5-fpm +} + +# Restore a previous backup if the upgrade process failed +# +# usage: +# ynh_backup_before_upgrade +# ynh_clean_setup () { +# ynh_restore_upgradebackup +# } +# ynh_abort_if_errors +# +ynh_restore_upgradebackup () { + echo "Upgrade failed." >&2 + app_bck=${app//_/-} # Replace all '_' by '-' + + # Check if an existing backup can be found before removing and restoring the application. + if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number + then + # Remove the application then restore it + sudo yunohost app remove $app + # Restore the backup + sudo yunohost backup restore --ignore-system $app_bck-pre-upgrade$backup_number --apps $app --force + ynh_die "The app was restored to the way it was before the failed upgrade." + fi +} + +# Make a backup in case of failed upgrade +# +# usage: +# ynh_backup_before_upgrade +# ynh_clean_setup () { +# ynh_restore_upgradebackup +# } +# ynh_abort_if_errors +# +ynh_backup_before_upgrade () { + backup_number=1 + old_backup_number=2 + app_bck=${app//_/-} # Replace all '_' by '-' + + # Check if a backup already exists with the prefix 1 + if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1 + then + # Prefix becomes 2 to preserve the previous backup + backup_number=2 + old_backup_number=1 + fi + + # Create backup + sudo yunohost backup create --ignore-system --apps $app --name $app_bck-pre-upgrade$backup_number + if [ "$?" -eq 0 ] + then + # If the backup succeeded, remove the previous backup + if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number + then + # Remove the previous backup only if it exists + sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null + fi + else + ynh_die "Backup failed, the upgrade process was aborted." + fi } diff --git a/scripts/backup b/scripts/backup index bc978f0..720cafa 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,30 +1,59 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error +#================================================= +# GENERIC START +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit on command errors and treat access to unset variables as an error set -eu -# Retrieve app id +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Set app specific variables -dbname=$app -dbuser=$app +final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) +db_pwd=$(ynh_app_setting_get $app mysqlpwd) -# Source app helpers -. /usr/share/yunohost/helpers +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) +ynh_backup "$final_path" "${YNH_APP_BACKUP_DIR}$final_path" -# Copy the app files -DESTDIR="/var/www/$app" -ynh_backup "$DESTDIR" "sources" +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= -# Copy the conf files -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" -ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "${YNH_APP_BACKUP_DIR}/etc/nginx/conf.d/$domain.d/$app.conf" -# Dump the database -mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" "${YNH_APP_BACKUP_DIR}/etc/php5/fpm/pool.d/$app.conf" + +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= + +ynh_mysql_dump_db "$db_name" > db.sql diff --git a/scripts/install b/scripts/install index 4ff3d5c..256eb75 100644 --- a/scripts/install +++ b/scripts/install @@ -1,100 +1,156 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source ./_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + +domain=$YNH_APP_ARG_DOMAIN +path_url=$YNH_APP_ARG_PATH +password=$YNH_APP_ARG_PASSWORD -# Retrieve app id app=$YNH_APP_INSTANCE_NAME -# Retrieve arguments -domain=$1 -path=${2%/} -password=$3 +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= -# Load common variables and helpers -. ./_common.sh +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) -# Set app specific variables -dbname=$app -dbuser=$app +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || exit 1 +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url -# Check destination directory -DESTDIR="/var/www/${app}" -[[ -d "$DESTDIR" ]] && ynh_die \ -"The destination directory '${DESTDIR}' already exists.\ - You should safely delete it before installing this app." +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= -# Create tmp directory and fetch app inside -TMPDIR=$(ynh_mkdir_tmp) -extract_baikal "$TMPDIR" +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app path $path_url -# Generate random DES key & password -deskey=$(ynh_string_random 24) -dbpass=$(ynh_string_random) +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# CREATE A MYSQL DATABASE +#================================================= -# Initialize database -ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" \ - < "${TMPDIR}/Core/Resources/Db/MySQL/db.sql" +db_name=$(ynh_sanitize_dbid $app) +ynh_app_setting_set $app db_name $db_name +ynh_mysql_setup_db $db_name $db_name +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC SETUP +#================================================= +# INITIALIZE DATABASE +#================================================= + +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ + < "${final_path}/Core/Resources/Db/MySQL/db.sql" + +#================================================= +# CONFIGURE BAIKAL +#================================================= + +bk_conf="${final_path}/Specific/config.php" +cp ../conf/config.php "$bk_conf" + +ynh_replace_string "#TIMEZONE#" "$(cat /etc/timezone)" "$bk_conf" # Create admin password hash password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) +ynh_replace_string "#PASSWORDHASH#" "${password_hash}" "$bk_conf" +ynh_app_setting_set $app password_hash $password_hash -# Copy and set Baikal configuration -bk_conf="${TMPDIR}/Specific/config.php" -cp ../conf/config.php "$bk_conf" -sed -i "s@#TIMEZONE#@$(cat /etc/timezone)@g" "$bk_conf" -sed -i "s@#PASSWORDHASH#@${password_hash}@g" "$bk_conf" +# Store the config file checksum into the app settings +ynh_store_file_checksum "$bk_conf" -bk_conf="${TMPDIR}/Specific/config.system.php" +bk_conf="${final_path}/Specific/config.system.php" cp ../conf/config.system.php "$bk_conf" -sed -i "s@#PATH#@${path}@g" "$bk_conf" -sed -i "s@#DBNAME#@${dbname}@g" "$bk_conf" -sed -i "s@#DBUSER#@${dbuser}@g" "$bk_conf" -sed -i "s@#DBPASS#@${dbpass}@g" "$bk_conf" -sed -i "s@#DESKEY#@${deskey}@g" "$bk_conf" +ynh_replace_string "#PATH#" "$path_url" "$bk_conf" +ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf" +ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf" +ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf" + +deskey=$(ynh_string_random 24) +ynh_app_setting_set "$app" encrypt_key "$deskey" +ynh_replace_string "#DESKEY#" "$deskey" "$bk_conf" + +# Store the config file checksum into the app settings +ynh_store_file_checksum "$bk_conf" # Disable installation -touch "${TMPDIR}/Specific/INSTALL_DISABLED" +touch "${final_path}/Specific/INSTALL_DISABLED" -# Install files and set permissions -sudo useradd -c "$app system account" \ - -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ - || ynh_die "Unable to create $app system account" -sudo mv "$TMPDIR" "$DESTDIR" -sudo chown -hR root: "$DESTDIR" -sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php} -sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php} +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= -# Copy and set nginx configuration -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf -sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf -sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf -sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf "$nginx_conf" +# Set permissions +chown -R root: "$final_path" +chown $app "$final_path/Specific/"{config.php,config.system.php} +chmod 640 "$final_path/Specific/"{config.php,config.system.php} -# Copy and set php-fpm configuration -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf -sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf "$phpfpm_conf" +#================================================= +# SETUP SSOWAT +#================================================= -# Save app settings -ynh_app_setting_set "$app" password "$password" -ynh_app_setting_set "$app" encrypt_key "$deskey" -ynh_app_setting_set "$app" mysqlpwd "$dbpass" - -# Set SSOwat rules +# Allow public access on / ynh_app_setting_set "$app" skipped_uris "/" +# But restrain on /admin ynh_app_setting_set "$app" protected_uris "/admin/" -# Reload services -sudo service php5-fpm restart || true -sudo service nginx reload || true +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx diff --git a/scripts/remove b/scripts/remove index 1549569..e28b9cf 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,33 +1,65 @@ #!/bin/bash -# Retrieve app id +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +if [ ! -e _common.sh ]; then + # Get file fonction if not been to the current directory + sudo cp ../settings/scripts/_common.sh ./_common.sh + sudo chmod a+rx _common.sh +fi +# Source app helpers +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Load common variables and helpers -. ./_common.sh +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) +final_path=$(ynh_app_setting_get $app final_path) -# Set app specific variables -dbname=$app -dbuser=$app +#================================================= +# STANDARD REMOVE +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= -# Drop MySQL database and user -ynh_mysql_drop_db "$dbname" 2>/dev/null || true -ynh_mysql_drop_user "$dbuser" 2>/dev/null || true +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db $db_name $db_name -# Retrieve domain from app settings -domain=$(ynh_app_setting_get "$app" domain) +#================================================= +# REMOVE APP MAIN DIR +#================================================= -# Delete app directory and configurations -sudo rm -rf "/var/www/${app}" -sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf" -[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" +# Remove the app directory securely +ynh_secure_remove "$final_path" -# Reload services -sudo service php5-fpm restart || true -sudo service nginx reload || true +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= -# Remove the user account -# (must be done after php-fpm restart) -id "$app" >/dev/null 2>&1 \ - && sudo deluser --quiet --remove-home "$app" >/dev/null \ - || true +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= + +# Delete a system user +ynh_system_user_delete $app diff --git a/scripts/restore b/scripts/restore index a6cfe00..7bccedf 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,62 +1,94 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error +#================================================= +# GENERIC START +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit on command errors and treat access to unset variables as an error set -eu -# Retrieve app id +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Source app helpers -. /usr/share/yunohost/helpers +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) -# Retrieve old app settings -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= -# Set app specific variables -dbname=$app -dbuser=$app +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || exit 1 +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= -# Check destination directory -DESTDIR="/var/www/$app" -[[ -d $DESTDIR ]] && ynh_die \ -"The destination directory '$DESTDIR' already exists.\ - You should safely delete it before restoring this app." +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" -# Check configuration files -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -[[ -f $nginx_conf ]] && ynh_die \ -"The NGINX configuration already exists at '${nginx_conf}'. - You should safely delete it before restoring this app." -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -[[ -f $phpfpm_conf ]] && ynh_die \ -"The PHP FPM configuration already exists at '${phpfpm_conf}'. - You should safely delete it before restoring this app." +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= -# Restore the app files and set permissions -sudo cp -a ./sources "$DESTDIR" -if ! id -u $app > /dev/null 2>&1 ; then - sudo useradd -c "$app system account" \ - -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ - || ynh_die "Unable to create $app system account" -fi -sudo chown -hR root: "$DESTDIR" -sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php} -sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php} +ynh_restore_file "$final_path" -# Create and restore the database -ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= -# Restore configuration files -sudo cp -a ./nginx.conf "$nginx_conf" -sudo cp -a ./php-fpm.conf "$phpfpm_conf" +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_mysql_setup_db $db_name $db_name $db_pwd +ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql -# Reload services -sudo service php5-fpm restart || true -sudo service nginx reload || true +#================================================= +# RECREATE THE DEDICATED USER +#================================================= + +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Set permissions +chown -R root: "$final_path" +chown $app "$final_path/Specific/"{config.php,config.system.php} + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= + +systemctl reload php5-fpm +systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index 4666b56..0cb8e8b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,82 +1,156 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= -# Retrieve app id app=$YNH_APP_INSTANCE_NAME -# Load common variables and helpers -. ./_common.sh +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -path=${path%/} +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= -# Set app specific variables -dbname=$app -dbuser=$app - -# Check destination directory -DESTDIR="/var/www/$app" -[[ ! -d $DESTDIR ]] && ynh_die \ -"The destination directory '$DESTDIR' does not exist.\ - The app is not correctly installed, you should remove it first." - -# Create tmp directory and fetch new app inside -TMPDIR=$(ynh_mkdir_tmp) -extract_baikal "$TMPDIR" - -# Get Specific folder from current installation -# FIXME: config.php and config.system.php are not updated with possible -# new or changed configurations -rm -rf "${TMPDIR}/Specific/*" -sudo cp -r "${DESTDIR}/Specific/"{config.php,config.system.php} "$TMPDIR/Specific" -sudo chown -hR "${USER}" "${TMPDIR}/Specific" - -# Run Baikal upgrade from tmp directory -cp -r ../sources/bin "$TMPDIR" -php "${TMPDIR}/bin/upgrade.sh" \ - || echo "The Baïkal upgrade failed, you should try to go to " \ - "https://${domain}${path}/admin/install" - -# Install new app and set permissions -if ! id -u $app > /dev/null 2>&1 ; then - sudo useradd -c "$app system account" \ - -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ - || ynh_die "Unable to create $app system account" +if [ -z $final_path ]; then # If final_path doesn't exist, create it + final_path="/var/www/$app" + ynh_app_setting_set $app final_path $final_path fi -sudo rm -rf "$DESTDIR" -sudo mv "$TMPDIR" "$DESTDIR" -sudo chown -hR root: "$DESTDIR" -sudo chown $app:root "$DESTDIR/Specific/"{config.php,config.system.php} -sudo chmod 640 "$DESTDIR/Specific/"{config.php,config.system.php} + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= + +ynh_backup_before_upgrade # Backup the current version of the app +ynh_clean_setup () { + ynh_restore_upgradebackup # restore it if the upgrade fails +} +ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée. + +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# UPGRADE BAIKAL +#================================================= + +# Run Baikal upgrade +php "${final_path}/bin/upgrade.sh" # Cleanup old baikal-admin sessions # since we may have changed owner of the session file -sudo grep -lr "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs sudo rm +grep -lr "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs rm -f -# Copy and set nginx configuration -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf -sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf -sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf -sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf "$nginx_conf" +#================================================= +# UPGRADE BAIKAL CONFIGURATION +#================================================= -# Copy and set php-fpm configuration -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf -sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf "$phpfpm_conf" +bk_conf="${final_path}/Specific/config.php" +# Verify the checksum and backup the file if it's different +ynh_backup_if_checksum_is_different "$bk_conf" +cp ../conf/config.php "$bk_conf" -# Set SSOwat rules +ynh_replace_string "#TIMEZONE#" "$(cat /etc/timezone)" "$bk_conf" + +password_hash=$(ynh_app_setting_get $app password_hash) +# If the password_hash is not in the app's config, recreate it from the password. +if [ -z "$password_hash" ]; then + password=$(ynh_app_setting_get $app password) + password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) + ynh_app_setting_set $app password_hash $password_hash +fi +ynh_replace_string "#PASSWORDHASH#" "${password_hash}" "$bk_conf" + +# Store the config file checksum into the app settings +ynh_store_file_checksum "$bk_conf" + +bk_conf="${final_path}/Specific/config.system.php" +# Verify the checksum and backup the file if it's different +ynh_backup_if_checksum_is_different "$bk_conf" +cp ../conf/config.system.php "$bk_conf" + +ynh_replace_string "#PATH#" "$path_url" "$bk_conf" +ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf" +ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf" +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf" + +deskey=$(ynh_app_setting_get $app deskey) +ynh_replace_string "#DESKEY#" "$deskey" "$bk_conf" + +# Store the config file checksum into the app settings +ynh_store_file_checksum "$bk_conf" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions +chown -R root: "$final_path" +chown $app "$final_path/Specific/"{config.php,config.system.php} +chmod 640 "$final_path/Specific/"{config.php,config.system.php} + +#================================================= +# SETUP SSOWAT +#================================================= + +# Allow public access on / ynh_app_setting_set "$app" skipped_uris "/" +# But restrain on /admin ynh_app_setting_set "$app" protected_uris "/admin/" -# Reload services -sudo service php5-fpm restart || true -sudo service nginx reload || true +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx diff --git a/sources/bin/upgrade.sh b/sources/extra_files/app/bin/upgrade.sh similarity index 100% rename from sources/bin/upgrade.sh rename to sources/extra_files/app/bin/upgrade.sh diff --git a/patches/add-ldap-auth.patch b/sources/patches/app-add-ldap-auth.patch similarity index 98% rename from patches/add-ldap-auth.patch rename to sources/patches/app-add-ldap-auth.patch index b4cb6ed..1a24d53 100644 --- a/patches/add-ldap-auth.patch +++ b/sources/patches/app-add-ldap-auth.patch @@ -1,4 +1,4 @@ ---- /dev/null +--- b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php +++ b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php @@ -0,0 +1,130 @@ + Date: Thu, 31 Aug 2017 19:56:58 +0200 Subject: [PATCH 13/53] Depend on YNH 2.7.2, remove helpers, minor changes --- manifest.json | 4 +- scripts/_common.sh | 152 --------------------------------------------- scripts/backup | 18 +++--- scripts/install | 4 +- scripts/remove | 12 ++-- scripts/restore | 12 ++-- scripts/upgrade | 4 +- 7 files changed, 27 insertions(+), 179 deletions(-) delete mode 100644 scripts/_common.sh diff --git a/manifest.json b/manifest.json index 55dd286..12a251e 100644 --- a/manifest.json +++ b/manifest.json @@ -7,7 +7,7 @@ "fr": "Serveur CalDAV+CardDAV léger" }, "url": "http://baikal-server.com/", - "license": "GPL-3", + "license": "GPL-3.0", "version": "0.4.6", "maintainer": { "name": "julien", @@ -20,7 +20,7 @@ "mysql" ], "requirements": { - "yunohost": ">= 2.6.4" + "yunohost": ">= 2.7.2" }, "arguments": { "install" : [ diff --git a/scripts/_common.sh b/scripts/_common.sh deleted file mode 100644 index 51d76c8..0000000 --- a/scripts/_common.sh +++ /dev/null @@ -1,152 +0,0 @@ - - -# ============================================================================= -# COMMON VARIABLES -# ============================================================================= - -# App package root directory should be the parent folder -# PKGDIR=$(cd ../; pwd) - -# ============================================================================= -# YUNOHOST 2.7 FORTHCOMING HELPERS -# ============================================================================= - -# Create a dedicated nginx config -# -# This will use a template in ../conf/nginx.conf -# __PATH__ by $path_url -# __DOMAIN__ by $domain -# __PORT__ by $port -# __NAME__ by $app -# __FINALPATH__ by $final_path -# -# usage: ynh_add_nginx_config -ynh_add_nginx_config () { - finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalnginxconf" - sudo cp ../conf/nginx.conf "$finalnginxconf" - - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if test -n "${path_url:-}"; then - ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf" - fi - if test -n "${domain:-}"; then - ynh_replace_string "__DOMAIN__" "$domain" "$finalnginxconf" - fi - if test -n "${port:-}"; then - ynh_replace_string "__PORT__" "$port" "$finalnginxconf" - fi - if test -n "${app:-}"; then - ynh_replace_string "__NAME__" "$app" "$finalnginxconf" - fi - if test -n "${final_path:-}"; then - ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf" - fi - ynh_store_file_checksum "$finalnginxconf" - - sudo systemctl reload nginx -} - -# Remove the dedicated nginx config -# -# usage: ynh_remove_nginx_config -ynh_remove_nginx_config () { - ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" - sudo systemctl reload nginx -} - -# Create a dedicated php-fpm config -# -# usage: ynh_add_fpm_config -ynh_add_fpm_config () { - finalphpconf="/etc/php5/fpm/pool.