From c6f57c3b7b009f5abb59db17cb3bdf58e8c88da2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 09:09:27 +0100 Subject: [PATCH 01/14] v2 --- check_process | 26 ------ conf/app.src | 6 -- conf/nginx.conf | 5 - conf/systemd.service | 4 +- doc/{DISCLAIMER.md => ADMIN.md} | 0 manifest.json | 59 ------------ manifest.toml | 84 +++++++++++++++++ scripts/_common.sh | 2 - scripts/backup | 36 +------- scripts/change_url | 97 +------------------- scripts/install | 158 ++++---------------------------- scripts/remove | 92 ------------------- scripts/restore | 96 +------------------ scripts/upgrade | 101 +++----------------- scripts/ynh_install_go | 6 +- tests.toml | 15 +++ 16 files changed, 143 insertions(+), 644 deletions(-) delete mode 100644 check_process delete mode 100644 conf/app.src rename doc/{DISCLAIMER.md => ADMIN.md} (100%) delete mode 100644 manifest.json create mode 100644 manifest.toml create mode 100644 tests.toml diff --git a/check_process b/check_process deleted file mode 100644 index 7ce747b..0000000 --- a/check_process +++ /dev/null @@ -1,26 +0,0 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - -;; Test complet - ; Manifest - domain="domain.tld" - path="/path" - OIDC_name="Outline" - OIDC_secret="secret" - OIDC_callback="domain.tld/callback" - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=1 - setup_nourl=0 - setup_public=1 - upgrade=1 - backup_restore=1 - multi_instance=1 - port_already_use=0 - change_url=1 -;;; Options -Email= -Notification=none diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index 80ee089..0000000 --- a/conf/app.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/dexidp/dex/archive/refs/tags/v2.37.0.tar.gz -SOURCE_SUM=5140ecccac260855f375a40bb20120e644418d8e314c63667b0ee3e4ceace99f -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_EXTRACT=true -SOURCE_IN_SUBDIR=true diff --git a/conf/nginx.conf b/conf/nginx.conf index baa1a62..3a956e8 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,10 +7,6 @@ location ~ __PATH__/$ { location ~ __PATH__/.+ { - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - proxy_pass http://127.0.0.1:__PORT__; proxy_redirect off; proxy_set_header Host $host; @@ -21,5 +17,4 @@ location ~ __PATH__/.+ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; - } \ No newline at end of file diff --git a/conf/systemd.service b/conf/systemd.service index 7bc9ab8..523c7c4 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,8 +6,8 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/bin/dex serve config.yaml +WorkingDirectory=__INSTALL_DIR__/ +ExecStart=__INSTALL_DIR__/bin/dex serve config.yaml StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit diff --git a/doc/DISCLAIMER.md b/doc/ADMIN.md similarity index 100% rename from doc/DISCLAIMER.md rename to doc/ADMIN.md diff --git a/manifest.json b/manifest.json deleted file mode 100644 index d302fda..0000000 --- a/manifest.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "name": "Dex", - "id": "dex", - "packaging_format": 1, - "description": { - "en": "OpenID Connect Provider based on YunoHost LDAP server", - "fr": "Connecteur OpenID basé sur le serveur LDAP YunoHost" - }, - "version": "2.37.0~ynh1", - "url": "https://github.com/YunoHost-Apps/dex_ynh", - "upstream": { - "license": "Apache-2.0", - "website": "https://dexidp.io", - "demo": "", - "admindoc": "https://dexidp.io/docs/", - "userdoc": "", - "code": "https://github.com/dexidp/dex" - }, - "license": "Apache-2.0", - "maintainer": { - "name": "Limezy" - }, - "requirements": { - "yunohost": ">= 11.0.9" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/dex", - "default": "/dex" - }, - { - "name": "OIDC_name", - "type": "string", - "ask": "Name of the app you want to connect to the OIDC auth flow" - }, - { - "name": "OIDC_secret", - "type": "string", - "ask": "OIDC secret of the app you want to connect to the OIDC auth flow" - }, - { - "name": "OIDC_callback", - "type": "string", - "ask": "Callback URI required by the app you want to connect to the OIDC auth flow" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..fb225c6 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,84 @@ +packaging_format = 2 + +id = "dex" +name = "Dex" +description.en = "OpenID Connect Provider based on YunoHost LDAP server" +description.fr = "Connecteur OpenID basé sur le serveur LDAP YunoHost" + +version = "2.37.0~ynh1" + +maintainers = ["Limezy"] + +[upstream] +license = "Apache-2.0" +website = "https://dexidp.io" +admindoc = "https://dexidp.io/docs/" +code = "https://github.com/YunoHost-Apps/dex_ynh" + +[integration] +yunohost = ">= 11.2" +architectures = "all" +multi_instance = true + +ldap = true + +sso = false + +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/dex" + + [install.init_main_permission] + type = "group" + default = "visitors" + + [install.OIDC_name] + ask.en = "Name of the app you want to connect to the OIDC auth flow" + ask.fr = "Nom de l'application que vous souhaitez connecter au flux d'authentification OIDC" + type = "string" + + + [install.OIDC_name] + ask.en = "OIDC secret of the app you want to connect to the OIDC auth flow" + ask.fr = "Secret OIDC de l'application que vous souhaitez connecter au flux d'authentification OIDC" + type = "string" + + [install.OIDC_callback] + ask.en = "Callback URI required by the app you want to connect to the OIDC auth flow" + ask.fr = "URI de rappel requis par l'application que vous souhaitez connecter au flux d'authentification OIDC" + type = "string" + + +[resources] + + [resources.sources] + + [resources.sources.main] + url = "https://github.com/dexidp/dex/archive/refs/tags/v2.37.0.tar.gz" + sha256 = "5140ecccac260855f375a40bb20120e644418d8e314c63667b0ee3e4ceace99f" + + autoupdate.strategy = "latest_github_tag" + + [resources.system_user] + + [resources.install_dir] + + [resources.data_dir] + + [resources.permissions] + main.url = "/" + + [resources.ports] + main.default = 5556 + + [resources.database] + # This will automatically provision/deprovison a MySQL DB and store the corresponding credentials in settings $db_user, $db_name, $db_pwd + type = "mysql" diff --git a/scripts/_common.sh b/scripts/_common.sh index 0538800..1caa48a 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,8 +4,6 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app - GO_VERSION="1.19" #================================================= diff --git a/scripts/backup b/scripts/backup index 3d5ca02..737146f 100755 --- a/scripts/backup +++ b/scripts/backup @@ -10,32 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) -oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name) -oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret) -oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -45,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -53,14 +27,6 @@ ynh_backup --src_path="$final_path" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" - -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - -#ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -#ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" - #================================================= # SPECIFIC BACKUP #================================================= diff --git a/scripts/change_url b/scripts/change_url index be7d1e1..d4704ec 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,63 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) -oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name) -oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret) -oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback) - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= @@ -80,43 +23,14 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf +ynh_change_url_nginx_config -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi - -#================================================= -# SPECIFIC MODIFICATIONS #================================================= # MODIFY URL IN YAML CONF #================================================= -# Make a backup of the original YAML config file if modified -ynh_backup_if_checksum_is_different --file="$final_path/config.yaml" -# Set global variables for YAML helper -domain="$new_domain" -path_url="$new_path" # Create a dedicated YAML config -ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" +ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" #================================================= # GENERIC FINALISATION @@ -127,13 +41,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index cff8ba3..0c5954e 100755 --- a/scripts/install +++ b/scripts/install @@ -10,159 +10,64 @@ source _common.sh source ynh_install_go source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -is_public=1 - -oidc_name=$YNH_APP_ARG_OIDC_NAME -oidc_secret=$YNH_APP_ARG_OIDC_SECRET -oidc_callback=$YNH_APP_ARG_OIDC_CALLBACK - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path=/opt/yunohost/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=oidc_name --value=$oidc_name -ynh_app_setting_set --app=$app --key=oidc_secret --value=$oidc_secret -ynh_app_setting_set --app=$app --key=oidc_callback --value=$oidc_callback - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port -port=$(ynh_find_port --port=5556) -ynh_app_setting_set --app=$app --key=port --value=$port - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -# ynh_script_progression --message="Installing dependencies..." --weight=1 - -# ynh_install_app_dependencies $pkg_dependencies - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path -# Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 - -# Create a dedicated NGINX config -ynh_add_nginx_config +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # SPECIFIC SETUP #================================================= # BUILDING SOURCES AND SETTING UP THE SERVER #================================================= - ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6 ynh_exec_warn_less ynh_install_go --go_version=$GO_VERSION -pushd "$final_path" +pushd "$install_dir" # Setup go exe and environnement ynh_use_go - export GOPATH="$final_path/go" - export GOCACHE="$final_path/go/.cache" + export GOPATH="$install_dir/go" + export GOCACHE="$install_dir/go/.cache" # Build server from source make build 2>&1 - ynh_secure_remove --file="$final_path/go" + ynh_secure_remove --file="$install_dir/go" popd ynh_remove_go -# Setup a nice Yunohost logo -cp ../sources/logo_dark.png "$final_path/web/themes/dark/logo.png" -cp ../sources/logo_light.png "$final_path/web/themes/light/logo.png" +# Setup a nice YunoHost logo +cp ../sources/logo_dark.png "$install_dir/web/themes/dark/logo.png" +cp ../sources/logo_light.png "$install_dir/web/themes/light/logo.png" #================================================= # ADD A CONFIGURATION #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" +ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" -chmod 400 "$final_path/config.yaml" -chown $app:$app "$final_path/config.yaml" +chmod 400 "$install_dir/config.yaml" +chown $app:$app "$install_dir/config.yaml" #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=1 +# Create a dedicated NGINX config +ynh_add_nginx_config + ynh_add_systemd_config - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 - # Use logrotate to manage application logfile(s) ynh_use_logrotate -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - yunohost service add $app --description="OpenID Connect Provider" --log="/var/log/$app/$app.log" #================================================= @@ -173,37 +78,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# SETUP FAIL2BAN -#================================================= -#ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 - -# Create a dedicated Fail2Ban config -#ynh_add_fail2ban_config --logpath="/var/log/dex/dex.log" --failregex="ldap: invalid password for user" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -ynh_permission_update --permission="main" --show_tile=false - - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index ce01d98..2644208 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,21 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) -oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name) -oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret) -oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback) - #================================================= # STANDARD REMOVE #================================================= @@ -37,98 +22,21 @@ then yunohost service remove $app fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 - # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 - # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE DATA DIR -#================================================= - -# Remove the data directory if --purge option is used -if [ "${YNH_APP_PURGE:-0}" -eq 1 ] -then - ynh_script_progression --message="Removing app data directory..." --weight=1 - ynh_secure_remove --file="$datadir" -fi - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 - # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -# ynh_script_progression --message="Removing dependencies..." --weight=1 - -# Remove metapackage and its dependencies -# ynh_remove_app_dependencies - -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -#ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 - -# Remove the dedicated Fail2Ban config -#ynh_remove_fail2ban_config - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." --weight=1 - # Remove a directory securely ynh_secure_remove --file="/etc/$app" # Remove the log files ynh_secure_remove --file="/var/log/$app" -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index cbe9cec..8483539 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,110 +10,31 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - #### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) -oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name) -oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret) -oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# RESTORE FAIL2BAN CONFIGURATION -#================================================= -#ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1 - -#ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -#ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -#ynh_systemd_action --action=restart --service_name=fail2ban - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -# ynh_script_progression --message="Reinstalling dependencies..." --weight=1 - -# Define and install dependencies -# ynh_install_app_dependencies $pkg_dependencies +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # RESTORE SYSTEMD #================================================= ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 - mkdir -p /var/log/$app chown -R $app:root /var/log/$app ynh_restore_file --origin_path="/etc/logrotate.d/$app" -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - yunohost service add $app --description="OpenID Connect Provider" --log="/var/log/$app/$app.log" #================================================= @@ -123,13 +44,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# GENERIC FINALIZATION -#================================================= -# RELOAD NGINX AND PHP-FPM -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index dad9b65..82ab9b9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -10,41 +10,12 @@ source _common.sh source ynh_install_go source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) -oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name) -oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret) -oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback) - #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -54,14 +25,6 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -71,80 +34,61 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$install_dir" fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 - -# Create a dedicated NGINX config -ynh_add_nginx_config +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # SPECIFIC UPGRADE #================================================= # BUILDING SOURCES AND SETTING UP THE SERVER #================================================= - ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6 ynh_exec_warn_less ynh_install_go --go_version=$GO_VERSION -pushd "$final_path" +pushd "$install_dir" # Setup go exe and environnement ynh_use_go - export GOPATH="$final_path/go" - export GOCACHE="$final_path/go/.cache" + export GOPATH="$install_dir/go" + export GOCACHE="$install_dir/go/.cache" # Build server from source make build 2>&1 - ynh_secure_remove --file="$final_path/go" + ynh_secure_remove --file="$install_dir/go" popd ynh_remove_go # Setup a nice Yunohost logo -cp ../sources/logo_dark.png "$final_path/web/themes/dark/logo.png" -cp ../sources/logo_light.png "$final_path/web/themes/light/logo.png" +cp ../sources/logo_dark.png "$install_dir/web/themes/dark/logo.png" +cp ../sources/logo_light.png "$install_dir/web/themes/light/logo.png" #================================================= # UPDATE A CONFIG FILE #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 -ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" +ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" -chmod 400 "$final_path/config.yaml" -chown $app:$app "$final_path/config.yaml" +chmod 400 "$install_dir/config.yaml" +chown $app:$app "$install_dir/config.yaml" #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +# Create a dedicated NGINX config +ynh_add_nginx_config + # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 - # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - yunohost service add $app --description="OpenID Connect Provider" --log="/var/log/$app/$app.log" #================================================= @@ -154,21 +98,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# UPGRADE FAIL2BAN -#================================================= -#ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1 - -# Create a dedicated Fail2Ban config -#ynh_add_fail2ban_config --logpath="/var/log/dex/dex.log" --failregex="ldap: invalid password for user" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/ynh_install_go b/scripts/ynh_install_go index fbc412c..9b1e714 100644 --- a/scripts/ynh_install_go +++ b/scripts/ynh_install_go @@ -30,14 +30,14 @@ export GOENV_ROOT="$goenv_install_dir" # However, $PATH is duplicated into $go_path to outlast any manipulation of $PATH # You can use the variable `$ynh_go_load_path` to quickly load your Go version # in $PATH for an usage into a separate script. -# Exemple: $ynh_go_load_path $final_path/script_that_use_gem.sh` +# Exemple: $ynh_go_load_path $install_dir/script_that_use_gem.sh` # # # Finally, to start a Go service with the correct version, 2 solutions # Either the app is dependent of Go or gem, but does not called it directly. # In such situation, you need to load PATH # `Environment="__YNH_GO_LOAD_PATH__"` -# `ExecStart=__FINALPATH__/my_app` +# `ExecStart=__INSTALL_DIR__/my_app` # You will replace __YNH_GO_LOAD_PATH__ with $ynh_go_load_path # # Or Go start the app directly, then you don't need to load the PATH variable @@ -72,7 +72,7 @@ ynh_use_go () { ynh_go_load_path="PATH=$PATH" # Sets the local application-specific Go version - pushd $final_path + pushd $install_dir $goenv_install_dir/bin/goenv local $go_version popd } diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..be7184a --- /dev/null +++ b/tests.toml @@ -0,0 +1,15 @@ +test_format = 1.0 + +[default] + + # ------------ + # Tests to run + # ------------ + + # ------------------------------- + # Default args to use for install + # ------------------------------- + + args.OIDC_name="Outline" + args.OIDC_secret="secret" + args.OIDC_callback="domain.tld/callback" \ No newline at end of file From 19b566be9f6336c999549690531362862f3db24e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 09:12:59 +0100 Subject: [PATCH 02/14] fix --- doc/ADMIN.md | 1 - doc/ADMIN_fr.md | 10 ++++++++++ doc/DESCRIPTION_fr.md | 7 +++++++ manifest.toml | 9 +-------- 4 files changed, 18 insertions(+), 9 deletions(-) create mode 100644 doc/ADMIN_fr.md create mode 100644 doc/DESCRIPTION_fr.md diff --git a/doc/ADMIN.md b/doc/ADMIN.md index e81e7ca..5cbf45d 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -1,6 +1,5 @@ ### Known limitations: - * Only tested on x86 architectures * Dex only allows you to setup one OpenID Connect app at a time * However, it's a working multi-instance app, so you can install it more than once * Dex is only an OIDC provider, and user management will depend on the app using it as an OIDC provider diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..9a28c79 --- /dev/null +++ b/doc/ADMIN_fr.md @@ -0,0 +1,10 @@ +### Limitations connues : + + * Dex vous permet uniquement de configurer une seule application OpenID Connect à la fois + * Cependant, il s'agit d'une application multi-instance fonctionnelle, vous pouvez donc l'installer plusieurs fois + * Dex est uniquement un fournisseur OIDC et la gestion des utilisateurs dépendra de l'application qui l'utilise en tant que fournisseur OIDC. + +### À utiliser avec précaution : + + * La modification de l'URL fonctionnera mais nécessitera certains changements de paramètres dans l'application en utilisant Dex comme fournisseur OIDC. + * Accéder à l'URL ne vous permettra de voir qu'un message : "C'est ici que Dex est installé". \ No newline at end of file diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md new file mode 100644 index 0000000..07d8de2 --- /dev/null +++ b/doc/DESCRIPTION_fr.md @@ -0,0 +1,7 @@ +Dex est un service d'identité qui utilise OpenID Connect pour piloter l'authentification d'autres applications. +Ce package YunoHost installera Dex et configurera un fournisseur canonique OpenID Connect pour votre instance YunoHost, basé sur la base d'utilisateurs LDAP, qui pourra ensuite être utilisé comme serveur d'authentification pour d'autres applications YunoHost. + +### Caractéristiques + +- Flux d'authentification OpenID Connect entièrement fonctionnel +- Interfacé avec le serveur LDAP de YunoHost \ No newline at end of file diff --git a/manifest.toml b/manifest.toml index fb225c6..eae623d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -17,7 +17,7 @@ code = "https://github.com/YunoHost-Apps/dex_ynh" [integration] yunohost = ">= 11.2" -architectures = "all" +architectures = ["amd64"] multi_instance = true ldap = true @@ -64,21 +64,14 @@ ram.runtime = "50M" [resources.sources.main] url = "https://github.com/dexidp/dex/archive/refs/tags/v2.37.0.tar.gz" sha256 = "5140ecccac260855f375a40bb20120e644418d8e314c63667b0ee3e4ceace99f" - autoupdate.strategy = "latest_github_tag" [resources.system_user] [resources.install_dir] - [resources.data_dir] - [resources.permissions] main.url = "/" [resources.ports] main.default = 5556 - - [resources.database] - # This will automatically provision/deprovison a MySQL DB and store the corresponding credentials in settings $db_user, $db_name, $db_pwd - type = "mysql" From 7c344e9940d0bf2f5234787c65c2dcb7daa1e087 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 09:22:13 +0100 Subject: [PATCH 03/14] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index eae623d..1434547 100644 --- a/manifest.toml +++ b/manifest.toml @@ -46,7 +46,7 @@ ram.runtime = "50M" type = "string" - [install.OIDC_name] + [install.OIDC_secret] ask.en = "OIDC secret of the app you want to connect to the OIDC auth flow" ask.fr = "Secret OIDC de l'application que vous souhaitez connecter au flux d'authentification OIDC" type = "string" From b1d38808fc005052577d8fee9de805a5fd2c316b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 9 Jan 2024 08:22:18 +0000 Subject: [PATCH 04/14] Auto-update README --- README.md | 16 +--------------- README_fr.md | 27 ++++++--------------------- 2 files changed, 7 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 672bedd..c7501f9 100644 --- a/README.md +++ b/README.md @@ -31,25 +31,11 @@ This YunoHost package will install Dex and setup a canonical OpenID Connect prov ![Screenshot of Dex](./doc/screenshots/Dex_screenshot.png) -## Disclaimers / important information - -### Known limitations: - - * Only tested on x86 architectures - * Dex only allows you to setup one OpenID Connect app at a time - * However, it's a working multi-instance app, so you can install it more than once - * Dex is only an OIDC provider, and user management will depend on the app using it as an OIDC provider - -### To be used carefully: - - * Changing URL will work but will require some settings change in the app using Dex as an OIDC provider - * Going to the URL will only let you see a "This is where Dex is installed." message - ## Documentation and resources * Official app website: * Official admin documentation: -* Upstream app code repository: +* Upstream app code repository: * YunoHost Store: * Report a bug: diff --git a/README_fr.md b/README_fr.md index 1331849..80cd1cc 100644 --- a/README_fr.md +++ b/README_fr.md @@ -16,14 +16,13 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po ## Vue d’ensemble -Dex is an identity service that uses OpenID Connect to drive authentication for other apps. -This YunoHost package will install Dex and setup a canonical OpenID Connect provider for your YunoHost instance, based on the LDAP user base, that can then be used as an authentification server for other YunoHost apps. +Dex est un service d'identité qui utilise OpenID Connect pour piloter l'authentification d'autres applications. +Ce package YunoHost installera Dex et configurera un fournisseur canonique OpenID Connect pour votre instance YunoHost, basé sur la base d'utilisateurs LDAP, qui pourra ensuite être utilisé comme serveur d'authentification pour d'autres applications YunoHost. -### Features - -- Fully working OpenID Connect authentification flow -- Interfaced with YunoHost's LDAP server +### Caractéristiques +- Flux d'authentification OpenID Connect entièrement fonctionnel +- Interfacé avec le serveur LDAP de YunoHost **Version incluse :** 2.37.0~ynh1 @@ -31,25 +30,11 @@ This YunoHost package will install Dex and setup a canonical OpenID Connect prov ![Capture d’écran de Dex](./doc/screenshots/Dex_screenshot.png) -## Avertissements / informations importantes - -### Known limitations: - - * Only tested on x86 architectures - * Dex only allows you to setup one OpenID Connect app at a time - * However, it's a working multi-instance app, so you can install it more than once - * Dex is only an OIDC provider, and user management will depend on the app using it as an OIDC provider - -### To be used carefully: - - * Changing URL will work but will require some settings change in the app using Dex as an OIDC provider - * Going to the URL will only let you see a "This is where Dex is installed." message - ## Documentations et ressources * Site officiel de l’app : * Documentation officielle de l’admin : -* Dépôt de code officiel de l’app : +* Dépôt de code officiel de l’app : * YunoHost Store: * Signaler un bug : From 2be5d462b864e876ff00d398cfac12cbde5367c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 09:37:02 +0100 Subject: [PATCH 05/14] fix --- conf/config.yaml | 10 +++++----- doc/ADMIN_fr.md | 2 +- manifest.toml | 6 +++--- scripts/_common.sh | 2 +- scripts/remove | 2 +- scripts/restore | 4 ++-- scripts/upgrade | 2 +- tests.toml | 6 +++--- 8 files changed, 17 insertions(+), 17 deletions(-) diff --git a/conf/config.yaml b/conf/config.yaml index 1a1a5bf..4bb2647 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -1,5 +1,5 @@ # LDAP connector + Yunohost setup + staticClient as per manifest.json -issuer: https://__DOMAIN____PATH_URL__ +issuer: https://__DOMAIN____PATH__ storage: type: sqlite3 config: @@ -47,8 +47,8 @@ connectors: # Unfortunately the api is too complex to be used here # As a consequence we have to setup client as staticClient, which means we will need one Dex instance per client app staticClients: -- id: __OIDC_NAME__ +- id: __NAME__ redirectURIs: - - https://__OIDC_CALLBACK__ - name: __OIDC_NAME__ - secret: __OIDC_SECRET__ + - https://__CALLBACK__ + name: __NAME__ + secret: __SECRET__ diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md index 9a28c79..c0410b6 100644 --- a/doc/ADMIN_fr.md +++ b/doc/ADMIN_fr.md @@ -7,4 +7,4 @@ ### À utiliser avec précaution : * La modification de l'URL fonctionnera mais nécessitera certains changements de paramètres dans l'application en utilisant Dex comme fournisseur OIDC. - * Accéder à l'URL ne vous permettra de voir qu'un message : "C'est ici que Dex est installé". \ No newline at end of file + * Accéder à l'URL ne vous permettra de voir qu'un message : "This is where Dex is installed.". \ No newline at end of file diff --git a/manifest.toml b/manifest.toml index 1434547..304176d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -40,18 +40,18 @@ ram.runtime = "50M" type = "group" default = "visitors" - [install.OIDC_name] + [install.name] ask.en = "Name of the app you want to connect to the OIDC auth flow" ask.fr = "Nom de l'application que vous souhaitez connecter au flux d'authentification OIDC" type = "string" - [install.OIDC_secret] + [install.secret] ask.en = "OIDC secret of the app you want to connect to the OIDC auth flow" ask.fr = "Secret OIDC de l'application que vous souhaitez connecter au flux d'authentification OIDC" type = "string" - [install.OIDC_callback] + [install.callback] ask.en = "Callback URI required by the app you want to connect to the OIDC auth flow" ask.fr = "URI de rappel requis par l'application que vous souhaitez connecter au flux d'authentification OIDC" type = "string" diff --git a/scripts/_common.sh b/scripts/_common.sh index 1caa48a..1021f79 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -GO_VERSION="1.19" +GO_VERSION="1.20" #================================================= # PERSONAL HELPERS diff --git a/scripts/remove b/scripts/remove index 2644208..d3596d1 100755 --- a/scripts/remove +++ b/scripts/remove @@ -14,8 +14,8 @@ source /usr/share/yunohost/helpers #================================================= # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= +ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 -# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then ynh_script_progression --message="Removing $app service integration..." --weight=1 diff --git a/scripts/restore b/scripts/restore index 8483539..6f37885 100755 --- a/scripts/restore +++ b/scripts/restore @@ -23,7 +23,7 @@ chown -R $app:www-data "$install_dir" #================================================= # RESTORE SYSTEMD #================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" @@ -40,7 +40,7 @@ yunohost service add $app --description="OpenID Connect Provider" --log="/var/lo #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" diff --git a/scripts/upgrade b/scripts/upgrade index 82ab9b9..0caabf4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -78,7 +78,7 @@ chown $app:$app "$install_dir/config.yaml" #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config diff --git a/tests.toml b/tests.toml index be7184a..cfcd143 100644 --- a/tests.toml +++ b/tests.toml @@ -10,6 +10,6 @@ test_format = 1.0 # Default args to use for install # ------------------------------- - args.OIDC_name="Outline" - args.OIDC_secret="secret" - args.OIDC_callback="domain.tld/callback" \ No newline at end of file + args.name = "Outline" + args.secret = "secret" + args.callback = "domain.tld/callback" \ No newline at end of file From 99faa00e32a178d82cfc1e29eede18d3a67ba80c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 10:00:36 +0100 Subject: [PATCH 06/14] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 304176d..f2cda9a 100644 --- a/manifest.toml +++ b/manifest.toml @@ -25,7 +25,7 @@ ldap = true sso = false disk = "50M" -ram.build = "50M" +ram.build = "500M" ram.runtime = "50M" [install] From e48da9e1e1a1f01f3ab26ccddf1a87f477310a61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 10:04:35 +0100 Subject: [PATCH 07/14] fix --- manifest.toml | 6 ++---- tests.toml | 2 ++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest.toml b/manifest.toml index f2cda9a..16097a2 100644 --- a/manifest.toml +++ b/manifest.toml @@ -36,10 +36,6 @@ ram.runtime = "50M" type = "path" default = "/dex" - [install.init_main_permission] - type = "group" - default = "visitors" - [install.name] ask.en = "Name of the app you want to connect to the OIDC auth flow" ask.fr = "Nom de l'application que vous souhaitez connecter au flux d'authentification OIDC" @@ -72,6 +68,8 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" + main.show_tile = false + main.allowed = "visitors" [resources.ports] main.default = 5556 diff --git a/tests.toml b/tests.toml index cfcd143..d8f56be 100644 --- a/tests.toml +++ b/tests.toml @@ -6,6 +6,8 @@ test_format = 1.0 # Tests to run # ------------ + exclude = ["install.private"] # The test IDs to be used in only/exclude statements are: install.root, install.subdir, install.nourl, install.multi, backup_restore, upgrade, upgrade.someCommitId change_url + # ------------------------------- # Default args to use for install # ------------------------------- From 90fa76375faa9b4c4b3f6c7fa36cc7ff95faf729 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 10:05:10 +0100 Subject: [PATCH 08/14] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 16097a2..2bcf9be 100644 --- a/manifest.toml +++ b/manifest.toml @@ -25,7 +25,7 @@ ldap = true sso = false disk = "50M" -ram.build = "500M" +ram.build = "700M" ram.runtime = "50M" [install] From 8cf8b86774cac8ea576275ad166d60d65db006ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 10:51:27 +0100 Subject: [PATCH 09/14] Update tests.toml --- tests.toml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index d8f56be..9c33fdd 100644 --- a/tests.toml +++ b/tests.toml @@ -14,4 +14,10 @@ test_format = 1.0 args.name = "Outline" args.secret = "secret" - args.callback = "domain.tld/callback" \ No newline at end of file + args.callback = "domain.tld/callback" + + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + test_upgrade_from.1381d7d0fbbfb9609e047f8476f113d17e95e233.name = "Upgrade from 2.37.0" \ No newline at end of file From d1432bd9d7f0cd62b76a0656f5309d82542dc6de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 11:42:42 +0100 Subject: [PATCH 10/14] Update upgrade --- scripts/upgrade | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 0caabf4..601a41a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -34,7 +34,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$install_dir" + ynh_setup_source --dest_dir="$install_dir" --keep="config.yaml" fi chmod -R o-rwx "$install_dir" @@ -68,12 +68,12 @@ cp ../sources/logo_light.png "$install_dir/web/themes/light/logo.png" #================================================= # UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Updating a configuration file..." --weight=1 +#ynh_script_progression --message="Updating a configuration file..." --weight=1 -ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" +#ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" -chmod 400 "$install_dir/config.yaml" -chown $app:$app "$install_dir/config.yaml" +#chmod 400 "$install_dir/config.yaml" +#chown $app:$app "$install_dir/config.yaml" #================================================= # SETUP SYSTEMD From d1fbfa6eb8ab58395acb1fd0d9514753022db92f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 11:50:34 +0100 Subject: [PATCH 11/14] Update upgrade --- scripts/upgrade | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 601a41a..dabf4db 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -25,6 +25,29 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 + +if [ -z "${name:-}" ]; then + name=$OIDC_name + ynh_app_setting_set --app=$app --key=name --value=$name + ynh_app_setting_delete --app=$app --key=OIDC_name +fi + +if [ -z "${secret:-}" ]; then + secret=$OIDC_secret + ynh_app_setting_set --app=$app --key=secret --value=$secret + ynh_app_setting_delete --app=$app --key=OIDC_secret +fi + +if [ -z "${callback:-}" ]; then + callback=$OIDC_callback + ynh_app_setting_set --app=$app --key=callback --value=$callback + ynh_app_setting_delete --app=$app --key=OIDC_callback +fi + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -68,12 +91,12 @@ cp ../sources/logo_light.png "$install_dir/web/themes/light/logo.png" #================================================= # UPDATE A CONFIG FILE #================================================= -#ynh_script_progression --message="Updating a configuration file..." --weight=1 +ynh_script_progression --message="Updating a configuration file..." --weight=1 -#ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" +ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" -#chmod 400 "$install_dir/config.yaml" -#chown $app:$app "$install_dir/config.yaml" +chmod 400 "$install_dir/config.yaml" +chown $app:$app "$install_dir/config.yaml" #================================================= # SETUP SYSTEMD From 7866d9787c77f1d563b866babddb649352d53e79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 13:04:00 +0100 Subject: [PATCH 12/14] Update upgrade --- scripts/upgrade | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index dabf4db..d4e5066 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -31,21 +31,21 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 if [ -z "${name:-}" ]; then - name=$OIDC_name + name=$oidc_name ynh_app_setting_set --app=$app --key=name --value=$name - ynh_app_setting_delete --app=$app --key=OIDC_name + ynh_app_setting_delete --app=$app --key=oidc_name fi if [ -z "${secret:-}" ]; then - secret=$OIDC_secret + secret=$oidc_secret ynh_app_setting_set --app=$app --key=secret --value=$secret - ynh_app_setting_delete --app=$app --key=OIDC_secret + ynh_app_setting_delete --app=$app --key=oidc_secret fi if [ -z "${callback:-}" ]; then - callback=$OIDC_callback + callback=$oidc_callback ynh_app_setting_set --app=$app --key=callback --value=$callback - ynh_app_setting_delete --app=$app --key=OIDC_callback + ynh_app_setting_delete --app=$app --key=oidc_callback fi #================================================= From 0213135e64d50b5160144b5e6b8f4b4199c59c40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 13:11:27 +0100 Subject: [PATCH 13/14] Update manifest.toml --- manifest.toml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 2bcf9be..64a1aeb 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Dex" description.en = "OpenID Connect Provider based on YunoHost LDAP server" description.fr = "Connecteur OpenID basé sur le serveur LDAP YunoHost" -version = "2.37.0~ynh1" +version = "2.37.0~ynh2" maintainers = ["Limezy"] @@ -41,7 +41,6 @@ ram.runtime = "50M" ask.fr = "Nom de l'application que vous souhaitez connecter au flux d'authentification OIDC" type = "string" - [install.secret] ask.en = "OIDC secret of the app you want to connect to the OIDC auth flow" ask.fr = "Secret OIDC de l'application que vous souhaitez connecter au flux d'authentification OIDC" From aeabe6d29758a6b484245efa7283d149f6d4c4e5 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 9 Jan 2024 12:11:31 +0000 Subject: [PATCH 14/14] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c7501f9..cdd0229 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ This YunoHost package will install Dex and setup a canonical OpenID Connect prov - Interfaced with YunoHost's LDAP server -**Shipped version:** 2.37.0~ynh1 +**Shipped version:** 2.37.0~ynh2 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 80cd1cc..10128e7 100644 --- a/README_fr.md +++ b/README_fr.md @@ -24,7 +24,7 @@ Ce package YunoHost installera Dex et configurera un fournisseur canonique OpenI - Flux d'authentification OpenID Connect entièrement fonctionnel - Interfacé avec le serveur LDAP de YunoHost -**Version incluse :** 2.37.0~ynh1 +**Version incluse :** 2.37.0~ynh2 ## Captures d’écran