From da54fe887542cf13acff7833d1889791cca20113 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 27 Sep 2022 03:20:52 +0200 Subject: [PATCH 1/6] Apply example_ynh --- .github/workflows/updater.sh | 100 ++++++++++++++++++++++++++++++++++ .github/workflows/updater.yml | 49 +++++++++++++++++ check_process | 4 +- conf/app.src | 2 + conf/nginx.conf | 2 +- manifest.json | 10 ++-- scripts/backup | 4 ++ scripts/install | 74 ++++++------------------- scripts/remove | 11 ++-- scripts/restore | 38 +++---------- scripts/upgrade | 83 ++++++++-------------------- 11 files changed, 215 insertions(+), 162 deletions(-) create mode 100644 .github/workflows/updater.sh create mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100644 index 0000000..0790258 --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,100 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/tags" | jq -r '.[] | select( .name | contains("release_stable_") ) | .name' | sort -V | tail -1 | cut -d "_" -f3-) +assets="https://download.dokuwiki.org/src/dokuwiki/dokuwiki-$version.tgz" + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +echo "REPO=$repo" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Let's download source tarball +asset_url=$assets + +echo "Handling asset at $asset_url" + +src="app" + +# Create the temporary directory +tempdir="$(mktemp -d)" + +# Download sources and calculate checksum +filename=${asset_url##*/} +curl --silent -4 -L $asset_url -o "$tempdir/$filename" +checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + +# Delete temporary directory +rm -rf $tempdir + +# Rewrite source file +cat < conf/$src.src +SOURCE_URL=$asset_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true +EOT +echo "... conf/$src.src updated" + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"${version//-/.}~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..fb72ba0 --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,49 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the updater script + /bin/bash .github/workflows/updater.sh + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + base: testing + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + draft: false diff --git a/check_process b/check_process index 5ff09b0..9cc2e20 100644 --- a/check_process +++ b/check_process @@ -1,11 +1,10 @@ ;; Test complet - auto_remove=1 ; Manifest domain="domain.tld" path="/path" - admin="john" is_public=1 language=en + admin="john" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -19,6 +18,7 @@ upgrade=1 from_commit=f45c459b287c8f045c08e65cea412cfc2cae38f4 backup_restore=1 multi_instance=1 + port_already_use=0 change_url=1 actions=0 config_panel=0 diff --git a/conf/app.src b/conf/app.src index 8339df0..4f509ea 100644 --- a/conf/app.src +++ b/conf/app.src @@ -3,3 +3,5 @@ SOURCE_SUM=48ed2ae11fa4a0ae8338af9aedc837601b34e21c0be15d16e2d6228ca7a91f23 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/nginx.conf b/conf/nginx.conf index cb10924..8f17035 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,7 +7,7 @@ location __PATH__/ { # Path to source - alias __FINALPATH__/ ; + alias __FINALPATH__/; index index.php doku.php; diff --git a/manifest.json b/manifest.json index 65f05d4..8b0c956 100644 --- a/manifest.json +++ b/manifest.json @@ -50,10 +50,6 @@ "example": "/dokuwiki", "default": "/dokuwiki" }, - { - "name": "admin", - "type": "user" - }, { "name": "is_public", "type": "boolean", @@ -75,7 +71,11 @@ "fr" ], "default": "en" + }, + { + "name": "admin", + "type": "user" } ] } -} \ No newline at end of file +} diff --git a/scripts/backup b/scripts/backup index 994eb7f..e666a1a 100755 --- a/scripts/backup +++ b/scripts/backup @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -13,6 +14,9 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors diff --git a/scripts/install b/scripts/install index 72bf387..8d8c707 100755 --- a/scripts/install +++ b/scripts/install @@ -13,6 +13,9 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -22,9 +25,9 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH -admin_user=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE +admin=$YNH_APP_ARG_ADMIN app=$YNH_APP_INSTANCE_NAME @@ -48,6 +51,8 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=language --value=$language +#================================================= +# STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= @@ -63,8 +68,6 @@ ynh_script_progression --message="Configuring system user..." --weight=2 # Create a system user ynh_system_user_create --username=$app --home_dir="$final_path" -#================================================= -# STANDARD MODIFICATIONS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -99,9 +102,9 @@ ynh_add_nginx_config #================================================= # SPECIFIC SETUP #================================================= -# CUSTOMIZE DOKUWIKI +# ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Configuring DokuWiki..." --weight=2 +ynh_script_progression --message="Adding a configuration file..." --weight=2 # Loading order of configuration files # @@ -137,6 +140,7 @@ ynh_add_config --template="../conf/acl.auth.php" --destination="$final_path/conf #================================================= # CREATE DEFAULT FILES #================================================= +ynh_script_progression --message="Creating default files..." --weight=1 # For securing DokuWiki installation, create default files that will be writable in the "conf" folder. # Other files will be read ony and owned by root. @@ -158,61 +162,13 @@ cp --archive ../conf/plugins.local.php $final_path/conf cp --archive ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak #================================================= -# STORE THE CHECKSUM OF THE CONFIG FILE -#================================================= - -# Calculate and store the config file checksum into the app settings -#ynh_store_file_checksum --file="$final_path/conf/local.protected.php" -### Files '$final_path/conf/local.php' and '$final_path/conf/acl.auth.php' can be modified by user, no need to store checksum as they cannot be overwritten safely by the upgrade script - -# #================================================= -# # GENERIC FINALIZATION -# #================================================= -# # SECURE FILES AND DIRECTORIES -# #================================================= - -# # Try to use "least privilege" to grant minimal access -# # For details, see https://www.dokuwiki.org/install:permissions - -# # Files owned by DokuWiki can just read -# chown -R root: $final_path - -# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner -# chown $app:root $final_path/{conf,inc} - -# # Make "DokuWiki" owner of configuration files that must be writable -# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak} - -# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport -# # See https://www.dokuwiki.org/devel:preload -# chown $app:root $final_path/inc/preload.php - -# # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them -# # There are only files in the folder and there are no sublevels. No need to use "find" -# chmod -R a+r $final_path/{conf,inc} - -# # Give write access to "data" and subfolders -# chown -R $app:root $final_path/data -# # Remove access to "other" -# chmod -R o-rwx $final_path/data - -# # Allow the web admin panel to run, aka "Extension Manager" -# chown -R $app:root $final_path/lib/plugins -# # Allow to install templates -# chown -R $app:root $final_path/lib/tpl - -# # Allow access to public assets like style sheets -# find $final_path/lib -type f -print0 | xargs -0 chmod 0644 -# find $final_path/lib -type d -print0 | xargs -0 chmod 0755 -# # Using "find" instead of "chmod -R 755" so files does not become executable too -# # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD -# # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD - +# GENERIC FINALIZATION #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=7 +# Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: ,.*POST $path_url.*$" --max_retry=5 #================================================= @@ -223,17 +179,19 @@ ynh_script_progression --message="Configuring permissions..." --weight=2 # Make app public if necessary if [ $is_public -eq 1 ] then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi -# Create the "admin" permission and add the "admin_user" to it +# Create the "admin" permission and add the "admin" to it # More users can be added to the group from the YunoHost webadmin -ynh_permission_create --permission "admin" --allowed "$admin_user" +ynh_permission_create --permission "admin" --allowed "$admin" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/remove b/scripts/remove index e2c981a..309c7be 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -24,7 +24,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory..." +ynh_script_progression --message="Removing app main directory..." --weight=1 # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -32,7 +32,7 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 # Remove the dedicated NGINX config ynh_remove_nginx_config @@ -50,7 +50,7 @@ ynh_remove_fpm_config #================================================= ynh_script_progression --message="Removing dependencies..." --weight=1 -# Remove metapackage and its dependencies if no other package need them +# Remove metapackage and its dependencies ynh_remove_app_dependencies #================================================= @@ -58,6 +58,7 @@ ynh_remove_app_dependencies #================================================= ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=7 +# Remove the dedicated Fail2Ban config ynh_remove_fail2ban_config #================================================= @@ -65,7 +66,7 @@ ynh_remove_fail2ban_config #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user..." +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 # Delete a system user ynh_system_user_delete --username=$app diff --git a/scripts/restore b/scripts/restore index 5f1e0f4..fe567d3 100755 --- a/scripts/restore +++ b/scripts/restore @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -13,20 +14,22 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." --weight=2 +ynh_script_progression --message="Loading installation settings..." --weight=2 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) - phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) @@ -52,7 +55,7 @@ ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." +ynh_script_progression --message="Restoring the app main directory..." --weight=1 ynh_restore_file --origin_path="$final_path" @@ -60,31 +63,6 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -# #================================================= -# # RESTORE USER RIGHTS -# #================================================= - -# # Try to use "least privilege" to grant minimal access -# # For details, see https://www.dokuwiki.org/install:permissions - -# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner -# chown $app:root $final_path/{conf,inc} - -# # Make "DokuWiki" owner of configuration files that must be writable -# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak} - -# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport -# # See https://www.dokuwiki.org/devel:preload -# chown $app:root $final_path/inc/preload.php - -# # Give write access to "data" and subfolders -# chown -R $app:root $final_path/data - -# # Allow the web admin panel to run, aka "Extension Manager" -# chown -R $app:root $final_path/lib/plugins -# # Allow to install templates -# chown -R $app:root $final_path/lib/tpl - #================================================= # RESTORE FAIL2BAN CONFIGURATION #================================================= @@ -107,7 +85,7 @@ ynh_install_app_dependencies $pkg_dependencies #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=5 +ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=5 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" @@ -127,7 +105,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading NGINX web server and PHP-FPM.." --weight=2 +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=2 ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 790c8e0..e86999f 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,16 +18,16 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) +language=$(ynh_app_setting_get --app=$app --key=language) final_path=$(ynh_app_setting_get --app=$app --key=final_path) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -language=$(ynh_app_setting_get --app=$app --key=language) - fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." --weight=1 upgrade_type=$(ynh_check_app_version_changed) @@ -39,16 +39,18 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# STANDARD UPGRADE STEPS #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # If final_path doesn't exist, create it if [ -z "$final_path" ]; then @@ -183,11 +185,9 @@ fi #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 -# Create a system user +# Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" -#================================================= -# STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -204,14 +204,6 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 - -# Create a dedicated NGINX config -ynh_add_nginx_config - #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -227,9 +219,19 @@ ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 # Create a dedicated PHP-FPM config ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 + +# Create a dedicated NGINX config +ynh_add_nginx_config + #================================================= # SPECIFIC UPGRADE #================================================= +# UPGRADE DOKUWIKI +#================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then @@ -324,61 +326,20 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum --file="$final_path/conf/local.protected.php" -# #================================================= -# # GENERIC FINALIZATION -# #================================================= -# # SECURE FILES AND DIRECTORIES -# #================================================= - -# # Try to use "least privilege" to grant minimal access -# # For details, see https://www.dokuwiki.org/install:permissions - -# # Files owned by DokuWiki can just read -# chown -R root: $final_path - -# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner -# chown $app:root $final_path/{conf,inc} - -# # Make "DokuWiki" owner of configuration files that must be writable -# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak} - -# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport -# # See https://www.dokuwiki.org/devel:preload -# chown $app:root $final_path/inc/preload.php - -# # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them -# # There are only files in the folder and there are no sublevels. No need to use "find" -# chmod -R a+r $final_path/{conf,inc} - -# # Give write access to "data" and subfolders -# chown -R $app:root $final_path/data -# # Remove access to "other" -# chmod -R o-rwx $final_path/data - -# # Allow the web admin panel to run, aka "Extension Manager" -# chown -R $app:root $final_path/lib/plugins -# # Allow to install templates -# chown -R $app:root $final_path/lib/tpl - -# # Allow access to public assets like style sheets -# find $final_path/lib -type f -print0 | xargs -0 chmod 0644 -# find $final_path/lib -type d -print0 | xargs -0 chmod 0755 -# # Using "find" instead of "chmod -R 755" so files does not become executable too -# # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD -# # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD - #================================================= -# SETUP FAIL2BAN +# GENERIC FINALIZATION +#================================================= +# UPGRADE FAIL2BAN #================================================= ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=7 +# Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: ,.*POST $path_url.*$" --max_retry=5 - #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload From 7c2d6a938a135cd90ad0df97370e283740396211 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 29 Sep 2022 08:23:26 +0200 Subject: [PATCH 2/6] Cleanup ynh_clean_setup --- scripts/backup | 3 --- scripts/install | 3 --- scripts/restore | 3 --- 3 files changed, 9 deletions(-) diff --git a/scripts/backup b/scripts/backup index e666a1a..5ead872 100755 --- a/scripts/backup +++ b/scripts/backup @@ -14,9 +14,6 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { - true -} # Exit if an error occurs during the execution of the script ynh_abort_if_errors diff --git a/scripts/install b/scripts/install index 8d8c707..e7f1dcd 100755 --- a/scripts/install +++ b/scripts/install @@ -13,9 +13,6 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { - true -} # Exit if an error occurs during the execution of the script ynh_abort_if_errors diff --git a/scripts/restore b/scripts/restore index fe567d3..0e1c0cb 100755 --- a/scripts/restore +++ b/scripts/restore @@ -14,9 +14,6 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { - true -} # Exit if an error occurs during the execution of the script ynh_abort_if_errors From 90345a544e80d7e7f00767c55499bd32c578143b Mon Sep 17 00:00:00 2001 From: Gofannon Date: Sun, 26 Feb 2023 18:03:38 +0100 Subject: [PATCH 3/6] Fix "php conf location" breaking backup script See https://github.com/YunoHost-Apps/dokuwiki_ynh/issues/96 the bug: > php file is still in folder: '/etc/php/7.4/fpm/pool.d/' after upgrade > instead of '8.1' folder. Changing the "ynh_add_fpm_config" for the fix. The helper should do the "php version handling" instead of the package itself Example taken on the package: https://github.com/YunoHost-Apps/wordpress_ynh/blob/testing/scripts/upgrade --- scripts/upgrade | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index e86999f..2d9c457 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -76,6 +76,12 @@ if [ -z "$fpm_usage" ]; then ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage fi +# If phpversion doesn't exist, create it +if [ -z "$phpversion" ]; then + phpversion=$YNH_PHP_VERSION + ynh_app_setting_set --app=$app --key=phpversion --value=$phpversion +fi + # Cleaning legacy permissions admin_user=$(ynh_app_setting_get --app=$app --key=admin) @@ -217,7 +223,7 @@ ynh_install_app_dependencies $pkg_dependencies ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 # Create a dedicated PHP-FPM config -ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint +ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint #================================================= # NGINX CONFIGURATION @@ -299,7 +305,7 @@ fi # Stolen from https://github.com/YunoHost-Apps/grav_ynh/blob/testing/scripts/upgrade#L189 if [ -x "$final_path/bin/plugin.php" ]; then pushd "$final_path" - ynh_exec_warn_less ynh_exec_as $app php${YNH_PHP_VERSION} bin/plugin.php --no-colors extension upgrade || ynh_print_warn --message="Automatic plugin upgrade has failed, you can upgrade them from your DokuWiki admin panel." + ynh_exec_warn_less ynh_exec_as $app php$phpversion bin/plugin.php --no-colors extension upgrade || ynh_print_warn --message="Automatic plugin upgrade has failed, you can upgrade them from your DokuWiki admin panel." popd else ynh_print_warn --message="Automatic plugin cannot be done, you have to upgrade them from your DokuWiki admin panel." From 2cb2ddab917811a0e1e04c200a1028df4937f42a Mon Sep 17 00:00:00 2001 From: Gofannon Date: Sun, 26 Feb 2023 18:13:16 +0100 Subject: [PATCH 4/6] enh use helper "ynh_add_config" to manage file --- scripts/upgrade | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 2d9c457..1e37e21 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -315,22 +315,14 @@ fi fi #================================================= -# LDAP Configuration +# UPDATE A CONFIG FILE #================================================= - -### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. -### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. -ynh_backup_if_checksum_is_different --file="$final_path/conf/local.protected.php" - -# Always overwrite local file with the one from package. -cp --archive ../conf/local.protected.php $final_path/conf +ynh_script_progression --message="Adding a configuration file..." --weight=2 # Customize admin group in case of multiple wiki install managed by different admins # dokuwiki.admin; dokuwiki__1.admin; etc -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$final_path/conf/local.protected.php" +ynh_add_config --template="../conf/local.protected.php" --destination="$final_path/conf/local.protected.php" -# Recalculate and store the checksum of the file for the next upgrade. -ynh_store_file_checksum --file="$final_path/conf/local.protected.php" #================================================= # GENERIC FINALIZATION From 71a84a4cedaf77bb77ab9250d6111d6f0a320a6d Mon Sep 17 00:00:00 2001 From: Gofannon Date: Sun, 26 Feb 2023 18:22:45 +0100 Subject: [PATCH 5/6] bump package version and changelog --- CHANGELOG.md | 12 ++++++++++++ manifest.json | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b03d4e8..79fd231 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,18 @@ ------------ +# [2022.07.31a~ynh2] - 2023-02-XX + +## Changed + +- Apply "default package recommandation" for "example_ynh" package and "YunoHost apps teams" +- Use helper `ynh_add_config` for the uprgade script too (fix linter warning) + +### Fixed + +- Bug in upgrade script not writing the php configuration to the right location (and breaking the backup later if DokuWiki has been installed for the for the first time with version `2022.07.31a~ynh1`) + + # [2022.07.31a~ynh1] - 2022-09-XX ## Added diff --git a/manifest.json b/manifest.json index 8b0c956..19174f2 100644 --- a/manifest.json +++ b/manifest.json @@ -9,7 +9,7 @@ "es": "Sistema de Wiki de uso sencillicimo y compatible con los estándares", "it": "Wiki aderente agli standard, semplice da usare, finalizzato principalmente alla creazione di documentazione di qualsiasi tipo" }, - "version": "2022.07.31a~ynh1", + "version": "2022.07.31a~ynh2", "url": "https://www.dokuwiki.org", "upstream": { "license": "GPL-2.0-or-later", From 3724fcd4bf85248d4926eb785a90d960d34d9304 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 26 Feb 2023 17:23:09 +0000 Subject: [PATCH 6/6] Auto-update README --- README.md | 6 +++--- README_fr.md | 24 ++++++++++++------------ 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 71eccc6..b665f5d 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ It shall NOT be edited by hand. # Dokuwiki for YunoHost -[![Integration level](https://dash.yunohost.org/integration/dokuwiki.svg)](https://dash.yunohost.org/appci/app/dokuwiki) ![Working status](https://ci-apps.yunohost.org/ci/badges/dokuwiki.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/dokuwiki.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/dokuwiki.svg)](https://dash.yunohost.org/appci/app/dokuwiki) ![Working status](https://ci-apps.yunohost.org/ci/badges/dokuwiki.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/dokuwiki.maintain.svg) + [![Install Dokuwiki with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=dokuwiki) *[Lire ce readme en français.](./README_fr.md)* @@ -25,8 +26,7 @@ DokuWiki is a simple to use and highly versatile Open Source wiki software that * During the upgrade, official plugins are also upgraded. We recommend that you should check that they run properly in the administration panel after the upgrade. We cannot know if some plugins are broken... -**Shipped version:** 2022.07.31a~ynh1 - +**Shipped version:** 2022.07.31a~ynh2 **Demo:** https://demo.yunohost.org/dokuwiki/doku.php?id=start&do=login&u=demo&p=demo diff --git a/README_fr.md b/README_fr.md index 3fa688b..f47781d 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,15 +5,16 @@ It shall NOT be edited by hand. # Dokuwiki pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/dokuwiki.svg)](https://dash.yunohost.org/appci/app/dokuwiki) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/dokuwiki.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/dokuwiki.maintain.svg) +[![Niveau d’intégration](https://dash.yunohost.org/integration/dokuwiki.svg)](https://dash.yunohost.org/appci/app/dokuwiki) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/dokuwiki.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/dokuwiki.maintain.svg) + [![Installer Dokuwiki avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=dokuwiki) *[Read this readme in english.](./README.md)* -> *Ce package vous permet d'installer Dokuwiki rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* +> *Ce package vous permet d’installer Dokuwiki rapidement et simplement sur un serveur YunoHost. +Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.* -## Vue d'ensemble +## Vue d’ensemble DokuWiki est un logiciel wiki Open Source simple à utiliser et très polyvalent qui ne nécessite pas de base de données. Il est apprécié par les utilisateurs pour sa syntaxe propre et lisible. La facilité de maintenance, de sauvegarde et d'intégration en fait un favori d'administrateur. Des contrôles d'accès et des connecteurs d'authentification intégrés rendent DokuWiki particulièrement utile dans le contexte de l'entreprise et le grand nombre de plugins apportés par sa communauté dynamique permettent un large éventail de cas d'utilisation au-delà d'un wiki traditionnel. @@ -25,14 +26,13 @@ DokuWiki est un logiciel wiki Open Source simple à utiliser et très polyvalent * Lors de la mise à jour, les plugins officiels sont également mis à jour. Nous vous recommandons toutefois de vérifier le bon fonctionnement des plugins dans le panneau d'administration après cette opération. Nous ne pouvons pas savoir si des plugins spéciaux posent problèmes... -**Version incluse :** 2022.07.31a~ynh1 - +**Version incluse :** 2022.07.31a~ynh2 **Démo :** https://demo.yunohost.org/dokuwiki/doku.php?id=start&do=login&u=demo&p=demo -## Captures d'écran +## Captures d’écran -![Capture d'écran de Dokuwiki](./doc/screenshots/DokuWiki_Screenshot.png) +![Capture d’écran de Dokuwiki](./doc/screenshots/DokuWiki_Screenshot.png) ## Avertissements / informations importantes @@ -42,9 +42,9 @@ DokuWiki est un logiciel wiki Open Source simple à utiliser et très polyvalent ## Documentations et ressources -* Site officiel de l'app : -* Documentation officielle de l'admin : -* Dépôt de code officiel de l'app : +* Site officiel de l’app : +* Documentation officielle de l’admin : +* Dépôt de code officiel de l’app : * Documentation YunoHost pour cette app : * Signaler un bug : @@ -60,4 +60,4 @@ ou sudo yunohost app upgrade dokuwiki -u https://github.com/YunoHost-Apps/dokuwiki_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** +**Plus d’infos sur le packaging d’applications :** \ No newline at end of file