From a11dbf35041dc42209fc0b08914ca1e6c4ac3782 Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Thu, 13 Jan 2022 19:21:56 +0000 Subject: [PATCH 1/7] Full upgrade --- .github/workflows/updater.sh | 134 +++++++++++++++++++++++++++++++++++ README.md | 11 ++- README_fr.md | 11 ++- check_process | 23 ++---- conf/amd64.src | 7 ++ conf/arm64.src | 7 ++ conf/code-server.env | 3 +- conf/config.yaml | 8 +-- conf/systemd.service | 34 ++++++++- config_panel.toml | 27 +++++++ doc/.gitkeep | 0 doc/DISCLAIMER.md | 11 ++- doc/DISCLAIMER_fr.md | 9 ++- manifest.json | 63 +++------------- scripts/_common.sh | 98 ------------------------- scripts/backup | 18 +++-- scripts/change_url | 27 ++++--- scripts/install | 105 +++++++++++---------------- scripts/remove | 60 +++++++--------- scripts/restore | 83 +++++++++------------- scripts/upgrade | 102 +++++++++++++++----------- 21 files changed, 435 insertions(+), 406 deletions(-) create mode 100755 .github/workflows/updater.sh create mode 100644 conf/amd64.src create mode 100644 conf/arm64.src create mode 100644 config_panel.toml delete mode 100644 doc/.gitkeep diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100755 index 0000000..35286e7 --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,134 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) +assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) +echo "${#assets[@]} available asset(s)" + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Here we use the $assets variable to get the resources published in the upstream release. +# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. + +# Let's loop over the array of assets URLs +for asset_url in ${assets[@]}; do + +echo "Handling asset at $asset_url" + +# Assign the asset to a source file in conf/ directory +# Here we base the source file name upon a unique keyword in the assets url (arch) +# Leave $src empty to ignore the asset +case $asset_url in + *"linux-amd64.tar.gz") + src="amd64" + ;; + *"linux-arm64.tar.gz") + src="arm64" + ;; + *) + src="" + ;; +esac + +# If $src is not empty, let's process the asset +if [ ! -z "$src" ]; then + +# Create the temporary directory +tempdir="$(mktemp -d)" + +# Download sources and calculate checksum +filename=${asset_url##*/} +curl --silent -4 -L $asset_url -o "$tempdir/$filename" +checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + +# Delete temporary directory +rm -rf $tempdir + +# Get extension +if [[ $filename == *.tar.gz ]]; then + extension=tar.gz +else + extension=${filename##*.} +fi + +# Rewrite source file +cat < conf/$src.src +SOURCE_URL=$asset_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=$extension +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true +EOT +echo "... conf/$src.src updated" + +else +echo "... asset ignored" +fi + +done + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 diff --git a/README.md b/README.md index a80274d..b6f7013 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Run VS Code on your server and access it in the browser -**Shipped version:** 3.12.0~ynh1 +**Shipped version:** 4.0.1~ynh1 @@ -27,17 +27,16 @@ Run VS Code on your server and access it in the browser ## Disclaimers / important information +### Installation + +* The package does not create a dedicated system user, rather during installation you are asked what user you want code-server to run as. **Don't give access to users you don't fully trust!** + ### Limitations * Requires a dedicated domain * Single-user, no LDAP * Subdomains for services on ports (like 8080.code-server-domain.tld) are not supported -### Other info - -* The package does not create a dedicated system user, rather during installation you are asked what user you want code-server to run as. **Don't give access to users you don't fully trust!** -* You can optionally set a password required to access code-server. **Don't leave this blank if you have allowed public access!** - ## Documentation and resources * Official app website: https://github.com/cdr/code-server diff --git a/README_fr.md b/README_fr.md index d3a428d..fe61ee7 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Lancez VS Code sur votre serveur et accédez-y depuis votre navigateur -**Version incluse :** 3.12.0~ynh1 +**Version incluse :** 4.0.1~ynh1 @@ -23,17 +23,16 @@ Lancez VS Code sur votre serveur et accédez-y depuis votre navigateur ## Avertissements / informations importantes +### Installation + +* Le paquet ne crée pas d'utilisateur système dédié; on vous demandera pendant l'installation quel utilisateur vous voulez que cod-serveur éxecute en tant que. **Ne donnez pas accès à des utilisateurs en lesquels vous n'avez pas complètement confiance !** + ### Limitations * Nécessite un domaine dédié * Un seul utilisateur seulement, pas de LDAP * Les sous-domaines pour les services sur les ports (like 8080.code-server-domain.tld) ne sont pas pris en charge -### Other info - -* Le paquet ne crée pas d'utilisateur système dédié; on vous demandera pendant l'installation quel utilisateur vous voulez que cod-serveur éxecute en tant que. **Ne donnez pas accès à des utilisateurs en lesquels vous n'avez pas complètement confiance !** -* Vous pouvez demander un mot de passe pour accéder à code-server (facultatif). **Ne laissez pas le champ mot-de-passe vide si vous avez permis l'accès public !** - ## Documentations et ressources * Site officiel de l'app : https://github.com/cdr/code-server diff --git a/check_process b/check_process index 759fffb..32b6ccf 100644 --- a/check_process +++ b/check_process @@ -1,26 +1,16 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest domain="domain.tld" admin="john" - is_public=1 - password="pass" - extension_service_url= - extension_item_url= - enable_proposed_api= ; Checks pkg_linter=1 setup_sub_dir=0 setup_root=1 setup_nourl=0 - setup_private=1 - setup_public=1 + setup_private=0 + setup_public=0 upgrade=1 - upgrade=0 from_commit=CommitHash + upgrade=1 from_commit=9bd092ceafb213964c0bfe135538d91b888f1284 backup_restore=1 multi_instance=1 port_already_use=0 @@ -29,7 +19,6 @@ Email= Notification=none ;;; Upgrade options - ; commit=CommitHash - name=Name and date of the commit. - manifest_arg=domain=DOMAIN&admin=USER&is_public=1&password=pass& - + ; commit=9bd092ceafb213964c0bfe135538d91b888f1284 + name=3.11.0~ynh1 + manifest_arg=domain=domain.tld&admin=john&is_public=1&password=pass&extension_service_url=&extension_item_url=&enable_proposed_api= diff --git a/conf/amd64.src b/conf/amd64.src new file mode 100644 index 0000000..ef3012b --- /dev/null +++ b/conf/amd64.