From 29165afb1f259d7917e540acca844ee231eb83d0 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 27 Jan 2019 23:36:59 +0100 Subject: [PATCH 01/13] WIP Update scripts --- conf/app.src | 6 + conf/nginx.conf | 42 +++-- conf/php-fpm.conf | 403 ++++++++++++++++++++++++++++++++++++++++++++++ manifest.json | 16 +- scripts/install | 168 ++++++++++++------- scripts/remove | 67 ++++++-- 6 files changed, 605 insertions(+), 97 deletions(-) create mode 100644 conf/app.src create mode 100644 conf/php-fpm.conf diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..7cdfd5e --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=http://download.dotclear.org/latest/dotclear-2.14.3.tar.gz +SOURCE_SUM=c71fac022028b399ae4560a34da85f38 +SOURCE_SUM_PRG=md5sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME=dotclear-2.14.3.tar.gz \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf index 69138e8..f3efc46 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,16 +1,28 @@ -location YNH_WWW_PATH { - alias YNH_WWW_ALIAS; - index index.php; - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - } +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; -} + # Path to source + alias __FINALPATH__/ ; + + # Force usage of https + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + index index.php; + + try_files $uri $uri/ index.php; + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; +} \ No newline at end of file diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf new file mode 100644 index 0000000..03ce220 --- /dev/null +++ b/conf/php-fpm.conf @@ -0,0 +1,403 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[__NAMETOCHANGE__] + +; Per pool prefix +; It only applies on the following directives: +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock + +; Set listen(2) backlog. A value of '-1' means unlimited. +; Default Value: 128 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 128 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_slowlog_timeout = 5s + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = __FINALPATH__ + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +catch_workers_output = yes + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M + +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On \ No newline at end of file diff --git a/manifest.json b/manifest.json index f5cd67b..2a88c29 100644 --- a/manifest.json +++ b/manifest.json @@ -13,10 +13,10 @@ }, "multi_instance": "false", "arguments": { - "install" : [ + "install": [ { "name": "domain", - "type": "domain", + "type": "domain", "ask": { "en": "Choose a domain for DotClear 2" }, @@ -24,7 +24,7 @@ }, { "name": "path", - "type": "path", + "type": "path", "ask": { "en": "Choose a path for DotClear 2" }, @@ -33,21 +33,21 @@ }, { "name": "admin", - "type": "user", + "type": "user", "ask": { "en": "Choose a yunohost user as dotclear admin" } }, { "name": "password", + "type": "password", "ask": { "en": "Choose a dotclear password for this user, at least 6 characters" - }, - "example": "verysecret_dotclear_password" + } }, { "name": "is_public", - "type": "boolean", + "type": "boolean", "ask": { "en": "Is it a public application ?" }, @@ -55,4 +55,4 @@ } ] } -} +} \ No newline at end of file diff --git a/scripts/install b/scripts/install index 9acd146..64bcba2 100755 --- a/scripts/install +++ b/scripts/install @@ -1,81 +1,133 @@ #!/bin/bash -# DotClear 2 installation script for YunoHost + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= app=$YNH_APP_INSTANCE_NAME domain=$YNH_APP_ARG_DOMAIN -path=$YNH_APP_ARG_PATH - -# Check domain/path availability asap -check=`sudo yunohost app checkurl $domain$path -a $app` -if [ ! $? -eq 0 ] -then - echo $check - exit 1 -fi - -admin=$3 -admin_password=$4 +path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC +admin=$YNH_APP_ARG_ADMIN +password=$YNH_APP_ARG_PASSWORD + + +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= + +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" + +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) + +# Register (book) web path +ynh_webpath_register $app $domain $path_url + +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= + +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app is_public $is_public +ynh_app_setting_set $app admin $admin +ynh_app_setting_set $app password $password + +#================================================= +# CREATE A MYSQL DATABASE +#================================================= + +db_name=$(ynh_sanitize_dbid $app) +ynh_app_setting_set $app db_name $db_name +ynh_mysql_setup_db $admin $db_name + +db_pwd=$(ynh_app_setting_get $app db_pwd) + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +ynh_app_setting_set $app final_path $final_path +ynh_setup_source $final_path + +mv $final_path/dotclear/* $final_path/ +rmdir $final_path/dotclear + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +php_config=$final_path/inc/config.php + +echo $(ls $final_path) -directory=/var/www/$app -php_config=$directory/inc/config.php master_key=`dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d '[A-Za-z0-9]' | sed -n 's/\(.\{24\}\).*/\1/p'` firstname=`sudo yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n'` lastname=`sudo yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n'` email=`sudo yunohost user info $admin | grep mail: | cut -d' ' -f2 | tr -d '\n'` timezone=`cat /etc/timezone | tr -d '\n'` -# Save app settings -sudo yunohost app setting $app admin -v "$admin" -sudo yunohost app setting $app admin_password -v "$admin_password" -sudo yunohost app setting $app is_public -v "$is_public" - -# Make sure we got the tools we need for this install -sudo apt-get install -y curl wget sed - -# Initialize database and store mysql password for upgrade -db_password=`sudo yunohost app initdb $app | tr -d '\n'` -sudo yunohost app setting $app db_password -v $db_password - -# Get sources -sudo wget -nv http://download.dotclear.org/latest.tar.gz -O $app.tgz -sudo tar xf $app.tgz -sudo mv dotclear $directory -sudo rm -f $app.tgz sudo cp $php_config.in $php_config -sudo chown www-data:www-data -R $directory # Config as if we called in admin/install/wizard.php -sudo sed -i -e "s;'DC_DBDRIVER', '';'DC_DBDRIVER', 'mysqli';" -e "s;'DC_DBHOST', '';'DC_DBHOST', 'localhost';" -e "s;'DC_DBUSER', '';'DC_DBUSER', '$app';" -e "s;'DC_DBPASSWORD', '';'DC_DBPASSWORD', '$db_password';" -e "s;'DC_DBNAME', '';'DC_DBNAME', '$app';" -e "s;'DC_MASTER_KEY', '';'DC_MASTER_KEY', '$master_key';" -e "s;'DC_ADMIN_URL', '';'DC_ADMIN_URL', 'https://$domain$path/admin/index.php';" -e "s;'DC_ADMIN_MAILFROM', '';'DC_ADMIN_MAILFROM', '$email';" $php_config +sudo sed -i -e "s;'DC_DBDRIVER', '';'DC_DBDRIVER', 'mysqli';" -e "s;'DC_DBHOST', '';'DC_DBHOST', 'localhost';" -e "s;'DC_DBUSER', '';'DC_DBUSER', '$app';" -e "s;'DC_DBPASSWORD', '';'DC_DBPASSWORD', '$db_pwd';" -e "s;'DC_DBNAME', '';'DC_DBNAME', '$db_name';" -e "s;'DC_MASTER_KEY', '';'DC_MASTER_KEY', '$master_key';" -e "s;'DC_ADMIN_URL', '';'DC_ADMIN_URL', 'https://$domain$path_url/admin/index.php';" -e "s;'DC_ADMIN_MAILFROM', '';'DC_ADMIN_MAILFROM', '$email';" $php_config # Modify Nginx configuration file and copy it to Nginx conf directory -sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf -sed -i "s@YNH_WWW_ALIAS@$directory/@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf -sudo /etc/init.d/nginx reload - -# Removing protection like a public app to finish installation -sudo yunohost app setting $app unprotected_uris -v "/" -sudo yunohost app ssowatconf # Setting first user details and filling database calling admin/install/index.php -success=`curl -L --cacert /etc/yunohost/certs/$domain/ca.pem -F "u_email=$email" -F "u_firstname=$firstname" -F "u_name=$lastname" -F "u_login=$admin" -F "u_pwd=$admin_password" -F "u_pwd2=$admin_password" -F "u_date=$timezone" https://$domain$path/admin/install/index.php` -# success=`curl -L --cacert /etc/yunohost/certs/$domain/ca.pem -H 'Host: $domain' -X POST --data '?u_email=$EMAIL&u_firstname=$FIRSTNAME&u_name=$NAME&u_login=$LOGIN&u_pwd=$admin_password&u_pwd2=$admin_password&u_date=$timezone' https://$domain$path/admin/install/index.php` +success=`curl -L --cacert /etc/yunohost/certs/$domain/ca.pem -F "u_email=$email" -F "u_firstname=$firstname" -F "u_name=$lastname" -F "u_login=$admin" -F "u_pwd=$password" -F "u_pwd2=$password" -F "u_date=$timezone" https://$domain$path_url/admin/install/index.php` -# Now that we curl'ed the setup we can lock the UI if it's private -# If app is public, leave as it is -if [ $is_public -eq 0 ]; +#================================================= +# SETUP SSOWAT +#================================================= + +# Make app public if necessary +if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - sudo yunohost app setting $app protected_uris -v "/" - sudo yunohost app ssowatconf + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set $app unprotected_uris "/" fi -# Success or not success -if [ `echo $success | grep -c success` -gt 0 ] -then - echo Installation OK, $app should be available here https://$domain$path/ -else - echo Using curl to finish setup failed, open https://$domain$path/admin/install/index.php and do it yourself -fi -exit 0 +#================================================= +# RELOAD NGINX +#================================================= +systemctl reload nginx \ No newline at end of file diff --git a/scripts/remove b/scripts/remove index 74b000b..69f1d24 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,24 +1,59 @@ #!/bin/bash -# DotClear 2 remove script for YunoHost -app=dotclear2 +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME # Retrieve arguments -domain=$(sudo yunohost app setting $app domain) -path=$(sudo yunohost app setting $app path) -admin=$(sudo yunohost app setting $app admin) -is_public=$(sudo yunohost app setting $app is_public) -root_pwd=$(sudo cat /etc/yunohost/mysql) +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) +db_user=$db_name +final_path=$(ynh_app_setting_get $app final_path) -# Remove sources -sudo rm -rf /var/www/$app +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= -# Remove configuration files -sudo rm -f /etc/nginx/conf.d/$domain.d/$app.conf +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db $db_user $db_name -# Remove database -mysql -u root -p$root_pwd -e "DROP DATABASE $app ; DROP USER $app@localhost ;" +#================================================= +# REMOVE APP MAIN DIR +#================================================= -# Restart services -sudo /etc/init.d/nginx reload -sudo yunohost app ssowatconf +# Remove the app directory securely +ynh_secure_remove "$final_path" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= + +# Delete a system user +ynh_system_user_delete $app \ No newline at end of file From eca913a446147c752bd47d8aef823b17fa5fba57 Mon Sep 17 00:00:00 2001 From: Kayou Date: Mon, 28 Jan 2019 01:52:20 +0100 Subject: [PATCH 02/13] Fix install and rework script --- conf/app.src | 3 +-- conf/php-fpm.conf | 2 +- scripts/install | 32 ++++++++++++++++++++++++++------ 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/conf/app.src b/conf/app.src index 7cdfd5e..bab6d17 100644 --- a/conf/app.src +++ b/conf/app.src @@ -2,5 +2,4 @@ SOURCE_URL=http://download.dotclear.org/latest/dotclear-2.14.3.tar.gz SOURCE_SUM=c71fac022028b399ae4560a34da85f38 SOURCE_SUM_PRG=md5sum SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=dotclear-2.14.3.tar.gz \ No newline at end of file +SOURCE_IN_SUBDIR=true \ No newline at end of file diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 03ce220..bf04ce6 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -30,7 +30,7 @@ group = __USER__ ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. A value of '-1' means unlimited. ; Default Value: 128 (-1 on FreeBSD and OpenBSD) diff --git a/scripts/install b/scripts/install index 64bcba2..60a1df3 100755 --- a/scripts/install +++ b/scripts/install @@ -61,9 +61,9 @@ ynh_app_setting_set $app password $password db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name -ynh_mysql_setup_db $admin $db_name +ynh_mysql_setup_db $app $db_name -db_pwd=$(ynh_app_setting_get $app db_pwd) +db_pwd=$(ynh_app_setting_get $app mysqlpwd) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -98,8 +98,6 @@ ynh_add_fpm_config php_config=$final_path/inc/config.php -echo $(ls $final_path) - master_key=`dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d '[A-Za-z0-9]' | sed -n 's/\(.\{24\}\).*/\1/p'` firstname=`sudo yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n'` lastname=`sudo yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n'` @@ -112,8 +110,30 @@ sudo cp $php_config.in $php_config sudo sed -i -e "s;'DC_DBDRIVER', '';'DC_DBDRIVER', 'mysqli';" -e "s;'DC_DBHOST', '';'DC_DBHOST', 'localhost';" -e "s;'DC_DBUSER', '';'DC_DBUSER', '$app';" -e "s;'DC_DBPASSWORD', '';'DC_DBPASSWORD', '$db_pwd';" -e "s;'DC_DBNAME', '';'DC_DBNAME', '$db_name';" -e "s;'DC_MASTER_KEY', '';'DC_MASTER_KEY', '$master_key';" -e "s;'DC_ADMIN_URL', '';'DC_ADMIN_URL', 'https://$domain$path_url/admin/index.php';" -e "s;'DC_ADMIN_MAILFROM', '';'DC_ADMIN_MAILFROM', '$email';" $php_config # Modify Nginx configuration file and copy it to Nginx conf directory -# Setting first user details and filling database calling admin/install/index.php -success=`curl -L --cacert /etc/yunohost/certs/$domain/ca.pem -F "u_email=$email" -F "u_firstname=$firstname" -F "u_name=$lastname" -F "u_login=$admin" -F "u_pwd=$password" -F "u_pwd2=$password" -F "u_date=$timezone" https://$domain$path_url/admin/install/index.php` +#================================================= +# SETUP APPLICATION WITH CURL +#================================================= + +# Set right permissions for curl install +chown -R $app: $final_path + +# Set the app as temporarily public for curl call +ynh_app_setting_set $app skipped_uris "/" + +# Reload SSOwat config +yunohost app ssowatconf + +# Reload Nginx +systemctl reload nginx + +# Installation with curl +ynh_local_curl "/admin/install/index.php" "u_email=$email" "u_firstname=$firstname" "u_name=$lastname" "u_login=$admin" "u_pwd=$password" "u_pwd2=$password" + +# Remove the public access +if [ $is_public -eq 0 ] +then + ynh_app_setting_delete $app skipped_uris +fi #================================================= # SETUP SSOWAT From a78f9eee633cbb5be66424b222e92cff8c6b3b51 Mon Sep 17 00:00:00 2001 From: Kayou Date: Mon, 28 Jan 2019 09:30:54 +0100 Subject: [PATCH 03/13] Update nginx conf --- conf/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index f3efc46..47de9e3 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -14,7 +14,7 @@ location __PATH__/ { try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; @@ -25,4 +25,4 @@ location __PATH__/ { # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; -} \ No newline at end of file +} From 169909fe2e4635594a5cdc0bd04d87aba4abdddf Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 29 Jan 2019 02:10:27 +0100 Subject: [PATCH 04/13] Fix if root domain --- manifest.json | 2 +- scripts/install | 30 +++++++++++++++--------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/manifest.json b/manifest.json index 2a88c29..bafbf83 100644 --- a/manifest.json +++ b/manifest.json @@ -42,7 +42,7 @@ "name": "password", "type": "password", "ask": { - "en": "Choose a dotclear password for this user, at least 6 characters" + "en": "Choose a dotclear password for this user" } }, { diff --git a/scripts/install b/scripts/install index 60a1df3..1cea983 100755 --- a/scripts/install +++ b/scripts/install @@ -13,7 +13,7 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { +ynh_clean_setup() { ### Remove this function if there's nothing to clean before calling the remove script. true } @@ -31,7 +31,6 @@ is_public=$YNH_APP_ARG_IS_PUBLIC admin=$YNH_APP_ARG_ADMIN password=$YNH_APP_ARG_PASSWORD - #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -98,11 +97,11 @@ ynh_add_fpm_config php_config=$final_path/inc/config.php -master_key=`dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d '[A-Za-z0-9]' | sed -n 's/\(.\{24\}\).*/\1/p'` -firstname=`sudo yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n'` -lastname=`sudo yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n'` -email=`sudo yunohost user info $admin | grep mail: | cut -d' ' -f2 | tr -d '\n'` -timezone=`cat /etc/timezone | tr -d '\n'` +master_key=$(dd if=/dev/urandom bs=1 count=200 2>/dev/null | tr -c -d '[A-Za-z0-9]' | sed -n 's/\(.\{24\}\).*/\1/p') +firstname=$(sudo yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n') +lastname=$(sudo yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n') +email=$(sudo yunohost user info $admin | grep mail: | cut -d' ' -f2 | tr -d '\n') +timezone=$(cat /etc/timezone | tr -d '\n') sudo cp $php_config.in $php_config @@ -127,21 +126,22 @@ yunohost app ssowatconf systemctl reload nginx # Installation with curl -ynh_local_curl "/admin/install/index.php" "u_email=$email" "u_firstname=$firstname" "u_name=$lastname" "u_login=$admin" "u_pwd=$password" "u_pwd2=$password" +installUrl="/admin/install/index.php" -# Remove the public access -if [ $is_public -eq 0 ] -then - ynh_app_setting_delete $app skipped_uris +if [ "$path_url" = "/" ]; then + installUrl="admin/install/index.php" # Fix if app is in the root domain fi +ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$lastname" "u_login=$admin" "u_pwd=$password" "u_pwd2=$password" + +ynh_app_setting_delete $app skipped_uris + #================================================= # SETUP SSOWAT #================================================= # Make app public if necessary -if [ $is_public -eq 1 ] -then +if [ $is_public -eq 1 ]; then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set $app unprotected_uris "/" fi @@ -150,4 +150,4 @@ fi # RELOAD NGINX #================================================= -systemctl reload nginx \ No newline at end of file +systemctl reload nginx From 95f3bbb1b7d03099c9b891e897ced81c288db8a8 Mon Sep 17 00:00:00 2001 From: Kayou Date: Wed, 30 Jan 2019 00:43:09 +0100 Subject: [PATCH 05/13] update backup and restore scripts --- scripts/backup | 66 +++++++++++++++++++++++-------- scripts/install | 1 + scripts/restore | 102 ++++++++++++++++++++++++++++++++++++++++-------- 3 files changed, 136 insertions(+), 33 deletions(-) diff --git a/scripts/backup b/scripts/backup index 5aeb435..9efb470 100755 --- a/scripts/backup +++ b/scripts/backup @@ -1,23 +1,57 @@ #!/bin/bash -# DotClear 2 backup script for YunoHost -app=dotclear2 +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# The parameter $1 is the backup directory location -# which will be compressed afterward -backup_dir=$1/apps/$app -sudo mkdir -p $backup_dir -sudo chown admin $backup_dir +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers -# Backup sources -sudo cp -a /var/www/$app/. $backup_dir/sources +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= -# Backup database -db_password=$(sudo yunohost app setting $app db_password) -sudo mysqldump -u $app -p"$db_password" $app > $backup_dir/dump.sql +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors -# Copy Nginx and YunoHost parameters to make the script "standalone" -sudo cp -a /etc/yunohost/apps/$app/. $backup_dir/yunohost -domain=$(sudo yunohost app setting $app domain) -sudo cp -a /etc/nginx/conf.d/$domain.d/$app.conf $backup_dir/nginx.conf +#================================================= +# LOAD SETTINGS +#================================================= +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) + +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= + +ynh_backup "$final_path" + +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" + +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= + +ynh_mysql_dump_db "$db_name" > db.sql diff --git a/scripts/install b/scripts/install index 1cea983..55360ac 100755 --- a/scripts/install +++ b/scripts/install @@ -150,4 +150,5 @@ fi # RELOAD NGINX #================================================= +systemctl reload php7.0-fpm systemctl reload nginx diff --git a/scripts/restore b/scripts/restore index 66ed6b3..052cbc1 100755 --- a/scripts/restore +++ b/scripts/restore @@ -1,24 +1,92 @@ #!/bin/bash -# DotClear 2 restore script for YunoHost -app=dotclear2 +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# The parameter $1 is the uncompressed restore directory location -backup_dir=$1/apps/$app +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers -# Restore sources -sudo cp -a $backup_dir/sources/. /var/www/$app +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= -# Restore database -root_pwd=$(sudo cat /etc/yunohost/mysql) -mysql -u root -p$root_pwd -e "DROP DATABASE $app ; DROP USER $app@localhost ;" -db_password=$(sudo yunohost app setting $app db_password) -sudo yunohost app initdb $app -p "$db_password" -s $backup_dir/dump.sql +ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors -# Restore Nginx and YunoHost parameters -sudo cp -a $backup_dir/yunohost/. /etc/yunohost/apps/$app -domain=$(sudo yunohost app setting $app domain) -sudo cp -a $backup_dir/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf +#================================================= +# LOAD SETTINGS +#================================================= -# Restart webserver -sudo /etc/init.d/nginx reload +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) + +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= + +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " + +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= + +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= + +ynh_restore_file "$final_path" + +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= + +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_mysql_setup_db $db_name $db_name $db_pwd +ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= + +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Restore permissions on app files +chown -R $app: $final_path + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= + +systemctl reload php7.0-fpm +systemctl reload nginx From a781f73d9bea1fb328f77d87edc583a211455d20 Mon Sep 17 00:00:00 2001 From: Kayou Date: Fri, 1 Feb 2019 01:05:54 +0100 Subject: [PATCH 06/13] Add check_process --- check_process | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 check_process diff --git a/check_process b/check_process new file mode 100644 index 0000000..748de7c --- /dev/null +++ b/check_process @@ -0,0 +1,41 @@ +# See here for more information +# https://github.com/YunoHost/package_check#syntax-check_process-file + +# Move this file from check_process.default to check_process when you have filled it. + +;; Test complet + ; Manifest + domain="domain.tld" (DOMAIN) + path="/path" (PATH) + admin="john" (USER) + is_public=1 (PUBLIC|public=1|private=0) + password="pass" + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_nourl=0 + setup_private=1 + setup_public=1 + upgrade=1 + backup_restore=1 + multi_instance=1 + incorrect_path=1 + port_already_use=0 + change_url=1 +;;; Levels + Level 1=auto + Level 2=auto + Level 3=auto +# Level 4: If the app supports LDAP and SSOwat, turn level 4 to '1' and add a link to an issue or a part of your code to show it. +# If the app does not use LDAP nor SSOwat, and can't use them, turn level 4 to 'na' and explain as well. + Level 4=0 + Level 5=auto + Level 6=auto + Level 7=auto + Level 8=0 + Level 9=0 + Level 10=0 +;;; Options +Email= +Notification=none From 52bfd62792adbe96a68537c2c3dd56717472204a Mon Sep 17 00:00:00 2001 From: Kayou Date: Fri, 1 Feb 2019 01:19:54 +0100 Subject: [PATCH 07/13] Update manifest --- manifest.json | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index bafbf83..3a8c4ab 100644 --- a/manifest.json +++ b/manifest.json @@ -1,17 +1,25 @@ { "name": "DotClear 2", "id": "dotclear2", + "packaging_format": 1, "description": { "en": "Blog publishing application", "fr": "Moteur de blog" }, - "license": "GPL-3", + "version": "2.14.3~ynh1", + "license": "GPL-2.0-or-later", + "url": "https://dotclear.org/", "maintainer": { "name": "rgarrigue", "email": "remy.garrigue@gmail.com", "url": "http://garrigue.re" }, - "multi_instance": "false", + "multi_instance": true, + "services": [ + "nginx", + "php7.0-fpm", + "mysql" + ], "arguments": { "install": [ { From c9c9195f60b74341db8744e5ce10244383e9c168 Mon Sep 17 00:00:00 2001 From: Kayou Date: Fri, 1 Feb 2019 01:22:55 +0100 Subject: [PATCH 08/13] Update manifest --- manifest.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifest.json b/manifest.json index 3a8c4ab..60db2cb 100644 --- a/manifest.json +++ b/manifest.json @@ -14,6 +14,9 @@ "email": "remy.garrigue@gmail.com", "url": "http://garrigue.re" }, + "requirements": { + "yunohost": ">= 3.2.0" + }, "multi_instance": true, "services": [ "nginx", From e2fcefbdfec8ce4fb4b9e8d4fa1327f920f9e64f Mon Sep 17 00:00:00 2001 From: Kayou Date: Sat, 9 Feb 2019 23:19:26 +0100 Subject: [PATCH 09/13] Update php-fpm --- conf/php-fpm.conf | 91 ++++++++++++++++++++++++++++++----------------- 1 file changed, 59 insertions(+), 32 deletions(-) diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index bf04ce6..60da25a 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,10 +1,11 @@ ; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the +; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) [__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: +; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' @@ -24,28 +25,35 @@ group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock -; Set listen(2) backlog. A value of '-1' means unlimited. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. +; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data listen.group = www-data ;listen.mode = 0660 - -; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be @@ -59,7 +67,13 @@ listen.group = www-data ; - The pool processes will inherit the master process priority ; unless it specified otherwise ; Default Value: no set -; priority = -19 +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -96,7 +110,7 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 10 +pm.max_children = 5 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' @@ -117,12 +131,12 @@ pm.max_spare_servers = 3 ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s ;pm.process_idle_timeout = 10s; - + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -pm.max_requests = 500 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: @@ -170,7 +184,7 @@ pm.max_requests = 500 ; ; By default the status page only outputs short status. Passing 'full' in the ; query string will also return status for each pool process. -; Example: +; Example: ; http://www.foo.bar/status?full ; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?html&full @@ -215,7 +229,7 @@ pm.max_requests = 500 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html +; It's available in: /usr/share/php/7.0/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it @@ -275,7 +289,7 @@ pm.max_requests = 500 ; - %{megabytes}M ; - %{mega}M ; %n: pool name -; %o: ouput header +; %o: output header ; it must be associated with embraces to specify the name of the header: ; - %{Content-Type}o ; - %{X-Powered-By}o @@ -283,7 +297,7 @@ pm.max_requests = 500 ; - .... ; %p: PID of the child that serviced the request ; %P: PID of the parent of the child that serviced the request -; %q: the query string +; %q: the query string ; %Q: the '?' character if query string exists ; %r: the request URI (without the query string, see %q and %Q) ; %R: remote IP address @@ -291,47 +305,51 @@ pm.max_requests = 500 ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - + ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log - +;slowlog = log/$pool.log.slow + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = 5s - +;request_slowlog_timeout = 0 + ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_terminate_timeout = 1d - + ; Set open file descriptor rlimit. ; Default Value: system defined value ;rlimit_files = 1024 - + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value ;rlimit_core = 0 - + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set @@ -347,16 +365,25 @@ chdir = __FINALPATH__ ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no -catch_workers_output = yes +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. +; execute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 - +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -370,7 +397,7 @@ catch_workers_output = yes ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. From a17bdd4840897ae0e0dc67bc90613f005cf905f5 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sat, 9 Feb 2019 23:46:07 +0100 Subject: [PATCH 10/13] fix package_linter, and add helpers --- scripts/_common.sh | 65 ++++++++++++++++++++++++++++++++++++++++++++++ scripts/backup | 2 +- scripts/install | 36 +++++++++++++++++-------- scripts/remove | 2 +- scripts/restore | 2 +- 5 files changed, 93 insertions(+), 14 deletions(-) create mode 100644 scripts/_common.sh diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..09ff695 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,65 @@ +# Curl abstraction to help with POST requests to local pages (such as installation forms) +# +# $domain and $path_url should be defined externally (and correspond to the domain.tld and the /path (of the app?)) +# +# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2" +# +# usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ... +# | arg: page_uri - Path (relative to $path_url) of the page where POST data will be sent +# | arg: key1=value1 - (Optionnal) POST key and corresponding value +# | arg: key2=value2 - (Optionnal) Another POST key and corresponding value +# | arg: ... - (Optionnal) More POST keys and values +ynh_local_curl () { + # Define url of page to curl + path_url=$(ynh_normalize_url_path $path_url) + local local_page=$(ynh_normalize_url_path $1) + local full_path=$path_url$local_page + + if [ "${path_url}" == "/" ]; then + full_path=$local_page + fi + + local full_page_url=https://localhost$full_path + + # Concatenate all other arguments with '&' to prepare POST data + local POST_data="" + local arg="" + for arg in "${@:2}" + do + POST_data="${POST_data}${arg}&" + done + if [ -n "$POST_data" ] + then + # Add --data arg and remove the last character, which is an unecessary '&' + POST_data="--data ${POST_data::-1}" + fi + + # Wait untils nginx has fully reloaded (avoid curl fail with http2) + sleep 2 + + # Curl the URL + curl --silent --show-error -kL -H "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" +} + +ynh_url_join() { + if [ "$#" -eq 0 ]; then + ynh_die "Illegal number of parameters" + fi + + local full_url="" + + for var in "$@" + do + if [ "${var:0:1}" != "/" ]; then # If the first character is not a / + var="/$var" # Add / at begin of path variable + fi + + if [ "${var:${#var}-1}" == "/" ]; then # If the last character is a / + var="${var:0:${#var}-1}" # Delete the last character + fi + full_url=${full_url}${var} + done + + full_url=$(ynh_normalize_url_path $full_url) + echo $full_url +} \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index 9efb470..78631da 100755 --- a/scripts/backup +++ b/scripts/backup @@ -6,8 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +source ../settings/scripts/_common.sh #================================================= # MANAGE SCRIPT FAILURE diff --git a/scripts/install b/scripts/install index 55360ac..98acbfd 100755 --- a/scripts/install +++ b/scripts/install @@ -6,8 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -source _common.sh source /usr/share/yunohost/helpers +source _common.sh #================================================= # MANAGE SCRIPT FAILURE @@ -98,16 +98,34 @@ ynh_add_fpm_config php_config=$final_path/inc/config.php master_key=$(dd if=/dev/urandom bs=1 count=200 2>/dev/null | tr -c -d '[A-Za-z0-9]' | sed -n 's/\(.\{24\}\).*/\1/p') -firstname=$(sudo yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n') -lastname=$(sudo yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n') -email=$(sudo yunohost user info $admin | grep mail: | cut -d' ' -f2 | tr -d '\n') +firstname=$(yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n') +lastname=$(yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n') +email=$(yunohost user info $admin | grep mail: | cut -d' ' -f2 | tr -d '\n') timezone=$(cat /etc/timezone | tr -d '\n') -sudo cp $php_config.in $php_config +cp $php_config.in $php_config + +admin_url=$(ynh_url_join $path_url admin/index.php) # Config as if we called in admin/install/wizard.php -sudo sed -i -e "s;'DC_DBDRIVER', '';'DC_DBDRIVER', 'mysqli';" -e "s;'DC_DBHOST', '';'DC_DBHOST', 'localhost';" -e "s;'DC_DBUSER', '';'DC_DBUSER', '$app';" -e "s;'DC_DBPASSWORD', '';'DC_DBPASSWORD', '$db_pwd';" -e "s;'DC_DBNAME', '';'DC_DBNAME', '$db_name';" -e "s;'DC_MASTER_KEY', '';'DC_MASTER_KEY', '$master_key';" -e "s;'DC_ADMIN_URL', '';'DC_ADMIN_URL', 'https://$domain$path_url/admin/index.php';" -e "s;'DC_ADMIN_MAILFROM', '';'DC_ADMIN_MAILFROM', '$email';" $php_config -# Modify Nginx configuration file and copy it to Nginx conf directory +ynh_replace_string "'DC_DBDRIVER', ''" "'DC_DBDRIVER', 'mysqli'" $php_config +ynh_replace_string "'DC_DBHOST', ''" "'DC_DBHOST', 'localhost'" $php_config +ynh_replace_string "'DC_DBUSER', ''" "'DC_DBUSER', '$app'" $php_config +ynh_replace_string "'DC_DBPASSWORD', ''" "'DC_DBPASSWORD', '$db_pwd'" $php_config +ynh_replace_string "'DC_DBNAME', ''" "'DC_DBNAME', '$db_name'" $php_config +ynh_replace_string "'DC_MASTER_KEY', ''" "'DC_MASTER_KEY', '$master_key'" $php_config +ynh_replace_string "'DC_ADMIN_URL', ''" "'DC_ADMIN_URL', 'https://$domain$admin_url'" $php_config +ynh_replace_string "'DC_ADMIN_MAILFROM', ''" "'DC_ADMIN_MAILFROM', '$email'" $php_config + +# Config as if we called in admin/install/wizard.php +ynh_replace_string "'DC_DBDRIVER', ''" "'DC_DBDRIVER', 'mysqli'" $php_config +ynh_replace_string "'DC_DBHOST', ''" "'DC_DBHOST', 'localhost'" $php_config +ynh_replace_string "'DC_DBUSER', ''" "'DC_DBUSER', '$app'" $php_config +ynh_replace_string "'DC_DBPASSWORD', ''" "'DC_DBPASSWORD', '$db_pwd'" $php_config +ynh_replace_string "'DC_DBNAME', ''" "'DC_DBNAME', '$db_name'" $php_config +ynh_replace_string "'DC_MASTER_KEY', ''" "'DC_MASTER_KEY', '$master_key'" $php_config +ynh_replace_string "'DC_ADMIN_URL', ''" "'DC_ADMIN_URL', 'https://$domain$admin_url'" $php_config +ynh_replace_string "'DC_ADMIN_MAILFROM', ''" "'DC_ADMIN_MAILFROM', '$email'" $php_config #================================================= # SETUP APPLICATION WITH CURL @@ -128,10 +146,6 @@ systemctl reload nginx # Installation with curl installUrl="/admin/install/index.php" -if [ "$path_url" = "/" ]; then - installUrl="admin/install/index.php" # Fix if app is in the root domain -fi - ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$lastname" "u_login=$admin" "u_pwd=$password" "u_pwd2=$password" ynh_app_setting_delete $app skipped_uris diff --git a/scripts/remove b/scripts/remove index 69f1d24..2547fdf 100755 --- a/scripts/remove +++ b/scripts/remove @@ -6,8 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -source _common.sh source /usr/share/yunohost/helpers +source _common.sh #================================================= # LOAD SETTINGS diff --git a/scripts/restore b/scripts/restore index 052cbc1..39f6b81 100755 --- a/scripts/restore +++ b/scripts/restore @@ -6,8 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +source ../settings/scripts/_common.sh #================================================= # MANAGE SCRIPT FAILURE From 6555ee359ca84129595fc8b98b9bbb3d3339060a Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 10 Feb 2019 00:08:12 +0100 Subject: [PATCH 11/13] Small fix on ynh_url_join --- scripts/_common.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 09ff695..a025c0b 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -41,6 +41,15 @@ ynh_local_curl () { curl --silent --show-error -kL -H "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" } +# Join several urls together +# Return a concatenate normalized url path +# +# example: url_path=$(ynh_url_join $url_path /admin /index.php) +# ynh_url_join example admin index.php -> /example/admin/index.php +# ynh_url_join /example admin /index.php -> /example/admin/index.php +# ynh_url_join / -> / +# +# usage: ynh_url_join url1 url2 ... ynh_url_join() { if [ "$#" -eq 0 ]; then ynh_die "Illegal number of parameters" @@ -60,6 +69,6 @@ ynh_url_join() { full_url=${full_url}${var} done - full_url=$(ynh_normalize_url_path $full_url) + full_url=$(ynh_normalize_url_path ${full_url:-'/'}) echo $full_url } \ No newline at end of file From b10a449d50c26cb7c72673ff4676ba9483fbb1bc Mon Sep 17 00:00:00 2001 From: Kayou Date: Thu, 28 Feb 2019 00:12:48 +0100 Subject: [PATCH 12/13] add upgrade --- scripts/install | 7 +- scripts/upgrade | 190 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 195 insertions(+), 2 deletions(-) create mode 100644 scripts/upgrade diff --git a/scripts/install b/scripts/install index 98acbfd..40ab25d 100755 --- a/scripts/install +++ b/scripts/install @@ -72,7 +72,8 @@ ynh_app_setting_set $app final_path $final_path ynh_setup_source $final_path mv $final_path/dotclear/* $final_path/ -rmdir $final_path/dotclear + +ynh_secure_remove "$final_path/dotclear" #================================================= # NGINX CONFIGURATION @@ -101,7 +102,7 @@ master_key=$(dd if=/dev/urandom bs=1 count=200 2>/dev/null | tr -c -d '[A-Za-z0- firstname=$(yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n') lastname=$(yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n') email=$(yunohost user info $admin | grep mail: | cut -d' ' -f2 | tr -d '\n') -timezone=$(cat /etc/timezone | tr -d '\n') +ynh_app_setting_set $app master_key $master_key cp $php_config.in $php_config @@ -127,6 +128,8 @@ ynh_replace_string "'DC_MASTER_KEY', ''" "'DC_MASTER_KEY', '$master_key'" $php_c ynh_replace_string "'DC_ADMIN_URL', ''" "'DC_ADMIN_URL', 'https://$domain$admin_url'" $php_config ynh_replace_string "'DC_ADMIN_MAILFROM', ''" "'DC_ADMIN_MAILFROM', '$email'" $php_config +ynh_store_file_checksum $php_config + #================================================= # SETUP APPLICATION WITH CURL #================================================= diff --git a/scripts/upgrade b/scripts/upgrade new file mode 100644 index 0000000..e5b8e49 --- /dev/null +++ b/scripts/upgrade @@ -0,0 +1,190 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info "Loading installation settings..." + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +admin=$(ynh_app_setting_get $app admin) +is_public=$(ynh_app_setting_get $app is_public) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +password=$(ynh_app_setting_get $app password) +master_key=$(ynh_app_setting_get $app master_key) + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_print_info "Ensuring downward compatibility..." + +# Fix is_public as a boolean value +if [ "$is_public" = "Yes" ]; then + ynh_app_setting_set $app is_public 1 + is_public=1 +elif [ "$is_public" = "No" ]; then + ynh_app_setting_set $app is_public 0 + is_public=0 +fi + +# If db_name doesn't exist, create it +if [ -z $db_name ]; then + db_name=$(ynh_sanitize_dbid $app) + ynh_app_setting_set $app db_name $db_name +fi + +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path=/var/www/$app + ynh_app_setting_set $app final_path $final_path +fi + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_print_info "Backing up the app before upgrading (may take a while)..." + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= +ynh_print_info "Upgrading source files..." + +php_config=$final_path/inc/config.php + +### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. +ynh_backup_if_checksum_is_different "$php_config" + +ynh_secure_remove "$final_path" + +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +mv $final_path/dotclear/* $final_path/ + +ynh_secure_remove "$final_path/dotclear" + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_print_info "Upgrading nginx web server configuration..." + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_print_info "Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_print_info "Upgrading php-fpm configuration..." + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# CONFIGURE DOTCLEAR +#================================================= + +cp $php_config.in $php_config + +firstname=$(yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n') +lastname=$(yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n') +email=$(yunohost user info $admin | grep mail: | cut -d' ' -f2 | tr -d '\n') +admin_url=$(ynh_url_join $path_url admin/index.php) + +# Config as if we called in admin/install/wizard.php +ynh_replace_string "'DC_DBDRIVER', ''" "'DC_DBDRIVER', 'mysqli'" $php_config +ynh_replace_string "'DC_DBHOST', ''" "'DC_DBHOST', 'localhost'" $php_config +ynh_replace_string "'DC_DBUSER', ''" "'DC_DBUSER', '$app'" $php_config +ynh_replace_string "'DC_DBPASSWORD', ''" "'DC_DBPASSWORD', '$db_pwd'" $php_config +ynh_replace_string "'DC_DBNAME', ''" "'DC_DBNAME', '$db_name'" $php_config +ynh_replace_string "'DC_MASTER_KEY', ''" "'DC_MASTER_KEY', '$master_key'" $php_config +ynh_replace_string "'DC_ADMIN_URL', ''" "'DC_ADMIN_URL', 'https://$domain$admin_url'" $php_config +ynh_replace_string "'DC_ADMIN_MAILFROM', ''" "'DC_ADMIN_MAILFROM', '$email'" $php_config + +# Config as if we called in admin/install/wizard.php +ynh_replace_string "'DC_DBDRIVER', ''" "'DC_DBDRIVER', 'mysqli'" $php_config +ynh_replace_string "'DC_DBHOST', ''" "'DC_DBHOST', 'localhost'" $php_config +ynh_replace_string "'DC_DBUSER', ''" "'DC_DBUSER', '$app'" $php_config +ynh_replace_string "'DC_DBPASSWORD', ''" "'DC_DBPASSWORD', '$db_pwd'" $php_config +ynh_replace_string "'DC_DBNAME', ''" "'DC_DBNAME', '$db_name'" $php_config +ynh_replace_string "'DC_MASTER_KEY', ''" "'DC_MASTER_KEY', '$master_key'" $php_config +ynh_replace_string "'DC_ADMIN_URL', ''" "'DC_ADMIN_URL', 'https://$domain$admin_url'" $php_config +ynh_replace_string "'DC_ADMIN_MAILFROM', ''" "'DC_ADMIN_MAILFROM', '$email'" $php_config + +# Recalculate and store the checksum of the file for the next upgrade. +ynh_store_file_checksum "$php_config" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions on app files +chown -R $app: $final_path + +#================================================= +# SETUP SSOWAT +#================================================= +ynh_print_info "Upgrading SSOwat configuration..." + +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway + ynh_app_setting_set $app unprotected_uris "/" +fi + +#================================================= +# RELOAD NGINX +#================================================= +ynh_print_info "Reloading nginx web server..." + +systemctl reload php7.0-fpm +systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Upgrade of $app completed" \ No newline at end of file From 8b9d28118e6c3eb7cc7dd68677f7fd7678228b38 Mon Sep 17 00:00:00 2001 From: Kayou Date: Thu, 28 Feb 2019 01:41:32 +0100 Subject: [PATCH 13/13] Don't check change url for now --- check_process | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check_process b/check_process index 748de7c..aebf186 100644 --- a/check_process +++ b/check_process @@ -22,7 +22,7 @@ multi_instance=1 incorrect_path=1 port_already_use=0 - change_url=1 + change_url=0 ;;; Levels Level 1=auto Level 2=auto