diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index ede8049..a0f5bdd 100644 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -24,24 +24,25 @@ asset_url=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r # Sometimes the release name starts with a "v", so let's filter it out. # You may need more tweaks here if the upstream repository has different naming conventions. if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} + version=${version:1} fi # Setting up the environment variables echo "Current version: $current_version" echo "Latest release from upstream: $version" echo "VERSION=$version" >> $GITHUB_ENV +echo "REPO=$repo" >> $GITHUB_ENV # For the time being, let's assume the script will fail echo "PROCEED=false" >> $GITHUB_ENV # Proceed only if the retrieved version is greater than the current one if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 + echo "::warning ::No new version available" + exit 0 # Proceed only if a PR for this new version does not already exist elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 + echo "::warning ::A branch already exists for this update" + exit 0 fi #================================================= @@ -71,6 +72,7 @@ SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= +SOURCE_EXTRACT=true EOT echo "... conf/$src.src updated" diff --git a/check_process b/check_process index 53be51c..68cc371 100644 --- a/check_process +++ b/check_process @@ -12,7 +12,8 @@ setup_private=0 setup_public=1 upgrade=1 -# upgrade=1 from_commit=CommitHash + # 0.9.9~ynh1 + upgrade=1 from_commit=15f4690bafea6454b1777a00658f9839e7ea77c0 backup_restore=1 multi_instance=0 port_already_use=0 diff --git a/conf/app.src b/conf/app.src index 107322e..b15e1fe 100644 --- a/conf/app.src +++ b/conf/app.src @@ -4,3 +4,4 @@ SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/systemd.service b/conf/systemd.service index 9d09edc..a37eabc 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -13,7 +13,7 @@ StandardError=inherit LimitNOFILE=65535 # Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these +# Depending on specificities of your service/app, you may need to tweak these # .. but this should be a good baseline # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=yes @@ -40,7 +40,7 @@ CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/scripts/_common.sh b/scripts/_common.sh index 439b020..7ab456c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app +# dependencies used by the app (must be on a single line) pkg_dependencies="postgresql postgresql-contrib" GO_VERSION="1.18" diff --git a/scripts/backup b/scripts/backup index da7f321..ca96846 100644 --- a/scripts/backup +++ b/scripts/backup @@ -63,19 +63,19 @@ ynh_backup --src_path="/etc/logrotate.d/$app" ynh_backup --src_path="/etc/systemd/system/$app.service" +#================================================= +# BACKUP VARIOUS FILES +#================================================= + if yunohost --output-as plain domain list | grep -q "^$server_name$" then ynh_backup --src_path="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" fi #================================================= -# BACKUP VARIOUS FILES +# BACKUP THE POSTGRESQL DATABASE #================================================= - -#================================================= -# BACKUP THE PSQL DATABASE -#================================================= -ynh_print_info --message="Backing up the PSQL database..." +ynh_print_info --message="Backing up the PostgreSQL database..." ynh_psql_dump_db --database="$db_name" > db.sql diff --git a/scripts/install b/scripts/install index 289e6e5..c5e3d25 100644 --- a/scripts/install +++ b/scripts/install @@ -15,7 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ynh_clean_check_starting + true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -78,15 +78,6 @@ ynh_app_setting_set --app=$app --key=tls_port --value=$tls_port # Open TLS port ynh_exec_warn_less yunohost firewall allow TCP $tls_port -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -# It needs to be created before using the ynh_install_go helper -ynh_system_user_create --username=$app --use_shell --groups="ssl-cert" - #================================================= # INSTALL DEPENDENCIES #================================================= @@ -196,22 +187,6 @@ ynh_add_systemd_config #================================================= # GENERIC FINALIZATION -#================================================= -# SETUP PERMISSIONS -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -ynh_permission_update --permission=main --show_tile=false - -ynh_permission_create --permission=server_api --url=$domain/_matrix \ - --label="Server access for client apps." --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true -if yunohost --output-as plain domain list | grep -q "^$server_name$"; then - ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ - --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true -fi - #================================================= # SETUP LOGROTATE #================================================= @@ -241,6 +216,22 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="/var/log/$app/Monolith.log" +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring permissions..." --weight=1 + +ynh_permission_update --permission=main --show_tile=false + +ynh_permission_create --permission=server_api --url=$domain/_matrix \ + --label="Server access for client apps." --show_tile=false --allowed=visitors \ + --auth_header=false --protected=true +if yunohost --output-as plain domain list | grep -q "^$server_name$"; then + ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ + --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ + --auth_header=false --protected=true +fi + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/remove b/scripts/remove index 090c95c..afa6bf2 100644 --- a/scripts/remove +++ b/scripts/remove @@ -55,7 +55,7 @@ ynh_remove_logrotate #================================================= # REMOVE THE POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Removing the PostgreSQL database" --weight=2 +ynh_script_progression --message="Removing the PostgreSQL database..." --weight=2 # Remove a database if it exists, along with the associated user ynh_psql_remove_db --db_user=$db_user --db_name=$db_name @@ -90,8 +90,8 @@ ynh_remove_app_dependencies if yunohost firewall list | grep -q "\- $tls_port$" then - ynh_script_progression --message="Closing port $tls_port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP $tls_port + ynh_script_progression --message="Closing port $tls_port..." --weight=1 + ynh_exec_warn_less yunohost firewall disallow TCP $tls_port fi #================================================= diff --git a/scripts/restore b/scripts/restore index 6bf8a10..86cdd13 100644 --- a/scripts/restore +++ b/scripts/restore @@ -15,7 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ynh_clean_check_starting + true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -54,20 +54,12 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei # Create the dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" --groups="ssl-cert" -#================================================= -# RESTORE ALL CONFIG AND DATA -#================================================= -ynh_script_progression --message="Restoring directory and configuration..." --weight=10 - -mkdir -p /var/log/$app -chown -R $app:root /var/log/$app - -ynh_restore - #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory permissions..." --weight=1 +ynh_script_progression --message="Restoring the app main directory..." --weight=1 + +ynh_restore_file --origin_path="$final_path" chmod 750 "$final_path" chmod -R o-rwx "$final_path" @@ -83,6 +75,13 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=3 # Define and install dependencies ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= @@ -93,13 +92,33 @@ ynh_psql_test_if_first_run ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name +#================================================= +# RESTORE VARIOUS FILES +#================================================= +ynh_script_progression --message="Restoring various files..." --weight=1 + +if yunohost --output-as plain domain list | grep -q "^$server_name$" +then + ynh_restore_file --origin_path="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" +fi + #================================================= # RESTORE SYSTEMD #================================================= -ynh_script_progression --message="Enabling the systemd service..." --weight=1 +ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 + +mkdir -p /var/log/$app +chown -R $app:root /var/log/$app +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 4467f3c..397dbb5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -31,7 +31,7 @@ registration=$(ynh_app_setting_get --app=$app --key=registration) #================================================= # CHECK VERSION #================================================= -ynh_script_progression --message="Checking version..." +ynh_script_progression --message="Checking version..." --weight=1 upgrade_type=$(ynh_check_app_version_changed) @@ -43,7 +43,6 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - ynh_clean_check_starting # Restore it if the upgrade fails ynh_restore_upgradebackup } @@ -85,6 +84,28 @@ else ynh_app_setting_set --app=$app --key=registration --value=0 fi +if ! ynh_permission_exists --permission=server_api; then + ynh_permission_create --permission=server_api --url=$domain/_matrix \ + --label="Server access for client apps." --show_tile=false --allowed=visitors \ + --auth_header=false --protected=true +else + ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \ + --auth_header=false + ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \ + --protected=true +fi + +if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then + ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ + --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ + --auth_header=false --protected=true +elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then + ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \ + --auth_header=false + ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \ + --protected=true +fi + #================================================= # CREATE DEDICATED USER #================================================= @@ -109,6 +130,13 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:root "$final_path" +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=1 + +ynh_exec_warn_less ynh_install_app_dependencies "$pkg_dependencies" + #================================================= # NGINX CONFIGURATION #================================================= @@ -123,13 +151,6 @@ then ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" fi -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=1 - -ynh_exec_warn_less ynh_install_app_dependencies "$pkg_dependencies" - #================================================= # SPECIFIC UPGRADE #================================================= @@ -178,33 +199,6 @@ ynh_add_systemd_config #================================================= # GENERIC FINALIZATION -#================================================= -# SETUP PERMISSIONS -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -if ! ynh_permission_exists --permission=server_api; then - ynh_permission_create --permission=server_api --url=$domain/_matrix \ - --label="Server access for client apps." --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true -else - ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \ - --auth_header=false - ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \ - --protected=true -fi - -if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then - ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ - --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true -elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then - ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \ - --auth_header=false - ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \ - --protected=true -fi - #================================================= # SETUP LOGROTATE #=================================================