From 5e999aa833c0a752251a81cbfee93a5be9bc5ee0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20MANSON?= Date: Fri, 16 Mar 2018 15:50:17 +0100 Subject: [PATCH 1/5] Rename LBCAlert to Cheky, upgrade to v3.8.1 and security fix --- conf/{LBCAlerte.cron => Cheky.cron} | 0 conf/nginx.conf | 4 +++- manifest.json | 22 +++++++++++----------- scripts/install | 16 ++++++++-------- scripts/upgrade | 6 +++--- 5 files changed, 25 insertions(+), 23 deletions(-) rename conf/{LBCAlerte.cron => Cheky.cron} (100%) diff --git a/conf/LBCAlerte.cron b/conf/Cheky.cron similarity index 100% rename from conf/LBCAlerte.cron rename to conf/Cheky.cron diff --git a/conf/nginx.conf b/conf/nginx.conf index 8c76342..a33dae8 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -30,4 +30,6 @@ location YNH_WWW_PATH { # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; -} + +# Very important security restriction +location /Cheky/var { deny all;} diff --git a/manifest.json b/manifest.json index effb9eb..be8c568 100644 --- a/manifest.json +++ b/manifest.json @@ -1,12 +1,12 @@ { - "name": "LBCAlerte", - "id": "LBCAlerte", + "name": "Cheky", + "id": "Cheky", "packaging_format": 1, "description": { - "en": "LBCAlerte package for YunoHost.", - "fr": "Application LBCAlerte pour YunoHost." + "en": "Cheky package for YunoHost.", + "fr": "Application Cheky pour YunoHost." }, - "url": "https://alerte.ilatumi.org/", + "url": "https://www.cheky.net/", "license": "free", "maintainer": { "name": "JimboJoe", @@ -28,8 +28,8 @@ "name": "domain", "type": "domain", "ask": { - "en": "Choose a domain name for LBCAlerte", - "fr": "Choisissez un nom de domaine pour LBCAlerte" + "en": "Choose a domain name for Cheky", + "fr": "Choisissez un nom de domaine pour Cheky" }, "example": "example.com" }, @@ -37,11 +37,11 @@ "name": "path", "type": "path", "ask": { - "en": "Choose a path for LBCAlerte", - "fr": "Choisissez un chemin pour LBCAlerte" + "en": "Choose a path for Cheky", + "fr": "Choisissez un chemin pour Cheky" }, - "example": "/LBCAlerte", - "default": "/LBCAlerte" + "example": "/Cheky", + "default": "/Cheky" }, { "name": "password", diff --git a/scripts/install b/scripts/install index 192cf62..d4d4390 100644 --- a/scripts/install +++ b/scripts/install @@ -22,15 +22,15 @@ sudo yunohost app checkurl "${domain}${path}" -a "$app" \ || ynh_die "Path not available: ${domain}${path}" # Download sources -sudo wget -q https://github.com/Blount/LBCAlerte/archive/3.3.zip -O LBCAlerte.zip +sudo wget -q https://github.com/Blount/Cheky/archive/3.8.1.zip -O Cheky.zip # Uncompress -sudo unzip -qq LBCAlerte.zip -d .. +sudo unzip -qq Cheky.zip -d .. # Copy source files src_path=/var/www/$app sudo mkdir -p $src_path/var -sudo cp -a ../LBCAlerte*/. $src_path +sudo cp -a ../Cheky*/. $src_path # Set permissions to app files sudo chown -R www-data: $src_path @@ -60,9 +60,9 @@ ynh_app_setting_set "$app" unprotected_uris "/" sudo yunohost app ssowatconf -# Configure LBCAlerte via curl +# Configure Cheky via curl sleep 2 -curl --resolve $domain:443:127.0.0.1 -kL -X POST https://$domain$path/index.php?mod=install --data "password=$password&confirmPassword=$password&type=db&db[host]=localhost&db[user]=$dbuser&db[password]=$dbpass&db[dbname]=$dbname" > /tmp/LBCAlerte-install.log 2>&1 +curl --resolve $domain:443:127.0.0.1 -kL -X POST https://$domain$path/index.php?mod=install --data "password=$password&confirmPassword=$password&type=db&db[host]=localhost&db[user]=$dbuser&db[password]=$dbpass&db[dbname]=$dbname" > /tmp/Cheky-install.log 2>&1 #protect URIs if private if [ $is_public -eq 0 ]; @@ -73,6 +73,6 @@ fi # Add cron job cron_path="/etc/cron.d/$app" -sed -i "s@#DESTDIR#@${src_path}@g" ../conf/LBCAlerte.cron -sudo cp ../conf/LBCAlerte.cron "$cron_path" -sudo chmod 644 "$cron_path" \ No newline at end of file +sed -i "s@#DESTDIR#@${src_path}@g" ../conf/Cheky.cron +sudo cp ../conf/Cheky.cron "$cron_path" +sudo chmod 644 "$cron_path" diff --git a/scripts/upgrade b/scripts/upgrade index d6d740e..dfad344 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,15 +20,15 @@ language=$(ynh_app_setting_get "$app" language) path=${path%/} # Download sources -sudo wget -q https://github.com/Blount/LBCAlerte/archive/3.3.zip -O LBCAlerte.zip +sudo wget -q https://github.com/Blount/Cheky/archive/3.3.zip -O Cheky.zip # Uncompress -sudo unzip -qq LBCAlerte.zip -d .. +sudo unzip -qq Cheky.zip -d .. # Copy source files src_path=/var/www/$app sudo mkdir -p $src_path -sudo cp -a ../LBCAlerte*/. $src_path +sudo cp -a ../Cheky*/. $src_path # Set permissions to app files # you may need to make some file and/or directory writeable by www-data (nginx user) From 215f922a256503c94addecd655cc0703364b5819 Mon Sep 17 00:00:00 2001 From: Gofannon <17145502+Gofannon@users.noreply.github.com> Date: Sat, 5 May 2018 11:51:02 +0200 Subject: [PATCH 2/5] fix: remarks from https://github.com/YunoHost-Apps/LBCAlerte_ynh/pull/3 --- conf/nginx.conf | 7 ++++--- manifest.json | 9 +++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index a33dae8..a80b15e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -28,8 +28,9 @@ location YNH_WWW_PATH { } # PHP configuration end + # Very important security restriction + location /var { deny all;} + # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; - -# Very important security restriction -location /Cheky/var { deny all;} +} diff --git a/manifest.json b/manifest.json index be8c568..23b204d 100644 --- a/manifest.json +++ b/manifest.json @@ -1,11 +1,12 @@ { - "name": "Cheky", - "id": "Cheky", + "name": "cheky", + "id": "cheky", "packaging_format": 1, "description": { "en": "Cheky package for YunoHost.", "fr": "Application Cheky pour YunoHost." }, + "version": "3.8.1", "url": "https://www.cheky.net/", "license": "free", "maintainer": { @@ -40,8 +41,8 @@ "en": "Choose a path for Cheky", "fr": "Choisissez un chemin pour Cheky" }, - "example": "/Cheky", - "default": "/Cheky" + "example": "/cheky", + "default": "/cheky" }, { "name": "password", From 998dee95303da6a16a8867d3efe02bb973e44166 Mon Sep 17 00:00:00 2001 From: Gofannon <17145502+Gofannon@users.noreply.github.com> Date: Sat, 5 May 2018 17:03:04 +0200 Subject: [PATCH 3/5] redo 'install' script --- README.md | 35 ++-- conf/Cheky.cron | 1 - conf/app.src | 6 + conf/cheky.cron | 1 + conf/nginx.conf | 25 ++- conf/php-fpm.conf | 392 +++++++++++++++++++++++++++++++++++++++++++++ manifest.json | 2 +- scripts/_common.sh | 13 ++ scripts/install | 208 +++++++++++++++++------- scripts/remove | 109 +++++++++++-- 10 files changed, 703 insertions(+), 89 deletions(-) delete mode 100644 conf/Cheky.cron create mode 100644 conf/app.src create mode 100644 conf/cheky.cron create mode 100644 conf/php-fpm.conf create mode 100644 scripts/_common.sh diff --git a/README.md b/README.md index 6517833..38e8421 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,34 @@ -LBCAlerte for YunoHost ---------------------- +# Cheky for YunoHost -Logiciel pour être alerté de nouvelles annonces par mail, flux RSS et SMS sur Leboncoin et d'autres sites d'annonces. +> *This package allow you to install cheky quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* -**Version incluse:** 3.3 +## Overview + +**English** +[Cheky](https://www.cheky.net) allows you to create various alerts +for french classifieds ads website like Leboncoin and SeLoger. + +**French** +[Cheky](https://www.cheky.net) vous permet de créer des alertes Leboncoin et des alertes SeLoger. +Vous pouvez ainsi suivre gratuitement, en fonction de vos critères de recherche, les nouvelles annonces mises en ligne sur Leboncoin et Seloger.com. + + +## Additionnal informations + + * Anciennement nommé LBCAlerte + * Logiciel pour être alerté de nouvelles annonces par mail, flux RSS et SMS sur Leboncoin et d'autres sites d'annonces. + +**Skipped version:** 3.8.1 ## Limitations -Application en français uniquement. - -Ne fonctionne pas avec le SSO (comptes admin/utilisateurs séparés). + * Application en français uniquement + * Ne fonctionne pas avec le SSO (comptes admin/utilisateurs séparés). ## Links - * Report a bug: https://github.com/JimboJoe/LBCAlerte_ynh/issues - * LBCAlerte website: https://alerte.ilatumi.org/ - * YunoHost website: https://yunohost.org/ + * Report a bug: https://github.com/YunoHost-Apps/LBCAlerte_ynh/issues + * Cheky website: https://www.cheky.net + * YunoHost website: https://yunohost.org diff --git a/conf/Cheky.cron b/conf/Cheky.cron deleted file mode 100644 index 20b5e57..0000000 --- a/conf/Cheky.cron +++ /dev/null @@ -1 +0,0 @@ -*/5 * * * * www-data /usr/bin/php -f #DESTDIR#/check.php diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..c4a4f39 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/Blount/Cheky/archive/3.8.1.tar.gz +SOURCE_SUM=b9170bc075c73f3e18638ed992541a4c562dd5447e6e4085a8798277184785dc +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/cheky.cron b/conf/cheky.cron new file mode 100644 index 0000000..cf1909d --- /dev/null +++ b/conf/cheky.cron @@ -0,0 +1 @@ +*/5 * * * * __USER__ /usr/bin/php -f __FINALPATH__/check.php diff --git a/conf/nginx.conf b/conf/nginx.conf index a80b15e..eb4ee9e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,7 +1,11 @@ -location YNH_WWW_PATH { +location __PATH__ { # Path to source - alias YNH_WWW_ALIAS ; + alias __FINALPATH__/ ; + + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } # Example PHP configuration (remove if not used) index index.php; @@ -12,13 +16,14 @@ location YNH_WWW_PATH { try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm.sock; - - # Filename to be changed if dedicated php-fpm process is required + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + + # If you don't use a dedicated fpm config for your app, + # use a general fpm pool. # This is to be used INSTEAD of line above # Don't forget to adjust scripts install/upgrade/remove/backup accordingly # - #fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock; + #fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; @@ -26,10 +31,14 @@ location YNH_WWW_PATH { fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } - # PHP configuration end + # PHP configuration end # Very important security restriction - location /var { deny all;} + # See https://forum.cheky.net/information-sur-message-avertissement-securite-t553-p1.html#p2127 + location /var { + deny all; + return 403 + } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf new file mode 100644 index 0000000..8affbc2 --- /dev/null +++ b/conf/php-fpm.conf @@ -0,0 +1,392 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[__NAMETOCHANGE__] + +; Per pool prefix +; It only applies on the following directives: +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock + +; Set listen(2) backlog. A value of '-1' means unlimited. +; Default Value: 128 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 128 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_slowlog_timeout = 5s + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = __FINALPATH__ + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +catch_workers_output = yes + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/manifest.json b/manifest.json index 23b204d..a727c2c 100644 --- a/manifest.json +++ b/manifest.json @@ -7,7 +7,7 @@ "fr": "Application Cheky pour YunoHost." }, "version": "3.8.1", - "url": "https://www.cheky.net/", + "url": "https://www.cheky.net", "license": "free", "maintainer": { "name": "JimboJoe", diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..bb04a03 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# ============= FUTURE YUNOHOST HELPER ============= +# Delete a file checksum from the app settings +# +# $app should be defined when calling this helper +# +# usage: ynh_remove_file_checksum file +# | arg: file - The file for which the checksum will be deleted +ynh_delete_file_checksum () { + local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' + ynh_app_setting_delete $app $checksum_setting_name +} \ No newline at end of file diff --git a/scripts/install b/scripts/install index d4d4390..4826fc4 100644 --- a/scripts/install +++ b/scripts/install @@ -1,78 +1,178 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -app=$YNH_APP_INSTANCE_NAME +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= -# Retrieve arguments domain=$YNH_APP_ARG_DOMAIN -path=$YNH_APP_ARG_PATH +path_url=$YNH_APP_ARG_PATH password=$YNH_APP_ARG_PASSWORD is_public=$YNH_APP_ARG_IS_PUBLIC -# Source YunoHost helpers -source /usr/share/yunohost/helpers +# This is a multi-instance app, meaning it can be installed several times independently +# The id of the app as stated in the manifest is available as $YNH_APP_ID +# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) +# The app instance name is available as $YNH_APP_INSTANCE_NAME +# - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample +# - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 +# - ynhexample__{N} for the subsequent installations, with N=3,4, ... +# The app instance name is probably what you are interested the most, since this is +# guaranteed to be unique. This is a good unique identifier to define installation path, +# db names, ... +app=$YNH_APP_INSTANCE_NAME -# Save app settings -ynh_app_setting_set "$app" is_public "$is_public" +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || ynh_die "Path not available: ${domain}${path}" +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" - # Download sources -sudo wget -q https://github.com/Blount/Cheky/archive/3.8.1.zip -O Cheky.zip +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) -# Uncompress -sudo unzip -qq Cheky.zip -d .. +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url -# Copy source files -src_path=/var/www/$app -sudo mkdir -p $src_path/var -sudo cp -a ../Cheky*/. $src_path +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= + +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app password $password +ynh_app_setting_set $app is_public $is_public + + +#================================================= +# CREATE A MYSQL DATABASE +#================================================= +# If your app uses a MySQL database, you can use these lines to bootstrap +# a database, an associated user and save the password in app settings + +db_name=$(ynh_sanitize_dbid $app) +ynh_app_setting_set $app db_name $db_name +ynh_mysql_setup_db $db_name $db_name + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC SETUP +#================================================= +# Add cron job +#================================================= + +cron_path="/etc/cron.d/$app" +ynh_replace_string "__USER__" "$app" ../conf/cheky.cron +ynh_replace_string "__FINALPATH__" "$final_path" ../conf/cheky.cron +sudo cp ../conf/cheky.cron "$cron_path" +sudo chmod 644 "$cron_path" + +#================================================= +# SETUP APPLICATION WITH CURL +#================================================= + +# Set right permissions for curl install +chown -R $app: $final_path + +# Set the app as temporarily public for curl call +ynh_app_setting_set $app skipped_uris "/" +# Reload SSOwat config +yunohost app ssowatconf + +# Reload Nginx +systemctl reload nginx + +# Installation with curl +ynh_local_curl "/index.php?mod=install "password=$password" "confirmPassword=$password" "type=db" "db[host]=localhost" "db[user]=$dbuser" "db[password]=$dbpass" "db[dbname]=$dbname" + + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= # Set permissions to app files -sudo chown -R www-data: $src_path +chown -R root: $final_path +# Only path that needs to be writable by cheky +chown -R $app: $final_path/var -# Generate MySQL password and create database -dbuser=$app -dbname=$app -dbpass=$(ynh_string_random 12) -ynh_app_setting_set "$app" mysqlpwd "$dbpass" -ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" +#================================================= +# SETUP LOGROTATE +#================================================= -# Load initial SQL into the new database -#ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < "../sources/sql/mysql.init.sql" +# Use logrotate to manage application logfile(s) +ynh_use_logrotate -# Modify Nginx configuration file and copy it to Nginx conf directory -nginx_conf=../conf/nginx.conf -sed -i "s@YNH_WWW_PATH@$path@g" $nginx_conf -sed -i "s@YNH_WWW_ALIAS@$src_path/@g" $nginx_conf -# If a dedicated php-fpm process is used: -# Don't forget to modify ../conf/nginx.conf accordingly or your app will not work! -# sed -i "s@YNH_WWW_APP@$app@g" $nginx_conf -sudo cp $nginx_conf /etc/nginx/conf.d/$domain.d/$app.conf +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= -# Set permissions and reload nginx (needed at this stage for the PHP piwigo installation process) -sudo service nginx reload -ynh_app_setting_set "$app" unprotected_uris "/" -sudo yunohost app ssowatconf +yunohost service add NAME_INIT.D --log "/var/log/FILE.log" +#================================================= +# SETUP SSOWAT +#================================================= -# Configure Cheky via curl -sleep 2 -curl --resolve $domain:443:127.0.0.1 -kL -X POST https://$domain$path/index.php?mod=install --data "password=$password&confirmPassword=$password&type=db&db[host]=localhost&db[user]=$dbuser&db[password]=$dbpass&db[dbname]=$dbname" > /tmp/Cheky-install.log 2>&1 - -#protect URIs if private -if [ $is_public -eq 0 ]; +if [ $is_public -eq 0 ] +then # Remove the public access + ynh_app_setting_delete $app skipped_uris +fi +# Make app public if necessary +if [ $is_public -eq 1 ] then - ynh_app_setting_delete "$app" unprotected_uris - ynh_app_setting_set "$app" protected_uris "/" + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set $app unprotected_uris "/" fi -# Add cron job -cron_path="/etc/cron.d/$app" -sed -i "s@#DESTDIR#@${src_path}@g" ../conf/Cheky.cron -sudo cp ../conf/Cheky.cron "$cron_path" -sudo chmod 644 "$cron_path" +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx diff --git a/scripts/remove b/scripts/remove index 671e5c1..ccb2862 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,24 +1,103 @@ #!/bin/bash +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Source YunoHost helpers -source /usr/share/yunohost/helpers +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) +db_user=$db_name +final_path=$(ynh_app_setting_get $app final_path) -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) +#================================================= +# STANDARD REMOVE +#================================================= +# STOP AND REMOVE SERVICE +#================================================= -# Remove sources -sudo rm -rf /var/www/$app +#================================================= +# REMOVE SERVICE FROM ADMIN PANEL +#================================================= -# Remove nginx configuration file -sudo rm -f /etc/nginx/conf.d/$domain.d/$app.conf +if yunohost service status | grep -q $app +then + echo "Remove $app service" + yunohost service remove $app +fi -# Drop MySQL database and user -dbname=$app -dbuser=$app -ynh_mysql_drop_db "$dbname" || true -ynh_mysql_drop_user "$dbuser" || true +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= -# Reload nginx service -sudo service nginx reload +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db $db_user $db_name + +#================================================= +# REMOVE APP MAIN DIR +#================================================= + +# Remove the app directory securely +ynh_secure_remove "$final_path" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= + +# Remove the app-specific logrotate config +ynh_remove_logrotate + +#================================================= +# CLOSE A PORT +#================================================= + +if yunohost firewall list | grep -q "\- $port$" +then + echo "Close port $port" + yunohost firewall disallow TCP $port 2>&1 +fi + +#================================================= +# SPECIFIC REMOVE +#================================================= +# REMOVE THE CRON FILE +#================================================= + +# Remove a cron file +ynh_secure_remove "/etc/cron.d/$app" + +# Remove the log files +ynh_secure_remove "/var/log/$app/" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= + +# Delete a system user +ynh_system_user_delete $app From ef27b91d50944b61917552e631947d551ff3efe7 Mon Sep 17 00:00:00 2001 From: Gofannon <17145502+Gofannon@users.noreply.github.com> Date: Sat, 5 May 2018 18:46:00 +0200 Subject: [PATCH 4/5] fix previous commit to pass package_check 'install' --- conf/nginx.conf | 2 +- scripts/install | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index eb4ee9e..baba3e6 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -37,7 +37,7 @@ location __PATH__ { # See https://forum.cheky.net/information-sur-message-avertissement-securite-t553-p1.html#p2127 location /var { deny all; - return 403 + #return 403 # Cannot pass 'install' with 'package_check' if this line is present } # Include SSOWAT user panel. diff --git a/scripts/install b/scripts/install index 4826fc4..47529dd 100644 --- a/scripts/install +++ b/scripts/install @@ -128,9 +128,11 @@ yunohost app ssowatconf # Reload Nginx systemctl reload nginx -# Installation with curl -ynh_local_curl "/index.php?mod=install "password=$password" "confirmPassword=$password" "type=db" "db[host]=localhost" "db[user]=$dbuser" "db[password]=$dbpass" "db[dbname]=$dbname" +# Get database password +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +# Installation with curl +ynh_local_curl "/index.php?mod=install" "password=$password" "confirmPassword=$password" "type=db" "db[host]=localhost" "db[user]=$db_name" "db[password]=$db_pwd" "db[dbname]=$db_name" #================================================= # GENERIC FINALIZATION From ea5e4bcc0fb7c59a33508282fdb3d43cd6ce3041 Mon Sep 17 00:00:00 2001 From: Gofannon <17145502+Gofannon@users.noreply.github.com> Date: Thu, 10 May 2018 16:44:32 +0200 Subject: [PATCH 5/5] redo scripts 'backup', 'restore' and 'upgrade' + upgrade 'manifest' --- check_process | 43 ++++++++++++ conf/nginx.conf | 2 +- conf/php-fpm.ini | 10 +++ manifest.json | 6 +- scripts/backup | 83 +++++++++++++++++----- scripts/restore | 133 +++++++++++++++++++++++++++-------- scripts/upgrade | 177 ++++++++++++++++++++++++++++++++++++----------- 7 files changed, 364 insertions(+), 90 deletions(-) create mode 100644 check_process create mode 100644 conf/php-fpm.ini diff --git a/check_process b/check_process new file mode 100644 index 0000000..4190fc4 --- /dev/null +++ b/check_process @@ -0,0 +1,43 @@ +# See here for more informations +# https://github.com/YunoHost/package_check#syntax-check_process-file + +# Move this file from check_process.default to check_process when you have filled it. + +;; Test complet + ; Manifest + domain="domain.tld" (DOMAIN) + path="/path" (PATH) + admin="john" (USER) + #language="fr" + is_public=1 (PUBLIC|public=1|private=0) + password="pass" + #port="666" (PORT) + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_nourl=0 + setup_private=1 + setup_public=1 + upgrade=1 + backup_restore=1 + multi_instance=1 + incorrect_path=1 + port_already_use=0 + change_url=0 +;;; Levels + Level 1=auto + Level 2=auto + Level 3=auto +# Level 4: + Level 4=0 +# Level 5: + Level 5=auto + Level 6=auto + Level 7=auto + Level 8=0 + Level 9=0 + Level 10=0 +;;; Options +Email= +Notification=none diff --git a/conf/nginx.conf b/conf/nginx.conf index baba3e6..9a23ebc 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -35,7 +35,7 @@ location __PATH__ { # Very important security restriction # See https://forum.cheky.net/information-sur-message-avertissement-securite-t553-p1.html#p2127 - location /var { + location __PATH__/var { deny all; #return 403 # Cannot pass 'install' with 'package_check' if this line is present } diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini new file mode 100644 index 0000000..5c27d59 --- /dev/null +++ b/conf/php-fpm.ini @@ -0,0 +1,10 @@ +; Common values to change to increase file upload limit +; upload_max_filesize = 50M +; post_max_size = 50M +; mail.add_x_header = Off + +; Other common parameters +; max_execution_time = 600 +; max_input_time = 300 +; memory_limit = 256M +; short_open_tag = On diff --git a/manifest.json b/manifest.json index a727c2c..3b9d367 100644 --- a/manifest.json +++ b/manifest.json @@ -10,12 +10,12 @@ "url": "https://www.cheky.net", "license": "free", "maintainer": { - "name": "JimboJoe", - "email": "jimmy@monin.net", + "name": "Gofannon", + "email": "gofanon@riseup.net", "url": "" }, "requirements": { - "yunohost": ">> 2.4.0" + "yunohost": ">> 2.6.4" }, "multi_instance": true, "services": [ diff --git a/scripts/backup b/scripts/backup index b18a2a2..22f64d7 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,24 +1,73 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# See comments in install script -app=$YNH_APP_INSTANCE_NAME - -# Source YunoHost helpers +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi +source _common.sh source /usr/share/yunohost/helpers -# Backup sources & data -ynh_backup "/var/www/${app}" "sources" +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= -# Dump the database -dbname=$app -dbuser=$app -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) -mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors -# Copy NGINX and cron configuration -domain=$(ynh_app_setting_get "$app" domain) -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" -ynh_backup "/etc/cron.d/${app}" "conf/cron" +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) + +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= + +ynh_backup "$final_path" + +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" + +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= + +ynh_mysql_dump_db "$db_name" > db.sql + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP LOGROTATE +#================================================= + +ynh_backup "/etc/logrotate.d/$app" + +#================================================= +# BACKUP THE CRON FILE +#================================================= + +ynh_backup "/etc/cron.d/$app" diff --git a/scripts/restore b/scripts/restore index e1233b3..cef33d1 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,40 +1,115 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# See comments in install script -app=$YNH_APP_INSTANCE_NAME - -# Source YunoHost helpers +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi +source _common.sh source /usr/share/yunohost/helpers -# Retrieve old app settings -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || ynh_die "Path not available: ${domain}${path}" +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors -# Restore sources & data -src_path="/var/www/${app}" -sudo cp -a ./sources "$src_path" +#================================================= +# LOAD SETTINGS +#================================================= -# Restore permissions to app files -sudo chown -R root: "$src_path" -sudo chown -R www-data: "$src_path/var" +app=$YNH_APP_INSTANCE_NAME -# Create and restore the database -dbname=$app -dbuser=$app -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) -ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) -# Restore NGINX and cron configuration -sudo cp -a ./nginx.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf" -sudo cp -a ./conf/cron "/etc/cron.d/${app}" +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= -# Restart webserver -sudo service nginx reload +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " + +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= + +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= + +ynh_restore_file "$final_path" + +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= + +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_mysql_setup_db $db_name $db_name $db_pwd +ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= + +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Restore permissions on app files +chown -R root: $final_path +# Only path that needs to be writable by cheky +chown -R $app: $final_path/var + + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini" + +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +yunohost service add $app --log "/var/log/$app/APP.log" + +#================================================= +# RESTORE THE CRON FILE +#================================================= + +ynh_restore_file "/etc/cron.d/$app" + +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= + +ynh_restore_file "/etc/logrotate.d/$app" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= + +systemctl reload php5-fpm +systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index dfad344..46365fd 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,51 +1,148 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# See comments in install script -app=$YNH_APP_INSTANCE_NAME - -# Source YunoHost helpers +source _common.sh source /usr/share/yunohost/helpers -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -admin=$(ynh_app_setting_get "$app" admin) -is_public=$(ynh_app_setting_get "$app" is_public) -language=$(ynh_app_setting_get "$app" language) +#================================================= +# LOAD SETTINGS +#================================================= -# Remove trailing "/" for next commands -path=${path%/} +app=$YNH_APP_INSTANCE_NAME -# Download sources -sudo wget -q https://github.com/Blount/Cheky/archive/3.3.zip -O Cheky.zip +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +admin=$(ynh_app_setting_get $app admin) +is_public=$(ynh_app_setting_get $app is_public) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) -# Uncompress -sudo unzip -qq Cheky.zip -d .. +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= -# Copy source files -src_path=/var/www/$app -sudo mkdir -p $src_path -sudo cp -a ../Cheky*/. $src_path - -# Set permissions to app files -# you may need to make some file and/or directory writeable by www-data (nginx user) -sudo chown -R www-data: $src_path - -# Modify Nginx configuration file and copy it to Nginx conf directory -nginx_conf=../conf/nginx.conf -sed -i "s@YNH_WWW_PATH@$path@g" $nginx_conf -sed -i "s@YNH_WWW_ALIAS@$src_path/@g" $nginx_conf - -sudo cp $nginx_conf /etc/nginx/conf.d/$domain.d/$app.conf - -# If app is public, add url to SSOWat conf as skipped_uris -if [[ $is_public -eq 1 ]]; then - # See install script - ynh_app_setting_set "$app" unprotected_uris "/" +# Fix is_public as a boolean value +if [ "$is_public" = "Yes" ]; then + ynh_app_setting_set $app is_public 1 + is_public=1 +elif [ "$is_public" = "No" ]; then + ynh_app_setting_set $app is_public 0 + is_public=0 fi -# Reload nginx service -sudo service nginx reload +# If db_name doesn't exist, create it +if [ -z $db_name ]; then + db_name=$(ynh_sanitize_dbid $app) + ynh_app_setting_set $app db_name $db_name +fi + +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path=/var/www/$app + ynh_app_setting_set $app final_path $final_path +fi + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# ... +#================================================= +#todo: part needed ? +# Verify the checksum and backup the file if it's different +#ynh_backup_if_checksum_is_different "$final_path/CONFIG_FILE" +# Recalculate and store the config file checksum into the app settings +#ynh_store_file_checksum "$final_path/CONFIG_FILE" + +#================================================= +# SETUP LOGROTATE +#================================================= + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions to app files +chown -R root: $final_path +# Only path that needs to be writable by cheky +chown -R $app: $final_path/var + +#================================================= +# SETUP SSOWAT +#================================================= + +if [ $is_public -eq 0 ] +then # Remove the public access + ynh_app_setting_delete $app skipped_uris +fi +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway + ynh_app_setting_set $app unprotected_uris "/" +fi + +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx