From ddd9a8f7be6bd9569c95f3bb2775dc124cdb23f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 5 Jan 2024 16:20:44 +0100 Subject: [PATCH 1/9] manifestv2 --- check_process | 29 --- conf/.env | 2 +- conf/amd64.src | 7 - conf/systemd.service | 4 +- doc/ADMIN.md | 1 + doc/DISCLAIMER.md | 4 - manifest.json | 65 ------ manifest.toml | 70 +++++++ scripts/_common.sh | 39 +++- scripts/backup | 29 +-- scripts/change_url | 112 +---------- scripts/install | 307 +++-------------------------- scripts/remove | 113 ++--------- scripts/restore | 116 ++--------- scripts/upgrade | 237 ++++------------------ sources/extra_files/app/.gitignore | 2 - sources/patches/.gitignore | 2 - tests.toml | 12 ++ 18 files changed, 221 insertions(+), 930 deletions(-) delete mode 100644 check_process delete mode 100644 conf/amd64.src create mode 100644 doc/ADMIN.md delete mode 100644 doc/DISCLAIMER.md delete mode 100644 manifest.json create mode 100644 manifest.toml delete mode 100644 sources/extra_files/app/.gitignore delete mode 100644 sources/patches/.gitignore create mode 100644 tests.toml diff --git a/check_process b/check_process deleted file mode 100644 index f071cd3..0000000 --- a/check_process +++ /dev/null @@ -1,29 +0,0 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -;; Test complet - ; Manifest - domain="domain.tld" - path="/path" - is_public=0 - install_chromium=1 - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=1 - setup_nourl=0 - setup_private=0 - setup_public=1 - upgrade=1 - upgrade=1 from_commit=b446048d123428f5260c5757245e8ed5ad454fb0 - backup_restore=1 - multi_instance=0 - port_already_use=0 - change_url=1 -;;; Options -Email=ger@shared.collin.best -Notification=Down -;;; Upgrade options - ; commit=CommitHash - name=Name and date of the commit. - manifest_arg=domain=DOMAIN&path=PATH&is_public=1&language=fr&admin=USER&password=pass&port=666& diff --git a/conf/.env b/conf/.env index 2d91850..0735ca2 100644 --- a/conf/.env +++ b/conf/.env @@ -1,6 +1,6 @@ CACP_PORT=__PORT__ CACP_REDIRECT_HOST=https://__DOMAIN__ -CACP_REDIRECT_PATH=__PATH_URL__ +CACP_REDIRECT_PATH=__PATH__ CACP_DEBUG=FALSE CACP_LOG=FALSE CACP_BYPASS_SANDBOX=__BYPASS_SANDBOX__ diff --git a/conf/amd64.src b/conf/amd64.src deleted file mode 100644 index 7a36dbc..0000000 --- a/conf/amd64.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.2.1/cookie-aware-cors-proxy.tgz -SOURCE_SUM=1eec01aab716c78007c0cd0df81612b192bf38279b88ee2168ee7579a36ce967 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/systemd.service b/conf/systemd.service index f2c1d98..5c999ff 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,8 +6,8 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -EnvironmentFile=__FINALPATH__/.env -WorkingDirectory=__FINALPATH__/package/ +EnvironmentFile=__INSTALL_DIR__/.env +WorkingDirectory=__INSTALL_DIR__/package/ ExecStart=__YNH_NODE__ ./src/server.js StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..2c99187 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1 @@ +It works only if you define it as public upon installation otherwise the yunohost SSO will interfere diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index e406610..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,4 +0,0 @@ -* About security - * Single-sign on or LDAP are not integrated - * It works only if you define it as public upon installation otherwise the yunohost SSO will interfere - diff --git a/manifest.json b/manifest.json deleted file mode 100644 index 8ba40a0..0000000 --- a/manifest.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "name": "Cors Proxy", - "id": "cac-proxy", - "packaging_format": 1, - "description": { - "en": "An advanced https proxy allowing you to call other websites from your own web application.", - "fr": "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web." - }, - "version": "1.2.1~ynh1", - "url": "https://github.com/gcollin/cookie-aware-cors-proxy", - "upstream": { - "license": "MIT", - "code": "https://github.com/gcollin/cookie-aware-cors-proxy" - }, - "license": "MIT", - "maintainer": { - "name": "Gerard Collin", - "email": "ger@collin.best" - }, - "requirements": { - "yunohost": ">= 11.0.0" - }, - "multi_instance": false, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/proxy", - "default": "/proxy" - }, - { - "name": "install_chromium", - "type": "boolean", - "default": false, - "optional": true, - "ask": { - "en": "Install Chromium for advanced website support (+480 MB).", - "fr": "Installer Chromium pour supporter les sites web complexes (+480 MB)." - } - }, - { - "name": "public_key", - "type": "string", - "optional": true, - "ask": { - "en": "SSH Public key to allow service updates as part of delivery process, leave empty to disable.", - "fr": "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné." - } - }, - { - "name": "is_public", - "type": "boolean", - "default": true - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..18c749e --- /dev/null +++ b/manifest.toml @@ -0,0 +1,70 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json + +packaging_format = 2 + +id = "cac-proxy" +name = "Cors Proxy" +description.en = "An advanced https proxy allowing you to call other websites from your own web application." +description.fr = "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web." + +version = "1.2.1~ynh1" + +maintainers = ["Gerard Collin"] + +[upstream] +license = "MIT" +code = "https://github.com/gcollin/cookie-aware-cors-proxy" +website = "https://github.com/gcollin/cookie-aware-cors-proxy" + +[integration] +yunohost = ">= 11.0.0" +architectures = ["amd64"] +multi_instance = false +ldap = "not_relevant" +sso = "not_relevant" +disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... +ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/proxy" + + [install.install_chromium] + ask.en = "Install Chromium for advanced website support (+480 MB)." + ask.fr = "Installer Chromium pour supporter les sites web complexes (+480 MB)." + type = "boolean" + default = false + optional = true + + [install.public_key] + ask.en = "SSH Public key to allow service updates as part of delivery process, leave empty to disable." + ask.fr = "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné." + type = "string" + optional = true + + [install.init_main_permission] + type = "group" + default = "visitors" + +[resources] + [resources.sources.main] + amd64.url = "https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.2.1/cookie-aware-cors-proxy.tgz" + amd64.sha256 = "1eec01aab716c78007c0cd0df81612b192bf38279b88ee2168ee7579a36ce967" + autoupdate.strategy = "latest_github_release" + autoupdate.asset.amd64 = "cookie-aware-cors-proxy.tgz" + + [resources.system_user] + allow_ssh = true + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + + [resources.ports] + main.default = 3000 diff --git a/scripts/_common.sh b/scripts/_common.sh index fc72584..13573da 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,15 +3,48 @@ #================================================= # COMMON VARIABLES #================================================= -nodejs_version=16 -# dependencies used by the app (must be on a single line) -pkg_dependencies="" +nodejs_version=16 #================================================= # PERSONAL HELPERS #================================================= +_generate_env_file() { + # We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore + kernel_release=$(uname -r) + if [[ $kernel_release == 5.* ]]; then + bypass_sandbox="TRUE" + if [ $install_chromium -eq 1 ]; then + ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x" + fi + else + bypass_sandbox="FALSE" + fi + + ynh_add_config --template=".env" --destination="$install_dir/.env" + chmod 400 "$install_dir/.env" + chown $app:$app "$install_dir/.env" +} + +_install_restart_script_and_sudoers() { + # Enable restarting of services from ssh + ynh_add_config --template="restart-proxy.sh" --destination="$install_dir/restart-proxy.sh" + chown "$app:$app" "$install_dir/restart-proxy.sh" + chmod o-rwx,gu=rwx "$install_dir/restart-proxy.sh" + + # Add sudoers file for this specific command + ynh_add_config --template="cac-proxy-sudoers" --destination="/etc/sudoers.d/$app-sudoers" + chown root:root "/etc/sudoers.d/$app-sudoers" + chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers" +} + +_remove_restart_script_and_sudoers() { + if [ -f "/etc/sudoers.d/$app-sudoers" ]; then + ynh_secure_remove --file="/etc/sudoers.d/$app-sudoers" + fi +} + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 9737690..f77f961 100755 --- a/scripts/backup +++ b/scripts/backup @@ -10,28 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -public_key=$(ynh_app_setting_get --app=$app --key=public_key) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -46,7 +24,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -57,9 +35,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # SPECIFIC BACKUP #================================================= -if [ -n "$public_key" ] -then - ynh_backup --src_path="/etc/sudoers.d/$app-sudoers" +if [ -n "$public_key" ]; then + ynh_backup --src_path="/etc/sudoers.d/$app-sudoers" fi # BACKUP LOGROTATE #================================================= diff --git a/scripts/change_url b/scripts/change_url index e40f6a7..f1bf96c 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,61 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) -install_chromium=$(ynh_app_setting_get --app=$app --key=install_chromium) - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= @@ -78,59 +23,15 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi +ynh_change_url_nginx_config #================================================= # SPECIFIC MODIFICATIONS #================================================= ynh_script_progression --message="Updating .env configuration..." -ynh_backup_if_checksum_is_different --file="$final_path/.env" -domain=$new_domain -path_url=$new_path - -# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore -kernel_release=$(uname -r) -if [[ $kernel_release == 5.* ]] -then - bypass_sandbox="TRUE" - if [ $install_chromium -eq 1 ] - then - ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x" - fi -else - bypass_sandbox="FALSE" -fi - -ynh_add_config --template=".env" --destination="$final_path/.env" - -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -chmod 400 "$final_path/.env" -chown $app:$app "$final_path/.env" +ynh_backup_if_checksum_is_different --file="$install_dir/.env" +_generate_env_file #================================================= # GENERIC FINALISATION @@ -141,13 +42,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 861bc00..4b2a18b 100755 --- a/scripts/install +++ b/scripts/install @@ -10,285 +10,75 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# MANAGE SCRIPT FAILURE +# INSTALL NODEJS #================================================= +ynh_script_progression --message="Installing NodeJS..." --weight=3 -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -public_key=$YNH_APP_ARG_PUBLIC_KEY -is_public=$YNH_APP_ARG_IS_PUBLIC -install_chromium=$YNH_APP_ARG_INSTALL_CHROMIUM - -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names... -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -### About --weight and --time -### ynh_script_progression will show to your final users the progression of each scripts. -### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script. -### --time is a packager option, it will show you the execution time since the previous call. -### This option is implied when running in CI_package_check, you can manually add it if you are manually testing the app. -### Use the execution time displayed in the CI report or by adding --time to the command, to estimate the weight of a step. -### A common way to do it is to set a weight equal to the execution time in second +1. -### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -# Check machine architecture (in particular, we don't support ARM and 32bit machines) -if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armel" ] || [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "aarch64" ] || [ $YNH_ARCH == "arm64" ] -then - ynh_die --message="Sorry, but this app can only be installed on a x86, 64 bits machine :(" -fi - -### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app" -final_path=/opt/yunohost/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=install_chromium --value=$install_chromium - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -### Use these lines if you have to open a port for the application -### `ynh_find_port` will find the first available port starting from the given port. -### If you're not using these lines: -### - Remove the section "CLOSE A PORT" in the remove script - -# Find an available port -port=$(ynh_find_port --port=3000) -ynh_app_setting_set --app=$app --key=port --value=$port - -# Optional: Expose this port publicly -# (N.B.: you only need to do this if the app actually needs to expose the port publicly. -# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !) - -# Open the port -# ynh_script_progression --message="Configuring firewall..." --weight=1 -# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=3 - -### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. -### Those deb packages will be installed as dependencies of this package. -### If you're not using this helper: -### - Remove the section "REMOVE DEPENDENCIES" in the remove script -### - Remove the variable "pkg_dependencies" in _common.sh -### - As well as the section "REINSTALL DEPENDENCIES" in the restore script -### - And the section "UPGRADE DEPENDENCIES" in the upgrade script - -ynh_install_app_dependencies $pkg_dependencies ynh_install_nodejs --nodejs_version=$nodejs_version ynh_use_nodejs -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --use_shell --home_dir="$final_path" --groups="ssh.app" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=6 -### `ynh_setup_source` is used to install an app from a zip or tar.gz file, -### downloaded from an upstream source, like a git repository. -### `ynh_setup_source` use the file conf/amd64.src - -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from amd64.src -mkdir --parents $final_path/package -ynh_setup_source --source_id=amd64 --dest_dir="$final_path/package" +ynh_setup_source --dest_dir="$install_dir/package" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chmod -R o-rwx "$install_dir" +chown -R $app:$app "$install_dir" -if [ -n "$public_key" ] -then - ynh_script_progression --message="Enabling ssh access for dev..." --weight=1 - #enable ssh access to the files for updates - #todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh - mkdir --parents $final_path/.ssh - ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys" - ynh_app_setting_set --app=$app --key=public_key --value=$public_key - chown -R $app:$app "$final_path/.ssh" - chmod 700 "$final_path/.ssh" - chmod 600 "$final_path/.ssh/authorized_keys" +#================================================= +# ADD SSH ACCESS +#================================================= - #================================================= - # Create