cops_ynh/scripts/upgrade

#!/bin/bash
set -eu

# We retrieve app parameters
app=$YNH_APP_INSTANCE_NAME

# Source app helpers
source .fonctions
source /usr/share/yunohost/helpers

# We check variables are not empty
CHECK_VAR "$app" "app name not set"

path=$(ynh_app_setting_get $app path)
domain=$(ynh_app_setting_get $app domain)
final_path=$(ynh_app_setting_get $app final_path)
finalnginxconf=$(ynh_app_setting_get $app finalnginxconf)
finalphpconf=$(ynh_app_setting_get $app finalphpconf)
calibre=$(ynh_app_setting_get $app calibre)
basicauthcreate=$(ynh_app_setting_get $app basicauthcreate)

# We check that calibre path is correct
CHECK_CALIBRE

# Install dependencies using Helpers
ynh_package_install_from_equivs ../conf/cops-deps.control \
|| ynh_die "Unable to install dependencies"

# Removal of old folder and restart from fresh
SECURE_REMOVE '$final_path'
sudo mkdir -p $final_path

# We download the sources and check the md5sum
cops_file=`sudo cat ../sources/source_file`;
sudo wget -nv -i ../sources/source_url -O $cops_file
sudo md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false)
sudo unzip ${cops_file} -d $final_path

# Site adjustments
sed -i "s@CALIBRETOCHANGE@$calibre@g" ../conf/config_local.php
timezone=`sudo cat /etc/timezone`;
sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php

sudo cp ../conf/config_local.php $final_path
sudo cp ../conf/robots.txt $final_path

# Create cops user and join nextcloud/owncloud/www-data groups
runninguser="${app}-ynh"
# 1.  Create the user
# Create a system account for COPS if it doesn't already exists
if ! ynh_system_user_exists "$runninguser" ;
then
    echo "The user $runninguser does not exist, we can create it"
    sudo useradd -c "$runninguser system account" \
       -d $final_path --system --user-group $runninguser \
       || ynh_die "Unable to create $runninguser system account"
else
    echo "The user $runninguser exists, no need to create it"
fi

ynh_app_setting_set "$app" runninguser "$runninguser"

# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist
sudo usermod -a -G www-data $runninguser
for filesharing in "nextcloud" "owncloud"; do
    app_id=$(sudo yunohost app list --installed -f "$filesharing" \
            --output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1)
    [[ -z "$app_id" ]] || {
        sudo usermod -a -G $filesharing $runninguser
    }
done

# Set permissions
sudo chmod ug+rw -R $final_path
sudo chown -hR $runninguser:$runninguser $final_path

# Add basic auth if requested
if [ "$basicauthcreate" = "Yes" ];
then
	basicauthname=$(ynh_app_setting_get $app basicauthname)
	basicauthpass=$(ynh_app_setting_get $app basicauthpass)

        # Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/
        SALT="$(openssl rand -base64 3)"
        (SHA1=$(printf "$basicauthpass$SALT" |
        openssl dgst -binary -sha1 | xxd -ps |
        sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' |
        xxd -r -ps |
        base64);printf "$basicauthname:{SSHA}$SHA1\n" >> ../sources/htpasswd)
        sudo cp ../sources/htpasswd $final_path
        sudo chmod 440 $final_path/htpasswd
        sudo chown www-data:www-data $final_path/htpasswd

        # Modif nginx
        sed -i "s|^.*\bauth_basic\b.*$|       auth_basic \"Private Library\";|" ../conf/nginx.conf;
        sed -i "s|^.*\bauth_basic_user_file\b.*$|       auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf;
else
        echo "No basic auth";
fi

# Modify Nginx configuration file and copy it to Nginx conf.d directory
sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf
sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf
sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf
sudo cp ../conf/nginx.conf $finalnginxconf

# Modify php-fpm configuration file and copy it to php-fpm pool.d directory
sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf
sed -i "s@FOLDERTOCHANGE@$final_path@g" ../conf/php-fpm.conf
sed -i "s@USERTOCHANGE@$runninguser@g" ../conf/php-fpm.conf
sudo cp ../conf/php-fpm.conf $finalphpconf
sudo chown root: $finalphpconf
sudo chmod 644 $finalphpconf

# Make app public if necessary
is_public=$(ynh_app_setting_get $app is_public)
if [ "$is_public" = "Yes" ];
then
	ynh_app_setting_set $app skipped_uris "/"
else
	ynh_app_setting_set $app protected_uris "/"
fi

# Reload Nginx and regenerate SSOwat conf
sudo service php5-fpm reload
sudo service nginx reload
sudo yunohost app ssowatconf
Initial scripts commit 2016-12-21 18:46:36 +01:00			`#!/bin/bash`
Add set -u & set -eu as per package_linter 2017-02-25 00:53:44 +01:00			`set -eu`
Initial scripts commit 2016-12-21 18:46:36 +01:00
Backup before upgrade and restore if it fails 2017-01-17 21:27:58 +01:00			`# We retrieve app parameters`
			`app=$YNH_APP_INSTANCE_NAME`
Initial scripts commit 2016-12-21 18:46:36 +01:00
			`# Source app helpers`
Cleaning of functions in .fonctions 2017-02-24 19:20:15 +01:00			`source .fonctions`
Initial scripts commit 2016-12-21 18:46:36 +01:00			`source /usr/share/yunohost/helpers`

			`# We check variables are not empty`
			`CHECK_VAR "$app" "app name not set"`

			`path=$(ynh_app_setting_get $app path)`
			`domain=$(ynh_app_setting_get $app domain)`
			`final_path=$(ynh_app_setting_get $app final_path)`
			`finalnginxconf=$(ynh_app_setting_get $app finalnginxconf)`
			`finalphpconf=$(ynh_app_setting_get $app finalphpconf)`
Avoid path confusion in manifest.json 2016-12-23 23:02:50 +01:00			`calibre=$(ynh_app_setting_get $app calibre)`
Add Basic Auth capability for public OPDS/HTML Library 2016-12-22 13:01:20 +01:00			`basicauthcreate=$(ynh_app_setting_get $app basicauthcreate)`
Update of manifest.json to request further parameters 2016-12-22 03:42:11 +01:00
Avoid path confusion in manifest.json 2016-12-23 23:02:50 +01:00			`# We check that calibre path is correct`
			`CHECK_CALIBRE`
Use automatic function to remove trailing / on calibrepath 2016-12-22 14:19:29 +01:00
Use of ynh_package_install_from_equivs 2017-02-24 14:43:49 +01:00			`# Install dependencies using Helpers`
			`ynh_package_install_from_equivs ../conf/cops-deps.control \`
			`\|\| ynh_die "Unable to install dependencies"`
We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00
			`# Removal of old folder and restart from fresh`
Cleaning of functions in .fonctions 2017-02-24 19:20:15 +01:00			`SECURE_REMOVE '$final_path'`
We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00			`sudo mkdir -p $final_path`

			`# We download the sources and check the md5sum`
			cops_file=`sudo cat ../sources/source_file`;
Adjustments on md5sum 2016-12-23 21:59:20 +01:00			`sudo wget -nv -i ../sources/source_url -O $cops_file`
We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00			`sudo md5sum -c ../sources/source_md5 --status \|\| (echo "Corrupt source" >&2 && false)`
Adjustments on md5sum 2016-12-23 21:56:43 +01:00			`sudo unzip ${cops_file} -d $final_path`
We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00
			`# Site adjustments`
Correction of typo in upgrade script 2017-02-26 00:30:45 +01:00			`sed -i "s@CALIBRETOCHANGE@$calibre@g" ../conf/config_local.php`
We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00			timezone=`sudo cat /etc/timezone`;
			`sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php`

			`sudo cp ../conf/config_local.php $final_path`
			`sudo cp ../conf/robots.txt $final_path`

Use of dedicated system user 2017-02-24 17:06:06 +01:00			`# Create cops user and join nextcloud/owncloud/www-data groups`
			`runninguser="${app}-ynh"`
			`# 1. Create the user`
Test if the user $runninguser already exists before creating it 2017-02-24 17:47:43 +01:00			`# Create a system account for COPS if it doesn't already exists`
Check if user exists using ynh helpers 2017-02-24 18:47:00 +01:00			`if ! ynh_system_user_exists "$runninguser" ;`
Test if the user exists with ERR code if not 2017-02-24 18:24:17 +01:00			`then`
Simpler test to check if user cops-ynh exists or not 2017-02-24 18:12:32 +01:00			`echo "The user $runninguser does not exist, we can create it"`
Test if the user $runninguser already exists before creating it 2017-02-24 17:47:43 +01:00			`sudo useradd -c "$runninguser system account" \`
			`-d $final_path --system --user-group $runninguser \`
			`\|\| ynh_die "Unable to create $runninguser system account"`
Simpler test to check if user cops-ynh exists or not 2017-02-24 18:12:32 +01:00			`else`
			`echo "The user $runninguser exists, no need to create it"`
Test if the user $runninguser already exists before creating it 2017-02-24 17:47:43 +01:00			`fi`
Test if the user exists with ERR code if not 2017-02-24 18:24:17 +01:00
Use of dedicated system user 2017-02-24 17:06:06 +01:00			`ynh_app_setting_set "$app" runninguser "$runninguser"`

			`# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist`
			`sudo usermod -a -G www-data $runninguser`
			`for filesharing in "nextcloud" "owncloud"; do`
			`app_id=$(sudo yunohost app list --installed -f "$filesharing" \`
			`--output-as json \| grep -Po '"id":[ ]?"\K.*?(?=")' \| head -1)`
			`[[ -z "$app_id" ]] \|\| {`
			`sudo usermod -a -G $filesharing $runninguser`
			`}`
			`done`

We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00			`# Set permissions`
Use of dedicated system user 2017-02-24 17:06:06 +01:00			`sudo chmod ug+rw -R $final_path`
We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00			`sudo chown -hR $runninguser:$runninguser $final_path`

Add Basic Auth capability for public OPDS/HTML Library 2016-12-22 13:01:20 +01:00			`# Add basic auth if requested`
			`if [ "$basicauthcreate" = "Yes" ];`
			`then`
Cleaning 2016-12-23 23:55:35 +01:00			`basicauthname=$(ynh_app_setting_get $app basicauthname)`
Add Basic Auth capability for public OPDS/HTML Library 2016-12-22 13:01:20 +01:00			`basicauthpass=$(ynh_app_setting_get $app basicauthpass)`

			`# Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/`
			`SALT="$(openssl rand -base64 3)"`
			`(SHA1=$(printf "$basicauthpass$SALT" \|`
			`openssl dgst -binary -sha1 \| xxd -ps \|`
			sed 's#$#'"`echo -n $SALT \| xxd -ps`"'#' \|
			`xxd -r -ps \|`
Cleaning 2016-12-23 23:55:35 +01:00			`base64);printf "$basicauthname:{SSHA}$SHA1\n" >> ../sources/htpasswd)`
We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00			`sudo cp ../sources/htpasswd $final_path`
			`sudo chmod 440 $final_path/htpasswd`
			`sudo chown www-data:www-data $final_path/htpasswd`
Add Basic Auth capability for public OPDS/HTML Library 2016-12-22 13:01:20 +01:00
			`# Modif nginx`
We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00			`sed -i "s\|^.\bauth_basic\b.$\| auth_basic \"Private Library\";\|" ../conf/nginx.conf;`
			`sed -i "s\|^.\bauth_basic_user_file\b.$\| auth_basic_user_file $final_path/htpasswd;\|" ../conf/nginx.conf;`
Add Basic Auth capability for public OPDS/HTML Library 2016-12-22 13:01:20 +01:00			`else`
			`echo "No basic auth";`
			`fi`
Update of manifest.json to request further parameters 2016-12-22 03:42:11 +01:00
We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00			`# Modify Nginx configuration file and copy it to Nginx conf.d directory`
Initial scripts commit 2016-12-21 18:46:36 +01:00			`sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf`
			`sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf`
			`sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf`
			`sudo cp ../conf/nginx.conf $finalnginxconf`

We download sources instead of having them in the depot 2016-12-23 21:24:09 +01:00			`# Modify php-fpm configuration file and copy it to php-fpm pool.d directory`
Initial scripts commit 2016-12-21 18:46:36 +01:00			`sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf`
Add missing _ in final_path 2016-12-22 01:08:35 +01:00			`sed -i "s@FOLDERTOCHANGE@$final_path@g" ../conf/php-fpm.conf`
Use of runninguser instead of usergroup 2016-12-22 01:44:07 +01:00			`sed -i "s@USERTOCHANGE@$runninguser@g" ../conf/php-fpm.conf`
Initial scripts commit 2016-12-21 18:46:36 +01:00			`sudo cp ../conf/php-fpm.conf $finalphpconf`
			`sudo chown root: $finalphpconf`
			`sudo chmod 644 $finalphpconf`

			`# Make app public if necessary`
			`is_public=$(ynh_app_setting_get $app is_public)`
			`if [ "$is_public" = "Yes" ];`
			`then`
			`ynh_app_setting_set $app skipped_uris "/"`
			`else`
			`ynh_app_setting_set $app protected_uris "/"`
			`fi`

			`# Reload Nginx and regenerate SSOwat conf`
			`sudo service php5-fpm reload`
			`sudo service nginx reload`
			`sudo yunohost app ssowatconf`