From 052eb382f2c6ff80a067100e863dba581f42f3a8 Mon Sep 17 00:00:00 2001
From: Maniack Crudelis <maniackcrudelis@users.noreply.github.com>
Date: Mon, 16 Apr 2018 18:37:29 +0200
Subject: [PATCH 01/43] Add upgrade from a previous commit (#35)

* Add upgrade from a previous commit

* Fix is_public value for upgrade from commit
---
 check_process | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/check_process b/check_process
index 88a7a7e..ca404fa 100644
--- a/check_process
+++ b/check_process
@@ -13,6 +13,7 @@
 		setup_private=1
 		setup_public=1
 		upgrade=1
+		upgrade=1	from_commit=01add99d3d903ca6d07f863045edf2ba46cf18d5
 		backup_restore=1
 		multi_instance=1
 		wrong_user=1
@@ -33,3 +34,7 @@
 	Level 8=0
 	Level 9=0
 	Level 10=0
+;;; Upgrade options
+	; commit=01add99d3d903ca6d07f863045edf2ba46cf18d5
+		name=Create check_process
+		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=Yes&

From d32447f0b542ec86c799cdd4e30796a153a719ef Mon Sep 17 00:00:00 2001
From: Maniack Crudelis <maniackcrudelis@users.noreply.github.com>
Date: Mon, 28 May 2018 10:54:35 +0200
Subject: [PATCH 02/43] Create pull_request_template.md

Duplicated from https://github.com/YunoHost-Apps/searx_ynh/pull/35, merged as a micro decision
---
 pull_request_template.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 pull_request_template.md

diff --git a/pull_request_template.md b/pull_request_template.md
new file mode 100644
index 0000000..2dcfc1d
--- /dev/null
+++ b/pull_request_template.md
@@ -0,0 +1,25 @@
+## Problem
+- *Description of why you made this PR*
+
+## Solution
+- *And how you fix that*
+
+## PR Status
+- [ ] Code finished.
+- [ ] Tested with Package_check.
+- [ ] Fix or enhancement tested.
+- [ ] Upgrade from last version tested.
+- [ ] Can be reviewed and tested.
+
+## Validation
+---
+*Minor decision*
+- **Upgrade previous version** : 
+- [ ] **Code review** : 
+- [ ] **Approval (LGTM)** : 
+- [ ] **Approval (LGTM)** : 
+- **CI succeeded** : 
+[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/dokuwiki_ynh%20-BRANCH-%20(Official)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/dokuwiki_ynh%20-BRANCH-%20(Official)/) *Please replace '-BRANCH-' in this link for a PR from a local branch.*  
+or  
+[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/dokuwiki_ynh%20PR-NUM-%20(Official_fork)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/dokuwiki_ynh%20PR-NUM-%20(Official_fork)/) *Replace '-NUM-' by the PR number in this link for a PR from a forked repository.*  
+When the PR is marked as ready to merge, you have to wait for 3 days before really merging it.

From 42a170b60c7eaa6b9f3b69d521c308ef790c9055 Mon Sep 17 00:00:00 2001
From: ansible <ansible@ansible>
Date: Thu, 14 Jun 2018 18:28:14 +0200
Subject: [PATCH 03/43] refactor "install" script and use best practices

- migrate from custom helper '.fonctions' to official helpers
- Use '_common.sh' + various templates from 'example_ynh'
- update 'manifest' with new Yunohost version requirement
- redo 'install' script
---
 conf/app.src         |   6 ++
 conf/nginx.conf      |  82 ++++++++++++--------
 conf/php-fpm.conf    |  42 +++++-----
 conf/systemd.service |  13 ++++
 manifest.json        |   2 +-
 scripts/_common.sh   |  13 ++++
 scripts/install      | 181 +++++++++++++++++++++++++++++++------------
 7 files changed, 234 insertions(+), 105 deletions(-)
 create mode 100644 conf/app.src
 create mode 100644 conf/systemd.service
 create mode 100644 scripts/_common.sh

diff --git a/conf/app.src b/conf/app.src
new file mode 100644
index 0000000..5ff3053
--- /dev/null
+++ b/conf/app.src
@@ -0,0 +1,6 @@
+SOURCE_URL=https://download.dokuwiki.org/src/dokuwiki/dokuwiki-2017-02-19b.tgz
+SOURCE_SUM=ea11e4046319710a2bc6fdf58b5cda86
+SOURCE_SUM_PRG=md5sum
+SOURCE_FORMAT=tar.gz
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 4311e99..ee61519 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,42 +1,56 @@
-location __PATHTOCHANGE__ {
-    alias __FINALPATH__/;
+location __PATH__ {
 
-    if ($scheme = http) {
-      rewrite ^ https://$server_name$request_uri? permanent;
-    }
+  # Path to source
+  alias __FINALPATH__/ ;
 
-    index index.php;
-    try_files $uri $uri/ index.php;
+  if ($scheme = http) {
+    rewrite ^ https://$server_name$request_uri? permanent;
+  }
 
-    client_max_body_size 25M;
-    
-    location ~ [^/]\.php(/|$) {
-      fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-      fastcgi_pass unix:/var/run/php5-fpm-__NAMETOCHANGE__.sock;
-      fastcgi_index index.php;
-      include fastcgi_params;
-      fastcgi_param HTTPS on if_not_empty;
-      fastcgi_param REMOTE_USER     $remote_user;
-      fastcgi_param PATH_INFO       $fastcgi_path_info;
-      fastcgi_param SCRIPT_FILENAME $request_filename;
-    }
+  # Example PHP configuration (remove if not used)
+  index index.php;
 
-    # Secure DokuWiki
-    location ~ ^__PATHTOCHANGE__/(data|conf|bin|inc)/ {
-      deny all;
-    }
+  # Common parameter to increase upload size limit in conjuction with dedicated php-fpm file
+  client_max_body_size 25M;
 
-    # Deny Access to htaccess-Files for Apache
-    location ~ /\.ht {
-      deny all;
-    }
+  try_files $uri $uri/ index.php;
+  location ~ [^/]\.php(/|$) {
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
 
-    # Serve static files
-    location ~ ^/lib.*\.(gif|png|ico|jpg)$ {
-      expires 30d;
-    }
+    # If you don't use a dedicated fpm config for your app,
+    # use a general fpm pool.
+    # This is to be used INSTEAD of line above
+    # Don't forget to adjust scripts install/upgrade/remove/backup accordingly
+    #
+    #fastcgi_pass unix:/var/run/php5-fpm.sock;
 
-    #--PRIVATE--# Include SSOWAT user panel.
-    #--PRIVATE--include conf.d/yunohost_panel.conf.inc;
+    fastcgi_index index.php;
+    include fastcgi_params;
+    fastcgi_param HTTPS on if_not_empty;
+    fastcgi_param REMOTE_USER     $remote_user;
+    fastcgi_param PATH_INFO       $fastcgi_path_info;
+    fastcgi_param SCRIPT_FILENAME $request_filename;
+  }
+  # PHP configuration end
+
+  # Secure DokuWiki
+  # Try this ?
+  #location __PATH__/(data|conf|bin|inc)/ { {
+  location ~ ^__PATH__/(data|conf|bin|inc)/ {
+    deny all;
+  }
+
+  # Deny Access to htaccess-Files for Apache
+  location ~ /\.ht {
+    deny all;
+  }
+
+  # Serve static files
+  location ~ ^/lib.*\.(gif|png|ico|jpg)$ {
+    expires 30d;
+  }
+
+  # Include SSOWAT user panel.
+  include conf.d/yunohost_panel.conf.inc;
 }
-
diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf
index 7bad39e..2aec4a2 100644
--- a/conf/php-fpm.conf
+++ b/conf/php-fpm.conf
@@ -32,19 +32,19 @@ group = __USER__
 ; Note: This value is mandatory.
 listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
 
-; Set listen(2) backlog.
+; Set listen(2) backlog. A value of '-1' means unlimited.
 ; Default Value: 128 (-1 on FreeBSD and OpenBSD)
 ;listen.backlog = 128
 
 ; Set permissions for unix socket, if one is used. In Linux, read/write
 ; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions. 
+; BSD-derived systems allow connections regardless of permissions.
 ; Default Values: user and group are set as the running user
 ;                 mode is set to 0660
 listen.owner = www-data
 listen.group = www-data
 ;listen.mode = 0660
- 
+
 ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
 ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
 ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
@@ -117,7 +117,7 @@ pm.max_spare_servers = 3
 ; Note: Used only when pm is set to 'ondemand'
 ; Default Value: 10s
 ;pm.process_idle_timeout = 10s;
- 
+
 ; The number of requests each child process should execute before respawning.
 ; This can be useful to work around memory leaks in 3rd party libraries. For
 ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
@@ -170,7 +170,7 @@ pm.max_requests = 500
 ;
 ; By default the status page only outputs short status. Passing 'full' in the
 ; query string will also return status for each pool process.
-; Example: 
+; Example:
 ;   http://www.foo.bar/status?full
 ;   http://www.foo.bar/status?json&full
 ;   http://www.foo.bar/status?html&full
@@ -220,9 +220,9 @@ pm.max_requests = 500
 ; Note: The value must start with a leading slash (/). The value can be
 ;       anything, but it may not be a good idea to use the .php extension or it
 ;       may conflict with a real PHP file.
-; Default Value: not set 
+; Default Value: not set
 ;pm.status_path = /status
- 
+
 ; The ping URI to call the monitoring page of FPM. If this value is not set, no
 ; URI will be recognized as a ping page. This could be used to test from outside
 ; that FPM is alive and responding, or to
@@ -283,7 +283,7 @@ pm.max_requests = 500
 ;      - ....
 ;  %p: PID of the child that serviced the request
 ;  %P: PID of the parent of the child that serviced the request
-;  %q: the query string 
+;  %q: the query string
 ;  %Q: the '?' character if query string exists
 ;  %r: the request URI (without the query string, see %q and %Q)
 ;  %R: remote IP address
@@ -298,50 +298,50 @@ pm.max_requests = 500
 ;
 ; Default: "%R - %u %t \"%m %r\" %s"
 ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
- 
+
 ; The log file for slow requests
 ; Default Value: not set
 ; Note: slowlog is mandatory if request_slowlog_timeout is set
 slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log
- 
+
 ; The timeout for serving a single request after which a PHP backtrace will be
 ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 request_slowlog_timeout = 5s
- 
+
 ; The timeout for serving a single request after which the worker process will
 ; be killed. This option should be used when the 'max_execution_time' ini option
 ; does not stop script execution for some reason. A value of '0' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 request_terminate_timeout = 1d
- 
+
 ; Set open file descriptor rlimit.
 ; Default Value: system defined value
 ;rlimit_files = 1024
- 
+
 ; Set max core size rlimit.
 ; Possible Values: 'unlimited' or an integer greater or equal to 0
 ; Default Value: system defined value
 ;rlimit_core = 0
- 
+
 ; Chroot to this directory at the start. This value must be defined as an
 ; absolute path. When this value is not set, chroot is not used.
 ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
 ; of its subdirectories. If the pool prefix is not set, the global prefix
 ; will be used instead.
-; Note: chrooting is a great security feature and should be used whenever 
+; Note: chrooting is a great security feature and should be used whenever
 ;       possible. However, all PHP paths will be relative to the chroot
 ;       (error_log, sessions.save_path, ...).
 ; Default Value: not set
-;chroot = 
- 
+;chroot =
+
 ; Chdir to this directory at the start.
 ; Note: relative path can be used.
 ; Default Value: current directory or / when chroot
 chdir = __FINALPATH__
- 
+
 ; Redirect worker stdout and stderr into main error log. If not set, stdout and
 ; stderr will be redirected to /dev/null according to FastCGI specs.
 ; Note: on highloaded environement, this can cause some delay in the page
@@ -356,7 +356,7 @@ catch_workers_output = yes
 ; Note: set an empty value to allow all extensions.
 ; Default Value: .php
 ;security.limit_extensions = .php .php3 .php4 .php5
- 
+
 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
 ; the current environment.
 ; Default Value: clean env
@@ -370,7 +370,7 @@ catch_workers_output = yes
 ; overwrite the values previously defined in the php.ini. The directives are the
 ; same as the PHP SAPI:
 ;   php_value/php_flag             - you can set classic ini defines which can
-;                                    be overwritten from PHP call 'ini_set'. 
+;                                    be overwritten from PHP call 'ini_set'.
 ;   php_admin_value/php_admin_flag - these directives won't be overwritten by
 ;                                     PHP call 'ini_set'
 ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
@@ -389,4 +389,4 @@ catch_workers_output = yes
 ;php_flag[display_errors] = off
 ;php_admin_value[error_log] = /var/log/fpm-php.www.log
 ;php_admin_flag[log_errors] = on
-;php_admin_value[memory_limit] = 32M
\ No newline at end of file
+;php_admin_value[memory_limit] = 32M
diff --git a/conf/systemd.service b/conf/systemd.service
new file mode 100644
index 0000000..76cdf64
--- /dev/null
+++ b/conf/systemd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Small description of the service
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/
+ExecStart=__FINALPATH__/script >> /var/log/__APP__/__APP__.log 2>&1
+
+[Install]
+WantedBy=multi-user.target
diff --git a/manifest.json b/manifest.json
index 776c0df..09e7c18 100644
--- a/manifest.json
+++ b/manifest.json
@@ -3,7 +3,7 @@
     "id": "dokuwiki",
     "packaging_format": 1,
     "requirements": {
-        "yunohost": ">> 2.3.15"
+        "yunohost": ">> 2.6.4"
     },
     "description": {
         "en": "DokuWiki is a simple to use and highly versatile Open Source wiki software that doesn't require a database.",
diff --git a/scripts/_common.sh b/scripts/_common.sh
new file mode 100644
index 0000000..bb04a03
--- /dev/null
+++ b/scripts/_common.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# ============= FUTURE YUNOHOST HELPER =============
+# Delete a file checksum from the app settings
+#
+# $app should be defined when calling this helper
+#
+# usage: ynh_remove_file_checksum file
+# | arg: file - The file for which the checksum will be deleted
+ynh_delete_file_checksum () {
+	local checksum_setting_name=checksum_${1//[\/ ]/_}	# Replace all '/' and ' ' by '_'
+	ynh_app_setting_delete $app $checksum_setting_name
+}
\ No newline at end of file
diff --git a/scripts/install b/scripts/install
index a7cdf9d..a5aa929 100755
--- a/scripts/install
+++ b/scripts/install
@@ -1,7 +1,30 @@
 #!/bin/bash
 
-# Exit on command errors and treat unset variables as an error
-set -eu
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# RETRIEVE ARGUMENTS FROM THE MANIFEST
+#=================================================
+
+domain=$YNH_APP_ARG_DOMAIN
+path_url=$YNH_APP_ARG_PATH
+admin=$YNH_APP_ARG_ADMIN
+is_public=$YNH_APP_ARG_IS_PUBLIC
+#language=$YNH_APP_ARG_LANGUAGE
 
 # This is a multi-instance app, meaning it can be installed several times independently
 # The id of the app as stated in the manifest is available as $YNH_APP_ID
@@ -13,55 +36,103 @@ set -eu
 # The app instance name is probably what you are interested the most, since this is
 # guaranteed to be unique. This is a good unique identifier to define installation path,
 # db names, ...
-# Retrieve arguments
-
-source .fonctions	# Loads the generic functions usually used in the script
-# Source app helpers
-source /usr/share/yunohost/helpers
-
-TRAP_ON	# Active trap for strop script if detect error.
-
-domain=$YNH_APP_ARG_DOMAIN
-path=$YNH_APP_ARG_PATH
-admin=$YNH_APP_ARG_ADMIN
-is_public=$YNH_APP_ARG_IS_PUBLIC
-
 app=$YNH_APP_INSTANCE_NAME
 
-CHECK_VAR "$app" "app name not set"
+#=================================================
+# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
+#=================================================
 
-CHECK_USER "$admin"
+final_path=/var/www/$app
+test ! -e "$final_path" || ynh_die "This path already contains a folder"
 
-CHECK_PATH
+# Normalize the url path syntax
+path_url=$(ynh_normalize_url_path $path_url)
 
-CHECK_DOMAINPATH
+# Check web path availability
+ynh_webpath_available $domain $path_url
+# Register (book) web path
+ynh_webpath_register $app $domain $path_url
 
-CHECK_FINALPATH
+#=================================================
+# STORE SETTINGS FROM MANIFEST
+#=================================================
 
-# Save app settings
 ynh_app_setting_set $app domain $domain
-ynh_app_setting_set $app path $path
+ynh_app_setting_set $app path $path_url
 ynh_app_setting_set $app admin $admin
 ynh_app_setting_set $app is_public $is_public
+#ynh_app_setting_set $app language $language
 
-# Create system user dedicace for this app
+#=================================================
+# STANDARD MODIFICATIONS
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+
+ynh_app_setting_set $app final_path $final_path
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source "$final_path"
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+
+# Create a dedicated nginx config
+ynh_add_nginx_config
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+
+# Create a system user
 ynh_system_user_create $app
 
+#=================================================
+# PHP-FPM CONFIGURATION
+#=================================================
+
+# Create a dedicated php-fpm config
+ynh_add_fpm_config
+
+#=================================================
+# SPECIFIC SETUP
+#=================================================
+# ...
+#=================================================
+
+#=================================================
+# SETUP SYSTEMD
+#=================================================
+
+# Create a dedicated systemd config
+ynh_systemd_config
+
+#=================================================
+# MODIFY A CONFIG FILE
+#=================================================
+
 # Modify dokuwiki conf
-sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
-
-# Copy files to the right place
-sudo mkdir "$final_path"
-ynh_app_setting_set $app final_path $final_path
-
-# Get source
-SETUP_SOURCE
+#sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
+ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/dokuwiki.php"
 
 sudo cp ../conf/dokuwiki.php $final_path/conf
 sudo cp ../conf/acl.auth.php $final_path/conf
 
+#=================================================
+# STORE THE CHECKSUM OF THE CONFIG FILE
+#=================================================
+
+# Calculate and store the config file checksum into the app settings
+ynh_store_file_checksum "$final_path/conf/dokuwiki.php"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SECURE FILES AND DIRECTORIES
+#=================================================
+
 # Files owned by dokuwiki can just read
-sudo chown -R root: $final_path
+chown -R root: $final_path
 
 # except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions
 sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
@@ -70,25 +141,37 @@ sudo chmod -R 700 $final_path/data
 sudo chmod -R 755 $final_path/lib/plugins
 sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
 
-# Modify Nginx configuration file and copy it to Nginx conf directory
-sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
-sudo sed -i "s@__PATHTOCHANGE__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf
-sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/$domain.d/$app.conf
-sudo sed -i "s@__NAMETOCHANGE__@$app@g" /etc/nginx/conf.d/$domain.d/$app.conf
+#=================================================
+# SETUP LOGROTATE
+#=================================================
 
-if [ "$is_public" = "Yes" ];
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate
+
+#=================================================
+# ADVERTISE SERVICE IN ADMIN PANEL
+#=================================================
+
+#yunohost service add NAME_INIT.D --log "/var/log/FILE.log"
+yunohost service add "$app" --log "/var/log/$app/$app.log"
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+
+if [ $is_public -eq 0 ]
+then	# Remove the public access
+	ynh_app_setting_delete $app skipped_uris
+fi
+# Make app public if necessary
+if [ $is_public -eq 1 ]
 then
-	sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf
+	# unprotected_uris allows SSO credentials to be passed anyway.
+	ynh_app_setting_set $app unprotected_uris "/"
 fi
 
-# Create the php-fpm pool config
-POOL_FPM
+#=================================================
+# RELOAD NGINX
+#=================================================
 
-# If app is public, add url to SSOWat conf as skipped_uris
-if [[ $is_public -eq 1 ]]; then
-  # unprotected_uris allows SSO credentials to be passed anyway.
-  ynh_app_setting_set "$app" unprotected_uris "/"
-fi
-
-# Reload Nginx
-sudo systemctl reload nginx
\ No newline at end of file
+systemctl reload nginx

From bdf0f77c19a3c628148c2bf1ced70d449da1b1f8 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Thu, 14 Jun 2018 18:42:32 +0200
Subject: [PATCH 04/43] [enh] refactor 'remove' script to best practices