restart services file - #================================================= +if [ -n "$public_key" ]; then + ynh_script_progression --message="Enabling ssh access for dev..." --weight=1 + # enable ssh access to the files for updates + # todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh + mkdir --parents "$install_dir/.ssh" + ynh_add_config --template="authorized_keys" --destination="$install_dir/.ssh/authorized_keys" - # Enable restarting of services from ssh - ynh_add_config --template="restart-proxy.sh" --destination="$final_path/restart-proxy.sh" - - # Enable root ownership to be able to call systemctl - chown $app:$app "$final_path/restart-proxy.sh" - chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh" - - ynh_add_config --template="cac-proxy-sudoers" --destination="/etc/sudoers.d/$app-sudoers" - chown root:root "/etc/sudoers.d/$app-sudoers" - chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers" + chown -R "$app:$app" "$install_dir/.ssh" + chmod 700 "$install_dir/.ssh" + chmod 600 "$install_dir/.ssh/authorized_keys" + _install_restart_script_and_sudoers fi #================================================= # Install chromium #================================================= -if [ $install_chromium -eq 1 ] -then - ynh_script_progression --message="Installing Chromium..." --weight=8 +if [ $install_chromium -eq 1 ]; then + ynh_script_progression --message="Installing Chromium..." --weight=8 - cd "$final_path/package" - ynh_exec_as $app $ynh_node_load_PATH $ynh_node "./node_modules/puppeteer/install.js" - - cd - + pushd "$install_dir/package" + ynh_exec_as "$app" $ynh_node_load_PATH $ynh_node "./node_modules/puppeteer/install.js" + popd fi -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 - -### `ynh_add_nginx_config` will use the file conf/nginx.conf - -# Create a dedicated NGINX config -ynh_add_nginx_config - -#================================================= -# SPECIFIC SETUP -#================================================= -# ... -#================================================= - - #================================================= # ADD A CONFIGURATION #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore -kernel_release=$(uname -r) -if [[ $kernel_release == 5.* ]] -then - bypass_sandbox="TRUE" - if [ $install_chromium -eq 1 ] - then - ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x" - fi -else - bypass_sandbox="FALSE" -fi - -ynh_add_config --template=".env" --destination="$final_path/.env" - -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -chmod 400 "$final_path/.env" -chown $app:$app "$final_path/.env" - -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" -### ynh_store_file_checksum --file="$final_path/some_config_file" +_generate_env_file #================================================= -# SETUP SYSTEMD +# SYSTEM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=1 +ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 -### `ynh_systemd_config` is used to configure a systemd script for an app. -### It can be used for apps that use sysvinit (with adaptation) or systemd. -### Have a look at the app to be sure this app needs a systemd script. -### `ynh_systemd_config` will use the file conf/systemd.service -### If you're not using these lines: -### - You can remove those files in conf/. -### - Remove the section "BACKUP SYSTEMD" in the backup script -### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script -### - As well as the section "RESTORE SYSTEMD" in the restore script -### - And the section "SETUP SYSTEMD" in the upgrade script +# Create a dedicated NGINX config +ynh_add_nginx_config # Create a dedicated systemd config ynh_add_systemd_config - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 - -### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. -### Use this helper only if there is effectively a log file for this app. -### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script +yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log" # Use logrotate to manage application logfile(s) ynh_use_logrotate -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -### `yunohost service add` integrates a service in YunoHost. It then gets -### displayed in the admin interface and through the others `yunohost service` commands. -### (N.B.: this line only makes sense if the app adds a service to the system!) -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script -### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script -### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script - -yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log" - #================================================= # START SYSTEMD SERVICE #================================================= @@ -297,45 +87,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# SETUP FAIL2BAN -#================================================= -# ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 - -# Create a dedicated Fail2Ban config -# ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -### N.B. : the