YunoHost-Apps/dokuwiki_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dokuwiki_ynh.git synced 2024-09-03 18:26:20 +02:00
Code Issues Activity Actions

Merge pull request #40 from Gofannon/fix_conf_folder_handling

Browse source 
Fix conf folder handling + fix admin user + misc enhancements
This commit is contained in:
Maniack Crudelis 2018-09-26 19:21:45 +02:00 committed by GitHub
commit c05f795c29
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 71 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
scripts/install
View file

@ -100,15 +100,6 @@ ynh_add_fpm_config
# CUSTOMIZE DOKUWIKI # CUSTOMIZE DOKUWIKI
#================================================= #=================================================
# Set the "admin" user
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
# Set the "language"
ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
# Copy Yunohost specific configuration
# Loading order of configuration files # Loading order of configuration files
# #
# By default DokuWiki loads its configuration files in the following order: # By default DokuWiki loads its configuration files in the following order:
@ -119,13 +110,23 @@ ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
# #
# See https://www.dokuwiki.org/plugin:config#protecting_settings # See https://www.dokuwiki.org/plugin:config#protecting_settings
cp ../conf/local.protected.php $final_path/conf
### Copy Yunohost specific configuration
# This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost # This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
# It will only be updated by Yunohost package or directly by adventurous users # It will only be updated by Yunohost package or directly by adventurous users
cp ../conf/local.protected.php $final_path/conf
# Set the "admin" user
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "$final_path/conf/local.protected.php"
cp ../conf/local.php $final_path/conf
# This file might be modified by dokuwiki admin panel or by plugins # This file might be modified by dokuwiki admin panel or by plugins
# It will not be modified by Yunohost in order to keep user settings # It will not be modified by Yunohost in order to keep user settings
cp ../conf/local.php $final_path/conf
# Set the "language"
ynh_replace_string "__YNH_LANGUAGE__" "$language" "$final_path/conf/local.php"
# Restrict user rights by enforcing "read-only" mode for all users # Restrict user rights by enforcing "read-only" mode for all users
# See https://www.dokuwiki.org/acl#background_info # See https://www.dokuwiki.org/acl#background_info
@ -144,11 +145,11 @@ cp ../conf/acl.auth.php $final_path/conf
cp $final_path/conf/local.php.dist $final_path/conf/local.php.bak cp $final_path/conf/local.php.dist $final_path/conf/local.php.bak
cp $final_path/conf/users.auth.php.dist $final_path/conf/users.auth.php cp $final_path/conf/users.auth.php.dist $final_path/conf/users.auth.php
cp $final_path/inc/preload.php.dist $final_path/inc/preload.php
# This file might be used by plugins like https://www.dokuwiki.org/plugin:siteexport # This file might be used by plugins like https://www.dokuwiki.org/plugin:siteexport
# Create it to be more "user friendly" as over the top security is not the main goal here # Create it to be more "user friendly" as over the top security is not the main goal here
# This file could be use for bad behaviour. # This file could be use for bad behaviour.
# See https://www.dokuwiki.org/devel:preload?s[]=preload # See https://www.dokuwiki.org/devel:preload?s[]=preload
cp $final_path/inc/preload.php.dist $final_path/inc/preload.php
# There is no template .dist provided inside DokuWiki installation folder # There is no template .dist provided inside DokuWiki installation folder
# Create "empty" files to be able to manage linux permissions # Create "empty" files to be able to manage linux permissions
@ -156,23 +157,15 @@ cp $final_path/inc/preload.php.dist $final_path/inc/preload.php
cp ../conf/plugins.local.php $final_path/conf cp ../conf/plugins.local.php $final_path/conf
cp ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak cp ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak
# Create file if it does not exist
if [ ! -f "$final_path/conf/local.protected.php" ]; then
# Set the default "admin"
# Replace string in order to have a functionnal configuration file
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
cp ../conf/local.protected.php $final_path/conf
fi
#================================================= #=================================================
# STORE THE CHECKSUM OF THE CONFIG FILE # STORE THE CHECKSUM OF THE CONFIG FILE
#================================================= #=================================================
# Calculate and store the config file checksum into the app settings # Calculate and store the config file checksum into the app settings
ynh_store_file_checksum "$final_path/conf/local.protected.php" ynh_store_file_checksum "$final_path/conf/local.protected.php"
ynh_store_file_checksum "$final_path/conf/local.php" ### Files can be modified by user, no need to store checksum as they cannot be overwritten safely by package
ynh_store_file_checksum "$final_path/conf/acl.auth.php" #ynh_store_file_checksum "$final_path/conf/local.php"
#ynh_store_file_checksum "$final_path/conf/acl.auth.php"
#================================================= #=================================================
#================================================= #=================================================
@ -197,7 +190,7 @@ chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.aut
# See https://www.dokuwiki.org/devel:preload # See https://www.dokuwiki.org/devel:preload
chown $app:root $final_path/inc/preload.php chown $app:root $final_path/inc/preload.php
# Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# There are only files in the folder and there is sublevels. No need to use "find" # There are only files in the folder and there are no sublevels. No need to use "find"
chmod -R a+r $final_path/conf chmod -R a+r $final_path/conf
chmod -R a+r $final_path/inc chmod -R a+r $final_path/inc

42
scripts/restore
View file

@ -60,16 +60,42 @@ ynh_system_user_create $app
# RESTORE USER RIGHTS # RESTORE USER RIGHTS
#================================================= #=================================================
# Restore permissions on app files # Try to use "least privilege" to grant minimal access
# For details, see https://www.dokuwiki.org/install:permissions
# Files owned by DokuWiki can just read
chown -R root: $final_path chown -R root: $final_path
# Restore permissions same as from the 'install' script # DokuWiki needs to write inside these folders. Do "DokuWiki" owner
# except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions chown $app:root $final_path/conf
chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl} chown $app:root $final_path/inc
chmod -R 700 $final_path/conf
chmod -R 700 $final_path/data # Do "DokuWiki" owner of configuration files that must be writable
chmod -R 755 $final_path/lib/plugins chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images} # Useful for some plugins like https://www.dokuwiki.org/plugin:siteexport
# See https://www.dokuwiki.org/devel:preload
chown $app:root $final_path/inc/preload.php
# Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# There are only files in the folder and there are no sublevels. No need to use "find"
chmod -R a+r $final_path/conf
chmod -R a+r $final_path/inc
# Give write access to "data" and subfolders
chown -R $app:root $final_path/data
# Remove access to "other"
chmod -R o-rwx $final_path/data
# Allow the web admin panel to run, aka "Extension Manager"
chown -R $app:root $final_path/lib/plugins
# Allow to install templates
chown -R $app:root $final_path/lib/tpl
# Allow access to public assets like style sheets
find $final_path/lib -type f -print0 | xargs -0 chmod 0644
find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# Using "find" instead of "chmod -R 755" so files does not become executable too
# chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
#================================================= #=================================================
# RESTORE THE PHP-FPM CONFIGURATION # RESTORE THE PHP-FPM CONFIGURATION

49
scripts/upgrade
View file

@ -56,6 +56,7 @@ if [ -z "$language" ]; then
fi fi
# Yunohost specific configuration, if not exists # Yunohost specific configuration, if not exists
# Previously, these settings were store a unique "dokuwiki.php" # Previously, these settings were store a unique "dokuwiki.php"
@ -75,45 +76,34 @@ fi
# Configuration dedicated to Yunohost (LDAP and admin mainly) # Configuration dedicated to Yunohost (LDAP and admin mainly)
# Create file if it does not exist # Create file if it does not exist
if [ ! -f "$final_path/conf/local.protected.php" ]; then if [ ! -f "$final_path/conf/local.protected.php" ]; then
# Set the default "admin"
# Replace string in order to have a functionnal configuration file
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
cp ../conf/local.protected.php $final_path/conf cp ../conf/local.protected.php $final_path/conf
# Set the default "admin"
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "$final_path/conf/local.protected.php"
fi fi
# Do not overwrite existing dokuwiki configuration as it could have user customization's and settings. # Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
# Cannot use helper "ynh_backup_if_checksum_is_different"
# Create file if it does not exist # Create file if it does not exist
if [ ! -f "$final_path/conf/local.php" ]; then if [ ! -f "$final_path/conf/local.php" ]; then
# Set the default "language" only when file does not exist beforehand
# Replace string in order to have a functionnal configuration file
ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
cp ../conf/local.php $final_path/conf cp ../conf/local.php $final_path/conf
# Set the default "language"
ynh_replace_string "__YNH_LANGUAGE__" "$language" "$final_path/conf/local.php"
fi fi
# Do not overwrite existing ACL configuration file as it could have user customization's and settings. # Do not overwrite existing ACL configuration file as it could have user customization's and settings.
# Cannot use helper "ynh_backup_if_checksum_is_different"
# Create file if it does not exist # Create file if it does not exist
# See https://www.dokuwiki.org/acl#background_info # See https://www.dokuwiki.org/acl#background_info
if [ ! -f "$final_path/conf/acl.auth.php" ]; then if [ ! -f "$final_path/conf/acl.auth.php" ]; then
cp ../conf/acl.auth.php $final_path/conf cp ../conf/acl.auth.php $final_path/conf
fi fi
# For securing DokuWiki installation, create default files that will be writable in the "conf" folder. # For securing DokuWiki installation, create default files that will be writable in the "conf" folder.
# Other files will be read ony and owned by root. # Other files will be read ony and owned by root.
# See https://www.dokuwiki.org/install:permissions # See https://www.dokuwiki.org/install:permissions
# Create file if it does not exist
if [ ! -f "$final_path/conf/local.protected.php" ]; then
# Set the default "admin"
# Replace string in order to have a functionnal configuration file
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
cp ../conf/local.protected.php $final_path/conf
fi
# If file does not exists # If file does not exists
if [ ! -f "$final_path/conf/local.php.bak" ]; then if [ ! -f "$final_path/conf/local.php.bak" ]; then
# if template exists # if template exists
@ -225,7 +215,7 @@ fi
# TODO Taken from old "upgrade" script. Should check if it is needed and what it does # TODO Taken from old "upgrade" script. Should check if it is needed and what it does
# Update all plugins # Update all plugins
for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F':' '{print $3}'); for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F ':' '{print $3}');
do do
# Get a official plugin for dokuwiki, not update a no-official # Get a official plugin for dokuwiki, not update a no-official
sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true
@ -241,20 +231,17 @@ done
# LDAP Configuration # LDAP Configuration
#================================================= #=================================================
# Verify if existing file needs to be upgraded by comparing it's size to new file from package ### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script.
# If different, do a backup of existing file and overwrite with new file ### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it.
#
# Safe here as this file is only used by Yunohost. Dokuwiki cannot modified it.
ynh_backup_if_checksum_is_different "$final_path/conf/local.protected.php" ynh_backup_if_checksum_is_different "$final_path/conf/local.protected.php"
# Set the "admin" user # Always overwrite local file with the one from package.
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
cp ../conf/local.protected.php $final_path/conf cp ../conf/local.protected.php $final_path/conf
# This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
# It will only be updated by Yunohost package or directly by adventurous users
# Recalculate and store the config file checksum into the app settings # Set the "admin" user
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "$final_path/conf/local.protected.php"
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum "$final_path/conf/local.protected.php" ynh_store_file_checksum "$final_path/conf/local.protected.php"
#================================================= #=================================================
@ -275,6 +262,8 @@ chown $app:root $final_path/inc
# Do "DokuWiki" owner of configuration files that must be writable # Do "DokuWiki" owner of configuration files that must be writable
chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak} chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# Useful for some plugins like https://www.dokuwiki.org/plugin:siteexport
# See https://www.dokuwiki.org/devel:preload
chown $app:root $final_path/inc/preload.php chown $app:root $final_path/inc/preload.php
# Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# There are only files in the folder and there is sublevels. No need to use "find" # There are only files in the folder and there is sublevels. No need to use "find"