From e893c91b41775b8d4b4cc8038877a479e80351ec Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 19 Jul 2021 09:44:10 +0200 Subject: [PATCH] Fix --- check_process | 4 ---- conf/cheky.cron | 2 +- conf/nginx.conf | 5 ++--- conf/php-fpm.conf | 32 ++++++++++++++++---------------- manifest.json | 4 ++-- scripts/_common.sh | 16 ++-------------- scripts/backup | 17 ++++++----------- scripts/install | 12 ++++-------- scripts/restore | 22 ++++++++++++---------- scripts/upgrade | 22 +++++++++++----------- 10 files changed, 56 insertions(+), 80 deletions(-) diff --git a/check_process b/check_process index ae7a65f..8a4c77d 100644 --- a/check_process +++ b/check_process @@ -3,10 +3,8 @@ domain="domain.tld" path="/path" admin="john" - #language="fr" is_public=1 password="pass" - #port="666" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -18,8 +16,6 @@ upgrade=1 from_commit=a6b2615101887e3235aab0b95607eb1b58507a4c backup_restore=1 multi_instance=1 - incorrect_path=1 - port_already_use=0 change_url=0 ;;; Options Email= diff --git a/conf/cheky.cron b/conf/cheky.cron index cf1909d..06aeb65 100644 --- a/conf/cheky.cron +++ b/conf/cheky.cron @@ -1 +1 @@ -*/5 * * * * __USER__ /usr/bin/php -f __FINALPATH__/check.php +*/5 * * * * __APP__ /usr/bin/php__PHPVERSION__ -f __FINALPATH__/check.php diff --git a/conf/nginx.conf b/conf/nginx.conf index 8ae6307..02ab5bc 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -9,7 +9,6 @@ location __PATH__/ { rewrite ^ https://$server_name$request_uri? permanent; } -### Example PHP configuration (remove it if not used) index index.php; # Common parameter to increase upload size limit in conjuction with dedicated php-fpm file @@ -18,7 +17,7 @@ location __PATH__/ { try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php__PHPVERSION__-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; @@ -26,7 +25,7 @@ location __PATH__/ { fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } -### End of PHP configuration part + # Very important security restriction # See https://forum.cheky.net/information-sur-message-avertissement-securite-t553-p1.html#p2127 diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 9018c9d..ab1a471 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -33,7 +33,7 @@ group = __USER__ ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. ; Default Value: 511 (-1 on FreeBSD and OpenBSD) @@ -41,7 +41,7 @@ listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. +; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data @@ -131,7 +131,7 @@ pm.max_spare_servers = 3 ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s ;pm.process_idle_timeout = 10s; - + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. @@ -184,7 +184,7 @@ pm.max_spare_servers = 3 ; ; By default the status page only outputs short status. Passing 'full' in the ; query string will also return status for each pool process. -; Example: +; Example: ; http://www.foo.bar/status?full ; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?html&full @@ -297,7 +297,7 @@ pm.max_spare_servers = 3 ; - .... ; %p: PID of the child that serviced the request ; %P: PID of the parent of the child that serviced the request -; %q: the query string +; %q: the query string ; %Q: the '?' character if query string exists ; %r: the request URI (without the query string, see %q and %Q) ; %R: remote IP address @@ -316,40 +316,40 @@ pm.max_spare_servers = 3 ; ; Default: "%R - %u %t \"%m %r\" %s" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - + ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log - +;slowlog = log/$pool.log.slow + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = 5s - +;request_slowlog_timeout = 0 + ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_terminate_timeout = 1d - + ; Set open file descriptor rlimit. ; Default Value: system defined value ;rlimit_files = 1024 - + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value ;rlimit_core = 0 - + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set @@ -383,7 +383,7 @@ chdir = __FINALPATH__ ; Note: set an empty value to allow all extensions. ; Default Value: .php ;security.limit_extensions = .php .php3 .php4 .php5 .php7 - + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -397,7 +397,7 @@ chdir = __FINALPATH__ ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. diff --git a/manifest.json b/manifest.json index 2a25012..3f180cc 100644 --- a/manifest.json +++ b/manifest.json @@ -3,8 +3,8 @@ "id": "cheky", "packaging_format": 1, "description": { - "en": "Cheky monitors French classifieds websites LeBonCoin and SeLoger.", - "fr": "Cheky surveille pour vous LeBonCoin et SeLoger." + "en": "Monitors French classifieds websites LeBonCoin and SeLoger.", + "fr": "Surveille pour vous LeBonCoin et SeLoger." }, "version": "4.4.1~ynh4", "url": "https://www.cheky.net", diff --git a/scripts/_common.sh b/scripts/_common.sh index c85fc0e..af0224b 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,24 +4,12 @@ # PERSONAL HELPERS #================================================= +YNH_PHP_VERSION="7.3" + #================================================= # EXPERIMENTAL HELPERS #================================================= -# Execute a command as another user -# usage: exec_as USER COMMAND [ARG ...] -# Source : https://github.com/YunoHost-Apps/Experimental_helpers/tree/master/ynh_exec_as -exec_as() { - local USER=$1 - shift 1 - - if [[ $USER = $(whoami) ]]; then - eval "$@" - else - sudo -u "$USER" "$@" - fi -} - #================================================= # FUTURE OFFICIAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index bea564c..9f6005d 100644 --- a/scripts/backup +++ b/scripts/backup @@ -26,29 +26,30 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app domain) db_name=$(ynh_app_setting_get $app db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= -# STANDARD BACKUP STEPS +# DECLARE DATA AND CONF FILES TO BACKUP +#================================================= +ynh_print_info --message="Declaring files to be backed up..." + #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_print_info "Backing up the main app directory..." ynh_backup "$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_print_info "Backing up nginx web server configuration..." ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Backing up php-fpm configuration..." -ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_backup "/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE @@ -57,12 +58,6 @@ ynh_print_info "Backing up the MySQL database..." ynh_mysql_dump_db "$db_name" > db.sql -#================================================= -# SPECIFIC BACKUP -#================================================= -# ... -#================================================= - #================================================= # BACKUP A CRON FILE #================================================= diff --git a/scripts/install b/scripts/install index 31e0bed..86e9792 100644 --- a/scripts/install +++ b/scripts/install @@ -121,10 +121,9 @@ ynh_replace_string "__FINALPATH__" "$final_path" "$cron_path" chown -R $app: $final_path # Set the app as temporarily public for curl call -ynh_print_info "Configuring SSOwat..." -ynh_app_setting_set $app skipped_uris "/" -# Reload SSOwat config -yunohost app ssowatconf +ynh_script_progression --message="Configuring SSOwat..." +# Making the app public for curl +ynh_permission_update --permission="main" --add="visitors" # Reload Nginx systemctl reload nginx @@ -136,10 +135,7 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd) ynh_local_curl "/index.php?mod=install" "password=$password" "confirmPassword=$password" "type=db" "db[host]=localhost" "db[user]=$db_name" "db[password]=$db_pwd" "db[dbname]=$db_name" # Remove the public access -if [ $is_public -eq 0 ] -then - ynh_app_setting_delete $app skipped_uris -fi +ynh_permission_update --permission="main" --remove="visitors" #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index 7441ba8..11f83bb 100644 --- a/scripts/restore +++ b/scripts/restore @@ -19,7 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading settings..." +ynh_script_progression --message="Loading settings..." app=$YNH_APP_INSTANCE_NAME @@ -27,11 +27,12 @@ domain=$(ynh_app_setting_get $app domain) path_url=$(ynh_app_setting_get $app path) final_path=$(ynh_app_setting_get $app final_path) db_name=$(ynh_app_setting_get $app db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_print_info "Validating restoration parameters..." +ynh_script_progression --message="Validating restoration parameters..." ynh_webpath_available $domain $path_url \ || ynh_die "Path not available: ${domain}${path_url}" @@ -49,14 +50,14 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_print_info "Restoring the app main directory..." +ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file "$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_print_info "Recreating the dedicated system user..." +ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) ynh_system_user_create $app @@ -74,11 +75,12 @@ chown -R $app: $final_path/var # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php/$phpversion/fpm/pool.d/$app.conf" + #================================================= # RESTORE THE MYSQL DATABASE #================================================= -ynh_print_info "Restoring the MySQL database..." +ynh_script_progression --message="Restoring the MySQL database..." db_pwd=$(ynh_app_setting_get $app mysqlpwd) ynh_mysql_setup_db $db_name $db_name $db_pwd @@ -95,13 +97,13 @@ ynh_restore_file "/etc/cron.d/$app" #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_print_info "Reloading nginx web server and php-fpm..." +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1 -systemctl reload php7.3-fpm -systemctl reload nginx +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload +ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Restoration completed for $app" +ynh_script_progression --message="Restoration completed for $app" -last diff --git a/scripts/upgrade b/scripts/upgrade index 8251efa..deaab6a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -25,7 +25,7 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_print_info "Ensuring downward compatibility..." +ynh_script_progression --message="Ensuring downward compatibility..." # If db_name doesn't exist, create it if [ -z $db_name ]; then @@ -49,7 +49,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_print_info "Backing up the app before upgrading (may take a while)..." +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -65,7 +65,7 @@ ynh_abort_if_errors #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_print_info "Upgrading source files..." +ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" @@ -73,7 +73,7 @@ ynh_setup_source "$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_print_info "Upgrading nginx web server configuration..." +ynh_script_progression --message="Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config @@ -81,7 +81,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_print_info "Making sure dedicated system user exists..." +ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create $app @@ -89,7 +89,7 @@ ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Upgrading php-fpm configuration..." +ynh_script_progression --message="Upgrading php-fpm configuration..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -97,14 +97,14 @@ ynh_add_fpm_config #================================================= # SPECIFIC UPGRADE #================================================= -ynh_print_info "Running specific upgrade..." +ynh_script_progression --message="Running specific upgrade..." # Give full access to "$app" so php script can do "its own magic stuff" chown -R $app: $final_path # Copy Yunohost custom script to cheky folder and launch it cp yunohost_upgrade_cheky.php $final_path/others/update/ -exec_as "$app" /usr/bin/php $final_path/others/update/yunohost_upgrade_cheky.php $final_path +ynh_exec_as "$app" /usr/bin/php $final_path/others/update/yunohost_upgrade_cheky.php $final_path #================================================= # GENERIC FINALIZATION @@ -122,7 +122,7 @@ chown -R $app: $final_path/static/media/annonce # needed for "Mes annonces sau #================================================= # RELOAD NGINX #================================================= -ynh_print_info "Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." systemctl reload nginx @@ -130,4 +130,4 @@ systemctl reload nginx # END OF SCRIPT #================================================= -ynh_print_info "Upgrade of $app completed" +ynh_script_progression --message="Upgrade of $app completed"