---
 scripts/remove | 92 +++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 72 insertions(+), 20 deletions(-)

diff --git a/scripts/remove b/scripts/remove
index 6fa841a..37020cb 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -1,30 +1,82 @@
 #!/bin/bash
 
-# Exit on command errors and treat unset variables as an error
-set -u
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
 
-# Get multi-instances specific variables
 app=$YNH_APP_INSTANCE_NAME
 
-# Loads the generic functions usually used in the script
-source .fonctions 
-# Source app helpers
-. /usr/share/yunohost/helpers
+domain=$(ynh_app_setting_get $app domain)
+final_path=$(ynh_app_setting_get $app final_path)
 
-# Retrieve app settings
-domain=$(ynh_app_setting_get "$app" domain)
+#=================================================
+# STANDARD REMOVE
+#=================================================
+# STOP AND REMOVE SERVICE
+#=================================================
 
-# Delete app directory and configurations
-sudo rm -rf "/var/www/${app}"
-sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf"
-sudo rm -f "/etc/php5/fpm/conf.d/20-${app}.ini"
-[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf"
+# Remove the dedicated systemd config
+ynh_remove_systemd_config
 
-# Reload services
-sudo systemctl reload php5-fpm
-sudo systemctl reload nginx
+#=================================================
+# REMOVE SERVICE FROM ADMIN PANEL
+#=================================================
 
-# Delete system user dedicace for this app
+if yunohost service status | grep -q $app
+then
+	echo "Remove $app service"
+	yunohost service remove $app
+fi
+
+#=================================================
+# REMOVE APP MAIN DIR
+#=================================================
+
+# Remove the app directory securely
+ynh_secure_remove "$final_path"
+
+#=================================================
+# REMOVE NGINX CONFIGURATION
+#=================================================
+
+# Remove the dedicated nginx config
+ynh_remove_nginx_config
+
+#=================================================
+# REMOVE PHP-FPM CONFIGURATION
+#=================================================
+
+# Remove the dedicated php-fpm config
+ynh_remove_fpm_config
+
+#=================================================
+# REMOVE LOGROTATE CONFIGURATION
+#=================================================
+
+# Remove the app-specific logrotate config
+ynh_remove_logrotate
+
+#=================================================
+# SPECIFIC REMOVE
+#=================================================
+
+# Remove the log files
+ynh_secure_remove "/var/log/$app/"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# REMOVE DEDICATED USER
+#=================================================
+
+# Delete a system user
 ynh_system_user_delete $app
-
-echo -e "\e[0m"	# Restore normal color
\ No newline at end of file

From 9e53f1cf6fce11cf7ef2aa15c3f82be9ea9b98d3 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Thu, 14 Jun 2018 18:58:40 +0200
Subject: [PATCH 05/43] [enh] refactor 'restore' script to best practices

---
 scripts/restore | 149 +++++++++++++++++++++++++++++++-----------------
 1 file changed, 97 insertions(+), 52 deletions(-)

diff --git a/scripts/restore b/scripts/restore
index 2ee9014..8b5a099 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -1,69 +1,114 @@
 #!/bin/bash
-# This restore script is adapted to Yunohost >=2.4
 
-# Exit on command errors and treat unset variables as an error
-set -eu
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
 
-# The parameter $2 is the id of the app instance ex: ynhexample__2
-app=$YNH_APP_INSTANCE_NAME
-
-if [ ! -e .fonctions ]; then
-	# Get file fonction if not been to the current directory
-	sudo cp ../settings/scripts/.fonctions ./.fonctions
-	sudo chmod a+rx .fonctions
+if [ ! -e _common.sh ]; then
+	# Get the _common.sh file if it's not in the current directory
+	cp ../settings/scripts/_common.sh ./_common.sh
+	chmod a+rx _common.sh
 fi
-# Loads the generic functions usually used in the script
-source .fonctions
-# Source app helpers
+source _common.sh
 source /usr/share/yunohost/helpers
 
-# Get old parameter of the app
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+
+app=$YNH_APP_INSTANCE_NAME
+
 domain=$(ynh_app_setting_get $app domain)
-path=$(ynh_app_setting_get $app path)
-is_public=$(ynh_app_setting_get $app is_public)
+path_url=$(ynh_app_setting_get $app path)
+final_path=$(ynh_app_setting_get $app final_path)
 
-# Check domain/path availability
-sudo yunohost app checkurl "${domain}${path}" -a "$app" \
-    || ynh_die "Path not available: ${domain}${path}"
+#=================================================
+# CHECK IF THE APP CAN BE RESTORED
+#=================================================
 
-# Check $final_path
-final_path="/var/www/${app}"
-if [ -d $final_path ]; then
-	ynh_die "There is already a directory: $final_path"
-fi
+ynh_webpath_available $domain $path_url \
+	|| ynh_die "Path not available: ${domain}${path_url}"
+test ! -d $final_path \
+	|| ynh_die "There is already a directory: $final_path "
 
-# Check configuration files nginx
-nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
-if [ -f $nginx_conf ]; then
-	ynh_die "The NGINX configuration already exists at '${nginx_conf}'. You should safely delete it before restoring this app."
-fi
-# Check configuration files php-fpm
-phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"
-if [ -f $phpfpm_conf ]; then 
-	ynh_die "The PHP FPM configuration already exists at '${phpfpm_conf}'. You should safely delete it before restoring this app."
-fi
+#=================================================
+# STANDARD RESTORATION STEPS
+#=================================================
+# RESTORE THE NGINX CONFIGURATION
+#=================================================
 
-phpfpm_ini="/etc/php5/fpm/conf.d/20-${app}.ini"
-if [ -f $phpfpm_ini ]; then
-	ynh_die "The PHP FPM INI configuration already exists at '${phpfpm_ini}'. You should safely delete it before restoring this app."
-fi
+ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
 
-# Create system user dedicace for this app
+#=================================================
+# RESTORE THE APP MAIN DIR
+#=================================================
+
+ynh_restore_file "$final_path"
+
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+
+# Create the dedicated user (if not existing)
 ynh_system_user_create $app
 
- # Restore sources & data
-sudo cp -a ./sources "${final_path}"
+#=================================================
+# RESTORE USER RIGHTS
+#=================================================
 
-# Set permissions
-sudo chown -R $app: "${final_path}"
+# Restore permissions on app files
+chown -R root: $final_path
 
-# Restore nginx configuration files
-sudo cp -a ./nginx.conf   "${nginx_conf}"
-# Restore php-fpm configuration files
-sudo cp -a ./php-fpm.conf "${phpfpm_conf}"
-sudo cp -a ./php-fpm.ini "${phpfpm_ini}"
+# Restore permissions same as from the 'install' script
+# except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions
+sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
+sudo chmod -R 700 $final_path/conf
+sudo chmod -R 700 $final_path/data
+sudo chmod -R 755 $final_path/lib/plugins
+sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
 
-# Reload services
-sudo systemctl reload php5-fpm
-sudo systemctl reload nginx
-sudo yunohost app ssowatconf
+#=================================================
+# RESTORE THE PHP-FPM CONFIGURATION
+#=================================================
+
+ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf"
+ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini"
+
+#=================================================
+# SPECIFIC RESTORATION
+#=================================================
+# ADVERTISE SERVICE IN ADMIN PANEL
+#=================================================
+
+yunohost service add $app --log "/var/log/$app/$app.log"
+
+#=================================================
+# RESTORE SYSTEMD
+#=================================================
+
+ynh_restore_file "/etc/systemd/system/$app.service"
+systemctl enable $app.service
+
+#=================================================
+# RESTORE THE LOGROTATE CONFIGURATION
+#=================================================
+
+ynh_restore_file "/etc/logrotate.d/$app"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# RELOAD NGINX AND PHP-FPM
+#=================================================
+
+systemctl reload php5-fpm
+systemctl reload nginx

From feba478177fdb78c9e55fc1e9b6d646e5532f977 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Fri, 15 Jun 2018 15:16:42 +0200
Subject: [PATCH 06/43] [enh] refactor 'backup' and 'upgrade' scripts

---
 scripts/backup  |  89 ++++++++++---
 scripts/upgrade | 337 ++++++++++++++++++++++++++++++------------------
 2 files changed, 282 insertions(+), 144 deletions(-)

diff --git a/scripts/backup b/scripts/backup
index fe7ddd8..873cbb0 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -1,23 +1,80 @@
 #!/bin/bash
 
-# Exit on command errors and treat unset variables as an error
-set -eu
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
 
-# Get multi-instances specific variables
-app=$YNH_APP_INSTANCE_NAME
-
-# Source app helpers
+if [ ! -e _common.sh ]; then
+	# Get the _common.sh file if it's not in the current directory
+	cp ../settings/scripts/_common.sh ./_common.sh
+	chmod a+rx _common.sh
+fi
+source _common.sh
 source /usr/share/yunohost/helpers
 
-# Retrieve app settings
-domain=$(ynh_app_setting_get "$app" domain)
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
 
-# Copy the app files
-final_path="/var/www/${app}"
-ynh_backup "$final_path" "sources" 1
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
 
-# Copy the nginx conf files
-ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
-# Copy the php-fpm conf files
-ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf"
-ynh_backup "/etc/php5/fpm/conf.d/20-${app}.ini" "php-fpm.ini"
\ No newline at end of file
+#=================================================
+# LOAD SETTINGS
+#=================================================
+
+app=$YNH_APP_INSTANCE_NAME
+
+final_path=$(ynh_app_setting_get $app final_path)
+domain=$(ynh_app_setting_get $app domain)
+
+#=================================================
+# STANDARD BACKUP STEPS
+#=================================================
+# BACKUP THE APP MAIN DIR
+#=================================================
+
+# TODO taken from old "backup" script
+#ynh_backup "$final_path" "sources" 1
+ynh_backup "$final_path"
+
+#=================================================
+# BACKUP THE NGINX CONFIGURATION
+#=================================================
+
+ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
+
+#=================================================
+# BACKUP THE PHP-FPM CONFIGURATION
+#=================================================
+
+ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
+ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini"
+
+#=================================================
+# BACKUP THE MYSQL DATABASE
+#=================================================
+
+ynh_mysql_dump_db "$db_name" > db.sql
+
+#=================================================
+# SPECIFIC BACKUP
+#=================================================
+# BACKUP LOGROTATE
+#=================================================
+
+ynh_backup "/etc/logrotate.d/$app"
+
+#=================================================
+# BACKUP SYSTEMD
+#=================================================
+
+ynh_backup "/etc/systemd/system/$app.service"
+
+#=================================================
+# BACKUP THE CRON FILE
+#=================================================
+
+ynh_backup "/etc/cron.d/$app"
diff --git a/scripts/upgrade b/scripts/upgrade
index 4f66a04..bc2bd54 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -1,128 +1,209 @@
-#!/bin/bash
-
-# Exit on command errors and treat unset variables as an error
-set -eu
-
-if [ ! -e .fonctions ]; then
-	# Get file fonction if not been to the current directory
-	sudo cp ../settings/scripts/.fonctions ./.fonctions
-	sudo chmod a+rx .fonctions
-fi
-# Loads the generic functions usually used in the script
-source .fonctions
-# Source app helpers
-source /usr/share/yunohost/helpers
-
-# This is a multi-instance app, meaning it can be installed several times independently
-# The id of the app as stated in the manifest is available as $YNH_APP_ID
-# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...)
-# The app instance name is available as $YNH_APP_INSTANCE_NAME
-#    - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
-#    - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
-#    - ynhexample__{N} for the subsequent installations, with N=3,4, ...
-# The app instance name is probably what you are interested the most, since this is
-# guaranteed to be unique. This is a good unique identifier to define installation path,
-# db names, ...
-app=$YNH_APP_INSTANCE_NAME
-
-# Retrieve app settings
-domain=$(ynh_app_setting_get $app domain)
-path=$(ynh_app_setting_get $app path)
-admin=$(ynh_app_setting_get $app admin)
-is_public=$(ynh_app_setting_get $app is_public)
-multisite=$(ynh_app_setting_get $app multisite)
-
-# Remove trailing slash to path
-path=${path%/}
-#force location to be / or /foo
-location=${path:-/}
-
-# admin default value, if not set
-if [ -z "$admin" ];
-then
-	admin=$(sudo yunohost user list | grep 'username' -m1 | awk '{print $2}')
-	sudo ynh_app_setting_set $app is_public -v "$is_public"
-fi
-
-# Create system user dedicace for this app
-ynh_system_user_create $app
-
-# Modify dokuwiki conf
-sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
-
-# Copy files to the right place
-final_path=/var/www/$app
-sudo mkdir -p $final_path
-
-# Get source
-SETUP_SOURCE
-
-sudo cp ../conf/dokuwiki.php $final_path/conf
-
-# Do not override ACL configuration file
-if [ ! -f "$final_path/conf/acl.auth.php" ]; then
-	sudo cp ../conf/acl.auth.php $final_path/conf
-fi
-
-# Remove upgrade notification
-# See https://www.dokuwiki.org/update_check
-sudo touch $final_path/doku.php
-
-# Remove deleted files
-# See https://www.dokuwiki.org/install:unused_files
-if [ -f "../sources/data/deleted.files" ]; then
-	grep -Ev '^($|#)' ../sources/data/deleted.files | xargs -I {} sudo rm -vrf $final_path/{}
-fi
-
-# Change owner for all plugins
-sudo chmod -R 755 $final_path/lib/plugins
-
-# Update all plugins
-for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F':' '{print $3}');
-do
-		# Get a official plugin for dokuwiki, not update a no-official
-		sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true
-		if [ -s "${name_plugin}.zip" ]; then
-			sudo unzip ${name_plugin}.zip
-			sudo cp -a splitbrain-dokuwiki-plugin-${name_plugin}*/. "${final_path}/lib/plugins/${name_plugin}/"
-		fi
-done
-
-# Files owned by www-data can just read
-sudo chown -R root: $final_path
-
-# except for conf, data, some data subfolders, and lib/plugin, where dokuwiki must have write permissions
-if [ -d "${final_path}/data/media" ]; then
-	sudo chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
-fi
-sudo chown -R $app:root $final_path/{conf,data,lib/plugins,lib/tpl}
-sudo chmod -R 700 $final_path/conf
-sudo chmod -R 700 $final_path/data
-sudo chmod -R 755 $final_path/lib/plugins
-sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
-
-# Modify Nginx configuration file and copy it to Nginx conf directory
-sudo sed -i "s@__PATHTOCHANGE__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf
-sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/$domain.d/$app.conf
-# sudo sed -i "s@__NAMETOCHANGE__@$app@g" /etc/nginx/conf.d/$domain.d/$app.conf
-sudo sed -i "s@fastcgi_pass unix:/var/run/php5-fpm.sock;@fastcgi_pass unix:/var/run/php5-fpm-${app}.sock;@g" /etc/nginx/conf.d/$domain.d/$app.conf
-
-if [ "$is_public" = "Yes" ];
-then
-	sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf
-fi
-
-# Create the php-fpm pool config
-POOL_FPM
-
-# Set ssowat config
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set $app is_public 1 # Fixe is_public en booléen
-	is_public=1
-else
-	ynh_app_setting_set $app is_public 0
- 	is_public=0
-fi
-
-sudo systemctl reload nginx
-sudo yunohost app ssowatconf
\ No newline at end of file
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+
+app=$YNH_APP_INSTANCE_NAME
+
+domain=$(ynh_app_setting_get $app domain)
+path_url=$(ynh_app_setting_get $app path)
+admin=$(ynh_app_setting_get $app admin)
+is_public=$(ynh_app_setting_get $app is_public)
+final_path=$(ynh_app_setting_get $app final_path)
+
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================
+
+# Fix is_public as a boolean value
+if [ "$is_public" = "Yes" ]; then
+	ynh_app_setting_set $app is_public 1
+	is_public=1
+elif [ "$is_public" = "No" ]; then
+	ynh_app_setting_set $app is_public 0
+	is_public=0
+fi
+
+# If final_path doesn't exist, create it
+if [ -z $final_path ]; then
+	final_path=/var/www/$app
+	ynh_app_setting_set $app final_path $final_path
+fi
+
+# TODO Not sure if still needed ??
+# admin default value, if not set
+if [ -z "$admin" ]; then
+	admin=$(sudo yunohost user list | grep 'username' -m1 | awk '{print $2}')
+	sudo ynh_app_setting_set $app is_public -v "$is_public"
+fi
+
+#=================================================
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+#=================================================
+
+# Backup the current version of the app
+ynh_backup_before_upgrade
+ynh_clean_setup () {
+	# restore it if the upgrade fails
+	ynh_restore_upgradebackup
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# CHECK THE PATH
+#=================================================
+
+# Normalize the URL path syntax
+path_url=$(ynh_normalize_url_path $path_url)
+
+#=================================================
+# STANDARD UPGRADE STEPS
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source "$final_path"
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+
+# Create a dedicated nginx config
+ynh_add_nginx_config
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+
+# Create a system user
+ynh_system_user_create $app
+
+#=================================================
+# PHP-FPM CONFIGURATION
+#=================================================
+
+# Create a dedicated php-fpm config
+ynh_add_fpm_config
+
+#=================================================
+# SPECIFIC UPGRADE
+#=================================================
+
+# TODO Taken from old "upgrade" script. Should check if it is needed and what it does
+if [ -d "${final_path}/data/media" ]; then
+	sudo chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
+fi
+
+# Modify dokuwiki conf
+#sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
+ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/dokuwiki.php"
+sudo cp ../conf/dokuwiki.php $final_path/conf
+
+# Do not override ACL configuration file
+if [ ! -f "$final_path/conf/acl.auth.php" ]; then
+	sudo cp ../conf/acl.auth.php $final_path/conf
+fi
+
+# Remove upgrade notification
+# See https://www.dokuwiki.org/update_check
+sudo touch $final_path/doku.php
+
+# Remove deleted files
+# See https://www.dokuwiki.org/install:unused_files
+if [ -f "../sources/data/deleted.files" ]; then
+	grep -Ev '^($|#)' ../sources/data/deleted.files | xargs -I {} sudo rm -vrf $final_path/{}
+fi
+
+# Update all plugins
+for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F':' '{print $3}');
+do
+		# Get a official plugin for dokuwiki, not update a no-official
+		sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true
+		if [ -s "${name_plugin}.zip" ]; then
+			sudo unzip ${name_plugin}.zip
+			sudo cp -a splitbrain-dokuwiki-plugin-${name_plugin}*/. "${final_path}/lib/plugins/${name_plugin}/"
+		fi
+done
+
+#=================================================
+
+# Verify the checksum and backup the file if it's different
+ynh_backup_if_checksum_is_different "$final_path/CONFIG_FILE"
+# Recalculate and store the config file checksum into the app settings
+ynh_store_file_checksum "$final_path/CONFIG_FILE"
+
+#=================================================
+# SETUP LOGROTATE
+#=================================================
+
+# Use logrotate to manage app-specific logfile(s)
+ynh_use_logrotate --non-append
+
+#=================================================
+# SETUP SYSTEMD
+#=================================================
+
+# Create a dedicated systemd config
+ynh_add_systemd_config
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SECURE FILES AND DIRECTORIES
+#=================================================
+
+# Files owned by dokuwiki can just read
+chown -R root: $final_path
+
+# except for conf, data, some data subfolders, and lib/plugin, where dokuwiki must have write permissions
+#TODO compare rights with install script !!!
+# Install script :
+#sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
+
+sudo chown -R $app:root $final_path/{conf,data,lib/plugins,lib/tpl}
+sudo chmod -R 700 $final_path/conf
+sudo chmod -R 700 $final_path/data
+sudo chmod -R 755 $final_path/lib/plugins
+sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
+
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+
+if [ $is_public -eq 0 ]
+then	# Remove the public access
+	ynh_app_setting_delete $app skipped_uris
+fi
+# Make app public if necessary
+if [ $is_public -eq 1 ]
+then
+	# unprotected_uris allows SSO credentials to be passed anyway
+	ynh_app_setting_set $app unprotected_uris "/"
+fi
+
+# TODO: Still needed ??
+#if [ "$is_public" = "Yes" ];
+#then
+#	sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf
+#fi
+
+#=================================================
+# RELOAD NGINX
+#=================================================
+
+systemctl reload nginx
+# TODO
+#sudo yunohost app ssowatconf

From 15c44f67bff4c49ae55ec884218d9fc72d21f34a Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 17 Jun 2018 11:36:13 +0200
Subject: [PATCH 07/43] [fix] Correct errors found by 'package_check'

---
 scripts/backup  |  11 --
 scripts/install |   2 +-
 scripts/upgrade | 418 ++++++++++++++++++++++++------------------------
 3 files changed, 210 insertions(+), 221 deletions(-)

diff --git a/scripts/backup b/scripts/backup
index 873cbb0..45e56bc 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -53,12 +53,6 @@ ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
 ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
 ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini"
 
-#=================================================
-# BACKUP THE MYSQL DATABASE
-#=================================================
-
-ynh_mysql_dump_db "$db_name" > db.sql
-
 #=================================================
 # SPECIFIC BACKUP
 #=================================================
@@ -73,8 +67,3 @@ ynh_backup "/etc/logrotate.d/$app"
 
 ynh_backup "/etc/systemd/system/$app.service"
 
-#=================================================
-# BACKUP THE CRON FILE
-#=================================================
-
-ynh_backup "/etc/cron.d/$app"
diff --git a/scripts/install b/scripts/install
index a5aa929..da8c05c 100755
--- a/scripts/install
+++ b/scripts/install
@@ -105,7 +105,7 @@ ynh_add_fpm_config
 #=================================================
 
 # Create a dedicated systemd config
-ynh_systemd_config
+ynh_add_systemd_config
 
 #=================================================
 # MODIFY A CONFIG FILE
diff --git a/scripts/upgrade b/scripts/upgrade
index bc2bd54..5c69ac0 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -1,209 +1,209 @@
-#!/bin/bash
-
-#=================================================
-# GENERIC START
-#=================================================
-# IMPORT GENERIC HELPERS
-#=================================================
-
-source _common.sh
-source /usr/share/yunohost/helpers
-
-#=================================================
-# LOAD SETTINGS
-#=================================================
-
-app=$YNH_APP_INSTANCE_NAME
-
-domain=$(ynh_app_setting_get $app domain)
-path_url=$(ynh_app_setting_get $app path)
-admin=$(ynh_app_setting_get $app admin)
-is_public=$(ynh_app_setting_get $app is_public)
-final_path=$(ynh_app_setting_get $app final_path)
-
-#=================================================
-# ENSURE DOWNWARD COMPATIBILITY
-#=================================================
-
-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set $app is_public 1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set $app is_public 0
-	is_public=0
-fi
-
-# If final_path doesn't exist, create it
-if [ -z $final_path ]; then
-	final_path=/var/www/$app
-	ynh_app_setting_set $app final_path $final_path
-fi
-
-# TODO Not sure if still needed ??
-# admin default value, if not set
-if [ -z "$admin" ]; then
-	admin=$(sudo yunohost user list | grep 'username' -m1 | awk '{print $2}')
-	sudo ynh_app_setting_set $app is_public -v "$is_public"
-fi
-
-#=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
-#=================================================
-
-# Backup the current version of the app
-ynh_backup_before_upgrade
-ynh_clean_setup () {
-	# restore it if the upgrade fails
-	ynh_restore_upgradebackup
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
-#=================================================
-# CHECK THE PATH
-#=================================================
-
-# Normalize the URL path syntax
-path_url=$(ynh_normalize_url_path $path_url)
-
-#=================================================
-# STANDARD UPGRADE STEPS
-#=================================================
-# DOWNLOAD, CHECK AND UNPACK SOURCE
-#=================================================
-
-# Download, check integrity, uncompress and patch the source from app.src
-ynh_setup_source "$final_path"
-
-#=================================================
-# NGINX CONFIGURATION
-#=================================================
-
-# Create a dedicated nginx config
-ynh_add_nginx_config
-
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-
-# Create a system user
-ynh_system_user_create $app
-
-#=================================================
-# PHP-FPM CONFIGURATION
-#=================================================
-
-# Create a dedicated php-fpm config
-ynh_add_fpm_config
-
-#=================================================
-# SPECIFIC UPGRADE
-#=================================================
-
-# TODO Taken from old "upgrade" script. Should check if it is needed and what it does
-if [ -d "${final_path}/data/media" ]; then
-	sudo chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
-fi
-
-# Modify dokuwiki conf
-#sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
-ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/dokuwiki.php"
-sudo cp ../conf/dokuwiki.php $final_path/conf
-
-# Do not override ACL configuration file
-if [ ! -f "$final_path/conf/acl.auth.php" ]; then
-	sudo cp ../conf/acl.auth.php $final_path/conf
-fi
-
-# Remove upgrade notification
-# See https://www.dokuwiki.org/update_check
-sudo touch $final_path/doku.php
-
-# Remove deleted files
-# See https://www.dokuwiki.org/install:unused_files
-if [ -f "../sources/data/deleted.files" ]; then
-	grep -Ev '^($|#)' ../sources/data/deleted.files | xargs -I {} sudo rm -vrf $final_path/{}
-fi
-
-# Update all plugins
-for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F':' '{print $3}');
-do
-		# Get a official plugin for dokuwiki, not update a no-official
-		sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true
-		if [ -s "${name_plugin}.zip" ]; then
-			sudo unzip ${name_plugin}.zip
-			sudo cp -a splitbrain-dokuwiki-plugin-${name_plugin}*/. "${final_path}/lib/plugins/${name_plugin}/"
-		fi
-done
-
-#=================================================
-
-# Verify the checksum and backup the file if it's different
-ynh_backup_if_checksum_is_different "$final_path/CONFIG_FILE"
-# Recalculate and store the config file checksum into the app settings
-ynh_store_file_checksum "$final_path/CONFIG_FILE"
-
-#=================================================
-# SETUP LOGROTATE
-#=================================================
-
-# Use logrotate to manage app-specific logfile(s)
-ynh_use_logrotate --non-append
-
-#=================================================
-# SETUP SYSTEMD
-#=================================================
-
-# Create a dedicated systemd config
-ynh_add_systemd_config
-
-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Files owned by dokuwiki can just read
-chown -R root: $final_path
-
-# except for conf, data, some data subfolders, and lib/plugin, where dokuwiki must have write permissions
-#TODO compare rights with install script !!!
-# Install script :
-#sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
-
-sudo chown -R $app:root $final_path/{conf,data,lib/plugins,lib/tpl}
-sudo chmod -R 700 $final_path/conf
-sudo chmod -R 700 $final_path/data
-sudo chmod -R 755 $final_path/lib/plugins
-sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
-
-
-#=================================================
-# SETUP SSOWAT
-#=================================================
-
-if [ $is_public -eq 0 ]
-then	# Remove the public access
-	ynh_app_setting_delete $app skipped_uris
-fi
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set $app unprotected_uris "/"
-fi
-
-# TODO: Still needed ??
-#if [ "$is_public" = "Yes" ];
-#then
-#	sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf
-#fi
-
-#=================================================
-# RELOAD NGINX
-#=================================================
-
-systemctl reload nginx
-# TODO
-#sudo yunohost app ssowatconf
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+
+app=$YNH_APP_INSTANCE_NAME
+
+domain=$(ynh_app_setting_get $app domain)
+path_url=$(ynh_app_setting_get $app path)
+admin=$(ynh_app_setting_get $app admin)
+is_public=$(ynh_app_setting_get $app is_public)
+final_path=$(ynh_app_setting_get $app final_path)
+
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================
+
+# Fix is_public as a boolean value
+if [ "$is_public" = "Yes" ]; then
+	ynh_app_setting_set $app is_public 1
+	is_public=1
+elif [ "$is_public" = "No" ]; then
+	ynh_app_setting_set $app is_public 0
+	is_public=0
+fi
+
+# If final_path doesn't exist, create it
+if [ -z $final_path ]; then
+	final_path=/var/www/$app
+	ynh_app_setting_set $app final_path $final_path
+fi
+
+# TODO Not sure if still needed ??
+# admin default value, if not set
+if [ -z "$admin" ]; then
+	admin=$(sudo yunohost user list | grep 'username' -m1 | awk '{print $2}')
+	sudo ynh_app_setting_set $app is_public -v "$is_public"
+fi
+
+#=================================================
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+#=================================================
+
+# Backup the current version of the app
+ynh_backup_before_upgrade
+ynh_clean_setup () {
+	# restore it if the upgrade fails
+	ynh_restore_upgradebackup
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# CHECK THE PATH
+#=================================================
+
+# Normalize the URL path syntax
+path_url=$(ynh_normalize_url_path $path_url)
+
+#=================================================
+# STANDARD UPGRADE STEPS
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source "$final_path"
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+
+# Create a dedicated nginx config
+ynh_add_nginx_config
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+
+# Create a system user
+ynh_system_user_create $app
+
+#=================================================
+# PHP-FPM CONFIGURATION
+#=================================================
+
+# Create a dedicated php-fpm config
+ynh_add_fpm_config
+
+#=================================================
+# SPECIFIC UPGRADE
+#=================================================
+
+# TODO Taken from old "upgrade" script. Should check if it is needed and what it does
+if [ -d "${final_path}/data/media" ]; then
+	sudo chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
+fi
+
+# Modify dokuwiki conf
+#sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
+ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/dokuwiki.php"
+sudo cp ../conf/dokuwiki.php $final_path/conf
+
+# Do not override ACL configuration file
+if [ ! -f "$final_path/conf/acl.auth.php" ]; then
+	sudo cp ../conf/acl.auth.php $final_path/conf
+fi
+
+# Remove upgrade notification
+# See https://www.dokuwiki.org/update_check
+sudo touch $final_path/doku.php
+
+# Remove deleted files
+# See https://www.dokuwiki.org/install:unused_files
+if [ -f "../sources/data/deleted.files" ]; then
+	grep -Ev '^($|#)' ../sources/data/deleted.files | xargs -I {} sudo rm -vrf $final_path/{}
+fi
+
+# Update all plugins
+for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F':' '{print $3}');
+do
+		# Get a official plugin for dokuwiki, not update a no-official
+		sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true
+		if [ -s "${name_plugin}.zip" ]; then
+			sudo unzip ${name_plugin}.zip
+			sudo cp -a splitbrain-dokuwiki-plugin-${name_plugin}*/. "${final_path}/lib/plugins/${name_plugin}/"
+		fi
+done
+
+#=================================================
+
+# Verify the checksum and backup the file if it's different
+ynh_backup_if_checksum_is_different "$final_path/conf/dokuwiki.php"
+# Recalculate and store the config file checksum into the app settings
+ynh_store_file_checksum "$final_path/conf/dokuwiki.php"
+
+#=================================================
+# SETUP LOGROTATE
+#=================================================
+
+# Use logrotate to manage app-specific logfile(s)
+ynh_use_logrotate --non-append
+
+#=================================================
+# SETUP SYSTEMD
+#=================================================
+
+# Create a dedicated systemd config
+ynh_add_systemd_config
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SECURE FILES AND DIRECTORIES
+#=================================================
+
+# Files owned by dokuwiki can just read
+chown -R root: $final_path
+
+# except for conf, data, some data subfolders, and lib/plugin, where dokuwiki must have write permissions
+#TODO compare rights with install script !!!
+# Install script :
+#sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
+
+sudo chown -R $app:root $final_path/{conf,data,lib/plugins,lib/tpl}
+sudo chmod -R 700 $final_path/conf
+sudo chmod -R 700 $final_path/data
+sudo chmod -R 755 $final_path/lib/plugins
+sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
+
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+
+if [ $is_public -eq 0 ]
+then	# Remove the public access
+	ynh_app_setting_delete $app skipped_uris
+fi
+# Make app public if necessary
+if [ $is_public -eq 1 ]
+then
+	# unprotected_uris allows SSO credentials to be passed anyway
+	ynh_app_setting_set $app unprotected_uris "/"
+fi
+
+# TODO: Still needed ??
+#if [ "$is_public" = "Yes" ];
+#then
+#	sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf
+#fi
+
+#=================================================
+# RELOAD NGINX
+#=================================================
+
+systemctl reload nginx
+# TODO
+#sudo yunohost app ssowatconf

From feb2e848ff164c27b7b70d02b559f170af467677 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 17 Jun 2018 17:16:54 +0200
Subject: [PATCH 08/43] [enh] Cleaning - remove files not needed anymore

---
 scripts/.fonctions | 254 ---------------------------------------------
 sources/source_dir |   1 -
 sources/source_md5 |   1 -
 sources/source_url |   1 -
 4 files changed, 257 deletions(-)
 delete mode 100644 scripts/.fonctions
 delete mode 100644 sources/source_dir
 delete mode 100644 sources/source_md5
 delete mode 100644 sources/source_url

diff --git a/scripts/.fonctions b/scripts/.fonctions
deleted file mode 100644
index 4e87c5f..0000000
--- a/scripts/.fonctions
+++ /dev/null
@@ -1,254 +0,0 @@
-#!/bin/bash
-
-ynh_version="2.4"
-
-YNH_VERSION () {	# Display number version of the YunoHost moulinette
-	ynh_version=$(sudo yunohost -v | grep "moulinette:" | cut -d' ' -f2 | cut -d'.' -f1,2)
-}
-
-CHECK_VAR () {	# Check variable is not empty
-# $1 = Checking variable
-# $2 = Text to display on error
-	test -n "$1" || (echo "$2" >&2 && false)
-}
-
-EXIT_PROPERLY () {	# Causes the script to stop in the event of an error. And clean the residue.
-	trap '' ERR
-	echo -e "\e[91m \e[1m"	# Shell in light red bold
-	echo -e "!!\n  $app install's script has encountered an error. Installation was cancelled.\n!!" >&2
-
-	if type -t CLEAN_SETUP > /dev/null; then	# Checks the existence of the function before executing it.
-		CLEAN_SETUP	# Call the specific cleanup function of the install script.
-	fi
-
-	sudo sed -i "\@\"$domain$path/\":@d" /etc/ssowat/conf.json
-
-	if [ "$ynh_version" = "2.2" ]; then
-		/bin/bash $script_dir/remove	# Call the remove script. In 2.2, this behavior is not automatic.
-	fi
-
-	ynh_die
-}
-
-TRAP_ON () {	# Activate signal capture
-	trap EXIT_PROPERLY ERR	# Capturing exit signals on error
-}
-
-TRAP_OFF () {	# Ignoring signal capture until TRAP_ON
-	trap '' ERR	# Ignoring exit signals
-}
-
-CHECK_USER () {	# Check the validity of the user admin
-	# $1 = User admin variable
-	ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false)
-}
-
-CHECK_PATH () {	# Checks / at the beginning of the path. And his absence at the end.
-	if [ "${path:0:1}" != "/" ]; then    # If the first character is not /
-		path="/$path"    # Add / at the beginning of path
-	fi
-	if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then    # If the last character is a / and it is not the only character.
-		path="${path:0:${#path}-1}"	# Delete last character
-	fi
-}
-
-CHECK_DOMAINPATH () {	# Checks the availability of the path and domain.
-	sudo yunohost app checkurl $domain$path -a $app
-}
-
-CHECK_FINALPATH () {	# Checks that the destination folder is not already in use.
-	final_path=/var/www/$app
-	if [ -e "$final_path" ]
-	then
-		echo "This path already contains a folder" >&2
-		false
-	fi
-}
-
-SETUP_SOURCE () {	# Download source, decompress and copu into $final_path
-	src=$(cat ../sources/source_md5 | awk -F' ' {'print $2'})
-	sudo wget -nv -i ../sources/source_url -O $src
-	# Checks the checksum of the downloaded source.
-	md5sum -c ../sources/source_md5 --status || ynh_die "Corrupt source"
-	# Decompress source
-	if [ "$(echo ${src##*.})" == "tgz" ]; then
-		tar -x -f $src
-	elif [ "$(echo ${src##*.})" == "zip" ]; then
-		unzip -q $src
-	else
-		false	# Unsupported archive format.
-	fi
-	# Copy file source
-	sudo cp -a $(cat ../sources/source_dir)/. "$final_path"
-	# Copy additional file and modified
-	if test -e "../sources/ajouts"; then
-		sudo cp -a ../sources/ajouts/. "$final_path"
-	fi
-}
-
-POOL_FPM () {	# Create the php-fpm pool configuration file and configure it.
-	sed -i "s@__NAMETOCHANGE__@$app@g" ../conf/php-fpm.conf
-	sed -i "s@__FINALPATH__@$final_path@g" ../conf/php-fpm.conf
-	sed -i "s@__USER__@$app@g" ../conf/php-fpm.conf
-	finalphpconf=/etc/php5/fpm/pool.d/$app.conf
-	sudo cp ../conf/php-fpm.conf $finalphpconf
-	sudo chown root: $finalphpconf
-	finalphpini=/etc/php5/fpm/conf.d/20-$app.ini
-	sudo cp ../conf/php-fpm.ini $finalphpini
-	sudo chown root: $finalphpini
-	sudo systemctl reload php5-fpm
-}
-
-STORE_MD5_CONFIG () {	# Saves the checksum of the config file
-	# $1 = Name of the conf file for storage in settings.yml
-	# $2 = Full name and path of the conf file.
-	ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1)
-}
-
-CHECK_MD5_CONFIG () {	# Created a backup of the config file if it was changed.
-	# $1 = Name of the conf file for storage in settings.yml
-	# $2 = Full name and path of the conf file.onf.
-	if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then
-		sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')"	# Si le fichier de config a été modifié, créer un backup.
-	fi
-}
-
-FIND_PORT () {	# Search free port
-	# $1 = Port number to start the search.
-	port=$1
-	while ! sudo yunohost app checkport $port ; do
-		port=$((port+1))
-	done
-	CHECK_VAR "$port" "port empty"
-}
-
-
-### REMOVE SCRIPT
-
-REMOVE_NGINX_CONF () {	# Delete nginx configuration
-	if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then
-		echo "Delete nginx config"
-		sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf"
-		sudo systemctl reload nginx
-	fi
-}
-
-REMOVE_FPM_CONF () {	# Delete pool php-fpm configuration
-	if [ -e "/etc/php5/fpm/pool.d/$app.conf" ]; then	# Delete fpm config
-		echo "Delete fpm config"
-		sudo rm "/etc/php5/fpm/pool.d/$app.conf"
-	fi
-	if [ -e "/etc/php5/fpm/conf.d/20-$app.ini" ]; then	# Delete php config
-		echo "Delete php config"
-		sudo rm "/etc/php5/fpm/conf.d/20-$app.ini"
-	fi
-	sudo systemctl reload php5-fpm
-}
-
-REMOVE_LOGROTATE_CONF () {	# Delete logrotate configuration
-	if [ -e "/etc/logrotate.d/$app" ]; then
-		echo "Delete logrotate config"
-		sudo rm "/etc/logrotate.d/$app"
-	fi
-}
-
-SECURE_REMOVE () {      # Deleting a folder with variable verification
-	chaine="$1"	# The argument must be given between simple quotes '', to avoid interpreting the variables.
-	no_var=0
-	while (echo "$chaine" | grep -q '\$')	# Loop as long as there are $ in the string
-	do
-		no_var=1
-		global_var=$(echo "$chaine" | cut -d '$' -f 2)	# Isole the first variable found.
-		only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)')	# Isole completely the variable by adding the $ at the beginning and keeping only the name of the variable. Mostly gets rid of / and a possible path behind.
-		real_var=$(eval "echo ${only_var}")		# `eval "echo ${var}` Allows to interpret a variable contained in a variable.
-		if test -z "$real_var" || [ "$real_var" = "/" ]; then
-			echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2
-			return 1
-		fi
-		chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@")	# Replaces variable with its value in the string.
-	done
-	if [ "$no_var" -eq 1 ]
-	then
-		if [ -e "$chaine" ]; then
-			echo "Delete directory $chaine"
-			sudo rm -r "$chaine"
-		fi
-		return 0
-	else
-		echo "No detected variable." >&2
-		return 1
-	fi
-}
-
-
-# Check if a YunoHost user exists
-#
-# example: ynh_user_exists 'toto' || exit 1
-#
-# usage: ynh_user_exists username
-# | arg: username - the username to check
-ynh_user_exists() {
-    sudo yunohost user list --output-as json | grep -q "\"username\": \"${1}\""
-}
-
-# Retrieve a YunoHost user information
-#
-# example: mail=$(ynh_user_get_info 'toto' 'mail')
-#
-# usage: ynh_user_get_info username key
-# | arg: username - the username to retrieve info from
-# | arg: key - the key to retrieve
-# | ret: string - the key's value
-ynh_user_get_info() {
-    sudo yunohost user info "$1" --output-as plain | ynh_get_plain_key "$2"
-}
-
-# Get the list of YunoHost users
-#
-# example: for u in $(ynh_user_list); do ...
-#
-# usage: ynh_user_list
-# | ret: string - one username per line
-ynh_user_list() {
-    sudo yunohost user list --output-as plain --quiet \
-      | awk '/^##username$/{getline; print}'
-}
-
-# Check if a user exists on the system
-#
-# usage: ynh_system_user_exists username
-# | arg: username - the username to check
-ynh_system_user_exists() {
-    getent passwd "$1" &>/dev/null
-}
-
-# Create a system user
-#
-# usage: ynh_system_user_create user_name [home_dir]
-# | arg: user_name - Name of the system user that will be create
-# | arg: home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home
-ynh_system_user_create () {
-	if ! ynh_system_user_exists "$1"	# Check if the user exists on the system
-	then	# If the user doesn't exist
-		if [ $# -ge 2 ]; then	# If a home dir is mentioned
-			user_home_dir="-d $2"
-		else
-			user_home_dir="--no-create-home"
-		fi
-		sudo useradd $user_home_dir --system --user-group $1 --shell /usr/sbin/nologin || ynh_die "Unable to create $1 system account"
-	fi
-}
-
-# Delete a system user
-#
-# usage: ynh_system_user_delete user_name
-# | arg: user_name - Name of the system user that will be create
-ynh_system_user_delete () {
-    if ynh_system_user_exists "$1"	# Check if the user exists on the system
-    then
-		echo "Remove the user $1" >&2
-		sudo userdel $1
-	else
-		echo "The user $1 was not found" >&2
-    fi
-}
diff --git a/sources/source_dir b/sources/source_dir
deleted file mode 100644
index bc79cf4..0000000
--- a/sources/source_dir
+++ /dev/null
@@ -1 +0,0 @@
-dokuwiki-2017-02-19b
\ No newline at end of file
diff --git a/sources/source_md5 b/sources/source_md5
deleted file mode 100644
index c98aca2..0000000
--- a/sources/source_md5
+++ /dev/null
@@ -1 +0,0 @@
-ea11e4046319710a2bc6fdf58b5cda86  dokuwiki-2017-02-19b.tgz
\ No newline at end of file
diff --git a/sources/source_url b/sources/source_url
deleted file mode 100644
index 70951e8..0000000
--- a/sources/source_url
+++ /dev/null
@@ -1 +0,0 @@
-https://download.dokuwiki.org/src/dokuwiki/dokuwiki-2017-02-19b.tgz
\ No newline at end of file

From 5f797220eb60f20c5bae6e256d547beb3f7c7749 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 17 Jun 2018 19:33:18 +0200
Subject: [PATCH 09/43] [enh] Use a dedicated file to store customization

Will be useful for next upgrades
See https://www.dokuwiki.org/config#configuration_options
---
 conf/dokuwiki.php | 188 ----------------------------------------------
 conf/local.php    |  31 ++++++++
 scripts/install   |  14 ++--
 scripts/upgrade   |  13 ++--
 4 files changed, 47 insertions(+), 199 deletions(-)
 delete mode 100644 conf/dokuwiki.php
 create mode 100644 conf/local.php

diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php
deleted file mode 100644
index 7aac9c9..0000000
--- a/conf/dokuwiki.php
+++ /dev/null
@@ -1,188 +0,0 @@
-<?php
-/**
- * This is DokuWiki's Main Configuration file
- *
- * All the default values are kept here, you should not modify it but use
- * a local.php file instead to override the settings from here.
- *
- * This is a piece of PHP code so PHP syntax applies!
- *
- * For help with the configuration and a more detailed explanation of the various options
- * see http://www.dokuwiki.org/config
- */
-
-
-/* Basic Settings */
-$conf['title']       = 'DokuWiki';        //what to show in the title
-$conf['start']       = 'start';           //name of start page
-$conf['lang']        = 'en';              //your language
-$conf['template']    = 'dokuwiki';         //see lib/tpl directory
-$conf['tagline']     = '';                //tagline in header (if template supports it)
-$conf['sidebar']     = 'sidebar';         //name of sidebar in root namespace (if template supports it)
-$conf['license']     = 'cc-by-nc-sa';     //see conf/license.php
-$conf['savedir']     = './data';          //where to store all the files
-$conf['basedir']     = '';                //absolute dir from serveroot - blank for autodetection
-$conf['baseurl']     = '';                //URL to server including protocol - blank for autodetect
-$conf['cookiedir']   = '';                //path to use in cookies - blank for basedir
-$conf['dmode']       = 0755;              //set directory creation mode
-$conf['fmode']       = 0644;              //set file creation mode
-$conf['allowdebug']  = 0;                 //allow debug output, enable if needed 0|1
-
-/* Display Settings */
-$conf['recent']      = 20;                //how many entries to show in recent
-$conf['recent_days'] = 7;                 //How many days of recent changes to keep. (days)
-$conf['breadcrumbs'] = 10;                //how many recent visited pages to show
-$conf['youarehere']  = 0;                 //show "You are here" navigation? 0|1
-$conf['fullpath']    = 0;                 //show full path of the document or relative to datadir only? 0|1
-$conf['typography']  = 1;                 //smartquote conversion 0=off, 1=doublequotes, 2=all quotes
-$conf['dformat']     = '%Y/%m/%d %H:%M';  //dateformat accepted by PHPs strftime() function
-$conf['signature']   = ' --- //[[@MAIL@|@NAME@]] @DATE@//'; //signature see wiki page for details
-$conf['showuseras']  = 'loginname';       // 'loginname' users login name
-                                          // 'username' users full name
-                                          // 'email' e-mail address (will be obfuscated as per mailguard)
-                                          // 'email_link' e-mail address as a mailto: link (obfuscated)
-$conf['toptoclevel'] = 1;                 //Level starting with and below to include in AutoTOC (max. 5)
-$conf['tocminheads'] = 3;                 //Minimum amount of headlines that determines if a TOC is built
-$conf['maxtoclevel'] = 3;                 //Up to which level include into AutoTOC (max. 5)
-$conf['maxseclevel'] = 3;                 //Up to which level create editable sections (max. 5)
-$conf['camelcase']   = 0;                 //Use CamelCase for linking? (I don't like it) 0|1
-$conf['deaccent']    = 1;                 //deaccented chars in pagenames (1) or romanize (2) or keep (0)?
-$conf['useheading']  = 0;                 //use the first heading in a page as its name
-$conf['sneaky_index']= 0;                 //check for namespace read permission in index view (0|1) (1 might cause unexpected behavior)
-$conf['hidepages']   = '';                //Regexp for pages to be skipped from RSS, Search and Recent Changes
-
-/* Authentication Settings */
-$conf['useacl']      = 1;                //Use Access Control Lists to restrict access?
-$conf['openregister']= 0;
-$conf['autopasswd']  = 1;                //autogenerate passwords and email them to user
-$conf['authtype']    = 'authldap';      //which authentication backend should be used
-$conf['passcrypt']   = 'sha1';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
-$conf['defaultgroup']= 'user';           //Default groups new Users are added to
-$conf['superuser']   = 'YNH_ADMIN_USER';    //The admin can be user or @group or comma separated list user1,@group1,user2
-$conf['manager']     = 'YNH_ADMIN_USER';    //The manager can be user or @group or comma separated list user1,@group1,user2
-$conf['profileconfirm'] = 1;             //Require current password to confirm changes to user profile
-$conf['rememberme'] = 1;                 //Enable/disable remember me on login
-$conf['disableactions'] = '';            //comma separated list of actions to disable
-$conf['auth_security_timeout'] = 900;    //time (seconds) auth data is considered valid, set to 0 to recheck on every page view
-$conf['securecookie'] = 1;               //never send HTTPS cookies via HTTP
-$conf['remote']      = 0;                //Enable/disable remote interfaces
-$conf['remoteuser']  = '!!not set !!';   //user/groups that have access to remote interface (comma separated)
-
-/* LDAP Yunohost config */
-$conf['plugin']['authldap']['server']      = 'localhost';
-$conf['plugin']['authldap']['port']        = 389;
-$conf['plugin']['authldap']['version']    = 3;
-$conf['plugin']['authldap']['usertree']    = 'ou=users,dc=yunohost,dc=org';
-$conf['plugin']['authldap']['userfilter']  = '(&(uid=%{user})(objectClass=posixAccount))';
-# no groups
-#$conf['plugin']['authldap']['grouptree']   = 'ou=Group, dc=server, dc=tld';
-#$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; 
-
-
-/* Antispam Features */
-$conf['usewordblock']= 1;                //block spam based on words? 0|1
-$conf['relnofollow'] = 1;                //use rel="nofollow" for external links?
-$conf['indexdelay']  = 60*60*24*5;       //allow indexing after this time (seconds) default is 5 days
-$conf['mailguard']   = 'hex';            //obfuscate email addresses against spam harvesters?
-                                         //valid entries are:
-                                         //  'visible' - replace @ with [at], . with [dot] and - with [dash]
-                                         //  'hex'     - use hex entities to encode the mail address
-                                         //  'none'    - do not obfuscate addresses
-$conf['iexssprotect']= 1;                // check for JavaScript and HTML in uploaded files 0|1
-
-/* Editing Settings */
-$conf['usedraft']    = 1;                //automatically save a draft while editing (0|1)
-$conf['htmlok']      = 0;                //may raw HTML be embedded? This may break layout and XHTML validity 0|1
-$conf['phpok']       = 0;                //may PHP code be embedded? Never do this on the internet! 0|1
-$conf['locktime']    = 15*60;            //maximum age for lockfiles (defaults to 15 minutes)
-$conf['cachetime']   = 60*60*24;         //maximum age for cachefile in seconds (defaults to a day)
-
-/* Link Settings */
-// Set target to use when creating links - leave empty for same window
-$conf['target']['wiki']      = '';
-$conf['target']['interwiki'] = '';
-$conf['target']['extern']    = '';
-$conf['target']['media']     = '';
-$conf['target']['windows']   = '';
-
-/* Media Settings */
-$conf['mediarevisions'] = 1;             //enable/disable media revisions
-$conf['refcheck']    = 1;                //check for references before deleting media files
-$conf['gdlib']       = 2;                //the GDlib version (0, 1 or 2) 2 tries to autodetect
-$conf['im_convert']  = '';               //path to ImageMagicks convert (will be used instead of GD)
-$conf['jpg_quality'] = '70';             //quality of compression when scaling jpg images (0-100)
-$conf['fetchsize']   = 0;                //maximum size (bytes) fetch.php may download from extern, disabled by default
-
-/* Notification Settings */
-$conf['subscribers'] = 0;                //enable change notice subscription support
-$conf['subscribe_time'] = 24*60*60;      //Time after which digests / lists are sent (in sec, default 1 day)
-                                         //Should be smaller than the time specified in recent_days
-$conf['notify']      = '';               //send change info to this email (leave blank for nobody)
-$conf['registernotify'] = '';            //send info about newly registered users to this email (leave blank for nobody)
-$conf['mailfrom']    = '';               //use this email when sending mails
-$conf['mailprefix']  = '';               //use this as prefix of outgoing mails
-$conf['htmlmail']    = 1;                //send HTML multipart mails
-
-/* Syndication Settings */
-$conf['sitemap']     = 0;                //Create a google sitemap? How often? In days.
-$conf['rss_type']    = 'rss1';           //type of RSS feed to provide, by default:
-                                         //  'rss'  - RSS 0.91
-                                         //  'rss1' - RSS 1.0
-                                         //  'rss2' - RSS 2.0
-                                         //  'atom' - Atom 0.3
-                                         //  'atom1' - Atom 1.0
-$conf['rss_linkto'] = 'diff';            //what page RSS entries link to:
-                                         //  'diff'    - page showing revision differences
-                                         //  'page'    - the revised page itself
-                                         //  'rev'     - page showing all revisions
-                                         //  'current' - most recent revision of page
-$conf['rss_content'] = 'abstract';       //what to put in the items by default?
-                                         //  'abstract' - plain text, first paragraph or so
-                                         //  'diff'     - plain text unified diff wrapped in <pre> tags
-                                         //  'htmldiff' - diff as HTML table
-                                         //  'html'     - the full page rendered in XHTML
-$conf['rss_media']   = 'both';           //what should be listed?
-                                         //  'both'     - page and media changes
-                                         //  'pages'    - page changes only
-                                         //  'media'    - media changes only
-$conf['rss_update'] = 5*60;              //Update the RSS feed every n seconds (defaults to 5 minutes)
-$conf['rss_show_summary'] = 1;           //Add revision summary to title? 0|1
-
-/* Advanced Settings */
-$conf['updatecheck'] = 0;                //automatically check for new releases?
-$conf['userewrite']  = 0;                //this makes nice URLs: 0: off 1: .htaccess 2: internal
-$conf['useslash']    = 0;                //use slash instead of colon? only when rewrite is on
-$conf['sepchar']     = '_';              //word separator character in page names; may be a
-                                         //  letter, a digit, '_', '-', or '.'.
-$conf['canonical']   = 0;                //Should all URLs use full canonical http://... style?
-$conf['fnencode']    = 'url';            //encode filenames (url|safe|utf-8)
-$conf['autoplural']  = 0;                //try (non)plural form of nonexisting files?
-$conf['compression'] = 'gz';             //compress old revisions: (0: off) ('gz': gnuzip) ('bz2': bzip)
-                                         //  bz2 generates smaller files, but needs more cpu-power
-$conf['gzip_output'] = 0;                //use gzip content encodeing for the output xhtml (if allowed by browser)
-$conf['compress']    = 1;                //Strip whitespaces and comments from Styles and JavaScript? 1|0
-$conf['cssdatauri']  = 0;                //Maximum byte size of small images to embed into CSS, won't work on IE<8
-$conf['send404']     = 0;                //Send a HTTP 404 status for non existing pages?
-$conf['broken_iua']  = 0;                //Platform with broken ignore_user_abort (IIS+CGI) 0|1
-$conf['xsendfile']   = 0;                //Use X-Sendfile (1 = lighttpd, 2 = standard)
-$conf['renderer_xhtml'] = 'xhtml';       //renderer to use for main page generation
-$conf['readdircache'] = 0;               //time cache in second for the readdir operation, 0 to deactivate.
-
-/* Network Settings */
-$conf['dnslookups'] = 1;                 //disable to disallow IP to hostname lookups
-// Proxy setup - if your Server needs a proxy to access the web set these
-$conf['proxy']['host']    = '';
-$conf['proxy']['port']    = '';
-$conf['proxy']['user']    = '';
-$conf['proxy']['pass']    = '';
-$conf['proxy']['ssl']     = 0;
-$conf['proxy']['except']  = '';
-// Safemode Hack - read http://www.dokuwiki.org/config:safemodehack !
-$conf['safemodehack'] = 0;
-$conf['ftp']['host'] = 'localhost';
-$conf['ftp']['port'] = '21';
-$conf['ftp']['user'] = 'user';
-$conf['ftp']['pass'] = 'password';
-$conf['ftp']['root'] = '/home/user/htdocs';
-
-
diff --git a/conf/local.php b/conf/local.php
new file mode 100644
index 0000000..3b006ab
--- /dev/null
+++ b/conf/local.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * This is an example of how a local.php could look like.
+ * Simply copy the options you want to change from dokuwiki.php
+ * to this file and change them.
+ *
+ * When using the installer, a correct local.php file be generated for
+ * you automatically.
+ */
+
+
+/* Authentication Settings */
+$conf['useacl']      = 1;                //Use Access Control Lists to restrict access?
+$conf['authtype']    = 'authldap';       //which authentication backend should be used
+$conf['passcrypt']   = 'sha1';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
+$conf['superuser']   = 'YNH_ADMIN_USER'; //The admin can be user or @group or comma separated list user1,@group1,user2
+$conf['manager']     = 'YNH_ADMIN_USER'; //The manager can be user or @group or comma separated list user1,@group1,user2
+
+/* LDAP Yunohost config */
+$conf['plugin']['authldap']['server']      = 'localhost';
+$conf['plugin']['authldap']['port']        = 389;
+$conf['plugin']['authldap']['version']     = 3;
+$conf['plugin']['authldap']['usertree']    = 'ou=users,dc=yunohost,dc=org';
+$conf['plugin']['authldap']['userfilter']  = '(&(uid=%{user})(objectClass=posixAccount))';
+# no groups
+#$conf['plugin']['authldap']['grouptree']   = 'ou=Group, dc=server, dc=tld';
+#$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; 
+
+/* Advanced Settings */
+$conf['updatecheck'] = 0;                //automatically check for new releases?
+$conf['cssdatauri']  = 512;              //Maximum byte size of small images to embed into CSS, won't work on IE<8
diff --git a/scripts/install b/scripts/install
index da8c05c..b03f72f 100755
--- a/scripts/install
+++ b/scripts/install
@@ -111,11 +111,15 @@ ynh_add_systemd_config
 # MODIFY A CONFIG FILE
 #=================================================
 
-# Modify dokuwiki conf
-#sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
-ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/dokuwiki.php"
+# Set the "admin" user of Dokuwiki
+ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/local.php"
 
-sudo cp ../conf/dokuwiki.php $final_path/conf
+# Copy Yunohost specific configuration
+sudo cp ../conf/local.php $final_path/conf
+
+# Restrict user rights by enforcing "read-only" mode for all users
+# See https://www.dokuwiki.org/acl#background_info
+# Default is "8"
 sudo cp ../conf/acl.auth.php $final_path/conf
 
 #=================================================
@@ -123,7 +127,7 @@ sudo cp ../conf/acl.auth.php $final_path/conf
 #=================================================
 
 # Calculate and store the config file checksum into the app settings
-ynh_store_file_checksum "$final_path/conf/dokuwiki.php"
+#ynh_store_file_checksum "$final_path/conf/local.php"
 
 #=================================================
 # GENERIC FINALIZATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 5c69ac0..3e78c5e 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -106,10 +106,11 @@ if [ -d "${final_path}/data/media" ]; then
 	sudo chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
 fi
 
-# Modify dokuwiki conf
-#sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/dokuwiki.php
-ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/dokuwiki.php"
-sudo cp ../conf/dokuwiki.php $final_path/conf
+# Set the "admin" user of Dokuwiki
+ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/local.php"
+
+# Copy Yunohost specific configuration
+sudo cp ../conf/local.php $final_path/conf
 
 # Do not override ACL configuration file
 if [ ! -f "$final_path/conf/acl.auth.php" ]; then
@@ -140,9 +141,9 @@ done
 #=================================================
 
 # Verify the checksum and backup the file if it's different
-ynh_backup_if_checksum_is_different "$final_path/conf/dokuwiki.php"
+ynh_backup_if_checksum_is_different "$final_path/conf/local.php"
 # Recalculate and store the config file checksum into the app settings
-ynh_store_file_checksum "$final_path/conf/dokuwiki.php"
+ynh_store_file_checksum "$final_path/conf/local.php"
 
 #=================================================
 # SETUP LOGROTATE

From 299a3d8cf3e06a314c4d3be86b5e0d86b994b2a0 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 17 Jun 2018 19:49:37 +0200
Subject: [PATCH 10/43] [enh] Redo 'check_process' to match 'example_ynh'

---
 check_process | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/check_process b/check_process
index ca404fa..9f5cf21 100644
--- a/check_process
+++ b/check_process
@@ -1,3 +1,8 @@
+# See here for more informations
+# https://github.com/YunoHost/package_check#syntax-check_process-file
+
+# Move this file from check_process.default to check_process when you have filled it.
+
 ;; Test complet
 	auto_remove=1
 	; Manifest
@@ -16,13 +21,8 @@
 		upgrade=1	from_commit=01add99d3d903ca6d07f863045edf2ba46cf18d5
 		backup_restore=1
 		multi_instance=1
-		wrong_user=1
-		wrong_path=1
 		incorrect_path=1
-		corrupt_source=0
-		fail_download_source=0
 		port_already_use=0
-		final_path_already_use=0
 ;;; Levels
 	Level 1=auto
 	Level 2=auto
@@ -38,3 +38,6 @@
 	; commit=01add99d3d903ca6d07f863045edf2ba46cf18d5
 		name=Create check_process
 		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=Yes&
+;;; Options
+Email=
+Notification=none

From 3c587b3ac17066f02c9afe4510227bcbd8ba81eb Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 17 Jun 2018 22:15:01 +0200
Subject: [PATCH 11/43] [enh] Add language choice + cleaning variables

---
 conf/local.php  |  7 +++++--
 manifest.json   |  9 +++++++++
 scripts/install | 31 ++++++++++++++++---------------
 scripts/upgrade | 14 +++++++++++++-
 4 files changed, 43 insertions(+), 18 deletions(-)

diff --git a/conf/local.php b/conf/local.php
index 3b006ab..bd02233 100644
--- a/conf/local.php
+++ b/conf/local.php
@@ -9,12 +9,15 @@
  */
 
 
+/* Basic Settings */
+$conf['lang']        = '__YNH_LANGUAGE__';              //your language
+
 /* Authentication Settings */
 $conf['useacl']      = 1;                //Use Access Control Lists to restrict access?
 $conf['authtype']    = 'authldap';       //which authentication backend should be used
 $conf['passcrypt']   = 'sha1';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
-$conf['superuser']   = 'YNH_ADMIN_USER'; //The admin can be user or @group or comma separated list user1,@group1,user2
-$conf['manager']     = 'YNH_ADMIN_USER'; //The manager can be user or @group or comma separated list user1,@group1,user2
+$conf['superuser']   = '__YNH_ADMIN_USER__'; //The admin can be user or @group or comma separated list user1,@group1,user2
+$conf['manager']     = '__YNH_ADMIN_USER__'; //The manager can be user or @group or comma separated list user1,@group1,user2
 
 /* LDAP Yunohost config */
 $conf['plugin']['authldap']['server']      = 'localhost';
diff --git a/manifest.json b/manifest.json
index 09e7c18..ab8a83d 100644
--- a/manifest.json
+++ b/manifest.json
@@ -62,6 +62,15 @@
                     "fr": "Est-ce un site public ?"
                 },
                 "default": "true"
+            },
+            {
+                "name": "language",
+                "ask": {
+                    "en": "Choose the application language",
+                    "fr": "Choisissez la langue de l'application"
+                },
+                "choices": ["en", "fr"],
+                "default": "en"
             }
         ]
     }
diff --git a/scripts/install b/scripts/install
index b03f72f..aad856f 100755
--- a/scripts/install
+++ b/scripts/install
@@ -24,7 +24,7 @@ domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
 admin=$YNH_APP_ARG_ADMIN
 is_public=$YNH_APP_ARG_IS_PUBLIC
-#language=$YNH_APP_ARG_LANGUAGE
+language=$YNH_APP_ARG_LANGUAGE
 
 # This is a multi-instance app, meaning it can be installed several times independently
 # The id of the app as stated in the manifest is available as $YNH_APP_ID
@@ -61,7 +61,7 @@ ynh_app_setting_set $app domain $domain
 ynh_app_setting_set $app path $path_url
 ynh_app_setting_set $app admin $admin
 ynh_app_setting_set $app is_public $is_public
-#ynh_app_setting_set $app language $language
+ynh_app_setting_set $app language $language
 
 #=================================================
 # STANDARD MODIFICATIONS
@@ -97,26 +97,19 @@ ynh_add_fpm_config
 #=================================================
 # SPECIFIC SETUP
 #=================================================
-# ...
+# CUSTOMIZE DOKUWIKI
 #=================================================
 
-#=================================================
-# SETUP SYSTEMD
-#=================================================
+# Set the "language"
+ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
 
-# Create a dedicated systemd config
-ynh_add_systemd_config
-
-#=================================================
-# MODIFY A CONFIG FILE
-#=================================================
-
-# Set the "admin" user of Dokuwiki
-ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/local.php"
+# Set the "admin" user
+ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.php"
 
 # Copy Yunohost specific configuration
 sudo cp ../conf/local.php $final_path/conf
 
+
 # Restrict user rights by enforcing "read-only" mode for all users
 # See https://www.dokuwiki.org/acl#background_info
 # Default is "8"
@@ -128,6 +121,14 @@ sudo cp ../conf/acl.auth.php $final_path/conf
 
 # Calculate and store the config file checksum into the app settings
 #ynh_store_file_checksum "$final_path/conf/local.php"
+#=================================================
+
+#=================================================
+# SETUP SYSTEMD
+#=================================================
+
+# Create a dedicated systemd config
+ynh_add_systemd_config
 
 #=================================================
 # GENERIC FINALIZATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 3e78c5e..49a7614 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -19,6 +19,7 @@ domain=$(ynh_app_setting_get $app domain)
 path_url=$(ynh_app_setting_get $app path)
 admin=$(ynh_app_setting_get $app admin)
 is_public=$(ynh_app_setting_get $app is_public)
+language=$(ynh_app_setting_get $app language)
 final_path=$(ynh_app_setting_get $app final_path)
 
 #=================================================
@@ -47,6 +48,12 @@ if [ -z "$admin" ]; then
 	sudo ynh_app_setting_set $app is_public -v "$is_public"
 fi
 
+# language default value, if not set
+if [ -z "$language" ]; then
+	language='en'
+	ynh_app_setting_set $app language $language
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -106,8 +113,13 @@ if [ -d "${final_path}/data/media" ]; then
 	sudo chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
 fi
 
+# Set the "language" of Dokuwiki
+# Might overwrite user choice if language has been change directly in Dokuwiki admin panel
+# Should be enhance to avoid this. For now, it is easier to overwrite as there is no need to take care of existing configuration
+ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
+
 # Set the "admin" user of Dokuwiki
-ynh_replace_string "YNH_ADMIN_USER" "$admin" "../conf/local.php"
+ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.php"
 
 # Copy Yunohost specific configuration
 sudo cp ../conf/local.php $final_path/conf

From 83ac2d72cb06ea6c06165ab827a74e5a3e0008a1 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 17 Jun 2018 22:24:38 +0200
Subject: [PATCH 12/43] [enh] Update to "Greebo" 2018-04-22 hotfix a

---
 conf/app.src | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/app.src b/conf/app.src
index 5ff3053..e42acb7 100644
--- a/conf/app.src
+++ b/conf/app.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://download.dokuwiki.org/src/dokuwiki/dokuwiki-2017-02-19b.tgz
-SOURCE_SUM=ea11e4046319710a2bc6fdf58b5cda86
+SOURCE_URL=https://download.dokuwiki.org/src/dokuwiki/dokuwiki-2018-04-22a.tgz
+SOURCE_SUM=18765a29508f96f9882349a304bffc03
 SOURCE_SUM_PRG=md5sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true

From 77992636db368bb77692ff88892556f0db3cc47e Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 17 Jun 2018 13:54:39 +0200
Subject: [PATCH 13/43] change maintainer of package after asking to Opi

Add list of previous maintenairs to the manifest too
---
 manifest.json | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index ab8a83d..9893785 100644
--- a/manifest.json
+++ b/manifest.json
@@ -15,9 +15,16 @@
     "version": "1.1.0",
     "url": "https://www.dokuwiki.org",
     "maintainer": {
-        "name": "opi",
-        "email": "opi@zeropi.net"
+        "name": "Gofannon",
+        "email": "gofannon@riseup.net"
     },
+    "previous_maintainers": [
+    {
+        "name": "opi",
+        "email": "opi@zeropi.net",
+        "url": ""
+    }
+],
     "multi_instance": true,
     "services": [
         "nginx",

From 166efb950c9c772806a02f9bb5fc32fcc3264521 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 17 Jun 2018 14:03:09 +0200
Subject: [PATCH 14/43] [enh] Add licence of Dokuwiki software to manifest

---
 manifest.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index 9893785..1431a87 100644
--- a/manifest.json
+++ b/manifest.json
@@ -30,7 +30,7 @@
         "nginx",
         "php5-fpm"
     ],
-    "license": "free",
+    "license": "GPL-2.0-or-later",
     "arguments": {
         "install" : [
             {

From adc5f446a1f3ceb84131259147df4f3f85339dd9 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 17 Jun 2018 23:30:40 +0200
Subject: [PATCH 15/43] [enh] change version number

---
 manifest.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index 1431a87..7a44cce 100644
--- a/manifest.json
+++ b/manifest.json
@@ -12,7 +12,7 @@
         "es": "DokuWiki es un sistema de Wiki de uso sencillicimo y compatible con los estándares.",
         "it": "DokuWiki è un Wiki aderente agli standard, semplice da usare, finalizzato principalmente alla creazione di documentazione di qualsiasi tipo."
     },
-    "version": "1.1.0",
+    "version": "2018-04-22a~ynh1",
     "url": "https://www.dokuwiki.org",
     "maintainer": {
         "name": "Gofannon",

From 0651318860b6ffc78cc1ad04bd3c33cd828498e1 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 17 Jun 2018 23:31:57 +0200
Subject: [PATCH 16/43] [enh] cleaning by removing "sudo" in scripts

---
 scripts/install | 14 +++++++-------
 scripts/restore | 10 +++++-----
 scripts/upgrade | 18 +++++++++---------
 3 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/scripts/install b/scripts/install
index aad856f..b80f6b0 100755
--- a/scripts/install
+++ b/scripts/install
@@ -107,13 +107,13 @@ ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
 ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.php"
 
 # Copy Yunohost specific configuration
-sudo cp ../conf/local.php $final_path/conf
+cp ../conf/local.php $final_path/conf
 
 
 # Restrict user rights by enforcing "read-only" mode for all users
 # See https://www.dokuwiki.org/acl#background_info
 # Default is "8"
-sudo cp ../conf/acl.auth.php $final_path/conf
+cp ../conf/acl.auth.php $final_path/conf
 
 #=================================================
 # STORE THE CHECKSUM OF THE CONFIG FILE
@@ -140,11 +140,11 @@ ynh_add_systemd_config
 chown -R root: $final_path
 
 # except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions
-sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
-sudo chmod -R 700 $final_path/conf
-sudo chmod -R 700 $final_path/data
-sudo chmod -R 755 $final_path/lib/plugins
-sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
+chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
+chmod -R 700 $final_path/conf
+chmod -R 700 $final_path/data
+chmod -R 755 $final_path/lib/plugins
+chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
 
 #=================================================
 # SETUP LOGROTATE
diff --git a/scripts/restore b/scripts/restore
index 8b5a099..e8cf6e0 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -70,11 +70,11 @@ chown -R root: $final_path
 
 # Restore permissions same as from the 'install' script
 # except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions
-sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
-sudo chmod -R 700 $final_path/conf
-sudo chmod -R 700 $final_path/data
-sudo chmod -R 755 $final_path/lib/plugins
-sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
+chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
+chmod -R 700 $final_path/conf
+chmod -R 700 $final_path/data
+chmod -R 755 $final_path/lib/plugins
+chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 49a7614..6d14246 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -110,7 +110,7 @@ ynh_add_fpm_config
 
 # TODO Taken from old "upgrade" script. Should check if it is needed and what it does
 if [ -d "${final_path}/data/media" ]; then
-	sudo chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
+	chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
 fi
 
 # Set the "language" of Dokuwiki
@@ -122,16 +122,16 @@ ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
 ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.php"
 
 # Copy Yunohost specific configuration
-sudo cp ../conf/local.php $final_path/conf
+cp ../conf/local.php $final_path/conf
 
 # Do not override ACL configuration file
 if [ ! -f "$final_path/conf/acl.auth.php" ]; then
-	sudo cp ../conf/acl.auth.php $final_path/conf
+	cp ../conf/acl.auth.php $final_path/conf
 fi
 
 # Remove upgrade notification
 # See https://www.dokuwiki.org/update_check
-sudo touch $final_path/doku.php
+touch $final_path/doku.php
 
 # Remove deleted files
 # See https://www.dokuwiki.org/install:unused_files
@@ -185,11 +185,11 @@ chown -R root: $final_path
 # Install script :
 #sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
 
-sudo chown -R $app:root $final_path/{conf,data,lib/plugins,lib/tpl}
-sudo chmod -R 700 $final_path/conf
-sudo chmod -R 700 $final_path/data
-sudo chmod -R 755 $final_path/lib/plugins
-sudo chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
+chown -R $app:root $final_path/{conf,data,lib/plugins,lib/tpl}
+chmod -R 700 $final_path/conf
+chmod -R 700 $final_path/data
+chmod -R 755 $final_path/lib/plugins
+chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
 
 
 #=================================================

From 6f12b387c9791c8ab16e74952c10f7b3a78feeb3 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Mon, 18 Jun 2018 00:13:02 +0200
Subject: [PATCH 17/43] [fix] Disable "systemd" setup as it does not work

I cannot make it work so I disable it
---
 scripts/backup  | 2 +-
 scripts/install | 2 +-
 scripts/remove  | 2 +-
 scripts/restore | 4 ++--
 scripts/upgrade | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/scripts/backup b/scripts/backup
index 45e56bc..eb59af8 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -65,5 +65,5 @@ ynh_backup "/etc/logrotate.d/$app"
 # BACKUP SYSTEMD
 #=================================================
 
-ynh_backup "/etc/systemd/system/$app.service"
+#ynh_backup "/etc/systemd/system/$app.service"
 
diff --git a/scripts/install b/scripts/install
index b80f6b0..a2da9bd 100755
--- a/scripts/install
+++ b/scripts/install
@@ -128,7 +128,7 @@ cp ../conf/acl.auth.php $final_path/conf
 #=================================================
 
 # Create a dedicated systemd config
-ynh_add_systemd_config
+#ynh_add_systemd_config
 
 #=================================================
 # GENERIC FINALIZATION
diff --git a/scripts/remove b/scripts/remove
index 37020cb..594a5aa 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -25,7 +25,7 @@ final_path=$(ynh_app_setting_get $app final_path)
 #=================================================
 
 # Remove the dedicated systemd config
-ynh_remove_systemd_config
+#ynh_remove_systemd_config
 
 #=================================================
 # REMOVE SERVICE FROM ADMIN PANEL
diff --git a/scripts/restore b/scripts/restore
index e8cf6e0..16f1e97 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -95,8 +95,8 @@ yunohost service add $app --log "/var/log/$app/$app.log"
 # RESTORE SYSTEMD
 #=================================================
 
-ynh_restore_file "/etc/systemd/system/$app.service"
-systemctl enable $app.service
+#ynh_restore_file "/etc/systemd/system/$app.service"
+#systemctl enable $app.service
 
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 6d14246..fb4edf5 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -169,7 +169,7 @@ ynh_use_logrotate --non-append
 #=================================================
 
 # Create a dedicated systemd config
-ynh_add_systemd_config
+#ynh_add_systemd_config
 
 #=================================================
 # GENERIC FINALIZATION

From 1d1f0bf8c6205ef9c065aedbf7511985acf16e06 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Mon, 18 Jun 2018 00:16:06 +0200
Subject: [PATCH 18/43] [fix] Correct the removal of old files

---
 scripts/upgrade | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index fb4edf5..f779776 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -133,10 +133,23 @@ fi
 # See https://www.dokuwiki.org/update_check
 touch $final_path/doku.php
 
-# Remove deleted files
+# Remove files not used anymore after upgrade
 # See https://www.dokuwiki.org/install:unused_files
-if [ -f "../sources/data/deleted.files" ]; then
-	grep -Ev '^($|#)' ../sources/data/deleted.files | xargs -I {} sudo rm -vrf $final_path/{}
+if [ -f "$final_path/data/deleted.files" ]; then
+	# Move to the dokuwiki installation folder so the "official" commands can be used without adaptation
+	cd $final_path
+
+	# This command could not remove directory
+	#grep -Ev '^($|#)' data/deleted.files | xargs -n 1 rm -vf
+	# => "rm: cannot remove 'vendor/easybook/geshi': Is a directory"
+
+	# That one works as expected
+	grep -Ev '^($|#)' data/deleted.files | xargs -n 1 rm -fr
+
+	# bash "hack" to move back to the location user was before the last cd made
+	# See http://winterdrake.com/unixlinux-trick-cd-back-to-the-previous-directory/
+	# Should be the script folder of the package
+	cd -
 fi
 
 # Update all plugins

From c7261fb714738adc6ad452a6646d14e1017d7e52 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Tue, 26 Jun 2018 23:57:01 +0200
Subject: [PATCH 19/43] [enh] move 'systemd' config as not needed

See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37
---
 conf/systemd.service | 13 -------------
 scripts/backup       |  5 -----
 scripts/install      | 15 ---------------
 scripts/remove       | 15 ---------------
 scripts/restore      | 11 -----------
 scripts/upgrade      |  6 ------
 6 files changed, 65 deletions(-)
 delete mode 100644 conf/systemd.service

diff --git a/conf/systemd.service b/conf/systemd.service
deleted file mode 100644
index 76cdf64..0000000
--- a/conf/systemd.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Small description of the service
-After=network.target
-
-[Service]
-Type=simple
-User=__APP__
-Group=__APP__
-WorkingDirectory=__FINALPATH__/
-ExecStart=__FINALPATH__/script >> /var/log/__APP__/__APP__.log 2>&1
-
-[Install]
-WantedBy=multi-user.target
diff --git a/scripts/backup b/scripts/backup
index eb59af8..ce7f7b1 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -61,9 +61,4 @@ ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini"
 
 ynh_backup "/etc/logrotate.d/$app"
 
-#=================================================
-# BACKUP SYSTEMD
-#=================================================
-
-#ynh_backup "/etc/systemd/system/$app.service"
 
diff --git a/scripts/install b/scripts/install
index a2da9bd..47961c3 100755
--- a/scripts/install
+++ b/scripts/install
@@ -123,13 +123,6 @@ cp ../conf/acl.auth.php $final_path/conf
 #ynh_store_file_checksum "$final_path/conf/local.php"
 #=================================================
 
-#=================================================
-# SETUP SYSTEMD
-#=================================================
-
-# Create a dedicated systemd config
-#ynh_add_systemd_config
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -153,14 +146,6 @@ chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate
 
-#=================================================
-# ADVERTISE SERVICE IN ADMIN PANEL
-#=================================================
-
-#yunohost service add NAME_INIT.D --log "/var/log/FILE.log"
-yunohost service add "$app" --log "/var/log/$app/$app.log"
-
-#=================================================
 # SETUP SSOWAT
 #=================================================
 
diff --git a/scripts/remove b/scripts/remove
index 594a5aa..682dfea 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -21,21 +21,6 @@ final_path=$(ynh_app_setting_get $app final_path)
 #=================================================
 # STANDARD REMOVE
 #=================================================
-# STOP AND REMOVE SERVICE
-#=================================================
-
-# Remove the dedicated systemd config
-#ynh_remove_systemd_config
-
-#=================================================
-# REMOVE SERVICE FROM ADMIN PANEL
-#=================================================
-
-if yunohost service status | grep -q $app
-then
-	echo "Remove $app service"
-	yunohost service remove $app
-fi
 
 #=================================================
 # REMOVE APP MAIN DIR
diff --git a/scripts/restore b/scripts/restore
index 16f1e97..63503cc 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -86,17 +86,6 @@ ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini"
 #=================================================
 # SPECIFIC RESTORATION
 #=================================================
-# ADVERTISE SERVICE IN ADMIN PANEL
-#=================================================
-
-yunohost service add $app --log "/var/log/$app/$app.log"
-
-#=================================================
-# RESTORE SYSTEMD
-#=================================================
-
-#ynh_restore_file "/etc/systemd/system/$app.service"
-#systemctl enable $app.service
 
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index f779776..a485bf4 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -177,12 +177,6 @@ ynh_store_file_checksum "$final_path/conf/local.php"
 # Use logrotate to manage app-specific logfile(s)
 ynh_use_logrotate --non-append
 
-#=================================================
-# SETUP SYSTEMD
-#=================================================
-
-# Create a dedicated systemd config
-#ynh_add_systemd_config
 
 #=================================================
 # GENERIC FINALIZATION

From 83aac4438b103ef41fb901f4596eb71a6d7937b8 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Wed, 27 Jun 2018 00:02:25 +0200
Subject: [PATCH 20/43] [enh] Remove 'logrotate' config as not needed

See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37
---
 scripts/backup  | 5 -----
 scripts/install | 6 ------
 scripts/remove  | 7 -------
 scripts/restore | 4 ----
 scripts/upgrade | 7 -------
 5 files changed, 29 deletions(-)

diff --git a/scripts/backup b/scripts/backup
index ce7f7b1..95f8839 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -56,9 +56,4 @@ ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini"
 #=================================================
 # SPECIFIC BACKUP
 #=================================================
-# BACKUP LOGROTATE
-#=================================================
-
-ynh_backup "/etc/logrotate.d/$app"
-
 
diff --git a/scripts/install b/scripts/install
index 47961c3..7d94d17 100755
--- a/scripts/install
+++ b/scripts/install
@@ -140,12 +140,6 @@ chmod -R 755 $final_path/lib/plugins
 chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
 
 #=================================================
-# SETUP LOGROTATE
-#=================================================
-
-# Use logrotate to manage application logfile(s)
-ynh_use_logrotate
-
 # SETUP SSOWAT
 #=================================================
 
diff --git a/scripts/remove b/scripts/remove
index 682dfea..e66c7f8 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -43,13 +43,6 @@ ynh_remove_nginx_config
 # Remove the dedicated php-fpm config
 ynh_remove_fpm_config
 
-#=================================================
-# REMOVE LOGROTATE CONFIGURATION
-#=================================================
-
-# Remove the app-specific logrotate config
-ynh_remove_logrotate
-
 #=================================================
 # SPECIFIC REMOVE
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 63503cc..effa38b 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -87,11 +87,7 @@ ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini"
 # SPECIFIC RESTORATION
 #=================================================
 
-#=================================================
-# RESTORE THE LOGROTATE CONFIGURATION
-#=================================================
 
-ynh_restore_file "/etc/logrotate.d/$app"
 
 #=================================================
 # GENERIC FINALIZATION
diff --git a/scripts/upgrade b/scripts/upgrade
index a485bf4..2b0789c 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -170,13 +170,6 @@ ynh_backup_if_checksum_is_different "$final_path/conf/local.php"
 # Recalculate and store the config file checksum into the app settings
 ynh_store_file_checksum "$final_path/conf/local.php"
 
-#=================================================
-# SETUP LOGROTATE
-#=================================================
-
-# Use logrotate to manage app-specific logfile(s)
-ynh_use_logrotate --non-append
-
 
 #=================================================
 # GENERIC FINALIZATION

From 5716fb16867a34e79a65adc6f449af5f5f5d2ee2 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Wed, 27 Jun 2018 19:23:33 +0200
Subject: [PATCH 21/43] [enh] Optimization + fix typos + add comments

---
 scripts/upgrade | 40 +++++++++++++++++++++-------------------
 1 file changed, 21 insertions(+), 19 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 2b0789c..c2376bd 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -124,43 +124,45 @@ ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.php"
 # Copy Yunohost specific configuration
 cp ../conf/local.php $final_path/conf
 
-# Do not override ACL configuration file
+# Do not overwrite existing ACL configuration file as it could have user customization's and settings.
+# Create file if it does not exist
+# See https://www.dokuwiki.org/acl#background_info
 if [ ! -f "$final_path/conf/acl.auth.php" ]; then
 	cp ../conf/acl.auth.php $final_path/conf
 fi
 
-# Remove upgrade notification
+# Remove upgrade notification inside Dokuwiki's admin panel
 # See https://www.dokuwiki.org/update_check
 touch $final_path/doku.php
 
 # Remove files not used anymore after upgrade
 # See https://www.dokuwiki.org/install:unused_files
 if [ -f "$final_path/data/deleted.files" ]; then
-	# Move to the dokuwiki installation folder so the "official" commands can be used without adaptation
-	cd $final_path
 
-	# This command could not remove directory
-	#grep -Ev '^($|#)' data/deleted.files | xargs -n 1 rm -vf
-	# => "rm: cannot remove 'vendor/easybook/geshi': Is a directory"
+	# Use a "sub process" to start a new shell to run these commands
+	# Allow to use only one "cd" and to be more efficent
+	(
+		# Move to the dokuwiki installation folder so the "official" commands can be used without adaptation
+		cd $final_path
 
-	# That one works as expected
-	grep -Ev '^($|#)' data/deleted.files | xargs -n 1 rm -fr
+		# This command could not remove directory
+		#grep -Ev '^($|#)' data/deleted.files | xargs -n 1 rm -vf
+		# => "rm: cannot remove 'vendor/easybook/geshi': Is a directory"
 
-	# bash "hack" to move back to the location user was before the last cd made
-	# See http://winterdrake.com/unixlinux-trick-cd-back-to-the-previous-directory/
-	# Should be the script folder of the package
-	cd -
+		# That one works as expected
+		grep -Ev '^($|#)' data/deleted.files | xargs -n 1 rm -fr
+	)
 fi
 
 # Update all plugins
 for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F':' '{print $3}');
 do
-		# Get a official plugin for dokuwiki, not update a no-official
-		sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true
-		if [ -s "${name_plugin}.zip" ]; then
-			sudo unzip ${name_plugin}.zip
-			sudo cp -a splitbrain-dokuwiki-plugin-${name_plugin}*/. "${final_path}/lib/plugins/${name_plugin}/"
-		fi
+	# Get a official plugin for dokuwiki, not update a no-official
+	sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true
+	if [ -s "${name_plugin}.zip" ]; then
+		sudo unzip ${name_plugin}.zip
+		sudo cp -a splitbrain-dokuwiki-plugin-${name_plugin}*/. "${final_path}/lib/plugins/${name_plugin}/"
+	fi
 done
 
 #=================================================

From c25787db1ea9b40b06dc3a644fd654dca46056f1 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Wed, 27 Jun 2018 23:12:30 +0200
Subject: [PATCH 22/43] [enh] Split configuration in different files

Separate dedicated Yunohost configuration in a new file that cannot be modified by user
Adapt scripts to handle new files

See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37
---
 conf/local.php           | 21 ---------------------
 conf/local.protected.php | 33 +++++++++++++++++++++++++++++++++
 scripts/install          | 14 +++++++++++---
 scripts/upgrade          | 24 +++++++++++++++++-------
 4 files changed, 61 insertions(+), 31 deletions(-)
 create mode 100644 conf/local.protected.php

diff --git a/conf/local.php b/conf/local.php
index bd02233..cfa5cd6 100644
--- a/conf/local.php
+++ b/conf/local.php
@@ -11,24 +11,3 @@
 
 /* Basic Settings */
 $conf['lang']        = '__YNH_LANGUAGE__';              //your language
-
-/* Authentication Settings */
-$conf['useacl']      = 1;                //Use Access Control Lists to restrict access?
-$conf['authtype']    = 'authldap';       //which authentication backend should be used
-$conf['passcrypt']   = 'sha1';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
-$conf['superuser']   = '__YNH_ADMIN_USER__'; //The admin can be user or @group or comma separated list user1,@group1,user2
-$conf['manager']     = '__YNH_ADMIN_USER__'; //The manager can be user or @group or comma separated list user1,@group1,user2
-
-/* LDAP Yunohost config */
-$conf['plugin']['authldap']['server']      = 'localhost';
-$conf['plugin']['authldap']['port']        = 389;
-$conf['plugin']['authldap']['version']     = 3;
-$conf['plugin']['authldap']['usertree']    = 'ou=users,dc=yunohost,dc=org';
-$conf['plugin']['authldap']['userfilter']  = '(&(uid=%{user})(objectClass=posixAccount))';
-# no groups
-#$conf['plugin']['authldap']['grouptree']   = 'ou=Group, dc=server, dc=tld';
-#$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; 
-
-/* Advanced Settings */
-$conf['updatecheck'] = 0;                //automatically check for new releases?
-$conf['cssdatauri']  = 512;              //Maximum byte size of small images to embed into CSS, won't work on IE<8
diff --git a/conf/local.protected.php b/conf/local.protected.php
new file mode 100644
index 0000000..f1b27c4
--- /dev/null
+++ b/conf/local.protected.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * This file is used for configuration settings which cannot be modified by Dokuwiki admin panel
+ * See here for explanations : https://www.dokuwiki.org/config
+ * 
+ * Yunohost dedicated settings are stored here in order to be able to upgrade the Yunohost package safely latter for Yunohost packager ( Yeah \o/ )
+ *
+ * You should not modify this file direclty as it will be overwritten by Yunohost package
+ * Use "local.php" instead. You have been warned !
+ */
+
+
+/* Authentication Settings */
+$conf['useacl']      = 1;                //Use Access Control Lists to restrict access?
+$conf['authtype']    = 'authldap';       //which authentication backend should be used
+$conf['passcrypt']   = 'sha1';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
+$conf['superuser']   = '__YNH_ADMIN_USER__'; //The admin can be user or @group or comma separated list user1,@group1,user2
+$conf['manager']     = '__YNH_ADMIN_USER__'; //The manager can be user or @group or comma separated list user1,@group1,user2
+
+/* LDAP Yunohost config */
+$conf['plugin']['authldap']['server']      = 'localhost';
+$conf['plugin']['authldap']['port']        = 389;
+$conf['plugin']['authldap']['version']     = 3;
+$conf['plugin']['authldap']['usertree']    = 'ou=users,dc=yunohost,dc=org';
+$conf['plugin']['authldap']['userfilter']  = '(&(uid=%{user})(objectClass=posixAccount))';
+# no groups
+#$conf['plugin']['authldap']['grouptree']   = 'ou=Group, dc=server, dc=tld';
+#$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; 
+
+/* Advanced Settings */
+$conf['updatecheck'] = 0;                //automatically check for new releases?
+// Taken from previous package. Don't know what it does. Maybe Yunohost corner logo ?
+$conf['cssdatauri']  = 512;              //Maximum byte size of small images to embed into CSS, won't work on IE<8
diff --git a/scripts/install b/scripts/install
index 7d94d17..bc7680e 100755
--- a/scripts/install
+++ b/scripts/install
@@ -100,14 +100,22 @@ ynh_add_fpm_config
 # CUSTOMIZE DOKUWIKI
 #=================================================
 
+# Set the "admin" user
+ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "../conf/local.protected.php"
+
 # Set the "language"
 ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
 
-# Set the "admin" user
-ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.php"
 
 # Copy Yunohost specific configuration
-cp ../conf/local.php $final_path/conf
+
+cp ../conf/local.protected.php $final_path/conf
+# This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
+# It will only be updated by Yunohost package or directly by adventurous users
+
+cp ../conf/local.php           $final_path/conf
+# This file might be modified by dokuwiki admin panel or by plugins
+# It will not be modified by Yunohost in order to keep user settings
 
 
 # Restrict user rights by enforcing "read-only" mode for all users
diff --git a/scripts/upgrade b/scripts/upgrade
index c2376bd..fae795f 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -113,16 +113,26 @@ if [ -d "${final_path}/data/media" ]; then
 	chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
 fi
 
-# Set the "language" of Dokuwiki
-# Might overwrite user choice if language has been change directly in Dokuwiki admin panel
-# Should be enhance to avoid this. For now, it is easier to overwrite as there is no need to take care of existing configuration
-ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
+# Set the "admin" user
+ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "../conf/local.protected.php"
 
-# Set the "admin" user of Dokuwiki
-ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.php"
 
 # Copy Yunohost specific configuration
-cp ../conf/local.php $final_path/conf
+
+cp ../conf/local.protected.php $final_path/conf
+# This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
+# It will only be updated by Yunohost package or directly by adventurous users
+
+# Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
+# Create file if it does not exist
+if [ ! -f "$final_path/conf/local.php" ]; then
+
+	# Set the default "language" only when file does not exist beforehand
+	# Replace string in order to have a functionnal configuration file
+	ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
+
+	cp ../conf/local.php $final_path/conf
+fi
 
 # Do not overwrite existing ACL configuration file as it could have user customization's and settings.
 # Create file if it does not exist

From 39e8ccdf8b0e84b6cf7d297d453520478537a111 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Wed, 27 Jun 2018 23:51:40 +0200
Subject: [PATCH 23/43] [enh] Use "ynh_backup_if_checksum_is_different"

Use helper during upgrade to change config dedicated to Yunohost
Do not use for files that can be modified by dokuwiki users and admin

See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37
---
 scripts/install |  4 +++-
 scripts/upgrade | 13 ++++++-------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/scripts/install b/scripts/install
index bc7680e..06e803c 100755
--- a/scripts/install
+++ b/scripts/install
@@ -128,7 +128,9 @@ cp ../conf/acl.auth.php $final_path/conf
 #=================================================
 
 # Calculate and store the config file checksum into the app settings
-#ynh_store_file_checksum "$final_path/conf/local.php"
+ynh_store_file_checksum "$final_path/conf/local.protected.php"
+ynh_store_file_checksum "$final_path/conf/local.php"
+ynh_store_file_checksum "$final_path/conf/acl.auth.php"
 #=================================================
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index fae795f..79a593a 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -113,18 +113,16 @@ if [ -d "${final_path}/data/media" ]; then
 	chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
 fi
 
-# Set the "admin" user
+# Set the "admin" user if not done during installation
+# Do nothing otherwize
 ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "../conf/local.protected.php"
 
 
 # Copy Yunohost specific configuration
 
-cp ../conf/local.protected.php $final_path/conf
-# This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
-# It will only be updated by Yunohost package or directly by adventurous users
-
 # Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
 # Create file if it does not exist
+# Cannot use helper "ynh_backup_if_checksum_is_different"
 if [ ! -f "$final_path/conf/local.php" ]; then
 
 	# Set the default "language" only when file does not exist beforehand
@@ -137,6 +135,7 @@ fi
 # Do not overwrite existing ACL configuration file as it could have user customization's and settings.
 # Create file if it does not exist
 # See https://www.dokuwiki.org/acl#background_info
+# Cannot use helper "ynh_backup_if_checksum_is_different"
 if [ ! -f "$final_path/conf/acl.auth.php" ]; then
 	cp ../conf/acl.auth.php $final_path/conf
 fi
@@ -178,9 +177,9 @@ done
 #=================================================
 
 # Verify the checksum and backup the file if it's different
-ynh_backup_if_checksum_is_different "$final_path/conf/local.php"
+ynh_backup_if_checksum_is_different "$final_path/conf/local.protected.php"
 # Recalculate and store the config file checksum into the app settings
-ynh_store_file_checksum "$final_path/conf/local.php"
+ynh_store_file_checksum "$final_path/conf/local.protected.php"
 
 
 #=================================================

From 06c2ca7ab3ef25cd3798319c89e53295efcddcf4 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Thu, 28 Jun 2018 00:21:12 +0200
Subject: [PATCH 24/43] [enh] Optimization by removing useless step

See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37
---
 scripts/install | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/scripts/install b/scripts/install
index 06e803c..0989d1a 100755
--- a/scripts/install
+++ b/scripts/install
@@ -153,10 +153,14 @@ chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
 # SETUP SSOWAT
 #=================================================
 
-if [ $is_public -eq 0 ]
-then	# Remove the public access
-	ynh_app_setting_delete $app skipped_uris
-fi
+# Not needed as no skipped_uris have been added before.
+# Example : "ynh_app_setting_set $app skipped_uris ..."
+# See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37 for explanation
+#if [ $is_public -eq 0 ]
+#then	# Remove the public access
+#	ynh_app_setting_delete $app skipped_uris
+#fi
+
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then

From c9e64c957317ebf0cf76cca8427d9138e6266163 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Thu, 28 Jun 2018 00:22:02 +0200
Subject: [PATCH 25/43] [enh] Cleaning

---
 scripts/backup  | 2 --
 scripts/remove  | 2 --
 scripts/upgrade | 8 --------
 3 files changed, 12 deletions(-)

diff --git a/scripts/backup b/scripts/backup
index 95f8839..942bf2c 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -36,8 +36,6 @@ domain=$(ynh_app_setting_get $app domain)
 # BACKUP THE APP MAIN DIR
 #=================================================
 
-# TODO taken from old "backup" script
-#ynh_backup "$final_path" "sources" 1
 ynh_backup "$final_path"
 
 #=================================================
diff --git a/scripts/remove b/scripts/remove
index e66c7f8..f453065 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -47,8 +47,6 @@ ynh_remove_fpm_config
 # SPECIFIC REMOVE
 #=================================================
 
-# Remove the log files
-ynh_secure_remove "/var/log/$app/"
 
 #=================================================
 # GENERIC FINALIZATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 79a593a..952d3be 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -218,16 +218,8 @@ then
 	ynh_app_setting_set $app unprotected_uris "/"
 fi
 
-# TODO: Still needed ??
-#if [ "$is_public" = "Yes" ];
-#then
-#	sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf
-#fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================
 
 systemctl reload nginx
-# TODO
-#sudo yunohost app ssowatconf

From c78b5c966a1b0a1345b7411780b33f9c38d21b21 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Thu, 28 Jun 2018 23:56:55 +0200
Subject: [PATCH 26/43] [fix] Fix upgrade process from existing install

Handle case where file added by previous commit was not present on existing install
---
 scripts/install | 10 ++++++
 scripts/upgrade | 82 ++++++++++++++++++++++++++++++++-----------------
 2 files changed, 63 insertions(+), 29 deletions(-)

diff --git a/scripts/install b/scripts/install
index 0989d1a..813681a 100755
--- a/scripts/install
+++ b/scripts/install
@@ -109,6 +109,16 @@ ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
 
 # Copy Yunohost specific configuration
 
+# Loading order of configuration files
+#
+# By default DokuWiki loads its configuration files in the following order:
+# 
+# 1. conf/dokuwiki.php
+# 2. conf/local.php
+# 3. conf/local.protected.php
+#
+# See https://www.dokuwiki.org/plugin:config#protecting_settings
+
 cp ../conf/local.protected.php $final_path/conf
 # This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
 # It will only be updated by Yunohost package or directly by adventurous users
diff --git a/scripts/upgrade b/scripts/upgrade
index 952d3be..e78c066 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -19,7 +19,8 @@ domain=$(ynh_app_setting_get $app domain)
 path_url=$(ynh_app_setting_get $app path)
 admin=$(ynh_app_setting_get $app admin)
 is_public=$(ynh_app_setting_get $app is_public)
-language=$(ynh_app_setting_get $app language)
+# Not needed during upgrade as user might have change it since installation from Dokuwiki admin panel
+#language=$(ynh_app_setting_get $app language)
 final_path=$(ynh_app_setting_get $app final_path)
 
 #=================================================
@@ -54,6 +55,52 @@ if [ -z "$language" ]; then
 	ynh_app_setting_set $app language $language
 fi
 
+
+# Yunohost specific configuration, if not exists
+
+# Previously, these settings were store a unique "dokuwiki.php"
+# Now, they are split in multiples files to ease upgrading process (separate Yunohost config from user config)
+
+# Loading order of configuration files
+#
+# By default DokuWiki loads its configuration files in the following order:
+# 
+# 1. conf/dokuwiki.php
+# 2. conf/local.php
+# 3. conf/local.protected.php
+#
+# See https://www.dokuwiki.org/plugin:config#protecting_settings
+
+
+# Configuration dedicated to Yunohost (LDAP and admin mainly)
+# Create file if it does not exist
+if [ ! -f "$final_path/conf/local.protected.php" ]; then
+	# Set the default "admin"
+	# Replace string in order to have a functionnal configuration file
+	ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
+
+	cp ../conf/local.protected.php $final_path/conf
+fi
+
+# Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
+# Cannot use helper "ynh_backup_if_checksum_is_different"
+# Create file if it does not exist
+if [ ! -f "$final_path/conf/local.php" ]; then
+	# Set the default "language" only when file does not exist beforehand
+	# Replace string in order to have a functionnal configuration file
+	ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
+
+	cp ../conf/local.php $final_path/conf
+fi
+
+# Do not overwrite existing ACL configuration file as it could have user customization's and settings.
+# Cannot use helper "ynh_backup_if_checksum_is_different"
+# Create file if it does not exist
+# See https://www.dokuwiki.org/acl#background_info
+if [ ! -f "$final_path/conf/acl.auth.php" ]; then
+	cp ../conf/acl.auth.php $final_path/conf
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -113,33 +160,6 @@ if [ -d "${final_path}/data/media" ]; then
 	chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
 fi
 
-# Set the "admin" user if not done during installation
-# Do nothing otherwize
-ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "../conf/local.protected.php"
-
-
-# Copy Yunohost specific configuration
-
-# Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
-# Create file if it does not exist
-# Cannot use helper "ynh_backup_if_checksum_is_different"
-if [ ! -f "$final_path/conf/local.php" ]; then
-
-	# Set the default "language" only when file does not exist beforehand
-	# Replace string in order to have a functionnal configuration file
-	ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
-
-	cp ../conf/local.php $final_path/conf
-fi
-
-# Do not overwrite existing ACL configuration file as it could have user customization's and settings.
-# Create file if it does not exist
-# See https://www.dokuwiki.org/acl#background_info
-# Cannot use helper "ynh_backup_if_checksum_is_different"
-if [ ! -f "$final_path/conf/acl.auth.php" ]; then
-	cp ../conf/acl.auth.php $final_path/conf
-fi
-
 # Remove upgrade notification inside Dokuwiki's admin panel
 # See https://www.dokuwiki.org/update_check
 touch $final_path/doku.php
@@ -176,8 +196,12 @@ done
 
 #=================================================
 
-# Verify the checksum and backup the file if it's different
+# Verify if existing file needs to be upgraded by comparing it's size to new file from package
+# If different, do a backup of existing file and overwrite with new file
+# 
+# Safe here as this file is only used by Yunohost. Dokuwiki cannot modified it.
 ynh_backup_if_checksum_is_different "$final_path/conf/local.protected.php"
+
 # Recalculate and store the config file checksum into the app settings
 ynh_store_file_checksum "$final_path/conf/local.protected.php"
 

From 196af58477886dc0db0bde1dddd7029131916f59 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sat, 7 Jul 2018 18:24:51 +0200
Subject: [PATCH 27/43] [enh] during 'upgrade', copy LDAP config

See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37#discussion_r200142881
---
 scripts/upgrade | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index e78c066..24c33aa 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -196,16 +196,26 @@ done
 
 #=================================================
 
+#=================================================
+# LDAP Configuration
+#=================================================
+
 # Verify if existing file needs to be upgraded by comparing it's size to new file from package
 # If different, do a backup of existing file and overwrite with new file
-# 
+#
 # Safe here as this file is only used by Yunohost. Dokuwiki cannot modified it.
 ynh_backup_if_checksum_is_different "$final_path/conf/local.protected.php"
 
+# Set the "admin" user
+ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "../conf/local.protected.php"
+
+cp ../conf/local.protected.php $final_path/conf
+# This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
+# It will only be updated by Yunohost package or directly by adventurous users
+
 # Recalculate and store the config file checksum into the app settings
 ynh_store_file_checksum "$final_path/conf/local.protected.php"
 
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

From 1ee015bd50e08c27d7cbaa74baa8d8e432939e4a Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 8 Jul 2018 00:04:33 +0200
Subject: [PATCH 28/43] [enh] rework linux permissions

---
 conf/plugins.local.php |  8 +++++
 scripts/install        | 65 ++++++++++++++++++++++++++++-----
 scripts/upgrade        | 81 +++++++++++++++++++++++++++++++++---------
 3 files changed, 130 insertions(+), 24 deletions(-)
 create mode 100644 conf/plugins.local.php

diff --git a/conf/plugins.local.php b/conf/plugins.local.php
new file mode 100644
index 0000000..4f256a9
--- /dev/null
+++ b/conf/plugins.local.php
@@ -0,0 +1,8 @@
+<?php
+/*
+ * Local plugin enable/disable settings
+ * Auto-generated through plugin/extension manager
+ *
+ * NOTE: Plugins will not be added to this file unless there is a need to override a default setting. Plugins are
+ *       enabled by default.
+ */
diff --git a/scripts/install b/scripts/install
index 813681a..63ab4f2 100755
--- a/scripts/install
+++ b/scripts/install
@@ -112,7 +112,7 @@ ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
 # Loading order of configuration files
 #
 # By default DokuWiki loads its configuration files in the following order:
-# 
+#
 # 1. conf/dokuwiki.php
 # 2. conf/local.php
 # 3. conf/local.protected.php
@@ -133,6 +133,33 @@ cp ../conf/local.php           $final_path/conf
 # Default is "8"
 cp ../conf/acl.auth.php $final_path/conf
 
+#=================================================
+# CREATE DEFAULT FILES
+#=================================================
+
+# For securing DokuWiki installation, create default files that will be writable in the "conf" folder.
+# Other files will be read ony and owned by root.
+# See https://www.dokuwiki.org/install:permissions
+
+
+cp $final_path/conf/local.php.dist      $final_path/conf/local.php.bak
+cp $final_path/conf/users.auth.php.dist $final_path/conf/users.auth.php
+
+# There is no template .dist provided inside DokuWiki installation folder
+# Create "empty" files to be able to manage linux permissions
+# Files content is taken from an existing DokuWiki installation
+cp ../conf/plugins.local.php            $final_path/conf
+cp ../conf/plugins.local.php            $final_path/conf/plugins.local.php.bak
+
+# Create file if it does not exist
+if [ ! -f "$final_path/conf/local.protected.php" ]; then
+	# Set the default "admin"
+	# Replace string in order to have a functionnal configuration file
+	ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
+
+	cp ../conf/local.protected.php $final_path/conf
+fi
+
 #=================================================
 # STORE THE CHECKSUM OF THE CONFIG FILE
 #=================================================
@@ -149,15 +176,37 @@ ynh_store_file_checksum "$final_path/conf/acl.auth.php"
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Files owned by dokuwiki can just read
+# Try to use "least privilege" to grant minimal access
+# For details, see https://www.dokuwiki.org/install:permissions
+
+# Files owned by DokuWiki can just read
 chown -R root: $final_path
 
-# except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions
-chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
-chmod -R 700 $final_path/conf
-chmod -R 700 $final_path/data
-chmod -R 755 $final_path/lib/plugins
-chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
+# DokuWiki needs to write inside the "conf" folder. Do "DokuWiki" owner of the folder.
+chown $app:root $final_path/conf
+
+# Do "DokuWiki" owner of onfiguration files that must be writable
+chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
+# Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
+# There are only files in the folder and there is sublevels. No need to use "find"
+chmod -R a+r $final_path/conf
+
+# Give write access to "data" and subfolders
+chown -R $app:root $final_path/data
+# Remove access to "other"
+chmod -R o-rwx $final_path/data
+
+# Allow the web admin panel to run, aka "Extension Manager"
+chown -R $app:root $final_path/lib/plugins
+# Allow to install templates
+chown -R $app:root $final_path/lib/tpl
+
+# Allow access to public assets like style sheets
+find $final_path/lib -type f -print0 | xargs -0 chmod 0644
+find $final_path/lib -type d -print0 | xargs -0 chmod 0755
+# Using "find" instead of "chmod -R 755" so files does not become executable too
+# chmod :   -rwxr-xr-x  1 root root  241 May  3 08:36 index.html   => BAD
+# find  :   -rw-r--r--  1 1001 1002  241 May  3 08:36 index.html   => GOOD
 
 #=================================================
 # SETUP SSOWAT
diff --git a/scripts/upgrade b/scripts/upgrade
index 24c33aa..af12f47 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -64,7 +64,7 @@ fi
 # Loading order of configuration files
 #
 # By default DokuWiki loads its configuration files in the following order:
-# 
+#
 # 1. conf/dokuwiki.php
 # 2. conf/local.php
 # 3. conf/local.protected.php
@@ -101,6 +101,42 @@ if [ ! -f "$final_path/conf/acl.auth.php" ]; then
 	cp ../conf/acl.auth.php $final_path/conf
 fi
 
+# For securing DokuWiki installation, create default files that will be writable in the "conf" folder.
+# Other files will be read ony and owned by root.
+# See https://www.dokuwiki.org/install:permissions
+
+# Create file if it does not exist
+if [ ! -f "$final_path/conf/local.protected.php" ]; then
+	# Set the default "admin"
+	# Replace string in order to have a functionnal configuration file
+	ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
+
+	cp ../conf/local.protected.php $final_path/conf
+fi
+
+# If file does not exists
+if [ ! -f "$final_path/conf/local.php.bak" ]; then
+	# if template exists
+	if [ -f "$final_path/conf/local.php.dist" ]; then
+		# Copy template to create default file
+		cp "$final_path/conf/local.php.dist" "$final_path/conf/local.php.bak"
+	fi
+fi
+
+if [ ! -f "$final_path/conf/users.auth.php" ]; then
+	if [ -f "$final_path/conf/users.auth.php.dist" ]; then
+		cp $final_path/conf/users.auth.php.dist $final_path/conf/users.auth.php
+	fi
+fi
+
+if [ ! -f "$final_path/conf/plugins.local.php" ]; then
+	cp ../conf/plugins.local.php $final_path/conf
+fi
+
+if [ ! -f "$final_path/conf/plugins.local.php.bak" ]; then
+	cp ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -155,11 +191,6 @@ ynh_add_fpm_config
 # SPECIFIC UPGRADE
 #=================================================
 
-# TODO Taken from old "upgrade" script. Should check if it is needed and what it does
-if [ -d "${final_path}/data/media" ]; then
-	chown -R $app:root $final_path/{data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp}
-fi
-
 # Remove upgrade notification inside Dokuwiki's admin panel
 # See https://www.dokuwiki.org/update_check
 touch $final_path/doku.php
@@ -183,6 +214,7 @@ if [ -f "$final_path/data/deleted.files" ]; then
 	)
 fi
 
+# TODO Taken from old "upgrade" script. Should check if it is needed and what it does
 # Update all plugins
 for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F':' '{print $3}');
 do
@@ -222,20 +254,37 @@ ynh_store_file_checksum "$final_path/conf/local.protected.php"
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Files owned by dokuwiki can just read
+# Try to use "least privilege" to grant minimal access
+# For details, see https://www.dokuwiki.org/install:permissions
+
+# Files owned by DokuWiki can just read
 chown -R root: $final_path
 
-# except for conf, data, some data subfolders, and lib/plugin, where dokuwiki must have write permissions
-#TODO compare rights with install script !!!
-# Install script :
-#sudo chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
+# DokuWiki needs to write inside the "conf" folder. Do "DokuWiki" owner of the folder.
+chown $app:root $final_path/conf
 
-chown -R $app:root $final_path/{conf,data,lib/plugins,lib/tpl}
-chmod -R 700 $final_path/conf
-chmod -R 700 $final_path/data
-chmod -R 755 $final_path/lib/plugins
-chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
+# Do "DokuWiki" owner of onfiguration files that must be writable
+chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
+# Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
+# There are only files in the folder and there is sublevels. No need to use "find"
+chmod -R a+r $final_path/conf
 
+# Give write access to "data" and subfolders
+chown -R $app:root $final_path/data
+# Remove access to "other"
+chmod -R o-rwx $final_path/data
+
+# Allow the web admin panel to run, aka "Extension Manager"
+chown -R $app:root $final_path/lib/plugins
+# Allow to install templates
+chown -R $app:root $final_path/lib/tpl
+
+# Allow access to public assets like style sheets
+find $final_path/lib -type f -print0 | xargs -0 chmod 0644
+find $final_path/lib -type d -print0 | xargs -0 chmod 0755
+# Using "find" instead of "chmod -R 755" so files does not become executable too
+# chmod :   -rwxr-xr-x  1 root root  241 May  3 08:36 index.html   => BAD
+# find  :   -rw-r--r--  1 1001 1002  241 May  3 08:36 index.html   => GOOD
 
 #=================================================
 # SETUP SSOWAT

From 7d5a382f4d9a900630b288365a4bea18219a4fd8 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sun, 8 Jul 2018 00:10:16 +0200
Subject: [PATCH 29/43] [fix] Fix encoding to ascii instead of utf8

---
 scripts/upgrade | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index af12f47..1a0c1d6 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -43,13 +43,13 @@ if [ -z $final_path ]; then
 fi
 
 # TODO Not sure if still needed ??
-# admin default value, if not set
+# admin default value, if not set
 if [ -z "$admin" ]; then
 	admin=$(sudo yunohost user list | grep 'username' -m1 | awk '{print $2}')
 	sudo ynh_app_setting_set $app is_public -v "$is_public"
 fi
 
-# language default value, if not set
+# language default value, if not set
 if [ -z "$language" ]; then
 	language='en'
 	ynh_app_setting_set $app language $language
@@ -82,7 +82,7 @@ if [ ! -f "$final_path/conf/local.protected.php" ]; then
 	cp ../conf/local.protected.php $final_path/conf
 fi
 
-# Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
+# Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
 # Cannot use helper "ynh_backup_if_checksum_is_different"
 # Create file if it does not exist
 if [ ! -f "$final_path/conf/local.php" ]; then
@@ -93,7 +93,7 @@ if [ ! -f "$final_path/conf/local.php" ]; then
 	cp ../conf/local.php $final_path/conf
 fi
 
-# Do not overwrite existing ACL configuration file as it could have user customization's and settings.
+# Do not overwrite existing ACL configuration file as it could have user customization's and settings.
 # Cannot use helper "ynh_backup_if_checksum_is_different"
 # Create file if it does not exist
 # See https://www.dokuwiki.org/acl#background_info

From 6718a7efa0a1541922cb8c9220acfabffe6c9450 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Mon, 9 Jul 2018 22:14:13 +0200
Subject: [PATCH 30/43] [enh] manage file 'preload.php' correctly

See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37#issuecomment-403296911
---
 scripts/install | 16 +++++++++++++---
 scripts/upgrade | 16 ++++++++++++++--
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/scripts/install b/scripts/install
index 63ab4f2..6f496c4 100755
--- a/scripts/install
+++ b/scripts/install
@@ -127,7 +127,6 @@ cp ../conf/local.php           $final_path/conf
 # This file might be modified by dokuwiki admin panel or by plugins
 # It will not be modified by Yunohost in order to keep user settings
 
-
 # Restrict user rights by enforcing "read-only" mode for all users
 # See https://www.dokuwiki.org/acl#background_info
 # Default is "8"
@@ -145,6 +144,12 @@ cp ../conf/acl.auth.php $final_path/conf
 cp $final_path/conf/local.php.dist      $final_path/conf/local.php.bak
 cp $final_path/conf/users.auth.php.dist $final_path/conf/users.auth.php
 
+cp $final_path/inc/preload.php.dist     $final_path/inc/preload.php
+# This file might be used by plugins like https://www.dokuwiki.org/plugin:siteexport
+# Create it to be more "user friendly" as over the top security is not the main goal here
+# This file could be use for bad behaviour.
+# See https://www.dokuwiki.org/devel:preload?s[]=preload
+
 # There is no template .dist provided inside DokuWiki installation folder
 # Create "empty" files to be able to manage linux permissions
 # Files content is taken from an existing DokuWiki installation
@@ -182,14 +187,19 @@ ynh_store_file_checksum "$final_path/conf/acl.auth.php"
 # Files owned by DokuWiki can just read
 chown -R root: $final_path
 
-# DokuWiki needs to write inside the "conf" folder. Do "DokuWiki" owner of the folder.
+# DokuWiki needs to write inside these folders. Do "DokuWiki" owner
 chown $app:root $final_path/conf
+chown $app:root $final_path/inc
 
-# Do "DokuWiki" owner of onfiguration files that must be writable
+# Do "DokuWiki" owner of configuration files that must be writable
 chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
+# Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
+# See https://www.dokuwiki.org/devel:preload
+chown $app:root $final_path/inc/preload.php
 # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
 # There are only files in the folder and there is sublevels. No need to use "find"
 chmod -R a+r $final_path/conf
+chmod -R a+r $final_path/inc
 
 # Give write access to "data" and subfolders
 chown -R $app:root $final_path/data
diff --git a/scripts/upgrade b/scripts/upgrade
index 1a0c1d6..827c77f 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -137,6 +137,15 @@ if [ ! -f "$final_path/conf/plugins.local.php.bak" ]; then
 	cp ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak
 fi
 
+
+if [ ! -f "$final_path/inc/preload.php" ]; then
+	# if template exists
+	if [ -f "$final_path/inc/preload.php.dist" ]; then
+		# Copy template to create default file
+		cp "$final_path/inc/preload.php.dist" "$final_path/inc/preload.php"
+	fi
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -260,14 +269,17 @@ ynh_store_file_checksum "$final_path/conf/local.protected.php"
 # Files owned by DokuWiki can just read
 chown -R root: $final_path
 
-# DokuWiki needs to write inside the "conf" folder. Do "DokuWiki" owner of the folder.
+# DokuWiki needs to write inside these folders. Do "DokuWiki" owner
 chown $app:root $final_path/conf
+chown $app:root $final_path/inc
 
-# Do "DokuWiki" owner of onfiguration files that must be writable
+# Do "DokuWiki" owner of configuration files that must be writable
 chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
+chown $app:root $final_path/inc/preload.php
 # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
 # There are only files in the folder and there is sublevels. No need to use "find"
 chmod -R a+r $final_path/conf
+chmod -R a+r $final_path/inc
 
 # Give write access to "data" and subfolders
 chown -R $app:root $final_path/data

From 813957624fbe0e2413866d29ecc21e20ac4c0f3d Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Mon, 9 Jul 2018 22:15:49 +0200
Subject: [PATCH 31/43] [fix] Fix issue alias_traversal

See https://github.com/YunoHost/example_ynh/commit/d3f411736981ea2b748b9a1459429b4653556bc7
---
 conf/nginx.conf | 3 ++-
 scripts/install | 5 +++++
 scripts/upgrade | 5 +++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index ee61519..0f68b0c 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,4 +1,5 @@
-location __PATH__ {
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+location __PATH__/ {
 
   # Path to source
   alias __FINALPATH__/ ;
diff --git a/scripts/install b/scripts/install
index 6f496c4..f549c7d 100755
--- a/scripts/install
+++ b/scripts/install
@@ -79,6 +79,11 @@ ynh_setup_source "$final_path"
 
 # Create a dedicated nginx config
 ynh_add_nginx_config
+if [ "$path_url" != "/" ]
+then
+	ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf"
+fi
+ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
 # CREATE DEDICATED USER
diff --git a/scripts/upgrade b/scripts/upgrade
index 827c77f..f742118 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -181,6 +181,11 @@ ynh_setup_source "$final_path"
 
 # Create a dedicated nginx config
 ynh_add_nginx_config
+if [ "$path_url" != "/" ]
+then
+	ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf"
+fi
+ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
 # CREATE DEDICATED USER

From b01f2e4addc821d390c633f6547cb964990f4024 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Wed, 11 Jul 2018 22:11:15 +0200
Subject: [PATCH 32/43] [enh] add work in progress 'change_url' script

Not (yet) working...
---
 check_process      |   1 +
 scripts/change_url | 105 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 106 insertions(+)
 create mode 100644 scripts/change_url

diff --git a/check_process b/check_process
index 9f5cf21..9407579 100644
--- a/check_process
+++ b/check_process
@@ -23,6 +23,7 @@
 		multi_instance=1
 		incorrect_path=1
 		port_already_use=0
+		change_url=1
 ;;; Levels
 	Level 1=auto
 	Level 2=auto
diff --git a/scripts/change_url b/scripts/change_url
new file mode 100644
index 0000000..487a27b
--- /dev/null
+++ b/scripts/change_url
@@ -0,0 +1,105 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC STARTING
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# RETRIEVE ARGUMENTS
+#=================================================
+
+old_domain=$YNH_APP_OLD_DOMAIN
+old_path=$YNH_APP_OLD_PATH
+
+new_domain=$YNH_APP_NEW_DOMAIN
+new_path=$YNH_APP_NEW_PATH
+
+app=$YNH_APP_INSTANCE_NAME
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+
+# Needed for helper "ynh_add_nginx_config"
+final_path=$(ynh_app_setting_get $app final_path)
+
+#=================================================
+# CHECK THE SYNTAX OF THE PATHS
+#=================================================
+
+test -n "$old_path" || old_path="/"
+test -n "$new_path" || new_path="/"
+new_path=$(ynh_normalize_url_path $new_path)
+old_path=$(ynh_normalize_url_path $old_path)
+
+#=================================================
+# CHECK WHICH PARTS SHOULD BE CHANGED
+#=================================================
+
+change_domain=0
+if [ "$old_domain" != "$new_domain" ]
+then
+	change_domain=1
+fi
+
+change_path=0
+if [ "$old_path" != "$new_path" ]
+then
+	change_path=1
+fi
+
+#=================================================
+# STANDARD MODIFICATIONS
+#=================================================
+# MODIFY URL IN NGINX CONF
+#=================================================
+
+nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
+
+# Change the path in the nginx config file
+if [ $change_path -eq 1 ]
+then
+	# Make a backup of the original nginx config file if modified
+	ynh_backup_if_checksum_is_different "$nginx_conf_path"
+	# Set global variables for nginx helper
+	domain="$old_domain"
+	path_url="$new_path"
+	# Store path_url setting
+	ynh_app_setting_set $app path "$path_url"
+	# Create a dedicated nginx config
+	ynh_add_nginx_config
+	if [ "$path_url" != "/" ]
+	then
+		ynh_replace_string "^#sub_path_only " "" "$nginx_conf_path"
+	fi
+	ynh_store_file_checksum "$nginx_conf_path"
+fi
+
+# Change the domain for nginx
+if [ $change_domain -eq 1 ]
+then
+	# Delete file checksum for the old conf file location
+	ynh_delete_file_checksum "$nginx_conf_path"
+	mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
+	# Store file checksum for the new config file location
+	ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf"
+fi
+
+#=================================================
+# SPECIFIC MODIFICATIONS
+#=================================================
+# ...
+#=================================================
+
+#=================================================
+# GENERIC FINALISATION
+#=================================================
+# RELOAD NGINX
+#=================================================
+
+systemctl reload nginx

From ef23b0046a37e0422c2cc0e6e5e631097d8944a1 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Mon, 16 Jul 2018 23:28:58 +0200
Subject: [PATCH 33/43] [enh] Cleaning by changing Yunohost needed version

See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37#issuecomment-404597751

Just one last thing, if you put the yunohost requirement at 2.7.14 (last jessie version), you can remove any reference to #sub_path_only in nginx into your install script, as well as upgrade and change_url scripts.
This fix, alias_traversal, is now handled by the helper itself.
---
 manifest.json      | 2 +-
 scripts/change_url | 5 -----
 scripts/install    | 5 -----
 scripts/upgrade    | 5 -----
 4 files changed, 1 insertion(+), 16 deletions(-)

diff --git a/manifest.json b/manifest.json
index 7a44cce..6c60053 100644
--- a/manifest.json
+++ b/manifest.json
@@ -3,7 +3,7 @@
     "id": "dokuwiki",
     "packaging_format": 1,
     "requirements": {
-        "yunohost": ">> 2.6.4"
+        "yunohost": ">> 2.7.14"
     },
     "description": {
         "en": "DokuWiki is a simple to use and highly versatile Open Source wiki software that doesn't require a database.",
diff --git a/scripts/change_url b/scripts/change_url
index 487a27b..2af51af 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -73,11 +73,6 @@ then
 	ynh_app_setting_set $app path "$path_url"
 	# Create a dedicated nginx config
 	ynh_add_nginx_config
-	if [ "$path_url" != "/" ]
-	then
-		ynh_replace_string "^#sub_path_only " "" "$nginx_conf_path"
-	fi
-	ynh_store_file_checksum "$nginx_conf_path"
 fi
 
 # Change the domain for nginx
diff --git a/scripts/install b/scripts/install
index f549c7d..6f496c4 100755
--- a/scripts/install
+++ b/scripts/install
@@ -79,11 +79,6 @@ ynh_setup_source "$final_path"
 
 # Create a dedicated nginx config
 ynh_add_nginx_config
-if [ "$path_url" != "/" ]
-then
-	ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf"
-fi
-ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
 # CREATE DEDICATED USER
diff --git a/scripts/upgrade b/scripts/upgrade
index f742118..827c77f 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -181,11 +181,6 @@ ynh_setup_source "$final_path"
 
 # Create a dedicated nginx config
 ynh_add_nginx_config
-if [ "$path_url" != "/" ]
-then
-	ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf"
-fi
-ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
 # CREATE DEDICATED USER

From 92e63982cfaa1442823f9856f965010d1ccfce59 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Mon, 16 Jul 2018 23:33:27 +0200
Subject: [PATCH 34/43] [fix] Fix "backup" so restore can be done

See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37#pullrequestreview-134457098
---
 scripts/backup | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/scripts/backup b/scripts/backup
index 942bf2c..9c63df7 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -6,12 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================
 
-if [ ! -e _common.sh ]; then
-	# Get the _common.sh file if it's not in the current directory
-	cp ../settings/scripts/_common.sh ./_common.sh
-	chmod a+rx _common.sh
-fi
-source _common.sh
+source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers
 
 #=================================================

From a7de5c7f57ce46b51f448e9ae5b0d62188be2d85 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Mon, 16 Jul 2018 23:58:09 +0200
Subject: [PATCH 35/43] [fix] Fix "restore" script too

---
 scripts/restore | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/scripts/restore b/scripts/restore
index effa38b..754220d 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -6,12 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================
 
-if [ ! -e _common.sh ]; then
-	# Get the _common.sh file if it's not in the current directory
-	cp ../settings/scripts/_common.sh ./_common.sh
-	chmod a+rx _common.sh
-fi
-source _common.sh
+source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers
 
 #=================================================

From 257acb2b4db0038c3dba1c54cb1bbefd29a1c3ef Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sat, 8 Sep 2018 21:02:41 +0200
Subject: [PATCH 36/43] [enh] remove duplicate code block

---
 scripts/upgrade | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 827c77f..be69724 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -101,19 +101,12 @@ if [ ! -f "$final_path/conf/acl.auth.php" ]; then
 	cp ../conf/acl.auth.php $final_path/conf
 fi
 
+
+
 # For securing DokuWiki installation, create default files that will be writable in the "conf" folder.
 # Other files will be read ony and owned by root.
 # See https://www.dokuwiki.org/install:permissions
 
-# Create file if it does not exist
-if [ ! -f "$final_path/conf/local.protected.php" ]; then
-	# Set the default "admin"
-	# Replace string in order to have a functionnal configuration file
-	ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
-
-	cp ../conf/local.protected.php $final_path/conf
-fi
-
 # If file does not exists
 if [ ! -f "$final_path/conf/local.php.bak" ]; then
 	# if template exists

From d7138947521817882d3e68c08f00dd187466e693 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sat, 8 Sep 2018 21:03:34 +0200
Subject: [PATCH 37/43] [fix] Copy configuration files then modify them

See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37#issuecomment-398374816

"Since a few time, because the conf folder will be kept for later uses (especially in change_url), it's better to copy your file in the right place before modifying it."
---
 scripts/install | 34 +++++++++++++++++-----------------
 scripts/upgrade | 21 ++++++++++-----------
 2 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/scripts/install b/scripts/install
index 6f496c4..e1460a8 100755
--- a/scripts/install
+++ b/scripts/install
@@ -100,15 +100,6 @@ ynh_add_fpm_config
 # CUSTOMIZE DOKUWIKI
 #=================================================
 
-# Set the "admin" user
-ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "../conf/local.protected.php"
-
-# Set the "language"
-ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
-
-
-# Copy Yunohost specific configuration
-
 # Loading order of configuration files
 #
 # By default DokuWiki loads its configuration files in the following order:
@@ -119,18 +110,28 @@ ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
 #
 # See https://www.dokuwiki.org/plugin:config#protecting_settings
 
-cp ../conf/local.protected.php $final_path/conf
+
+### Copy Yunohost specific configuration
 # This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
 # It will only be updated by Yunohost package or directly by adventurous users
+cp ../conf/local.protected.php $final_path/conf
+
+# Set the "admin" user
+ynh_replace_string "__YNH_ADMIN_USER__" "$admin"    "$final_path/conf/local.protected.php"
+
 
-cp ../conf/local.php           $final_path/conf
 # This file might be modified by dokuwiki admin panel or by plugins
 # It will not be modified by Yunohost in order to keep user settings
+cp ../conf/local.php           $final_path/conf
+
+# Set the "language"
+ynh_replace_string "__YNH_LANGUAGE__"   "$language" "$final_path/conf/local.php"
+
 
 # Restrict user rights by enforcing "read-only" mode for all users
 # See https://www.dokuwiki.org/acl#background_info
 # Default is "8"
-cp ../conf/acl.auth.php $final_path/conf
+cp ../conf/acl.auth.php        $final_path/conf
 
 #=================================================
 # CREATE DEFAULT FILES
@@ -144,11 +145,11 @@ cp ../conf/acl.auth.php $final_path/conf
 cp $final_path/conf/local.php.dist      $final_path/conf/local.php.bak
 cp $final_path/conf/users.auth.php.dist $final_path/conf/users.auth.php
 
-cp $final_path/inc/preload.php.dist     $final_path/inc/preload.php
 # This file might be used by plugins like https://www.dokuwiki.org/plugin:siteexport
 # Create it to be more "user friendly" as over the top security is not the main goal here
 # This file could be use for bad behaviour.
 # See https://www.dokuwiki.org/devel:preload?s[]=preload
+cp $final_path/inc/preload.php.dist     $final_path/inc/preload.php
 
 # There is no template .dist provided inside DokuWiki installation folder
 # Create "empty" files to be able to manage linux permissions
@@ -158,11 +159,10 @@ cp ../conf/plugins.local.php            $final_path/conf/plugins.local.php.bak
 
 # Create file if it does not exist
 if [ ! -f "$final_path/conf/local.protected.php" ]; then
-	# Set the default "admin"
-	# Replace string in order to have a functionnal configuration file
-	ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
-
 	cp ../conf/local.protected.php $final_path/conf
+
+	# Set the default "admin"
+	ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "$final_path/conf/local.protected.php"
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index be69724..d9a5696 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -56,6 +56,7 @@ if [ -z "$language" ]; then
 fi
 
 
+
 # Yunohost specific configuration, if not exists
 
 # Previously, these settings were store a unique "dokuwiki.php"
@@ -75,22 +76,20 @@ fi
 # Configuration dedicated to Yunohost (LDAP and admin mainly)
 # Create file if it does not exist
 if [ ! -f "$final_path/conf/local.protected.php" ]; then
-	# Set the default "admin"
-	# Replace string in order to have a functionnal configuration file
-	ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
-
 	cp ../conf/local.protected.php $final_path/conf
+
+	# Set the default "admin"
+	ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "$final_path/conf/local.protected.php"
 fi
 
 # Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
 # Cannot use helper "ynh_backup_if_checksum_is_different"
 # Create file if it does not exist
 if [ ! -f "$final_path/conf/local.php" ]; then
-	# Set the default "language" only when file does not exist beforehand
-	# Replace string in order to have a functionnal configuration file
-	ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
-
 	cp ../conf/local.php $final_path/conf
+
+	# Set the default "language"
+	ynh_replace_string "__YNH_LANGUAGE__" "$language" "$final_path/conf/local.php"
 fi
 
 # Do not overwrite existing ACL configuration file as it could have user customization's and settings.
@@ -240,13 +239,13 @@ done
 # Safe here as this file is only used by Yunohost. Dokuwiki cannot modified it.
 ynh_backup_if_checksum_is_different "$final_path/conf/local.protected.php"
 
-# Set the "admin" user
-ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "../conf/local.protected.php"
-
 cp ../conf/local.protected.php $final_path/conf
 # This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
 # It will only be updated by Yunohost package or directly by adventurous users
 
+# Set the "admin" user
+ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "../conf/local.protected.php"
+
 # Recalculate and store the config file checksum into the app settings
 ynh_store_file_checksum "$final_path/conf/local.protected.php"
 

From 7ae29184869bdd03f20bdeb44eef6c08286650a4 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sat, 15 Sep 2018 21:31:24 +0200
Subject: [PATCH 38/43] [enh] remove unnecessary test

---
 scripts/install | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/scripts/install b/scripts/install
index e1460a8..4b0ee72 100755
--- a/scripts/install
+++ b/scripts/install
@@ -157,14 +157,6 @@ cp $final_path/inc/preload.php.dist     $final_path/inc/preload.php
 cp ../conf/plugins.local.php            $final_path/conf
 cp ../conf/plugins.local.php            $final_path/conf/plugins.local.php.bak
 
-# Create file if it does not exist
-if [ ! -f "$final_path/conf/local.protected.php" ]; then
-	cp ../conf/local.protected.php $final_path/conf
-
-	# Set the default "admin"
-	ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "$final_path/conf/local.protected.php"
-fi
-
 #=================================================
 # STORE THE CHECKSUM OF THE CONFIG FILE
 #=================================================

From efd392a8c15efbeb4ddc437ec2c82aa0443a541e Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sat, 15 Sep 2018 21:36:00 +0200
Subject: [PATCH 39/43] [fix] set admin user + add comments

---
 scripts/upgrade | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index d9a5696..c4e35e8 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -233,20 +233,17 @@ done
 # LDAP Configuration
 #=================================================
 
-# Verify if existing file needs to be upgraded by comparing it's size to new file from package
-# If different, do a backup of existing file and overwrite with new file
-#
-# Safe here as this file is only used by Yunohost. Dokuwiki cannot modified it.
+### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script.
+### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it.
 ynh_backup_if_checksum_is_different "$final_path/conf/local.protected.php"
 
+# Always overwrite local file with the one from package.
 cp ../conf/local.protected.php $final_path/conf
-# This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
-# It will only be updated by Yunohost package or directly by adventurous users
 
 # Set the "admin" user
-ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "../conf/local.protected.php"
+ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "$final_path/conf/local.protected.php"
 
-# Recalculate and store the config file checksum into the app settings
+# Recalculate and store the checksum of the file for the next upgrade.
 ynh_store_file_checksum "$final_path/conf/local.protected.php"
 
 #=================================================

From 3f59ea2e014f41c13544d1d3a183fe0bf13bbbe3 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sat, 15 Sep 2018 21:37:44 +0200
Subject: [PATCH 40/43] [enh] do not store unnecessary files checksums

and cleaning comments
---
 scripts/install | 5 +++--
 scripts/upgrade | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/scripts/install b/scripts/install
index 4b0ee72..88017cb 100755
--- a/scripts/install
+++ b/scripts/install
@@ -163,8 +163,9 @@ cp ../conf/plugins.local.php            $final_path/conf/plugins.local.php.bak
 
 # Calculate and store the config file checksum into the app settings
 ynh_store_file_checksum "$final_path/conf/local.protected.php"
-ynh_store_file_checksum "$final_path/conf/local.php"
-ynh_store_file_checksum "$final_path/conf/acl.auth.php"
+### Files can be modified by user, no need to store checksum as they cannot be overwritten safely by package
+#ynh_store_file_checksum "$final_path/conf/local.php"
+#ynh_store_file_checksum "$final_path/conf/acl.auth.php"
 #=================================================
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index c4e35e8..88280c4 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -83,7 +83,6 @@ if [ ! -f "$final_path/conf/local.protected.php" ]; then
 fi
 
 # Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
-# Cannot use helper "ynh_backup_if_checksum_is_different"
 # Create file if it does not exist
 if [ ! -f "$final_path/conf/local.php" ]; then
 	cp ../conf/local.php $final_path/conf
@@ -93,7 +92,6 @@ if [ ! -f "$final_path/conf/local.php" ]; then
 fi
 
 # Do not overwrite existing ACL configuration file as it could have user customization's and settings.
-# Cannot use helper "ynh_backup_if_checksum_is_different"
 # Create file if it does not exist
 # See https://www.dokuwiki.org/acl#background_info
 if [ ! -f "$final_path/conf/acl.auth.php" ]; then
@@ -264,6 +262,8 @@ chown $app:root $final_path/inc
 
 # Do "DokuWiki" owner of configuration files that must be writable
 chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
+# Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
+# See https://www.dokuwiki.org/devel:preload
 chown $app:root $final_path/inc/preload.php
 # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
 # There are only files in the folder and there is sublevels. No need to use "find"

From 7d3af37851a470c005889fff4a578ed95d996d19 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Sat, 15 Sep 2018 21:39:12 +0200
Subject: [PATCH 41/43] [enh] redo "restore" following "upgrade" example

---
 scripts/restore | 42 ++++++++++++++++++++++++++++++++++--------
 1 file changed, 34 insertions(+), 8 deletions(-)

diff --git a/scripts/restore b/scripts/restore
index 754220d..5649801 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -60,16 +60,42 @@ ynh_system_user_create $app
 # RESTORE USER RIGHTS
 #=================================================
 
-# Restore permissions on app files
+# Try to use "least privilege" to grant minimal access
+# For details, see https://www.dokuwiki.org/install:permissions
+
+# Files owned by DokuWiki can just read
 chown -R root: $final_path
 
-# Restore permissions same as from the 'install' script
-# except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions
-chown -R $app:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins,lib/tpl}
-chmod -R 700 $final_path/conf
-chmod -R 700 $final_path/data
-chmod -R 755 $final_path/lib/plugins
-chmod 755 $final_path/lib/tpl/{dokuwiki,dokuwiki/images}
+# DokuWiki needs to write inside these folders. Do "DokuWiki" owner
+chown $app:root $final_path/conf
+chown $app:root $final_path/inc
+
+# Do "DokuWiki" owner of configuration files that must be writable
+chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
+# Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
+# See https://www.dokuwiki.org/devel:preload
+chown $app:root $final_path/inc/preload.php
+# Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
+# There are only files in the folder and there is sublevels. No need to use "find"
+chmod -R a+r $final_path/conf
+chmod -R a+r $final_path/inc
+
+# Give write access to "data" and subfolders
+chown -R $app:root $final_path/data
+# Remove access to "other"
+chmod -R o-rwx $final_path/data
+
+# Allow the web admin panel to run, aka "Extension Manager"
+chown -R $app:root $final_path/lib/plugins
+# Allow to install templates
+chown -R $app:root $final_path/lib/tpl
+
+# Allow access to public assets like style sheets
+find $final_path/lib -type f -print0 | xargs -0 chmod 0644
+find $final_path/lib -type d -print0 | xargs -0 chmod 0755
+# Using "find" instead of "chmod -R 755" so files does not become executable too
+# chmod :   -rwxr-xr-x  1 root root  241 May  3 08:36 index.html   => BAD
+# find  :   -rw-r--r--  1 1001 1002  241 May  3 08:36 index.html   => GOOD
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION

From d27f37799b3453f85c023690969fdde4ee7ee03b Mon Sep 17 00:00:00 2001
From: Jimmy Monin <jimmy@monin.net>
Date: Sun, 16 Sep 2018 09:00:36 +0200
Subject: [PATCH 42/43] Typo fixes

---
 scripts/install | 2 +-
 scripts/restore | 4 ++--
 scripts/upgrade | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/install b/scripts/install
index 88017cb..046c816 100755
--- a/scripts/install
+++ b/scripts/install
@@ -190,7 +190,7 @@ chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.aut
 # See https://www.dokuwiki.org/devel:preload
 chown $app:root $final_path/inc/preload.php
 # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
-# There are only files in the folder and there is sublevels. No need to use "find"
+# There are only files in the folder and there are no sublevels. No need to use "find"
 chmod -R a+r $final_path/conf
 chmod -R a+r $final_path/inc
 
diff --git a/scripts/restore b/scripts/restore
index 5649801..f8363c7 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -72,11 +72,11 @@ chown $app:root $final_path/inc
 
 # Do "DokuWiki" owner of configuration files that must be writable
 chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
-# Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
+# Useful for some plugins like https://www.dokuwiki.org/plugin:siteexport
 # See https://www.dokuwiki.org/devel:preload
 chown $app:root $final_path/inc/preload.php
 # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
-# There are only files in the folder and there is sublevels. No need to use "find"
+# There are only files in the folder and there are no sublevels. No need to use "find"
 chmod -R a+r $final_path/conf
 chmod -R a+r $final_path/inc
 
diff --git a/scripts/upgrade b/scripts/upgrade
index 88280c4..dd23203 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -262,7 +262,7 @@ chown $app:root $final_path/inc
 
 # Do "DokuWiki" owner of configuration files that must be writable
 chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
-# Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
+# Useful for some plugins like https://www.dokuwiki.org/plugin:siteexport
 # See https://www.dokuwiki.org/devel:preload
 chown $app:root $final_path/inc/preload.php
 # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them

From 3bb15d1eab1c28cfb62f9f38b4e4c02416591397 Mon Sep 17 00:00:00 2001
From: Maniack Crudelis <maniackcrudelis@users.noreply.github.com>
Date: Mon, 17 Sep 2018 11:04:53 +0200
Subject: [PATCH 43/43] Fix weird linter error

---
 scripts/upgrade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index dd23203..75be9a7 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -215,7 +215,7 @@ fi
 
 # TODO Taken from old "upgrade" script. Should check if it is needed and what it does
 # Update all plugins
-for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F':' '{print $3}');
+for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F ':' '{print $3}');
 do
 	# Get a official plugin for dokuwiki, not update a no-official
 	sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true