following extra permissions only make sense if your app -### does have for example an admin interface or an API. - -# Only the admin can access the admin panel of the app (if the app has an admin panel) -# ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin - -# Everyone can access the API part -# We don't want to display the tile in the SSO so we put --show_tile="false" -# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" -# ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 98f3dc7..0a968d0 100755 --- a/scripts/remove +++ b/scripts/remove @@ -10,123 +10,36 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -port=$(ynh_app_setting_get --app=$app --key=port) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -public_key=$(ynh_app_setting_get --app=$app --key=public_key) - -#================================================= -# STANDARD REMOVE -#================================================= -# REMOVE SERVICE INTEGRATION IN YUNOHOST +# REMOVE SYSTEM CONFIGURATIONS #================================================= +ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null -then - ynh_script_progression --message="Removing $app service integration..." --weight=1 - yunohost service remove $app +if ynh_exec_warn_less yunohost service status $app >/dev/null; then + yunohost service remove $app fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 - -# Remove the dedicated systemd config -ynh_remove_systemd_config - -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 - -# Remove the app-specific logrotate config -ynh_remove_logrotate - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 - # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=1 +# Remove the dedicated systemd config +ynh_remove_systemd_config -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - -# Remove the version of Nodejs used if needed -ynh_remove_nodejs - -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -#ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 - -# Remove the dedicated Fail2Ban config -#ynh_remove_fail2ban_config - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." --weight=1 - -# Remove a cron file -#ynh_secure_remove --file="/etc/cron.d/$app" - -# Remove a directory securely -#ynh_secure_remove --file="/etc/$app" +# Remove the app-specific logrotate config +ynh_remove_logrotate # Remove the log files ynh_secure_remove --file="/var/log/$app" -if [ -n "$public_key" ] -then - ynh_script_progression --message="Removing ssh dev access" --weight=1 - ynh_secure_remove --file="/etc/sudoers.d/$app-sudoers" - -fi +_remove_restart_script_and_sudoers #================================================= -# GENERIC FINALIZATION +# REMOVE DEPENDENCIES #================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 +ynh_script_progression --message="Removing NodeJS..." --weight=2 -# Delete a system user -ynh_system_user_delete --username=$app +# Remove metapackage and its dependencies +ynh_remove_nodejs --nodejs_version=$nodejs_version #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 6b7a4e1..82b060e 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,141 +10,59 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - #### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) -public_key=$(ynh_app_setting_get --app=$app --key=public_key) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - -#================================================= -# STANDARD RESTORATION STEPS -#================================================= - - -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chmod -R o-rwx "$install_dir" +chown -R $app:$app "$install_dir" #Make sure the .ssh and files have the correct access rights -if [ -n "$public_key" ] -then - chown -R $app:$app "$final_path/.ssh" - chmod 700 "$final_path/.ssh" - chmod 600 "$final_path/.ssh/authorized_keys" - # Enable restart of services for the dont-code user - chown $app:$app "$final_path/restart-proxy.sh" - chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh" +if [ -n "$public_key" ]; then + chown -R $app:$app "$install_dir/.ssh" + chmod 700 "$install_dir/.ssh" + chmod 600 "$install_dir/.ssh/authorized_keys" - ynh_restore_file --origin_path="/etc/sudoers.d/$app-sudoers" - - chown root:root "/etc/sudoers.d/$app-sudoers" - chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers" + _install_restart_script_and_sudoers fi +mkdir --parents /var/log/$app +chown $app:adm /var/log/$app + #================================================= # SPECIFIC RESTORATION #================================================= # REINSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=3 +ynh_script_progression --message="Reinstalling NodeJS..." --weight=21 # Define and install dependencies -ynh_install_app_dependencies $pkg_dependencies -ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_install_nodejs --nodejs_version="$NODEJS_VERSION" ynh_use_nodejs #================================================= -# RESTORE THE NGINX CONFIGURATION +# RESTORE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE SYSTEMD -#================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_restore_file --origin_path="/etc/logrotate.d/$app" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet - -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/logrotate.d/$app" - -mkdir --parents /var/log/$app -chown $app:adm /var/log/$app - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server and $app's services..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# GENERIC FINALIZATION -#================================================= -# RELOAD NGINX AND PHP-FPM -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 73aad75..420dbcc 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,60 +9,8 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) -public_key=$(ynh_app_setting_get --app=$app --key=public_key) -install_chromium=$(ynh_app_setting_get --app=$app --key=install_chromium) - -#================================================= -# CHECK VERSION -#================================================= - -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -# There is an issue in previous backup file in case of non public_key, so we create the missing directory -if [ ! -f "/etc/sudoers.d/$app-sudoers" ] -then - touch "/etc/sudoers.d/$app-sudoers" -fi - -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} - -# Removes the directory created only for backup if not necessary -if [ ! -n "$public_key" ] -then - rm "/etc/sudoers.d/$app-sudoers" -fi - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -75,190 +23,80 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 #================================================= -# INSTALL DEPENDENCIES +# INSTALL NODEJS #================================================= -ynh_script_progression --message="Installing dependencies..." --weight=3 +ynh_script_progression --message="Upgrading NodeJS..." --weight=3 -### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. -### Those deb packages will be installed as dependencies of this package. -### If you're not using this helper: -### - Remove the section "REMOVE DEPENDENCIES" in the remove script -### - Remove the variable "pkg_dependencies" in _common.sh -### - As well as the section "REINSTALL DEPENDENCIES" in the restore script -### - And the section "UPGRADE DEPENDENCIES" in the upgrade script - -ynh_install_app_dependencies $pkg_dependencies ynh_install_nodejs --nodejs_version=$nodejs_version ynh_use_nodejs -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - - #Recreate the user to enable shell if needed -user_shell=$(grep "^$app:" /etc/passwd | cut -d: -f7) -if [ "$user_shell" == "/usr/sbin/nologin" ]; then - chsh --shell /bin/sh $app -fi - # Ensure the use can connect through ssh -user_groups=$(groups "$app") -if [[ "$user_groups" != *"ssh.app"* ]]; then - ynh_system_user_create --username=$app --groups="ssh.app" -fi - - -#================================================= -# SPECIFIC UPGRADE -#================================================= -complete_install=false - -# Check if we need to clean up old bad installs -if [ -f "$final_path/package.json" ]; then - complete_install=true - ynh_secure_remove --file="$final_path" - mkdir "$final_path" - chmod 750 "$final_path" - chmod -R o-rwx "$final_path" - chown -R $app:$app "$final_path" -fi - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -if [ "$upgrade_type" == "UPGRADE_APP" ] || [ "$complete_install" == "true" ] -then - ynh_script_progression --message="Upgrading source files..." --weight=6 - - # Download, check integrity, uncompress and patch the source from amd64.src - mkdir --parents $final_path/package - ynh_setup_source --source_id=amd64 --dest_dir="$final_path/package" +if [ "$upgrade_type" == "UPGRADE_APP" ]; then + ynh_script_progression --message="Upgrading source files..." --weight=6 + # Download, check integrity, uncompress and patch the source from amd64.src + ynh_setup_source --dest_dir="$install_dir/package" fi -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chmod -R o-rwx "$install_dir" +chown -R $app:$app "$install_dir" -if [ -n "$public_key" ] && [ "$complete_install" == "true" ] -then - ynh_script_progression --message="Enabling ssh access for dev..." --weight=1 - #enable ssh access to the files for updates - #todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh - mkdir --parents $final_path/.ssh - ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys" - ynh_app_setting_set --app=$app --key=public_key --value=$public_key - chown -R $app:$app "$final_path/.ssh" - chmod 700 "$final_path/.ssh" - chmod 600 "$final_path/.ssh/authorized_keys" +if [ -n "$public_key" ]; then + ynh_script_progression --message="Enabling ssh access for dev..." --weight=1 + # enable ssh access to the files for updates + # todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh + mkdir --parents "$install_dir/.ssh" + ynh_add_config --template="authorized_keys" --destination="$install_dir/.ssh/authorized_keys" - #================================================= - # Create restart services file - #================================================= - - # Enable restarting of services from ssh - ynh_add_config --template="restart-proxy.sh" --destination="$final_path/restart-proxy.sh" - - # Enable root ownership to be able to call systemctl - chown $app:$app "$final_path/restart-proxy.sh" - chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh" - - ynh_add_config --template="cac-proxy-sudoers" --destination="/etc/sudoers.d/$app-sudoers" - chown root:root "/etc/sudoers.d/$app-sudoers" - chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers" + chown -R "$app:$app" "$install_dir/.ssh" + chmod 700 "$install_dir/.ssh" + chmod 600 "$install_dir/.ssh/authorized_keys" + _install_restart_script_and_sudoers fi + #================================================= # Install chromium #================================================= -if [ $install_chromium -eq 1 ] -then - ynh_script_progression --message="Upgrading Chromium..." --weight=8 +if [ $install_chromium -eq 1 ]; then + ynh_script_progression --message="Upgrading Chromium..." --weight=8 + # Remove old versions of chrome - ynh_secure_remove --file="$final_path/.cache/puppeteer/chrome" - # And install the latest one - cd "$final_path/package" - ynh_exec_as $app $ynh_node_load_PATH $ynh_node "./node_modules/puppeteer/install.js" + ynh_secure_remove --file="$install_dir/.cache/puppeteer/chrome" + pushd "$install_dir/package" + ynh_exec_as "$app" $ynh_node_load_PATH $ynh_node "./node_modules/puppeteer/install.js" + popd fi -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 - -# Create a dedicated NGINX config -ynh_add_nginx_config - -#================================================= - #================================================= # UPDATE A CONFIG FILE #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 -# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore -kernel_release=$(uname -r) -if [[ $kernel_release == 5.* ]] -then - bypass_sandbox="TRUE" - if [ $install_chromium -eq 1 ] - then - ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x" - fi -else - bypass_sandbox="FALSE" -fi - -ynh_add_config --template=".env" --destination="$final_path/.env" - -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -chmod 400 "$final_path/.env" -chown $app:$app "$final_path/.env" - -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" -### ynh_store_file_checksum --file="$final_path/some_config_file" +_generate_env_file #================================================= -# SETUP SYSTEMD +# REAPPLY SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 + +# Create a dedicated NGINX config +ynh_add_nginx_config # Create a dedicated systemd config ynh_add_systemd_config - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 +yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log" # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log" - #================================================= # START SYSTEMD SERVICE #================================================= @@ -266,13 +104,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/sources/extra_files/app/.gitignore b/sources/extra_files/app/.gitignore deleted file mode 100644 index 783a4ae..0000000 --- a/sources/extra_files/app/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -*~ -*.sw[op] diff --git a/sources/patches/.gitignore b/sources/patches/.gitignore deleted file mode 100644 index 783a4ae..0000000 --- a/sources/patches/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -*~ -*.sw[op] diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..ada77ea --- /dev/null +++ b/tests.toml @@ -0,0 +1,12 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json + +test_format = 1.0 + +[default] + + args.public_key = "" + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + test_upgrade_from.b446048d123428f5260c5757245e8ed5ad454fb0.name= "v1.0" From addbda182b5ebd82417e85bcf2d02a08a1571ff6 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 5 Jan 2024 15:20:51 +0000 Subject: [PATCH 2/9] Auto-update README --- README.md | 8 +------- README_fr.md | 8 +------- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 46c6737..bcc0fc1 100644 --- a/README.md +++ b/README.md @@ -33,15 +33,9 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo ![Screenshot of Cors Proxy](./doc/screenshots/fnac-logs.png) -## Disclaimers / important information - -* About security - * Single-sign on or LDAP are not integrated - * It works only if you define it as public upon installation otherwise the yunohost SSO will interfere - - ## Documentation and resources +* Official app website: * Upstream app code repository: * YunoHost Store: * Report a bug: diff --git a/README_fr.md b/README_fr.md index eb31384..f6df300 100644 --- a/README_fr.md +++ b/README_fr.md @@ -33,15 +33,9 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo ![Capture d’écran de Cors Proxy](./doc/screenshots/fnac-logs.png) -## Avertissements / informations importantes - -* About security - * Single-sign on or LDAP are not integrated - * It works only if you define it as public upon installation otherwise the yunohost SSO will interfere - - ## Documentations et ressources +* Site officiel de l’app : * Dépôt de code officiel de l’app : * YunoHost Store: * Signaler un bug : From ed9e649d34106921d208f92341ec59f12a6df911 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 5 Jan 2024 16:35:26 +0100 Subject: [PATCH 3/9] remove website --- manifest.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 18c749e..5242717 100644 --- a/manifest.toml +++ b/manifest.toml @@ -14,7 +14,6 @@ maintainers = ["Gerard Collin"] [upstream] license = "MIT" code = "https://github.com/gcollin/cookie-aware-cors-proxy" -website = "https://github.com/gcollin/cookie-aware-cors-proxy" [integration] yunohost = ">= 11.0.0" From d12910ab124fd1475355930bcbf037ef7975f1c1 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 5 Jan 2024 15:35:31 +0000 Subject: [PATCH 4/9] Auto-update README --- README.md | 1 - README_fr.md | 1 - 2 files changed, 2 deletions(-) diff --git a/README.md b/README.md index bcc0fc1..ef93bd0 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,6 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo ## Documentation and resources -* Official app website: * Upstream app code repository: * YunoHost Store: * Report a bug: diff --git a/README_fr.md b/README_fr.md index f6df300..eea83f3 100644 --- a/README_fr.md +++ b/README_fr.md @@ -35,7 +35,6 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo ## Documentations et ressources -* Site officiel de l’app : * Dépôt de code officiel de l’app : * YunoHost Store: * Signaler un bug : From c0b78579efd6f094d003d491d0d48532fffe7703 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 5 Jan 2024 16:36:00 +0100 Subject: [PATCH 5/9] set ram usage --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 5242717..839ac26 100644 --- a/manifest.toml +++ b/manifest.toml @@ -22,8 +22,8 @@ multi_instance = false ldap = "not_relevant" sso = "not_relevant" disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... -ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... -ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +ram.build = "120M" +ram.runtime = "50M" [install] [install.domain] From 54346748f65dd788ea715195f42c800f472e4008 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 5 Jan 2024 16:44:26 +0100 Subject: [PATCH 6/9] fix upgrade script --- scripts/restore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/restore b/scripts/restore index 82b060e..e219e8c 100755 --- a/scripts/restore +++ b/scripts/restore @@ -40,7 +40,7 @@ chown $app:adm /var/log/$app ynh_script_progression --message="Reinstalling NodeJS..." --weight=21 # Define and install dependencies -ynh_install_nodejs --nodejs_version="$NODEJS_VERSION" +ynh_install_nodejs --nodejs_version="$nodejs_version" ynh_use_nodejs #================================================= From d2126406d8061bb462c5c376b46ccff6e09dd0f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 5 Jan 2024 17:15:51 +0100 Subject: [PATCH 7/9] fix upgrade --- scripts/upgrade | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 420dbcc..880799f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -25,6 +25,12 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +if [ -z "${public_key+x}" ]; then + # Missing setting ? + public_key="" + ynh_app_setting_set --app="$app" --key=public_key --value="$public_key" +fi + #================================================= # INSTALL NODEJS #================================================= From fa2b2f973fe2fc810788fc5c03be72b27d8b875c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 5 Jan 2024 19:04:33 +0100 Subject: [PATCH 8/9] fix upgrade missing key --- scripts/upgrade | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 880799f..65500f2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -25,11 +25,15 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +# Missing settings ? if [ -z "${public_key+x}" ]; then - # Missing setting ? public_key="" ynh_app_setting_set --app="$app" --key=public_key --value="$public_key" fi +if [ -z "${install_chromium+x}" ]; then + install_chromium="false" + ynh_app_setting_set --app="$app" --key=install_chromium --value="$install_chromium" +fi #================================================= # INSTALL NODEJS @@ -70,7 +74,7 @@ fi #================================================= # Install chromium #================================================= -if [ $install_chromium -eq 1 ]; then +if [ "$install_chromium" -eq 1 ]; then ynh_script_progression --message="Upgrading Chromium..." --weight=8 # Remove old versions of chrome From e266779e836b39a51419562cb6208ff38f5179fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 5 Jan 2024 19:05:01 +0100 Subject: [PATCH 9/9] remove fixme --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 839ac26..58bd13d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -21,7 +21,7 @@ architectures = ["amd64"] multi_instance = false ldap = "not_relevant" sso = "not_relevant" -disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... +disk = "50M" ram.build = "120M" ram.runtime = "50M"