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalphpconf" - sudo cp ../conf/php-fpm.conf "$finalphpconf" - ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" - ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf" - ynh_replace_string "__USER__" "$app" "$finalphpconf" - sudo chown root: "$finalphpconf" - ynh_store_file_checksum "$finalphpconf" - - if [ -e "../conf/php-fpm.ini" ] - then - finalphpini="/etc/php5/fpm/conf.d/20-$app.ini" - ynh_backup_if_checksum_is_different "$finalphpini" - sudo cp ../conf/php-fpm.ini "$finalphpini" - sudo chown root: "$finalphpini" - ynh_store_file_checksum "$finalphpini" - fi - - sudo systemctl reload php5-fpm -} - -# Remove the dedicated php-fpm config -# -# usage: ynh_remove_fpm_config -ynh_remove_fpm_config () { - ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf" - ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" 2>&1 - sudo systemctl reload php5-fpm -} - -# Restore a previous backup if the upgrade process failed -# -# usage: -# ynh_backup_before_upgrade -# ynh_clean_setup () { -# ynh_restore_upgradebackup -# } -# ynh_abort_if_errors -# -ynh_restore_upgradebackup () { - echo "Upgrade failed." >&2 - app_bck=${app//_/-} # Replace all '_' by '-' - - # Check if an existing backup can be found before removing and restoring the application. - if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number - then - # Remove the application then restore it - sudo yunohost app remove $app - # Restore the backup - sudo yunohost backup restore --ignore-system $app_bck-pre-upgrade$backup_number --apps $app --force - ynh_die "The app was restored to the way it was before the failed upgrade." - fi -} - -# Make a backup in case of failed upgrade -# -# usage: -# ynh_backup_before_upgrade -# ynh_clean_setup () { -# ynh_restore_upgradebackup -# } -# ynh_abort_if_errors -# -ynh_backup_before_upgrade () { - backup_number=1 - old_backup_number=2 - app_bck=${app//_/-} # Replace all '_' by '-' - - # Check if a backup already exists with the prefix 1 - if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1 - then - # Prefix becomes 2 to preserve the previous backup - backup_number=2 - old_backup_number=1 - fi - - # Create backup - sudo yunohost backup create --ignore-system --apps $app --name $app_bck-pre-upgrade$backup_number - if [ "$?" -eq 0 ] - then - # If the backup succeeded, remove the previous backup - if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number - then - # Remove the previous backup only if it exists - sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null - fi - else - ynh_die "Backup failed, the upgrade process was aborted." - fi -} diff --git a/scripts/backup b/scripts/backup index 720cafa..c32acc2 100644 --- a/scripts/backup +++ b/scripts/backup @@ -13,12 +13,12 @@ set -eu # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +#if [ ! -e _common.sh ]; then +# # Get the _common.sh file if it's not in the current directory +# cp ../settings/scripts/_common.sh ./_common.sh +# chmod a+rx _common.sh +#fi +#source _common.sh source /usr/share/yunohost/helpers #================================================= @@ -38,19 +38,19 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd) # BACKUP THE APP MAIN DIR #================================================= -ynh_backup "$final_path" "${YNH_APP_BACKUP_DIR}$final_path" +ynh_backup "$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "${YNH_APP_BACKUP_DIR}/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_backup "/etc/php5/fpm/pool.d/$app.conf" "${YNH_APP_BACKUP_DIR}/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE diff --git a/scripts/install b/scripts/install index 256eb75..5bc8f3b 100644 --- a/scripts/install +++ b/scripts/install @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -source ./_common.sh +#source ./_common.sh source /usr/share/yunohost/helpers #================================================= @@ -114,7 +114,7 @@ ynh_store_file_checksum "$bk_conf" bk_conf="${final_path}/Specific/config.system.php" cp ../conf/config.system.php "$bk_conf" -ynh_replace_string "#PATH#" "$path_url" "$bk_conf" +ynh_replace_string "#PATH#" "$path_url" "$bk_conf" ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf" ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf" ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf" diff --git a/scripts/remove b/scripts/remove index e28b9cf..48e5bcf 100644 --- a/scripts/remove +++ b/scripts/remove @@ -6,13 +6,13 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get file fonction if not been to the current directory - sudo cp ../settings/scripts/_common.sh ./_common.sh - sudo chmod a+rx _common.sh -fi +#if [ ! -e _common.sh ]; then +# # Get file fonction if not been to the current directory +# sudo cp ../settings/scripts/_common.sh ./_common.sh +# sudo chmod a+rx _common.sh +#fi # Source app helpers -source _common.sh +#source _common.sh source /usr/share/yunohost/helpers #================================================= diff --git a/scripts/restore b/scripts/restore index 7bccedf..884e1e8 100644 --- a/scripts/restore +++ b/scripts/restore @@ -13,12 +13,12 @@ set -eu # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +#if [ ! -e _common.sh ]; then +# # Get the _common.sh file if it's not in the current directory +# cp ../settings/scripts/_common.sh ./_common.sh +# chmod a+rx _common.sh +#fi +#source _common.sh source /usr/share/yunohost/helpers #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 0cb8e8b..f2bec17 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -source _common.sh +#source _common.sh source /usr/share/yunohost/helpers #================================================= @@ -117,7 +117,7 @@ bk_conf="${final_path}/Specific/config.system.php" ynh_backup_if_checksum_is_different "$bk_conf" cp ../conf/config.system.php "$bk_conf" -ynh_replace_string "#PATH#" "$path_url" "$bk_conf" +ynh_replace_string "#PATH#" "$path_url" "$bk_conf" ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf" ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf" db_pwd=$(ynh_app_setting_get $app mysqlpwd) From 6fa823fa03facfdbf4fe7fa86f5fa401f9c47271 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 22 Sep 2017 22:39:17 +0200 Subject: [PATCH 14/53] fix db_name inexistant --- scripts/upgrade | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index f2bec17..f787e44 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -29,6 +29,11 @@ if [ -z $final_path ]; then # If final_path doesn't exist, create it ynh_app_setting_set $app final_path $final_path fi +if [ -z $db_name ]; then # If db_name doesn't exist, create it + db_name=$(ynh_sanitize_dbid $app) + ynh_app_setting_set $app db_name $db_name +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= From d1e1592c2e2560f01f436e8f4c0aedc5f0f8a360 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Tue, 19 Dec 2017 00:14:02 +0100 Subject: [PATCH 15/53] Fix fake patch... --- .../Baikal/Core/AbstractExternalAuth.php | 130 +++++++++++ .../Baikal/Core/LDAPUserBindAuth.php | 75 +++++++ sources/patches/app-add-ldap-auth.patch | 211 ------------------ 3 files changed, 205 insertions(+), 211 deletions(-) create mode 100644 sources/extra_files/app/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php create mode 100644 sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php diff --git a/sources/extra_files/app/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php b/sources/extra_files/app/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php new file mode 100644 index 0000000..e7859ea --- /dev/null +++ b/sources/extra_files/app/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php @@ -0,0 +1,130 @@ + + * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License + */ +abstract class AbstractExternalAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { + + /** + * enable autocreation of user + * + * @var PDO + */ + protected $enableAutoCreation; + + /** + * Reference to PDO connection + * + * @var PDO + */ + private $pdo; + + /** + * PDO table name we'll be using + * + * @var string + */ + private $tableName; + + /** + * Creates the backend object. + * + * If the filename argument is passed in, it will parse out the specified file fist. + * + * @param PDO $pdo + * @param string $realm + * @param string $tableName The PDO table name to use + */ + public function __construct(\PDO $pdo, $realm = 'BaikalDAV', $tableName = 'users') { + + $this->pdo = $pdo; + $this->tableName = $tableName; + $this->enableAutoCreation = true; + } + + /** + * Validates a username and password + * + * This method should return true or false depending on if login + * succeeded. + * + * @param string $username + * @param string $password + * @return bool + */ + public function validateUserPass($username, $password) { + + if (!$this->validateUserPassExternal($username, $password)) + return false; + + $this->currentUser = $username; + if ($this->enableAutoCreation) + $this->autoUserCreation($username); + + return true; + } + + /** + * Validates a username and password agains external backend + * + * This method should return true or false depending on if login + * succeeded. + * + * @param string $username + * @param string $password + * @return bool + */ + public abstract function validateUserPassExternal($username, $password); + + /** + * return the displayname and email from the external Backend + * + * @param string $username + * @return array ('displayname' => string, 'email' => string) + */ + public function getAccountValues($username) { + + return array(); + } + + /** + * create an internal user, when user not exists + * + * @param string $username + */ + private function autoUserCreation($username) { + + /* search user in DB and do nothing, when user exists */ + $stmt = $this->pdo->prepare('SELECT username FROM '.$this->tableName.' WHERE username = ?'); + $stmt->execute(array($username)); + $result = $stmt->fetchAll(); + if (count($result) != 0) + return; + + /* get account values from backend */ + $values = $this->getAccountValues($username); + if (!isset($values['displayname']) OR strlen($values['displayname']) === 0) + $values['displayname'] = $username; + if (!isset($values['email']) OR strlen($values['email']) === 0) { + if(filter_var($username, FILTER_VALIDATE_EMAIL)) + $values['email'] = $username; + else + $values['email'] = 'unset-mail'; + } + + /* create user */ + $user = new \Baikal\Model\User(); + $user->set('username', $username); + $user->set('displayname', $values['displayname']); + $user->set('email', $values['email']); + $user->persist(); + } + +} diff --git a/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php b/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php new file mode 100644 index 0000000..c491d8d --- /dev/null +++ b/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php @@ -0,0 +1,75 @@ + + * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License + */ +class LDAPUserBindAuth extends AbstractExternalAuth { + + /** + * AccountValues for getAccountValues + * + * @var array ('displayname' => string, 'email' => string) + */ + private $accountValues; + + /** + * Validates a username and password over ldap + * + * @param string $username + * @param string $password + * @return bool + */ + public function validateUserPassExternal($username, $password) { + + /* create ldap connection */ + $conn = ldap_connect(BAIKAL_DAV_LDAP_URI); + if (!$conn) + return false; + if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3)) + return false; + + /* bind with user + * error_handler have to change, because a failed bind raises an error + * this raise a secuity issue because in the stack trace is the password of user readable + */ + $arr = explode('@', $username, 2); + $dn = str_replace('%n', $username, BAIKAL_DAV_LDAP_DN_TEMPLATE); + $dn = str_replace('%u', $arr[0], $dn); + if(isset($arr[1])) $dn = str_replace('%d', $arr[1], $dn); + + set_error_handler("\Baikal\Core\LDAPUserBindAuth::exception_error_handler"); + $bind = ldap_bind($conn, $dn, $password); + restore_error_handler(); + if (!$bind) { + ldap_close($conn); + return false; + } + + /* read displayname and email from user */ + $this->accountValues = array(); + $sr = ldap_read($conn, $dn, '(objectclass=*)', array(BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR, BAIKAL_DAV_LDAP_EMAIL_ATTR)); + $entry = ldap_get_entries($conn, $sr); + if (isset($entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0])) + $this->accountValues['displayname'] = $entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0]; + if (isset($entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0])) + $this->accountValues['email'] = $entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0]; + + /* close */ + ldap_close($conn); + return true; + } + + public function getAccountValues($username) { + + return $this->accountValues; + } + + # WorkAround error_handler in failed bind of LDAP + public static function exception_error_handler($errno, $errstr, $errfile, $errline) { + } +} diff --git a/sources/patches/app-add-ldap-auth.patch b/sources/patches/app-add-ldap-auth.patch index 1a24d53..61dcc21 100644 --- a/sources/patches/app-add-ldap-auth.patch +++ b/sources/patches/app-add-ldap-auth.patch @@ -1,214 +1,3 @@ ---- b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php -+++ b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php -@@ -0,0 +1,130 @@ -+ -+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License -+ */ -+abstract class AbstractExternalAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { -+ -+ /** -+ * enable autocreation of user -+ * -+ * @var PDO -+ */ -+ protected $enableAutoCreation; -+ -+ /** -+ * Reference to PDO connection -+ * -+ * @var PDO -+ */ -+ private $pdo; -+ -+ /** -+ * PDO table name we'll be using -+ * -+ * @var string -+ */ -+ private $tableName; -+ -+ /** -+ * Creates the backend object. -+ * -+ * If the filename argument is passed in, it will parse out the specified file fist. -+ * -+ * @param PDO $pdo -+ * @param string $realm -+ * @param string $tableName The PDO table name to use -+ */ -+ public function __construct(\PDO $pdo, $realm = 'BaikalDAV', $tableName = 'users') { -+ -+ $this->pdo = $pdo; -+ $this->tableName = $tableName; -+ $this->enableAutoCreation = true; -+ } -+ -+ /** -+ * Validates a username and password -+ * -+ * This method should return true or false depending on if login -+ * succeeded. -+ * -+ * @param string $username -+ * @param string $password -+ * @return bool -+ */ -+ public function validateUserPass($username, $password) { -+ -+ if (!$this->validateUserPassExternal($username, $password)) -+ return false; -+ -+ $this->currentUser = $username; -+ if ($this->enableAutoCreation) -+ $this->autoUserCreation($username); -+ -+ return true; -+ } -+ -+ /** -+ * Validates a username and password agains external backend -+ * -+ * This method should return true or false depending on if login -+ * succeeded. -+ * -+ * @param string $username -+ * @param string $password -+ * @return bool -+ */ -+ public abstract function validateUserPassExternal($username, $password); -+ -+ /** -+ * return the displayname and email from the external Backend -+ * -+ * @param string $username -+ * @return array ('displayname' => string, 'email' => string) -+ */ -+ public function getAccountValues($username) { -+ -+ return array(); -+ } -+ -+ /** -+ * create an internal user, when user not exists -+ * -+ * @param string $username -+ */ -+ private function autoUserCreation($username) { -+ -+ /* search user in DB and do nothing, when user exists */ -+ $stmt = $this->pdo->prepare('SELECT username FROM '.$this->tableName.' WHERE username = ?'); -+ $stmt->execute(array($username)); -+ $result = $stmt->fetchAll(); -+ if (count($result) != 0) -+ return; -+ -+ /* get account values from backend */ -+ $values = $this->getAccountValues($username); -+ if (!isset($values['displayname']) OR strlen($values['displayname']) === 0) -+ $values['displayname'] = $username; -+ if (!isset($values['email']) OR strlen($values['email']) === 0) { -+ if(filter_var($username, FILTER_VALIDATE_EMAIL)) -+ $values['email'] = $username; -+ else -+ $values['email'] = 'unset-mail'; -+ } -+ -+ /* create user */ -+ $user = new \Baikal\Model\User(); -+ $user->set('username', $username); -+ $user->set('displayname', $values['displayname']); -+ $user->set('email', $values['email']); -+ $user->persist(); -+ } -+ -+} ---- b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php -+++ b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php -@@ -0,0 +1,75 @@ -+ -+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License -+ */ -+class LDAPUserBindAuth extends AbstractExternalAuth { -+ -+ /** -+ * AccountValues for getAccountValues -+ * -+ * @var array ('displayname' => string, 'email' => string) -+ */ -+ private $accountValues; -+ -+ /** -+ * Validates a username and password over ldap -+ * -+ * @param string $username -+ * @param string $password -+ * @return bool -+ */ -+ public function validateUserPassExternal($username, $password) { -+ -+ /* create ldap connection */ -+ $conn = ldap_connect(BAIKAL_DAV_LDAP_URI); -+ if (!$conn) -+ return false; -+ if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3)) -+ return false; -+ -+ /* bind with user -+ * error_handler have to change, because a failed bind raises an error -+ * this raise a secuity issue because in the stack trace is the password of user readable -+ */ -+ $arr = explode('@', $username, 2); -+ $dn = str_replace('%n', $username, BAIKAL_DAV_LDAP_DN_TEMPLATE); -+ $dn = str_replace('%u', $arr[0], $dn); -+ if(isset($arr[1])) $dn = str_replace('%d', $arr[1], $dn); -+ -+ set_error_handler("\Baikal\Core\LDAPUserBindAuth::exception_error_handler"); -+ $bind = ldap_bind($conn, $dn, $password); -+ restore_error_handler(); -+ if (!$bind) { -+ ldap_close($conn); -+ return false; -+ } -+ -+ /* read displayname and email from user */ -+ $this->accountValues = array(); -+ $sr = ldap_read($conn, $dn, '(objectclass=*)', array(BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR, BAIKAL_DAV_LDAP_EMAIL_ATTR)); -+ $entry = ldap_get_entries($conn, $sr); -+ if (isset($entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0])) -+ $this->accountValues['displayname'] = $entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0]; -+ if (isset($entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0])) -+ $this->accountValues['email'] = $entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0]; -+ -+ /* close */ -+ ldap_close($conn); -+ return true; -+ } -+ -+ public function getAccountValues($username) { -+ -+ return $this->accountValues; -+ } -+ -+ # WorkAround error_handler in failed bind of LDAP -+ public static function exception_error_handler($errno, $errstr, $errfile, $errline) { -+ } -+} diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php index 8026854..8d306fe 100644 --- a/Core/Frameworks/Baikal/Core/Server.php From 2eca5b8a533bc06bb672f608c0ec9a1480dabb3f Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Wed, 11 Apr 2018 21:13:53 +0200 Subject: [PATCH 16/53] Add upgrade from a previous commit --- check_process | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/check_process b/check_process index e3daf19..d1c8d52 100644 --- a/check_process +++ b/check_process @@ -11,6 +11,7 @@ setup_private=0 setup_public=0 upgrade=1 + upgrade=1 from_commit=1aea3f3c4943c83135f7f287e6ac10c03df56323 backup_restore=1 multi_instance=0 incorrect_path=1 @@ -32,3 +33,7 @@ ;;; Options Email= Notification=none +;;; Upgrade options + ; commit=1aea3f3c4943c83135f7f287e6ac10c03df56323 + name=Fix install + refactoring + manifest_arg=domain=DOMAIN&path=PATH&password=mysecret& From 91e2a791d038836bca962d0850c709c286c0eb88 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Mon, 28 May 2018 10:54:35 +0200 Subject: [PATCH 17/53] Create pull_request_template.md Duplicated from https://github.com/YunoHost-Apps/searx_ynh/pull/35, merged as a micro decision --- pull_request_template.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 pull_request_template.md diff --git a/pull_request_template.md b/pull_request_template.md new file mode 100644 index 0000000..ed96f9b --- /dev/null +++ b/pull_request_template.md @@ -0,0 +1,25 @@ +## Problem +- *Description of why you made this PR* + +## Solution +- *And how you fix that* + +## PR Status +- [ ] Code finished. +- [ ] Tested with Package_check. +- [ ] Fix or enhancement tested. +- [ ] Upgrade from last version tested. +- [ ] Can be reviewed and tested. + +## Validation +--- +*Minor decision* +- **Upgrade previous version** : +- [ ] **Code review** : +- [ ] **Approval (LGTM)** : +- [ ] **Approval (LGTM)** : +- **CI succeeded** : +[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20-BRANCH-%20(Official)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20-BRANCH-%20(Official)/) *Please replace '-BRANCH-' in this link for a PR from a local branch.* +or +[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20PR-NUM-%20(Official_fork)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20PR-NUM-%20(Official_fork)/) *Replace '-NUM-' by the PR number in this link for a PR from a forked repository.* +When the PR is marked as ready to merge, you have to wait for 3 days before really merging it. From 208550be45570f816f69f3b4810e66a23574dcbf Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Tue, 12 Feb 2019 17:55:33 +0100 Subject: [PATCH 18/53] Normalization from example_ynh --- README.md | 52 ++++++++++++++++++++++++++++++++++++++---- conf/config.php | 4 ++-- conf/config.system.php | 14 ++++++------ conf/nginx.conf | 9 +++++--- manifest.json | 5 +--- scripts/backup | 22 +++++++----------- scripts/install | 29 ++++++++++++----------- scripts/remove | 8 +------ scripts/restore | 21 +++++++---------- scripts/upgrade | 43 ++++++++++++++++++++-------------- 10 files changed, 120 insertions(+), 87 deletions(-) diff --git a/README.md b/README.md index 926274c..defaf4b 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,65 @@ -Baïkal for YunoHost -------------------- +# Baïkal for YunoHost +[![Integration level](https://dash.yunohost.org/integration/baikal.svg)](https://dash.yunohost.org/appci/app/baikal) +[![Install Baïkal with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=baikal) + +> *This package allow you to install Baïkal quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* + +## Overview [Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on sabre/dav, that includes an administration interface for easy management. **Shipped version:** 0.4.6 -## Features +## Screenshots + +## Demo + +* [YunoHost demo](https://demo.yunohost.org/baikal/admin/) + +## Configuration + +## Documentation + + * Official documentation: http://sabre.io/baikal/ + * YunoHost documentation: https://yunohost.org/#/app_baikal + +## YunoHost specific features In addition to Baïkal core features, the following are made available with this package: * Serve `/.well-known` paths for CalDAV and CardDAV on the domain -## TODO +#### Multi-users support - * Update `config.php` and `config.system.php` at upgrade +#### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/baikal%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/baikal/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/baikal%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/baikal/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/baikal%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/baikal/) + +## Limitations + +## Additional information ## Links + * Report a bug: https://github.com/YunoHost-Apps/baikal_ynh/issues * Baïkal website: http://baikal-server.com/ * YunoHost website: https://yunohost.org/ + +--- + +Developers infos +---------------- + +Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/baikal_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/baikal_ynh/tree/testing --debug +or +sudo yunohost app upgrade baikal -u https://github.com/YunoHost-Apps/baikal_ynh/tree/testing --debug +``` diff --git a/conf/config.php b/conf/config.php index 6fa21a3..960773b 100644 --- a/conf/config.php +++ b/conf/config.php @@ -32,7 +32,7 @@ # # Timezone of your users, if unsure, check http://en.wikipedia.org/wiki/List_of_tz_database_time_zones -define("PROJECT_TIMEZONE", '#TIMEZONE#'); +define("PROJECT_TIMEZONE", '__TIMEZONE__'); # CardDAV ON/OFF switch; default TRUE define("BAIKAL_CARD_ENABLED", TRUE); @@ -59,4 +59,4 @@ define("BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", 'cn'); define("BAIKAL_DAV_LDAP_EMAIL_ATTR", 'mail'); # Baïkal Web admin password hash; Set via Baïkal Web Admin -define("BAIKAL_ADMIN_PASSWORDHASH", '#PASSWORDHASH#'); +define("BAIKAL_ADMIN_PASSWORDHASH", '__PASSWORDHASH__'); diff --git a/conf/config.system.php b/conf/config.system.php index c0cb660..9b0be7c 100644 --- a/conf/config.system.php +++ b/conf/config.system.php @@ -39,13 +39,13 @@ define("BAIKAL_AUTH_REALM", 'BaikalDAV'); # Should begin and end with a "/" -define("BAIKAL_CARD_BASEURI", "#PATH#/card.php/"); +define("BAIKAL_CARD_BASEURI", "__PATH__/card.php/"); # Should begin and end with a "/" -define("BAIKAL_CAL_BASEURI", "#PATH#/cal.php/"); +define("BAIKAL_CAL_BASEURI", "__PATH__/cal.php/"); # Should begin and end with a "/" -define("BAIKAL_DAV_BASEURI", "#PATH#/dav.php/"); +define("BAIKAL_DAV_BASEURI", "__PATH__/dav.php/"); # Define path to Baïkal Database SQLite file define("PROJECT_SQLITE_FILE", PROJECT_PATH_SPECIFIC . "db/db.sqlite"); @@ -57,16 +57,16 @@ define("PROJECT_DB_MYSQL", TRUE); define("PROJECT_DB_MYSQL_HOST", 'localhost'); # MySQL > Database name -define("PROJECT_DB_MYSQL_DBNAME", '#DBNAME#'); +define("PROJECT_DB_MYSQL_DBNAME", '__DBNAME__'); # MySQL > Username -define("PROJECT_DB_MYSQL_USERNAME", '#DBUSER#'); +define("PROJECT_DB_MYSQL_USERNAME", '__DBUSER__'); # MySQL > Password -define("PROJECT_DB_MYSQL_PASSWORD", '#DBPASS#'); +define("PROJECT_DB_MYSQL_PASSWORD", '__DBPASS__'); # A random 32 bytes key that will be used to encrypt data -define("BAIKAL_ENCRYPTION_KEY", '#DESKEY#'); +define("BAIKAL_ENCRYPTION_KEY", '__DESKEY__'); # The currently configured Baïkal version define("BAIKAL_CONFIGURED_VERSION", '0.4.6'); diff --git a/conf/nginx.conf b/conf/nginx.conf index c3b5621..3d33380 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,12 +5,15 @@ location = /.well-known/caldav { return 301 https://$server_name__PATH__/cal.php; } -location __PATH__ { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + + # Path to source alias __FINALPATH__/html/; + # Force usage of https if ($scheme = http) { - return 301 https://$server_name$request_uri; -# rewrite ^ https://$server_name$request_uri? permanent; + rewrite ^ https://$server_name$request_uri? permanent; } index index.php; diff --git a/manifest.json b/manifest.json index 12a251e..b332a70 100644 --- a/manifest.json +++ b/manifest.json @@ -6,9 +6,9 @@ "en": "Lightweight CalDAV+CardDAV server", "fr": "Serveur CalDAV+CardDAV léger" }, + "version": "0.4.6", "url": "http://baikal-server.com/", "license": "GPL-3.0", - "version": "0.4.6", "maintainer": { "name": "julien", "email": "julien.malik@paraiso.me" @@ -19,9 +19,6 @@ "php5-fpm", "mysql" ], - "requirements": { - "yunohost": ">= 2.7.2" - }, "arguments": { "install" : [ { diff --git a/scripts/backup b/scripts/backup index c32acc2..7c2ad47 100644 --- a/scripts/backup +++ b/scripts/backup @@ -2,25 +2,20 @@ #================================================= # GENERIC START -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit on command errors and treat access to unset variables as an error -set -eu - #================================================= # IMPORT GENERIC HELPERS #================================================= -#if [ ! -e _common.sh ]; then -# # Get the _common.sh file if it's not in the current directory -# cp ../settings/scripts/_common.sh ./_common.sh -# chmod a+rx _common.sh -#fi -#source _common.sh +# source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # LOAD SETTINGS #================================================= @@ -30,7 +25,6 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app domain) db_name=$(ynh_app_setting_get $app db_name) -db_pwd=$(ynh_app_setting_get $app mysqlpwd) #================================================= # STANDARD BACKUP STEPS diff --git a/scripts/install b/scripts/install index 5bc8f3b..f34b98c 100644 --- a/scripts/install +++ b/scripts/install @@ -30,14 +30,12 @@ app=$YNH_APP_INSTANCE_NAME # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -# Normalize the url path syntax -path_url=$(ynh_normalize_url_path $path_url) - final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Check web path availability -ynh_webpath_available $domain $path_url +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) + # Register (book) web path ynh_webpath_register $app $domain $path_url @@ -103,10 +101,10 @@ ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ bk_conf="${final_path}/Specific/config.php" cp ../conf/config.php "$bk_conf" -ynh_replace_string "#TIMEZONE#" "$(cat /etc/timezone)" "$bk_conf" +ynh_replace_string "__TIMEZONE__" "$(cat /etc/timezone)" "$bk_conf" # Create admin password hash password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) -ynh_replace_string "#PASSWORDHASH#" "${password_hash}" "$bk_conf" +ynh_replace_string "__PASSWORDHASH__" "${password_hash}" "$bk_conf" ynh_app_setting_set $app password_hash $password_hash # Store the config file checksum into the app settings @@ -114,14 +112,15 @@ ynh_store_file_checksum "$bk_conf" bk_conf="${final_path}/Specific/config.system.php" cp ../conf/config.system.php "$bk_conf" -ynh_replace_string "#PATH#" "$path_url" "$bk_conf" -ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf" -ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf" -ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf" + +ynh_replace_string "__PATH__" "$path_url" "$bk_conf" +ynh_replace_string "__DBNAME__" "$db_name" "$bk_conf" +ynh_replace_string "__DBUSER__" "$db_name" "$bk_conf" +ynh_replace_string "__DBPASS__" "$db_pwd" "$bk_conf" deskey=$(ynh_string_random 24) -ynh_app_setting_set "$app" encrypt_key "$deskey" -ynh_replace_string "#DESKEY#" "$deskey" "$bk_conf" +ynh_app_setting_set $app encrypt_key "$deskey" +ynh_replace_string "__DESKEY__" "$deskey" "$bk_conf" # Store the config file checksum into the app settings ynh_store_file_checksum "$bk_conf" @@ -145,9 +144,9 @@ chmod 640 "$final_path/Specific/"{config.php,config.system.php} #================================================= # Allow public access on / -ynh_app_setting_set "$app" skipped_uris "/" +ynh_app_setting_set $app skipped_uris "/" # But restrain on /admin -ynh_app_setting_set "$app" protected_uris "/admin/" +ynh_app_setting_set $app protected_uris "/admin/" #================================================= # RELOAD NGINX diff --git a/scripts/remove b/scripts/remove index 48e5bcf..73d2504 100644 --- a/scripts/remove +++ b/scripts/remove @@ -6,13 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#if [ ! -e _common.sh ]; then -# # Get file fonction if not been to the current directory -# sudo cp ../settings/scripts/_common.sh ./_common.sh -# sudo chmod a+rx _common.sh -#fi -# Source app helpers -#source _common.sh +# source _common.sh source /usr/share/yunohost/helpers #================================================= diff --git a/scripts/restore b/scripts/restore index 884e1e8..fef4160 100644 --- a/scripts/restore +++ b/scripts/restore @@ -2,25 +2,20 @@ #================================================= # GENERIC START -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit on command errors and treat access to unset variables as an error -set -eu - #================================================= # IMPORT GENERIC HELPERS #================================================= -#if [ ! -e _common.sh ]; then -# # Get the _common.sh file if it's not in the current directory -# cp ../settings/scripts/_common.sh ./_common.sh -# chmod a+rx _common.sh -#fi -#source _common.sh +# source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # LOAD SETTINGS #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index f787e44..d80deed 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,12 +24,14 @@ db_name=$(ynh_app_setting_get $app db_name) # ENSURE DOWNWARD COMPATIBILITY #================================================= -if [ -z $final_path ]; then # If final_path doesn't exist, create it - final_path="/var/www/$app" +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path=/var/www/$app ynh_app_setting_set $app final_path $final_path fi -if [ -z $db_name ]; then # If db_name doesn't exist, create it +# If db_name doesn't exist, create it +if [ -z $db_name ]; then db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name fi @@ -38,11 +40,14 @@ fi # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_backup_before_upgrade # Backup the current version of the app +# Backup the current version of the app +ynh_backup_before_upgrade ynh_clean_setup () { - ynh_restore_upgradebackup # restore it if the upgrade fails + # restore it if the upgrade fails + ynh_restore_upgradebackup } -ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée. +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors #================================================= # CHECK THE PATH @@ -71,7 +76,7 @@ ynh_add_nginx_config # CREATE DEDICATED USER #================================================= -# Create a system user +# Create a dedicated user (if not existing) ynh_system_user_create $app #================================================= @@ -92,18 +97,20 @@ php "${final_path}/bin/upgrade.sh" # Cleanup old baikal-admin sessions # since we may have changed owner of the session file -grep -lr "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs rm -f +grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs rm -f #================================================= # UPGRADE BAIKAL CONFIGURATION #================================================= bk_conf="${final_path}/Specific/config.php" + # Verify the checksum and backup the file if it's different ynh_backup_if_checksum_is_different "$bk_conf" + cp ../conf/config.php "$bk_conf" -ynh_replace_string "#TIMEZONE#" "$(cat /etc/timezone)" "$bk_conf" +ynh_replace_string "__TIMEZONE__" "$(cat /etc/timezone)" "$bk_conf" password_hash=$(ynh_app_setting_get $app password_hash) # If the password_hash is not in the app's config, recreate it from the password. @@ -112,24 +119,26 @@ if [ -z "$password_hash" ]; then password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) ynh_app_setting_set $app password_hash $password_hash fi -ynh_replace_string "#PASSWORDHASH#" "${password_hash}" "$bk_conf" +ynh_replace_string "__PASSWORDHASH__" "${password_hash}" "$bk_conf" # Store the config file checksum into the app settings ynh_store_file_checksum "$bk_conf" bk_conf="${final_path}/Specific/config.system.php" + # Verify the checksum and backup the file if it's different ynh_backup_if_checksum_is_different "$bk_conf" + cp ../conf/config.system.php "$bk_conf" -ynh_replace_string "#PATH#" "$path_url" "$bk_conf" -ynh_replace_string "#DBNAME#" "$db_name" "$bk_conf" -ynh_replace_string "#DBUSER#" "$db_name" "$bk_conf" +ynh_replace_string "__PATH__" "$path_url" "$bk_conf" +ynh_replace_string "__DBNAME__" "$db_name" "$bk_conf" +ynh_replace_string "__DBUSER__" "$db_name" "$bk_conf" db_pwd=$(ynh_app_setting_get $app mysqlpwd) -ynh_replace_string "#DBPASS#" "$db_pwd" "$bk_conf" +ynh_replace_string "__DBPASS__" "$db_pwd" "$bk_conf" deskey=$(ynh_app_setting_get $app deskey) -ynh_replace_string "#DESKEY#" "$deskey" "$bk_conf" +ynh_replace_string "__DESKEY__" "$deskey" "$bk_conf" # Store the config file checksum into the app settings ynh_store_file_checksum "$bk_conf" @@ -150,9 +159,9 @@ chmod 640 "$final_path/Specific/"{config.php,config.system.php} #================================================= # Allow public access on / -ynh_app_setting_set "$app" skipped_uris "/" +ynh_app_setting_set $app skipped_uris "/" # But restrain on /admin -ynh_app_setting_set "$app" protected_uris "/admin/" +ynh_app_setting_set $app protected_uris "/admin/" #================================================= # RELOAD NGINX From 7b438c50744d51d006b16243948d799ae682c694 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Tue, 12 Feb 2019 17:56:21 +0100 Subject: [PATCH 19/53] Use php7 --- conf/nginx.conf | 2 +- conf/php-fpm.conf | 416 +++++++++++++++++++++++++++++++++++++++++++--- manifest.json | 5 +- scripts/backup | 2 +- scripts/restore | 4 +- scripts/upgrade | 2 +- 6 files changed, 398 insertions(+), 33 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 3d33380..8807793 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -23,7 +23,7 @@ location __PATH__/ { fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; } location ~ ^__PATH__/(\.|Core|Specific) { diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 3e23b7b..6736bea 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,68 +1,430 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) [__NAMETOCHANGE__] -; The address on which to accept FastCGI requests. -listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock -; Set permissions for unix socket, if one is used. -listen.owner = www-data -listen.group = www-data -listen.mode = 0600 +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool -; Unix user/group of processes. +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. user = __USER__ group = __USER__ +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + ; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. pm = dynamic ; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. pm.max_children = 6 ; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 pm.start_servers = 3 ; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' pm.min_spare_servers = 3 ; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' pm.max_spare_servers = 5 +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + ; The number of requests each child process should execute before respawning. -pm.max_requests = 500 +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. -pm.status_path = /fpm-status +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.0/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status ; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. -ping.path = /ping +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping -; The timeout for serving a single request after which the worker process will -; be killed. -request_terminate_timeout = 1d +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. -request_slowlog_timeout = 5s +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 -; The log file for slow requests. -slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d ; Set open file descriptor rlimit. -rlimit_files = 4096 +; Default Value: system defined value +;rlimit_files = 1024 ; Set max core size rlimit. -rlimit_core = 0 +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = ; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot chdir = __FINALPATH__ -; Redirect worker stdout and stderr into main error log. -catch_workers_output = yes +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes -; Do not clear environment in FPM workers. -clear_env = no +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no -; Additional php.ini defines, specific to this pool of workers. -; ... +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M + +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On diff --git a/manifest.json b/manifest.json index b332a70..7530005 100644 --- a/manifest.json +++ b/manifest.json @@ -13,10 +13,13 @@ "name": "julien", "email": "julien.malik@paraiso.me" }, + "requirements": { + "yunohost": ">= 3.0" + }, "multi_instance": false, "services": [ "nginx", - "php5-fpm", + "php7.0-fpm", "mysql" ], "arguments": { diff --git a/scripts/backup b/scripts/backup index 7c2ad47..e96b150 100644 --- a/scripts/backup +++ b/scripts/backup @@ -44,7 +44,7 @@ ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE diff --git a/scripts/restore b/scripts/restore index fef4160..e2542bc 100644 --- a/scripts/restore +++ b/scripts/restore @@ -77,7 +77,7 @@ chown $app "$final_path/Specific/"{config.php,config.system.php} # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # GENERIC FINALIZATION @@ -85,5 +85,5 @@ ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" # RELOAD NGINX AND PHP-FPM #================================================= -systemctl reload php5-fpm +systemctl reload php7.0-fpm systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index d80deed..c50b32e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -97,7 +97,7 @@ php "${final_path}/bin/upgrade.sh" # Cleanup old baikal-admin sessions # since we may have changed owner of the session file -grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php5/sessions | xargs rm -f +grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php/sessions | xargs rm -f #================================================= # UPGRADE BAIKAL CONFIGURATION From 18c99fbf31c7043f34a68b206d85c10a3eaf95d1 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 17 Feb 2019 20:54:18 +0100 Subject: [PATCH 20/53] Add progression with ynh_print_info --- manifest.json | 2 +- scripts/backup | 11 +++++++++++ scripts/install | 16 ++++++++++++++++ scripts/remove | 12 ++++++++++++ scripts/restore | 12 ++++++++++++ scripts/upgrade | 17 +++++++++++++++++ 6 files changed, 69 insertions(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 7530005..ffc5821 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Lightweight CalDAV+CardDAV server", "fr": "Serveur CalDAV+CardDAV léger" }, - "version": "0.4.6", + "version": "0.4.6~ynh1", "url": "http://baikal-server.com/", "license": "GPL-3.0", "maintainer": { diff --git a/scripts/backup b/scripts/backup index e96b150..9a7aca7 100644 --- a/scripts/backup +++ b/scripts/backup @@ -19,6 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -31,23 +32,33 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # BACKUP THE APP MAIN DIR #================================================= +ynh_print_info "Backing up the main app directory..." ynh_backup "$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= +ynh_print_info "Backing up nginx web server configuration..." ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Backing up php-fpm configuration..." ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE #================================================= +ynh_print_info "Backing up the MySQL database..." ynh_mysql_dump_db "$db_name" > db.sql + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/install b/scripts/install index f34b98c..075beb9 100644 --- a/scripts/install +++ b/scripts/install @@ -29,6 +29,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_print_info "Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" @@ -42,6 +43,7 @@ ynh_webpath_register $app $domain $path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Storing installation settings..." ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path_url @@ -51,6 +53,7 @@ ynh_app_setting_set $app path $path_url #================================================= # CREATE A MYSQL DATABASE #================================================= +ynh_print_info "Creating a MySQL database..." db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name @@ -59,6 +62,7 @@ ynh_mysql_setup_db $db_name $db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_print_info "Setting up source files..." ynh_app_setting_set $app final_path $final_path # Download, check integrity, uncompress and patch the source from app.src @@ -67,6 +71,7 @@ ynh_setup_source "$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Configuring nginx web server..." # Create a dedicated nginx config ynh_add_nginx_config @@ -74,6 +79,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Configuring system user..." # Create a system user ynh_system_user_create $app @@ -81,6 +87,7 @@ ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Configuring php-fpm..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -90,6 +97,7 @@ ynh_add_fpm_config #================================================= # INITIALIZE DATABASE #================================================= +ynh_print_info "Configuring baikal..." ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ < "${final_path}/Core/Resources/Db/MySQL/db.sql" @@ -142,6 +150,7 @@ chmod 640 "$final_path/Specific/"{config.php,config.system.php} #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Configuring SSOwat..." # Allow public access on / ynh_app_setting_set $app skipped_uris "/" @@ -151,5 +160,12 @@ ynh_app_setting_set $app protected_uris "/admin/" #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index 73d2504..f9e41eb 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,6 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -24,6 +25,7 @@ final_path=$(ynh_app_setting_get $app final_path) #================================================= # REMOVE THE MYSQL DATABASE #================================================= +ynh_print_info "Removing the MySQL database" # Remove a database if it exists, along with the associated user ynh_mysql_remove_db $db_name $db_name @@ -31,6 +33,7 @@ ynh_mysql_remove_db $db_name $db_name #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_print_info "Removing app main directory" # Remove the app directory securely ynh_secure_remove "$final_path" @@ -38,6 +41,7 @@ ynh_secure_remove "$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_print_info "Removing nginx web server configuration" # Remove the dedicated nginx config ynh_remove_nginx_config @@ -45,6 +49,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Removing php-fpm configuration" # Remove the dedicated php-fpm config ynh_remove_fpm_config @@ -54,6 +59,13 @@ ynh_remove_fpm_config #================================================= # REMOVE DEDICATED USER #================================================= +ynh_print_info "Removing the dedicated system user" # Delete a system user ynh_system_user_delete $app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index e2542bc..02cc555 100644 --- a/scripts/restore +++ b/scripts/restore @@ -19,6 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading settings..." app=$YNH_APP_INSTANCE_NAME @@ -30,6 +31,7 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_print_info "Validating restoration parameters..." ynh_webpath_available $domain $path_url \ || ynh_die "Path not available: ${domain}${path_url}" @@ -47,12 +49,14 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= +ynh_print_info "Restoring the app main directory..." ynh_restore_file "$final_path" #================================================= # RESTORE THE MYSQL DATABASE #================================================= +ynh_print_info "Restoring the MySQL database..." db_pwd=$(ynh_app_setting_get $app mysqlpwd) ynh_mysql_setup_db $db_name $db_name $db_pwd @@ -61,6 +65,7 @@ ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql #================================================= # RECREATE THE DEDICATED USER #================================================= +ynh_print_info "Recreating the dedicated system user..." # Create the dedicated user (if not existing) ynh_system_user_create $app @@ -84,6 +89,13 @@ ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # RELOAD NGINX AND PHP-FPM #================================================= +ynh_print_info "Reloading nginx web server and php-fpm..." systemctl reload php7.0-fpm systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index c50b32e..e60c547 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,6 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -23,6 +24,7 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= +ynh_print_info "Ensuring downward compatibility..." # If final_path doesn't exist, create it if [ -z $final_path ]; then @@ -39,6 +41,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= +ynh_print_info "Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -61,6 +64,7 @@ path_url=$(ynh_normalize_url_path $path_url) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_print_info "Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" @@ -68,6 +72,7 @@ ynh_setup_source "$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config @@ -75,6 +80,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create $app @@ -82,6 +88,7 @@ ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Upgrading php-fpm configuration..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -91,6 +98,7 @@ ynh_add_fpm_config #================================================= # UPGRADE BAIKAL #================================================= +ynh_print_info "Upgrading baikal..." # Run Baikal upgrade php "${final_path}/bin/upgrade.sh" @@ -102,6 +110,7 @@ grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php/sessions | xa #================================================= # UPGRADE BAIKAL CONFIGURATION #================================================= +ynh_print_info "Upgrading baikal configuration..." bk_conf="${final_path}/Specific/config.php" @@ -157,6 +166,7 @@ chmod 640 "$final_path/Specific/"{config.php,config.system.php} #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Upgrading SSOwat configuration..." # Allow public access on / ynh_app_setting_set $app skipped_uris "/" @@ -166,5 +176,12 @@ ynh_app_setting_set $app protected_uris "/admin/" #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Upgrade of $app completed" From b0f753d23b8528e4fd44f797d5a03364b0e20010 Mon Sep 17 00:00:00 2001 From: Kayou Date: Wed, 20 Mar 2019 09:51:20 +0100 Subject: [PATCH 21/53] Bump version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index ffc5821..2e9cf5f 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "julien.malik@paraiso.me" }, "requirements": { - "yunohost": ">= 3.0" + "yunohost": ">= 3.2.0" }, "multi_instance": false, "services": [ From 5924300c6ba65ffcdee38dea0b32a4c0c71c85c8 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 24 Mar 2019 16:45:03 +0100 Subject: [PATCH 22/53] Update pull_request_template.md --- pull_request_template.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pull_request_template.md b/pull_request_template.md index ed96f9b..03e0689 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -19,7 +19,6 @@ - [ ] **Approval (LGTM)** : - [ ] **Approval (LGTM)** : - **CI succeeded** : -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20-BRANCH-%20(Official)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20-BRANCH-%20(Official)/) *Please replace '-BRANCH-' in this link for a PR from a local branch.* -or -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20PR-NUM-%20(Official_fork)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20PR-NUM-%20(Official_fork)/) *Replace '-NUM-' by the PR number in this link for a PR from a forked repository.* +[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20PR-NUM-/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20PR-NUM-/) +*Please replace '-NUM-' in this link by the PR number.* When the PR is marked as ready to merge, you have to wait for 3 days before really merging it. From 83a13b6312de2b529a145c18c84ccdf3a7bb753a Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Mon, 15 Apr 2019 20:56:14 +0200 Subject: [PATCH 23/53] Move from ci-apps-dev to ci-apps-hq --- pull_request_template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pull_request_template.md b/pull_request_template.md index 03e0689..eb2a30e 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -19,6 +19,6 @@ - [ ] **Approval (LGTM)** : - [ ] **Approval (LGTM)** : - **CI succeeded** : -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20PR-NUM-/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/baikal_ynh%20PR-NUM-/) +[![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/baikal_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/baikal_ynh%20PR-NUM-/) *Please replace '-NUM-' in this link by the PR number.* When the PR is marked as ready to merge, you have to wait for 3 days before really merging it. From 24b1e25f80fbc688657b3efe97d3ba65ef2040b3 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 5 May 2019 19:29:59 +0200 Subject: [PATCH 24/53] Handle well-known conflict --- scripts/_common.sh | 35 +++++++++++++++++++++++++++++++++++ scripts/install | 8 +++++++- scripts/restore | 8 +++++++- 3 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 scripts/_common.sh diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..0a018dc --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +# Check if an URL is already handled +# usage: is_url_handled URL +is_url_handled() { + # Declare an array to define the options of this helper. + declare -Ar args_array=( [u]=url= ) + local url + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # Try to get the url with curl, and keep the http code and an eventual redirection url. + local curl_output="$(curl --insecure --silent --output /dev/null \ + --write-out '%{http_code};%{redirect_url}' "$url")" + + # Cut the output and keep only the first part to keep the http code + local http_code="${curl_output%%;*}" + # Do the same thing but keep the second part, the redirection url + local redirection="${curl_output#*;}" + + # Return 1 if the url isn't handled. + # Which means either curl got a 404 (or the admin) or the sso. + # A handled url should redirect to a publicly accessible url. + # Return 1 if the url has returned 404 + if [ "$http_code" = "404" ] || [[ $redirection =~ "/yunohost/admin" ]]; then + return 1 + # Return 1 if the url is redirected to the SSO + elif [[ $redirection =~ "/yunohost/sso" ]]; then + return 1 + fi +} diff --git a/scripts/install b/scripts/install index 075beb9..f027e99 100644 --- a/scripts/install +++ b/scripts/install @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#source ./_common.sh +source ./_common.sh source /usr/share/yunohost/helpers #================================================= @@ -40,6 +40,12 @@ path_url=$(ynh_normalize_url_path $path_url) # Register (book) web path ynh_webpath_register $app $domain $path_url +# Check if .well-known is available for this domain. +if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" +then + ynh_die --message="Another app already uses the domain $domain to serve a caldav/carddav feature. Please use another domain." +fi + #================================================= # STORE SETTINGS FROM MANIFEST #================================================= diff --git a/scripts/restore b/scripts/restore index 02cc555..2f4592a 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -# source ../settings/scripts/_common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -38,6 +38,12 @@ ynh_webpath_available $domain $path_url \ test ! -d $final_path \ || ynh_die "There is already a directory: $final_path " +# Check if .well-known is available for this domain. +if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" +then + ynh_die --message="Another app already uses the domain $domain to serve a caldav/carddav feature. Please use another domain." +fi + #================================================= # STANDARD RESTORATION STEPS #================================================= From 4d78443b1d901a42635df441d60f8a974a814793 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 5 May 2019 20:24:46 +0200 Subject: [PATCH 25/53] Add change_url script --- check_process | 2 +- scripts/_common.sh | 35 ++++++++++++++ scripts/change_url | 114 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 150 insertions(+), 1 deletion(-) create mode 100644 scripts/_common.sh create mode 100644 scripts/change_url diff --git a/check_process b/check_process index d1c8d52..411ac7a 100644 --- a/check_process +++ b/check_process @@ -16,7 +16,7 @@ multi_instance=0 incorrect_path=1 port_already_use=0 - change_url=0 + change_url=1 ;;; Levels Level 1=auto Level 2=auto diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..0a018dc --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +# Check if an URL is already handled +# usage: is_url_handled URL +is_url_handled() { + # Declare an array to define the options of this helper. + declare -Ar args_array=( [u]=url= ) + local url + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # Try to get the url with curl, and keep the http code and an eventual redirection url. + local curl_output="$(curl --insecure --silent --output /dev/null \ + --write-out '%{http_code};%{redirect_url}' "$url")" + + # Cut the output and keep only the first part to keep the http code + local http_code="${curl_output%%;*}" + # Do the same thing but keep the second part, the redirection url + local redirection="${curl_output#*;}" + + # Return 1 if the url isn't handled. + # Which means either curl got a 404 (or the admin) or the sso. + # A handled url should redirect to a publicly accessible url. + # Return 1 if the url has returned 404 + if [ "$http_code" = "404" ] || [[ $redirection =~ "/yunohost/admin" ]]; then + return 1 + # Return 1 if the url is redirected to the SSO + elif [[ $redirection =~ "/yunohost/sso" ]]; then + return 1 + fi +} diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..4cb7436 --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,114 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=2 + +# Needed for helper "ynh_add_nginx_config" +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +#================================================= +# CHECK IF THE APP CAN BE MOVED WITH THESE ARGS +#================================================= + +if [ $change_domain -eq 1 ] +then + # Check if .well-known is available for the new domain. + if is_url_handled "https://$new_domain/.well-known/caldav" || is_url_handled "https://$new_domain/.well-known/carddav" + then + ynh_die --message="Another app already uses the domain $new_domain to serve a caldav/carddav feature. Please use another domain." + fi +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_script_progression --message="Updating nginx web server configuration..." --weight=2 + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the nginx config file +if [ $change_path -eq 1 ] +then + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different --file="$nginx_conf_path" + # Set global variables for nginx helper + domain="$old_domain" + path_url="$new_path" + # Create a dedicated nginx config + ynh_add_nginx_config +fi + +# Change the domain for nginx +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum --file="$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +#================================================= +# SPECIFIC MODIFICATIONS +#================================================= +# UPDATE CONFIGURATION +#================================================= +ynh_script_progression --message="Updating baikal configuration..." + +ynh_replace_string --match_string="_BASEURI\", \"$old_path" --replace_string="_BASEURI\", \"$new_path" --target_file="${final_path}/Specific/config.system.php" + +#================================================= +# GENERIC FINALISATION +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading nginx web server..." + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --last From 71dad30c5bcd6eea7d0564d28587dc396272e003 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 5 May 2019 21:02:57 +0200 Subject: [PATCH 26/53] Normalization from example_ynh --- README.md | 7 ++- check_process | 13 +--- scripts/backup | 26 ++++---- scripts/install | 71 +++++++++++----------- scripts/remove | 26 ++++---- scripts/restore | 46 +++++++-------- scripts/upgrade | 154 ++++++++++++++++++++++++++---------------------- 7 files changed, 172 insertions(+), 171 deletions(-) diff --git a/README.md b/README.md index defaf4b..4cfb09f 100644 --- a/README.md +++ b/README.md @@ -36,9 +36,9 @@ this package: #### Supported architectures -* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/baikal%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/baikal/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/baikal%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/baikal/) -* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/baikal%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/baikal/) +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/baikal/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/baikal/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/baikal%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/baikal/) ## Limitations @@ -48,6 +48,7 @@ this package: * Report a bug: https://github.com/YunoHost-Apps/baikal_ynh/issues * Baïkal website: http://baikal-server.com/ + * Upstream app repository: https://github.com/sabre-io/Baikal * YunoHost website: https://yunohost.org/ --- diff --git a/check_process b/check_process index d1c8d52..e5663fe 100644 --- a/check_process +++ b/check_process @@ -18,18 +18,7 @@ port_already_use=0 change_url=0 ;;; Levels - Level 1=auto - Level 2=auto - Level 3=auto -# Patch add-ldap-auth - Level 4=1 -# https://github.com/YunoHost-Apps/baikal_ynh/issues/19 - Level 5=1 - Level 6=auto - Level 7=auto - Level 8=0 - Level 9=0 - Level 10=0 + Level 5=auto ;;; Options Email= Notification=none diff --git a/scripts/backup b/scripts/backup index 9a7aca7..a9a89a1 100644 --- a/scripts/backup +++ b/scripts/backup @@ -19,46 +19,46 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -final_path=$(ynh_app_setting_get $app final_path) -domain=$(ynh_app_setting_get $app domain) -db_name=$(ynh_app_setting_get $app db_name) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= # STANDARD BACKUP STEPS #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_print_info "Backing up the main app directory..." +ynh_script_progression --message="Backing up the main app directory..." -ynh_backup "$final_path" +ynh_backup --src_path="$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_print_info "Backing up nginx web server configuration..." +ynh_script_progression --message="Backing up nginx web server configuration..." -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Backing up php-fpm configuration..." +ynh_script_progression --message="Backing up php-fpm configuration..." -ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE #================================================= -ynh_print_info "Backing up the MySQL database..." +ynh_script_progression --message="Backing up the MySQL database..." -ynh_mysql_dump_db "$db_name" > db.sql +ynh_mysql_dump_db --database="$db_name" > db.sql #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last diff --git a/scripts/install b/scripts/install index 075beb9..84ef3db 100644 --- a/scripts/install +++ b/scripts/install @@ -29,49 +29,46 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_print_info "Validating installation parameters..." +ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Normalize the url path syntax -path_url=$(ynh_normalize_url_path $path_url) - # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_print_info "Storing installation settings..." +ynh_script_progression --message="Storing installation settings..." --weight=2 -ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app path $path_url +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url #================================================= # STANDARD MODIFICATIONS #================================================= # CREATE A MYSQL DATABASE #================================================= -ynh_print_info "Creating a MySQL database..." +ynh_script_progression --message="Creating a MySQL database..." db_name=$(ynh_sanitize_dbid $app) -ynh_app_setting_set $app db_name $db_name -ynh_mysql_setup_db $db_name $db_name +ynh_app_setting_set --app=$app --key=db_name --value=$db_name +ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_print_info "Setting up source files..." +ynh_script_progression --message="Setting up source files..." --weight=8 -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_print_info "Configuring nginx web server..." +ynh_script_progression --message="Configuring nginx web server..." # Create a dedicated nginx config ynh_add_nginx_config @@ -79,15 +76,15 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_print_info "Configuring system user..." +ynh_script_progression --message="Configuring system user..." --weight=3 # Create a system user -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Configuring php-fpm..." +ynh_script_progression --message="Configuring php-fpm..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -97,9 +94,9 @@ ynh_add_fpm_config #================================================= # INITIALIZE DATABASE #================================================= -ynh_print_info "Configuring baikal..." +ynh_script_progression --message="Configuring baikal..." --weight=3 -ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ +ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name \ < "${final_path}/Core/Resources/Db/MySQL/db.sql" #================================================= @@ -109,29 +106,29 @@ ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ bk_conf="${final_path}/Specific/config.php" cp ../conf/config.php "$bk_conf" -ynh_replace_string "__TIMEZONE__" "$(cat /etc/timezone)" "$bk_conf" +ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf" # Create admin password hash password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) -ynh_replace_string "__PASSWORDHASH__" "${password_hash}" "$bk_conf" -ynh_app_setting_set $app password_hash $password_hash +ynh_replace_string --match_string="__PASSWORDHASH__" --replace_string="${password_hash}" --target_file="$bk_conf" +ynh_app_setting_set --app=$app --key=password_hash --value=$password_hash # Store the config file checksum into the app settings -ynh_store_file_checksum "$bk_conf" +ynh_store_file_checksum --file="$bk_conf" bk_conf="${final_path}/Specific/config.system.php" cp ../conf/config.system.php "$bk_conf" -ynh_replace_string "__PATH__" "$path_url" "$bk_conf" -ynh_replace_string "__DBNAME__" "$db_name" "$bk_conf" -ynh_replace_string "__DBUSER__" "$db_name" "$bk_conf" -ynh_replace_string "__DBPASS__" "$db_pwd" "$bk_conf" +ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$bk_conf" +ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" +ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" +ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf" deskey=$(ynh_string_random 24) -ynh_app_setting_set $app encrypt_key "$deskey" -ynh_replace_string "__DESKEY__" "$deskey" "$bk_conf" +ynh_app_setting_set --app=$app --key=encrypt_key --value="$deskey" +ynh_replace_string --match_string="__DESKEY__" --replace_string="$deskey" --target_file="$bk_conf" # Store the config file checksum into the app settings -ynh_store_file_checksum "$bk_conf" +ynh_store_file_checksum --file="$bk_conf" # Disable installation touch "${final_path}/Specific/INSTALL_DISABLED" @@ -150,22 +147,22 @@ chmod 640 "$final_path/Specific/"{config.php,config.system.php} #================================================= # SETUP SSOWAT #================================================= -ynh_print_info "Configuring SSOwat..." +ynh_script_progression --message="Configuring SSOwat..." --weight=2 # Allow public access on / -ynh_app_setting_set $app skipped_uris "/" +ynh_app_setting_set --app=$app --key=skipped_uris --value="/" # But restrain on /admin -ynh_app_setting_set $app protected_uris "/admin/" +ynh_app_setting_set --app=$app --key=protected_uris --value="/admin/" #================================================= # RELOAD NGINX #================================================= -ynh_print_info "Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Installation of $app completed" +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index f9e41eb..4d54f9a 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,36 +12,36 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -db_name=$(ynh_app_setting_get $app db_name) -final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE #================================================= # REMOVE THE MYSQL DATABASE #================================================= -ynh_print_info "Removing the MySQL database" +ynh_script_progression --message="Removing the MySQL database" --weight=2 # Remove a database if it exists, along with the associated user -ynh_mysql_remove_db $db_name $db_name +ynh_mysql_remove_db --db_user=$db_name --db_name=$db_name #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_print_info "Removing app main directory" +ynh_script_progression --message="Removing app main directory" # Remove the app directory securely -ynh_secure_remove "$final_path" +ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_print_info "Removing nginx web server configuration" +ynh_script_progression --message="Removing nginx web server configuration" # Remove the dedicated nginx config ynh_remove_nginx_config @@ -49,7 +49,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Removing php-fpm configuration" +ynh_script_progression --message="Removing php-fpm configuration" # Remove the dedicated php-fpm config ynh_remove_fpm_config @@ -59,13 +59,13 @@ ynh_remove_fpm_config #================================================= # REMOVE DEDICATED USER #================================================= -ynh_print_info "Removing the dedicated system user" +ynh_script_progression --message="Removing the dedicated system user" # Delete a system user -ynh_system_user_delete $app +ynh_system_user_delete --username=$app #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Removal of $app completed" +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 02cc555..686f8b0 100644 --- a/scripts/restore +++ b/scripts/restore @@ -19,24 +19,24 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading settings..." +ynh_script_progression --message="Loading settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -final_path=$(ynh_app_setting_get $app final_path) -db_name=$(ynh_app_setting_get $app db_name) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_print_info "Validating restoration parameters..." +ynh_script_progression --message="Validating restoration parameters..." --weight=2 -ynh_webpath_available $domain $path_url \ - || ynh_die "Path not available: ${domain}${path_url}" +ynh_webpath_available --domain=$domain --path_url=$path_url \ + || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ - || ynh_die "There is already a directory: $final_path " + || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS @@ -44,31 +44,31 @@ test ! -d $final_path \ # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_print_info "Restoring the app main directory..." +ynh_script_progression --message="Restoring the app main directory..." -ynh_restore_file "$final_path" +ynh_restore_file --origin_path="$final_path" #================================================= # RESTORE THE MYSQL DATABASE #================================================= -ynh_print_info "Restoring the MySQL database..." +ynh_script_progression --message="Restoring the MySQL database..." --weight=2 -db_pwd=$(ynh_app_setting_get $app mysqlpwd) -ynh_mysql_setup_db $db_name $db_name $db_pwd -ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd +ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ./db.sql #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_print_info "Recreating the dedicated system user..." +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 # Create the dedicated user (if not existing) -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # RESTORE USER RIGHTS @@ -82,20 +82,20 @@ chown $app "$final_path/Specific/"{config.php,config.system.php} # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_print_info "Reloading nginx web server and php-fpm..." +ynh_script_progression --message="Reloading nginx web server and php-fpm..." -systemctl reload php7.0-fpm -systemctl reload nginx +ynh_systemd_action --service_name=php7.0-fpm --action=reload +ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Restoration completed for $app" +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index e60c547..4d510df 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,36 +12,42 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." --weight=2 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -final_path=$(ynh_app_setting_get $app final_path) -db_name=$(ynh_app_setting_get $app db_name) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) + +#================================================= +# CHECK VERSION +#================================================= + +upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_print_info "Ensuring downward compatibility..." +ynh_script_progression --message="Ensuring downward compatibility..." # If final_path doesn't exist, create it -if [ -z $final_path ]; then +if [ -z "$final_path" ]; then final_path=/var/www/$app - ynh_app_setting_set $app final_path $final_path + ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi # If db_name doesn't exist, create it -if [ -z $db_name ]; then - db_name=$(ynh_sanitize_dbid $app) - ynh_app_setting_set $app db_name $db_name +if [ -z "$db_name" ]; then + db_name=$(ynh_sanitize_dbid --db_name=$app) + ynh_app_setting_set --app=$app --key=db_name --value=$db_name fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_print_info "Backing up the app before upgrading (may take a while)..." +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4 # Backup the current version of the app ynh_backup_before_upgrade @@ -57,22 +63,26 @@ ynh_abort_if_errors #================================================= # Normalize the URL path syntax -path_url=$(ynh_normalize_url_path $path_url) +path_url=$(ynh_normalize_url_path --path_url=$path_url) #================================================= # STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_print_info "Upgrading source files..." -# Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=3 + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" +fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_print_info "Upgrading nginx web server configuration..." +ynh_script_progression --message="Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config @@ -80,15 +90,15 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_print_info "Making sure dedicated system user exists..." +ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Upgrading php-fpm configuration..." +ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=2 # Create a dedicated php-fpm config ynh_add_fpm_config @@ -98,59 +108,63 @@ ynh_add_fpm_config #================================================= # UPGRADE BAIKAL #================================================= -ynh_print_info "Upgrading baikal..." -# Run Baikal upgrade -php "${final_path}/bin/upgrade.sh" +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading baikal..." -# Cleanup old baikal-admin sessions -# since we may have changed owner of the session file -grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php/sessions | xargs rm -f + # Run Baikal upgrade + php "${final_path}/bin/upgrade.sh" -#================================================= -# UPGRADE BAIKAL CONFIGURATION -#================================================= -ynh_print_info "Upgrading baikal configuration..." + # Cleanup old baikal-admin sessions + # since we may have changed owner of the session file + grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php/sessions | xargs rm -f -bk_conf="${final_path}/Specific/config.php" + #================================================= + # UPGRADE BAIKAL CONFIGURATION + #================================================= + ynh_script_progression --message="Upgrading baikal configuration..." --weight=2 -# Verify the checksum and backup the file if it's different -ynh_backup_if_checksum_is_different "$bk_conf" + bk_conf="${final_path}/Specific/config.php" -cp ../conf/config.php "$bk_conf" + # Verify the checksum and backup the file if it's different + ynh_backup_if_checksum_is_different --file="$bk_conf" -ynh_replace_string "__TIMEZONE__" "$(cat /etc/timezone)" "$bk_conf" + cp ../conf/config.php "$bk_conf" -password_hash=$(ynh_app_setting_get $app password_hash) -# If the password_hash is not in the app's config, recreate it from the password. -if [ -z "$password_hash" ]; then - password=$(ynh_app_setting_get $app password) - password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) - ynh_app_setting_set $app password_hash $password_hash + ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf" + + password_hash=$(ynh_app_setting_get $app password_hash) + # If the password_hash is not in the app's config, recreate it from the password. + if [ -z "$password_hash" ]; then + password=$(ynh_app_setting_get --app=$app --key=password) + password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) + ynh_app_setting_set --app=$app --key=password_hash --value=$password_hash + fi + ynh_replace_string --match_string="__PASSWORDHASH__" --replace_string="${password_hash}" --target_file="$bk_conf" + + # Store the config file checksum into the app settings + ynh_store_file_checksum --file="$bk_conf" + + bk_conf="${final_path}/Specific/config.system.php" + + # Verify the checksum and backup the file if it's different + ynh_backup_if_checksum_is_different --file="$bk_conf" + + cp ../conf/config.system.php "$bk_conf" + + ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$bk_conf" + ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" + ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" + db_pwd=$(ynh_app_setting_get $app mysqlpwd) + ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf" + + deskey=$(ynh_app_setting_get $app deskey) + ynh_replace_string --match_string="__DESKEY__" --replace_string="$deskey" --target_file="$bk_conf" + + # Store the config file checksum into the app settings + ynh_store_file_checksum --file="$bk_conf" fi -ynh_replace_string "__PASSWORDHASH__" "${password_hash}" "$bk_conf" - -# Store the config file checksum into the app settings -ynh_store_file_checksum "$bk_conf" - -bk_conf="${final_path}/Specific/config.system.php" - -# Verify the checksum and backup the file if it's different -ynh_backup_if_checksum_is_different "$bk_conf" - -cp ../conf/config.system.php "$bk_conf" - -ynh_replace_string "__PATH__" "$path_url" "$bk_conf" -ynh_replace_string "__DBNAME__" "$db_name" "$bk_conf" -ynh_replace_string "__DBUSER__" "$db_name" "$bk_conf" -db_pwd=$(ynh_app_setting_get $app mysqlpwd) -ynh_replace_string "__DBPASS__" "$db_pwd" "$bk_conf" - -deskey=$(ynh_app_setting_get $app deskey) -ynh_replace_string "__DESKEY__" "$deskey" "$bk_conf" - -# Store the config file checksum into the app settings -ynh_store_file_checksum "$bk_conf" #================================================= # GENERIC FINALIZATION @@ -166,22 +180,22 @@ chmod 640 "$final_path/Specific/"{config.php,config.system.php} #================================================= # SETUP SSOWAT #================================================= -ynh_print_info "Upgrading SSOwat configuration..." +ynh_script_progression --message="Configuring SSOwat..." --weight=2 # Allow public access on / -ynh_app_setting_set $app skipped_uris "/" +ynh_app_setting_set --app=$app --key=skipped_uris --value="/" # But restrain on /admin -ynh_app_setting_set $app protected_uris "/admin/" +ynh_app_setting_set --app=$app --key=protected_uris --value="/admin/" #================================================= # RELOAD NGINX #================================================= -ynh_print_info "Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Upgrade of $app completed" +ynh_script_progression --message="Upgrade of $app completed" --last From b68fbc83416d5fd6eec7aaaed26d0496bcf5e11d Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Mon, 6 May 2019 14:11:30 +0200 Subject: [PATCH 27/53] Require ynh 3.5 --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 2e9cf5f..c491438 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "julien.malik@paraiso.me" }, "requirements": { - "yunohost": ">= 3.2.0" + "yunohost": ">= 3.5.0" }, "multi_instance": false, "services": [ From c1e124f00f3e94a1e628163943db010972ca9c74 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Mon, 6 May 2019 14:11:47 +0200 Subject: [PATCH 28/53] Require ynh 3.5 --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 2e9cf5f..c491438 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "julien.malik@paraiso.me" }, "requirements": { - "yunohost": ">= 3.2.0" + "yunohost": ">= 3.5.0" }, "multi_instance": false, "services": [ From 7960d347424cb1cb931c91f2628dd829288184e1 Mon Sep 17 00:00:00 2001 From: optikfluffel Date: Thu, 16 May 2019 14:43:08 +0200 Subject: [PATCH 29/53] bump baikal to 0.5.3 --- README.md | 2 +- conf/app.src | 4 ++-- conf/config.system.php | 2 +- manifest.