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://github.com/coder/code-server/releases/download/v4.0.1/code-server-4.0.1-linux-amd64.tar.gz +SOURCE_SUM=5fe6d26e9d19e685946f0f392d9c822e5303a800cac3ac54a6a2c26104d239fd +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/arm64.src b/conf/arm64.src new file mode 100644 index 0000000..ef3012b --- /dev/null +++ b/conf/arm64.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://github.com/coder/code-server/releases/download/v4.0.1/code-server-4.0.1-linux-amd64.tar.gz +SOURCE_SUM=5fe6d26e9d19e685946f0f392d9c822e5303a800cac3ac54a6a2c26104d239fd +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/code-server.env b/conf/code-server.env index ab0d860..d2e49a7 100644 --- a/conf/code-server.env +++ b/conf/code-server.env @@ -1,2 +1 @@ -SERVICE_URL=__EXTENSION_SERVICE_URL__ -ITEM_URL=__EXTENSION_ITEM_URL__ +EXTENSIONS_GALLERY='{"serviceUrl": "https://open-vsx.org/vscode/gallery","itemUrl": "https://open-vsx.org/vscode/item"}' diff --git a/conf/config.yaml b/conf/config.yaml index 055c85b..a6afd92 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -1,9 +1,7 @@ bind-addr: 127.0.0.1:__PORT__ -auth: __AUTH__ -hashed-password: __HASHED_PASSWORD__ +auth: "none" cert: false disable-telemetry: true disable-update-check: true -user-data-dir: __DATA_PATH__/user-data -extensions-dir: __DATA_PATH__/extensions -__ENABLE_PROPOSED_API_STRING__ +user-data-dir: __DATADIR__/user-data +extensions-dir: __DATADIR__/extensions diff --git a/conf/systemd.service b/conf/systemd.service index a5f4ec4..efcd876 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=Run VS Code on your server and access it in the browser +Description=VS Code Server After=network.target [Service] @@ -8,9 +8,39 @@ User=__ADMIN__ Group=__ADMIN__ WorkingDirectory=/home/__ADMIN__/ EnvironmentFile=__FINALPATH__/code-server.env -ExecStart=/usr/bin/env bash -l -c "__FINALPATH__/release-standalone/bin/code-server --config __FINALPATH__/config.yaml" +ExecStart=__FINALPATH__/bin/code-server --config __FINALPATH__/config.yaml StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/config_panel.toml b/config_panel.toml new file mode 100644 index 0000000..36842f6 --- /dev/null +++ b/config_panel.toml @@ -0,0 +1,27 @@ +version = "1.0" + +## (optional) i18n property let you internationalize questions, however this feature +## is only available in core configuration panel (like yunohost domain config). +## So in app config panel this key is ignored for now, but you can internationalize +## by using a lang dictionary (see property name bellow) +# i18n = "prefix_translation_key" + +[main] +name = "Main configuration" +services = ["__APP__"] + + [main.extensions] + name = "Extensions" + optional = false + + [main.extensions.extensions_gallery] + ask = "Extensions Gallery" + type = "string" + example = "{\"serviceUrl\": \"https://open-vsx.org/vscode/gallery\",\"itemUrl\": \"https://open-vsx.org/vscode/item\"}" + bind = ":/opt/yunohost/__APP__/code-server.env" + + [main.extensions.enable_proposed_api] + ask = "Enable Proposed API" + type = "tags" + optional = true + bind = "enable-proposed-api:/opt/yunohost/__APP__/config.yaml" diff --git a/doc/.gitkeep b/doc/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 37910b5..fccc276 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,10 +1,15 @@ +### Installation + +* The package does not create a dedicated system user, rather during installation you are asked what user you want code-server to run as. **Don't give access to users you don't fully trust!** + ### Limitations * Requires a dedicated domain * Single-user, no LDAP * Subdomains for services on ports (like 8080.code-server-domain.tld) are not supported -### Other info +### Extensions -* The package does not create a dedicated system user, rather during installation you are asked what user you want code-server to run as. **Don't give access to users you don't fully trust!** -* You can optionally set a password required to access code-server. **Don't leave this blank if you have allowed public access!** +This application uses [Open VSX Registry](https://open-vsx.org/). You can change this setting from the web admin config panel. + +See https://coder.com/docs/code-server/latest/FAQ#how-do-i-use-my-own-extensions-marketplace diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index 88c5227..e20b832 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,10 +1,9 @@ +### Installation + +* Le paquet ne crée pas d'utilisateur système dédié; on vous demandera pendant l'installation quel utilisateur vous voulez que cod-serveur éxecute en tant que. **Ne donnez pas accès à des utilisateurs en lesquels vous n'avez pas complètement confiance !** + ### Limitations * Nécessite un domaine dédié * Un seul utilisateur seulement, pas de LDAP * Les sous-domaines pour les services sur les ports (like 8080.code-server-domain.tld) ne sont pas pris en charge - -### Other info - -* Le paquet ne crée pas d'utilisateur système dédié; on vous demandera pendant l'installation quel utilisateur vous voulez que cod-serveur éxecute en tant que. **Ne donnez pas accès à des utilisateurs en lesquels vous n'avez pas complètement confiance !** -* Vous pouvez demander un mot de passe pour accéder à code-server (facultatif). **Ne laissez pas le champ mot-de-passe vide si vous avez permis l'accès public !