YunoHost-Apps/dokuwiki_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dokuwiki_ynh.git synced 2024-09-03 18:26:20 +02:00
Code Issues Activity Actions
dokuwiki_ynh/scripts/upgrade
Gofannon ef23b0046a [enh] Cleaning by changing Yunohost needed version 
See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37#issuecomment-404597751

Just one last thing, if you put the yunohost requirement at 2.7.14 (last jessie version), you can remove any reference to #sub_path_only in nginx into your install script, as well as upgrade and change_url scripts.
This fix, alias_traversal, is now handled by the helper itself.
2018-07-16 23:28:58 +02:00

320 lines
11 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
admin=$(ynh_app_setting_get $app admin)
is_public=$(ynh_app_setting_get $app is_public)
# Not needed during upgrade as user might have change it since installation from Dokuwiki admin panel
#language=$(ynh_app_setting_get $app language)
final_path=$(ynh_app_setting_get $app final_path)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set $app is_public 1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set $app is_public 0
is_public=0
fi
# If final_path doesn't exist, create it
if [ -z $final_path ]; then
final_path=/var/www/$app
ynh_app_setting_set $app final_path $final_path
fi
# TODO Not sure if still needed ??
# admin default value, if not set
if [ -z "$admin" ]; then
admin=$(sudo yunohost user list | grep 'username' -m1 | awk '{print $2}')
sudo ynh_app_setting_set $app is_public -v "$is_public"
fi
# language default value, if not set
if [ -z "$language" ]; then
language='en'
ynh_app_setting_set $app language $language
fi
# Yunohost specific configuration, if not exists
# Previously, these settings were store a unique "dokuwiki.php"
# Now, they are split in multiples files to ease upgrading process (separate Yunohost config from user config)
# Loading order of configuration files
#
# By default DokuWiki loads its configuration files in the following order:
#
# 1. conf/dokuwiki.php
# 2. conf/local.php
# 3. conf/local.protected.php
#
# See https://www.dokuwiki.org/plugin:config#protecting_settings
# Configuration dedicated to Yunohost (LDAP and admin mainly)
# Create file if it does not exist
if [ ! -f "$final_path/conf/local.protected.php" ]; then
# Set the default "admin"
# Replace string in order to have a functionnal configuration file
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
cp ../conf/local.protected.php $final_path/conf
fi
# Do not overwrite existing dokuwiki configuration as it could have user customization's and settings.
# Cannot use helper "ynh_backup_if_checksum_is_different"
# Create file if it does not exist
if [ ! -f "$final_path/conf/local.php" ]; then
# Set the default "language" only when file does not exist beforehand
# Replace string in order to have a functionnal configuration file
ynh_replace_string "__YNH_LANGUAGE__" "$language" "../conf/local.php"
cp ../conf/local.php $final_path/conf
fi
# Do not overwrite existing ACL configuration file as it could have user customization's and settings.
# Cannot use helper "ynh_backup_if_checksum_is_different"
# Create file if it does not exist
# See https://www.dokuwiki.org/acl#background_info
if [ ! -f "$final_path/conf/acl.auth.php" ]; then
cp ../conf/acl.auth.php $final_path/conf
fi
# For securing DokuWiki installation, create default files that will be writable in the "conf" folder.
# Other files will be read ony and owned by root.
# See https://www.dokuwiki.org/install:permissions
# Create file if it does not exist
if [ ! -f "$final_path/conf/local.protected.php" ]; then
# Set the default "admin"
# Replace string in order to have a functionnal configuration file
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
cp ../conf/local.protected.php $final_path/conf
fi
# If file does not exists
if [ ! -f "$final_path/conf/local.php.bak" ]; then
# if template exists
if [ -f "$final_path/conf/local.php.dist" ]; then
# Copy template to create default file
cp "$final_path/conf/local.php.dist" "$final_path/conf/local.php.bak"
fi
fi
if [ ! -f "$final_path/conf/users.auth.php" ]; then
if [ -f "$final_path/conf/users.auth.php.dist" ]; then
cp $final_path/conf/users.auth.php.dist $final_path/conf/users.auth.php
fi
fi
if [ ! -f "$final_path/conf/plugins.local.php" ]; then
cp ../conf/plugins.local.php $final_path/conf
fi
if [ ! -f "$final_path/conf/plugins.local.php.bak" ]; then
cp ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak
fi
if [ ! -f "$final_path/inc/preload.php" ]; then
# if template exists
if [ -f "$final_path/inc/preload.php.dist" ]; then
# Copy template to create default file
cp "$final_path/inc/preload.php.dist" "$final_path/inc/preload.php"
fi
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK THE PATH
#=================================================
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
# Create a system user
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# Remove upgrade notification inside Dokuwiki's admin panel
# See https://www.dokuwiki.org/update_check
touch $final_path/doku.php
# Remove files not used anymore after upgrade
# See https://www.dokuwiki.org/install:unused_files
if [ -f "$final_path/data/deleted.files" ]; then
# Use a "sub process" to start a new shell to run these commands
# Allow to use only one "cd" and to be more efficent
(
# Move to the dokuwiki installation folder so the "official" commands can be used without adaptation
cd $final_path
# This command could not remove directory
#grep -Ev '^($|#)' data/deleted.files | xargs -n 1 rm -vf
# => "rm: cannot remove 'vendor/easybook/geshi': Is a directory"
# That one works as expected
grep -Ev '^($|#)' data/deleted.files | xargs -n 1 rm -fr
)
fi
# TODO Taken from old "upgrade" script. Should check if it is needed and what it does
# Update all plugins
for name_plugin in $(sudo -s cat $final_path/lib/plugins/*/plugin.info.txt | grep url | awk -F':' '{print $3}');
do
# Get a official plugin for dokuwiki, not update a no-official
sudo wget -nv --quiet "https://github.com/splitbrain/dokuwiki-plugin-${name_plugin}/zipball/master" -O "${name_plugin}.zip" -o /dev/null || true
if [ -s "${name_plugin}.zip" ]; then
sudo unzip ${name_plugin}.zip
sudo cp -a splitbrain-dokuwiki-plugin-${name_plugin}*/. "${final_path}/lib/plugins/${name_plugin}/"
fi
done
#=================================================
#=================================================
# LDAP Configuration
#=================================================
# Verify if existing file needs to be upgraded by comparing it's size to new file from package
# If different, do a backup of existing file and overwrite with new file
#
# Safe here as this file is only used by Yunohost. Dokuwiki cannot modified it.
ynh_backup_if_checksum_is_different "$final_path/conf/local.protected.php"
# Set the "admin" user
ynh_replace_string "__YNH_ADMIN_USER__" "$admin" "../conf/local.protected.php"
cp ../conf/local.protected.php $final_path/conf
# This File cannot be modified directly by Dokuwiki, only by hand or by Yunohost
# It will only be updated by Yunohost package or directly by adventurous users
# Recalculate and store the config file checksum into the app settings
ynh_store_file_checksum "$final_path/conf/local.protected.php"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Try to use "least privilege" to grant minimal access
# For details, see https://www.dokuwiki.org/install:permissions
# Files owned by DokuWiki can just read
chown -R root: $final_path
# DokuWiki needs to write inside these folders. Do "DokuWiki" owner
chown $app:root $final_path/conf
chown $app:root $final_path/inc
# Do "DokuWiki" owner of configuration files that must be writable
chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
chown $app:root $final_path/inc/preload.php
# Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# There are only files in the folder and there is sublevels. No need to use "find"
chmod -R a+r $final_path/conf
chmod -R a+r $final_path/inc
# Give write access to "data" and subfolders
chown -R $app:root $final_path/data
# Remove access to "other"
chmod -R o-rwx $final_path/data
# Allow the web admin panel to run, aka "Extension Manager"
chown -R $app:root $final_path/lib/plugins
# Allow to install templates
chown -R $app:root $final_path/lib/tpl
# Allow access to public assets like style sheets
find $final_path/lib -type f -print0 | xargs -0 chmod 0644
find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# Using "find" instead of "chmod -R 755" so files does not become executable too
# chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
#=================================================
# SETUP SSOWAT
#=================================================
if [ $is_public -eq 0 ]
then # Remove the public access
ynh_app_setting_delete $app skipped_uris
fi
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway
ynh_app_setting_set $app unprotected_uris "/"
fi
#=================================================
# RELOAD NGINX
#=================================================
systemctl reload nginx
Reference in a new issue View git blame Copy permalink