1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cac-proxy_ynh.git synced 2024-09-03 18:16:07 +02:00

manifestv2

This commit is contained in:
Salamandar 2024-01-05 16:20:44 +01:00
parent 4c1243a81b
commit ddd9a8f7be
18 changed files with 221 additions and 930 deletions

View file

@ -1,29 +0,0 @@
# See here for more information
# https://github.com/YunoHost/package_check#syntax-check_process-file
;; Test complet
; Manifest
domain="domain.tld"
path="/path"
is_public=0
install_chromium=1
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_private=0
setup_public=1
upgrade=1
upgrade=1 from_commit=b446048d123428f5260c5757245e8ed5ad454fb0
backup_restore=1
multi_instance=0
port_already_use=0
change_url=1
;;; Options
Email=ger@shared.collin.best
Notification=Down
;;; Upgrade options
; commit=CommitHash
name=Name and date of the commit.
manifest_arg=domain=DOMAIN&path=PATH&is_public=1&language=fr&admin=USER&password=pass&port=666&

View file

@ -1,6 +1,6 @@
CACP_PORT=__PORT__ CACP_PORT=__PORT__
CACP_REDIRECT_HOST=https://__DOMAIN__ CACP_REDIRECT_HOST=https://__DOMAIN__
CACP_REDIRECT_PATH=__PATH_URL__ CACP_REDIRECT_PATH=__PATH__
CACP_DEBUG=FALSE CACP_DEBUG=FALSE
CACP_LOG=FALSE CACP_LOG=FALSE
CACP_BYPASS_SANDBOX=__BYPASS_SANDBOX__ CACP_BYPASS_SANDBOX=__BYPASS_SANDBOX__

View file

@ -1,7 +0,0 @@
SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.2.1/cookie-aware-cors-proxy.tgz
SOURCE_SUM=1eec01aab716c78007c0cd0df81612b192bf38279b88ee2168ee7579a36ce967
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

View file

@ -6,8 +6,8 @@ After=network.target
Type=simple Type=simple
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
EnvironmentFile=__FINALPATH__/.env EnvironmentFile=__INSTALL_DIR__/.env
WorkingDirectory=__FINALPATH__/package/ WorkingDirectory=__INSTALL_DIR__/package/
ExecStart=__YNH_NODE__ ./src/server.js ExecStart=__YNH_NODE__ ./src/server.js
StandardOutput=append:/var/log/__APP__/__APP__.log StandardOutput=append:/var/log/__APP__/__APP__.log
StandardError=inherit StandardError=inherit

1
doc/ADMIN.md Normal file
View file

@ -0,0 +1 @@
It works only if you define it as public upon installation otherwise the yunohost SSO will interfere

View file

@ -1,4 +0,0 @@
* About security
* Single-sign on or LDAP are not integrated
* It works only if you define it as public upon installation otherwise the yunohost SSO will interfere

View file

@ -1,65 +0,0 @@
{
"name": "Cors Proxy",
"id": "cac-proxy",
"packaging_format": 1,
"description": {
"en": "An advanced https proxy allowing you to call other websites from your own web application.",
"fr": "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web."
},
"version": "1.2.1~ynh1",
"url": "https://github.com/gcollin/cookie-aware-cors-proxy",
"upstream": {
"license": "MIT",
"code": "https://github.com/gcollin/cookie-aware-cors-proxy"
},
"license": "MIT",
"maintainer": {
"name": "Gerard Collin",
"email": "ger@collin.best"
},
"requirements": {
"yunohost": ">= 11.0.0"
},
"multi_instance": false,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/proxy",
"default": "/proxy"
},
{
"name": "install_chromium",
"type": "boolean",
"default": false,
"optional": true,
"ask": {
"en": "Install Chromium for advanced website support (+480 MB).",
"fr": "Installer Chromium pour supporter les sites web complexes (+480 MB)."
}
},
{
"name": "public_key",
"type": "string",
"optional": true,
"ask": {
"en": "SSH Public key to allow service updates as part of delivery process, leave empty to disable.",
"fr": "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné."
}
},
{
"name": "is_public",
"type": "boolean",
"default": true
}
]
}
}

70
manifest.toml Normal file
View file

@ -0,0 +1,70 @@
#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json
packaging_format = 2
id = "cac-proxy"
name = "Cors Proxy"
description.en = "An advanced https proxy allowing you to call other websites from your own web application."
description.fr = "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web."
version = "1.2.1~ynh1"
maintainers = ["Gerard Collin"]
[upstream]
license = "MIT"
code = "https://github.com/gcollin/cookie-aware-cors-proxy"
website = "https://github.com/gcollin/cookie-aware-cors-proxy"
[integration]
yunohost = ">= 11.0.0"
architectures = ["amd64"]
multi_instance = false
ldap = "not_relevant"
sso = "not_relevant"
disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ...
ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
[install]
[install.domain]
type = "domain"
[install.path]
type = "path"
default = "/proxy"
[install.install_chromium]
ask.en = "Install Chromium for advanced website support (+480 MB)."
ask.fr = "Installer Chromium pour supporter les sites web complexes (+480 MB)."
type = "boolean"
default = false
optional = true
[install.public_key]
ask.en = "SSH Public key to allow service updates as part of delivery process, leave empty to disable."
ask.fr = "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné."
type = "string"
optional = true
[install.init_main_permission]
type = "group"
default = "visitors"
[resources]
[resources.sources.main]
amd64.url = "https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.2.1/cookie-aware-cors-proxy.tgz"
amd64.sha256 = "1eec01aab716c78007c0cd0df81612b192bf38279b88ee2168ee7579a36ce967"
autoupdate.strategy = "latest_github_release"
autoupdate.asset.amd64 = "cookie-aware-cors-proxy.tgz"
[resources.system_user]
allow_ssh = true
[resources.install_dir]
[resources.permissions]
main.url = "/"
[resources.ports]
main.default = 3000

View file

@ -3,15 +3,48 @@
#================================================= #=================================================
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
nodejs_version=16
# dependencies used by the app (must be on a single line) nodejs_version=16
pkg_dependencies=""
#================================================= #=================================================
# PERSONAL HELPERS # PERSONAL HELPERS
#================================================= #=================================================
_generate_env_file() {
# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore
kernel_release=$(uname -r)
if [[ $kernel_release == 5.* ]]; then
bypass_sandbox="TRUE"
if [ $install_chromium -eq 1 ]; then
ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x"
fi
else
bypass_sandbox="FALSE"
fi
ynh_add_config --template=".env" --destination="$install_dir/.env"
chmod 400 "$install_dir/.env"
chown $app:$app "$install_dir/.env"
}
_install_restart_script_and_sudoers() {
# Enable restarting of services from ssh
ynh_add_config --template="restart-proxy.sh" --destination="$install_dir/restart-proxy.sh"
chown "$app:$app" "$install_dir/restart-proxy.sh"
chmod o-rwx,gu=rwx "$install_dir/restart-proxy.sh"
# Add sudoers file for this specific command
ynh_add_config --template="cac-proxy-sudoers" --destination="/etc/sudoers.d/$app-sudoers"
chown root:root "/etc/sudoers.d/$app-sudoers"
chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
}
_remove_restart_script_and_sudoers() {
if [ -f "/etc/sudoers.d/$app-sudoers" ]; then
ynh_secure_remove --file="/etc/sudoers.d/$app-sudoers"
fi
}
#================================================= #=================================================
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS
#================================================= #=================================================

View file

@ -10,28 +10,6 @@
source ../settings/scripts/_common.sh source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
public_key=$(ynh_app_setting_get --app=$app --key=public_key)
#================================================= #=================================================
# DECLARE DATA AND CONF FILES TO BACKUP # DECLARE DATA AND CONF FILES TO BACKUP
#================================================= #=================================================
@ -46,7 +24,7 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR # BACKUP THE APP MAIN DIR
#================================================= #=================================================
ynh_backup --src_path="$final_path" ynh_backup --src_path="$install_dir"
#================================================= #=================================================
# BACKUP THE NGINX CONFIGURATION # BACKUP THE NGINX CONFIGURATION
@ -57,8 +35,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#================================================= #=================================================
# SPECIFIC BACKUP # SPECIFIC BACKUP
#================================================= #=================================================
if [ -n "$public_key" ] if [ -n "$public_key" ]; then
then
ynh_backup --src_path="/etc/sudoers.d/$app-sudoers" ynh_backup --src_path="/etc/sudoers.d/$app-sudoers"
fi fi
# BACKUP LOGROTATE # BACKUP LOGROTATE

View file

@ -9,61 +9,6 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
install_chromium=$(ynh_app_setting_get --app=$app --key=install_chromium)
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#================================================= #=================================================
@ -78,59 +23,15 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
#================================================= #=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf ynh_change_url_nginx_config
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated NGINX config
ynh_add_nginx_config
fi
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#================================================= #=================================================
# SPECIFIC MODIFICATIONS # SPECIFIC MODIFICATIONS
#================================================= #=================================================
ynh_script_progression --message="Updating .env configuration..." ynh_script_progression --message="Updating .env configuration..."
ynh_backup_if_checksum_is_different --file="$final_path/.env" ynh_backup_if_checksum_is_different --file="$install_dir/.env"
domain=$new_domain _generate_env_file
path_url=$new_path
# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore
kernel_release=$(uname -r)
if [[ $kernel_release == 5.* ]]
then
bypass_sandbox="TRUE"
if [ $install_chromium -eq 1 ]
then
ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x"
fi
else
bypass_sandbox="FALSE"
fi
ynh_add_config --template=".env" --destination="$final_path/.env"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$final_path/.env"
chown $app:$app "$final_path/.env"
#================================================= #=================================================
# GENERIC FINALISATION # GENERIC FINALISATION
@ -141,13 +42,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -10,285 +10,75 @@ source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
# MANAGE SCRIPT FAILURE # INSTALL NODEJS
#================================================= #=================================================
ynh_script_progression --message="Installing NodeJS..." --weight=3
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
public_key=$YNH_APP_ARG_PUBLIC_KEY
is_public=$YNH_APP_ARG_IS_PUBLIC
install_chromium=$YNH_APP_ARG_INSTALL_CHROMIUM
### If it's a multi-instance app, meaning it can be installed several times independently
### The id of the app as stated in the manifest is available as $YNH_APP_ID
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
### The app instance name is available as $YNH_APP_INSTANCE_NAME
### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
### - ynhexample__{N} for the subsequent installations, with N=3,4...
### The app instance name is probably what interests you most, since this is
### guaranteed to be unique. This is a good unique identifier to define installation path,
### db names...
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
### About --weight and --time
### ynh_script_progression will show to your final users the progression of each scripts.
### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
### --time is a packager option, it will show you the execution time since the previous call.
### This option is implied when running in CI_package_check, you can manually add it if you are manually testing the app.
### Use the execution time displayed in the CI report or by adding --time to the command, to estimate the weight of a step.
### A common way to do it is to set a weight equal to the execution time in second +1.
### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
ynh_script_progression --message="Validating installation parameters..." --weight=1
# Check machine architecture (in particular, we don't support ARM and 32bit machines)
if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armel" ] || [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "aarch64" ] || [ $YNH_ARCH == "arm64" ]
then
ynh_die --message="Sorry, but this app can only be installed on a x86, 64 bits machine :("
fi
### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
final_path=/opt/yunohost/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=install_chromium --value=$install_chromium
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
### Use these lines if you have to open a port for the application
### `ynh_find_port` will find the first available port starting from the given port.
### If you're not using these lines:
### - Remove the section "CLOSE A PORT" in the remove script
# Find an available port
port=$(ynh_find_port --port=3000)
ynh_app_setting_set --app=$app --key=port --value=$port
# Optional: Expose this port publicly
# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
# Open the port
# ynh_script_progression --message="Configuring firewall..." --weight=1
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=3
### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
### Those deb packages will be installed as dependencies of this package.
### If you're not using this helper:
### - Remove the section "REMOVE DEPENDENCIES" in the remove script
### - Remove the variable "pkg_dependencies" in _common.sh
### - As well as the section "REINSTALL DEPENDENCIES" in the restore script
### - And the section "UPGRADE DEPENDENCIES" in the upgrade script
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=$nodejs_version ynh_install_nodejs --nodejs_version=$nodejs_version
ynh_use_nodejs ynh_use_nodejs
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app --use_shell --home_dir="$final_path" --groups="ssh.app"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
ynh_script_progression --message="Setting up source files..." --weight=6 ynh_script_progression --message="Setting up source files..." --weight=6
### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
### downloaded from an upstream source, like a git repository.
### `ynh_setup_source` use the file conf/amd64.src
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from amd64.src # Download, check integrity, uncompress and patch the source from amd64.src
mkdir --parents $final_path/package ynh_setup_source --dest_dir="$install_dir/package"
ynh_setup_source --source_id=amd64 --dest_dir="$final_path/package"
chmod 750 "$final_path" chmod -R o-rwx "$install_dir"
chmod -R o-rwx "$final_path" chown -R $app:$app "$install_dir"
chown -R $app:$app "$final_path"
if [ -n "$public_key" ] #=================================================
then # ADD SSH ACCESS
#=================================================
if [ -n "$public_key" ]; then
ynh_script_progression --message="Enabling ssh access for dev..." --weight=1 ynh_script_progression --message="Enabling ssh access for dev..." --weight=1
# enable ssh access to the files for updates # enable ssh access to the files for updates
# todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh # todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh
mkdir --parents $final_path/.ssh mkdir --parents "$install_dir/.ssh"
ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys" ynh_add_config --template="authorized_keys" --destination="$install_dir/.ssh/authorized_keys"
ynh_app_setting_set --app=$app --key=public_key --value=$public_key
chown -R $app:$app "$final_path/.ssh"
chmod 700 "$final_path/.ssh"
chmod 600 "$final_path/.ssh/authorized_keys"
#================================================= chown -R "$app:$app" "$install_dir/.ssh"
# Create restart services file chmod 700 "$install_dir/.ssh"
#================================================= chmod 600 "$install_dir/.ssh/authorized_keys"
# Enable restarting of services from ssh
ynh_add_config --template="restart-proxy.sh" --destination="$final_path/restart-proxy.sh"
# Enable root ownership to be able to call systemctl
chown $app:$app "$final_path/restart-proxy.sh"
chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh"
ynh_add_config --template="cac-proxy-sudoers" --destination="/etc/sudoers.d/$app-sudoers"
chown root:root "/etc/sudoers.d/$app-sudoers"
chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
_install_restart_script_and_sudoers
fi fi
#================================================= #=================================================
# Install chromium # Install chromium
#================================================= #=================================================
if [ $install_chromium -eq 1 ] if [ $install_chromium -eq 1 ]; then
then
ynh_script_progression --message="Installing Chromium..." --weight=8 ynh_script_progression --message="Installing Chromium..." --weight=8
cd "$final_path/package" pushd "$install_dir/package"
ynh_exec_as $app $ynh_node_load_PATH $ynh_node "./node_modules/puppeteer/install.js" ynh_exec_as "$app" $ynh_node_load_PATH $ynh_node "./node_modules/puppeteer/install.js"
popd
cd -
fi fi
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
### `ynh_add_nginx_config` will use the file conf/nginx.conf
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# ...
#=================================================
#================================================= #=================================================
# ADD A CONFIGURATION # ADD A CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_script_progression --message="Adding a configuration file..." --weight=1
# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore _generate_env_file
kernel_release=$(uname -r)
if [[ $kernel_release == 5.* ]]
then
bypass_sandbox="TRUE"
if [ $install_chromium -eq 1 ]
then
ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x"
fi
else
bypass_sandbox="FALSE"
fi
ynh_add_config --template=".env" --destination="$final_path/.env"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$final_path/.env"
chown $app:$app "$final_path/.env"
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
### When doing so, you also need to manually call ynh_store_file_checksum
###
### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
### ynh_store_file_checksum --file="$final_path/some_config_file"
#================================================= #=================================================
# SETUP SYSTEMD # SYSTEM CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Configuring a systemd service..." --weight=1 ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
### `ynh_systemd_config` is used to configure a systemd script for an app. # Create a dedicated NGINX config
### It can be used for apps that use sysvinit (with adaptation) or systemd. ynh_add_nginx_config
### Have a look at the app to be sure this app needs a systemd script.
### `ynh_systemd_config` will use the file conf/systemd.service
### If you're not using these lines:
### - You can remove those files in conf/.
### - Remove the section "BACKUP SYSTEMD" in the backup script
### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script
### - As well as the section "RESTORE SYSTEMD" in the restore script
### - And the section "SETUP SYSTEMD" in the upgrade script
# Create a dedicated systemd config # Create a dedicated systemd config
ynh_add_systemd_config ynh_add_systemd_config
yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
### Use this helper only if there is effectively a log file for this app.
### If you're not using this helper:
### - Remove the section "BACKUP LOGROTATE" in the backup script
### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
### - And the section "SETUP LOGROTATE" in the upgrade script
# Use logrotate to manage application logfile(s) # Use logrotate to manage application logfile(s)
ynh_use_logrotate ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
### `yunohost service add` integrates a service in YunoHost. It then gets
### displayed in the admin interface and through the others `yunohost service` commands.
### (N.B.: this line only makes sense if the app adds a service to the system!)
### If you're not using these lines:
### - You can remove these files in conf/.
### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script
### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log"
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================
@ -297,45 +87,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service # Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# SETUP FAIL2BAN
#=================================================
# ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config
# ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
### N.B. : the following extra permissions only make sense if your app
### does have for example an admin interface or an API.
# Only the admin can access the admin panel of the app (if the app has an admin panel)
# ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
# Everyone can access the API part
# We don't want to display the tile in the SSO so we put --show_tile="false"
# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
# ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -10,123 +10,36 @@ source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
# LOAD SETTINGS # REMOVE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
public_key=$(ynh_app_setting_get --app=$app --key=public_key)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#================================================= #=================================================
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) # Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null if ynh_exec_warn_less yunohost service status $app >/dev/null; then
then
ynh_script_progression --message="Removing $app service integration..." --weight=1
yunohost service remove $app yunohost service remove $app
fi fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
# Remove the dedicated systemd config
ynh_remove_systemd_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated NGINX config # Remove the dedicated NGINX config
ynh_remove_nginx_config ynh_remove_nginx_config
#================================================= # Remove the dedicated systemd config
# REMOVE DEPENDENCIES ynh_remove_systemd_config
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies # Remove the app-specific logrotate config
ynh_remove_app_dependencies ynh_remove_logrotate
# Remove the version of Nodejs used if needed
ynh_remove_nodejs
#=================================================
# CLOSE A PORT
#=================================================
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
#ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
# Remove the dedicated Fail2Ban config
#ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..." --weight=1
# Remove a cron file
#ynh_secure_remove --file="/etc/cron.d/$app"
# Remove a directory securely
#ynh_secure_remove --file="/etc/$app"
# Remove the log files # Remove the log files
ynh_secure_remove --file="/var/log/$app" ynh_secure_remove --file="/var/log/$app"
if [ -n "$public_key" ] _remove_restart_script_and_sudoers
then
ynh_script_progression --message="Removing ssh dev access" --weight=1
ynh_secure_remove --file="/etc/sudoers.d/$app-sudoers"
fi
#================================================= #=================================================
# GENERIC FINALIZATION # REMOVE DEPENDENCIES
#================================================= #=================================================
# REMOVE DEDICATED USER ynh_script_progression --message="Removing NodeJS..." --weight=2
#=================================================
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user # Remove metapackage and its dependencies
ynh_system_user_delete --username=$app ynh_remove_nodejs --nodejs_version=$nodejs_version
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -10,141 +10,59 @@
source ../settings/scripts/_common.sh source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
public_key=$(ynh_app_setting_get --app=$app --key=public_key)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#================================================= #=================================================
# RESTORE THE APP MAIN DIR # RESTORE THE APP MAIN DIR
#================================================= #=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1 ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$final_path" ynh_restore_file --origin_path="$install_dir"
# FIXME: this should be managed by the core in the future chmod -R o-rwx "$install_dir"
# Here, as a packager, you may have to tweak the ownerhsip/permissions chown -R $app:$app "$install_dir"
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#Make sure the .ssh and files have the correct access rights #Make sure the .ssh and files have the correct access rights
if [ -n "$public_key" ] if [ -n "$public_key" ]; then
then chown -R $app:$app "$install_dir/.ssh"
chown -R $app:$app "$final_path/.ssh" chmod 700 "$install_dir/.ssh"
chmod 700 "$final_path/.ssh" chmod 600 "$install_dir/.ssh/authorized_keys"
chmod 600 "$final_path/.ssh/authorized_keys"
# Enable restart of services for the dont-code user
chown $app:$app "$final_path/restart-proxy.sh"
chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh"
ynh_restore_file --origin_path="/etc/sudoers.d/$app-sudoers" _install_restart_script_and_sudoers
chown root:root "/etc/sudoers.d/$app-sudoers"
chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
fi fi
mkdir --parents /var/log/$app
chown $app:adm /var/log/$app
#================================================= #=================================================
# SPECIFIC RESTORATION # SPECIFIC RESTORATION
#================================================= #=================================================
# REINSTALL DEPENDENCIES # REINSTALL DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=3 ynh_script_progression --message="Reinstalling NodeJS..." --weight=21
# Define and install dependencies # Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies ynh_install_nodejs --nodejs_version="$NODEJS_VERSION"
ynh_install_nodejs --nodejs_version=$nodejs_version
ynh_use_nodejs ynh_use_nodejs
#================================================= #=================================================
# RESTORE THE NGINX CONFIGURATION # RESTORE SYSTEM CONFIGURATIONS
#================================================= #=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#================================================= ynh_restore_file --origin_path="/etc/logrotate.d/$app"
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
ynh_restore_file --origin_path="/etc/systemd/system/$app.service" ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet systemctl enable $app.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
mkdir --parents /var/log/$app
chown $app:adm /var/log/$app
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log" yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log"
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_script_progression --message="Reloading NGINX web server and $app's services..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================

View file

@ -9,60 +9,8 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
public_key=$(ynh_app_setting_get --app=$app --key=public_key)
install_chromium=$(ynh_app_setting_get --app=$app --key=install_chromium)
#=================================================
# CHECK VERSION
#=================================================
### This helper will compare the version of the currently installed app and the version of the upstream package.
### $upgrade_type can have 2 different values
### - UPGRADE_APP if the upstream app version has changed
### - UPGRADE_PACKAGE if only the YunoHost package has changed
### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
# There is an issue in previous backup file in case of non public_key, so we create the missing directory
if [ ! -f "/etc/sudoers.d/$app-sudoers" ]
then
touch "/etc/sudoers.d/$app-sudoers"
fi
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Removes the directory created only for backup if not necessary
if [ ! -n "$public_key" ]
then
rm "/etc/sudoers.d/$app-sudoers"
fi
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
#================================================= #=================================================
@ -75,190 +23,80 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
#================================================= #=================================================
# ENSURE DOWNWARD COMPATIBILITY # ENSURE DOWNWARD COMPATIBILITY
#================================================= #=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
#================================================= #=================================================
# INSTALL DEPENDENCIES # INSTALL NODEJS
#================================================= #=================================================
ynh_script_progression --message="Installing dependencies..." --weight=3 ynh_script_progression --message="Upgrading NodeJS..." --weight=3
### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
### Those deb packages will be installed as dependencies of this package.
### If you're not using this helper:
### - Remove the section "REMOVE DEPENDENCIES" in the remove script
### - Remove the variable "pkg_dependencies" in _common.sh
### - As well as the section "REINSTALL DEPENDENCIES" in the restore script
### - And the section "UPGRADE DEPENDENCIES" in the upgrade script
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=$nodejs_version ynh_install_nodejs --nodejs_version=$nodejs_version
ynh_use_nodejs ynh_use_nodejs
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
#Recreate the user to enable shell if needed
user_shell=$(grep "^$app:" /etc/passwd | cut -d: -f7)
if [ "$user_shell" == "/usr/sbin/nologin" ]; then
chsh --shell /bin/sh $app
fi
# Ensure the use can connect through ssh
user_groups=$(groups "$app")
if [[ "$user_groups" != *"ssh.app"* ]]; then
ynh_system_user_create --username=$app --groups="ssh.app"
fi
#=================================================
# SPECIFIC UPGRADE
#=================================================
complete_install=false
# Check if we need to clean up old bad installs
if [ -f "$final_path/package.json" ]; then
complete_install=true
ynh_secure_remove --file="$final_path"
mkdir "$final_path"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
fi
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ] || [ "$complete_install" == "true" ] if [ "$upgrade_type" == "UPGRADE_APP" ]; then
then
ynh_script_progression --message="Upgrading source files..." --weight=6 ynh_script_progression --message="Upgrading source files..." --weight=6
# Download, check integrity, uncompress and patch the source from amd64.src # Download, check integrity, uncompress and patch the source from amd64.src
mkdir --parents $final_path/package ynh_setup_source --dest_dir="$install_dir/package"
ynh_setup_source --source_id=amd64 --dest_dir="$final_path/package"
fi fi
# FIXME: this should be managed by the core in the future chmod -R o-rwx "$install_dir"
# Here, as a packager, you may have to tweak the ownerhsip/permissions chown -R $app:$app "$install_dir"
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
if [ -n "$public_key" ] && [ "$complete_install" == "true" ] if [ -n "$public_key" ]; then
then
ynh_script_progression --message="Enabling ssh access for dev..." --weight=1 ynh_script_progression --message="Enabling ssh access for dev..." --weight=1
# enable ssh access to the files for updates # enable ssh access to the files for updates
# todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh # todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh
mkdir --parents $final_path/.ssh mkdir --parents "$install_dir/.ssh"
ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys" ynh_add_config --template="authorized_keys" --destination="$install_dir/.ssh/authorized_keys"
ynh_app_setting_set --app=$app --key=public_key --value=$public_key
chown -R $app:$app "$final_path/.ssh"
chmod 700 "$final_path/.ssh"
chmod 600 "$final_path/.ssh/authorized_keys"
#================================================= chown -R "$app:$app" "$install_dir/.ssh"
# Create restart services file chmod 700 "$install_dir/.ssh"
#================================================= chmod 600 "$install_dir/.ssh/authorized_keys"
# Enable restarting of services from ssh
ynh_add_config --template="restart-proxy.sh" --destination="$final_path/restart-proxy.sh"
# Enable root ownership to be able to call systemctl
chown $app:$app "$final_path/restart-proxy.sh"
chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh"
ynh_add_config --template="cac-proxy-sudoers" --destination="/etc/sudoers.d/$app-sudoers"
chown root:root "/etc/sudoers.d/$app-sudoers"
chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
_install_restart_script_and_sudoers
fi fi
#================================================= #=================================================
# Install chromium # Install chromium
#================================================= #=================================================
if [ $install_chromium -eq 1 ] if [ $install_chromium -eq 1 ]; then
then
ynh_script_progression --message="Upgrading Chromium..." --weight=8 ynh_script_progression --message="Upgrading Chromium..." --weight=8
# Remove old versions of chrome # Remove old versions of chrome
ynh_secure_remove --file="$final_path/.cache/puppeteer/chrome" ynh_secure_remove --file="$install_dir/.cache/puppeteer/chrome"
# And install the latest one
cd "$final_path/package"
ynh_exec_as $app $ynh_node_load_PATH $ynh_node "./node_modules/puppeteer/install.js"
pushd "$install_dir/package"
ynh_exec_as "$app" $ynh_node_load_PATH $ynh_node "./node_modules/puppeteer/install.js"
popd
fi fi
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
#================================================= #=================================================
# UPDATE A CONFIG FILE # UPDATE A CONFIG FILE
#================================================= #=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1 ynh_script_progression --message="Updating a configuration file..." --weight=1
# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore _generate_env_file
kernel_release=$(uname -r)
if [[ $kernel_release == 5.* ]]
then
bypass_sandbox="TRUE"
if [ $install_chromium -eq 1 ]
then
ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x"
fi
else
bypass_sandbox="FALSE"
fi
ynh_add_config --template=".env" --destination="$final_path/.env"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$final_path/.env"
chown $app:$app "$final_path/.env"
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
### When doing so, you also need to manually call ynh_store_file_checksum
###
### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
### ynh_store_file_checksum --file="$final_path/some_config_file"
#================================================= #=================================================
# SETUP SYSTEMD # REAPPLY SYSTEM CONFIGURATIONS
#================================================= #=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
# Create a dedicated systemd config # Create a dedicated systemd config
ynh_add_systemd_config ynh_add_systemd_config
yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
# Use logrotate to manage app-specific logfile(s) # Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log"
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================
@ -266,13 +104,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -1,2 +0,0 @@
*~
*.sw[op]

View file

@ -1,2 +0,0 @@
*~
*.sw[op]

12
tests.toml Normal file
View file

@ -0,0 +1,12 @@
#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json
test_format = 1.0
[default]
args.public_key = ""
# -------------------------------
# Commits to test upgrade from
# -------------------------------
test_upgrade_from.b446048d123428f5260c5757245e8ed5ad454fb0.name= "v1.0"