YunoHost-Apps/dokuwiki_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dokuwiki_ynh.git synced 2024-09-03 18:26:20 +02:00
Code Issues Activity Actions

[fix] Fix issue #25 #26 #27 (#28)

Browse source 
* [fix] Reactivate integrity check #26

* [fix] Use boolean type for is_public #25

* [fix] isolate user with php-fpm

* [fix] boolean is_public for check_process

* [fix] Create user for upgrade and restore

* [fix] delete choices manifest.json

* [fix] load generic function

* [fix] delete reload php5-fpm

* [fix] owner file with user dokuwiki

* [fix] correctly ssowat config for install

* [fix] Get file fonction if not been to the current directory

* [fix] owner file with user dokuwiki - upgrade

* [fix] Clean code

* Reload php-fpm et after remove user

* [fix] upgrade php5-fpm with a good user

* [fix] owner root for all files & owner dokuwiki for write access

* [fix] owner root for all files & owner dokuwiki for write access (upgrade script)

* [fix] owner read & write for plugins directory
This commit is contained in:
__cyp 2017-07-12 19:22:08 +02:00 committed by JimboJoe
parent 881adf9457
commit 795059f383
8 changed files with 135 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
check_process
View file

@ -4,7 +4,7 @@
domain="domain.tld" (DOMAIN) domain="domain.tld" (DOMAIN)
path="/path" (PATH) path="/path" (PATH)
admin="john" (USER) admin="john" (USER)
is_public="Yes" (PUBLIC|public=Yes|private=No) is_public=1 (PUBLIC|public=1|private=0)
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1

4
conf/php-fpm.conf
View file

@ -19,8 +19,8 @@
; Unix user/group of processes ; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group ; Note: The user is mandatory. If the group is not set, the default user's group
; will be used. ; will be used.
user = www-data user = __USER__
group = www-data group = __USER__
; The address on which to accept FastCGI requests. ; The address on which to accept FastCGI requests.
; Valid syntaxes are: ; Valid syntaxes are:

4
manifest.json
View file

@ -56,12 +56,12 @@
}, },
{ {
"name": "is_public", "name": "is_public",
"type": "boolean",
"ask": { "ask": {
"en": "Is it a public DokuWiki site ?", "en": "Is it a public DokuWiki site ?",
"fr": "Est-ce un site public ?" "fr": "Est-ce un site public ?"
}, },
"choices": ["Yes", "No"], "default": "true"
"default": "Yes"
} }
] ]
} }

78
scripts/.fonctions
View file

@ -69,7 +69,7 @@ SETUP_SOURCE () { # Download source, decompress and copu into $final_path
src=$(cat ../sources/source_md5 | awk -F' ' {'print $2'}) src=$(cat ../sources/source_md5 | awk -F' ' {'print $2'})
sudo wget -nv -i ../sources/source_url -O $src sudo wget -nv -i ../sources/source_url -O $src
# Checks the checksum of the downloaded source. # Checks the checksum of the downloaded source.
# md5sum -c ../sources/source_md5 --status || ynh_die "Corrupt source" md5sum -c ../sources/source_md5 --status || ynh_die "Corrupt source"
# Decompress source # Decompress source
if [ "$(echo ${src##*.})" == "tgz" ]; then if [ "$(echo ${src##*.})" == "tgz" ]; then
tar -x -f $src tar -x -f $src
@ -89,6 +89,7 @@ SETUP_SOURCE () { # Download source, decompress and copu into $final_path
POOL_FPM () { # Create the php-fpm pool configuration file and configure it. POOL_FPM () { # Create the php-fpm pool configuration file and configure it.
sed -i "s@__NAMETOCHANGE__@$app@g" ../conf/php-fpm.conf sed -i "s@__NAMETOCHANGE__@$app@g" ../conf/php-fpm.conf
sed -i "s@__FINALPATH__@$final_path@g" ../conf/php-fpm.conf sed -i "s@__FINALPATH__@$final_path@g" ../conf/php-fpm.conf
sed -i "s@__USER__@$app@g" ../conf/php-fpm.conf
finalphpconf=/etc/php5/fpm/pool.d/$app.conf finalphpconf=/etc/php5/fpm/pool.d/$app.conf
sudo cp ../conf/php-fpm.conf $finalphpconf sudo cp ../conf/php-fpm.conf $finalphpconf
sudo chown root: $finalphpconf sudo chown root: $finalphpconf
@ -177,4 +178,77 @@ SECURE_REMOVE () { # Deleting a folder with variable verification
echo "No detected variable." >&2 echo "No detected variable." >&2
return 1 return 1
fi fi
} }
# Check if a YunoHost user exists
#
# example: ynh_user_exists 'toto' || exit 1
#
# usage: ynh_user_exists username
# | arg: username - the username to check
ynh_user_exists() {
sudo yunohost user list --output-as json | grep -q "\"username\": \"${1}\""
}
# Retrieve a YunoHost user information
#
# example: mail=$(ynh_user_get_info 'toto' 'mail')
#
# usage: ynh_user_get_info username key
# | arg: username - the username to retrieve info from
# | arg: key - the key to retrieve
# | ret: string - the key's value
ynh_user_get_info() {
sudo yunohost user info "$1" --output-as plain | ynh_get_plain_key "$2"
}
# Get the list of YunoHost users
#
# example: for u in $(ynh_user_list); do ...
#
# usage: ynh_user_list
# | ret: string - one username per line
ynh_user_list() {
sudo yunohost user list --output-as plain --quiet \
| awk '/^##username$/{getline; print}'
}
# Check if a user exists on the system
#
# usage: ynh_system_user_exists username
# | arg: username - the username to check
ynh_system_user_exists() {
getent passwd "$1" &>/dev/null
}
# Create a system user
#
# usage: ynh_system_user_create user_name [home_dir]
# | arg: user_name - Name of the system user that will be create
# | arg: home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home
ynh_system_user_create () {
if ! ynh_system_user_exists "$1" # Check if the user exists on the system
then # If the user doesn't exist
if [ $# -ge 2 ]; then # If a home dir is mentioned
user_home_dir="-d $2"
else
user_home_dir="--no-create-home"
fi
sudo useradd $user_home_dir --system --user-group $1 --shell /usr/sbin/nologin || ynh_die "Unable to create $1 system account"
fi
}
# Delete a system user
#
# usage: ynh_system_user_delete user_name
# | arg: user_name - Name of the system user that will be create
ynh_system_user_delete () {
if ynh_system_user_exists "$1" # Check if the user exists on the system
then
echo "Remove the user $1" >&2
sudo userdel $1
else
echo "The user $1 was not found" >&2
fi
}

37
scripts/install
View file

@ -44,6 +44,9 @@ ynh_app_setting_set $app path $path
ynh_app_setting_set $app admin $admin ynh_app_setting_set $app admin $admin
ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app is_public $is_public
# Create system user dedicace for this app
ynh_system_user_create $app
# Modify dokuwiki conf # Modify dokuwiki conf
sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
@ -57,17 +60,15 @@ SETUP_SOURCE
sudo cp ../conf/dokuwiki.php $final_path/conf sudo cp ../conf/dokuwiki.php $final_path/conf
sudo cp ../conf/acl.auth.php $final_path/conf sudo cp ../conf/acl.auth.php $final_path/conf
# Files owned by www-data can just read # Files owned by dokuwiki can just read
# sudo find $final_path -type f -print0 | xargs -0 sudo chmod 0644 sudo chown -R root: $final_path
# sudo find $final_path -type d -print0 | xargs -0 sudo chmod 0755
sudo chown -R www-data: $final_path
# except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions # except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions
sudo chown -R www-data:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl} sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
sudo chmod -R 700 $final_path/conf sudo chmod -R 700 $final_path/conf
sudo chmod -R 700 $final_path/data sudo chmod -R 700 $final_path/data
sudo chmod -R 700 $final_path/lib/plugins sudo chmod -R 755 $final_path/lib/plugins
sudo chmod -R 700 $final_path/lib/tpl sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
# Modify Nginx configuration file and copy it to Nginx conf directory # Modify Nginx configuration file and copy it to Nginx conf directory
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
@ -83,19 +84,11 @@ fi
# Create the php-fpm pool config # Create the php-fpm pool config
POOL_FPM POOL_FPM
# Public access for curl # If app is public, add url to SSOWat conf as skipped_uris
ynh_app_setting_set $app unprotected_uris "/" if [[ $is_public -eq 1 ]]; then
# unprotected_uris allows SSO credentials to be passed anyway.
# Relaod SSOwat configuration ynh_app_setting_set "$app" unprotected_uris "/"
sudo yunohost app ssowatconf
# Reload php5-fpm and Nginx
sudo systemctl reload php5-fpm
sudo systemctl reload nginx
if [ "$is_public" = "No" ];
then
# Exit public access
ynh_app_setting_delete $app unprotected_uris
sudo yunohost app ssowatconf
fi fi
# Reload Nginx
sudo systemctl reload nginx

5
scripts/remove
View file

@ -6,6 +6,8 @@ set -u
# Get multi-instances specific variables # Get multi-instances specific variables
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Loads the generic functions usually used in the script
source .fonctions
# Source app helpers # Source app helpers
. /usr/share/yunohost/helpers . /usr/share/yunohost/helpers
@ -22,4 +24,7 @@ sudo rm -f "/etc/php5/fpm/conf.d/20-${app}.ini"
sudo systemctl reload php5-fpm sudo systemctl reload php5-fpm
sudo systemctl reload nginx sudo systemctl reload nginx
# Delete system user dedicace for this app
ynh_system_user_delete $app
echo -e "\e[0m" # Restore normal color echo -e "\e[0m" # Restore normal color

12
scripts/restore
View file

@ -7,6 +7,13 @@ set -eu
# The parameter $2 is the id of the app instance ex: ynhexample__2 # The parameter $2 is the id of the app instance ex: ynhexample__2
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
if [ ! -e .fonctions ]; then
# Get file fonction if not been to the current directory
sudo cp ../settings/scripts/.fonctions ./.fonctions
sudo chmod a+rx .fonctions
fi
# Loads the generic functions usually used in the script
source .fonctions
# Source app helpers # Source app helpers
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
@ -41,11 +48,14 @@ if [ -f $phpfpm_ini ]; then
ynh_die "The PHP FPM INI configuration already exists at '${phpfpm_ini}'. You should safely delete it before restoring this app." ynh_die "The PHP FPM INI configuration already exists at '${phpfpm_ini}'. You should safely delete it before restoring this app."
fi fi
# Create system user dedicace for this app
ynh_system_user_create $app
# Restore sources & data # Restore sources & data
sudo cp -a ./sources "${final_path}" sudo cp -a ./sources "${final_path}"
# Set permissions # Set permissions
sudo chown -R www-data: "${final_path}" sudo chown -R $app: "${final_path}"
# Restore nginx configuration files # Restore nginx configuration files
sudo cp -a ./nginx.conf "${nginx_conf}" sudo cp -a ./nginx.conf "${nginx_conf}"

37
scripts/upgrade
View file

@ -3,6 +3,12 @@
# Exit on command errors and treat unset variables as an error # Exit on command errors and treat unset variables as an error
set -eu set -eu
if [ ! -e .fonctions ]; then
# Get file fonction if not been to the current directory
sudo cp ../settings/scripts/.fonctions ./.fonctions
sudo chmod a+rx .fonctions
fi
# Loads the generic functions usually used in the script
source .fonctions source .fonctions
# Source app helpers # Source app helpers
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
@ -38,6 +44,9 @@ then
sudo ynh_app_setting_set $app is_public -v "$is_public" sudo ynh_app_setting_set $app is_public -v "$is_public"
fi fi
# Create system user dedicace for this app
ynh_system_user_create $app
# Modify dokuwiki conf # Modify dokuwiki conf
sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
@ -80,24 +89,23 @@ do
done done
# Files owned by www-data can just read # Files owned by www-data can just read
# sudo find $final_path -type f -print0 | xargs -0 sudo chmod 0644 sudo chown -R root: $final_path
# sudo find $final_path -type d -print0 | xargs -0 sudo chmod 0755
sudo chown -R www-data: $final_path
# except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions # except for conf, data, some data subfolders, and lib/plugin, where dokuwiki must have write permissions
if [ -d "${final_path}/data/media" ]; then if [ -d "${final_path}/data/media" ]; then
sudo chown -R www-data:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp} sudo chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
fi fi
sudo chown -R www-data:root $final_path/{conf,data,lib/plugins,lib/tpl} sudo chown -R $app:root $final_path/{conf,data,lib/plugins,lib/tpl}
sudo chmod -R 700 $final_path/conf sudo chmod -R 700 $final_path/conf
sudo chmod -R 700 $final_path/data sudo chmod -R 700 $final_path/data
sudo chmod -R 700 $final_path/lib/plugins sudo chmod -R 700 $final_path/lib/plugins
sudo chmod -R 700 $final_path/lib/tpl sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
# Modify Nginx configuration file and copy it to Nginx conf directory # Modify Nginx configuration file and copy it to Nginx conf directory
sudo sed -i "s@__PATHTOCHANGE__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf sudo sed -i "s@__PATHTOCHANGE__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf
sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/$domain.d/$app.conf sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/$domain.d/$app.conf
sudo sed -i "s@__NAMETOCHANGE__@$app@g" /etc/nginx/conf.d/$domain.d/$app.conf # sudo sed -i "s@__NAMETOCHANGE__@$app@g" /etc/nginx/conf.d/$domain.d/$app.conf
sudo sed -i "s@fastcgi_pass unix:/var/run/php5-fpm.sock;@fastcgi_pass unix:/var/run/php5-fpm-${app}.sock;@g" /etc/nginx/conf.d/$domain.d/$app.conf
if [ "$is_public" = "Yes" ]; if [ "$is_public" = "Yes" ];
then then
@ -107,13 +115,14 @@ fi
# Create the php-fpm pool config # Create the php-fpm pool config
POOL_FPM POOL_FPM
# Setup SSOwat # Set ssowat config
ynh_app_setting_set "$app" is_public "$is_public" if [ "$is_public" = "Yes" ]; then
if [ "$is_public" = "Yes" ]; ynh_app_setting_set $app is_public 1 # Fixe is_public en booléen
then is_public=1
ynh_app_setting_set "$app" unprotected_uris "/" else
ynh_app_setting_set $app is_public 0
is_public=0
fi fi
sudo systemctl reload php5-fpm
sudo systemctl reload nginx sudo systemctl reload nginx
sudo yunohost app ssowatconf sudo yunohost app ssowatconf