diff --git a/conf/systemd.service b/conf/systemd.service index 69594fa..64d5fb4 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,9 +7,9 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__INSTALL_DIR__ -Environment=PATH=__YNH_NODE_LOAD_PATH__ +Environment=PATH=PATH=__PATH_WITH_NODEJS__ Environment=NODE_ENV=production -ExecStart=__YNH_NPM__ start +ExecStart=__NODEJS_DIR__/npm start Restart=always # Sandboxing options to harden security diff --git a/manifest.toml b/manifest.toml index 3db19dc..e57ba17 100644 --- a/manifest.toml +++ b/manifest.toml @@ -19,7 +19,8 @@ cpe = "cpe:2.3:a:xwiki:cryptpad" fund = "https://opencollective.com/cryptpad/contribute?language=fr" [integration] -yunohost = ">= 11.1.21" +yunohost = ">= 11.2.18" +helpers_version = "2.1" architectures = "all" multi_instance = false ldap = false @@ -56,6 +57,7 @@ ram.runtime = "50M" [resources.system_user] [resources.install_dir] + group = "www-data:r-x" [resources.permissions] main.url = "/" diff --git a/scripts/_common.sh b/scripts/_common.sh index 447f5df..9d81477 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,19 +1,7 @@ #!/bin/bash #================================================= -# COMMON VARIABLES +# COMMON VARIABLES AND CUSTOM HELPERS #================================================= nodejs_version="16.14.2" - -#================================================= -# PERSONAL HELPERS -#================================================= - -#================================================= -# EXPERIMENTAL HELPERS -#================================================= - -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= diff --git a/scripts/backup b/scripts/backup index 7189d8c..1d549d0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,31 +1,22 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# DECLARE DATA AND CONF FILES TO BACKUP -#================================================= -ynh_print_info --message="Declaring files to be backed up..." +ynh_print_info "Declaring files to be backed up..." #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$install_dir" +ynh_backup "$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # SPECIFIC BACKUP @@ -33,10 +24,10 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" # BACKUP SYSTEMD #================================================= -ynh_backup --src_path="/etc/systemd/system/$app.service" +ynh_backup "/etc/systemd/system/$app.service" #================================================= # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 5d35e69..7052d85 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -1,41 +1,31 @@ #!/bin/bash -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD MODIFICATIONS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 +ynh_script_progression "Stopping $app's systemd service..." -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemctl --service=$app --action="stop" #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 +ynh_script_progression "Updating NGINX web server configuration..." -ynh_change_url_nginx_config +ynh_config_change_url_nginx -#================================================= -# GENERIC FINALISATION #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression "Starting $app's systemd service..." -ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="server available" +ynh_systemctl --service=$app --action="start" --log_path=systemd --wait_until="server available" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression "Change of URL completed for $app" diff --git a/scripts/install b/scripts/install index 5be5342..d80814c 100644 --- a/scripts/install +++ b/scripts/install @@ -1,11 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers @@ -32,12 +26,12 @@ if [[ $domain == *".local" ]]; then sandboxdomain=sandbox-$domain fi -ynh_app_setting_set --app=$app --key=sandboxdomain --value=$sandboxdomain +ynh_app_setting_set --key=sandboxdomain --value=$sandboxdomain -ynh_script_progression --message="Setting up sandobx domain : $sandboxdomain" --weight=1 +ynh_script_progression "Setting up sandobx domain : $sandboxdomain" # We don't test that in CI -if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then +if ! ynh_in_ci_tests; then yunohost domain add $sandboxdomain yunohost domain config set $sandboxdomain -a "mail_in=0&mail_out=0" fi @@ -45,66 +39,65 @@ fi #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." --weight=20 +ynh_script_progression "Installing dependencies..." -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_nodejs_install #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=10 +ynh_script_progression "Setting up source files..." # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" -chmod -R o-rwx "$install_dir" -chown -R $app:$app "$install_dir" - +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R $app:$app "$install_dir" #================================================= # SYSTEM CONFIGURATION #================================================= -ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 +ynh_script_progression "Adding system configurations related to $app..." # Create a dedicated NGINX config -ynh_add_nginx_config +ynh_config_add_nginx env_path="$PATH" # Create a dedicated systemd config -ynh_add_systemd_config +ynh_config_add_systemd yunohost service add $app --description="Zero Knowledge realtime collaborative editor" --log="/var/log/$app/$app.log" #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a configuration file..." +ynh_script_progression "Adding $app's configuration..." -ynh_add_config --template="../conf/config.js" --destination="$install_dir/config/config.js" +ynh_config_add --template="config.js" --destination="$install_dir/config/config.js" -chmod 600 "$install_dir/config/config.js" -chown $app "$install_dir/config/config.js" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 600 "$install_dir/config/config.js" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app "$install_dir/config/config.js" #================================================= # INSTALL CRYPTPAD #================================================= -ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 +ynh_script_progression "Building $app... (this will take some time and resources!)" pushd "$install_dir" - ynh_use_nodejs - ynh_exec_warn_less npm install --allow-root - ynh_exec_warn_less npm install -g bower - ynh_exec_warn_less bower install --allow-root - ynh_exec_warn_less bower update --allow-root - ynh_exec_warn_less npm run build + + ynh_hide_warnings npm install --allow-root + ynh_hide_warnings npm install -g bower + ynh_hide_warnings bower install --allow-root + ynh_hide_warnings bower update --allow-root + ynh_hide_warnings npm run build popd #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=2 +ynh_script_progression "Starting $app's systemd service..." # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemctl --service=$app --action="start" --log_path="systemd" #================================================= # SETUP SSOWAT @@ -112,7 +105,7 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" # We authorize access to sandbox domain # We don't test that in CI -if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then +if ! ynh_in_ci_tests; then ynh_permission_url --permission="main" --add_url=$sandboxdomain --auth_header=true fi @@ -127,12 +120,12 @@ chgrp -R www-data $install_dir #================================================= # We don't test that in CI -if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - ynh_add_config --template="/etc/nginx/conf.d/$domain.d/cryptpad.conf" --destination="/etc/nginx/conf.d/$sandboxdomain.d/cryptpad.conf" +if ! ynh_in_ci_tests; then + ynh_config_add --template="/etc/nginx/conf.d/$domain.d/cryptpad.conf" --destination="/etc/nginx/conf.d/$sandboxdomain.d/cryptpad.conf" fi #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index dbc0282..b03a288 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,48 +1,43 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers #================================================= # REMOVE SYSTEM CONFIGURATIONS #================================================= -# REMOVE SYSTEMD SERVICE +# REMOVE SYSTEMD SERVICE + #================================================= -ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 +ynh_script_progression "Removing system configurations related to $app..." # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null +if ynh_hide_warnings yunohost service status $app >/dev/null then - ynh_script_progression --message="Removing $app service integration..." --weight=3 + ynh_script_progression "Removing $app service integration..." yunohost service remove $app fi # Remove the dedicated systemd config -ynh_remove_systemd_config +ynh_config_remove_systemd # Remove the dedicated NGINX config -ynh_remove_nginx_config +ynh_config_remove_nginx #================================================= # REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing dependencies..." --weight=3 +ynh_script_progression "Removing dependencies..." -ynh_remove_nodejs +ynh_nodejs_remove #================================================= # REMOVE SANDBOX DOMAIN #================================================= # We don't test that in CI -if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - +if ! ynh_in_ci_tests; then + # if the main domain for the app is a root domain, we create a correct sandbox subdomain if [[ $domain == *"."* ]]; then sandboxdomain=sandbox.$domain @@ -55,14 +50,14 @@ if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then if [[ $domain == *".local" ]]; then sandboxdomain=sandbox-$domain fi - - ynh_script_progression --message="Removing sandbox domain : $sandboxdomain" --weight=1 - + + ynh_script_progression "Removing sandbox domain : $sandboxdomain" + if yunohost domain list | grep -q $sandboxdomain then #if domain exist we remove it yunohost domain remove $sandboxdomain # we clean the nginx configuration we added - ynh_secure_remove --file="/etc/nginx/conf.d/$sandboxdomain.d/" + ynh_safe_rm "/etc/nginx/conf.d/$sandboxdomain.d/" fi fi @@ -70,4 +65,4 @@ fi # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index b8a266e..33e1540 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,11 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -13,13 +7,13 @@ source /usr/share/yunohost/helpers #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=6 +ynh_script_progression "Restoring the app main directory..." -ynh_restore_file --origin_path="$install_dir" +ynh_restore "$install_dir" -chmod -R o-rwx "$install_dir" -chown -R $app:$app "$install_dir" -chmod 600 "$install_dir/config/config.js" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R $app:$app "$install_dir" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 600 "$install_dir/config/config.js" #================================================= # APPLY FOLDER GROUP RIGHTS FOR WWW-DATA @@ -30,38 +24,36 @@ chgrp -R www-data $install_dir #================================================= # REINSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=7 +ynh_script_progression "Reinstalling dependencies..." # Define and install dependencies -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_nodejs_install #================================================= # RESTORE SYSTEM CONFIGURATIONS #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 +ynh_script_progression "Restoring system configurations related to $app..." -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore "/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +ynh_restore "/etc/systemd/system/$app.service" systemctl enable $app.service --quiet yunohost service add $app --description="Zero Knowledge realtime collaborative editor" --log="/var/log/$app/$app.log" -#================================================= -# GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= -ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 +ynh_script_progression "Reloading NGINX web server and $app's service..." -ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="server available" +ynh_systemctl --service=$app --action="start" --log_path=systemd --wait_until="server available" -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemctl --service=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index e55c805..34ccb88 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,49 +1,36 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression "Loading installation settings..." email=$(ynh_user_get_info --username=$admin --key=mail) -#================================================= -# CHECK VERSION -#================================================= - -upgrade_type=$(ynh_check_app_version_changed) - -#================================================= -# STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 +ynh_script_progression "Stopping $app's systemd service..." -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemctl --service=$app --action="stop" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -if [ "$upgrade_type" == "UPGRADE_APP" ] +# FIXME: this is still supported but the recommendation is now to *always* re-setup the app sources wether or not the upstream sources changed +if ynh_app_upstream_version_changed then - ynh_script_progression --message="Upgrading source files..." --weight=1 + ynh_script_progression "Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" #--keep="config/config.js" - - chmod -R o-rwx "$install_dir" - chown -R $app:$app "$install_dir" + + #REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" + #REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R $app:$app "$install_dir" fi #================================================= @@ -69,10 +56,10 @@ if [[ $domain == *".local" ]]; then sandboxdomain=sandbox-$domain fi -ynh_script_progression --message="Setting up sandobx domain: $sandboxdomain" --weight=1 +ynh_script_progression "Setting up sandobx domain: $sandboxdomain" # We don't test that in CI -if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then +if ! ynh_in_ci_tests; then # If sandboxdomain doesn't exist, create it if ! yunohost domain list --output-as json | jq -r .domains[] | grep -q "^$sandboxdomain\$"; then yunohost domain add $sandboxdomain @@ -83,71 +70,72 @@ fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 +ynh_script_progression "Upgrading NGINX web server configuration..." # Create a dedicated NGINX config -ynh_add_nginx_config +ynh_config_add_nginx env_path="$PATH" #================================================= # UPGRADE DEPENDENCIES #================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=6 +ynh_script_progression "Upgrading dependencies..." -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_nodejs_install #================================================= # INSTALL CRYPTPAD #================================================= -ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 +ynh_script_progression "Building $app... (this will take some time and resources!)" -pushd "$install_dir" - ynh_exec_warn_less npm install --allow-root - ynh_exec_warn_less npm install -g bower - ynh_exec_warn_less bower update --allow-root - ynh_exec_warn_less npm i - ynh_exec_warn_less npm run build +pushd "$install_dir" + + ynh_hide_warnings npm install --allow-root + ynh_hide_warnings npm install -g bower + ynh_hide_warnings bower update --allow-root + ynh_hide_warnings npm i + ynh_hide_warnings npm run build popd #================================================= # CREATE SYSTEMD SERVICE #================================================= # Create a dedicated systemd config -ynh_add_systemd_config +ynh_config_add_systemd yunohost service add $app --description="Zero Knowledge realtime collaborative editor" --log="/var/log/$app/$app.log" #================================================= # ADD UPGRADED CONFIG WITH SANDBOX #================================================= -ynh_script_progression --message="Updating a configuration file..." --weight=1 +ynh_script_progression "Updating configuration..." -ynh_add_config --template="../conf/config.js" --destination="$install_dir/config/config.js" +ynh_config_add --template="config.js" --destination="$install_dir/config/config.js" -chmod 600 "$install_dir/config/config.js" -chown $app "$install_dir/config/config.js" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 600 "$install_dir/config/config.js" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app "$install_dir/config/config.js" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression "Starting $app's systemd service..." -ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="server available" +ynh_systemctl --service=$app --action="start" --log_path=systemd --wait_until="server available" #================================================= # COPY NGINX CONF IN SANDBOX DOMAIN #================================================= # We don't test that in CI -if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then +if ! ynh_in_ci_tests; then if [ -n "$sandboxdomain" ]; then - ynh_add_config --template="nginx.conf" --destination="/etc/nginx/conf.d/$sandboxdomain.d/$app.conf" + ynh_config_add --template="nginx.conf" --destination="/etc/nginx/conf.d/$sandboxdomain.d/$app.conf" fi fi # We authorize access to sandbox domain # We don't test that in CI -if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then +if ! ynh_in_ci_tests; then ynh_permission_url --permission="main" --add_url=$sandboxdomain --auth_header=true fi @@ -155,4 +143,4 @@ fi # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression "Upgrade of $app completed"