refactor "install" script and use best practices

- migrate from custom helper '.fonctions' to official helpers - Use '_common.sh' + various templates from 'example_ynh' - update 'manifest' with new Yunohost version requirement - redo 'install' script
2024-09-03 18:26:20 +02:00 · 2018-06-14 18:28:14 +02:00 · 2018-06-14 18:28:14 +02:00 · 42a170b60c
commit 42a170b60c
parent d32447f0b5
7 changed files with 234 additions and 105 deletions
--- a/conf/app.src
+++ b/conf/app.src
@ -0,0 +1,6 @@
+SOURCE_URL=https://download.dokuwiki.org/src/dokuwiki/dokuwiki-2017-02-19b.tgz
+SOURCE_SUM=ea11e4046319710a2bc6fdf58b5cda86
+SOURCE_SUM_PRG=md5sum
+SOURCE_FORMAT=tar.gz
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,42 +1,56 @@
-location __PATHTOCHANGE__ {
-    alias __FINALPATH__/;
+location __PATH__ {

-    if ($scheme = http) {
-      rewrite ^ https://$server_name$request_uri? permanent;
-    }
+  # Path to source
+  alias __FINALPATH__/ ;

-    index index.php;
-    try_files $uri $uri/ index.php;
+  if ($scheme = http) {
+    rewrite ^ https://$server_name$request_uri? permanent;
+  }

-    client_max_body_size 25M;
-    
-    location ~ [^/]\.php(/|$) {
-      fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-      fastcgi_pass unix:/var/run/php5-fpm-__NAMETOCHANGE__.sock;
-      fastcgi_index index.php;
-      include fastcgi_params;
-      fastcgi_param HTTPS on if_not_empty;
-      fastcgi_param REMOTE_USER     $remote_user;
-      fastcgi_param PATH_INFO       $fastcgi_path_info;
-      fastcgi_param SCRIPT_FILENAME $request_filename;
-    }
+  # Example PHP configuration (remove if not used)
+  index index.php;

-    # Secure DokuWiki
-    location ~ ^__PATHTOCHANGE__/(data|conf|bin|inc)/ {
-      deny all;
-    }
+  # Common parameter to increase upload size limit in conjuction with dedicated php-fpm file
+  client_max_body_size 25M;

-    # Deny Access to htaccess-Files for Apache
-    location ~ /\.ht {
-      deny all;
-    }
+  try_files $uri $uri/ index.php;
+  location ~ [^/]\.php(/|$) {
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;

-    # Serve static files
-    location ~ ^/lib.*\.(gif|png|ico|jpg)$ {
-      expires 30d;
-    }
+    # If you don't use a dedicated fpm config for your app,
+    # use a general fpm pool.
+    # This is to be used INSTEAD of line above
+    # Don't forget to adjust scripts install/upgrade/remove/backup accordingly
+    #
+    #fastcgi_pass unix:/var/run/php5-fpm.sock;

-    #--PRIVATE--# Include SSOWAT user panel.
-    #--PRIVATE--include conf.d/yunohost_panel.conf.inc;
+    fastcgi_index index.php;
+    include fastcgi_params;
+    fastcgi_param HTTPS on if_not_empty;
+    fastcgi_param REMOTE_USER     $remote_user;
+    fastcgi_param PATH_INFO       $fastcgi_path_info;
+    fastcgi_param SCRIPT_FILENAME $request_filename;
+  }
+  # PHP configuration end
+
+  # Secure DokuWiki
+  # Try this ?
+  #location __PATH__/(data|conf|bin|inc)/ { {
+  location ~ ^__PATH__/(data|conf|bin|inc)/ {
+    deny all;
+  }
+
+  # Deny Access to htaccess-Files for Apache
+  location ~ /\.ht {
+    deny all;
+  }
+
+  # Serve static files
+  location ~ ^/lib.*\.(gif|png|ico|jpg)$ {
+    expires 30d;
+  }
+
+  # Include SSOWAT user panel.
+  include conf.d/yunohost_panel.conf.inc;
 }
-
--- a/conf/php-fpm.conf
+++ b/conf/php-fpm.conf
@ -32,19 +32,19 @@ group = __USER__
 ; Note: This value is mandatory.
 listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock

-; Set listen(2) backlog.
+; Set listen(2) backlog. A value of '-1' means unlimited.
 ; Default Value: 128 (-1 on FreeBSD and OpenBSD)
 ;listen.backlog = 128

 ; Set permissions for unix socket, if one is used. In Linux, read/write
 ; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions. 
+; BSD-derived systems allow connections regardless of permissions.
 ; Default Values: user and group are set as the running user
 ;                 mode is set to 0660
 listen.owner = www-data
 listen.group = www-data
 ;listen.mode = 0660
- 
+
 ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
 ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
 ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
@ -117,7 +117,7 @@ pm.max_spare_servers = 3
 ; Note: Used only when pm is set to 'ondemand'
 ; Default Value: 10s
 ;pm.process_idle_timeout = 10s;
- 
+
 ; The number of requests each child process should execute before respawning.
 ; This can be useful to work around memory leaks in 3rd party libraries. For
 ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
@ -170,7 +170,7 @@ pm.max_requests = 500
 ;
 ; By default the status page only outputs short status. Passing 'full' in the
 ; query string will also return status for each pool process.
-; Example: 
+; Example:
 ;   http://www.foo.bar/status?full
 ;   http://www.foo.bar/status?json&full
 ;   http://www.foo.bar/status?html&full
@ -220,9 +220,9 @@ pm.max_requests = 500
 ; Note: The value must start with a leading slash (/). The value can be
 ;       anything, but it may not be a good idea to use the .php extension or it
 ;       may conflict with a real PHP file.
-; Default Value: not set 
+; Default Value: not set
 ;pm.status_path = /status
- 
+
 ; The ping URI to call the monitoring page of FPM. If this value is not set, no
 ; URI will be recognized as a ping page. This could be used to test from outside
 ; that FPM is alive and responding, or to
@ -283,7 +283,7 @@ pm.max_requests = 500
 ;      - ....
 ;  %p: PID of the child that serviced the request
 ;  %P: PID of the parent of the child that serviced the request
-;  %q: the query string 
+;  %q: the query string
 ;  %Q: the '?' character if query string exists
 ;  %r: the request URI (without the query string, see %q and %Q)
 ;  %R: remote IP address
@ -298,50 +298,50 @@ pm.max_requests = 500
 ;
 ; Default: "%R - %u %t \"%m %r\" %s"
 ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
- 
+
 ; The log file for slow requests
 ; Default Value: not set
 ; Note: slowlog is mandatory if request_slowlog_timeout is set
 slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log
- 
+
 ; The timeout for serving a single request after which a PHP backtrace will be
 ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 request_slowlog_timeout = 5s
- 
+
 ; The timeout for serving a single request after which the worker process will
 ; be killed. This option should be used when the 'max_execution_time' ini option
 ; does not stop script execution for some reason. A value of '0' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 request_terminate_timeout = 1d
- 
+
 ; Set open file descriptor rlimit.
 ; Default Value: system defined value
 ;rlimit_files = 1024
- 
+
 ; Set max core size rlimit.
 ; Possible Values: 'unlimited' or an integer greater or equal to 0
 ; Default Value: system defined value
 ;rlimit_core = 0
- 
+
 ; Chroot to this directory at the start. This value must be defined as an
 ; absolute path. When this value is not set, chroot is not used.
 ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
 ; of its subdirectories. If the pool prefix is not set, the global prefix
 ; will be used instead.
-; Note: chrooting is a great security feature and should be used whenever 
+; Note: chrooting is a great security feature and should be used whenever
 ;       possible. However, all PHP paths will be relative to the chroot
 ;       (error_log, sessions.save_path, ...).
 ; Default Value: not set
-;chroot = 
- 
+;chroot =
+
 ; Chdir to this directory at the start.
 ; Note: relative path can be used.
 ; Default Value: current directory or / when chroot
 chdir = __FINALPATH__
- 
+
 ; Redirect worker stdout and stderr into main error log. If not set, stdout and
 ; stderr will be redirected to /dev/null according to FastCGI specs.
 ; Note: on highloaded environement, this can cause some delay in the page
@ -356,7 +356,7 @@ catch_workers_output = yes
 ; Note: set an empty value to allow all extensions.
 ; Default Value: .php
 ;security.limit_extensions = .php .php3 .php4 .php5
- 
+
 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
 ; the current environment.
 ; Default Value: clean env
@ -370,7 +370,7 @@ catch_workers_output = yes
 ; overwrite the values previously defined in the php.ini. The directives are the
 ; same as the PHP SAPI:
 ;   php_value/php_flag             - you can set classic ini defines which can
-;                                    be overwritten from PHP call 'ini_set'. 
+;                                    be overwritten from PHP call 'ini_set'.
 ;   php_admin_value/php_admin_flag - these directives won't be overwritten by
 ;                                     PHP call 'ini_set'
 ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
@ -389,4 +389,4 @@ catch_workers_output = yes
 ;php_flag[display_errors] = off
 ;php_admin_value[error_log] = /var/log/fpm-php.www.log
 ;php_admin_flag[log_errors] = on
-;php_admin_value[memory_limit] = 32M
+;php_admin_value[memory_limit] = 32M
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -0,0 +1,13 @@
+[Unit]
+Description=Small description of the service
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/
+ExecStart=__FINALPATH__/script >> /var/log/__APP__/__APP__.log 2>&1
+
+[Install]
+WantedBy=multi-user.target
--- a/manifest.json
+++ b/manifest.json
@ -3,7 +3,7 @@
    "id": "dokuwiki",
    "packaging_format": 1,
    "requirements": {
-        "yunohost": ">> 2.3.15"
+        "yunohost": ">> 2.6.4"
    },
    "description": {
        "en": "DokuWiki is a simple to use and highly versatile Open Source wiki software that doesn't require a database.",
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -0,0 +1,13 @@
+#!/bin/bash
+
+# ============= FUTURE YUNOHOST HELPER =============
+# Delete a file checksum from the app settings
+#
+# $app should be defined when calling this helper
+#
+# usage: ynh_remove_file_checksum file
+# | arg: file - The file for which the checksum will be deleted
+ynh_delete_file_checksum () {
+	local checksum_setting_name=checksum_${1//[\/ ]/_}	# Replace all '/' and ' ' by '_'
+	ynh_app_setting_delete $app $checksum_setting_name
+}
--- a/scripts/install
+++ b/scripts/install
@ -1,7 +1,30 @@
 #!/bin/bash

-# Exit on command errors and treat unset variables as an error
-set -eu
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# RETRIEVE ARGUMENTS FROM THE MANIFEST
+#=================================================
+
+domain=$YNH_APP_ARG_DOMAIN
+path_url=$YNH_APP_ARG_PATH
+admin=$YNH_APP_ARG_ADMIN
+is_public=$YNH_APP_ARG_IS_PUBLIC
+#language=$YNH_APP_ARG_LANGUAGE

 # This is a multi-instance app, meaning it can be installed several times independently
 # The id of the app as stated in the manifest is available as $YNH_APP_ID
@ -13,55 +36,103 @@ set -eu
 # The app instance name is probably what you are interested the most, since this is
 # guaranteed to be unique. This is a good unique identifier to define installation path,
 # db names, ...
-# Retrieve arguments
-
-source .fonctions	# Loads the generic functions usually used in the script
-# Source app helpers
-source /usr/share/yunohost/helpers
-
-TRAP_ON	# Active trap for strop script if detect error.
-
-domain=$YNH_APP_ARG_DOMAIN
-path=$YNH_APP_ARG_PATH
-admin=$YNH_APP_ARG_ADMIN
-is_public=$YNH_APP_ARG_IS_PUBLIC
-
 app=$YNH_APP_INSTANCE_NAME

-CHECK_VAR "$app" "app name not set"
+#=================================================
+# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
+#=================================================

-CHECK_USER "$admin"
+final_path=/var/www/$app
+test ! -e "$final_path" || ynh_die "This path already contains a folder"

