YunoHost-Apps/dokuwiki_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dokuwiki_ynh.git synced 2024-09-03 18:26:20 +02:00
Code Issues Activity Actions

Merge pull request #95 from YunoHost-Apps/upgrade

Browse source 
Apply example_ynh
This commit is contained in:
Alexandre Aubin 2023-04-02 17:21:59 +02:00 committed by GitHub
commit b1fcf67b09
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 245 additions and 191 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

100
.github/workflows/updater.sh vendored Normal file
View file

@ -0,0 +1,100 @@
#!/bin/bash
#=================================================
# PACKAGE UPDATING HELPER
#=================================================
# This script is meant to be run by GitHub Actions
# The YunoHost-Apps organisation offers a template Action to run this script periodically
# Since each app is different, maintainers can adapt its contents so as to perform
# automatic actions when a new upstream release is detected.
#=================================================
# FETCHING LATEST RELEASE AND ITS ASSETS
#=================================================
# Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/tags" | jq -r '.[] | select( .name | contains("release_stable_") ) | .name' | sort -V | tail -1 | cut -d "_" -f3-)
assets="https://download.dokuwiki.org/src/dokuwiki/dokuwiki-$version.tgz"
# Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out.
# You may need more tweaks here if the upstream repository has different naming conventions.
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1}
fi
# Setting up the environment variables
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
echo "REPO=$repo" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV
# Proceed only if the retrieved version is greater than the current one
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
echo "::warning ::A branch already exists for this update"
exit 0
fi
#=================================================
# UPDATE SOURCE FILES
#=================================================
# Let's download source tarball
asset_url=$assets
echo "Handling asset at $asset_url"
src="app"
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true
EOT
echo "... conf/$src.src updated"
#=================================================
# SPECIFIC UPDATE STEPS
#=================================================
# Any action on the app's source code can be done.
# The GitHub Action workflow takes care of committing all changes after this script ends.
#=================================================
# GENERIC FINALIZATION
#=================================================
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"${version//-/.}~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV
exit 0

49
.github/workflows/updater.yml vendored Normal file
View file

@ -0,0 +1,49 @@
# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
# This file should be enough by itself, but feel free to tune it to your needs.
# It calls updater.sh, which is where you should put the app-specific update steps.
name: Check for new upstream releases
on:
# Allow to manually trigger the workflow
workflow_dispatch:
# Run it every day at 6:00 UTC
schedule:
- cron: '0 6 * * *'
jobs:
updater:
runs-on: ubuntu-latest
steps:
- name: Fetch the source code
uses: actions/checkout@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run the updater script
id: run_updater
run: |
# Setting up Git user
git config --global user.name 'yunohost-bot'
git config --global user.email 'yunohost-bot@users.noreply.github.com'
# Run the updater script
/bin/bash .github/workflows/updater.sh
- name: Commit changes
id: commit
if: ${{ env.PROCEED == 'true' }}
run: |
git commit -am "Upgrade to v$VERSION"
- name: Create Pull Request
id: cpr
if: ${{ env.PROCEED == 'true' }}
uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: Update to version ${{ env.VERSION }}
committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
signoff: false
base: testing
branch: ci-auto-update-v${{ env.VERSION }}
delete-branch: true
title: 'Upgrade to version ${{ env.VERSION }}'
body: |
Upgrade to v${{ env.VERSION }}
draft: false

12
CHANGELOG.md
View file

@ -10,6 +10,18 @@
------------
# [2022.07.31a~ynh2] - 2023-02-XX
## Changed
- Apply "default package recommandation" for "example_ynh" package and "YunoHost apps teams"
- Use helper `ynh_add_config` for the uprgade script too (fix linter warning)
### Fixed
- Bug in upgrade script not writing the php configuration to the right location (and breaking the backup later if DokuWiki has been installed for the for the first time with version `2022.07.31a~ynh1`)
# [2022.07.31a~ynh1] - 2022-09-XX
## Added

6
README.md
View file

@ -5,7 +5,8 @@ It shall NOT be edited by hand.
# Dokuwiki for YunoHost
[![Integration level](https://dash.yunohost.org/integration/dokuwiki.svg)](https://dash.yunohost.org/appci/app/dokuwiki) ![Working status](https://ci-apps.yunohost.org/ci/badges/dokuwiki.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/dokuwiki.maintain.svg)
[![Integration level](https://dash.yunohost.org/integration/dokuwiki.svg)](https://dash.yunohost.org/appci/app/dokuwiki) ![Working status](https://ci-apps.yunohost.org/ci/badges/dokuwiki.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/dokuwiki.maintain.svg)
[![Install Dokuwiki with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=dokuwiki)
*[Lire ce readme en français.](./README_fr.md)*
@ -25,8 +26,7 @@ DokuWiki is a simple to use and highly versatile Open Source wiki software that
* During the upgrade, official plugins are also upgraded. We recommend that you should check that they run properly in the administration panel after the upgrade. We cannot know if some plugins are broken...
**Shipped version:** 2022.07.31a~ynh1
**Shipped version:** 2022.07.31a~ynh2
**Demo:** https://demo.yunohost.org/dokuwiki/doku.php?id=start&do=login&u=demo&p=demo

24
README_fr.md
View file

@ -5,15 +5,16 @@ It shall NOT be edited by hand.
# Dokuwiki pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/dokuwiki.svg)](https://dash.yunohost.org/appci/app/dokuwiki) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/dokuwiki.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/dokuwiki.maintain.svg)
[![Niveau dintégration](https://dash.yunohost.org/integration/dokuwiki.svg)](https://dash.yunohost.org/appci/app/dokuwiki) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/dokuwiki.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/dokuwiki.maintain.svg)
[![Installer Dokuwiki avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=dokuwiki)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer Dokuwiki rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
> *Ce package vous permet dinstaller Dokuwiki rapidement et simplement sur un serveur YunoHost.
Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment linstaller et en profiter.*
## Vue d'ensemble
## Vue densemble
DokuWiki est un logiciel wiki Open Source simple à utiliser et très polyvalent qui ne nécessite pas de base de données. Il est apprécié par les utilisateurs pour sa syntaxe propre et lisible. La facilité de maintenance, de sauvegarde et d'intégration en fait un favori d'administrateur. Des contrôles d'accès et des connecteurs d'authentification intégrés rendent DokuWiki particulièrement utile dans le contexte de l'entreprise et le grand nombre de plugins apportés par sa communauté dynamique permettent un large éventail de cas d'utilisation au-delà d'un wiki traditionnel.
@ -25,14 +26,13 @@ DokuWiki est un logiciel wiki Open Source simple à utiliser et très polyvalent
* Lors de la mise à jour, les plugins officiels sont également mis à jour. Nous vous recommandons toutefois de vérifier le bon fonctionnement des plugins dans le panneau d'administration après cette opération. Nous ne pouvons pas savoir si des plugins spéciaux posent problèmes...
**Version incluse :** 2022.07.31a~ynh1
**Version incluse :** 2022.07.31a~ynh2
**Démo :** https://demo.yunohost.org/dokuwiki/doku.php?id=start&do=login&u=demo&p=demo
## Captures d'écran
## Captures décran
![Capture d'écran de Dokuwiki](./doc/screenshots/DokuWiki_Screenshot.png)
![Capture décran de Dokuwiki](./doc/screenshots/DokuWiki_Screenshot.png)
## Avertissements / informations importantes
@ -42,9 +42,9 @@ DokuWiki est un logiciel wiki Open Source simple à utiliser et très polyvalent
## Documentations et ressources
* Site officiel de l'app : <https://www.dokuwiki.org>
* Documentation officielle de l'admin : <https://www.dokuwiki.org/manual>
* Dépôt de code officiel de l'app : <https://github.com/splitbrain/dokuwiki>
* Site officiel de lapp : <https://www.dokuwiki.org>
* Documentation officielle de ladmin : <https://www.dokuwiki.org/manual>
* Dépôt de code officiel de lapp : <https://github.com/splitbrain/dokuwiki>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_dokuwiki>
* Signaler un bug : <https://github.com/YunoHost-Apps/dokuwiki_ynh/issues>
@ -60,4 +60,4 @@ ou
sudo yunohost app upgrade dokuwiki -u https://github.com/YunoHost-Apps/dokuwiki_ynh/tree/testing --debug
```
**Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>
**Plus dinfos sur le packaging dapplications :** <https://yunohost.org/packaging_apps>

4
check_process
View file

@ -1,11 +1,10 @@
;; Test complet
auto_remove=1
; Manifest
domain="domain.tld"
path="/path"
admin="john"
is_public=1
language=en
admin="john"
; Checks
pkg_linter=1
setup_sub_dir=1
@ -19,6 +18,7 @@
upgrade=1 from_commit=f45c459b287c8f045c08e65cea412cfc2cae38f4
backup_restore=1
multi_instance=1
port_already_use=0
change_url=1
actions=0
config_panel=0

2
conf/app.src
View file

@ -3,3 +3,5 @@ SOURCE_SUM=48ed2ae11fa4a0ae8338af9aedc837601b34e21c0be15d16e2d6228ca7a91f23
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

2
conf/nginx.conf
View file

@ -7,7 +7,7 @@
location __PATH__/ {
# Path to source
alias __FINALPATH__/ ;
alias __FINALPATH__/;
index index.php doku.php;

12
manifest.json
View file

@ -9,7 +9,7 @@
"es": "Sistema de Wiki de uso sencillicimo y compatible con los estándares",
"it": "Wiki aderente agli standard, semplice da usare, finalizzato principalmente alla creazione di documentazione di qualsiasi tipo"
},
"version": "2022.07.31a~ynh1",
"version": "2022.07.31a~ynh2",
"url": "https://www.dokuwiki.org",
"upstream": {
"license": "GPL-2.0-or-later",
@ -50,10 +50,6 @@
"example": "/dokuwiki",
"default": "/dokuwiki"
},
{
"name": "admin",
"type": "user"
},
{
"name": "is_public",
"type": "boolean",
@ -75,7 +71,11 @@
"fr"
],
"default": "en"
},
{
"name": "admin",
"type": "user"
}
]
}
}
}

1
scripts/backup
View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers

71
scripts/install
View file

@ -22,9 +22,9 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin_user=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE
admin=$YNH_APP_ARG_ADMIN
app=$YNH_APP_INSTANCE_NAME
@ -48,6 +48,8 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=language --value=$language
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
@ -63,8 +65,6 @@ ynh_script_progression --message="Configuring system user..." --weight=2
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -99,9 +99,9 @@ ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# CUSTOMIZE DOKUWIKI
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring DokuWiki..." --weight=2
ynh_script_progression --message="Adding a configuration file..." --weight=2
# Loading order of configuration files
#
@ -137,6 +137,7 @@ ynh_add_config --template="../conf/acl.auth.php" --destination="$final_path/conf
#=================================================
# CREATE DEFAULT FILES
#=================================================
ynh_script_progression --message="Creating default files..." --weight=1
# For securing DokuWiki installation, create default files that will be writable in the "conf" folder.
# Other files will be read ony and owned by root.
@ -158,61 +159,13 @@ cp --archive ../conf/plugins.local.php $final_path/conf
cp --archive ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak
#=================================================
# STORE THE CHECKSUM OF THE CONFIG FILE
#=================================================
# Calculate and store the config file checksum into the app settings
#ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
### Files '$final_path/conf/local.php' and '$final_path/conf/acl.auth.php' can be modified by user, no need to store checksum as they cannot be overwritten safely by the upgrade script
# #=================================================
# # GENERIC FINALIZATION
# #=================================================
# # SECURE FILES AND DIRECTORIES
# #=================================================
# # Try to use "least privilege" to grant minimal access
# # For details, see https://www.dokuwiki.org/install:permissions
# # Files owned by DokuWiki can just read
# chown -R root: $final_path
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
# chown $app:root $final_path/{conf,inc}
# # Make "DokuWiki" owner of configuration files that must be writable
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# # See https://www.dokuwiki.org/devel:preload
# chown $app:root $final_path/inc/preload.php
# # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# # There are only files in the folder and there are no sublevels. No need to use "find"
# chmod -R a+r $final_path/{conf,inc}
# # Give write access to "data" and subfolders
# chown -R $app:root $final_path/data
# # Remove access to "other"
# chmod -R o-rwx $final_path/data
# # Allow the web admin panel to run, aka "Extension Manager"
# chown -R $app:root $final_path/lib/plugins
# # Allow to install templates
# chown -R $app:root $final_path/lib/tpl
# # Allow access to public assets like style sheets
# find $final_path/lib -type f -print0 | xargs -0 chmod 0644
# find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# # Using "find" instead of "chmod -R 755" so files does not become executable too
# # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
# GENERIC FINALIZATION
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=7
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
#=================================================
@ -223,17 +176,19 @@ ynh_script_progression --message="Configuring permissions..." --weight=2
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
# Create the "admin" permission and add the "admin_user" to it
# Create the "admin" permission and add the "admin" to it
# More users can be added to the group from the YunoHost webadmin
ynh_permission_create --permission "admin" --allowed "$admin_user"
ynh_permission_create --permission "admin" --allowed "$admin"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload

11
scripts/remove
View file

@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
@ -24,7 +24,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..."
ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
@ -32,7 +32,7 @@ ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..."
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated NGINX config
ynh_remove_nginx_config
@ -50,7 +50,7 @@ ynh_remove_fpm_config
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies if no other package need them
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
@ -58,6 +58,7 @@ ynh_remove_app_dependencies
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=7
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
#=================================================
@ -65,7 +66,7 @@ ynh_remove_fail2ban_config
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
ynh_system_user_delete --username=$app

35
scripts/restore
View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
@ -19,14 +20,13 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading settings..." --weight=2
ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
@ -52,7 +52,7 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..."
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$final_path"
@ -60,31 +60,6 @@ chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
# #=================================================
# # RESTORE USER RIGHTS
# #=================================================
# # Try to use "least privilege" to grant minimal access
# # For details, see https://www.dokuwiki.org/install:permissions
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
# chown $app:root $final_path/{conf,inc}
# # Make "DokuWiki" owner of configuration files that must be writable
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# # See https://www.dokuwiki.org/devel:preload
# chown $app:root $final_path/inc/preload.php
# # Give write access to "data" and subfolders
# chown -R $app:root $final_path/data
# # Allow the web admin panel to run, aka "Extension Manager"
# chown -R $app:root $final_path/lib/plugins
# # Allow to install templates
# chown -R $app:root $final_path/lib/tpl
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
@ -107,7 +82,7 @@ ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=5
ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=5
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
@ -127,7 +102,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM.." --weight=2
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=2
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload

107
scripts/upgrade
View file

@ -18,16 +18,16 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
language=$(ynh_app_setting_get --app=$app --key=language)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
language=$(ynh_app_setting_get --app=$app --key=language)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..." --weight=1
upgrade_type=$(ynh_check_app_version_changed)
@ -39,16 +39,18 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
@ -74,6 +76,12 @@ if [ -z "$fpm_usage" ]; then
ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
fi
# If phpversion doesn't exist, create it
if [ -z "$phpversion" ]; then
phpversion=$YNH_PHP_VERSION
ynh_app_setting_set --app=$app --key=phpversion --value=$phpversion
fi
# Cleaning legacy permissions
admin_user=$(ynh_app_setting_get --app=$app --key=admin)
@ -183,11 +191,9 @@ fi
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
# Create a system user
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -204,14 +210,6 @@ chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
@ -225,11 +223,21 @@ ynh_install_app_dependencies $pkg_dependencies
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# UPGRADE DOKUWIKI
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
@ -297,7 +305,7 @@ fi
# Stolen from https://github.com/YunoHost-Apps/grav_ynh/blob/testing/scripts/upgrade#L189
if [ -x "$final_path/bin/plugin.php" ]; then
pushd "$final_path"
ynh_exec_warn_less ynh_exec_as $app php${YNH_PHP_VERSION} bin/plugin.php --no-colors extension upgrade || ynh_print_warn --message="Automatic plugin upgrade has failed, you can upgrade them from your DokuWiki admin panel."
ynh_exec_warn_less ynh_exec_as $app php$phpversion bin/plugin.php --no-colors extension upgrade || ynh_print_warn --message="Automatic plugin upgrade has failed, you can upgrade them from your DokuWiki admin panel."
popd
else
ynh_print_warn --message="Automatic plugin cannot be done, you have to upgrade them from your DokuWiki admin panel."
@ -307,78 +315,29 @@ fi
fi
#=================================================
# LDAP Configuration
# UPDATE A CONFIG FILE
#=================================================
### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script.
### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it.
ynh_backup_if_checksum_is_different --file="$final_path/conf/local.protected.php"
# Always overwrite local file with the one from package.
cp --archive ../conf/local.protected.php $final_path/conf
ynh_script_progression --message="Adding a configuration file..." --weight=2
# Customize admin group in case of multiple wiki install managed by different admins
# dokuwiki.admin; dokuwiki__1.admin; etc
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$final_path/conf/local.protected.php"
ynh_add_config --template="../conf/local.protected.php" --destination="$final_path/conf/local.protected.php"
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
# #=================================================
# # GENERIC FINALIZATION
# #=================================================
# # SECURE FILES AND DIRECTORIES
# #=================================================
# # Try to use "least privilege" to grant minimal access
# # For details, see https://www.dokuwiki.org/install:permissions
# # Files owned by DokuWiki can just read
# chown -R root: $final_path
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
# chown $app:root $final_path/{conf,inc}
# # Make "DokuWiki" owner of configuration files that must be writable
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# # See https://www.dokuwiki.org/devel:preload
# chown $app:root $final_path/inc/preload.php
# # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# # There are only files in the folder and there are no sublevels. No need to use "find"
# chmod -R a+r $final_path/{conf,inc}
# # Give write access to "data" and subfolders
# chown -R $app:root $final_path/data
# # Remove access to "other"
# chmod -R o-rwx $final_path/data
# # Allow the web admin panel to run, aka "Extension Manager"
# chown -R $app:root $final_path/lib/plugins
# # Allow to install templates
# chown -R $app:root $final_path/lib/tpl
# # Allow access to public assets like style sheets
# find $final_path/lib -type f -print0 | xargs -0 chmod 0644
# find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# # Using "find" instead of "chmod -R 755" so files does not become executable too
# # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
#=================================================
# SETUP FAIL2BAN
# GENERIC FINALIZATION
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=7
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload