mirror of
https://github.com/YunoHost-Apps/dotclear2_ynh.git
synced 2024-09-03 18:26:29 +02:00
224 lines
8.4 KiB
Bash
224 lines
8.4 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# LOAD SETTINGS
|
|
#=================================================
|
|
ynh_script_progression --message="Loading installation settings..."
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
|
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
|
db_user=$db_name
|
|
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
|
|
password=$(ynh_app_setting_get --app=$app --key=password)
|
|
master_key=$(ynh_app_setting_get --app=$app --key=master_key)
|
|
|
|
#=================================================
|
|
# CHECK VERSION
|
|
#=================================================
|
|
|
|
upgrade_type=$(ynh_check_app_version_changed)
|
|
|
|
#=================================================
|
|
# ENSURE DOWNWARD COMPATIBILITY
|
|
#=================================================
|
|
ynh_script_progression --message="Ensuring downward compatibility..."
|
|
|
|
# If db_name doesn't exist, create it
|
|
if [ -z "$db_name" ]; then
|
|
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
|
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
|
fi
|
|
|
|
# If final_path doesn't exist, create it
|
|
if [ -z "$final_path" ]; then
|
|
final_path=/var/www/$app
|
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|
fi
|
|
|
|
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
|
|
|
if [ -n "$is_public" ]; then
|
|
ynh_app_setting_delete --app=$app --key=protected_uris
|
|
|
|
# Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7
|
|
# Remove unprotected_uris. If the app was public, add visitors again to the main permission
|
|
if ynh_permission_has_user --permission=main --user=visitors
|
|
then
|
|
ynh_app_setting_delete --app=$app --key=unprotected_uris
|
|
ynh_permission_update --permission "main" --add "visitors"
|
|
else
|
|
ynh_app_setting_delete --app=$app --key=unprotected_uris
|
|
fi
|
|
ynh_app_setting_delete --app=$app --key=is_public
|
|
fi
|
|
|
|
#=================================================
|
|
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
|
#=================================================
|
|
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4
|
|
|
|
# Backup the current version of the app
|
|
ynh_backup_before_upgrade
|
|
ynh_clean_setup () {
|
|
# restore it if the upgrade fails
|
|
ynh_restore_upgradebackup
|
|
}
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# CHECK THE PATH
|
|
#=================================================
|
|
|
|
# Normalize the URL path syntax
|
|
path_url=$(ynh_normalize_url_path --path_url=$path_url)
|
|
|
|
#=================================================
|
|
# STANDARD UPGRADE STEPS
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading source files..." --weight=4
|
|
|
|
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
|
then
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
# In case of a new version, the url change from http://download.dotclear.org/latest/dotclear-X.X.X.tar.gz to http://download.dotclear.org/attic/dotclear-X.X.X.tar.gz
|
|
src_url=$(grep 'SOURCE_URL=' "../conf/app.src" | cut -d= -f2-)
|
|
if ! curl --output /dev/null --silent --head --fail "$src_url"; then
|
|
ynh_replace_string "latest" "attic" ../conf/app.src
|
|
fi
|
|
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
ynh_setup_source --dest_dir="$final_path"
|
|
fi
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading nginx web server configuration..."
|
|
|
|
# Create a dedicated nginx config
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
ynh_script_progression --message="Making sure dedicated system user exists..."
|
|
|
|
# Create a dedicated user (if not existing)
|
|
ynh_system_user_create --username=$app
|
|
|
|
#=================================================
|
|
# PHP-FPM CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=2
|
|
|
|
# Create a dedicated php-fpm config
|
|
ynh_add_fpm_config
|
|
|
|
#=================================================
|
|
# SPECIFIC UPGRADE
|
|
#=================================================
|
|
# MODIFY A CONFIG FILE
|
|
#=================================================
|
|
|
|
php_config=$final_path/inc/config.php
|
|
|
|
ynh_backup_if_checksum_is_different --file=$php_config
|
|
|
|
cp $php_config.in $php_config
|
|
|
|
admin_url="${path_url%/}/admin/index.php"
|
|
|
|
email=$(ynh_user_get_info --username=$admin --key=mail)
|
|
|
|
# Config as if we called in admin/install/wizard.php
|
|
ynh_replace_string --match_string="'DC_DBDRIVER', ''" --replace_string="'DC_DBDRIVER', 'mysqli'" --target_file=$php_config
|
|
ynh_replace_string --match_string="'DC_DBHOST', ''" --replace_string="'DC_DBHOST', 'localhost'" --target_file=$php_config
|
|
ynh_replace_string --match_string="'DC_DBUSER', ''" --replace_string="'DC_DBUSER', '$db_user'" --target_file=$php_config
|
|
ynh_replace_string --match_string="'DC_DBPASSWORD', ''" --replace_string="'DC_DBPASSWORD', '$db_pwd'" --target_file=$php_config
|
|
ynh_replace_string --match_string="'DC_DBNAME', ''" --replace_string="'DC_DBNAME', '$db_name'" --target_file=$php_config
|
|
ynh_replace_string --match_string="'DC_MASTER_KEY', ''" --replace_string="'DC_MASTER_KEY', '$master_key'" --target_file=$php_config
|
|
ynh_replace_string --match_string="'DC_ADMIN_URL', ''" --replace_string="'DC_ADMIN_URL', 'https://$domain$admin_url'" --target_file=$php_config
|
|
ynh_replace_string --match_string="'DC_ADMIN_MAILFROM', ''" --replace_string="'DC_ADMIN_MAILFROM', '$email'" --target_file=$php_config
|
|
|
|
# Adding LDAP login
|
|
cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php
|
|
ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php
|
|
|
|
cat << EOF >> $php_config
|
|
|
|
\$__autoload['ldapDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
|
|
define('DC_AUTH_CLASS','ldapDcAuth');
|
|
EOF
|
|
|
|
# Recalculate and store the checksum of the file for the next upgrade.
|
|
ynh_store_file_checksum --file=$php_config
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# Set permissions on app files
|
|
chown -R root: $final_path
|
|
chown -R $app $final_path/{public,cache,themes,plugins}
|
|
|
|
#=================================================
|
|
# UPGRADE FAIL2BAN
|
|
#=================================================
|
|
ynh_script_progression --message="Reconfiguring fail2ban..."
|
|
|
|
# Create a dedicated fail2ban config
|
|
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: <HOST>, .*https://$domain${path_url%/}/admin/auth.php"
|
|
|
|
#=================================================
|
|
# SETUP SSOWAT
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading permissions configuration..." --weight=2
|
|
|
|
# Create the admin permission if needed
|
|
if ! ynh_permission_exists --permission "admin"; then
|
|
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
|
|
fi
|
|
|
|
#=================================================
|
|
# UPDATING DATABASE
|
|
#=================================================
|
|
|
|
ynh_permission_update --permission "admin" --add "visitors"
|
|
|
|
# Navigate to the admin panel to upgrade the database: https://dotclear.org/documentation/2.0/admin/upgrades
|
|
adminUrl="/admin/auth.php"
|
|
ynh_local_curl $adminUrl
|
|
|
|
ynh_permission_update --permission "admin" --remove "visitors"
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
ynh_script_progression --message="Reloading nginx web server..."
|
|
|
|
ynh_systemd_action --service_name=nginx --action=reload
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Upgrade of $app completed" --last
|