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index defaf4b..f2bea50 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to [Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on sabre/dav, that includes an administration interface for easy management. -**Shipped version:** 0.4.6 +**Shipped version:** 0.5.3 ## Screenshots diff --git a/conf/app.src b/conf/app.src index f26db38..f07f48a 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/fruux/Baikal/releases/download/0.4.6/baikal-0.4.6.zip -SOURCE_SUM=946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6 +SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.5.3/baikal-0.5.3.zip +SOURCE_SUM=11e6971a3cdc4c0cfc36e82498809162b5a6cfb67545f0dbc5b9d9e0c28c93c0 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/conf/config.system.php b/conf/config.system.php index 9b0be7c..2399d76 100644 --- a/conf/config.system.php +++ b/conf/config.system.php @@ -69,4 +69,4 @@ define("PROJECT_DB_MYSQL_PASSWORD", '__DBPASS__'); define("BAIKAL_ENCRYPTION_KEY", '__DESKEY__'); # The currently configured Baïkal version -define("BAIKAL_CONFIGURED_VERSION", '0.4.6'); +define("BAIKAL_CONFIGURED_VERSION", '0.5.3'); diff --git a/manifest.json b/manifest.json index 2e9cf5f..8e7dc38 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Lightweight CalDAV+CardDAV server", "fr": "Serveur CalDAV+CardDAV léger" }, - "version": "0.4.6~ynh1", + "version": "0.5.3~ynh1", "url": "http://baikal-server.com/", "license": "GPL-3.0", "maintainer": { From c4b5736a7839906618de490e9173cb8c30fe69f6 Mon Sep 17 00:00:00 2001 From: optikfluffel Date: Thu, 16 May 2019 15:18:08 +0200 Subject: [PATCH 30/53] update patch --- sources/patches/app-add-ldap-auth.patch | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sources/patches/app-add-ldap-auth.patch b/sources/patches/app-add-ldap-auth.patch index 61dcc21..9872571 100644 --- a/sources/patches/app-add-ldap-auth.patch +++ b/sources/patches/app-add-ldap-auth.patch @@ -1,18 +1,18 @@ diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php -index 8026854..8d306fe 100644 +index 957cac3..fcc2e3c 100644 --- a/Core/Frameworks/Baikal/Core/Server.php +++ b/Core/Frameworks/Baikal/Core/Server.php @@ -133,6 +133,8 @@ class Server { if ($this->authType === 'Basic') { $authBackend = new \Baikal\Core\PDOBasicAuth($this->pdo, $this->authRealm); -+ } elseif ($this->authType === 'LDAP-UserBind') { ++ } elseif ($this->authType === 'LDAP-UserBind') { + $authBackend = new \Baikal\Core\LDAPUserBindAuth($this->pdo, $this->authRealm); } else { $authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo); $authBackend->setRealm($this->authRealm); diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php -index 6107377..39f90bd 100644 +index 2e07f44..948b5be 100644 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php @@ -46,6 +46,22 @@ class Standard extends \Baikal\Model\Config { @@ -53,8 +53,8 @@ index 6107377..39f90bd 100644 $oMorpho->add(new \Formal\Element\Listbox([ "prop" => "BAIKAL_DAV_AUTH_TYPE", "label" => "WebDAV authentication type", -- "options" => [ "Digest", "Basic" ] -+ "options" => [ "Digest", "Basic", "LDAP-UserBind" ] +- "options" => ["Digest", "Basic"] ++ "options" => ["Digest", "Basic", "LDAP-UserBind"] + ])); + + $oMorpho->add(new \Formal\Element\Text([ From a6eed21f1a3632b7fa5db70225a917e77c5043fe Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 17 May 2019 12:02:00 +0200 Subject: [PATCH 31/53] Upgrade package version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index c491438..54d4811 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Lightweight CalDAV+CardDAV server", "fr": "Serveur CalDAV+CardDAV léger" }, - "version": "0.4.6~ynh1", + "version": "0.4.6~ynh2", "url": "http://baikal-server.com/", "license": "GPL-3.0", "maintainer": { From c0770374f0eecf668ac37e60502e40176626f580 Mon Sep 17 00:00:00 2001 From: kay0u Date: Sat, 13 Jul 2019 14:39:42 +0200 Subject: [PATCH 32/53] Install dependencies --- scripts/_common.sh | 7 +++++++ scripts/install | 7 +++++++ scripts/restore | 7 +++++++ scripts/upgrade | 7 +++++++ 4 files changed, 28 insertions(+) diff --git a/scripts/_common.sh b/scripts/_common.sh index 0a018dc..93323b9 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,5 +1,12 @@ #!/bin/bash +#================================================= +# COMMON VARIABLES +#================================================= + +# dependencies used by the app +pkg_dependencies="php-xml php-mbstring php-mysql" + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/install b/scripts/install index aad55d3..083dfcf 100644 --- a/scripts/install +++ b/scripts/install @@ -53,6 +53,13 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url #================================================= # STANDARD MODIFICATIONS +#================================================= +# INSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Installing dependencies..." --time --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + #================================================= # CREATE A MYSQL DATABASE #================================================= diff --git a/scripts/restore b/scripts/restore index ea0a26f..3c43c5f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -46,6 +46,13 @@ fi #================================================= # STANDARD RESTORATION STEPS +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 4d510df..5e55e3f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -87,6 +87,13 @@ ynh_script_progression --message="Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --time --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + #================================================= # CREATE DEDICATED USER #================================================= From f72f9a0e86e0125cb1978a954796a469257bcaaa Mon Sep 17 00:00:00 2001 From: Kayou Date: Sat, 13 Jul 2019 16:48:54 +0200 Subject: [PATCH 33/53] source _common.sh --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 5e55e3f..6725b5e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#source _common.sh +source _common.sh source /usr/share/yunohost/helpers #================================================= From 2270f14e258cee275eff4cc0e03498113e2b9443 Mon Sep 17 00:00:00 2001 From: kay0u Date: Sat, 13 Jul 2019 17:55:53 +0200 Subject: [PATCH 34/53] Update times --- scripts/install | 2 +- scripts/restore | 2 +- scripts/upgrade | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 083dfcf..8b145ac 100644 --- a/scripts/install +++ b/scripts/install @@ -56,7 +56,7 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." --time --weight=1 +ynh_script_progression --message="Installing dependencies..." --weight=5 ynh_install_app_dependencies $pkg_dependencies diff --git a/scripts/restore b/scripts/restore index 3c43c5f..9a07854 100644 --- a/scripts/restore +++ b/scripts/restore @@ -49,7 +49,7 @@ fi #================================================= # REINSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1 +ynh_script_progression --message="Reinstalling dependencies..." --weight=5 ynh_install_app_dependencies $pkg_dependencies diff --git a/scripts/upgrade b/scripts/upgrade index 6725b5e..2386a0a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -90,7 +90,7 @@ ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= -ynh_script_progression --message="Upgrading dependencies..." --time --weight=1 +ynh_script_progression --message="Upgrading dependencies..." --weight=5 ynh_install_app_dependencies $pkg_dependencies From cc058649ae5ad4ff8bac3014a7769d67e3f728e2 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 14 Jul 2019 13:10:42 +0200 Subject: [PATCH 35/53] Remove dependencies --- scripts/remove | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/scripts/remove b/scripts/remove index 4d54f9a..2a8974a 100644 --- a/scripts/remove +++ b/scripts/remove @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -# source _common.sh +source _common.sh source /usr/share/yunohost/helpers #================================================= @@ -30,6 +30,14 @@ ynh_script_progression --message="Removing the MySQL database" --weight=2 # Remove a database if it exists, along with the associated user ynh_mysql_remove_db --db_user=$db_name --db_name=$db_name +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." --weight=4 + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + #================================================= # REMOVE APP MAIN DIR #================================================= From 4f48e8ac05796ddf3a2a9e32586142091e8feff6 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sun, 8 Sep 2019 02:08:21 +0200 Subject: [PATCH 36/53] Upgrade to 0.6.0 --- README.md | 2 +- conf/app.src | 4 ++-- conf/config.system.php | 2 +- manifest.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index a587c66..b29635e 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to [Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on sabre/dav, that includes an administration interface for easy management. -**Shipped version:** 0.5.3 +**Shipped version:** 0.6.0 ## Screenshots diff --git a/conf/app.src b/conf/app.src index f07f48a..58ec45d 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.5.3/baikal-0.5.3.zip -SOURCE_SUM=11e6971a3cdc4c0cfc36e82498809162b5a6cfb67545f0dbc5b9d9e0c28c93c0 +SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.6.0/baikal-0.6.0.zip +SOURCE_SUM=eeb5f43edf6b79b08c43274dbe38c29c076eb4a92300be3a20b02929c13088e8 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/conf/config.system.php b/conf/config.system.php index 2399d76..64e7bb2 100644 --- a/conf/config.system.php +++ b/conf/config.system.php @@ -69,4 +69,4 @@ define("PROJECT_DB_MYSQL_PASSWORD", '__DBPASS__'); define("BAIKAL_ENCRYPTION_KEY", '__DESKEY__'); # The currently configured Baïkal version -define("BAIKAL_CONFIGURED_VERSION", '0.5.3'); +define("BAIKAL_CONFIGURED_VERSION", '0.6.0'); diff --git a/manifest.json b/manifest.json index 1e5856c..c4bc55a 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Lightweight CalDAV+CardDAV server", "fr": "Serveur CalDAV+CardDAV léger" }, - "version": "0.5.3~ynh1", + "version": "0.6.0~ynh1", "url": "http://baikal-server.com/", "license": "GPL-3.0", "maintainer": { From 8ab06e7bd0af416da2b922a5d360e43c2577bb10 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 11 Mar 2020 11:35:25 +0100 Subject: [PATCH 37/53] trying to fix ci --- scripts/_common.sh | 8 +++++--- scripts/change_url | 2 +- scripts/install | 2 +- scripts/restore | 2 +- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 93323b9..a10ebe6 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -15,14 +15,16 @@ pkg_dependencies="php-xml php-mbstring php-mysql" # usage: is_url_handled URL is_url_handled() { # Declare an array to define the options of this helper. - declare -Ar args_array=( [u]=url= ) - local url + local legacy_args=dp + declare -Ar args_array=( [d]=domain= [p]=path= ) + local domain + local path # Manage arguments with getopts ynh_handle_getopts_args "$@" # Try to get the url with curl, and keep the http code and an eventual redirection url. local curl_output="$(curl --insecure --silent --output /dev/null \ - --write-out '%{http_code};%{redirect_url}' "$url")" + --write-out '%{http_code};%{redirect_url}' https://127.0.0.1$path --header "Host: $domain")" # Cut the output and keep only the first part to keep the http code local http_code="${curl_output%%;*}" diff --git a/scripts/change_url b/scripts/change_url index 4cb7436..f163eed 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -52,7 +52,7 @@ fi if [ $change_domain -eq 1 ] then # Check if .well-known is available for the new domain. - if is_url_handled "https://$new_domain/.well-known/caldav" || is_url_handled "https://$new_domain/.well-known/carddav" + if is_url_handled "$new_domain" "/.well-known/caldav" || is_url_handled "$new_domain" "/.well-known/carddav" then ynh_die --message="Another app already uses the domain $new_domain to serve a caldav/carddav feature. Please use another domain." fi diff --git a/scripts/install b/scripts/install index 8b145ac..5ed3705 100644 --- a/scripts/install +++ b/scripts/install @@ -38,7 +38,7 @@ test ! -e "$final_path" || ynh_die "This path already contains a folder" ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url # Check if .well-known is available for this domain. -if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" +if is_url_handled "$domain" "/.well-known/caldav" || is_url_handled "$domain" "/.well-known/carddav" then ynh_die --message="Another app already uses the domain $domain to serve a caldav/carddav feature. Please use another domain." fi diff --git a/scripts/restore b/scripts/restore index 9a07854..c289d06 100644 --- a/scripts/restore +++ b/scripts/restore @@ -39,7 +39,7 @@ test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " # Check if .well-known is available for this domain. -if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" +if is_url_handled "$domain" "/.well-known/caldav" || is_url_handled "$domain" "/.well-known/carddav" then ynh_die --message="Another app already uses the domain $domain to serve a caldav/carddav feature. Please use another domain." fi From 12a2e4ef63ecca51c50b4f493c7b6c1e91c4f33c Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 13 Mar 2020 23:01:26 +0100 Subject: [PATCH 38/53] add resolve parameter --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index a10ebe6..903e79a 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -24,7 +24,7 @@ is_url_handled() { # Try to get the url with curl, and keep the http code and an eventual redirection url. local curl_output="$(curl --insecure --silent --output /dev/null \ - --write-out '%{http_code};%{redirect_url}' https://127.0.0.1$path --header "Host: $domain")" + --write-out '%{http_code};%{redirect_url}' https://127.0.0.1$path --header "Host: $domain" --resolve $domain:443:127.0.0.1)" # Cut the output and keep only the first part to keep the http code local http_code="${curl_output%%;*}" From 192e9f2439a4b4ae92c415403c0e69c5ca09d209 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 13 Mar 2020 23:47:28 +0100 Subject: [PATCH 39/53] avoid false modification detecion --- conf/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.php b/conf/config.php index 960773b..06495d5 100644 --- a/conf/config.php +++ b/conf/config.php @@ -59,4 +59,4 @@ define("BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", 'cn'); define("BAIKAL_DAV_LDAP_EMAIL_ATTR", 'mail'); # Baïkal Web admin password hash; Set via Baïkal Web Admin -define("BAIKAL_ADMIN_PASSWORDHASH", '__PASSWORDHASH__'); +define("BAIKAL_ADMIN_PASSWORDHASH", '__PASSWORDHASH__'); \ No newline at end of file From 42432469ddf8c1b56b4726074a39f95c779988d0 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 13 Mar 2020 23:48:46 +0100 Subject: [PATCH 40/53] fix encrypt_key --- scripts/upgrade | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 2386a0a..559facb 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -141,7 +141,7 @@ then ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf" - password_hash=$(ynh_app_setting_get $app password_hash) + password_hash=$(ynh_app_setting_get --app=$app --key=password_hash) # If the password_hash is not in the app's config, recreate it from the password. if [ -z "$password_hash" ]; then password=$(ynh_app_setting_get --app=$app --key=password) @@ -163,10 +163,11 @@ then ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" - db_pwd=$(ynh_app_setting_get $app mysqlpwd) + db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf" - deskey=$(ynh_app_setting_get $app deskey) + + deskey=$(ynh_app_setting_get --app=$app --key=encrypt_key) ynh_replace_string --match_string="__DESKEY__" --replace_string="$deskey" --target_file="$bk_conf" # Store the config file checksum into the app settings From 64bd8a117f4b574de614b0c6b6dafb54c0de9909 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 13 Mar 2020 23:51:18 +0100 Subject: [PATCH 41/53] Keep Specific directory intact --- scripts/upgrade | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 559facb..c598971 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -75,8 +75,16 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=3 + # Keep the Specific folder intact: https://sabre.io/baikal/upgrade/ + temp_folder=$(mktemp -d) + mv "$final_path/Specific" "$temp_folder" # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" + + ynh_secure_remove --file="$final_path/Specific" + + mv "$temp_folder/Specific" "$final_path" + ynh_secure_remove --file="$temp_folder" fi #================================================= From 8daaaaa01c9cd446d5e09bf11ca05fd0f5bf6625 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 13 Mar 2020 23:52:56 +0100 Subject: [PATCH 42/53] 0.6.1 --- README.md | 2 +- conf/app.src | 4 ++-- conf/config.system.php | 2 +- manifest.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b29635e..11cbf39 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to [Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on sabre/dav, that includes an administration interface for easy management. -**Shipped version:** 0.6.0 +**Shipped version:** 0.6.1 ## Screenshots diff --git a/conf/app.src b/conf/app.src index 58ec45d..dc0f4b6 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.6.0/baikal-0.6.0.zip -SOURCE_SUM=eeb5f43edf6b79b08c43274dbe38c29c076eb4a92300be3a20b02929c13088e8 +SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.6.1/baikal-0.6.1.zip +SOURCE_SUM=b3a553591a84f4262a6333cf79a1624e5d424d52c4071c77934b7191f714d757 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/conf/config.system.php b/conf/config.system.php index 64e7bb2..b1ca4bb 100644 --- a/conf/config.system.php +++ b/conf/config.system.php @@ -69,4 +69,4 @@ define("PROJECT_DB_MYSQL_PASSWORD", '__DBPASS__'); define("BAIKAL_ENCRYPTION_KEY", '__DESKEY__'); # The currently configured Baïkal version -define("BAIKAL_CONFIGURED_VERSION", '0.6.0'); +define("BAIKAL_CONFIGURED_VERSION", '0.6.1'); diff --git a/manifest.json b/manifest.json index c4bc55a..49f43ef 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Lightweight CalDAV+CardDAV server", "fr": "Serveur CalDAV+CardDAV léger" }, - "version": "0.6.0~ynh1", + "version": "0.6.1~ynh1", "url": "http://baikal-server.com/", "license": "GPL-3.0", "maintainer": { From ca6db622eb08be3931b64ff728bafb78faa55a26 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sat, 14 Mar 2020 00:25:37 +0100 Subject: [PATCH 43/53] use getops --- scripts/change_url | 2 +- scripts/install | 2 +- scripts/restore | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index f163eed..e80ce8d 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -52,7 +52,7 @@ fi if [ $change_domain -eq 1 ] then # Check if .well-known is available for the new domain. - if is_url_handled "$new_domain" "/.well-known/caldav" || is_url_handled "$new_domain" "/.well-known/carddav" + if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav" then ynh_die --message="Another app already uses the domain $new_domain to serve a caldav/carddav feature. Please use another domain." fi diff --git a/scripts/install b/scripts/install index 5ed3705..d428307 100644 --- a/scripts/install +++ b/scripts/install @@ -38,7 +38,7 @@ test ! -e "$final_path" || ynh_die "This path already contains a folder" ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url # Check if .well-known is available for this domain. -if is_url_handled "$domain" "/.well-known/caldav" || is_url_handled "$domain" "/.well-known/carddav" +if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then ynh_die --message="Another app already uses the domain $domain to serve a caldav/carddav feature. Please use another domain." fi diff --git a/scripts/restore b/scripts/restore index c289d06..930c1b4 100644 --- a/scripts/restore +++ b/scripts/restore @@ -39,7 +39,7 @@ test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " # Check if .well-known is available for this domain. -if is_url_handled "$domain" "/.well-known/caldav" || is_url_handled "$domain" "/.well-known/carddav" +if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then ynh_die --message="Another app already uses the domain $domain to serve a caldav/carddav feature. Please use another domain." fi From 61e002ad775469fe953ab3a18557f828fe32c4bb Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sat, 14 Mar 2020 00:31:36 +0100 Subject: [PATCH 44/53] update comments --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 903e79a..dfc713b 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -12,7 +12,7 @@ pkg_dependencies="php-xml php-mbstring php-mysql" #================================================= # Check if an URL is already handled -# usage: is_url_handled URL +# usage: is_url_handled --domain=DOMAIN --path=PATH_URI is_url_handled() { # Declare an array to define the options of this helper. local legacy_args=dp From 9a83a6ae1f6f7865582adaed394bb0233f161dcb Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 29 Mar 2020 13:40:41 +0200 Subject: [PATCH 45/53] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 11cbf39..3aa6d9f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Baïkal for YunoHost -[![Integration level](https://dash.yunohost.org/integration/baikal.svg)](https://dash.yunohost.org/appci/app/baikal) +[![Integration level](https://dash.yunohost.org/integration/baikal.svg)](https://dash.yunohost.org/appci/app/baikal) ![](https://ci-apps.yunohost.org/ci/badges/baikal.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/baikal.maintain.svg) [![Install Baïkal with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=baikal) > *This package allow you to install Baïkal quickly and simply on a YunoHost server. From 7b43f635e29cd38648e81dbc8044fb325e766850 Mon Sep 17 00:00:00 2001 From: Nicolas Quiniou-Briand Date: Tue, 28 Apr 2020 06:57:35 +0200 Subject: [PATCH 46/53] Add accounts to access demo --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 3aa6d9f..4817dda 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,8 @@ sabre/dav, that includes an administration interface for easy management. ## Demo * [YunoHost demo](https://demo.yunohost.org/baikal/admin/) + * Accounts: + * `demo/demo` then `admin/demo` ## Configuration From 7f7ab5da0a6280fb13e8b22c35db1d2524a6b076 Mon Sep 17 00:00:00 2001 From: nicofrand Date: Thu, 30 Apr 2020 17:30:33 +0200 Subject: [PATCH 47/53] Fix path when app is used on root (sub)domain (fix #33) --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index d428307..62b7247 100644 --- a/scripts/install +++ b/scripts/install @@ -131,7 +131,7 @@ ynh_store_file_checksum --file="$bk_conf" bk_conf="${final_path}/Specific/config.system.php" cp ../conf/config.system.php "$bk_conf" -ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$bk_conf" +ynh_replace_string --match_string="__PATH__" --replace_string="${path_url%/}" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf" diff --git a/scripts/upgrade b/scripts/upgrade index c598971..b9495d9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -168,7 +168,7 @@ then cp ../conf/config.system.php "$bk_conf" - ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$bk_conf" + ynh_replace_string --match_string="__PATH__" --replace_string="${path_url%/}" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) From 5a739f9b6df3c538f40ca58845a4e3e237233183 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 15 Sep 2020 10:40:49 +0200 Subject: [PATCH 48/53] Specify the php version --- scripts/_common.sh | 4 +++- scripts/upgrade | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index dfc713b..6eef4b8 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,9 @@ #================================================= # dependencies used by the app -pkg_dependencies="php-xml php-mbstring php-mysql" +YNH_PHP_VERSION="7.3" + +pkg_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-mysql" #================================================= # EXPERIMENTAL HELPERS diff --git a/scripts/upgrade b/scripts/upgrade index b9495d9..a4dcc05 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -94,6 +94,7 @@ ynh_script_progression --message="Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # UPGRADE DEPENDENCIES @@ -129,7 +130,7 @@ then ynh_script_progression --message="Upgrading baikal..." # Run Baikal upgrade - php "${final_path}/bin/upgrade.sh" + php"${phpversion}" "${final_path}/bin/upgrade.sh" # Cleanup old baikal-admin sessions # since we may have changed owner of the session file From bb30f9d7e4569bc88e400e6c4690fcedf3f1cb02 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 15 Sep 2020 15:44:17 +0200 Subject: [PATCH 49/53] Upgrade to 0.7.1 --- README.md | 2 +- conf/app.src | 4 +- conf/baikal.yaml | 29 ++++++++ conf/config.php | 62 ---------------- conf/config.system.php | 72 ------------------- manifest.json | 2 +- scripts/backup | 3 +- scripts/change_url | 6 +- scripts/install | 16 ++--- scripts/restore | 8 ++- scripts/upgrade | 54 +++++++------- .../Baikal/Core/LDAPUserBindAuth.php | 18 +++-- sources/extra_files/app/bin/upgrade.sh | 20 +++--- sources/patches/app-add-ldap-auth.patch | 72 +++++++------------ 14 files changed, 122 insertions(+), 246 deletions(-) create mode 100644 conf/baikal.yaml delete mode 100644 conf/config.php delete mode 100644 conf/config.system.php diff --git a/README.md b/README.md index 4817dda..ed6fd97 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to [Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on sabre/dav, that includes an administration interface for easy management. -**Shipped version:** 0.6.1 +**Shipped version:** 0.7.1 ## Screenshots diff --git a/conf/app.src b/conf/app.src index dc0f4b6..7eb737e 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.6.1/baikal-0.6.1.zip -SOURCE_SUM=b3a553591a84f4262a6333cf79a1624e5d424d52c4071c77934b7191f714d757 +SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.7.1/baikal-0.7.1.zip +SOURCE_SUM=dade7d8dd740ed66f6d87368a6ceff845938ba57d7f45063f8b9cea6278c1c0a SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/conf/baikal.yaml b/conf/baikal.yaml new file mode 100644 index 0000000..47135ed --- /dev/null +++ b/conf/baikal.yaml @@ -0,0 +1,29 @@ +system: + configured_version: '0.7.1' + timezone: '__TIMEZONE__' + card_enabled: true + cal_enabled: true + invite_from: 'noreply@localhost' + dav_auth_type: 'LDAP-UserBind' + admin_passwordhash: __PASSWORDHASH__ + auth_realm: BaikalDAV + base_uri: '__PATH__' +# Auth Backend LDAP-UserBind; LDAP URI + dav_ldap_uri: 'ldap://127.0.0.1/' +# Auth Backend LDAP-UserBind; Template for userbind +# %n => username +# %u => user part of username when it is an email +# %u => domain part of username when it is an email + dav_ldap_dn_template: 'uid=%n,ou=users,dc=yunohost,dc=org' +# Auth Backend LDAP-UserBind; attribute for displayname + dav_ldap_displayname_attr: 'cn' +# Auth Backend LDAP-UserBind; attribute for email + dav_ldap_email_attr: 'mail' +database: + encryption_key: '__DESKEY__' + sqlite_file: "absolute/path/to/Specific/db/db.sqlite" + mysql: true + mysql_host: 'localhost' + mysql_dbname: '__DBNAME__' + mysql_username: '__DBUSER__' + mysql_password: '__DBPASS__' diff --git a/conf/config.php b/conf/config.php deleted file mode 100644 index 06495d5..0000000 --- a/conf/config.php +++ /dev/null @@ -1,62 +0,0 @@ - -# All rights reserved -# -# http://baikal-server.com -# -# This script is part of the Baïkal Server project. The Baïkal -# Server project is free software; you can redistribute it -# and/or modify it under the terms of the GNU General Public -# License as published by the Free Software Foundation; either -# version 2 of the License, or (at your option) any later version. -# -# The GNU General Public License can be found at -# http://www.gnu.org/copyleft/gpl.html. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# This copyright notice MUST APPEAR in all copies of the script! -# -############################################################################## - -############################################################################## -# Required configuration -# You *have* to review these settings for Baïkal to run properly -# - -# Timezone of your users, if unsure, check http://en.wikipedia.org/wiki/List_of_tz_database_time_zones -define("PROJECT_TIMEZONE", '__TIMEZONE__'); - -# CardDAV ON/OFF switch; default TRUE -define("BAIKAL_CARD_ENABLED", TRUE); - -# CalDAV ON/OFF switch; default TRUE -define("BAIKAL_CAL_ENABLED", TRUE); - -# WebDAV authentication type; default Digest -define("BAIKAL_DAV_AUTH_TYPE", 'LDAP-UserBind'); - -# Auth Backend LDAP-UserBind; LDAP URI -define("BAIKAL_DAV_LDAP_URI", 'ldap://127.0.0.1/'); - -# Auth Backend LDAP-UserBind; Template for userbind -# %n => username -# %u => user part of username when it is an email -# %u => domain part of username when it is an email -define("BAIKAL_DAV_LDAP_DN_TEMPLATE", 'uid=%n,ou=users,dc=yunohost,dc=org'); - -# Auth Backend LDAP-UserBind; attribute for displayname -define("BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", 'cn'); - -# Auth Backend LDAP-UserBind; attribute for email -define("BAIKAL_DAV_LDAP_EMAIL_ATTR", 'mail'); - -# Baïkal Web admin password hash; Set via Baïkal Web Admin -define("BAIKAL_ADMIN_PASSWORDHASH", '__PASSWORDHASH__'); \ No newline at end of file diff --git a/conf/config.system.php b/conf/config.system.php deleted file mode 100644 index b1ca4bb..0000000 --- a/conf/config.system.php +++ /dev/null @@ -1,72 +0,0 @@ - -# All rights reserved -# -# http://baikal-server.com -# -# This script is part of the Baïkal Server project. The Baïkal -# Server project is free software; you can redistribute it -# and/or modify it under the terms of the GNU General Public -# License as published by the Free Software Foundation; either -# version 2 of the License, or (at your option) any later version. -# -# The GNU General Public License can be found at -# http://www.gnu.org/copyleft/gpl.html. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# This copyright notice MUST APPEAR in all copies of the script! -# -############################################################################## - -############################################################################## -# System configuration -# Should not be changed, unless YNWYD -# -# RULES -# 0. All folder pathes *must* be suffixed by "/" -# 1. All URIs *must* be suffixed by "/" if pointing to a folder -# - -# If you change this value, you'll have to re-generate passwords for all your users -define("BAIKAL_AUTH_REALM", 'BaikalDAV'); - -# Should begin and end with a "/" -define("BAIKAL_CARD_BASEURI", "__PATH__/card.php/"); - -# Should begin and end with a "/" -define("BAIKAL_CAL_BASEURI", "__PATH__/cal.php/"); - -# Should begin and end with a "/" -define("BAIKAL_DAV_BASEURI", "__PATH__/dav.php/"); - -# Define path to Baïkal Database SQLite file -define("PROJECT_SQLITE_FILE", PROJECT_PATH_SPECIFIC . "db/db.sqlite"); - -# MySQL > Use MySQL instead of SQLite ? -define("PROJECT_DB_MYSQL", TRUE); - -# MySQL > Host, including ':portnumber' if port is not the default one (3306) -define("PROJECT_DB_MYSQL_HOST", 'localhost'); - -# MySQL > Database name -define("PROJECT_DB_MYSQL_DBNAME", '__DBNAME__'); - -# MySQL > Username -define("PROJECT_DB_MYSQL_USERNAME", '__DBUSER__'); - -# MySQL > Password -define("PROJECT_DB_MYSQL_PASSWORD", '__DBPASS__'); - -# A random 32 bytes key that will be used to encrypt data -define("BAIKAL_ENCRYPTION_KEY", '__DESKEY__'); - -# The currently configured Baïkal version -define("BAIKAL_CONFIGURED_VERSION", '0.6.1'); diff --git a/manifest.json b/manifest.json index 49f43ef..ba00e60 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Lightweight CalDAV+CardDAV server", "fr": "Serveur CalDAV+CardDAV léger" }, - "version": "0.6.1~ynh1", + "version": "0.7.1~ynh1", "url": "http://baikal-server.com/", "license": "GPL-3.0", "maintainer": { diff --git a/scripts/backup b/scripts/backup index a9a89a1..8f642f0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -26,6 +26,7 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # STANDARD BACKUP STEPS @@ -48,7 +49,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= ynh_script_progression --message="Backing up php-fpm configuration..." -ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE diff --git a/scripts/change_url b/scripts/change_url index e80ce8d..eefd59f 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -96,7 +96,11 @@ fi #================================================= ynh_script_progression --message="Updating baikal configuration..." -ynh_replace_string --match_string="_BASEURI\", \"$old_path" --replace_string="_BASEURI\", \"$new_path" --target_file="${final_path}/Specific/config.system.php" +ynh_backup_if_checksum_is_different --file="${final_path}/config/baikal.yaml" + +ynh_replace_string --match_string="base_uri: '$old_path'" --replace_string="base_uri: '$new_path'" --target_file="${final_path}/config/baikal.yaml" + +ynh_store_file_checksum --file="${final_path}/config/baikal.yaml" #================================================= # GENERIC FINALISATION diff --git a/scripts/install b/scripts/install index 62b7247..d43be25 100644 --- a/scripts/install +++ b/scripts/install @@ -116,21 +116,15 @@ ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name \ # CONFIGURE BAIKAL #================================================= -bk_conf="${final_path}/Specific/config.php" -cp ../conf/config.php "$bk_conf" +bk_conf="${final_path}/config/baikal.yaml" +cp ../conf/baikal.yaml "$bk_conf" ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf" # Create admin password hash -password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) +password_hash=$(echo -n admin:BaikalDAV:$password | sha256sum | cut -d ' ' -f 1) ynh_replace_string --match_string="__PASSWORDHASH__" --replace_string="${password_hash}" --target_file="$bk_conf" ynh_app_setting_set --app=$app --key=password_hash --value=$password_hash -# Store the config file checksum into the app settings -ynh_store_file_checksum --file="$bk_conf" - -bk_conf="${final_path}/Specific/config.system.php" -cp ../conf/config.system.php "$bk_conf" - ynh_replace_string --match_string="__PATH__" --replace_string="${path_url%/}" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" @@ -154,8 +148,8 @@ touch "${final_path}/Specific/INSTALL_DISABLED" # Set permissions chown -R root: "$final_path" -chown $app "$final_path/Specific/"{config.php,config.system.php} -chmod 640 "$final_path/Specific/"{config.php,config.system.php} +chown $app "$final_path/config/baikal.yaml" +chmod 640 "$final_path/config/baikal.yaml" #================================================= # SETUP SSOWAT diff --git a/scripts/restore b/scripts/restore index 930c1b4..fc9e81e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -27,6 +27,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -89,13 +90,14 @@ ynh_system_user_create --username=$app # Set permissions chown -R root: "$final_path" -chown $app "$final_path/Specific/"{config.php,config.system.php} +chown $app "$final_path/config/baikal.yaml" +chmod 640 "$final_path/config/baikal.yaml" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # GENERIC FINALIZATION @@ -104,7 +106,7 @@ ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= ynh_script_progression --message="Reloading nginx web server and php-fpm..." -ynh_systemd_action --service_name=php7.0-fpm --action=reload +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index a4dcc05..0983311 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -75,15 +75,19 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=3 - # Keep the Specific folder intact: https://sabre.io/baikal/upgrade/ + # Keep the Specific and config folders intact: https://sabre.io/baikal/upgrade/ + mkdir -p "$final_path/config" temp_folder=$(mktemp -d) mv "$final_path/Specific" "$temp_folder" + mv "$final_path/config" "$temp_folder" # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" ynh_secure_remove --file="$final_path/Specific" + ynh_secure_remove --file="$final_path/config" mv "$temp_folder/Specific" "$final_path" + mv "$temp_folder/config" "$final_path" ynh_secure_remove --file="$temp_folder" fi @@ -127,29 +131,16 @@ ynh_add_fpm_config if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading baikal..." - - # Run Baikal upgrade - php"${phpversion}" "${final_path}/bin/upgrade.sh" - - # Cleanup old baikal-admin sessions - # since we may have changed owner of the session file - grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php/sessions | xargs rm -f - #================================================= # UPGRADE BAIKAL CONFIGURATION #================================================= ynh_script_progression --message="Upgrading baikal configuration..." --weight=2 - bk_conf="${final_path}/Specific/config.php" - - # Verify the checksum and backup the file if it's different + bk_conf="${final_path}/config/baikal.yaml" ynh_backup_if_checksum_is_different --file="$bk_conf" - - cp ../conf/config.php "$bk_conf" + cp ../conf/baikal.yaml "$bk_conf" ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf" - password_hash=$(ynh_app_setting_get --app=$app --key=password_hash) # If the password_hash is not in the app's config, recreate it from the password. if [ -z "$password_hash" ]; then @@ -159,28 +150,33 @@ then fi ynh_replace_string --match_string="__PASSWORDHASH__" --replace_string="${password_hash}" --target_file="$bk_conf" - # Store the config file checksum into the app settings - ynh_store_file_checksum --file="$bk_conf" - - bk_conf="${final_path}/Specific/config.system.php" - - # Verify the checksum and backup the file if it's different - ynh_backup_if_checksum_is_different --file="$bk_conf" - - cp ../conf/config.system.php "$bk_conf" - ynh_replace_string --match_string="__PATH__" --replace_string="${path_url%/}" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf" - deskey=$(ynh_app_setting_get --app=$app --key=encrypt_key) + ynh_app_setting_set --app=$app --key=encrypt_key --value="$deskey" ynh_replace_string --match_string="__DESKEY__" --replace_string="$deskey" --target_file="$bk_conf" + #================================================= + # UPGRADE BAIKAL + #================================================= + ynh_script_progression --message="Upgrading baikal..." + + # Run Baikal upgrade + php"${phpversion}" "${final_path}/bin/upgrade.sh" + + # Cleanup old baikal-admin sessions + # since we may have changed owner of the session file + grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php/sessions | xargs rm -f + # Store the config file checksum into the app settings ynh_store_file_checksum --file="$bk_conf" + # Remove checksums of old files + ynh_delete_file_checksum --file="${final_path}/Specific/config.php" + ynh_delete_file_checksum --file="${final_path}/Specific/config.system.php" fi #================================================= @@ -191,8 +187,8 @@ fi # Set permissions chown -R root: "$final_path" -chown $app "$final_path/Specific/"{config.php,config.system.php} -chmod 640 "$final_path/Specific/"{config.php,config.system.php} +chown $app "$final_path/config/baikal.yaml" +chmod 640 "$final_path/config/baikal.yaml" #================================================= # SETUP SSOWAT diff --git a/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php b/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php index c491d8d..d558a78 100644 --- a/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php +++ b/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php @@ -1,6 +1,7 @@ accountValues = array(); - $sr = ldap_read($conn, $dn, '(objectclass=*)', array(BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR, BAIKAL_DAV_LDAP_EMAIL_ATTR)); + $dav_ldap_displayname_attr = $config['system']['dav_ldap_displayname_attr']; + $dav_ldap_email_attr = $config['system']['dav_ldap_email_attr']; + $sr = ldap_read($conn, $dn, '(objectclass=*)', array($dav_ldap_displayname_attr, $dav_ldap_email_attr)); $entry = ldap_get_entries($conn, $sr); - if (isset($entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0])) - $this->accountValues['displayname'] = $entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0]; - if (isset($entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0])) - $this->accountValues['email'] = $entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0]; + if (isset($entry[0][$dav_ldap_displayname_attr][0])) + $this->accountValues['displayname'] = $entry[0][$dav_ldap_displayname_attr][0]; + if (isset($entry[0][$dav_ldap_email_attr][0])) + $this->accountValues['email'] = $entry[0][$dav_ldap_email_attr][0]; /* close */ ldap_close($conn); diff --git a/sources/extra_files/app/bin/upgrade.sh b/sources/extra_files/app/bin/upgrade.sh index 6468200..b77d96b 100755 --- a/sources/extra_files/app/bin/upgrade.sh +++ b/sources/extra_files/app/bin/upgrade.sh @@ -41,15 +41,22 @@ if (!file_exists(PROJECT_PATH_ROOT . 'vendor/')) { } require PROJECT_PATH_ROOT . "vendor/autoload.php"; +use Symfony\Component\Yaml\Yaml; # Extend VersionUpgrade for cli usage class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade { function run() { - $sBaikalVersion = BAIKAL_VERSION; - $sBaikalConfiguredVersion = BAIKAL_CONFIGURED_VERSION; + try { + $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); + } catch (\Exception $e) { + $this->output('Error reading baikal.yaml file : ' . $e->getMessage()); + } - if (BAIKAL_CONFIGURED_VERSION === BAIKAL_VERSION) { + $sBaikalVersion = BAIKAL_VERSION; + $sBaikalConfiguredVersion = $config['system']['configured_version']; + + if (isset($config['system']['configured_version']) && $sBaikalConfiguredVersion === BAIKAL_VERSION) { $this->output("Baïkal is already configured for version " . $sBaikalVersion); return true; } else { @@ -57,7 +64,7 @@ class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade { } try { - $bSuccess = $this->upgrade(BAIKAL_CONFIGURED_VERSION, BAIKAL_VERSION); + $bSuccess = $this->upgrade($sBaikalConfiguredVersion, BAIKAL_VERSION); } catch (\Exception $e) { $bSuccess = false; $this->output("Uncaught exception during upgrade: " . (string)$e); @@ -88,11 +95,6 @@ class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade { # Bootstrap BaikalAdmin \BaikalAdmin\Framework::bootstrap(); -if (!defined("BAIKAL_CONFIGURED_VERSION") || !defined("BAIKAL_ADMIN_PASSWORDHASH")) { - echo "Baïkal is not properly configured!\n"; - exit(1); -} - # Run the upgrade $oUpgrade = new CLIUpgrade(); if (!$oUpgrade->run()) { diff --git a/sources/patches/app-add-ldap-auth.patch b/sources/patches/app-add-ldap-auth.patch index 9872571..eb51c42 100644 --- a/sources/patches/app-add-ldap-auth.patch +++ b/sources/patches/app-add-ldap-auth.patch @@ -1,5 +1,5 @@ diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php -index 957cac3..fcc2e3c 100644 +index e96fe39..b90b49e 100644 --- a/Core/Frameworks/Baikal/Core/Server.php +++ b/Core/Frameworks/Baikal/Core/Server.php @@ -133,6 +133,8 @@ class Server { @@ -12,58 +12,58 @@ index 957cac3..fcc2e3c 100644 $authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo); $authBackend->setRealm($this->authRealm); diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php -index 2e07f44..948b5be 100644 +index 1ef5a51..32ec217 100644 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php -@@ -46,6 +46,22 @@ class Standard extends \Baikal\Model\Config { +@@ -51,6 +51,22 @@ class Standard extends \Baikal\Model\Config { "type" => "string", "comment" => "HTTP authentication type for WebDAV; default Digest" ], -+ "BAIKAL_DAV_LDAP_URI" => [ ++ "dav_ldap_uri" => [ + "type" => "string", + "comment" => "URI to LDAP Server (for ldap-userbind auth); default ldapi:///" + ], -+ "BAIKAL_DAV_LDAP_DN_TEMPLATE" => [ ++ "dav_ldap_dn_template" => [ + "type" => "string", + "comment" => "User DN for bind; with replacments %n => username, %u => user part, %d => domain part of username" + ], -+ "BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR" => [ ++ "dav_ldap_displayname_attr" => [ + "type" => "string", + "comment" => "LDAP-attribute for displayname; default cn" + ], -+ "BAIKAL_DAV_LDAP_EMAIL_ATTR" => [ ++ "dav_ldap_email_attr" => [ + "type" => "string", + "comment" => "LDAP-attribute for email; default mail" + ], - "BAIKAL_ADMIN_PASSWORDHASH" => [ + "admin_passwordhash" => [ "type" => "string", "comment" => "Baïkal Web admin password hash; Set via Baïkal Web Admin", -@@ -58,6 +74,10 @@ class Standard extends \Baikal\Model\Config { - "BAIKAL_CARD_ENABLED" => true, - "BAIKAL_CAL_ENABLED" => true, - "BAIKAL_DAV_AUTH_TYPE" => "Digest", -+ "BAIKAL_DAV_LDAP_URI" => "ldapi:///", -+ "BAIKAL_DAV_LDAP_DN_TEMPLATE" => "uid=%n,dc=example,dc=com", -+ "BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR" => "cn", -+ "BAIKAL_DAV_LDAP_EMAIL_ATTR" => "mail", - "BAIKAL_ADMIN_PASSWORDHASH" => "" - ]; - -@@ -85,7 +105,31 @@ class Standard extends \Baikal\Model\Config { +@@ -64,6 +80,10 @@ class Standard extends \Baikal\Model\Config { + "card_enabled" => true, + "cal_enabled" => true, + "dav_auth_type" => "Digest", ++ "dav_ldap_uri" => "ldapi:///", ++ "dav_ldap_dn_template" => "uid=%n,dc=example,dc=com", ++ "dav_ldap_displayname_attr" => "cn", ++ "dav_ldap_email_attr" => "mail", + "admin_passwordhash" => "", + "auth_realm" => "BaikalDAV", + "base_uri" => "" +@@ -103,7 +123,31 @@ class Standard extends \Baikal\Model\Config { $oMorpho->add(new \Formal\Element\Listbox([ - "prop" => "BAIKAL_DAV_AUTH_TYPE", + "prop" => "dav_auth_type", "label" => "WebDAV authentication type", - "options" => ["Digest", "Basic"] + "options" => ["Digest", "Basic", "LDAP-UserBind"] + ])); + + $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "BAIKAL_DAV_LDAP_URI", ++ "prop" => "dav_ldap_uri", + "label" => "LDAP URI" + ])); + + $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "BAIKAL_DAV_LDAP_DN_TEMPLATE", ++ "prop" => "dav_ldap_dn_template", + "label" => "LDAP DN template", + "popover" => [ + "title" => "posible placeholder", @@ -72,35 +72,13 @@ index 2e07f44..948b5be 100644 + ])); + + $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", ++ "prop" => "dav_ldap_displayname_attr", + "label" => "LDAP attribute for DisplayName" + ])); + + $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "BAIKAL_DAV_LDAP_EMAIL_ATTR", ++ "prop" => "dav_ldap_email_attr", + "label" => "LDAP attribute for eMail" ])); $oMorpho->add(new \Formal\Element\Password([ -@@ -180,6 +224,21 @@ define("BAIKAL_CAL_ENABLED", TRUE); - # WebDAV authentication type; default Digest - define("BAIKAL_DAV_AUTH_TYPE", "Digest"); - -+# Auth Backend LDAP-UserBind; LDAP URI -+define("BAIKAL_DAV_LDAP_URI", 'ldapi:///'); -+ -+# Auth Backend LDAP-UserBind; Template for userbind -+# %n => username -+# %u => user part of username when it is an email -+# %u => domain part of username when it is an email -+define("BAIKAL_DAV_LDAP_DN_TEMPLATE", 'cn=%u,dc=%d,ou=domains,o=server'); -+ -+# Auth Backend LDAP-UserBind; attribute for displayname -+define("BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", 'cn'); -+ -+# Auth Backend LDAP-UserBind; attribute for email -+define("BAIKAL_DAV_LDAP_EMAIL_ATTR", 'mail'); -+ - # Baïkal Web admin password hash; Set via Baïkal Web Admin - define("BAIKAL_ADMIN_PASSWORDHASH", ""); - CODE; From 04cb7942a80853206e43dfbf8f7939901a7871cd Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 15 Sep 2020 15:44:48 +0200 Subject: [PATCH 50/53] change yunohost requirement --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index ba00e60..f99dab6 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "julien.malik@paraiso.me" }, "requirements": { - "yunohost": ">= 3.5.0" + "yunohost": ">= 3.8.1" }, "multi_instance": false, "services": [ From f3530632bad4ab850f406cb2f07994f809b77196 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 15 Sep 2020 16:09:15 +0200 Subject: [PATCH 51/53] add reset_admin_password action --- README.md | 3 ++ actions.toml | 10 +++++ scripts/actions/reset_admin_password | 57 ++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100644 actions.toml create mode 100644 scripts/actions/reset_admin_password diff --git a/README.md b/README.md index ed6fd97..d1141c6 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,9 @@ this package: ## Additional information +* There is a breaking change in the management of the administrator password when upgrading to 0.7.0. You must change the admin password! +* To be able to change the admin password, please visit the page: `https://you.domain.tld/yunohost/admin/#/apps/baikal/actions` and set a new password. + ## Links * Report a bug: https://github.com/YunoHost-Apps/baikal_ynh/issues diff --git a/actions.toml b/actions.toml new file mode 100644 index 0000000..aa446e3 --- /dev/null +++ b/actions.toml @@ -0,0 +1,10 @@ +[reset_admin_password] +name = "Reset the admin password" +command = "/bin/bash scripts/actions/reset_admin_password" +accepted_return_codes = [0] +description = "Change the admin password of the app." + [reset_admin_password.arguments] + [reset_admin_password.arguments.password] + type = "password" + ask.en = "Set the password for the administration" + ask.fr = "Définissez le mot de passe pour l'administration" \ No newline at end of file diff --git a/scripts/actions/reset_admin_password b/scripts/actions/reset_admin_password new file mode 100644 index 0000000..c2b0be8 --- /dev/null +++ b/scripts/actions/reset_admin_password @@ -0,0 +1,57 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +# Get password +password=${YNH_ACTION_PASSWORD} + +app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# CHECK IF ARGUMENTS ARE CORRECT +#================================================= + +#================================================= +# CHECK IF AN ACTION HAS TO BE DONE +#================================================= + +password_hash_old=$(ynh_app_setting_get --app=$app --key=password_hash) +password_hash=$(echo -n admin:BaikalDAV:$password | sha256sum | cut -d ' ' -f 1) +if [ $password_hash == $password_hash_old ] +then + ynh_die "This is the same password." 0 +fi + +#================================================= +# SPECIFIC ACTION +#================================================= +# CHANGE THE PASSWORD +#================================================= +ynh_script_progression --message="Changing the password..." --weight=1 + +bk_conf="${final_path}/config/baikal.yaml" + +ynh_backup_if_checksum_is_different --file="${final_path}/config/baikal.yaml" + +ynh_replace_string --match_string="${password_hash_old}" --replace_string="${password_hash}" --target_file="$bk_conf" +ynh_app_setting_set --app=$app --key=password_hash --value=$password_hash + +ynh_store_file_checksum --file="${final_path}/config/baikal.yaml" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Execution completed" --last \ No newline at end of file From 22d51bd481901b88d2ddbf547a62d1eabac441af Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 15 Sep 2020 16:16:37 +0200 Subject: [PATCH 52/53] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 4817dda..b36972b 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,6 @@ this package: * x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/baikal/) * ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/baikal/) -* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/baikal%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/baikal/) ## Limitations From 099f63413f120982232a77fd4ff5f62530d546ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Mon, 18 Jan 2021 14:47:59 +0100 Subject: [PATCH 53/53] Testing (#57) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Change permissions system. Bump Yunohost required version accordingly. * Fix linter warning Co-authored-by: Félix Piédallu --- README.md | 8 +++----- conf/nginx.conf | 2 +- conf/php-fpm.conf | 2 +- manifest.json | 4 ++-- scripts/backup | 14 +++++++------- scripts/change_url | 10 +++++----- scripts/install | 21 ++++++++++----------- scripts/remove | 12 ++++++------ scripts/restore | 8 ++++---- scripts/upgrade | 39 +++++++++++++++++++-------------------- 10 files changed, 58 insertions(+), 62 deletions(-) diff --git a/README.md b/README.md index 5c2cb53..d46b2cb 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,7 @@ sabre/dav, that includes an administration interface for easy management. ## YunoHost specific features -In addition to Baïkal core features, the following are made available with -this package: +In addition to Baïkal core features, the following are made available with this package: * Serve `/.well-known` paths for CalDAV and CardDAV on the domain @@ -38,7 +37,7 @@ this package: #### Supported architectures -* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/baikal/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/baikal/) * ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/baikal/) ## Limitations @@ -57,8 +56,7 @@ this package: --- -Developers infos ----------------- +## Developers infos Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/baikal_ynh/tree/testing). diff --git a/conf/nginx.conf b/conf/nginx.conf index 8807793..db0ab0d 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -23,7 +23,7 @@ location __PATH__/ { fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; } location ~ ^__PATH__/(\.|Core|Specific) { diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 6736bea..cc8c244 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -33,7 +33,7 @@ group = __USER__ ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. ; Default Value: 511 (-1 on FreeBSD and OpenBSD) diff --git a/manifest.json b/manifest.json index f99dab6..d7c2308 100644 --- a/manifest.json +++ b/manifest.json @@ -3,8 +3,8 @@ "name": "Baikal", "packaging_format": 1, "description": { - "en": "Lightweight CalDAV+CardDAV server", - "fr": "Serveur CalDAV+CardDAV léger" + "en": "Lightweight CalDAV and CardDAV server", + "fr": "Serveur CalDAV et CardDAV léger" }, "version": "0.7.1~ynh1", "url": "http://baikal-server.com/", diff --git a/scripts/backup b/scripts/backup index 8f642f0..3a806bb 100644 --- a/scripts/backup +++ b/scripts/backup @@ -19,7 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." +ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -29,32 +29,32 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= -# STANDARD BACKUP STEPS +# DECLARE DATA AND CONF FILES TO BACKUP +#================================================= +ynh_print_info --message="Declaring files to be backed up..." + #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_script_progression --message="Backing up the main app directory..." ynh_backup --src_path="$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Backing up nginx web server configuration..." ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Backing up php-fpm configuration..." ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE #================================================= -ynh_script_progression --message="Backing up the MySQL database..." +ynh_print_info --message="Backing up the MySQL database..." ynh_mysql_dump_db --database="$db_name" > db.sql @@ -62,4 +62,4 @@ ynh_mysql_dump_db --database="$db_name" > db.sql # END OF SCRIPT #================================================= -ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last +ynh_print_info --message="Backup script completed for Baïkal. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index eefd59f..4d491c8 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -54,7 +54,7 @@ then # Check if .well-known is available for the new domain. if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav" then - ynh_die --message="Another app already uses the domain $new_domain to serve a caldav/carddav feature. Please use another domain." + ynh_die --message="Another app already uses the domain $new_domain to serve a calDAV/cardDAV feature. Please use another domain." fi fi @@ -63,7 +63,7 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." --weight=2 +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -94,7 +94,7 @@ fi #================================================= # UPDATE CONFIGURATION #================================================= -ynh_script_progression --message="Updating baikal configuration..." +ynh_script_progression --message="Updating Baïkal configuration..." ynh_backup_if_checksum_is_different --file="${final_path}/config/baikal.yaml" @@ -107,7 +107,7 @@ ynh_store_file_checksum --file="${final_path}/config/baikal.yaml" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload @@ -115,4 +115,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression --message="Change of URL completed for Baïkal" --last diff --git a/scripts/install b/scripts/install index d43be25..91021c1 100644 --- a/scripts/install +++ b/scripts/install @@ -13,7 +13,6 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -# Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= @@ -40,7 +39,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url # Check if .well-known is available for this domain. if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then - ynh_die --message="Another app already uses the domain $domain to serve a caldav/carddav feature. Please use another domain." + ynh_die --message="Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain." fi #================================================= @@ -81,9 +80,9 @@ ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." +ynh_script_progression --message="Configuring NGINX web server..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config #================================================= @@ -97,9 +96,9 @@ ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring php-fpm..." +ynh_script_progression --message="Configuring PHP-FPM..." -# Create a dedicated php-fpm config +# Create a dedicated PHP-FPM config ynh_add_fpm_config #================================================= @@ -107,7 +106,7 @@ ynh_add_fpm_config #================================================= # INITIALIZE DATABASE #================================================= -ynh_script_progression --message="Configuring baikal..." --weight=3 +ynh_script_progression --message="Configuring Baïkal..." --weight=3 ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name \ < "${final_path}/Core/Resources/Db/MySQL/db.sql" @@ -157,14 +156,14 @@ chmod 640 "$final_path/config/baikal.yaml" ynh_script_progression --message="Configuring SSOwat..." --weight=2 # Allow public access on / -ynh_app_setting_set --app=$app --key=skipped_uris --value="/" +ynh_permission_update --permission "main" --add "visitors" # But restrain on /admin -ynh_app_setting_set --app=$app --key=protected_uris --value="/admin/" +ynh_permission_create --permission "admin" --url "/admin" --allowed "all_users" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload @@ -172,4 +171,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression --message="Installation of Baïkal completed" --last diff --git a/scripts/remove b/scripts/remove index 2a8974a..1c3060c 100644 --- a/scripts/remove +++ b/scripts/remove @@ -41,7 +41,7 @@ ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory" +ynh_script_progression --message="Removing Baïkal main directory" # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -49,17 +49,17 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration" +ynh_script_progression --message="Removing NGINX web server configuration" -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing php-fpm configuration" +ynh_script_progression --message="Removing PHP-FPM configuration" -# Remove the dedicated php-fpm config +# Remove the dedicated PHP-FPM config ynh_remove_fpm_config #================================================= @@ -76,4 +76,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression --message="Removal of Baïkal completed" --last diff --git a/scripts/restore b/scripts/restore index fc9e81e..820e1de 100644 --- a/scripts/restore +++ b/scripts/restore @@ -42,7 +42,7 @@ test ! -d $final_path \ # Check if .well-known is available for this domain. if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then - ynh_die --message="Another app already uses the domain $domain to serve a caldav/carddav feature. Please use another domain." + ynh_die --message="Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain." fi #================================================= @@ -63,7 +63,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." +ynh_script_progression --message="Restoring Baïkal main directory..." ynh_restore_file --origin_path="$final_path" @@ -104,7 +104,7 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload @@ -113,4 +113,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression --message="Restoration completed for Baïkal" --last diff --git a/scripts/upgrade b/scripts/upgrade index 0983311..d463884 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -47,7 +47,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4 +ynh_script_progression --message="Backing up Baïkal before upgrading (may take a while)..." --weight=4 # Backup the current version of the app ynh_backup_before_upgrade @@ -58,13 +58,6 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# CHECK THE PATH -#================================================= - -# Normalize the URL path syntax -path_url=$(ynh_normalize_url_path --path_url=$path_url) - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -94,9 +87,9 @@ fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." +ynh_script_progression --message="Upgrading NGINX web server configuration..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) @@ -118,9 +111,9 @@ ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=2 +ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2 -# Create a dedicated php-fpm config +# Create a dedicated PHP-FPM config ynh_add_fpm_config #================================================= @@ -134,7 +127,7 @@ then #================================================= # UPGRADE BAIKAL CONFIGURATION #================================================= - ynh_script_progression --message="Upgrading baikal configuration..." --weight=2 + ynh_script_progression --message="Upgrading Baïkal configuration..." --weight=2 bk_conf="${final_path}/config/baikal.yaml" ynh_backup_if_checksum_is_different --file="$bk_conf" @@ -163,7 +156,7 @@ then #================================================= # UPGRADE BAIKAL #================================================= - ynh_script_progression --message="Upgrading baikal..." + ynh_script_progression --message="Upgrading Baïkal..." # Run Baikal upgrade php"${phpversion}" "${final_path}/bin/upgrade.sh" @@ -195,15 +188,21 @@ chmod 640 "$final_path/config/baikal.yaml" #================================================= ynh_script_progression --message="Configuring SSOwat..." --weight=2 -# Allow public access on / -ynh_app_setting_set --app=$app --key=skipped_uris --value="/" -# But restrain on /admin -ynh_app_setting_set --app=$app --key=protected_uris --value="/admin/" +# Upgrade from the legacy permissions system +protected_uris=$(ynh_app_setting_get --app="$app" --key=protected_uris) +if [ -n "${protected_uris}" ]; then + ynh_app_setting_delete --app="$app" --key=protected_uris + + # Allow public access on / + ynh_permission_update --permission "main" --add "visitors" + # But restrain on /admin + ynh_permission_create --permission "admin" --url "/admin" --allowed "all_users" +fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload @@ -211,4 +210,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression --message="Upgrade of Baïkal completed" --last