** diff --git a/manifest.json b/manifest.json index e5ed068..d23972a 100644 --- a/manifest.json +++ b/manifest.json @@ -6,22 +6,20 @@ "en": "Run VS Code on your server and access it in the browser", "fr": "Lancez VS Code sur votre serveur et accédez-y depuis votre navigateur" }, - "version": "3.12.0~ynh1", - "url": "https://github.com/cdr/code-server", + "version": "4.0.1~ynh1", + "url": "https://github.com/coder/code-server", "upstream": { - "license": "mit", - "website": "https://github.com/cdr/code-server", - "admindoc": "https://github.com/cdr/code-server/tree/main/docs", - "userdoc": "https://github.com/cdr/code-server/tree/main/docs", - "code": "https://github.com/cdr/code-server" + "license": "MIT", + "admindoc": "https://coder.com/docs/code-server/latest", + "userdoc": "https://coder.com/docs/code-server/latest/FAQ", + "code": "https://github.com/coder/code-server" }, "license": "MIT", "maintainer": { - "name": "Jules Bertholet", - "email": "jules.bertholet@gmail.com" + "name": "Tagada" }, "requirements": { - "yunohost": ">= 4.1.3" + "yunohost": ">= 4.3.1.8" }, "multi_instance": true, "services": [ @@ -31,52 +29,11 @@ "install" : [ { "name": "domain", - "type": "domain", - "example": "example.com" + "type": "domain" }, { "name": "admin", - "type": "user", - "example": "johndoe" - }, - { - "name": "is_public", - "type": "boolean", - "default": true - }, - { - "name": "password", - "type": "password", - "example": "Choose a password", - "optional": true - }, - { - "name": "extension_service_url", - "type": "string", - "ask": { - "en": "Choose a custom extension gallery serviceUrl (https://github.com/VSCodium/vscodium/blob/master/DOCS.md#extensions--marketplace)", - "fr": "choisir un serviceUrl de galerie d'extensions personnalisé (https://github.com/VSCodium/vscodium/blob/master/DOCS.md#extensions--marketplace)" - }, - "optional": true - }, - { - "name": "extension_item_url", - "type": "string", - "ask": { - "en": "Choose a custom extension gallery itemUrl (https://github.com/VSCodium/vscodium/blob/master/DOCS.md#extensions--marketplace)", - "fr": "choisir un itemUrl de galerie d'extensions personnalisé (https://github.com/VSCodium/vscodium/blob/master/DOCS.md#extensions--marketplace)" - }, - "optional": true - }, - { - "name": "enable_proposed_api", - "type": "string", - "ask": { - "en": "Choose a list of extensions that can access proposed APIs (https://github.com/VSCodium/vscodium/blob/master/DOCS.md#proprietary-extensions)", - "fr": "choisir une liste d'extensions qui peuvent accéder aux APIs proposées (https://github.com/VSCodium/vscodium/blob/master/DOCS.md#proprietary-extensions)" - }, - "optional": true, - "example": "extension.id, another.extension.id" + "type": "user" } ] } diff --git a/scripts/_common.sh b/scripts/_common.sh index 7244582..944a65e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,108 +4,10 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app -pkg_dependencies="git jq build-essential nodejs g++ gettext-base rsync" - #================================================= # PERSONAL HELPERS #================================================= -function install_dependencies { - ynh_install_app_dependencies $pkg_dependencies - ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" -} - -function setup_source { - if [ ! -d "$final_path/.git" ]; then - git clone https://github.com/cdr/code-server/ "$final_path" --no-checkout 2>&1 - fi - pushd "$final_path" - git fetch --all 2>&1 - git reset --hard 2>&1 - git checkout 798dc0baf284416dbbf951e4ef596beeab6cb6c4 2>&1 - popd - - ynh_replace_special_string -m "throw new Error('compilation requires 4GB of RAM')" -r "console.log('compilation requires 4GB of RAM')" -f "$final_path/lib/vscode/build/lib/compilation.js" - ynh_replace_special_string -m "throw new Error('compilation requires 4GB of RAM')" -r "console.log('compilation requires 4GB of RAM')" -f "$final_path/lib/vscode/build/lib/compilation.ts" - - set_permissions -} - -function set_permissions { - chown -R root:$admin "$final_path" - chmod -R g=u,g-w,o-rwx "$final_path" - - mkdir -p "$data_path"/{user-data,extensions} - chown -R $admin:$admin "$data_path" - chmod -R g=u,g-w,o-rwx "$data_path" - - mkdir -p "/var/log/$app" - chown -R root:root "/var/log/$app" - chmod -R g=u,g-w,o-rwx "/var/log/$app" -} - -function set_node_vars { - ynh_exec_warn_less ynh_install_nodejs --nodejs_version=14 - ynh_use_nodejs - node_path=$nodejs_path:$(sudo -u $admin sh -c 'echo $PATH') -} - -function build_app { - set_node_vars - - pushd "$final_path" - chown -R $admin:$admin "$final_path" - sudo -u $admin touch $final_path/.yarnrc - sudo -u $admin env "PATH=$node_path" yarn --cache-folder "$final_path/yarn-cache" --use-yarnrc "$final_path/.yarnrc" config set python python3 2>&1 - sudo -u $admin env "PATH=$node_path" yarn --cache-folder "$final_path/yarn-cache" --use-yarnrc "$final_path/.yarnrc" install 2>&1 - sudo -u $admin env "PATH=$node_path" yarn --cache-folder "$final_path/yarn-cache" --use-yarnrc "$final_path/.yarnrc" build 2>&1 - sudo -u $admin env "PATH=$node_path" yarn --cache-folder "$final_path/yarn-cache" --use-yarnrc "$final_path/.yarnrc" build:vscode 2>&1 - sudo -u $admin env "PATH=$node_path" yarn --cache-folder "$final_path/yarn-cache" --use-yarnrc "$final_path/.yarnrc" release 2>&1 - cd release - sudo -u $admin env "PATH=$node_path" yarn --cache-folder "$final_path/yarn-cache" --use-yarnrc "$final_path/.yarnrc" install --production 2>&1 - cd .. - sudo -u $admin env "PATH=$node_path" yarn --cache-folder "$final_path/yarn-cache" --use-yarnrc "$final_path/.yarnrc" release:standalone 2>&1 - popd - - set_permissions -} - -function add_configs { - if [ ! -z "$hashed_password" ]; then - auth="password" - else - auth="none" - fi - - if [ ! -z "$enable_proposed_api" ]; then - enable_proposed_api_string="enable-proposed-api: [ $enable_proposed_api ]" - else - enable_proposed_api_string="" - fi - - ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" - - ynh_add_config --template="code-server.env" --destination="$final_path/code-server.env" - - set_permissions -} - -function load_settings { - app=$YNH_APP_INSTANCE_NAME - - final_path=$(ynh_app_setting_get --app=$app --key=final_path) - data_path=$(ynh_app_setting_get --app=$app --key=data_path) - domain=$(ynh_app_setting_get --app=$app --key=domain) - path_url=$(ynh_app_setting_get --app=$app --key=path) - admin=$(ynh_app_setting_get --app=$app --key=admin) - hashed_password=$(ynh_app_setting_get --app=$app --key=hashed_password) - extension_service_url=$(ynh_app_setting_get --app=$app --key=extension_service_url) - extension_item_url=$(ynh_app_setting_get --app=$app --key=extension_item_url) - enable_proposed_api=$(ynh_app_setting_get --app=$app --key=enable_proposed_api) - port=$(ynh_app_setting_get --app=$app --key=port) -} - #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 4d020be..8367e33 100755 --- a/scripts/backup +++ b/scripts/backup @@ -15,6 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script @@ -25,7 +26,11 @@ ynh_abort_if_errors #================================================= ynh_print_info --message="Loading installation settings..." -load_settings +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP @@ -39,10 +44,10 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$final_path" #================================================= -# BACKUP THE APP DATA DIR +# BACKUP THE DATA DIR #================================================= -ynh_backup --src_path="$data_path" --is_big +ynh_backup --src_path="$datadir" --is_big #================================================= # BACKUP THE NGINX CONFIGURATION @@ -50,13 +55,6 @@ ynh_backup --src_path="$data_path" --is_big ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" - #================================================= # SPECIFIC BACKUP #================================================= diff --git a/scripts/change_url b/scripts/change_url index b28815b..c68751f 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,14 +24,15 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." --time --weight=1 -load_settings +# Needed for helper "ynh_add_nginx_config" +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=50 +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --time --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -55,21 +56,19 @@ then change_domain=1 fi -change_path=0 - #================================================= # STANDARD MODIFICATIONS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 +ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -83,19 +82,25 @@ then ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi +#================================================= +# SPECIFIC MODIFICATIONS +#================================================= +# ... +#================================================= + #================================================= # GENERIC FINALISATION #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting a systemd service..." --time --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match=" HTTP server listening on " +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -103,4 +108,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression --message="Change of URL completed for $app" --time --last diff --git a/scripts/install b/scripts/install index af1cee6..3c1a716 100755 --- a/scripts/install +++ b/scripts/install @@ -24,13 +24,7 @@ ynh_abort_if_errors #================================================= domain=$YNH_APP_ARG_DOMAIN -path_url='/' admin=$YNH_APP_ARG_ADMIN -is_public=$YNH_APP_ARG_IS_PUBLIC -password=$YNH_APP_ARG_PASSWORD -extension_service_url=$YNH_APP_ARG_EXTENSION_SERVICE_URL -extension_item_url=$YNH_APP_ARG_EXTENSION_ITEM_URL -enable_proposed_api=$YNH_APP_ARG_ENABLE_PROPOSED_API app=$YNH_APP_INSTANCE_NAME @@ -41,31 +35,17 @@ ynh_script_progression --message="Validating installation parameters..." --weigh final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" -data_path=/home/yunohost.app/$app -test ! -e "$data_path" || ynh_die --message="This path already contains a folder" # Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url +ynh_webpath_register --app=$app --domain=$domain --path_url="/" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 +ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin -if [ ! -z "$password" ]; then - auth="password" - hashed_password="$(printf "$password" | sha256sum | cut -d' ' -f1)" -else - auth="none" - hashed_password="" -fi -ynh_app_setting_set --app=$app --key=hashed_password --value=$hashed_password -ynh_app_setting_set --app=$app --key=extension_service_url --value="$extension_service_url" -ynh_app_setting_set --app=$app --key=extension_item_url --value="$extension_item_url" -ynh_app_setting_set --app=$app --key=enable_proposed_api --value="$enable_proposed_api" #================================================= # STANDARD MODIFICATIONS @@ -75,30 +55,26 @@ ynh_app_setting_set --app=$app --key=enable_proposed_api --value="$enable_propos ynh_script_progression --message="Finding an available port..." --weight=1 # Find an available port -port=$(ynh_find_port --port=8080) +port=$(ynh_find_port --port=8095) ynh_app_setting_set --app=$app --key=port --value=$port -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=30 - -install_dependencies - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=25 +ynh_script_progression --message="Setting up source files..." --weight=5 ynh_app_setting_set --app=$app --key=final_path --value=$final_path -ynh_app_setting_set --app=$app --key=data_path --value=$data_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$final_path" --source_id="$YNH_ARCH" -setup_source +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R root:$admin "$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 +ynh_script_progression --message="Configuring NGINX web server..." --weight=5 # Create a dedicated NGINX config ynh_add_nginx_config @@ -106,23 +82,42 @@ ynh_add_nginx_config #================================================= # SPECIFIC SETUP #================================================= -# BUILD APP +# ... #================================================= -ynh_script_progression --message="Compiling code-server... (this will take a long time)" --weight=200 - -build_app #================================================= -# ADD CONFIGURATIONS +# CREATE DATA DIRECTORY #================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 +ynh_script_progression --message="Creating a data directory..." --weight=2 -add_configs +datadir=/home/yunohost.app/$app +ynh_app_setting_set --app=$app --key=datadir --value=$datadir + +mkdir -p $datadir/{user-data,extensions} + +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $admin:$admin "$datadir" + +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a configuration file..." --weight=2 + +ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" + +chmod 440 "$final_path/config.yaml" +chown root:$admin "$final_path/config.yaml" + +ynh_add_config --template="code-server.env" --destination="$final_path/code-server.env" + +chmod 440 "$final_path/code-server.env" +chown root:$admin "$final_path/code-server.env" #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=1 +ynh_script_progression --message="Configuring a systemd service..." --weight=2 # Create a dedicated systemd config ynh_add_systemd_config @@ -132,8 +127,7 @@ ynh_add_systemd_config #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 - +ynh_script_progression --message="Configuring log rotation..." --weight=2 # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -142,7 +136,7 @@ ynh_use_logrotate #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Server for accessing VS Code from the browser" --log="/var/log/$app/$app.log" +yunohost service add $app --description="VS Code Server" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE @@ -150,33 +144,20 @@ yunohost service add $app --description="Server for accessing VS Code from the b ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match=" HTTP server listening on " - -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 - -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex='^Failed login attempt {"xForwardedFor":""' +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi +ynh_permission_update --permission="main" --remove="all_users" +ynh_permission_update --permission="main" --add=$admin #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=2 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/remove b/scripts/remove index 64475cd..edce58f 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,9 +12,14 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 -load_settings +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # STANDARD REMOVE @@ -25,7 +30,7 @@ load_settings # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then - ynh_script_progression --message="Removing $app service integration..." --weight=1 + ynh_script_progression --message="Removing $app service integration..." --weight=2 yunohost service remove $app fi @@ -38,20 +43,12 @@ ynh_script_progression --message="Stopping and removing the systemd service..." ynh_remove_systemd_config #================================================= -# REMOVE DEPENDENCIES +# REMOVE LOGROTATE CONFIGURATION #================================================= -ynh_script_progression --message="Removing dependencies..." --weight=5 +ynh_script_progression --message="Removing logrotate configuration..." --weight=2 -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - -#================================================= -# REMOVE NODE.JS -#================================================= -ynh_script_progression --message="Removing Node.js version..." --weight=5 - -# Remove metapackage and its dependencies -ynh_remove_nodejs +# Remove the app-specific logrotate config +ynh_remove_logrotate #================================================= # REMOVE APP MAIN DIR @@ -62,12 +59,15 @@ ynh_script_progression --message="Removing app main directory..." --weight=1 ynh_secure_remove --file="$final_path" #================================================= -# REMOVE APP DATA DIR +# REMOVE DATA DIR #================================================= -ynh_script_progression --message="Removing app data directory..." --weight=1 -# Remove the app directory securely -ynh_secure_remove --file="$data_path" +# Remove the data directory if --purge option is used +if [ "${YNH_APP_PURGE:-0}" -eq 1 ] +then + ynh_script_progression --message="Removing app data directory..." --weight=1 + ynh_secure_remove --file="$datadir" +fi #================================================= # REMOVE NGINX CONFIGURATION @@ -77,34 +77,22 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 - -# Remove the app-specific logrotate config -ynh_remove_logrotate - -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Removing Fail2ban configuration..." --weight=1 - -# Remove the dedicated Fail2Ban config -ynh_remove_fail2ban_config - #================================================= # SPECIFIC REMOVE #================================================= # REMOVE VARIOUS FILES #================================================= -ynh_script_progression --message="Removing log files..." --weight=1 +ynh_script_progression --message="Removing various files..." --weight=1 # Remove the log files ynh_secure_remove --file="/var/log/$app" #================================================= # GENERIC FINALIZATION +#================================================= +# ... +#================================================= + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 8266bd9..42b315d 100755 --- a/scripts/restore +++ b/scripts/restore @@ -15,6 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script @@ -23,112 +24,96 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." --time --weight=1 -load_settings +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get --app=$app --key=domain) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 +ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " -test ! -d $data_path \ - || ynh_die --message="There is already a directory: $data_path " +ynh_user_exists --username=$admin || ynh_die --message="User $admin doesn't exist " #================================================= # STANDARD RESTORATION STEPS #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1 +ynh_script_progression --message="Restoring the NGINX configuration..." --time --weight=1 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=1 +ynh_script_progression --message="Restoring the app main directory..." --time --weight=1 ynh_restore_file --origin_path="$final_path" -#================================================= -# RESTORE THE APP DATA DIR -#================================================= -ynh_script_progression --message="Restoring the app data directory..." --weight=1 - -ynh_restore_file --origin_path="$data_path" --not_mandatory +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R root:$admin "$final_path" #================================================= -# RESTORE LOG FILES +# RESTORE THE DATA DIRECTORY #================================================= -ynh_script_progression --message="Restoring the log files..." --weight=1 +ynh_script_progression --message="Restoring the data directory..." --time --weight=1 -ynh_restore_file --origin_path="/var/log/$app" +ynh_restore_file --origin_path="$datadir" --not_mandatory -#================================================= -# RESTORE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1 +mkdir -p $datadir/{user-data,extensions} -ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $admin:$admin "$datadir" #================================================= # SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=15 - -install_dependencies - #================================================= # RESTORE SYSTEMD #================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_script_progression --message="Restoring the systemd configuration..." --time --weight=1 ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -yunohost service add $app --description="Server for accessing VS Code from the browser" --log="/var/log/$app/$app.log" - #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 +ynh_script_progression --message="Restoring the logrotate configuration..." --time --weight=1 + +mkdir -p "/var/log/$app" ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= -# SET PERMISSIONS +# INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Securing files and directories..." --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 -set_permissions +yunohost service add $app --description="VS Code Server" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting a systemd service..." --time --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match=" HTTP server listening on " +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #================================================= # GENERIC FINALIZATION #================================================= -# RELOAD NGINX +# RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -136,4 +121,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression --message="Restoration completed for $app" --time --last diff --git a/scripts/upgrade b/scripts/upgrade index 4e33156..d4b8201 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,9 +12,15 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." --time --weight=1 -load_settings +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get --app=$app --key=domain) +admin=$(ynh_app_setting_get --app=$app --key=admin) +port=$(ynh_app_setting_get --app=$app --key=port) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # CHECK VERSION @@ -25,7 +31,7 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=50 +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -41,60 +47,82 @@ ynh_abort_if_errors #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 + + +# Upgrade from 3.11.0~ynh1 +extension_service_url=$(ynh_app_setting_get --app=$app --key="extension_service_url") +extension_item_url=$(ynh_app_setting_get --app=$app --key="extension_item_url") + +if [ "$extension_service_url" ] && [ "$extension_item_url" ] +then + echo "EXTENSIONS_GALLERY='{\"serviceUrl\": \"$extension_service_url\",\"itemUrl\": \"$extension_item_url\"}'" > "$final_path/code-server.env" + + ynh_app_setting_delete --app=$app --key="extension_service_url" + ynh_app_setting_delete --app=$app --key="extension_item_url" +fi + +enable_proposed_api=$(ynh_app_setting_get --app=$app --key="enable_proposed_api") + +if [ "$enable_proposed_api" ] +then + ynh_print_warn --message="Custom enable-proposed-api detected. You'll have to enable them through application config panel." + ynh_print_warn --message="enable-proposed-api was set to: $enable_proposed_api" + + ynh_app_setting_delete --app=$app --key="enable_proposed_api" +fi + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --weight=5 + ynh_script_progression --message="Upgrading source files..." --time --weight=1 - setup_source + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" --source_id="$YNH_ARCH" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R root:$admin "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 +ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=15 - -install_dependencies - #================================================= # SPECIFIC UPGRADE #================================================= -# BUILD APP +# ... #================================================= -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Compiling code-server..." --weight=600 - - build_app -fi - #================================================= -# UPDATE CONFIG FILES +# UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Updating a configuration file..." --weight=1 +ynh_script_progression --message="Updating a configuration file..." --time --weight=1 -add_configs +ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" + +chmod 440 "$final_path/config.yaml" +chown root:$admin "$final_path/config.yaml" #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1 # Create a dedicated systemd config ynh_add_systemd_config @@ -104,7 +132,7 @@ ynh_add_systemd_config #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 +ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1 # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append @@ -112,29 +140,21 @@ ynh_use_logrotate --non-append #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 -yunohost service add $app --description="Server for accessing VS Code from the browser" --log="/var/log/$app/$app.log" +yunohost service add $app --description="VS Code Server" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting a systemd service..." --time --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match=" HTTP server listening on " - -#================================================= -# UPGRADE FAIL2BAN -#================================================= -ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1 - -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex='^Failed login attempt {"xForwardedFor":""' +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -142,4 +162,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression --message="Upgrade of $app completed" --time --last From cf401f744710e2c897688117af7dc80aed491581 Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Sun, 16 Jan 2022 13:01:08 +0000 Subject: [PATCH 2/7] auth and password --- conf/config.yaml | 2 +- config_panel.toml | 15 +++++++++++++++ scripts/config | 48 +++++++++++++++++++++++++++++++++++++++++++++++ scripts/upgrade | 7 +++++++ 4 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 scripts/config diff --git a/conf/config.yaml b/conf/config.yaml index a6afd92..6213d48 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -1,5 +1,5 @@ bind-addr: 127.0.0.1:__PORT__ -auth: "none" +auth: none cert: false disable-telemetry: true disable-update-check: true diff --git a/config_panel.toml b/config_panel.toml index 36842f6..e3c7d8a 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -10,6 +10,21 @@ version = "1.0" name = "Main configuration" services = ["__APP__"] + [main.auth] + name = "Authentication" + + [main.auth.type] + ask = "Auth type" + type = "select" + choices = ["none", "password"] + default = "none" + bind: ":/opt/yunohost/__APP__/config.yaml" + + [main.auth.password] + ask = "Password" + type = "password" + visible = "main.auth.type == 'password'" + [main.extensions] name = "Extensions" optional = false diff --git a/scripts/config b/scripts/config new file mode 100644 index 0000000..6e1a499 --- /dev/null +++ b/scripts/config @@ -0,0 +1,48 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source /usr/share/yunohost/helpers + +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +final_path=$(ynh_app_setting_get $app final_path) + +#================================================= +# SPECIFIC GETTERS FOR TOML SHORT KEY +#================================================= + +get__password() { + echo YNH_NULL +} + +#================================================= +# SPECIFIC VALIDATORS FOR TOML SHORT KEYS +#================================================= + +#================================================= +# SPECIFIC SETTERS FOR TOML SHORT KEYS +#================================================= + +set__password() { + hashed_password="$(printf "$password" | sha256sum | cut -d' ' -f1)" + + sed -i "/hashed-password:.*/d" "$final_path/config.py" + + echo "hashed-password: $hashed_password" >> "$final_path/config.py" + + ynh_app_setting_set $app hashed_password $hashed_password +} + +#================================================= +# GENERIC FINALIZATION +#================================================= +ynh_app_config_run $1 diff --git a/scripts/upgrade b/scripts/upgrade index d4b8201..009b88e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,6 +21,8 @@ admin=$(ynh_app_setting_get --app=$app --key=admin) port=$(ynh_app_setting_get --app=$app --key=port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) datadir=$(ynh_app_setting_get --app=$app --key=datadir) +auth_type=$(ynh_app_setting_get --app=$app --key=auth_type) +hashed_password=$(ynh_app_setting_get --app=$app --key=hashed_password) #================================================= # CHECK VERSION @@ -116,6 +118,11 @@ ynh_script_progression --message="Updating a configuration file..." --time --wei ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" +if [ $auth == "password" ] +then + echo "hashed-password: $hashed_password" >> "$final_path/config.py" +fi + chmod 440 "$final_path/config.yaml" chown root:$admin "$final_path/config.yaml" From 67211cd5468c2cb5eab6cf161a7b14026fa6850f Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Sun, 16 Jan 2022 19:45:31 +0000 Subject: [PATCH 3/7] fix --- conf/code-server.env | 2 +- conf/config.yaml | 2 +- config_panel.toml | 12 ++++++----- scripts/_common.sh | 3 +++ scripts/config | 27 +++++++++++++++++++----- scripts/upgrade | 49 +++++++++++++++++++++++++------------------- 6 files changed, 62 insertions(+), 33 deletions(-) diff --git a/conf/code-server.env b/conf/code-server.env index d2e49a7..b935eda 100644 --- a/conf/code-server.env +++ b/conf/code-server.env @@ -1 +1 @@ -EXTENSIONS_GALLERY='{"serviceUrl": "https://open-vsx.org/vscode/gallery","itemUrl": "https://open-vsx.org/vscode/item"}' +EXTENSIONS_GALLERY='__EXTENSIONS_GALLERY__' diff --git a/conf/config.yaml b/conf/config.yaml index 6213d48..2194c32 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -1,5 +1,5 @@ bind-addr: 127.0.0.1:__PORT__ -auth: none +auth: __AUTH__ cert: false disable-telemetry: true disable-update-check: true diff --git a/config_panel.toml b/config_panel.toml index e3c7d8a..a2c5526 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -9,21 +9,23 @@ version = "1.0" [main] name = "Main configuration" services = ["__APP__"] - + [main.auth] name = "Authentication" - [main.auth.type] + [main.auth.auth] ask = "Auth type" type = "select" choices = ["none", "password"] default = "none" - bind: ":/opt/yunohost/__APP__/config.yaml" + optional = false + bind = ":/opt/yunohost/__APP__/config.yaml" [main.auth.password] ask = "Password" type = "password" - visible = "main.auth.type == 'password'" + optional = true + visible = "auth == 'password'" [main.extensions] name = "Extensions" @@ -33,10 +35,10 @@ services = ["__APP__"] ask = "Extensions Gallery" type = "string" example = "{\"serviceUrl\": \"https://open-vsx.org/vscode/gallery\",\"itemUrl\": \"https://open-vsx.org/vscode/item\"}" + optional = false bind = ":/opt/yunohost/__APP__/code-server.env" [main.extensions.enable_proposed_api] ask = "Enable Proposed API" type = "tags" optional = true - bind = "enable-proposed-api:/opt/yunohost/__APP__/config.yaml" diff --git a/scripts/_common.sh b/scripts/_common.sh index 944a65e..bdfd5f7 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,6 +4,9 @@ # COMMON VARIABLES #================================================= +extensions_gallery="{\"serviceUrl\": \"https://open-vsx.org/vscode/gallery\",\"itemUrl\": \"https://open-vsx.org/vscode/item\"}" +auth="none" + #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/config b/scripts/config index 6e1a499..c35b0da 100644 --- a/scripts/config +++ b/scripts/config @@ -21,7 +21,11 @@ final_path=$(ynh_app_setting_get $app final_path) #================================================= get__password() { - echo YNH_NULL + echo "" +} + +get__enable_proposed_api() { + echo "$(awk '/enable-proposed-api:/ {print $2}' $final_path/config.yaml)" } #================================================= @@ -33,13 +37,26 @@ get__password() { #================================================= set__password() { - hashed_password="$(printf "$password" | sha256sum | cut -d' ' -f1)" + if [ $password ] + then + hashed_password="$(printf "$password" | sha256sum | cut -d' ' -f1)" - sed -i "/hashed-password:.*/d" "$final_path/config.py" + sed -i "/hashed-password:.*/d" "$final_path/config.yaml" - echo "hashed-password: $hashed_password" >> "$final_path/config.py" + echo "hashed-password: $hashed_password" >> "$final_path/config.yaml" + ynh_store_file_checksum --file="$final_path/config.yaml" - ynh_app_setting_set $app hashed_password $hashed_password + ynh_app_setting_set $app hashed_password "$hashed_password" + fi +} + +set__enable_proposed_api() { + sed -i "/enable-proposed-api:.*/d" "$final_path/config.yaml" + + echo "enable-proposed-api: $enable_proposed_api" >> "$final_path/config.yaml" + ynh_store_file_checksum --file="$final_path/config.yaml" + + ynh_app_setting_set $app enable_proposed_api "$enable_proposed_api" } #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 009b88e..46ed0e5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,8 +21,10 @@ admin=$(ynh_app_setting_get --app=$app --key=admin) port=$(ynh_app_setting_get --app=$app --key=port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) datadir=$(ynh_app_setting_get --app=$app --key=datadir) -auth_type=$(ynh_app_setting_get --app=$app --key=auth_type) +auth=$(ynh_app_setting_get --app=$app --key=auth) hashed_password=$(ynh_app_setting_get --app=$app --key=hashed_password) +enable_proposed_api=$(ynh_app_setting_get --app=$app --key="enable_proposed_api") +extensions_gallery=$(ynh_app_setting_get --app=$app --key="extensions_gallery") #================================================= # CHECK VERSION @@ -58,27 +60,31 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 - -# Upgrade from 3.11.0~ynh1 -extension_service_url=$(ynh_app_setting_get --app=$app --key="extension_service_url") -extension_item_url=$(ynh_app_setting_get --app=$app --key="extension_item_url") - -if [ "$extension_service_url" ] && [ "$extension_item_url" ] +if ynh_compare_current_package_version -c le -v "3.11.0~ynh1" then - echo "EXTENSIONS_GALLERY='{\"serviceUrl\": \"$extension_service_url\",\"itemUrl\": \"$extension_item_url\"}'" > "$final_path/code-server.env" + extension_service_url=$(ynh_app_setting_get --app=$app --key="extension_service_url") + extension_item_url=$(ynh_app_setting_get --app=$app --key="extension_item_url") - ynh_app_setting_delete --app=$app --key="extension_service_url" - ynh_app_setting_delete --app=$app --key="extension_item_url" -fi + if [ "$extension_service_url" ] && [ "$extension_item_url" ] + then + extensions_gallery="{\"serviceUrl\": \"$extension_service_url\",\"itemUrl\": \"$extension_item_url\"}" -enable_proposed_api=$(ynh_app_setting_get --app=$app --key="enable_proposed_api") + ynh_app_setting_set --app=$app --key="extensions_gallery" --value="$extensions_gallery" -if [ "$enable_proposed_api" ] -then - ynh_print_warn --message="Custom enable-proposed-api detected. You'll have to enable them through application config panel." - ynh_print_warn --message="enable-proposed-api was set to: $enable_proposed_api" + ynh_app_setting_delete --app=$app --key="extension_service_url" + ynh_app_setting_delete --app=$app --key="extension_item_url" + fi - ynh_app_setting_delete --app=$app --key="enable_proposed_api" + if [ "$enable_proposed_api" ] + then + ynh_print_warn --message="Custom enable-proposed-api. You have to enable again them through application config panel." + ynh_print_warn --message="enable-proposed-api was set to: $enable_proposed_api" + + ynh_app_setting_delete --app=$app --key="enable_proposed_api" + fi + + ynh_secure_remove --file=$final_path + mkdir -p $final_path fi #================================================= @@ -117,14 +123,15 @@ ynh_add_nginx_config ynh_script_progression --message="Updating a configuration file..." --time --weight=1 ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" +ynh_add_config --template="code-server.env" --destination="$final_path/code-server.env" -if [ $auth == "password" ] +if [ "$auth" == "password" ] then - echo "hashed-password: $hashed_password" >> "$final_path/config.py" + echo "hashed-password: $hashed_password" >> "$final_path/config.yaml" fi -chmod 440 "$final_path/config.yaml" -chown root:$admin "$final_path/config.yaml" +chmod 440 "$final_path/config.yaml" "$final_path/code-server.env" +chown root:$admin "$final_path/config.yaml" "$final_path/code-server.env" #================================================= # SETUP SYSTEMD From b5bc73101c9a70f0992fa4d266bda7e901c6f54d Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Sun, 16 Jan 2022 23:31:32 +0000 Subject: [PATCH 4/7] fix --- scripts/install | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/install b/scripts/install index 3c1a716..02bb885 100755 --- a/scripts/install +++ b/scripts/install @@ -25,6 +25,7 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN admin=$YNH_APP_ARG_ADMIN +auth="none" app=$YNH_APP_INSTANCE_NAME @@ -46,6 +47,7 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=admin --value=$admin +ynh_app_setting_set --app=$app --key=auth --value=$auth #================================================= # STANDARD MODIFICATIONS From 9d53cbbbe338bf4b3ef0ebd4817b0a1e8ff46d6e Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Mon, 17 Jan 2022 01:22:36 +0000 Subject: [PATCH 5/7] fix --- scripts/_common.sh | 1 - scripts/upgrade | 8 ++++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index bdfd5f7..032b5ea 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,6 @@ #================================================= extensions_gallery="{\"serviceUrl\": \"https://open-vsx.org/vscode/gallery\",\"itemUrl\": \"https://open-vsx.org/vscode/item\"}" -auth="none" #================================================= # PERSONAL HELPERS diff --git a/scripts/upgrade b/scripts/upgrade index 46ed0e5..54093ce 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -83,6 +83,14 @@ then ynh_app_setting_delete --app=$app --key="enable_proposed_api" fi + if [ "$hashed_password" ] + then + auth="password" + else + auth="none" + fi + ynh_app_setting_get --app=$app --key=auth --value=$auth + ynh_secure_remove --file=$final_path mkdir -p $final_path fi From d3f5e5c8cded4fe57e5911fa0ee161d5f2cd4de9 Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Mon, 17 Jan 2022 01:52:55 +0000 Subject: [PATCH 6/7] dumb fix --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 54093ce..5c07119 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -89,7 +89,7 @@ then else auth="none" fi - ynh_app_setting_get --app=$app --key=auth --value=$auth + ynh_app_setting_set --app=$app --key="auth" --value=$auth ynh_secure_remove --file=$final_path mkdir -p $final_path From a60a78e3d415caae976a13013d3b62f6d416619d Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Mon, 17 Jan 2022 22:38:50 +0000 Subject: [PATCH 7/7] fix --- scripts/upgrade | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 5c07119..765635b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -91,6 +91,8 @@ then fi ynh_app_setting_set --app=$app --key="auth" --value=$auth + ynh_remove_fail2ban_config + ynh_secure_remove --file=$final_path mkdir -p $final_path fi