cops_ynh/scripts/install

#!/bin/bash
#set -eu

# Charge les fonctions génériques habituellement utilisées dans le script
#source fonctions

# Active trap pour arrêter le script si une erreur est détectée.
EXIT_PROPERLY () {      # Provoque l'arrêt du script en cas d'erreur. Et nettoye les résidus.
        exit_code=$?
        if [ "$exit_code" -eq 0 ]; then
                        exit 0  # Quitte sans erreur si le script se termine correctement.
        fi
        trap '' EXIT
        set +eu
        echo -e "\e[91m \e[1m"  # Shell in light red bold
        echo -e "!!\n  $app install's script has encountered an error. Installation was cancelled.\n!!" >&2

        if type -t CLEAN_SETUP > /dev/null; then        # Vérifie l'existance de la fonction avant de l'exécuter.
                CLEAN_SETUP     # Appel la fonction de nettoyage spécifique du script install.
        fi

        # Compense le bug de ssowat qui ne supprime pas l'entrée de l'app en cas d'erreur d'installation.
        sudo sed -i "\@\"$domain$path/\":@d" /etc/ssowat/conf.json

        ynh_die
}

TRAP_ON () {    # Activate signal capture
        set -eu # Exit if a command fail, and if a variable is used unset.
        trap EXIT_PROPERLY EXIT # Capturing exit signals on shell script
}

TRAP_ON

# Source app helpers
source /usr/share/yunohost/helpers

# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
domain=$YNH_APP_ARG_DOMAIN
path=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
#runninguser=$YNH_APP_ARG_RUNNINGUSER
calibre=$YNH_APP_ARG_CALIBRE

# No basic auth if app is private
if [ "$is_public" = "Yes" ];
then
	basicauthcreate=$YNH_APP_ARG_BASICAUTHCREATE
	basicauthname=$YNH_APP_ARG_BASICAUTHNAME
	basicauthpass=$YNH_APP_ARG_BASICAUTHPASS
else
	basicauthcreate="No"
fi

# We check variables are not empty
CHECK_VAR () {  # Vérifie que la variable n'est pas vide.
# $1 = Variable à vérifier
# $2 = Texte à afficher en cas d'erreur
        test -n "$1" || (echo "$2" >&2 && false)
}

CHECK_VAR "$app" "app name not set"

# Check the path value and correct it (adds / at begining and removes it at the end)
CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin.
        if [ "${path:0:1}" != "/" ]; then    # Si le premier caractère n'est pas un /
                path="/$path"    # Ajoute un / en début de path
        fi
        if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then    # Si le dernier caractère est un / et que ce n'est pas l$
                path="${path:0:${#path}-1}"     # Supprime le dernier caractère
        fi
}

CHECK_PATH;

# Check domain and path availibility
CHECK_DOMAINPATH () {   # Vérifie la disponibilité du path et du domaine.
        sudo yunohost app checkurl $domain$path -a $app
}

CHECK_DOMAINPATH

# Check destination folder is not used already
CHECK_FINALPATH () {    # Vérifie que le dossier de destination n'est pas déjà utilisé.
        final_path=/var/www/$app
        if [ -e "$final_path" ]
        then
                echo "This path already contains a folder" >&2
                false
        fi
}

CHECK_FINALPATH

# We check that calibre path is correct
CHECK_CALIBRE () {  # Vérifie la présence du / en début de path. Et son absence à la fin.
        if [ "${calibre:0:1}" != "/" ]; then    # Si le premier caractère n'est pas un /
                calibre="/$calibre"    # Ajoute un / en début de path
        fi
        if [ "${calibre:${#calibre}-1}" == "/" ] && [ ${#calibre} -gt 1 ]; then    # Si le dernier caractère est un / $
                calibre="${calibre:0:${#calibre}-1}"        # Supprime le dernier caractère
        fi
}

CHECK_CALIBRE;

final_path=/var/www/$app

# Define variables and Save app settings
ynh_app_setting_set "$app" domain "$domain"
#ynh_app_setting_set "$app" path "$path"
ynh_app_setting_set "$app" is_public "$is_public"
ynh_app_setting_set "$app" final_path "$final_path"
ynh_app_setting_set "$app" calibre "$calibre"
ynh_app_setting_set "$app" basicauthcreate "$basicauthcreate"

finalnginxconf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
ynh_app_setting_set "$app" finalnginxconf "$finalnginxconf"

finalphpconf="/etc/php5/fpm/pool.d/${app}.conf"
ynh_app_setting_set "$app" finalphpconf "$finalphpconf"

# We install dependencies
#sudo apt-get update -y
#sudo apt-get install php5-gd php5-sqlite php5-json php5-intl -y

# Install dependencies using Helpers
ynh_package_install_from_equivs ../conf/cops-deps.control \
|| ynh_die "Unable to install dependencies"


# Creation of folder
sudo mkdir -p $final_path

# We download the sources and check the md5sum
cops_file=`sudo cat ../sources/source_file`;
sudo wget -nv -i ../sources/source_url -O $cops_file
sudo md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false)
sudo unzip ${cops_file} -d $final_path

# Site adjustments
sed -i "s@CALIBRETOCHANGE@$calibre@g" ../conf/config_local.php
timezone=`sudo cat /etc/timezone`;
sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php

sudo cp ../conf/config_local.php $final_path
sudo cp ../conf/robots.txt $final_path

# Create cops user and join nextcloud/owncloud/www-data groups
runninguser="${app}-ynh"
# 1.  Create the user
# Create a system account for COPS
sudo useradd -c "$runninguser system account" \
    -d $final_path --system --user-group $runninguser \
  || ynh_die "Unable to create $runninguser system account"
ynh_app_setting_set "$app" runninguser "$runninguser"

# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist
sudo usermod -a -G www-data $runninguser
for filesharing in "nextcloud" "owncloud"; do
    app_id=$(sudo yunohost app list --installed -f "$filesharing" \
            --output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1)
    [[ -z "$app_id" ]] || {
	sudo usermod -a -G $filesharing $runninguser
    }
done

# Set permissions
sudo chmod ug+rw -R $final_path
sudo chown -hR $runninguser:$runninguser $final_path

# Add basic auth if requested
if [ "$basicauthcreate" = "Yes" ];
then
	ynh_app_setting_set "$app" basicauthname "$basicauthname"
	ynh_app_setting_set "$app" basicauthpass "$basicauthpass"

	# Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/
	SALT="$(openssl rand -base64 3)"
	(SHA1=$(printf "$basicauthpass$SALT" |
	openssl dgst -binary -sha1 | xxd -ps |
	sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' |
	xxd -r -ps |
	base64);printf "$basicauthname:{SSHA}$SHA1\n" >> ../sources/htpasswd)
	sudo cp ../sources/htpasswd $final_path
	sudo chmod 440 $final_path/htpasswd
	sudo chown www-data:www-data $final_path/htpasswd

	# Modif nginx
	sed -i "s|^.*\bauth_basic\b.*$|       auth_basic \"Private Library\";|" ../conf/nginx.conf;
	sed -i "s|^.*\bauth_basic_user_file\b.*$|       auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf;
else
	echo "No basic auth";
fi

# Modify Nginx configuration file and copy it to Nginx conf.d directory
sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf
sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf
sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf
sudo cp ../conf/nginx.conf $finalnginxconf

# Modify php-fpm configuration file and copy it to php-fpm pool.d directory
sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf
sed -i "s@FOLDERTOCHANGE@$final_path@g" ../conf/php-fpm.conf
sed -i "s@USERTOCHANGE@$runninguser@g" ../conf/php-fpm.conf
sudo cp ../conf/php-fpm.conf $finalphpconf
sudo chown root: $finalphpconf
sudo chmod 644 $finalphpconf

# Make app public if necessary
is_public=$(ynh_app_setting_get $app is_public)
if [ "$is_public" = "Yes" ];
then
	ynh_app_setting_set $app skipped_uris "/"
else
        ynh_app_setting_set $app protected_uris "/"
fi

# Reload Nginx and regenerate SSOwat conf
sudo service php5-fpm reload
sudo service nginx reload
sudo yunohost app ssowatconf