From 7b8cc6d5a794212624eeb05a15178a42ab0e4dbd Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 15 May 2021 16:10:33 +0200 Subject: [PATCH] Apply example_ynh --- check_process | 12 ++---- manifest.json | 19 ++------- scripts/backup | 32 +++++++------- scripts/change_url | 48 ++++++++++----------- scripts/install | 68 +++++++++++++++-------------- scripts/remove | 24 +++++------ scripts/restore | 43 +++++++++---------- scripts/upgrade | 104 ++++++++++++++++++--------------------------- 8 files changed, 159 insertions(+), 191 deletions(-) diff --git a/check_process b/check_process index 120ee4f..4fe9fe2 100644 --- a/check_process +++ b/check_process @@ -1,11 +1,9 @@ -# See here for more informations -# https://github.com/YunoHost/package_check#syntax-check_process-file ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) - is_public=1 (PUBLIC|public=1|private=0) + domain="domain.tld" + path="/path" + admin="john" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -19,8 +17,6 @@ multi_instance=1 port_already_use=0 change_url=1 -;;; Levels - Level 5=auto ;;; Options Email= Notification=none diff --git a/manifest.json b/manifest.json index 087eaaa..a05b986 100644 --- a/manifest.json +++ b/manifest.json @@ -19,41 +19,30 @@ "multi_instance": true, "services": [ "nginx", - "php7.0-fpm", + "php7.3-fpm", "mysql" ], "arguments": { - "install": [ + "install" : [ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for DotClear 2" - }, - "example": "domain.org" + "example": "example.com" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for DotClear 2" - }, "example": "/dotclear2", "default": "/dotclear2" }, { "name": "admin", "type": "user", - "ask": { - "en": "Choose a yunohost user as dotclear admin" - } + "example": "johndoe" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application ?" - }, "default": true } ] diff --git a/scripts/backup b/scripts/backup index cec5110..2fa3523 100755 --- a/scripts/backup +++ b/scripts/backup @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -20,54 +20,54 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." +ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= -# STANDARD BACKUP STEPS +# DECLARE DATA AND CONF FILES TO BACKUP +#================================================= +ynh_print_info --message="Declaring files to be backed up..." + #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_script_progression --message="Backing up the main app directory..." ynh_backup --src_path="$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Backing up nginx web server configuration..." ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Backing up php-fpm configuration..." -ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" - -#================================================= -# BACKUP THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Backing up the MySQL database..." - -ynh_mysql_dump_db --database="$db_name" > db.sql +ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Backing up fail2ban configuration..." ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= +ynh_print_info --message="Backing up the MySQL database..." + +ynh_mysql_dump_db --database="$db_name" > db.sql + #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index d438c4e..d53de44 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -33,18 +33,18 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --weight=4 +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - # restore it if the upgrade fails - ynh_restore_upgradebackup + # Restore it if the upgrade fails + ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -56,13 +56,13 @@ ynh_abort_if_errors change_domain=0 if [ "$old_domain" != "$new_domain" ] then - change_domain=1 + change_domain=1 fi change_path=0 if [ "$old_path" != "$new_path" ] then - change_path=1 + change_path=1 fi #================================================= @@ -70,30 +70,30 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." --weight=2 +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf -# Change the path in the nginx config file +# Change the path in the NGINX config file if [ $change_path -eq 1 ] then - # Make a backup of the original nginx config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for nginx helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated nginx config - ynh_add_nginx_config + # Make a backup of the original NGINX config file if modified + ynh_backup_if_checksum_is_different --file="$nginx_conf_path" + # Set global variables for NGINX helper + domain="$old_domain" + path_url="$new_path" + # Create a dedicated NGINX config + ynh_add_nginx_config fi -# Change the domain for nginx +# Change the domain for NGINX if [ $change_domain -eq 1 ] then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + # Delete file checksum for the old conf file location + ynh_delete_file_checksum --file="$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi #================================================= @@ -131,7 +131,7 @@ ynh_store_file_checksum --file="$php_config" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/install b/scripts/install index e0c40a8..4b585f7 100755 --- a/scripts/install +++ b/scripts/install @@ -20,12 +20,13 @@ ynh_abort_if_errors # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -app=$YNH_APP_INSTANCE_NAME domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC admin=$YNH_APP_ARG_ADMIN +app=$YNH_APP_INSTANCE_NAME + #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -46,6 +47,14 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=2 + +# Create a system user +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # CREATE A MYSQL DATABASE #================================================= @@ -73,33 +82,30 @@ fi ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." +ynh_script_progression --message="Configuring NGINX web server..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=2 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring php-fpm..." --weight=2 +ynh_script_progression --message="Configuring PHP-FPM..." --weight=2 -# Create a dedicated php-fpm config +# Create a dedicated PHP-FPM config ynh_add_fpm_config #================================================= -# MODIFY A CONFIG FILE +# ADD A CONFIGURATION #================================================= +ynh_script_progression --message="Adding a configuration file..." php_config=$final_path/inc/config.php @@ -138,11 +144,10 @@ ynh_store_file_checksum --file=$php_config # SETUP APPLICATION WITH CURL #================================================= -# Set right permissions for curl install -chown -R $app: $final_path - # Set the app as temporarily public for curl call -ynh_permission_update --permission "main" --add "visitors" +ynh_script_progression --message="Configuring SSOwat..." +# Making the app public for curl +ynh_permission_update --permission="main" --add="visitors" # Reload Nginx ynh_systemd_action --service_name=nginx --action=reload @@ -160,22 +165,17 @@ installUrl="/admin/install/index.php" ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$lastname" "u_login=$admin" "u_pwd=$password" "u_pwd2=$password" +# Remove the public access +ynh_permission_update --permission="main" --remove="visitors" + #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path -chown -R $app $final_path/{public,cache,themes,plugins} - #================================================= # SETUP FAIL2BAN #================================================= -ynh_script_progression --message="Configuring fail2ban..." +ynh_script_progression --message="Configuring Fail2Ban..." -# Create a dedicated fail2ban config +# Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: , .*https://$domain${path_url%/}/admin/auth.php" #================================================= @@ -183,17 +183,21 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg #================================================= ynh_script_progression --message="Configuring permissions..." -if [ $is_public -eq 0 ]; then - ynh_permission_update --permission "main" --remove "visitors" +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi # Only the admin can access the admin panel of the app (if the app has an admin panel) -ynh_permission_create --permission "admin" --url "/admin" --allowed $admin +ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/remove b/scripts/remove index 0ab4889..b0ef127 100755 --- a/scripts/remove +++ b/scripts/remove @@ -42,19 +42,27 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." +ynh_script_progression --message="Removing NGINX web server configuration..." -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing php-fpm configuration..." +ynh_script_progression --message="Removing PHP-FPM configuration..." -# Remove the dedicated php-fpm config +# Remove the dedicated PHP-FPM config ynh_remove_fpm_config +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Removing Fail2ban configuration..." + +# Remove the dedicated Fail2Ban config +ynh_remove_fail2ban_config + #================================================= # GENERIC FINALIZATION #================================================= @@ -65,14 +73,6 @@ ynh_script_progression --message="Removing the dedicated system user..." # Delete a system user ynh_system_user_delete --username=$app -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Removing fail2ban configuration..." - -# Remove the dedicated fail2ban config -ynh_remove_fail2ban_config - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 38b3011..fac5f29 100755 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -20,7 +20,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -29,6 +29,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -45,9 +46,18 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=2 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -55,32 +65,21 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=2 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions on app files -chown -R root: $final_path -chown -R $app $final_path/{public,cache,themes,plugins} +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the PHP-FPM configuration..." -ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= -# RESTORE THE FAIL2BAN CONFIGURATION +# RESTORE FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the fail2ban configuration..." +ynh_script_progression --message="Restoring the Fail2Ban configuration..." ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" @@ -102,9 +101,9 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./ #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." -ynh_systemd_action --service_name=php7.0-fpm --action=reload +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 121612a..dc48fef 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -29,9 +29,26 @@ master_key=$(ynh_app_setting_get --app=$app --key=master_key) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# STANDARD UPGRADE STEPS #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -67,32 +84,16 @@ if [ -n "$is_public" ]; then fi #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4 +ynh_script_progression --message="Making sure dedicated system user exists..." -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir=$final_path -#================================================= -# CHECK THE PATH -#================================================= - -# Normalize the URL path syntax -path_url=$(ynh_normalize_url_path --path_url=$path_url) - -#================================================= -# STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Upgrading source files..." --weight=4 if [ "$upgrade_type" == "UPGRADE_APP" ] then @@ -107,35 +108,32 @@ then ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." +ynh_script_progression --message="Upgrading NGINX web server configuration..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=2 +ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2 -# Create a dedicated php-fpm config +# Create a dedicated PHP-FPM config ynh_add_fpm_config #================================================= # SPECIFIC UPGRADE #================================================= -# MODIFY A CONFIG FILE +# UPDATE A CONFIG FILE #================================================= +ynh_script_progression --message="Updating a configuration file..." php_config=$final_path/inc/config.php @@ -170,34 +168,6 @@ EOF # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum --file=$php_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions on app files -chown -R root: $final_path -chown -R $app $final_path/{public,cache,themes,plugins} - -#================================================= -# UPGRADE FAIL2BAN -#================================================= -ynh_script_progression --message="Reconfiguring fail2ban..." - -# Create a dedicated fail2ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: , .*https://$domain${path_url%/}/admin/auth.php" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading permissions configuration..." --weight=2 - -# Create the admin permission if needed -if ! ynh_permission_exists --permission "admin"; then - ynh_permission_create --permission "admin" --url "/admin" --allowed $admin -fi - #================================================= # UPDATING DATABASE #================================================= @@ -210,10 +180,20 @@ ynh_local_curl $adminUrl ynh_permission_update --permission "admin" --remove "visitors" +#================================================= +# GENERIC FINALIZATION +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring Fail2Ban..." + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: , .*https://$domain${path_url%/}/admin/auth.php" + #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload