YunoHost-Apps/dokuwiki_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dokuwiki_ynh.git synced 2024-09-03 18:26:20 +02:00
Code Issues Activity Actions

Merge pull request #75 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
Alexandre Aubin 2021-02-19 00:13:25 +01:00 committed by GitHub
commit dd43e57ebf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 103 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
CHANGELOG.md
View file

@ -10,6 +10,17 @@
------------ ------------
# [2020-07-29~ynh4] - 2021-01-19
### Added
- Support for new permission system in YunoHost 3.7
### Changed
- wiki administrators is now a group and can be modified from webadmin YunoHost panel
- Require YunoHost 3.7 minimum
## [2020-07-29~ynh2] - 2020-10-23 ## [2020-07-29~ynh2] - 2020-10-23
### Added ### Added

3
check_process
View file

@ -14,7 +14,8 @@
setup_private=1 setup_private=1
setup_public=1 setup_public=1
upgrade=1 upgrade=1
upgrade=1 from_commit=01add99d3d903ca6d07f863045edf2ba46cf18d5 # Laster released version. See https://github.com/YunoHost-Apps/dokuwiki_ynh/commits/master
upgrade=1 from_commit=500a7d3fa9c008a2b75d0f6bec519e41fed97da0
backup_restore=1 backup_restore=1
multi_instance=1 multi_instance=1
port_already_use=0 port_already_use=0

10
conf/local.protected.php
View file

@ -14,15 +14,19 @@
$conf['useacl'] = 1; //Use Access Control Lists to restrict access? $conf['useacl'] = 1; //Use Access Control Lists to restrict access?
$conf['authtype'] = 'authldap'; //which authentication backend should be used $conf['authtype'] = 'authldap'; //which authentication backend should be used
$conf['passcrypt'] = 'sha1'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411) $conf['passcrypt'] = 'sha1'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
$conf['superuser'] = '__YNH_ADMIN_USER__'; //The admin can be user or @group or comma separated list user1,@group1,user2 $conf['superuser'] = '@__APP__.admin'; //The admin can be user or @group or comma separated list user1,@group1,user2
$conf['manager'] = '__YNH_ADMIN_USER__'; //The manager can be user or @group or comma separated list user1,@group1,user2 $conf['manager'] = '@__APP__.admin'; //The manager can be user or @group or comma separated list user1,@group1,user2
/* LDAP Yunohost config */ /* LDAP Yunohost config */
$conf['plugin']['authldap']['server'] = 'localhost'; $conf['plugin']['authldap']['server'] = 'localhost';
$conf['plugin']['authldap']['port'] = 389; $conf['plugin']['authldap']['port'] = 389;
$conf['plugin']['authldap']['version'] = 3; $conf['plugin']['authldap']['version'] = 3;
$conf['plugin']['authldap']['usertree'] = 'ou=users,dc=yunohost,dc=org'; $conf['plugin']['authldap']['usertree'] = 'ou=users,dc=yunohost,dc=org';
$conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))'; $conf['plugin']['authldap']['grouptree'] = 'ou=permission,dc=yunohost,dc=org';
$conf['plugin']['authldap']['userfilter'] = '(&(objectClass=posixAccount)(uid=%{user})(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(memberUid=%{user}))';
#$conf['plugin']['authldap']['debug'] = 1;
/* Advanced Settings */ /* Advanced Settings */
$conf['updatecheck'] = 0; //automatically check for new releases? $conf['updatecheck'] = 0; //automatically check for new releases?

