From b0832486c25a410fdf814e3ba55b85c8c6a6278e Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 5 Aug 2021 02:21:46 +0200 Subject: [PATCH] Apply last example_ynh --- check_process | 17 +--- doc/.gitkeep | 0 doc/DISCLAIMER.md | 70 ++++++++++++++ doc/DISCLAIMER_fr.md | 69 +++++++++++++ doc/screenshots/.gitkeep | 0 manifest.json | 21 ++-- scripts/_common.sh | 2 - scripts/backup | 17 ++-- scripts/change_url | 42 ++++---- scripts/install | 137 ++++++++++++-------------- scripts/remove | 26 ++--- scripts/restore | 61 ++++++------ scripts/upgrade | 203 +++++++++++++++------------------------ 13 files changed, 354 insertions(+), 311 deletions(-) create mode 100644 doc/.gitkeep create mode 100644 doc/DISCLAIMER.md create mode 100644 doc/DISCLAIMER_fr.md create mode 100644 doc/screenshots/.gitkeep diff --git a/check_process b/check_process index b9d9af3..39df2df 100644 --- a/check_process +++ b/check_process @@ -1,14 +1,9 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - is_public=1 (PUBLIC|public=1|private=0) - port="666" (PORT) + domain="domain.tld" + path="/path" + is_public=1 + port="666" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -21,9 +16,6 @@ multi_instance=0 port_already_use=1 change_url=1 -;;; Levels - # If the level 5 (Package linter) is forced to 1. Please add justifications here. - Level 5=auto ;;; Options Email= Notification=none @@ -31,4 +23,3 @@ Notification=none ; commit=CommitHash name=Name and date of the commit. manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666& - diff --git a/doc/.gitkeep b/doc/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..90dfff6 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,70 @@ +Domoticz is a Home Automation system design to control various devices and receive input from various sensors. +For example this system can be used with: + +-Light switches + +-Door sensors + +-Doorbells + +-Security devices + +-Weather sensors like: UV/Rain/Wind Meters + +-Temperature Sensors + +-Pulse Meters + +-Voltage / AD Meters + +-And more ... + + +**Shipped version:** Always the last stable one. The last compiled version is retrieved from [this directory](https://releases.domoticz.com/releases/?dir=./beta) +Once installed, **updates from the uptream app are managed from within the app.**. Yunohost upgrade script will only upgrade the Yunohost package. + + +## Configuration + +### Sensors, language and this kind of stuff +Main configuration of the app take place inside the app itself. + +### Access and API +By default, access for the [JSON API](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) is allowed on following path `/yourdomain.tld/api_/domoticzpath`. +So if you access domoticz via https://mydomainname.tld/domoticz, use the following webpath for the api : `/mydomainname.tld/api_/domoticz/json.htm?yourapicommand` + +By default, only sensor updates and switch toogle are authorized. To authorized a new command, you have (for now) to manually update the nginx config file : +```` +sudo nano /etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf +```` +Then edit the following block by adding the regex of the command you want to allow: +```` + #set the list of authorized json command here in regex format + #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's + #By default, sensors updates and toggle switch are authorized + if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { + set $api "1"; + } +```` +For example, to add the json command to retrieve the status of a device (/json.htm?type=devices&rid=IDX),modify the line as this: +```` + #set the list of authorized json command here in regex format + #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's + #By default, sensors updates and toggle switch are authorized + if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) { + set $api "1"; + } +```` + +All IPv4 addresses within the local network (192.168.0.0/24) and *all IPv6* addresses are authorized as API. +As far as I know, there is no way to filter for IPv6 address on local network : You may remove the authorization by removing or commenting this line in `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`: +```` +allow ::/1; +```` +This will authorized only IPv4 within local network to access your domoticz API. +You may add individual IPv6 address in the same way. + +## Limitations + +* No user management nor LDAP integration This function is [not planned to be implemented into the app](https://github.com/domoticz/domoticz/issues/838), hence it's not planned into the package neither. +* Backup cannot be restored on a different machine type (arm, x86...) as compiled sources are different diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md new file mode 100644 index 0000000..0183f4d --- /dev/null +++ b/doc/DISCLAIMER_fr.md @@ -0,0 +1,69 @@ +Domoticz est un système de domotique permettant de controler différents objets et de recevoir des données de divers senseurs +Il peut par exemple être utilisé avec : + +-des interrupteurs + +-des senseurs de portes + +-des sonnettes d'entrées + +-des systèmes de sécurité + +-des stations météo pour les UV, la pluie, le vent... + +-des sondes de températures + +-des sondes d'impulsions + +-des voltmètres + +-Et bien d'autres + +**Version incluse :** Toujours la dernière version stable. La dernière version compilée est récupérée dans [ce répertoire](https://releases.domoticz.com/releases/?dir=./beta) +Une fois installée, **les mises à jour de l'application sont gérées depuis les menus de l'application elle même.**. Le script de mise à jour Yunohost mettra uniquement à jour de nouvelles version du package. + +## Configuration + +### Senseurs, langue et ce genre de choses +Toute la configuration de l'application a lieu dans l'application elle même +Main configuration of the app take place inside the app itself. + +### Accès et API +Par défaut, l'accès aux [API JSON](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) est autorisé sur cette URL `/votredomaine.tld/api_/chemindedomoticz`. +Donc, si vous accédez à domoticz par https://votredomaine.tld/domoticz, utilisez le chemin suivant pour l'api: `/votredomaine.tld/api_/domoticz/json.htm?votrecommandeapi` + +Par défaut, seuls la mise à jour de senseur et les interrupteurs sont autorisés. Pour autoriser une nouvelle commande, vous devez (pour l'instant) manuellement éditer le fichier de configuration nginx : +```` +sudo nano /etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf +```` +Puis éditer le bloc suivant en y ajoutant le regex de la commmande à autoriser : +```` + #set the list of authorized json command here in regex format + #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's + #By default, sensors updates and toggle switch are authorized + if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { + set $api "1"; + } +```` +Par exemple, pour ajouter la commmande json pour retrouver le statut d'un équipement (/json.htm?type=devices&rid=IDX),il faut modifier la ligne comme ceci: +```` + #set the list of authorized json command here in regex format + #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's + #By default, sensors updates and toggle switch are authorized + if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) { + set $api "1"; + } +```` + +Toutes les adresses IPv4 du réseau local (192.168.0.0/24) et toutes les adresses IPv6 sont autorisées pour l'API. +A ma connaissance, il n'y a pas moyen d'effectuer un filtre pour les adresses IPv6 sur le réseau local, vous pouvez donc retirer leur autorisation en enlevant ou en commentant la ligne suivante dans `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`: +```` +allow ::/1; +```` +Ceci autorisera seulement les adresses IPv4 local a accéder aux API de domoticz. +Vous pouvez ajouter des adresses IPv6 de la même façon. + +## Limitations + +* Pas de gestion d'utilisateurs ni d'intégration LDAP. L'application ne [prévoit pas de gérer les utilisateurs par LDAP](https://github.com/domoticz/domoticz/issues/838), donc le package non plus. +* Un backup ne peut pas être restauré sur un type de machine différente de celle d'origine (x86, arm...) car les sources compilées doivent être différente diff --git a/doc/screenshots/.gitkeep b/doc/screenshots/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/manifest.json b/manifest.json index f461f3b..d985f8a 100644 --- a/manifest.json +++ b/manifest.json @@ -8,13 +8,20 @@ }, "version": "2020.2~ynh2", "url": "https://www.domoticz.com", + "upstream": { + "license": "free", + "website": "https://domoticz.com/", + "admindoc": "https://www.domoticz.com/wiki/Main_Page", + "userdoc": "https://www.domoticz.com/DomoticzManual.pdf", + "code": "https://github.com/domoticz/domoticz" + }, "license": "GPL-3.0-or-later", "maintainer": { "name": "Krakinou", "email": "misterl56@hotmail.com" }, "requirements": { - "yunohost": ">= 4.0" + "yunohost": ">= 4.1.3" }, "multi_instance": false, "services": [ @@ -25,29 +32,17 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain name for domoticz", - "fr": "Choisissez un nom de domaine pour domoticz" - }, "example": "example.com" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for domoticz", - "fr": "Choisissez un chemin pour domoticz" - }, "example": "/domoticz", "default": "/domoticz" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "default": false, "help": "Attention, cette application n'a pas de gestion d'utilisateur par défaut, si vous la mettez public, n importe qui y aura accès!" } diff --git a/scripts/_common.sh b/scripts/_common.sh index 723d20f..c63ef5d 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -9,7 +9,6 @@ #other dependencies are from standard install script... seems quite useles... pkg_dependencies="libudev-dev python3-dev" - #ALL FOLLOWING LINE FROM THE upstream bash installation script DEBIAN_ID=$(grep -oP '(?<=^ID=).+' /etc/*-release | tr -d '"') DEBIAN_VERSION=$(grep -oP '(?<=^VERSION_ID=).+' /etc/*-release | tr -d '"') @@ -33,7 +32,6 @@ then fi SHA256=$(wget -qO- https://releases.domoticz.com/releases/release/domoticz_${OS}_${MACH}.tgz.sha256sum | sed 's/ update.tgz//' | sed 's/ domoticz_linux_x86_64.tgz//') - #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 2a8c212..a5de8bc 100755 --- a/scripts/backup +++ b/scripts/backup @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -15,8 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -36,11 +35,6 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) #================================================= ynh_print_info --message="Declaring files to be backed up..." -### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs -### to be backuped and not an actual copy of any file. The actual backup that -### creates and fill the archive with the files happens in the core after this -### script is called. Hence ynh_backups calls takes basically 0 seconds to run. - #================================================= # BACKUP THE APP MAIN DIR #================================================= @@ -60,7 +54,6 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= ynh_backup --src_path="/etc/logrotate.d/$app" -ynh_backup --src_path="/etc/sudoers.d/$app" #================================================= # BACKUP SYSTEMD @@ -68,6 +61,12 @@ ynh_backup --src_path="/etc/sudoers.d/$app" ynh_backup --src_path="/etc/systemd/system/$app.service" +#================================================= +# BACKUP VARIOUS FILES +#================================================= + +ynh_backup --src_path="/etc/sudoers.d/$app" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/change_url b/scripts/change_url index 4656f85..3e5cf97 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -19,13 +19,12 @@ old_path=$YNH_APP_OLD_PATH new_domain=$YNH_APP_NEW_DOMAIN new_path=$YNH_APP_NEW_PATH - app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) @@ -41,17 +40,18 @@ fi #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --weight=5 +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { + ynh_clean_check_starting # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script @@ -85,25 +85,24 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." --weight=1 +ynh_script_progression --message="Updating NGINX web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf -# Change the path in the nginx config file +# Change the path in the NGINX config file if [ $change_path -eq 1 ] then - # Make a backup of the original nginx config file if modified + # Make a backup of the original NGINX config file if modified ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for nginx helper + # Set global variables for NGINX helper domain="$old_domain" path_url="$new_path" api_path="$new_api" - # Create a dedicated nginx config - # Create a dedicated nginx config - ynh_add_nginx_config "api_path" + # Create a dedicated NGINX config + ynh_add_nginx_config fi -# Change the domain for nginx +# Change the domain for NGINX if [ $change_domain -eq 1 ] then # Delete file checksum for the old conf file location @@ -116,34 +115,29 @@ fi #================================================= # SPECIFIC MODIFICATIONS #================================================= -# ... -#================================================= - -#================================================= -# GENERIC FINALISATION -#================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 +ynh_script_progression --message="Upgrading SSOwat configuration..." # If the app is private, API should stays publicly accessible. ynh_app_setting_delete --app=$app --key="api_path" ynh_app_setting_set --app=$app --key="api_path" --value=$new_api ynh_permission_url --permission domoticz_API --url "$new_domain$new_api" - +#================================================= +# GENERIC FINALISATION #================================================= # START SYSTEMD SERVICE #================================================= - ynh_script_progression --message="Starting a systemd service..." --weight=2 +# Start a systemd service ynh_systemd_action --service_name=$app --action="start" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload @@ -151,4 +145,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app"--last +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index 893d739..edddfe5 100755 --- a/scripts/install +++ b/scripts/install @@ -14,8 +14,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -27,6 +26,7 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC + app=$YNH_APP_INSTANCE_NAME #Set dedicated variables @@ -38,24 +38,21 @@ fi #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 +ynh_script_progression --message="Validating installation parameters..." final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url -#ynh_webpath_register --app=$app --domain=$domain --path_url=$api_path - #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 +ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=is_public --value=$is_public #Will be used in restore script to check that we're restoring on the same OS/Board type ynh_app_setting_set --app=$app --key=OS --value=$OS @@ -64,12 +61,12 @@ ynh_app_setting_set --app=$app --key=mach --value=$MACH #path used by api to read/update domoticz ynh_app_setting_set --app=$app --key=api_path --value=$api_path - #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= +ynh_script_progression --message="Finding an available port..." # Find an available port port=$(ynh_find_port --port=8080) @@ -82,43 +79,14 @@ ynh_script_progression --message="Installing dependencies..." --weight=15 ynh_install_app_dependencies $pkg_dependencies -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= -ynh_script_progression --message="Setting up source files..." --weight=5 - -ynh_app_setting_set --app=$app --key=final_path --value=$final_path -# Download, check integrity, uncompress and patch the source from app.src -# Create an app.src for the correct version of domoticz -# match string are fulfilled in _common.sh via the upstream bash installation script -cp ../conf/app.src.default ../conf/app.src -ynh_replace_string --match_string="__OS__" --replace_string="$OS" --target_file="../conf/app.src" -ynh_replace_string --match_string="__MACH__" --replace_string="$MACH" --target_file="../conf/app.src" -ynh_replace_string --match_string="__SHA256_SUM__" --replace_string="$SHA256" --target_file="../conf/app.src" - -ynh_setup_source --dest_dir="$final_path" -#Create the database file -if [ ! -f $final_path/domoticz.db ]; then - touch $final_path/domoticz.db - chmod 644 $final_path/domoticz.db -fi - - -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring nginx web server..." --weight=2 - -# Create a dedicated nginx config -ynh_add_nginx_config "api_path" - #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 +ynh_script_progression --message="Configuring system user..." # Create a system user -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir=$final_path + #allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus if grep dialout -q < /etc/group; then usermod -a -G dialout $app @@ -136,47 +104,59 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil mv ../conf/$app.conf /etc/sudoers.d/$app chmod 440 /etc/sudoers.d/$app +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= +ynh_script_progression --message="Setting up source files..." --weight=5 + +ynh_app_setting_set --app=$app --key=final_path --value=$final_path +# Download, check integrity, uncompress and patch the source from app.src +# Create an app.src for the correct version of domoticz +# match string are fulfilled in _common.sh via the upstream bash installation script +cp ../conf/app.src.default ../conf/app.src +ynh_replace_string --match_string="__OS__" --replace_string="$OS" --target_file="../conf/app.src" +ynh_replace_string --match_string="__MACH__" --replace_string="$MACH" --target_file="../conf/app.src" +ynh_replace_string --match_string="__SHA256_SUM__" --replace_string="$SHA256" --target_file="../conf/app.src" + +ynh_setup_source --dest_dir="$final_path" + +#Create the database file +if [ ! -f $final_path/domoticz.db ]; then + touch $final_path/domoticz.db + chmod 644 $final_path/domoticz.db +fi + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring NGINX web server..." --weight=2 + +# Create a dedicated NGINX config +ynh_add_nginx_config + #================================================= # SPECIFIC SETUP -#================================================= -#create log path and assing permission -#================================================= - -mkdir -p /var/log/$app -chown -R domoticz: /var/log/$app - - #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=1 +ynh_script_progression --message="Configuring a systemd service..." # Create a dedicated systemd config -ynh_add_systemd_config --others_var="port" - -#ynh_store_file_checksum --file="$final_path/CONFIG_FILE" - - +ynh_add_systemd_config #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -### For security reason, any app should set the permissions to root: before anything else. -### Then, if write authorization is needed, any access should be given only to directories -### that really need such authorization. - -# Set permissions to app files -#chown -R root: $final_path -#Both folder and database file must be own by app user for domoticz to work and allow internal upgrade -chown -R $app: $final_path - #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 +ynh_script_progression --message="Configuring log rotation..." + +mkdir -p /var/log/$app +chown -R domoticz: /var/log/$app # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -184,37 +164,38 @@ ynh_use_logrotate #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app --description "Domotique open sources" --log "/var/log/$app/$app.log" +yunohost service add $app --description="Domotique open sources" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name=$app --action="start" -# --log_path="/var/log/$app/$app.log" #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." --weight=1 +ynh_script_progression --message="Configuring permissions..." # Make app public if necessary -if [ $is_public -eq 1 ]; then - ynh_permission_update --permission "main" --add visitors +if [ $is_public -eq 1 ] +then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi + #API should stay publicly accessible. ynh_permission_create --permission="domoticz_API" --url="$domain$api_path" --allowed="visitors" - - #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/remove b/scripts/remove index 942dcff..fab2a91 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -28,17 +28,17 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -# Remove the service from the list of services known by Yunohost (added from `yunohost service add`) +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then - ynh_script_progression --message="Removing $app service integration..." --weight=1 + ynh_script_progression --message="Removing $app service integration..." yunohost service remove $app fi #================================================= # STOP AND REMOVE SERVICE #================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 +ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config @@ -63,15 +63,15 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." --weight=1 +ynh_script_progression --message="Removing NGINX web server configuration..." -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 +ynh_script_progression --message="Removing logrotate configuration..." # Remove the app-specific logrotate config ynh_remove_logrotate @@ -81,24 +81,24 @@ ynh_remove_logrotate #================================================= # REMOVE VARIOUS FILES #================================================= +ynh_script_progression --message="Removing various files..." # Remove the log files -ynh_secure_remove --file="/var/log/$app/" +ynh_secure_remove --file="/var/log/$app" + +#Delete the sudoer file +ynh_secure_remove --file="/etc/sudoers.d/$app" #================================================= # GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -#Delete the sudoer file -ynh_secure_remove --file="/etc/sudoers.d/$app" +ynh_script_progression --message="Removing the dedicated system user..." # Delete a system user ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 0819a10..ed42ed4 100755 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -15,8 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - #### Remove this function if there's nothing to clean before calling the remove script. - true + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -24,7 +23,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -38,7 +37,7 @@ api_path=$(ynh_app_setting_get --app=$app --key=api_path) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 +ynh_script_progression --message="Validating restoration parameters..." ynh_webpath_available --domain=$domain --path_url=$path_url \ || ynh_die --message="Path not available: ${domain}${path_url}" @@ -59,38 +58,18 @@ test "$backup_mach" = "$MACH" \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=5 - -ynh_restore_file --origin_path="$final_path" - #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 +ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir=$final_path - - -#Restore user authorization to restart server -ynh_restore_file --origin_path="/etc/sudoers.d/$app" - - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Set permissions to app files -#chown -R root: $final_path -#Both folder and database file must be own by app user for domoticz to work and allow internal upgrade -chown -R $app: $final_path #allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus if grep dialout -q < /etc/group; then usermod -a -G dialout $app @@ -102,6 +81,19 @@ if grep gpio -q < /etc/group; then usermod -a -G gpio $app fi +#Restore user authorization to restart server +ynh_restore_file --origin_path="/etc/sudoers.d/$app" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=5 + +ynh_restore_file --origin_path="$final_path" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" #================================================= # SPECIFIC RESTORATION @@ -124,21 +116,24 @@ systemctl enable $app.service --quiet #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app --description "Domotique open sources" --log "/var/log/$app/$app.log" +yunohost service add $app --description="Domotique open sources" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." + +mkdir -p /var/log/$app +chown -R domoticz: /var/log/$app ynh_restore_file --origin_path="/etc/logrotate.d/$app" @@ -147,7 +142,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=3 +ynh_script_progression --message="Reloading NGINX web server..." --weight=3 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 0e79ddf..e76b59d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,7 +22,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) current_OS=$(ynh_app_setting_get --app=$app --key=OS) @@ -32,20 +31,50 @@ api_path=$(ynh_app_setting_get --app=$app --key=api_path) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."0 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + ynh_clean_check_starting + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=2 + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." +#ugly hack so that existing backup for previous version work +current_upstream_version=$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$app/manifest.json") +current_package_version=$(ynh_app_package_version --manifest="/etc/yunohost/apps/$app/manifest.json") +if version_gt "4.9701" "$current_upstream_version" && version_gt "2" $current_package_version ; then + touch /etc/cron.d/$app +fi + +#remove ugly hack +if [ -f /etc/cron.d/$app ]; then + rm /etc/cron.d/$app +fi # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then @@ -86,6 +115,12 @@ if [ -z "$api_path" ]; then ynh_app_setting_set --app=$app --key=api_path --value=$api_path fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi # Create the permission "domoticz_API" only if it doesn't exist. if ! ynh_permission_exists --permission="domoticz_API" @@ -94,42 +129,30 @@ then ynh_permission_create --permission="domoticz_API" --url="$domain$api_path" --allowed="visitors" fi - #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=10 +ynh_script_progression --message="Making sure dedicated system user exists..." -#ugly hack so that existing backup for previous version work -current_upstream_version=$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$app/manifest.json") -current_package_version=$(ynh_app_package_version --manifest="/etc/yunohost/apps/$app/manifest.json") -if version_gt "4.9701" "$current_upstream_version" && version_gt "2" $current_package_version ; then - touch /etc/cron.d/$app +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir=$final_path + +#allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus +if grep dialout -q < /etc/group; then + usermod -a -G dialout $app +fi +if grep i2c -q < /etc/group; then + usermod -a -G i2c $app +fi +if grep gpio -q < /etc/group; then + usermod -a -G gpio $app fi -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} - -#remove ugly hack -if [ -f /etc/cron.d/$app ]; then - rm /etc/cron.d/$app -fi - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=2 - -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +#allow app user to restart service on startup +cp ../conf/sudoer ../conf/$app.conf +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/$app.conf" +mv ../conf/$app.conf /etc/sudoers.d/$app +chmod 440 /etc/sudoers.d/$app #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -152,13 +175,17 @@ then fi fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1 +ynh_script_progression --message="Upgrading NGINX web server configuration..." -# Create a dedicated nginx config -ynh_add_nginx_config "api_path" +# Create a dedicated NGINX config +ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES @@ -167,76 +194,25 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=5 ynh_install_app_dependencies $pkg_dependencies -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app -#allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus -if grep dialout -q < /etc/group; then - usermod -a -G dialout $app -fi -if grep i2c -q < /etc/group; then - usermod -a -G i2c $app -fi -if grep gpio -q < /etc/group; then - usermod -a -G gpio $app -fi - -#allow app user to restart service on startup -cp ../conf/sudoer ../conf/$app.conf -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/$app.conf" -mv ../conf/$app.conf /etc/sudoers.d/$app -chmod 440 /etc/sudoers.d/$app - #================================================= # SPECIFIC UPGRADE -#================================================= -# ... -#================================================= - -mkdir -p /var/log/$app -chown -R domoticz: /var/log/$app - - #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression --message="Upgrading systemd configuration..." # Create a dedicated systemd config -ynh_add_systemd_config --others_var="port" - -#================================================= -# MODIFY A CONFIG FILE -#================================================= - -### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. -### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. -#ynh_backup_if_checksum_is_different --file="$final_path/CONFIG_FILE" - -#ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE" - -# Recalculate and store the checksum of the file for the next upgrade. -#ynh_store_file_checksum --file="$final_path/CONFIG_FILE" +ynh_add_systemd_config #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -#chown -R root: $final_path -#Both folder and database file must be own by app user for domoticz to work and allow internal upgrade -chown -R $app: $final_path - #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 +ynh_script_progression --message="Upgrading logrotate configuration..." + +mkdir -p /var/log/$app +chown -R domoticz: /var/log/$app # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append @@ -244,9 +220,9 @@ ynh_use_logrotate --non-append #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app --description "Domotique open sources" --log "/var/log/$app/$app.log" +yunohost service add $app --description="Domotique open sources" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE @@ -255,40 +231,15 @@ ynh_script_progression --message="Starting a systemd service..." --weight=3 ynh_systemd_action --service_name=$app --action="start" -#================================================= -# UPGRADE FAIL2BAN -#================================================= -#ynh_script_progression --message="Reconfiguring fail2ban..." --time --weight=1 - -# Create a dedicated fail2ban config -#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_permission_update --permission "main" --add visitors -fi - #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload - - - #================================================= # END OF SCRIPT #================================================= - - ynh_script_progression --message="Upgrade of $app completed" --last