-CHECK_PATH
+# Normalize the url path syntax
+path_url=$(ynh_normalize_url_path $path_url)

-CHECK_DOMAINPATH
+# Check web path availability
+ynh_webpath_available $domain $path_url
+# Register (book) web path
+ynh_webpath_register $app $domain $path_url

-CHECK_FINALPATH
+#=================================================
+# STORE SETTINGS FROM MANIFEST
+#=================================================

-# Save app settings
 ynh_app_setting_set $app domain $domain
-ynh_app_setting_set $app path $path
+ynh_app_setting_set $app path $path_url
 ynh_app_setting_set $app admin $admin
 ynh_app_setting_set $app is_public $is_public
+#ynh_app_setting_set $app language $language

-# Create system user dedicace for this app
+#=================================================
+# STANDARD MODIFICATIONS
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+
+ynh_app_setting_set $app final_path $final_path
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source "$final_path"
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+
+# Create a dedicated nginx config
+ynh_add_nginx_config
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+
+# Create a system user
 ynh_system_user_create $app

+#=================================================
+# PHP-FPM CONFIGURATION
+#=================================================
+
+# Create a dedicated php-fpm config
+ynh_add_fpm_config
+
+#=================================================
+# SPECIFIC SETUP
+#=================================================
+# ...
+#=================================================
+
+#=================================================
+# SETUP SYSTEMD
+#=================================================
+
+# Create a dedicated systemd config
+ynh_systemd_config
+
+#=================================================
+# MODIFY A CONFIG FILE
+#=================================================
+
 # Modify dokuwiki conf
-sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
-
-# Copy files to the right place
-sudo mkdir "$final_path"
-ynh_app_setting_set $app final_path $final_path
-
-# Get source
-SETUP_SOURCE
+#sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
+ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/dokuwiki.php"

 sudo cp ../conf/dokuwiki.php $final_path/conf
 sudo cp ../conf/acl.auth.php $final_path/conf

+#=================================================
+# STORE THE CHECKSUM OF THE CONFIG FILE
+#=================================================
+
+# Calculate and store the config file checksum into the app settings
+ynh_store_file_checksum "$final_path/conf/dokuwiki.php"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SECURE FILES AND DIRECTORIES
+#=================================================
+
 # Files owned by dokuwiki can just read
-sudo chown -R root: $final_path
+chown -R root: $final_path

 # except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions
 sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
@ -70,25 +141,37 @@ sudo chmod -R 700 $final_path/data
 sudo chmod -R 755 $final_path/lib/plugins
 sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}

-# Modify Nginx configuration file and copy it to Nginx conf directory
-sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
-sudo sed -i "s@__PATHTOCHANGE__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf
-sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/$domain.d/$app.conf
-sudo sed -i "s@__NAMETOCHANGE__@$app@g" /etc/nginx/conf.d/$domain.d/$app.conf
+#=================================================
+# SETUP LOGROTATE
+#=================================================

-if [ "$is_public" = "Yes" ];
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate
+
+#=================================================
+# ADVERTISE SERVICE IN ADMIN PANEL
+#=================================================
+
+#yunohost service add NAME_INIT.D --log "/var/log/FILE.log"
+yunohost service add "$app" --log "/var/log/$app/$app.log"
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+
+if [ $is_public -eq 0 ]
+then	# Remove the public access
+	ynh_app_setting_delete $app skipped_uris
+fi
+# Make app public if necessary
+if [ $is_public -eq 1 ]
 then
-	sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf
+	# unprotected_uris allows SSO credentials to be passed anyway.
+	ynh_app_setting_set $app unprotected_uris "/"
 fi

-# Create the php-fpm pool config
-POOL_FPM
+#=================================================
+# RELOAD NGINX
+#=================================================

-# If app is public, add url to SSOWat conf as skipped_uris
-if [[ $is_public -eq 1 ]]; then
-  # unprotected_uris allows SSO credentials to be passed anyway.
-  ynh_app_setting_set "$app" unprotected_uris "/"
-fi
-
-# Reload Nginx
-sudo systemctl reload nginx
+systemctl reload nginx