YunoHost-Apps/dokuwiki_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dokuwiki_ynh.git synced 2024-09-03 18:26:20 +02:00
Code Issues Activity Actions

Template (#85)

Browse source
This commit is contained in:
Éric Gaspar 2021-11-24 21:21:02 +01:00 committed by GitHub
parent abd2c0fc44
commit 89fc6747b1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 253 additions and 227 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View file

Binary file not shown.

59
README.md
View file

@ -1,34 +1,22 @@
# DokuWiki for YunoHost
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
It shall NOT be edited by hand.
-->
# Dokuwiki for YunoHost
[![Integration level](https://dash.yunohost.org/integration/dokuwiki.svg)](https://dash.yunohost.org/appci/app/dokuwiki) ![](https://ci-apps.yunohost.org/ci/badges/dokuwiki.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/dokuwiki.maintain.svg)
[![Install DokuWiki with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=dokuwiki)
[![Install Dokuwiki with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=dokuwiki)
*[Lire ce readme en français.](./README_fr.md)*
> *This package allows you to install DokuWiki quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
> *This package allows you to install Dokuwiki quickly and simply on a YunoHost server.
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
## Overview
DokuWiki is a simple to use and highly versatile Open Source wiki software that doesn't require a database. It is loved by users for its clean and readable syntax. The ease of maintenance, backup and integration makes it an administrator's favorite. Built in access controls and authentication connectors make DokuWiki especially useful in the enterprise context and the large number of plugins contributed by its vibrant community allow for a broad range of use cases beyond a traditional wiki.
**Shipped version:** 2020-07-29
## Screenshots
![Screenshot of DokuWiki main window](sources/DokuWiki_Screenshot.png)
## Demo
* [YunoHost demo](https://demo.yunohost.org/dokuwiki/doku.php?id=start&do=login&u=demo&p=demo)
## Configuration
## Documentation
* Official documentation: https://www.dokuwiki.org/manual
* YunoHost documentation: https://yunohost.org/en/app_dokuwiki
## YunoHost specific features
* Integrate with YunoHost users and SSO - i.e. logout button
@ -36,27 +24,32 @@ DokuWiki is a simple to use and highly versatile Open Source wiki software that
* Default authorization is set as read only so guest people cannot edit pages. (Especially needed if wiki is public to avoid spam and defacing. Can be changed from admin panel)
* During the upgrade, official plugins are also upgraded. We recommend that you should check that they run properly in the administration panel after the upgrade. We cannot know if some plugins are broken...
### Supported architectures
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/dokuwiki%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/dokuwiki/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/dokuwiki%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/dokuwiki/)
**Shipped version:** 2020.07.29~ynh4
**Demo:** https://demo.yunohost.org/dokuwiki/doku.php?id=start&do=login&u=demo&p=demo
## Screenshots
![](./doc/screenshots/DokuWiki_Screenshot.png)
## Disclaimers / important information
## Limitations
* Cannot create or login with DokuWiki internal users, only users from YunoHost (Work needed for [authchained plugin](https://www.dokuwiki.org/plugin:authchained))
## Links
## Documentation and resources
* Official app website: https://www.dokuwiki.org
* Official admin documentation: https://www.dokuwiki.org/manual
* Upstream app code repository: https://github.com/splitbrain/dokuwiki
* YunoHost documentation for this app: https://yunohost.org/app_dokuwiki
* Report a bug: https://github.com/YunoHost-Apps/dokuwiki_ynh/issues
* App website: https://www.dokuwiki.org
* Upstream app repository: https://github.com/splitbrain/dokuwiki
* YunoHost website: https://yunohost.org
---
## Developer info
## Developers infos
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/dokuwiki_ynh/tree/testing)
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/dokuwiki_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
@ -64,3 +57,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/dokuwiki_ynh/tree/tes
or
sudo yunohost app upgrade dokuwiki -u https://github.com/YunoHost-Apps/dokuwiki_ynh/tree/testing --debug
```
**More info regarding app packaging:** https://yunohost.org/packaging_apps

58
README_fr.md
View file

@ -1,34 +1,18 @@
# DokuWiki pour YunoHost
# Dokuwiki pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/dokuwiki.svg)](https://dash.yunohost.org/appci/app/dokuwiki) ![](https://ci-apps.yunohost.org/ci/badges/dokuwiki.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/dokuwiki.maintain.svg)
[![Installer DokuWiki avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=dokuwiki)
[![Installer Dokuwiki avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=dokuwiki)
*[Read this readme in english.](./README.md)*
*[Lire ce readme en français.](./README_fr.md)*
> *Ce package vous permet d'installer DokuWiki rapidement et simplement sur un serveur YunoHost.
> *Ce package vous permet d'installer Dokuwiki rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
## Vue d'ensemble
DokuWiki est un logiciel wiki Open Source simple à utiliser et très polyvalent qui ne nécessite pas de base de données. Il est apprécié par les utilisateurs pour sa syntaxe propre et lisible. La facilité de maintenance, de sauvegarde et d'intégration en fait un favori d'administrateur. Des contrôles d'accès et des connecteurs d'authentification intégrés rendent DokuWiki particulièrement utile dans le contexte de l'entreprise et le grand nombre de plugins apportés par sa communauté dynamique permettent un large éventail de cas d'utilisation au-delà d'un wiki traditionnel.
**Version incluse:** 2020-07-29
## Captures d'écran
![Capture d'écran](sources/DokuWiki_Screenshot.png)
## Démo
* [Démo YunoHost](https://demo.yunohost.org/dokuwiki/doku.php?id=start&do=login&u=demo&p=demo)
## Configuration
## Documentation
* Documentation officielle : https://www.dokuwiki.org/manual
* Documentation YunoHost : https://yunohost.org/fr/app_dokuwiki
## Caractéristiques spécifiques YunoHost
* Fonctionne avec les utilisateurs YunoHost ainsi que le SSO - i.e. button de déconnexion
@ -36,36 +20,38 @@ DokuWiki est un logiciel wiki Open Source simple à utiliser et très polyvalent
* Droits d'édition par défaut du wiki définis en lecture seule afin que les invités ne puissent éditer les pages. (Nécessaire surtout lorsque le wiki est public pour éviter le spam et le vandalisme. Peut être changé depuis la partie administration du wiki)
* Lors de la mise à jour, les plugins officiels sont également mis à jour. Nous vous recommandons toutefois de vérifier le bon fonctionnement des plugins dans le panneau d'administration après cette opération. Nous ne pouvons pas savoir si des plugins spéciaux posent problèmes...
### Architectures matérielles supportées
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/dokuwiki%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/dokuwiki/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/dokuwiki%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/dokuwiki/)
**Version incluse :** 2020.07.29~ynh4
**Démo :** https://demo.yunohost.org/dokuwiki/doku.php?id=start&do=login&u=demo&p=demo
## Captures d'écran
![](./doc/screenshots/DokuWiki_Screenshot.png)
## Avertissements / informations importantes
## Limitations
* Impossible d'ajouter et d'utiliser les utilisateurs internes de DokuWiki, seulement ceux de YunoHost (travail nécessaire pour [authchained plugin](https://www.dokuwiki.org/plugin:authchained))
## Informations additionnelles
## Documentations et ressources
### Historique des versions
## Liens
* Signaler un bug : https://github.com/YunoHost-Apps/dokuwiki_ynh/issues
* Site de l'application : https://www.dokuwiki.org
* Dépôt de l'application principale : https://github.com/splitbrain/dokuwiki
* Site web YunoHost : https://yunohost.org/
---
* Site officiel de l'app : https://www.dokuwiki.org
* Documentation officielle de l'admin : https://www.dokuwiki.org/manual
* Dépôt de code officiel de l'app : https://github.com/splitbrain/dokuwiki
* Documentation YunoHost pour cette app : https://yunohost.org/app_dokuwiki
* Signaler un bug : https://github.com/YunoHost-Apps/dokuwiki_ynh/issues
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/dokuwiki_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
```bash
```
sudo yunohost app install https://github.com/YunoHost-Apps/dokuwiki_ynh/tree/testing --debug
ou
sudo yunohost app upgrade dokuwiki -u https://github.com/YunoHost-Apps/dokuwiki_ynh/tree/testing --debug
```
**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps

8
check_process
View file

@ -1,10 +1,10 @@
;; Test complet
auto_remove=1
; Manifest
domain="domain.tld" (DOMAIN)
path="/path" (PATH)
admin="john" (USER)
is_public=1 (PUBLIC|public=1|private=0)
domain="domain.tld"
path="/path"
admin="john"
is_public=1
language=en
; Checks
pkg_linter=1

1
conf/app.src
View file

@ -3,4 +3,3 @@ SOURCE_SUM=cc1cd9f00095fea327baa79d8f02c904fe1c37bc3f8fd9999eaf646ee9928884
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

2
conf/local.php
View file

@ -10,4 +10,4 @@
/* Basic Settings */
$conf['lang'] = '__YNH_LANGUAGE__'; //your language
$conf['lang'] = '__LANGUAGE__'; //your language

7
conf/nginx.conf
View file

@ -9,12 +9,7 @@ location __PATH__/ {
# Path to source
alias __FINALPATH__/ ;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
index index.php;
index index.php doku.php;
# Common parameter to increase upload size limit in conjuction with dedicated php-fpm file
client_max_body_size 25M;

BIN
doc/.DS_Store vendored Normal file
View file

Binary file not shown.

8
doc/DESCRIPTION.md Normal file
View file

@ -0,0 +1,8 @@
DokuWiki is a simple to use and highly versatile Open Source wiki software that doesn't require a database. It is loved by users for its clean and readable syntax. The ease of maintenance, backup and integration makes it an administrator's favorite. Built in access controls and authentication connectors make DokuWiki especially useful in the enterprise context and the large number of plugins contributed by its vibrant community allow for a broad range of use cases beyond a traditional wiki.
## YunoHost specific features
* Integrate with YunoHost users and SSO - i.e. logout button
* Allow one user to be the "administrator" (set at the installation)
* Default authorization is set as read only so guest people cannot edit pages. (Especially needed if wiki is public to avoid spam and defacing. Can be changed from admin panel)
* During the upgrade, official plugins are also upgraded. We recommend that you should check that they run properly in the administration panel after the upgrade. We cannot know if some plugins are broken...

8
doc/DESCRIPTION_fr.md Normal file
View file

@ -0,0 +1,8 @@
DokuWiki est un logiciel wiki Open Source simple à utiliser et très polyvalent qui ne nécessite pas de base de données. Il est apprécié par les utilisateurs pour sa syntaxe propre et lisible. La facilité de maintenance, de sauvegarde et d'intégration en fait un favori d'administrateur. Des contrôles d'accès et des connecteurs d'authentification intégrés rendent DokuWiki particulièrement utile dans le contexte de l'entreprise et le grand nombre de plugins apportés par sa communauté dynamique permettent un large éventail de cas d'utilisation au-delà d'un wiki traditionnel.
## Caractéristiques spécifiques YunoHost
* Fonctionne avec les utilisateurs YunoHost ainsi que le SSO - i.e. button de déconnexion
* Définit un utilisateur "administrateur" lors de l'installation
* Droits d'édition par défaut du wiki définis en lecture seule afin que les invités ne puissent éditer les pages. (Nécessaire surtout lorsque le wiki est public pour éviter le spam et le vandalisme. Peut être changé depuis la partie administration du wiki)
* Lors de la mise à jour, les plugins officiels sont également mis à jour. Nous vous recommandons toutefois de vérifier le bon fonctionnement des plugins dans le panneau d'administration après cette opération. Nous ne pouvons pas savoir si des plugins spéciaux posent problèmes...

3
doc/DISCLAIMER.md Normal file
View file

@ -0,0 +1,3 @@
## Limitations
* Cannot create or login with DokuWiki internal users, only users from YunoHost (Work needed for [authchained plugin](https://www.dokuwiki.org/plugin:authchained))

3
doc/DISCLAIMER_fr.md Normal file
View file

@ -0,0 +1,3 @@
## Limitations
* Impossible d'ajouter et d'utiliser les utilisateurs internes de DokuWiki, seulement ceux de YunoHost (travail nécessaire pour [authchained plugin](https://www.dokuwiki.org/plugin:authchained))

0
sources/DokuWiki_Screenshot.png → doc/screenshots/DokuWiki_Screenshot.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 138 KiB

After

Width:  |  Height:  |  Size: 138 KiB

27
manifest.json
View file

@ -3,14 +3,21 @@
"id": "dokuwiki",
"packaging_format": 1,
"description": {
"en": "A lightweight, simple to use and highly versatile wiki",
"fr": "Un wiki léger, simple à utiliser et très polyvalent",
"de": "Ein standardkonformes, einfach zu benutzendes Wiki und zielt hauptsächlich auf die Erstellung von Dokumentationen aller Art ab.",
"es": "Un sistema de Wiki de uso sencillicimo y compatible con los estándares.",
"it": "Un Wiki aderente agli standard, semplice da usare, finalizzato principalmente alla creazione di documentazione di qualsiasi tipo."
"en": "Lightweight, simple to use and highly versatile wiki",
"fr": "Wiki léger, simple à utiliser et très polyvalent",
"de": "Standardkonformes, einfach zu benutzendes Wiki und zielt hauptsächlich auf die Erstellung von Dokumentationen aller Art ab",
"es": "Sistema de Wiki de uso sencillicimo y compatible con los estándares",
"it": "Wiki aderente agli standard, semplice da usare, finalizzato principalmente alla creazione di documentazione di qualsiasi tipo"
},
"version": "2020-07-29~ynh4",
"version": "2020.07.29~ynh4",
"url": "https://www.dokuwiki.org",
"upstream": {
"license": "GPL-2.0-or-later",
"website": "https://www.dokuwiki.org",
"demo": "https://demo.yunohost.org/dokuwiki/doku.php?id=start&do=login&u=demo&p=demo",
"admindoc": "https://www.dokuwiki.org/manual",
"code": "https://github.com/splitbrain/dokuwiki"
},
"license": "GPL-2.0-or-later",
"maintainer": {
"name": "Gofannon",
@ -22,7 +29,7 @@
"email": "opi@zeropi.net"
}],
"requirements": {
"yunohost": ">= 4.1.7"
"yunohost": ">= 4.3.0"
},
"multi_instance": true,
"services": [
@ -33,8 +40,7 @@
"install" : [
{
"name": "domain",
"type": "domain",
"example": "domain.org"
"type": "domain"
},
{
"name": "path",
@ -44,8 +50,7 @@
},
{
"name": "admin",
"type": "user",
"example": "johndoe"
"type": "user"
},
{
"name": "is_public",

3
scripts/_common.sh
View file

@ -4,10 +4,9 @@
# COMMON VARIABLES
#=================================================
YNH_PHP_VERSION="7.3"
extra_php_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap php${YNH_PHP_VERSION}-gd"
pkg_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap php${YNH_PHP_VERSION}-gd"
#=================================================
# PERSONAL HELPERS

109
scripts/install
View file

@ -48,6 +48,21 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=language --value=$language
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=2
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# STANDARD MODIFICATIONS
#=================================================
@ -59,6 +74,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -67,21 +86,13 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=2
# Create a system user
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring PHP-FPM..." --weight=2
# Create a dedicated PHP-FPM config
ynh_add_fpm_config --package="$extra_php_dependencies"
ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
@ -104,29 +115,25 @@ ynh_script_progression --message="Configuring DokuWiki..." --weight=2
### Copy YunoHost specific configuration
# This File cannot be modified directly by DokuWiki, only by hand or by YunoHost
# It will only be updated by Yunohost package or directly by adventurous users
cp ../conf/local.protected.php $final_path/conf
# It will only be updated by YunoHost package or directly by adventurous users
# Create the "admin" group and add the "admin" user
ynh_permission_create --permission "admin" --allowed "$admin_user"
# Customize admin group in case of multiple wiki install managed by different admins
# dokuwiki.admin; dokuwiki__1.admin; etc
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$final_path/conf/local.protected.php"
ynh_add_config --template="../conf/local.protected.php" --destination="$final_path/conf/local.protected.php"
# This file might be modified by DokuWiki admin panel or by plugins
# It will not be modified by Yunohost in order to keep user settings
cp ../conf/local.php $final_path/conf
# Set the "language"
ynh_replace_string --match_string="__YNH_LANGUAGE__" --replace_string="$language" --target_file="$final_path/conf/local.php"
ynh_add_config --template="../conf/local.php" --destination="$final_path/conf/local.php"
# Restrict user rights by enforcing "read-only" mode for all users
# See https://www.dokuwiki.org/acl#background_info
# Default is "8"
cp ../conf/acl.auth.php $final_path/conf
ynh_add_config --template="../conf/acl.auth.php" --destination="$final_path/conf/acl.auth.php"
#=================================================
# CREATE DEFAULT FILES
@ -156,7 +163,7 @@ cp ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak
#=================================================
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
#ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
### Files '$final_path/conf/local.php' and '$final_path/conf/acl.auth.php' can be modified by user, no need to store checksum as they cannot be overwritten safely by the upgrade script
#=================================================
@ -166,48 +173,48 @@ ynh_script_progression --message="Installing logautherror plugin for Fail2Ban...
ynh_setup_source --dest_dir="$final_path/lib/plugins/logautherror" --source_id=logautherror
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# #=================================================
# # GENERIC FINALIZATION
# #=================================================
# # SECURE FILES AND DIRECTORIES
# #=================================================
# Try to use "least privilege" to grant minimal access
# For details, see https://www.dokuwiki.org/install:permissions
# # Try to use "least privilege" to grant minimal access
# # For details, see https://www.dokuwiki.org/install:permissions
# Files owned by DokuWiki can just read
chown -R root: $final_path
# # Files owned by DokuWiki can just read
# chown -R root: $final_path
# DokuWiki needs to write inside these folders. Make "DokuWiki" owner
chown $app:root $final_path/{conf,inc}
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
# chown $app:root $final_path/{conf,inc}
# Make "DokuWiki" owner of configuration files that must be writable
chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# # Make "DokuWiki" owner of configuration files that must be writable
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# See https://www.dokuwiki.org/devel:preload
chown $app:root $final_path/inc/preload.php
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# # See https://www.dokuwiki.org/devel:preload
# chown $app:root $final_path/inc/preload.php
# Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# There are only files in the folder and there are no sublevels. No need to use "find"
chmod -R a+r $final_path/{conf,inc}
# # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# # There are only files in the folder and there are no sublevels. No need to use "find"
# chmod -R a+r $final_path/{conf,inc}
# Give write access to "data" and subfolders
chown -R $app:root $final_path/data
# Remove access to "other"
chmod -R o-rwx $final_path/data
# # Give write access to "data" and subfolders
# chown -R $app:root $final_path/data
# # Remove access to "other"
# chmod -R o-rwx $final_path/data
# Allow the web admin panel to run, aka "Extension Manager"
chown -R $app:root $final_path/lib/plugins
# Allow to install templates
chown -R $app:root $final_path/lib/tpl
# # Allow the web admin panel to run, aka "Extension Manager"
# chown -R $app:root $final_path/lib/plugins
# # Allow to install templates
# chown -R $app:root $final_path/lib/tpl
# Allow access to public assets like style sheets
find $final_path/lib -type f -print0 | xargs -0 chmod 0644
find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# Using "find" instead of "chmod -R 755" so files does not become executable too
# chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
# # Allow access to public assets like style sheets
# find $final_path/lib -type f -print0 | xargs -0 chmod 0644
# find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# # Using "find" instead of "chmod -R 755" so files does not become executable too
# # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
#=================================================
# SETUP FAIL2BAN

66
scripts/restore
View file

@ -33,8 +33,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=2
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
@ -46,6 +44,14 @@ test ! -d $final_path \
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
@ -53,38 +59,34 @@ ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
# #=================================================
# # RESTORE USER RIGHTS
# #=================================================
#=================================================
# RESTORE USER RIGHTS
#=================================================
# # Try to use "least privilege" to grant minimal access
# # For details, see https://www.dokuwiki.org/install:permissions
# Try to use "least privilege" to grant minimal access
# For details, see https://www.dokuwiki.org/install:permissions
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
# chown $app:root $final_path/{conf,inc}
# DokuWiki needs to write inside these folders. Make "DokuWiki" owner
chown $app:root $final_path/{conf,inc}
# # Make "DokuWiki" owner of configuration files that must be writable
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# Make "DokuWiki" owner of configuration files that must be writable
chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# # See https://www.dokuwiki.org/devel:preload
# chown $app:root $final_path/inc/preload.php
# Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# See https://www.dokuwiki.org/devel:preload
chown $app:root $final_path/inc/preload.php
# # Give write access to "data" and subfolders
# chown -R $app:root $final_path/data
# Give write access to "data" and subfolders
chown -R $app:root $final_path/data
# Allow the web admin panel to run, aka "Extension Manager"
chown -R $app:root $final_path/lib/plugins
# Allow to install templates
chown -R $app:root $final_path/lib/tpl
# # Allow the web admin panel to run, aka "Extension Manager"
# chown -R $app:root $final_path/lib/plugins
# # Allow to install templates
# chown -R $app:root $final_path/lib/tpl
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
@ -93,7 +95,15 @@ ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=5
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_add_fpm_config --package="$extra_php_dependencies"
ynh_add_fpm_config
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=1
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE FAIL2BAN CONFIGURATION

118
scripts/upgrade
View file

@ -20,6 +20,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
language=$(ynh_app_setting_get --app=$app --key=language)
#=================================================
# CHECK VERSION
@ -27,6 +28,20 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=9
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
@ -67,8 +82,6 @@ if ynh_legacy_permissions_exists; then
ynh_app_setting_delete --app=$app --key=is_public
fi
# Yunohost specific configuration, if it isn't exist already
# Previously, these settings were store in an unique "dokuwiki.php"
@ -95,17 +108,15 @@ fi
# Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
# Create file if it does not exist
if [ ! -f "$final_path/conf/local.php" ]; then
cp ../conf/local.php $final_path/conf
# Set the default "language"
ynh_replace_string --match_string="__YNH_LANGUAGE__" --replace_string="$language" --target_file="$final_path/conf/local.php"
ynh_add_config --template="../conf/local.php" --destination="$final_path/conf/local.php"
fi
# Do not overwrite existing ACL configuration file as it could have user customization's and settings.
# Create file if it does not exist
# See https://www.dokuwiki.org/acl#background_info
if [ ! -f "$final_path/conf/acl.auth.php" ]; then
cp ../conf/acl.auth.php $final_path/conf
ynh_add_config --template="../conf/acl.auth.php" --destination="$final_path/conf/acl.auth.php"
fi
# For securing DokuWiki installation, create default files that will be writable in the "conf" folder.
@ -145,18 +156,12 @@ if [ ! -f "$final_path/inc/preload.php" ]; then
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=9
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# STANDARD UPGRADE STEPS
@ -172,6 +177,10 @@ then
ynh_setup_source --dest_dir="$final_path"
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -181,20 +190,19 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
ynh_script_progression --message="Upgrading dependencies..." --weight=1
# Create a system user
ynh_system_user_create --username=$app
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..."
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config --package="$extra_php_dependencies"
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
@ -291,48 +299,48 @@ ynh_script_progression --message="Upgrading logautherror plugin for Fail2Ban..."
ynh_setup_source --dest_dir="$final_path/lib/plugins/logautherror" --source_id=logautherror
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# #=================================================
# # GENERIC FINALIZATION
# #=================================================
# # SECURE FILES AND DIRECTORIES
# #=================================================
# Try to use "least privilege" to grant minimal access
# For details, see https://www.dokuwiki.org/install:permissions
# # Try to use "least privilege" to grant minimal access
# # For details, see https://www.dokuwiki.org/install:permissions
# Files owned by DokuWiki can just read
chown -R root: $final_path
# # Files owned by DokuWiki can just read
# chown -R root: $final_path
# DokuWiki needs to write inside these folders. Make "DokuWiki" owner
chown $app:root $final_path/{conf,inc}
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
# chown $app:root $final_path/{conf,inc}
# Make "DokuWiki" owner of configuration files that must be writable
chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# # Make "DokuWiki" owner of configuration files that must be writable
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# See https://www.dokuwiki.org/devel:preload
chown $app:root $final_path/inc/preload.php
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# # See https://www.dokuwiki.org/devel:preload
# chown $app:root $final_path/inc/preload.php
# Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# There are only files in the folder and there are no sublevels. No need to use "find"
chmod -R a+r $final_path/{conf,inc}
# # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# # There are only files in the folder and there are no sublevels. No need to use "find"
# chmod -R a+r $final_path/{conf,inc}
# Give write access to "data" and subfolders
chown -R $app:root $final_path/data
# Remove access to "other"
chmod -R o-rwx $final_path/data
# # Give write access to "data" and subfolders
# chown -R $app:root $final_path/data
# # Remove access to "other"
# chmod -R o-rwx $final_path/data
# Allow the web admin panel to run, aka "Extension Manager"
chown -R $app:root $final_path/lib/plugins
# Allow to install templates
chown -R $app:root $final_path/lib/tpl
# # Allow the web admin panel to run, aka "Extension Manager"
# chown -R $app:root $final_path/lib/plugins
# # Allow to install templates
# chown -R $app:root $final_path/lib/tpl
# Allow access to public assets like style sheets
find $final_path/lib -type f -print0 | xargs -0 chmod 0644
find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# Using "find" instead of "chmod -R 755" so files does not become executable too
# chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
# # Allow access to public assets like style sheets
# find $final_path/lib -type f -print0 | xargs -0 chmod 0644
# find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# # Using "find" instead of "chmod -R 755" so files does not become executable too
# # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
#=================================================
# SETUP FAIL2BAN