From 94dc69d8941b236d8afdc0b5eefd9a84f6794b87 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 4 Aug 2021 12:23:13 +0200 Subject: [PATCH] Fix --- check_process | 39 ++--- conf/app.src | 7 + conf/config_local.php | 30 ++-- conf/nginx.conf | 46 +++--- conf/php-fpm.conf | 321 ++++++++++++++++++++++++++++++++--------- conf/robots.txt | 2 - manifest.json | 28 ++-- scripts/.fonctions | 97 ------------- scripts/_common.sh | 22 +++ scripts/backup | 92 ++++++++++-- scripts/install | 259 ++++++++++++++++----------------- scripts/remove | 123 ++++++++-------- scripts/restore | 169 +++++++++++++--------- scripts/upgrade | 328 ++++++++++++++++++++++++++++-------------- sources/source_file | 1 - sources/source_md5 | 1 - sources/source_url | 1 - 17 files changed, 940 insertions(+), 626 deletions(-) create mode 100644 conf/app.src delete mode 100755 conf/robots.txt delete mode 100644 scripts/.fonctions create mode 100644 scripts/_common.sh delete mode 100644 sources/source_file delete mode 100644 sources/source_md5 delete mode 100644 sources/source_url diff --git a/check_process b/check_process index aa603d3..318e124 100644 --- a/check_process +++ b/check_process @@ -1,18 +1,16 @@ -;; master - auto_remove=1 -# Commentaire ignoré +;; Test complet ; Manifest - domain="$DOMAIN" (DOMAIN) - path="/path" (PATH) + domain="domain.tld" + path="/path" + admin="john" language="fr" - runninguser="www-data" + is_public=1 + password="pass" + runninguser="www-data" calibre="/home/yunohost.app/owncloud/johndoe/" - is_public="Yes" (PUBLIC|public=Yes|private=No) - basicauthcreate="Yes" - basicauthname="Gutenberg" - basicauthpass="hiyjgvhfgvhgbjh" -# password="$PASSWORD" (PASSWORD) -# port="666" (PORT) + basicauthcreate="Yes" + basicauthname="Gutenberg" + basicauthpass="hiyjgvhfgvhgbjh" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -21,12 +19,15 @@ setup_private=1 setup_public=1 upgrade=1 + upgrade=1 from_commit=CommitHash backup_restore=1 multi_instance=1 - wrong_user=0 - wrong_path=1 - incorrect_path=1 - corrupt_source=0 - fail_download_source=0 - port_already_use=0 (XXXX) - final_path_already_use=0 + port_already_use=0 + change_url=1 +;;; Options +Email= +Notification=none +;;; Upgrade options + ; commit=CommitHash + name=Name and date of the commit. + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666& diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..ad5262d --- /dev/null +++ b/conf/app.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://github.com/seblucas/cops/releases/download/1.1.3/cops-1.1.3.zip +SOURCE_SUM=68c9efb340ab30989cd89a19a173c45872d33ed85dd02674f8af08b7748cbc77 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=zip +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/config_local.php b/conf/config_local.php index 24c0240..4eb4302 100644 --- a/conf/config_local.php +++ b/conf/config_local.php @@ -2,18 +2,25 @@ if (!isset($config)) $config = array(); + /* + *************************************************** + * Please read config_default.php for all possible + * configuration items + *************************************************** + */ + /* * The directory containing calibre's metadata.db file, with sub-directories * containing all the formats. * BEWARE : it has to end with a / */ - $config['calibre_directory'] = 'CALIBRETOCHANGE/'; - + $config['calibre_directory'] = '__DOMAIN____PATH__'; + /* * Catalog's title */ $config['cops_title_default'] = "COPS"; - + /* * use URL rewriting for downloading of ebook in HTML catalog * See README for more information @@ -22,13 +29,18 @@ */ $config['cops_use_url_rewriting'] = "0"; - $config['cops_recentbooks_limit'] = '10'; + /* + * Set language code to force a language (see lang/ directory for available languages). + * When empty it will auto detect the language. + */ + $config['cops_language'] = '__LANGUAGE__'; - $config['default_timezone'] = "TIMEZONETOCHANGE"; - - $config['cops_template'] = 'default'; - - $config['cops_style'] = 'iphone'; + /* + * Default timezone + * Check following link for other timezones : + * http://www.php.net/manual/en/timezones.php + */ + $config['default_timezone'] = '__TIMEZONE__'; diff --git a/conf/nginx.conf b/conf/nginx.conf index 90e0d31..37de41d 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,27 +1,33 @@ -location PATHTOCHANGE { - alias ALIASTOCHANGE; +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { -# auth_basic "Reason for being private"; -# auth_basic_user_file /path/to/htpasswd; + # Path to source + alias __FINALPATH__/ ; + # Force usage of https + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } +### Example PHP configuration (remove it if not used) + index index.php; - client_max_body_size 10G; - index index.php; - try_files $uri $uri/ index.php; - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-NAMETOCHANGE.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - } + # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file + #client_max_body_size 50M; - include conf.d/yunohost_panel.conf.inc; + try_files $uri $uri/ index.php; + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +### End of PHP configuration part + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 336c925..ab1a471 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,10 +1,11 @@ ; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the +; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) -[NAMETOCHANGE] +[__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: +; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' @@ -16,21 +17,43 @@ ; Default Value: none ;prefix = /path/to/pools/$pool +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + ; The address on which to accept FastCGI requests. ; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-NAMETOCHANGE.sock +listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock -; Set listen(2) backlog. A value of '-1' means unlimited. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = -1 +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 -; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be @@ -38,26 +61,26 @@ listen = /var/run/php5-fpm-NAMETOCHANGE.sock ; Default Value: any ;listen.allowed_clients = 127.0.0.1 -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0666 -listen.owner = www-data -listen.group = www-data -listen.mode = 0600 +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = USERTOCHANGE -group = USERTOCHANGE +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: ; static - a fixed number (pm.max_children) of child processes; ; dynamic - the number of child processes are set dynamically based on the -; following directives: +; following directives. With this process management, there will be +; always at least 1 children. ; pm.max_children - the maximum number of children that can ; be alive at the same time. ; pm.start_servers - the number of children created on startup. @@ -69,73 +92,150 @@ group = USERTOCHANGE ; state (waiting to process). If the number ; of 'idle' processes is greater than this ; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. ; Note: This value is mandatory. pm = dynamic ; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. ; This value sets the limit on the number of simultaneous requests that will be ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. -; Note: Used when pm is set to either 'static' or 'dynamic' +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 6 +pm.max_children = 5 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 3 +pm.start_servers = 2 ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 3 +pm.min_spare_servers = 1 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 5 +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -pm.max_requests = 500 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. By default, the status page shows the following -; information: -; accepted conn - the number of request accepted by the pool; +; recognized as a status page. It shows the following informations: ; pool - the name of the pool; -; process manager - static or dynamic; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; ; idle processes - the number of idle processes; ; active processes - the number of active processes; -; total processes - the number of idle + active processes. +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; ; max children reached - number of times, the process limit has been reached, ; when pm tries to start more children (works only for -; pm 'dynamic') -; The values of 'idle processes', 'active processes' and 'total processes' are -; updated each second. The value of 'accepted conn' is updated in real time. +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. ; Example output: -; accepted conn: 12073 ; pool: www ; process manager: static -; idle processes: 35 -; active processes: 65 -; total processes: 100 -; max children reached: 1 +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; ; By default the status page output is formatted as text/plain. Passing either -; 'html' or 'json' as a query string will return the corresponding output -; syntax. Example: +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: ; http://www.foo.bar/status ; http://www.foo.bar/status?json ; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.0/fpm/status.html +; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -pm.status_path = /fpm-status +;pm.status_path = /status ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside @@ -147,39 +247,102 @@ pm.status_path = /fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -ping.path = /ping +;ping.path = /ping ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. ; Default Value: pong ;ping.response = pong -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -request_terminate_timeout = 120s +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = 5s +;request_slowlog_timeout = 0 -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/NAMETOCHANGE.slow.log +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d ; Set open file descriptor rlimit. ; Default Value: system defined value -rlimit_files = 4096 +;rlimit_files = 1024 ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value -rlimit_core = 0 +;rlimit_core = 0 ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. @@ -195,14 +358,31 @@ rlimit_core = 0 ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = FOLDERTOCHANGE +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no -catch_workers_output = yes +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. @@ -238,6 +418,13 @@ catch_workers_output = yes ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M -php_value[upload_max_filesize] = 10G -php_value[post_max_size] = 10G -php_value[mail.add_x_header] = Off +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On diff --git a/conf/robots.txt b/conf/robots.txt deleted file mode 100755 index 1f53798..0000000 --- a/conf/robots.txt +++ /dev/null @@ -1,2 +0,0 @@ -User-agent: * -Disallow: / diff --git a/manifest.json b/manifest.json index 5317cc4..bf68b1d 100644 --- a/manifest.json +++ b/manifest.json @@ -7,7 +7,7 @@ "fr": "Calibre OPDS (et HTML) PHP Serveur" }, "url": "https://github.com/YunoHost-Apps/cops_ynh", - "license": "free", + "license": "GPL-2.0", "maintainer": { "name": "polytan02", "email": "polytan02@mcgva.org" @@ -15,29 +15,21 @@ "multi_instance": true, "services": [ "nginx", - "php5-fpm" + "php7.3-fpm" ], "requirements": { - "yunohost": ">= 2.4.0" + "yunohost": ">= 4.2.0" }, "arguments": { "install" : [ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for COPS library", - "fr": "Choisissez un domaine pour votre bibliotheque COPS" - }, "example": "domain.tld" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path to access your COPS library", - "fr": "Choisissez un chemin pour acceder a votre bibliotheque COPS" - }, "example": "/cops", "default": "/cops" }, @@ -52,14 +44,10 @@ }, { "name": "is_public", - "ask": { - "en": "Is it a public website ?", - "fr": "Est-ce un site publique ?" - }, - "choices": ["Yes", "No"], - "default": "Yes" + "type": "boolean", + "default": true }, - { + { "name": "basicauthcreate", "ask": { "en": "Create a basic auth access (only taken into account for a Public app) ? This is required if the app is public so that ereaders to access the OPDS server, for example", @@ -79,12 +67,12 @@ }, { "name": "basicauthpass", - "type": "password", + "type": "password", "ask": { "en": "Choose the password to access the OPDS/HTML server", "fr": "Renseignez le mot de passe pour accéder au serveur OPDS/HTML" }, - "example": "knowledge is power", + "example": "knowledge is power", "default": "knowledge is power" } ] diff --git a/scripts/.fonctions b/scripts/.fonctions deleted file mode 100644 index f14893d..0000000 --- a/scripts/.fonctions +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/bash - -EXIT_PROPERLY () { # Provoque l'arrêt du script en cas d'erreur. Et nettoye les résidus. - exit_code=$? - if [ "$exit_code" -eq 0 ]; then - exit 0 # Quitte sans erreur si le script se termine correctement. - fi - trap '' EXIT - set +eu - echo -e "\e[91m \e[1m" # Shell in light red bold - echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2 - - if type -t CLEAN_SETUP > /dev/null; then # Vérifie l'existance de la fonction avant de l'exécuter. - CLEAN_SETUP # Appel la fonction de nettoyage spécifique du script install. - fi - - # Compense le bug de ssowat qui ne supprime pas l'entrée de l'app en cas d'erreur d'installation. - sudo sed -i "\@\"$domain$path/\":@d" /etc/ssowat/conf.json - - ynh_die -} - -TRAP_ON () { # Activate signal capture - set -eu # Exit if a command fail, and if a variable is used unset. - trap EXIT_PROPERLY EXIT # Capturing exit signals on shell script -} - -# We check variables are not empty -CHECK_VAR () { # Vérifie que la variable n'est pas vide. -# $1 = Variable à vérifier -# $2 = Texte à afficher en cas d'erreur - test -n "$1" || (echo "$2" >&2 && false) -} - -# Check the path value and correct it (adds / at begining and removes it at the end) -CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin. - if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un / - path="/$path" # Ajoute un / en début de path - fi - if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas l$ - path="${path:0:${#path}-1}" # Supprime le dernier caractère - fi -} - -# Check domain and path availibility -CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine. - sudo yunohost app checkurl $domain$path -a $app -} - -# Check destination folder is not used already -CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé. - final_path=/var/www/$app - if [ -e "$final_path" ] - then - echo "This path already contains a folder" >&2 - false - fi -} - -# We check that calibre path is correct -CHECK_CALIBRE () { # Vérifie la présence du / en début de path. Et son absence à la fin. - if [ "${calibre:0:1}" != "/" ]; then # Si le premier caractère n'est pas un / - calibre="/$calibre" # Ajoute un / en début de path - fi - if [ "${calibre:${#calibre}-1}" == "/" ] && [ ${#calibre} -gt 1 ]; then # Si le dernier caractère est un / $ - calibre="${calibre:0:${#calibre}-1}" # Supprime le dernier caractère - fi -} - -SECURE_REMOVE () { # Suppression de dossier avec vérification des variables - chaine="$1" # L'argument doit être donné entre quotes simple '', pour éviter d'interpréter les variables. - no_var=0 - while (echo "$chaine" | grep -q '\$') # Boucle tant qu'il y a des $ dans la chaine - do - no_var=1 - global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole la première variable trouvée. - only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole complètement la variable en ajoutant le $ au début et en gardant uniquement le nom de la variable. Se débarrasse surtout du / et d'un éventuel chemin derrière. - real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` permet d'interpréter une variable contenue dans une variable. - if test -z "$real_var" || [ "$real_var" = "/" ]; then - echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2 - return 1 - fi - chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # remplace la variable par sa valeur dans la chaine. - done - if [ "$no_var" -eq 1 ] - then - if [ -e "$chaine" ]; then - echo "Delete directory $chaine" - sudo rm -r "$chaine" - fi - return 0 - else - echo "No detected variable." >&2 - return 1 - fi -} - diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..f8311e3 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +#================================================= +# COMMON VARIABLES +#================================================= + +YNH_PHP_VERSION="7.3" + +# dependencies used by the app +extra_php_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-sqlite3 php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-intl" + +#================================================= +# PERSONAL HELPERS +#================================================= + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= diff --git a/scripts/backup b/scripts/backup index 72490e6..11620a2 100755 --- a/scripts/backup +++ b/scripts/backup @@ -1,22 +1,84 @@ #!/bin/bash -set -eu -app=$YNH_APP_INSTANCE_NAME -# Source YunoHost helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -final_path=$(ynh_app_setting_get $app final_path) -finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) -finalphpconf=$(ynh_app_setting_get $app finalphpconf) +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= -# Backup sources & data -# Note: the last argument is where to save this path, see the restore script. -ynh_backup "$final_path" "sources" +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors -# Copy NGINX configuration -ynh_backup "$finalnginxconf" "nginx.conf" +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info --message="Loading installation settings..." -### PHP (remove if not used) ### -# If a dedicated php-fpm process is used: -# # Copy PHP-FPM pool configuration -ynh_backup "$finalphpconf" "php-fpm.conf" +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) + +#================================================= +# DECLARE DATA AND CONF FILES TO BACKUP +#================================================= +ynh_print_info --message="Declaring files to be backed up..." + +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= + +ynh_backup --src_path="$final_path" + +# #================================================= +# # BACKUP THE DATA DIR +# #================================================= + +# ynh_backup --src_path="$datadir" --is_big + +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" + +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP LOGROTATE +#================================================= + +ynh_backup --src_path="/etc/logrotate.d/$app" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/install b/scripts/install index 171c509..bdc9c26 100755 --- a/scripts/install +++ b/scripts/install @@ -1,162 +1,165 @@ #!/bin/bash -#set -eu -# Charge les fonctions génériques habituellement utilisées dans le script -source .fonctions +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Active trap pour arrêter le script si une erreur est détectée. -TRAP_ON - -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers -# Retrieve arguments -app=$YNH_APP_INSTANCE_NAME +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + domain=$YNH_APP_ARG_DOMAIN -path=$YNH_APP_ARG_PATH +path_url=$YNH_APP_ARG_PATH +admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC -calibre=$YNH_APP_ARG_CALIBRE +language=$YNH_APP_ARG_LANGUAGE +password=$YNH_APP_ARG_PASSWORD +email=$(ynh_user_get_info --username=$admin --key=mail) +timezone="$(cat /etc/timezone)" -# No basic auth if app is private -if [ "$is_public" = "Yes" ]; -then - basicauthcreate=$YNH_APP_ARG_BASICAUTHCREATE - basicauthname=$YNH_APP_ARG_BASICAUTHNAME - basicauthpass=$YNH_APP_ARG_BASICAUTHPASS -else - basicauthcreate="No" -fi +app=$YNH_APP_INSTANCE_NAME -# We check variables are not empty -CHECK_VAR "$app" "app name not set" - -# Check the path value and correct it (adds / at begining and removes it at the end) -CHECK_PATH; - -# Check domain and path availibility -CHECK_DOMAINPATH - -# Check destination folder is not used already -CHECK_FINALPATH - -# We check that calibre path is correct -CHECK_CALIBRE; +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= +ynh_script_progression --message="Validating installation parameters..." --time --weight=1 final_path=/var/www/$app +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" -# Define variables and Save app settings -ynh_app_setting_set "$app" domain "$domain" -ynh_app_setting_set "$app" is_public "$is_public" -ynh_app_setting_set "$app" final_path "$final_path" -ynh_app_setting_set "$app" calibre "$calibre" -ynh_app_setting_set "$app" basicauthcreate "$basicauthcreate" +# Register (book) web path +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url -finalnginxconf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -ynh_app_setting_set "$app" finalnginxconf "$finalnginxconf" +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= +ynh_script_progression --message="Storing installation settings..." --time --weight=1 -finalphpconf="/etc/php5/fpm/pool.d/${app}.conf" -ynh_app_setting_set "$app" finalphpconf "$finalphpconf" +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin +ynh_app_setting_set --app=$app --key=language --value=$language -# Install dependencies using Helpers -ynh_package_install_from_equivs ../conf/cops-deps.control \ -|| ynh_die "Unable to install dependencies" +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# FIND AND OPEN A PORT +#================================================= +ynh_script_progression --message="Finding an available port..." --time --weight=1 +# Find an available port +port=$(ynh_find_port --port=8095) +ynh_app_setting_set --app=$app --key=port --value=$port -# Creation of folder -sudo mkdir -p $final_path +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --time --weight=1 -# We download the sources and check the md5sum -cops_file=`sudo cat ../sources/source_file`; -sudo wget -nv -i ../sources/source_url -O $cops_file -sudo md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false) -sudo unzip ${cops_file} -d $final_path +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" -# Site adjustments -sed -i "s@CALIBRETOCHANGE@$calibre@g" ../conf/config_local.php -timezone=`sudo cat /etc/timezone`; -sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= +ynh_script_progression --message="Setting up source files..." --time --weight=1 -sudo cp ../conf/config_local.php $final_path -sudo cp ../conf/robots.txt $final_path +ynh_app_setting_set --app=$app --key=final_path --value=$final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$final_path" -# Create cops user and join nextcloud/owncloud/www-data groups -runninguser="${app}-ynh" -# 1. Create the user -# Create a system account for COPS if it doesn't already exists -if ! ynh_system_user_exists "$runninguser" ; -then - echo "The user $runninguser does not exist, we can create it" - sudo useradd -c "$runninguser system account" \ - -d $final_path --system --user-group $runninguser \ - || ynh_die "Unable to create $runninguser system account" -else - echo "The user $runninguser exists, no need to create it" -fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" -ynh_app_setting_set "$app" runninguser "$runninguser" +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1 -# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist -sudo usermod -a -G www-data $runninguser -for filesharing in "nextcloud" "owncloud"; do - app_id=$(sudo yunohost app list --installed -f "$filesharing" \ - --output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1) - [[ -z "$app_id" ]] || { - sudo usermod -a -G $filesharing $runninguser - } -done +# Create a dedicated NGINX config +ynh_add_nginx_config -# Set permissions -sudo chmod ug+rw -R $final_path -sudo chown -hR $runninguser:$runninguser $final_path +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1 -# Add basic auth if requested -if [ "$basicauthcreate" = "Yes" ]; -then - ynh_app_setting_set "$app" basicauthname "$basicauthname" - ynh_app_setting_set "$app" basicauthpass "$basicauthpass" +# Create a dedicated PHP-FPM config +ynh_add_fpm_config - # Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/ - SALT="$(openssl rand -base64 3)" - (SHA1=$(printf "$basicauthpass$SALT" | - openssl dgst -binary -sha1 | xxd -ps | - sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' | - xxd -r -ps | - base64);printf "$basicauthname:{SSHA}$SHA1\n" >> ../sources/htpasswd) - sudo cp ../sources/htpasswd $final_path - sudo chmod 440 $final_path/htpasswd - sudo chown www-data:www-data $final_path/htpasswd +#================================================= +# CREATE DATA DIRECTORY +#================================================= +ynh_script_progression --message="Creating a data directory..." --time --weight=1 - # Modif nginx - sed -i "s|^.*\bauth_basic\b.*$| auth_basic \"Private Library\";|" ../conf/nginx.conf; - sed -i "s|^.*\bauth_basic_user_file\b.*$| auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf; -else - echo "No basic auth"; -fi +datadir=/home/yunohost.app/$app +ynh_app_setting_set --app=$app --key=datadir --value=$datadir -# Modify Nginx configuration file and copy it to Nginx conf.d directory -sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf -sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf -sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf $finalnginxconf +mkdir -p $datadir -# Modify php-fpm configuration file and copy it to php-fpm pool.d directory -sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf -sed -i "s@FOLDERTOCHANGE@$final_path@g" ../conf/php-fpm.conf -sed -i "s@USERTOCHANGE@$runninguser@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf $finalphpconf -sudo chown root: $finalphpconf -sudo chmod 644 $finalphpconf +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:www-data "$datadir" + +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a configuration file..." --weight=1 + +ynh_add_config --template="../conf/config_local.php" --destination="$final_path/config_local.php" + +chmod 400 "$final_path/config_local.php" +chown $app "$final_path/config_local.php" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Configuring log rotation..." --weight=1 + +# Use logrotate to manage application logfile(s) +ynh_use_logrotate + +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring permissions..." --time --weight=1 # Make app public if necessary -is_public=$(ynh_app_setting_get $app is_public) -if [ "$is_public" = "Yes" ]; +if [ $is_public -eq 1 ] then - ynh_app_setting_set $app skipped_uris "/" -else - ynh_app_setting_set $app protected_uris "/" + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi -# Reload Nginx and regenerate SSOwat conf -sudo service php5-fpm reload -sudo service nginx reload -sudo yunohost app ssowatconf +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --time --last diff --git a/scripts/remove b/scripts/remove index c4ffe87..1bc542a 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,80 +1,69 @@ #!/bin/bash -set -u -# Charge les fonctions génériques habituellement utilisées dans le script -SECURE_REMOVE () { # Suppression de dossier avec vérification des variables - chaine="$1" # L'argument doit être donné entre quotes simple '', pour éviter d'interpréter les variables. - no_var=0 - while (echo "$chaine" | grep -q '\$') # Boucle tant qu'il y a des $ dans la chaine - do - no_var=1 - global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole la première variable trouvée. - only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole complètement la variable en ajoutant le $ au début et en gardant uniquement le nom de la variable. Se débarrasse$ - real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` permet d'interpréter une variable contenue dans une variable. - if test -z "$real_var" || [ "$real_var" = "/" ]; then - echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2 - return 1 - fi - chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # remplace la variable par sa valeur dans la chaine. - done - if [ "$no_var" -eq 1 ] - then - if [ -e "$chaine" ]; then - echo "Delete directory $chaine" - sudo rm -r "$chaine" - fi - return 0 - else - echo "No detected variable." >&2 - return 1 - fi -} +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -REMOVE_SYS_USER () { # Supprime l'utilisateur système dédié à l'app - if ynh_system_user_exists "$1" # Test l'existence de l'utilisateur - then - sudo userdel $1 - fi -} - -# Active trap pour arrêter le script si une erreur est détectée. - -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers -# We retrieve app parameters +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 + app=$YNH_APP_INSTANCE_NAME -final_path=$(ynh_app_setting_get $app final_path) -finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) -finalphpconf=$(ynh_app_setting_get $app finalphpconf) -runninguser=$app-ynh +domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# Suppression du dossier de la webapp -SECURE_REMOVE '$final_path' +#================================================= +# REMOVE APP MAIN DIR +#================================================= +ynh_script_progression --message="Removing app main directory..." --time --weight=1 -# Suppression de la config nginx de la webapp -if [ -e "$finalnginxconf" ]; then # Delete nginx config - echo "Delete nginx config" - sudo rm $finalnginxconf -fi +# Remove the app directory securely +ynh_secure_remove --file="$final_path" -if [ -e "$finalphpconf" ]; then # Delete nginx config - echo "Delete php-fpm config" - sudo rm $finalphpconf -fi +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1 -# Remove app dependencies -if ynh_package_is_installed "cops-deps"; then - ynh_package_autoremove "cops-deps" -fi +# Remove the dedicated NGINX config +ynh_remove_nginx_config -# Remove the user account~ -#id "$runninguser" >/dev/null 2>&1 \ -#&& sudo deluser --quiet "$runninguser" >/dev/null -REMOVE_SYS_USER "$runninguser" +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1 -# We reload the services -sudo service php5-fpm reload -sudo service nginx reload -sudo yunohost app ssowatconf +# Remove the dedicated PHP-FPM config +ynh_remove_fpm_config + +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1 + +# Remove the app-specific logrotate config +ynh_remove_logrotate + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 + +# Delete a system user +ynh_system_user_delete --username=$app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --time --last diff --git a/scripts/restore b/scripts/restore index 9eb4b07..c5d76cd 100755 --- a/scripts/restore +++ b/scripts/restore @@ -1,89 +1,116 @@ #!/bin/bash -set -eu -app=$YNH_APP_INSTANCE_NAME -# Source YunoHost helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -# Retrieve old app settings -final_path=$(ynh_app_setting_get $app final_path) -is_public=$(ynh_app_setting_get $app is_public) -finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) -finalphpconf=$(ynh_app_setting_get $app finalphpconf) -runninguser=$(ynh_app_setting_get $app runninguser) -basicauthcreate=$(ynh_app_setting_get $app basicauthcreate) +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= -# We install dependencies -sudo apt-get update -y -sudo apt-get install php5-gd php5-sqlite php5-json php5-intl -y +ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors -# Install dependencies using Helpers -#ynh_package_install_from_equivs ../conf/cops-deps.control \ -#|| ynh_die "Unable to install dependencies" +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 -# Restore sources & data -sudo mkdir -p $final_path -sudo cp -a ./sources/* $final_path/ +app=$YNH_APP_INSTANCE_NAME -# Create cops user and join nextcloud/owncloud/www-data groups -runninguser="${app}-ynh" -# 1. Create the user -# Create a system account for COPS if it doesn't already exists -if ! ynh_system_user_exists "$runninguser" ; -then - echo "The user $runninguser does not exist, we can create it" - sudo useradd -c "$runninguser system account" \ - -d $final_path --system --user-group $runninguser \ - || ynh_die "Unable to create $runninguser system account" -else - echo "The user $runninguser exists, no need to create it" -fi +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) -ynh_app_setting_set "$app" runninguser "$runninguser" +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= +ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 -# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist -sudo usermod -a -G www-data $runninguser -for filesharing in "nextcloud" "owncloud"; do - app_id=$(sudo yunohost app list --installed -f "$filesharing" \ - --output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1) - [[ -z "$app_id" ]] || { - sudo usermod -a -G $filesharing $runninguser - } -done +ynh_webpath_available --domain=$domain --path_url=$path_url \ + || ynh_die --message="Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die --message="There is already a directory: $final_path " -# Restore permissions to app files -# you may need to make some file and/or directory writeable by www-data (nginx user) -sudo chown -R $runninguser:$runninguser $final_path +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the NGINX configuration..." --time --weight=1 -if [ "$basicauthcreate" = "Yes" ]; -then - sudo chmod 440 $final_path/htpasswd - sudo chown www-data:www-data $final_path/htpasswd -else - echo "Nothing to do" -fi +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -# Restore NGINX configuration -sudo cp -a ./nginx.conf $finalnginxconf +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1 -### PHP (remove if not used) ### -# If a dedicated php-fpm process is used: -# # Copy PHP-FPM pool configuration and reload the service -sudo cp -a ./php-fpm.conf $finalphpconf -### PHP end ### +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" -# Make app public if necessary -is_public=$(ynh_app_setting_get $app is_public) -if [ "$is_public" = "Yes" ]; -then - ynh_app_setting_set $app skipped_uris "/" -else - ynh_app_setting_set $app protected_uris "/" -fi +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring the app main directory..." --time --weight=1 +ynh_restore_file --origin_path="$final_path" -# Restart webserver -sudo service nginx reload -sudo service php5-fpm reload -sudo yunohost app ssowatconf +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" +#================================================= +# RESTORE THE DATA DIRECTORY +#================================================= +ynh_script_progression --message="Restoring the data directory..." --time --weight=1 + +ynh_restore_file --origin_path="$datadir" --not_mandatory + +mkdir -p $datadir + +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:www-data "$datadir" + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the PHP-FPM configuration..." --time --weight=1 + +ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" + +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." --time --weight=1 + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1 + +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --time --last diff --git a/scripts/upgrade b/scripts/upgrade index 30015c9..09d1c98 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,127 +1,239 @@ #!/bin/bash -set -eu -# We retrieve app parameters -app=$YNH_APP_INSTANCE_NAME +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source app helpers -source .fonctions +source _common.sh source /usr/share/yunohost/helpers -# We check variables are not empty -CHECK_VAR "$app" "app name not set" +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 -path=$(ynh_app_setting_get $app path) -domain=$(ynh_app_setting_get $app domain) -final_path=$(ynh_app_setting_get $app final_path) -finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) -finalphpconf=$(ynh_app_setting_get $app finalphpconf) -calibre=$(ynh_app_setting_get $app calibre) -basicauthcreate=$(ynh_app_setting_get $app basicauthcreate) +app=$YNH_APP_INSTANCE_NAME -# We check that calibre path is correct -CHECK_CALIBRE +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +language=$(ynh_app_setting_get --app=$app --key=language) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) -# Install dependencies using Helpers -ynh_package_install_from_equivs ../conf/cops-deps.control \ -|| ynh_die "Unable to install dependencies" +#================================================= +# CHECK VERSION +#================================================= -# Removal of old folder and restart from fresh -SECURE_REMOVE '$final_path' -sudo mkdir -p $final_path +### This helper will compare the version of the currently installed app and the version of the upstream package. +### $upgrade_type can have 2 different values +### - UPGRADE_APP if the upstream app version has changed +### - UPGRADE_PACKAGE if only the YunoHost package has changed +### ynh_check_app_version_changed will stop the upgrade if the app is up to date. +### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. +upgrade_type=$(ynh_check_app_version_changed) -# We download the sources and check the md5sum -cops_file=`sudo cat ../sources/source_file`; -sudo wget -nv -i ../sources/source_url -O $cops_file -sudo md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false) -sudo unzip ${cops_file} -d $final_path +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 -# Site adjustments -sed -i "s@CALIBRETOCHANGE@$calibre@g" ../conf/config_local.php -timezone=`sudo cat /etc/timezone`; -sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors -sudo cp ../conf/config_local.php $final_path -sudo cp ../conf/robots.txt $final_path +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 -# Create cops user and join nextcloud/owncloud/www-data groups -runninguser="${app}-ynh" -# 1. Create the user -# Create a system account for COPS if it doesn't already exists -if ! ynh_system_user_exists "$runninguser" ; -then - echo "The user $runninguser does not exist, we can create it" - sudo useradd -c "$runninguser system account" \ - -d $final_path --system --user-group $runninguser \ - || ynh_die "Unable to create $runninguser system account" -else - echo "The user $runninguser exists, no need to create it" +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 + +# +# N.B. : the followings setting migrations snippets are provided as *EXAMPLES* +# of what you may want to do in some cases (e.g. a setting was not defined on +# some legacy installs and you therefore want to initiaze stuff during upgrade) +# + +# If db_name doesn't exist, create it +#if [ -z "$db_name" ]; then +# db_name=$(ynh_sanitize_dbid --db_name=$app) +# ynh_app_setting_set --app=$app --key=db_name --value=$db_name +#fi + +# If final_path doesn't exist, create it +#if [ -z "$final_path" ]; then +# final_path=/var/www/$app +# ynh_app_setting_set --app=$app --key=final_path --value=$final_path +#fi + +### If nobody installed your app before 4.1, +### then you may safely remove these lines + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public fi -ynh_app_setting_set "$app" runninguser "$runninguser" - -# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist -sudo usermod -a -G www-data $runninguser -for filesharing in "nextcloud" "owncloud"; do - app_id=$(sudo yunohost app list --installed -f "$filesharing" \ - --output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1) - [[ -z "$app_id" ]] || { - sudo usermod -a -G $filesharing $runninguser - } -done - -# Set permissions -sudo chmod ug+rw -R $final_path -sudo chown -hR $runninguser:$runninguser $final_path - -# Add basic auth if requested -if [ "$basicauthcreate" = "Yes" ]; -then - basicauthname=$(ynh_app_setting_get $app basicauthname) - basicauthpass=$(ynh_app_setting_get $app basicauthpass) - - # Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/ - SALT="$(openssl rand -base64 3)" - (SHA1=$(printf "$basicauthpass$SALT" | - openssl dgst -binary -sha1 | xxd -ps | - sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' | - xxd -r -ps | - base64);printf "$basicauthname:{SSHA}$SHA1\n" >> ../sources/htpasswd) - sudo cp ../sources/htpasswd $final_path - sudo chmod 440 $final_path/htpasswd - sudo chown www-data:www-data $final_path/htpasswd - - # Modif nginx - sed -i "s|^.*\bauth_basic\b.*$| auth_basic \"Private Library\";|" ../conf/nginx.conf; - sed -i "s|^.*\bauth_basic_user_file\b.*$| auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf; -else - echo "No basic auth"; +if ! ynh_permission_exists --permission="admin"; then + # Create the required permissions + ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin fi -# Modify Nginx configuration file and copy it to Nginx conf.d directory -sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf -sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf -sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf $finalnginxconf - -# Modify php-fpm configuration file and copy it to php-fpm pool.d directory -sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf -sed -i "s@FOLDERTOCHANGE@$final_path@g" ../conf/php-fpm.conf -sed -i "s@USERTOCHANGE@$runninguser@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf $finalphpconf -sudo chown root: $finalphpconf -sudo chmod 644 $finalphpconf - -# Make app public if necessary -is_public=$(ynh_app_setting_get $app is_public) -if [ "$is_public" = "Yes" ]; -then - ynh_app_setting_set $app skipped_uris "/" -else - ynh_app_setting_set $app protected_uris "/" +# Create a permission if needed +if ! ynh_permission_exists --permission="api"; then + ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" fi -# Reload Nginx and regenerate SSOwat conf -sudo service php5-fpm reload -sudo service nginx reload -sudo yunohost app ssowatconf +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --time --weight=1 + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" +fi + +# FIXME: this should be managed by the core in the future +# Here, as a packager, you may have to tweak the ownerhsip/permissions +# such that the appropriate users (e.g. maybe www-data) can access +# files in some cases. +# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - +# this will be treated as a security issue. +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1 + +# Create a dedicated NGINX config +ynh_add_nginx_config + +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --time --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading PHP-FPM configuration..." --time --weight=1 + +# Create a dedicated PHP-FPM config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# ... +#================================================= + +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating a configuration file..." --time --weight=1 + +### Same as during install +### +### The file will automatically be backed-up if it's found to be manually modified (because +### ynh_add_config keeps track of the file's checksum) + +ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" + +# FIXME: this should be handled by the core in the future +# You may need to use chmod 600 instead of 400, +# for example if the app is expected to be able to modify its own config +chmod 400 "$final_path/some_config_file" +chown $app:$app "$final_path/some_config_file" + +### For more complex cases where you want to replace stuff using regexes, +### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) +### When doing so, you also need to manually call ynh_store_file_checksum +### +### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" +### ynh_store_file_checksum --file="$final_path/some_config_file" + +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1 + +# Create a dedicated systemd config +ynh_add_systemd_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1 + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 + +yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --time --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1 + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --time --last diff --git a/sources/source_file b/sources/source_file deleted file mode 100644 index a8b88ec..0000000 --- a/sources/source_file +++ /dev/null @@ -1 +0,0 @@ -cops-1.0.1.zip diff --git a/sources/source_md5 b/sources/source_md5 deleted file mode 100644 index 3f3b2ba..0000000 --- a/sources/source_md5 +++ /dev/null @@ -1 +0,0 @@ -a688dfd66d31674637106f8430ca1103 cops-1.0.1.zip diff --git a/sources/source_url b/sources/source_url deleted file mode 100644 index 6519215..0000000 --- a/sources/source_url +++ /dev/null @@ -1 +0,0 @@ -https://github.com/seblucas/cops/releases/download/1.0.1/cops-1.0.1.zip