4
manifest.json
View file

@ -9,7 +9,7 @@
"es": "Un sistema de Wiki de uso sencillicimo y compatible con los estándares.", "es": "Un sistema de Wiki de uso sencillicimo y compatible con los estándares.",
"it": "Un Wiki aderente agli standard, semplice da usare, finalizzato principalmente alla creazione di documentazione di qualsiasi tipo." "it": "Un Wiki aderente agli standard, semplice da usare, finalizzato principalmente alla creazione di documentazione di qualsiasi tipo."
}, },
"version": "2020-07-29~ynh3", "version": "2020-07-29~ynh4",
"url": "https://www.dokuwiki.org", "url": "https://www.dokuwiki.org",
"license": "GPL-2.0-or-later", "license": "GPL-2.0-or-later",
"maintainer": { "maintainer": {
@ -22,7 +22,7 @@
"email": "opi@zeropi.net" "email": "opi@zeropi.net"
}], }],
"requirements": { "requirements": {
"yunohost": ">= 3.8.1" "yunohost": ">= 4.1.0"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [

1
scripts/_common.sh
View file

@ -4,6 +4,7 @@
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
YNH_PHP_VERSION="7.3" YNH_PHP_VERSION="7.3"
extra_php_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap php${YNH_PHP_VERSION}-gd" extra_php_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap php${YNH_PHP_VERSION}-gd"

19
scripts/install
View file

@ -22,7 +22,7 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN admin_user=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE language=$YNH_APP_ARG_LANGUAGE
@ -46,8 +46,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=2
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=language --value=$language
#================================================= #=================================================
@ -109,8 +107,12 @@ ynh_script_progression --message="Configuring DokuWiki..." --weight=2
# It will only be updated by Yunohost package or directly by adventurous users # It will only be updated by Yunohost package or directly by adventurous users
cp ../conf/local.protected.php $final_path/conf cp ../conf/local.protected.php $final_path/conf
# Set the "admin" user # Create the "admin" group and add the "admin" user
ynh_replace_string --match_string="__YNH_ADMIN_USER__" --replace_string="$admin" --target_file="$final_path/conf/local.protected.php" ynh_permission_create --permission "admin" --allowed "$admin_user"
# Customize admin group in case of multiple wiki install managed by different admins
# dokuwiki.admin; dokuwiki__1.admin; etc
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$final_path/conf/local.protected.php"
# This file might be modified by DokuWiki admin panel or by plugins # This file might be modified by DokuWiki admin panel or by plugins
@ -217,13 +219,14 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_script_progression --message="Configuring SSOwat..." ynh_script_progression --message="Configuring permissions..." --weight=2
# Make app public if necessary # Make app public if necessary
if [ $is_public -eq 1 ] if [ $is_public -eq 1 ]
then then
# unprotected_uris allows SSO credentials to be passed anyway. # Everyone can access the app.
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" # The "main" permission is automatically created before the install script.
ynh_permission_update --permission "main" --add "visitors"
fi fi
#================================================= #=================================================

