YunoHost-Apps/dokuwiki_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dokuwiki_ynh.git synced 2024-09-03 18:26:20 +02:00
Code Issues Activity Actions
dokuwiki_ynh/scripts/upgrade
Gofannon 1ee015bd50 [enh] rework linux permissions
2018-07-08 00:04:33 +02:00

308 lines
10 KiB
Bash
Executable file
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
admin=$(ynh_app_setting_get $app admin)
is_public=$(ynh_app_setting_get $app is_public)
# Not needed during upgrade as user might have change it since installation from Dokuwiki admin panel
#language=$(ynh_app_setting_get $app language)
final_path=$(ynh_app_setting_get $app final_path)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set $app is_public 1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set $app is_public 0
is_public=0
fi
# If final_path doesn't exist, create it
if [ -z $final_path ]; then
final_path=/var/www/$app
ynh_app_setting_set $app final_path $final_path
fi
# TODO Not sure if still needed ??
# admin default value, if not set
if [ -z "$admin" ]; then
admin=$(sudo yunohost user list | grep 'username' -m1 | awk '{print $2}')
sudo ynh_app_setting_set $app is_public -v "$is_public"
fi
# language default value, if not set
if [ -z "$language" ]; then
language='en'
ynh_app_setting_set $app language $language
fi
# Yunohost specific configuration, if not exists
# Previously, these settings were store a unique "dokuwiki.php"
# Now, they are split in multiples files to ease upgrading process (separate Yunohost config from user config)
# Loading order of configuration files
#
# By default DokuWiki loads its configuration files in the following order:
#
# 1. conf/dokuwiki.php
# 2. conf/local.php
# 3. conf/local.protected.php
#
# See https://www.dokuwiki.org/plugin:config#protecting_settings
# Configuration dedicated to Yunohost (LDAP and admin mainly)
# Create file if it does not exist
if [ ! -f "$final_path/conf/local.protected.php" ]; then
# Set the default "admin"
# Replace string in order to have a functionnal configuration file
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
cp ../conf/local.protected.php $final_path/conf
fi
# Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
# Cannot use helper "ynh_backup_if_checksum_is_different"
# Create file if it does not exist
if [ ! -f "$final_path/conf/local.php" ]; then
# Set the default "language" only when file does not exist beforehand
# Replace string in order to have a functionnal configuration file
ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
cp ../conf/local.php $final_path/conf
fi
# Do not overwrite existing ACL configuration file as it could have user customization's and settings.
# Cannot use helper "ynh_backup_if_checksum_is_different"
# Create file if it does not exist
# See https://www.dokuwiki.org/acl#background_info
if [ ! -f "$final_path/conf/acl.auth.php" ]; then
cp ../conf/acl.auth.php $final_path/conf
fi
# For securing DokuWiki installation, create default files that will be writable in the "conf" folder.
# Other files will be read ony and owned by root.
# See https://www.dokuwiki.org/install:permissions
# Create file if it does not exist
if [ ! -f "$final_path/conf/local.protected.php" ]; then
# Set the default "admin"
# Replace string in order to have a functionnal configuration file
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
cp ../conf/local.protected.php $final_path/conf
fi
# If file does not exists
if [ ! -f "$final_path/conf/local.php.bak" ]; then
# if template exists
if [ -f "$final_path/conf/local.php.dist" ]; then
# Copy template to create default file
cp "$final_path/conf/local.php.dist" "$final_path/conf/local.php.bak"
fi
fi
if [ ! -f "$final_path/conf/users.auth.php" ]; then
if [ -f "$final_path/conf/users.auth.php.dist" ]; then
cp $final_path/conf/users.auth.php.dist $final_path/conf/users.auth.php
fi
fi
if [ ! -f "$final_path/conf/plugins.local.php" ]; then
cp ../conf/plugins.local.php $final_path/conf
fi
if [ ! -f "$final_path/conf/plugins.local.php.bak" ]; then
cp ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK THE PATH
#=================================================
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
# Create a system user
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# Remove upgrade notification inside Dokuwiki's admin panel
# See https://www.dokuwiki.org/update_check
touch $final_path/doku.php
# Remove files not used anymore after upgrade
# See https://www.dokuwiki.org/install:unused_files
if [ -f "$final_path/data/deleted.files" ]; then
# Use a "sub process" to start a new shell to run these commands
# Allow to use only one "cd" and to be more efficent
(
# Move to the dokuwiki installation folder so the "official" commands can be used without adaptation
cd $final_path
# This command could not remove directory
#grep -Ev '^($|#)' data/deleted.files | xargs -n 1 rm -vf
# => "rm: cannot remove 'vendor/easybook/geshi': Is a directory"
# That one works as expected
grep -Ev '^($|#)' data/deleted.files | xargs -n 1 rm -fr
)
fi
# TODO Taken from old "upgrade" script. Should check if it is needed and what it does
# Update all plugins
for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F':' '{print $3}');
do
# Get a official plugin for dokuwiki, not update a no-official
sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true
if [ -s "${name_plugin}.zip" ]; then
sudo unzip ${name_plugin}.zip
sudo cp -a splitbrain-dokuwiki-plugin-${name_plugin}*/. "${final_path}/lib/plugins/${name_plugin}/"
fi
done
#=================================================
#=================================================
# LDAP Configuration
#=================================================
# Verify if existing file needs to be upgraded by comparing it's size to new file from package
# If different, do a backup of existing file and overwrite with new file
#
# Safe here as this file is only used by Yunohost. Dokuwiki cannot modified it.
ynh_backup_if_checksum_is_different "$final_path/conf/local.protected.php"
# Set the "admin" user
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
cp ../conf/local.protected.php $final_path/conf
# This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
# It will only be updated by Yunohost package or directly by adventurous users
# Recalculate and store the config file checksum into the app settings
ynh_store_file_checksum "$final_path/conf/local.protected.php"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Try to use "least privilege" to grant minimal access
# For details, see https://www.dokuwiki.org/install:permissions
# Files owned by DokuWiki can just read
chown -R root: $final_path
# DokuWiki needs to write inside the "conf" folder. Do "DokuWiki" owner of the folder.
chown $app:root $final_path/conf
# Do "DokuWiki" owner of onfiguration files that must be writable
chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# There are only files in the folder and there is sublevels. No need to use "find"
chmod -R a+r $final_path/conf
# Give write access to "data" and subfolders
chown -R $app:root $final_path/data
# Remove access to "other"
chmod -R o-rwx $final_path/data
# Allow the web admin panel to run, aka "Extension Manager"
chown -R $app:root $final_path/lib/plugins
# Allow to install templates
chown -R $app:root $final_path/lib/tpl
# Allow access to public assets like style sheets
find $final_path/lib -type f -print0 | xargs -0 chmod 0644
find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# Using "find" instead of "chmod -R 755" so files does not become executable too
# chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
#=================================================
# SETUP SSOWAT
#=================================================
if [ $is_public -eq 0 ]
then # Remove the public access
ynh_app_setting_delete $app skipped_uris
fi
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway
ynh_app_setting_set $app unprotected_uris "/"
fi
#=================================================
# RELOAD NGINX
#=================================================
systemctl reload nginx
Reference in a new issue View git blame Copy permalink