diff --git a/check_process b/check_process index 787ad0e..e1b993a 100644 --- a/check_process +++ b/check_process @@ -1,10 +1,10 @@ ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - admin="john" (USER) - admin_password="secret" + domain="domain.tld" + is_public=1 language="en" - is_public=1 (PUBLIC|public=1|private=0) + admin="john" + password="1Strong-Password" ; Checks pkg_linter=1 setup_sub_dir=0 @@ -13,14 +13,14 @@ setup_private=1 setup_public=1 upgrade=1 - upgrade=1 from_commit=7497ea8b6915b725358db0d4a1210f999961cfee + # 2.3.15~ynh1 + upgrade=1 from_commit=7497ea8b6915b725358db0d4a1210f999961cfee + # 2.4.0~ynh3 + upgrade=1 from_commit=1a0fd240d86ffaf5bcee61c176a22a7d075688a6 backup_restore=1 multi_instance=1 - incorrect_path=0 port_already_use=0 change_url=1 -;;; Levels - Level 5=auto ;;; Options Email= Notification=none diff --git a/conf/.env.example b/conf/.env.example new file mode 100644 index 0000000..6abf746 --- /dev/null +++ b/conf/.env.example @@ -0,0 +1,44 @@ +APP_ENV=production +APP_DEBUG=false +APP_URL=https://__DOMAIN____PATH__ +APP_TIMEZONE=UTC +APP_KEY= +DEBUGBAR_ENABLED=false + +DB_DRIVER=mysql +DB_HOST=localhost +DB_UNIX_SOCKET=null +DB_DATABASE=__DB_NAME__ +DB_USERNAME=__DB_USER__ +DB_PASSWORD=__DB_PWD__ +DB_PORT=null +DB_PREFIX=null + +CACHE_DRIVER=file +SESSION_DRIVER=file +QUEUE_DRIVER=sync + +CACHET_BEACON=false +CACHET_EMOJI=false +CACHET_AUTO_TWITTER=true + +MAIL_DRIVER=sendmail +MAIL_HOST= +MAIL_PORT=25 +MAIL_USERNAME=null +MAIL_PASSWORD=null +MAIL_ADDRESS=__ADMIN_MAIL__ +MAIL_NAME=__ADMIN__ +MAIL_ENCRYPTION=tls + +REDIS_HOST=null +REDIS_DATABASE=null +REDIS_PORT=null + +GITHUB_TOKEN=null + +NEXMO_KEY=null +NEXMO_SECRET=null +NEXMO_SMS_FROM=Cachet + +TRUSTED_PROXIES= diff --git a/conf/init-mysql.sql b/conf/init-mysql.sql index 5fd696a..c21b913 100644 --- a/conf/init-mysql.sql +++ b/conf/init-mysql.sql @@ -1,11 +1,11 @@ INSERT INTO `settings` (`id`, `name`, `value`) VALUES (1, 'app_name', 'YunoHost Status Page'), -(2, 'app_domain', 'https://__DOMAIN__'), +(2, 'app_domain', 'https://__DOMAIN____PATH__'), (3, 'app_timezone', 'Europe/Paris'), (4, 'app_locale', '__LANGUAGE__'), (5, 'app_incident_days', '7'); INSERT INTO `users` (`id`, `username`, `password`, `email`, `api_key`, `active`, `level`) VALUES -(1, '__USER__', '__PASSWORD_HASH__', '__EMAIL__', '', 1, 1); +(1, '__ADMIN__', '__PASSWORD_PASH__', '__ADMIN_MAIL__', '', 1, 1); diff --git a/conf/nginx.conf b/conf/nginx.conf index 976e546..19a59ef 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,11 +4,6 @@ location __PATH__/ { # Path to source alias __FINALPATH__/public/ ; - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - more_set_headers "Strict-Transport-Security: max-age=15768000"; index index.php; @@ -27,4 +22,4 @@ location __PATH__/ { # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; -} \ No newline at end of file +} diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index ab1a471..a0862b0 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -358,7 +358,7 @@ request_terminate_timeout = 1d ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = __FINALPATH__ +chdir = __FINALPATH__/public ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. diff --git a/conf/production.php b/conf/production.php index 2e355ad..e7c78fa 100644 --- a/conf/production.php +++ b/conf/production.php @@ -1,6 +1,6 @@ 'YunoHost Status Page', - 'app_domain' => 'https://__DOMAIN__', + 'app_domain' => 'https://__DOMAIN____PATH__', 'app_timezone' => 'Europe/Paris', 'app_locale' => '__LANGUAGE__', 'app_incident_days' => '7', diff --git a/doc/.gitkeep b/doc/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..374be92 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1 @@ +[Cachet](https://cachethq.io/) is a free, open source status page for your API, service or company. Built with all of the features that you'd expect from a status page, Cachet comes with a powerful API, a metric system, multiple user support, two factor authentication for added security and is easy to get setup. A powerful, self-hosted alternative to StatusPage.io and Status.io. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..c763754 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,8 @@ +## Configuration + +Totally configurable through the Cachet application dashboard. + +## Limitations + +- Must necessarily be installed on domain root (see upstream issue [here](https://github.com/CachetHQ/Cachet/issues/1696)) +- Can't integrate with YunoHost SSO as LDAP support is not implemented yet (see upstream issue [here](https://github.com/CachetHQ/Cachet/issues/2108)) diff --git a/doc/screenshots/.gitkeep b/doc/screenshots/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/screenshots/main-interface.png b/doc/screenshots/main-interface.png new file mode 100644 index 0000000..4b6940a Binary files /dev/null and b/doc/screenshots/main-interface.png differ diff --git a/manifest.json b/manifest.json index 41472fd..ab1c125 100644 --- a/manifest.json +++ b/manifest.json @@ -6,59 +6,38 @@ "en": "Open source status page system", "fr": "Système de page de statut open source" }, - "version": "2.4.0~ynh3", - "url": "https://cachethq.io/", + "version": "2.4.0~ynh4", + "url": "https://cachethq.io", + "upstream": { + "license": "BSD-3-Clause", + "website": "https://cachethq.io", + "demo": "https://demo.cachethq.io", + "admindoc": "https://docs.cachethq.io", + "code": "https://github.com/CachetHQ/Cachet" + }, "license": "BSD-3-Clause", "maintainer": { "name": "JimboJoe", "email": "jimmy@monin.net" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.3.0" }, "multi_instance": true, "services": [ "nginx", - "php7.0-fpm", + "php7.3-fpm", "mysql" ], "arguments": { "install" : [ { "name": "domain", - "type": "domain", - "ask": { - "en": "Choose a domain for Cachet", - "fr": "Choisissez un domaine pour Cachet" - }, - "example": "domain.org" - }, - { - "name": "admin", - "type": "user", - "ask": { - "en": "Choose the only allowed admin user", - "fr": "Choisissez l'unique utilisateur autorisé" - }, - "example": "johndoe" - }, - { - "name": "admin_password", - "type": "password", - "optional": true, - "ask": { - "en": "Set the password for admin user", - "fr": "Définissez le mot de passe pour l'utilisateur" - }, - "example": "supersecretpassword" + "type": "domain" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "default": true }, { @@ -70,7 +49,20 @@ }, "choices": ["fr", "en"], "default": "en" - } + }, + { + "name": "admin", + "type": "user" + }, + { + "name": "password", + "type": "password", + "optional": true, + "ask": { + "en": "Set the password for admin user", + "fr": "Définissez le mot de passe pour l'utilisateur" + } + } ] } } diff --git a/scripts/_common.sh b/scripts/_common.sh index 83c96be..99d8830 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -22,80 +22,6 @@ exec_artisan() { # EXPERIMENTAL HELPERS #================================================= -# Execute a command as another user -# usage: exec_as USER COMMAND [ARG ...] -ynh_exec_as() { - local USER=$1 - shift 1 - - if [[ $USER = $(whoami) ]]; then - eval "$@" - else - sudo -u "$USER" "$@" - fi -} - - -readonly YNH_DEFAULT_COMPOSER_VERSION=1.10.17 -# Declare the actual composer version to use. -# A packager willing to use another version of composer can override the variable into its _common.sh. -YNH_COMPOSER_VERSION=${YNH_COMPOSER_VERSION:-$YNH_DEFAULT_COMPOSER_VERSION} - -# Execute a command with Composer -# -# usage: ynh_composer_exec [--phpversion=phpversion] [--workdir=$final_path] --commands="commands" -# | arg: -v, --phpversion - PHP version to use with composer -# | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path. -# | arg: -c, --commands - Commands to execute. -ynh_composer_exec () { - # Declare an array to define the options of this helper. - local legacy_args=vwc - declare -Ar args_array=( [v]=phpversion= [w]=workdir= [c]=commands= ) - local phpversion - local workdir - local commands - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - workdir="${workdir:-$final_path}" - phpversion="${phpversion:-$YNH_PHP_VERSION}" - - COMPOSER_HOME="$workdir/.composer" \ - php${phpversion} "$workdir/composer.phar" $commands \ - -d "$workdir" --quiet --no-interaction -} - -# Install and initialize Composer in the given directory -# -# usage: ynh_install_composer [--phpversion=phpversion] [--workdir=$final_path] [--install_args="--optimize-autoloader"] [--composerversion=composerversion] -# | arg: -v, --phpversion - PHP version to use with composer -# | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path. -# | arg: -a, --install_args - Additional arguments provided to the composer install. Argument --no-dev already include -# | arg: -c, --composerversion - Composer version to install -ynh_install_composer () { - # Declare an array to define the options of this helper. - local legacy_args=vwa - declare -Ar args_array=( [v]=phpversion= [w]=workdir= [a]=install_args= [c]=composerversion=) - local phpversion - local workdir - local install_args - local composerversion - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - workdir="${workdir:-$final_path}" - phpversion="${phpversion:-$YNH_PHP_VERSION}" - install_args="${install_args:-}" - composerversion="${composerversion:-$YNH_COMPOSER_VERSION}" - - curl -sS https://getcomposer.org/installer \ - | COMPOSER_HOME="$workdir/.composer" \ - php${phpversion} -- --quiet --install-dir="$workdir" --version=$composerversion \ - || ynh_die "Unable to install Composer." - - # update dependencies to create composer.lock - ynh_composer_exec --phpversion="${phpversion}" --workdir="$workdir" --commands="install --no-dev $install_args" \ - || ynh_die "Unable to update core dependencies with Composer." -} - #================================================= # FUTURE OFFICIAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 995929f..50516c7 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -25,6 +26,7 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP @@ -47,7 +49,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_backup --src_path="/etc/php/$YNH_PHP_VERSION/fpm/pool.d/$app.conf" +ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE diff --git a/scripts/change_url b/scripts/change_url index d5d5dd7..92cd70d 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -17,7 +17,7 @@ old_domain=$YNH_APP_OLD_DOMAIN old_path=$YNH_APP_OLD_PATH new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH +new_path="/" app=$YNH_APP_INSTANCE_NAME @@ -28,12 +28,14 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +# Add settings here as needed by your application db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=12 @@ -43,7 +45,7 @@ ynh_clean_setup () { # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script @@ -77,9 +79,6 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # Change the path in the NGINX config file if [ $change_path -eq 1 ] then - ynh_print_warn --message="The only supported path is /!" - # Still make the changes to enable CI tests... - # Make a backup of the original NGINX config file if modified ynh_backup_if_checksum_is_different --file="$nginx_conf_path" # Set global variables for NGINX helper diff --git a/scripts/install b/scripts/install index bab2e5a..6627530 100644 --- a/scripts/install +++ b/scripts/install @@ -14,7 +14,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script @@ -26,17 +25,17 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" -admin=$YNH_APP_ARG_ADMIN -admin_password=$YNH_APP_ARG_ADMIN_PASSWORD is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE +admin=$YNH_APP_ARG_ADMIN +password=$YNH_APP_ARG_PASSWORD +admin_mail="$(ynh_user_get_info --username=$admin --key=mail)" app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= - ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path=/var/www/$app @@ -52,14 +51,19 @@ ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=admin_password --value=$admin_password -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language +ynh_app_setting_set --app=$app --key=admin --value=$admin +ynh_app_setting_set --app=$app --key=password --value=$password #================================================= # STANDARD MODIFICATIONS #================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=2 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # CREATE A MYSQL DATABASE @@ -80,6 +84,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -88,20 +96,12 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=2 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring PHP-FPM..." --weight=8 -# Create a dedicated php-fpm config +# Create a dedicated PHP-FPM config ynh_add_fpm_config --package="$extra_php_dependencies" #================================================= @@ -109,91 +109,66 @@ ynh_add_fpm_config --package="$extra_php_dependencies" #================================================= # PRE-CONFIGURE CACHET #================================================= -ynh_script_progression --message="Configuring Cachet..." --weight=10 +ynh_script_progression --message="Pre-configuring Cachet..." --weight=10 -env_conf="$final_path/.env" - -cp $final_path/.env.example $env_conf -ynh_replace_string --match_string="APP_URL=http://localhost" --replace_string="APP_URL=https://$domain$path_url" --target_file="$env_conf" -ynh_replace_string --match_string="APP_KEY=SomeRandomString" --replace_string="APP_KEY=$(ynh_string_random 24)" --target_file="$env_conf" - -ynh_replace_string --match_string="DB_DATABASE=cachet" --replace_string="DB_DATABASE=$db_name" --target_file="$env_conf" -ynh_replace_string --match_string="DB_USERNAME=homestead" --replace_string="DB_USERNAME=$db_name" --target_file="$env_conf" -ynh_replace_string --match_string="DB_PASSWORD=secret" --replace_string="DB_PASSWORD=$db_pwd" --target_file="$env_conf" - -ynh_replace_string --match_string="MAIL_DRIVER=log" --replace_string="MAIL_DRIVER=sendmail" --target_file="$env_conf" -ynh_replace_string --match_string="MAIL_HOST=null" --replace_string="MAIL_HOST=" --target_file="$env_conf" -ynh_replace_string --match_string="MAIL_PORT=null" --replace_string="MAIL_PORT=25" --target_file="$env_conf" -ynh_replace_string --match_string="MAIL_USERNAME=null" --replace_string="MAIL_USERNAME=null" --target_file="$env_conf" -ynh_replace_string --match_string="MAIL_PASSWORD=null" --replace_string="MAIL_PASSWORD=null" --target_file="$env_conf" -admin_mail="$(ynh_user_get_info $admin mail)" -ynh_replace_string --match_string="MAIL_ADDRESS=null" --replace_string="MAIL_ADDRESS=$admin_mail" --target_file="$env_conf" -ynh_replace_string --match_string="MAIL_NAME=null" --replace_string="MAIL_NAME=$admin" --target_file="$env_conf" - -# Disable reporting to CachetHQ servers -ynh_replace_string --match_string="CACHET_BEACON=true" --replace_string="CACHET_BEACON=false" --target_file="$env_conf" -ynh_store_file_checksum "$env_conf" +ynh_add_config --template="../conf/.env.example" --destination="$final_path/.env" #================================================= # INSTALL AND INITIALIZE COMPOSER #================================================= +ynh_script_progression --message="Installing with composer..." ynh_install_composer --install_args="--optimize-autoloader" #================================================= # FINALIZE CACHET INSTALLATION #================================================= +ynh_script_progression --message="Installing Cachet..." +mkdir -p "$final_path/storage/app/public" exec_artisan "key:generate" exec_artisan "cachet:install" #================================================= # FINALIZE CACHET CONFIGURATION #================================================= +ynh_script_progression --message="Finalizing Cachet configuration..." + +password_hash="$(cd $final_path ; php$YNH_PHP_VERSION artisan tinker -q --no-ansi <<< "echo Hash::make('$password');" |head -n 1)" +password_pash="${password_hash::-1}" # Remove last character # Populate MySQL database -sql_conf="../conf/init-mysql.sql" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain$path_url" --target_file="$sql_conf" -ynh_replace_string --match_string="__USER__" --replace_string="$admin" --target_file="$sql_conf" -ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$sql_conf" +ynh_add_config --template="../conf/init-mysql.sql" --destination="$final_path/init-mysql.sql" +ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" < "$final_path/init-mysql.sql" +ynh_delete_file_checksum --file="$final_path/init-mysql.sql" +ynh_secure_remove --file="$final_path/init-mysql.sql" -password_hash="$(cd $final_path ; php$YNH_PHP_VERSION artisan tinker -q --no-ansi <<< "echo Hash::make('$admin_password');" |head -n 1)" -password_pash="${password_hash::-1}" # Remove last character -ynh_replace_string --match_string="__PASSWORD_HASH__" --replace_string="$password_pash" --target_file="$sql_conf" - -ynh_replace_string --match_string="__EMAIL__" --replace_string="$admin_mail" --target_file="$sql_conf" - -ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" \ - < "$sql_conf" - -# Create production.php to finalize installation -production_conf="$final_path/bootstrap/cachet/production.php" -cp ../conf/production.php $production_conf -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain$path_url" --target_file="$production_conf" -ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$production_conf" +ynh_add_config --template="../conf/production.php" --destination="$final_path/bootstrap/cachet/production.php" chown $app: $final_path/bootstrap/cachet/production.php -ynh_store_file_checksum --file="$production_conf" -#================================================= -# GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions to app files -chown -R root: $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" chown -R $app: "${final_path}/.env" "${final_path}/storage/" "${final_path}/bootstrap/" +#================================================= +# GENERIC FINALIZATION #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." --weight=2 +ynh_script_progression --message="Configuring permissions..." --weight=2 # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi #================================================= diff --git a/scripts/remove b/scripts/remove index b3c858d..af368d7 100644 --- a/scripts/remove +++ b/scripts/remove @@ -32,14 +32,6 @@ ynh_script_progression --message="Removing the MySQL database..." --weight=2 # Remove a database if it exists, along with the associated user ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=4 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - #================================================= # REMOVE APP MAIN DIR #================================================= @@ -53,7 +45,7 @@ ynh_secure_remove --file="$final_path" #================================================= ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= @@ -64,6 +56,14 @@ ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1 # Remove the dedicated PHP-FPM config ynh_remove_fpm_config +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." --weight=4 + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 13e1968..0ecbeab 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -14,7 +15,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - #### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script @@ -23,7 +23,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -32,14 +32,13 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=1 -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " @@ -48,9 +47,18 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -58,26 +66,15 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions on app files -chown -R root: $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" chown -R $app: "${final_path}/.env" "${final_path}/storage/" "${final_path}/bootstrap/" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=6 +ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=6 # Restore the file first, so it can have a backup if different ynh_restore_file --origin_path="/etc/php/$YNH_PHP_VERSION/fpm/pool.d/$app.conf" @@ -101,8 +98,9 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./ #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1 +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 67ab5bc..1f9c995 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,44 +18,18 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -admin=$(ynh_app_setting_get --app=$app --key=admin) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) language=$(ynh_app_setting_get --app=$app --key=language) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 - -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - -# If db_name doesn't exist, create it -if [ -z "$db_name" ]; then - db_name=$(ynh_sanitize_dbid --db_name=$app) - ynh_app_setting_set --app=$app --key=db_name --value=$db_name -fi - -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path=/var/www/$app - ynh_app_setting_set --app=$app --key=final_path --value=$final_path -fi - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -64,29 +38,12 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# CHECK THE PATH -#================================================= - -# Normalize the URL path syntax -path_url=$(ynh_normalize_url_path --path_url=$path_url) - -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 - -# Recreate a dedicated PHP-FPM config -ynh_add_fpm_config --package="$extra_php_dependencies" - #================================================= # SET MAINTENANCE MODE ON #================================================= @@ -94,6 +51,28 @@ ynh_add_fpm_config --package="$extra_php_dependencies" # We need to have the required version of PHP, hence PHP-FPM block is executed beforehand exec_artisan "down" +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -118,6 +97,11 @@ then ynh_secure_remove --file="$tmpdir" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" +chown -R $app: "${final_path}/.env" "${final_path}/storage/" "${final_path}/bootstrap/" + #================================================= # NGINX CONFIGURATION #================================================= @@ -127,22 +111,19 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - ynh_add_nginx_config #================================================= -# CREATE DEDICATED USER +# PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 +ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app +# Create a dedicated PHP-FPM config +ynh_add_fpm_config --package="$extra_php_dependencies" #================================================= # SPECIFIC UPGRADE -#================================================= - -ynh_script_progression --message="Upgrading Cachet configuration and dependencies..." --weight=20 - #================================================= # INSTALL AND INITIALIZE COMPOSER #================================================= +ynh_script_progression --message="Upgrading Cachet configuration and dependencies..." --weight=20 ynh_install_composer --install_args="--optimize-autoloader" @@ -153,34 +134,24 @@ ynh_install_composer --install_args="--optimize-autoloader" exec_artisan "app:update" ynh_secure_remove --file=bootstrap/cache/* -#================================================= -# GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions on app files -chown -R root: $final_path +# Set permissions to app files +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" chown -R $app: "${final_path}/.env" "${final_path}/storage/" "${final_path}/bootstrap/" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # SET MAINTENANCE MODE OFF #================================================= exec_artisan "up" +#================================================= +# GENERIC FINALIZATION #================================================= # RELOAD NGINX #=================================================