113
scripts/upgrade
View file

@ -18,8 +18,6 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
@ -34,35 +32,45 @@ upgrade_type=$(ynh_check_app_version_changed)
#================================================= #=================================================
ynh_script_progression --message="Ensuring downward compatibility..." ynh_script_progression --message="Ensuring downward compatibility..."
# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=0
is_public=0
fi
# If final_path doesn't exist, create it # If final_path doesn't exist, create it
if [ -z "$final_path" ]; then if [ -z "$final_path" ]; then
final_path=/var/www/$app final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi fi
# TODO Not sure if still needed ??
# admin default value, if not set
if [ -z "$admin" ]; then
admin=$(yunohost user list | grep 'username' -m1 | awk '{print $2}')
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
fi
# language default value, if not set # language default value, if not set
if [ -z "$language" ]; then if [ -z "$language" ]; then
language='en' language='en'
ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=language --value=$language
fi fi
# YunoHost specific configuration, if it isn't exist already
# Cleaning legacy permissions
admin_user=$(ynh_app_setting_get --app=$app --key=admin)
if [ -n "$admin_user" ]; then
# Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7
# Remove skipped_uris. If the app was public, add visitors again to the main permission
if ynh_permission_has_user --permission=admin --user="$admin_user"
then
echo "permission admin already exist. Nothing to do"
else
ynh_permission_create --permission "admin" --allowed "$admin_user"
fi
# Remove legacy admin setting
ynh_app_setting_delete --app=$app --key=admin
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
# Yunohost specific configuration, if it isn't exist already
# Previously, these settings were store in an unique "dokuwiki.php" # Previously, these settings were store in an unique "dokuwiki.php"
# Now, they are split in multiple files to ease upgrading process (separate YunoHost config from user config) # Now, they are split in multiple files to ease upgrading process (separate YunoHost config from user config)
@ -205,15 +213,43 @@ then
# See https://www.dokuwiki.org/install:unused_files # See https://www.dokuwiki.org/install:unused_files
if [ -f "$final_path/data/deleted.files" ]; then if [ -f "$final_path/data/deleted.files" ]; then
# Use a "sub process" to start a new shell to run these commands # Feed output of grep[...] line by line to 'ynh_secure_remove'
# Allow to use only one "cd" and to be more efficent # 'ynh_secure_remove' can only work file by file. Cannot work with a list
( # This is a (complicated) workaround this limitation
# Move to the dokuwiki installation folder so the "official" commands can be used without adaptation while IFS= read -r line; do
cd $final_path
grep --extended-regexp --invert-match '^($|#)' data/deleted.files | xargs --max-args=1 rm --force --dir || true # Added this test to reduce the spam printed by helper to the user in the webadmin.
) # Should be less 'scary' to them I think
fi #
# number of messages = number of lines *2 (673 lines while writing this)
### grep --extended-regexp --invert-match '^($|#)' data/deleted.files | wc -l
### 673
#
# Spam sample:
#Attention : /!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time.
#Info : 'inc/parser/spamcheck.php' wasn't deleted because it doesn't exist.
#Attention : /!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time.
#Attention : /!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time.
#Info : 'lib/images/favicon.ico' wasn't deleted because it doesn't exist.
#Info : 'lib/images/thumbup.gif' wasn't deleted because it doesn't exist.
#Attention : /!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time.
#Info : 'lib/images/toolbar/code.png' wasn't deleted because it doesn't exist.
#Attention : /!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time.
#Info : 'lib/images/toolbar/empty.png' wasn't deleted because it doesn't exist.
if [ -f "$line" ]; then
ynh_secure_remove --file "$line"
fi
done < <(grep --null --extended-regexp --invert-match '^($|#)' "$final_path/data/deleted.files" | xargs --null --max-args=1 || true)
# ^ ^ First < is redirection, second is process substitution.
# Source: https://tldp.org/LDP/abs/html/process-sub.html
# Previous attemps if someone reads this one day
###grep --extended-regexp --invert-match '^($|#)' data/deleted.files | xargs --max-args=1 rm --verbose --force --dir 2>&1 || true
###grep --extended-regexp --invert-match '^($|#)' data/deleted.files | xargs --max-args=1 ynh_secure_remove --file 2>&1
###grep --null --extended-regexp --invert-match '^($|#)' data/deleted.files > toto.list
###xargs --null --verbose --max-args=1 --arg-file=toto.list ynh_secure_remove 2>&1
fi
# TODO Taken from old "upgrade" script. Should check if it is needed and what it does # TODO Taken from old "upgrade" script. Should check if it is needed and what it does
# Update all plugins # Update all plugins
@ -239,8 +275,12 @@ ynh_backup_if_checksum_is_different --file="$final_path/conf/local.protected.php
# Always overwrite local file with the one from package. # Always overwrite local file with the one from package.
cp ../conf/local.protected.php $final_path/conf cp ../conf/local.protected.php $final_path/conf
# Set the "admin" user # Create the "admin" group and add the "admin" user
ynh_replace_string --match_string="__YNH_ADMIN_USER__" --replace_string="$admin" --target_file="$final_path/conf/local.protected.php" #ynh_permission_create --permission "admin" --allowed "$admin_user"
# Customize admin group in case of multiple wiki install managed by different admins
# dokuwiki.admin; dokuwiki__1.admin; etc
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$final_path/conf/local.protected.php"
# Recalculate and store the checksum of the file for the next upgrade. # Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$final_path/conf/local.protected.php" ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
@ -302,21 +342,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=7
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5 ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..."
if [ $is_public -eq 0 ]
then # Remove the public access
ynh_app_setting_delete --app=$app --key=skipped_uris
fi
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
fi
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX