From 9edb0645ddafd5dbf1f929ac58cee04628427908 Mon Sep 17 00:00:00 2001 From: Alex Budurovici Date: Sun, 23 Jun 2019 01:19:50 +0200 Subject: [PATCH 1/9] Update version to 4.7.17 --- README.md | 8 ++++---- conf/app.src | 4 ++-- manifest.json | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 709dd07..c109b6a 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@

-# Firefly III v4.7.8 for YunoHost +# Firefly III v4.7.17 for YunoHost -[![Integration level](https://dash.yunohost.org/integration/Firefly-III.svg)](https://ci-apps.yunohost.org/jenkins/job/firefly-iii%20%28Community%29/lastBuild/consoleFull) +[![Integration level](https://dash.yunohost.org/integration/Firefly-III.svg)](https://ci-apps.yunohost.org/jenkins/job/firefly-iii%20%28Community%29/lastBuild/consoleFull) [![Install Firefly III with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=firefly-iii)

@@ -74,7 +74,7 @@ Everything is organised: #### Register a new domain and add it to YunoHost Firefly III requires a dedicated (sub)domain, so obtain one and add it using the YunoHost admin panel. **Domains -> Add domain**. As Firefly III uses the full domain and is installed on the root, you can create a subdomain such as firefly.domain.tld. Don't forget to update your DNS if you manage them manually. - + #### Install the Firefly III application Use the YunoHost admin panel to install Firefly III by entering the GitHub repo address in the custom app URL: @@ -85,7 +85,7 @@ https://github.com/YunoHost-Apps/firefly-iii_ynh Or use the command line to install the Firefly III app: -``` +``` $ yunohost app install https://github.com/YunoHost-Apps/firefly-iii_ynh ``` diff --git a/conf/app.src b/conf/app.src index 44dee3a..37980ee 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/firefly-iii/firefly-iii/archive/4.7.8.tar.gz -SOURCE_SUM=01e4a2ed6286afc44a98f85588dcb5f96f68ba82e6c3c482b924f23332ed289a +SOURCE_URL=https://github.com/firefly-iii/firefly-iii/archive/4.7.17.tar.gz +SOURCE_SUM=f070089d89f2ac5f27c1c2adaadc911d0779533978226606c5f6d8d69cf5d1db SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index d2b45b2..eb8b715 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Firefly III is a self-hosted financial manager.", "fr": "Firefly III est un gestionnaire de finances personnelles." }, - "version": "4.7.8", + "version": "4.7.17", "url": "https://firefly-iii.org/", "license": "GPL v3", "maintainer": { From 2b023235f230d1c1c17cd8f2da4a3e028285e8a6 Mon Sep 17 00:00:00 2001 From: Alex Budurovici Date: Sun, 23 Jun 2019 01:20:28 +0200 Subject: [PATCH 2/9] Conf white space cleanup --- conf/nginx.conf | 14 ++++++++------ conf/php-fpm.conf | 28 ++++++++++++++-------------- 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 923c5cd..1356ce1 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,14 +1,18 @@ location ^~ __PATH__ { alias __FINALPATH__/public/; -try_files $uri $uri/ @firefly; -index index.php index.htm index.html; - # Force https + + index index.php index.htm index.html; + + # Force https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } + + try_files $uri $uri/ @firefly; location ~ \.php { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php7.2-fpm-__NAME__.sock; + fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; @@ -17,8 +21,6 @@ index index.php index.htm index.html; } } - location @firefly { - rewrite /(.*)$ /index.php?/$1 last; + rewrite /(.*)$ /index.php?/$1 last; } - diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index e051293..9f3942f 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -38,13 +38,13 @@ listen = /var/run/php7.2-fpm-__NAMETOCHANGE__.sock ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. +; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data listen.group = www-data ;listen.mode = 0660 - + ; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address @@ -117,7 +117,7 @@ pm.max_spare_servers = 3 ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s ;pm.process_idle_timeout = 10s; - + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. @@ -170,7 +170,7 @@ pm.max_requests = 500 ; ; By default the status page only outputs short status. Passing 'full' in the ; query string will also return status for each pool process. -; Example: +; Example: ; http://www.foo.bar/status?full ; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?html&full @@ -283,7 +283,7 @@ pm.max_requests = 500 ; - .... ; %p: PID of the child that serviced the request ; %P: PID of the parent of the child that serviced the request -; %q: the query string +; %q: the query string ; %Q: the '?' character if query string exists ; %r: the request URI (without the query string, see %q and %Q) ; %R: remote IP address @@ -298,40 +298,40 @@ pm.max_requests = 500 ; ; Default: "%R - %u %t \"%m %r\" %s" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - + ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log - + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_slowlog_timeout = 5s - + ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_terminate_timeout = 1d - + ; Set open file descriptor rlimit. ; Default Value: system defined value ;rlimit_files = 1024 - + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value ;rlimit_core = 0 - + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set @@ -356,7 +356,7 @@ catch_workers_output = yes ; Note: set an empty value to allow all extensions. ; Default Value: .php ;security.limit_extensions = .php .php3 .php4 .php5 - + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -370,7 +370,7 @@ catch_workers_output = yes ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. From 6d41822eab56dd85496dedec1216d812f727e755 Mon Sep 17 00:00:00 2001 From: Alex Budurovici Date: Sun, 23 Jun 2019 01:21:32 +0200 Subject: [PATCH 3/9] Update the upgrade script to match newer YUNOHOST demo --- scripts/upgrade | 175 +++++++++++++++++++++++++++++------------------- 1 file changed, 105 insertions(+), 70 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index c70e90e..2d4d560 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,46 +12,61 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -admin=$(ynh_app_setting_get $app admin) -is_public=$(ynh_app_setting_get $app is_public) -final_path=$(ynh_app_setting_get $app final_path) -db_name=$(ynh_app_setting_get $app db_name) -db_pwd=$(ynh_app_setting_get $app mysqlpwd) -random_key=$(ynh_app_setting_get $app random_key) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +admin=$(ynh_app_setting_get --app=$app --key=admin) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +random_key=$(ynh_app_setting_get --app=$app --key=random_key) + +#================================================= +# CHECK VERSION +#================================================= + +upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set $app is_public 1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set $app is_public 0 - is_public=0 + ynh_app_setting_set --app=$app --key=is_public --value=1 + is_public=1 + elif [ "$is_public" = "No" ]; then + ynh_app_setting_set --app=$app --key=is_public --value=0 + is_public=0 fi # If db_name doesn't exist, create it if [ -z $db_name ]; then - db_name=$(ynh_sanitize_dbid $app) - ynh_app_setting_set $app db_name $db_name + db_name=$(ynh_sanitize_dbid --db_name=$app) + ynh_app_setting_set --app=$app --key=db_name --value=$db_name +fi + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup + # restore it if the upgrade fails + ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -61,13 +76,12 @@ ynh_abort_if_errors #================================================= # Normalize the URL path syntax -path_url=$(ynh_normalize_url_path $path_url) +path_url=$(ynh_normalize_url_path --path_url=$path_url) #================================================= -# INSTALL DEPENDENCIES +# DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= - -ynh_install_php7 +ynh_script_progression --message="Upgrading source files..." --time --weight=1 # Create a temporary directory tmpdir="$(mktemp -d)" @@ -79,26 +93,12 @@ mkdir -p "$final_path/storage/export/" cp -a "$final_path/storage/upload/" "$tmpdir/storage/upload/" cp -a "$final_path/storage/export/" "$tmpdir/storage/export/" -# Remove the app directory securely -ynh_secure_remove "$final_path" - -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= - -# If final_path doesn't exist, create it -if [ -z $final_path ]; then - final_path=/var/www/$app - ynh_app_setting_set $app final_path $final_path -fi - # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +ynh_setup_source --dest_dir="$final_path" - -rm -rf "$final_path/bootstrap/cache/*" -cp -a "$tmpdir/storage/upload/" "$final_path/storage/upload/" -cp -a "$tmpdir/storage/export/" "$final_path/storage/export/" +rm -rf "$final_path/bootstrap/cache/*" +cp -a "$tmpdir/storage/upload/" "$final_path/storage/upload/" +cp -a "$tmpdir/storage/export/" "$final_path/storage/export/" #remove tmp dir sudo rm -Rf "$tmpdir" @@ -106,42 +106,79 @@ sudo rm -Rf "$tmpdir" #================================================= # NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading nginx web server configuration..." --time --weight=1 # Create a dedicated nginx config ynh_add_nginx_config +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --time --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + #================================================= # CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1 -# Create a system user -ynh_system_user_create $app +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app #================================================= -# PHP-FPM 7.2 CONFIGURATION +# PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading php-fpm configuration..." --time --weight=1 + +# Create a dedicated php-fpm config +ynh_add_fpm_config --phpversion=7.2 + +#================================================= +# STORE THE CONFIG FILE CHECKSUM #================================================= -# Create a dedicated php-fpm7.1 config -ynh_add_fpm7.2_config +### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. +### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. +ynh_backup_if_checksum_is_different --file="$final_path/CONFIG_FILE" +# Recalculate and store the checksum of the file for the next upgrade. +ynh_store_file_checksum --file="$final_path/CONFIG_FILE" + +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1 + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +#================================================= +# GENERIC FINALIZATION +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring fail2ban..." --time --weight=1 + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" #================================================= # SPECIFIC UPGRADE #================================================= # Get the admin email -email=$(ynh_user_get_info $admin 'mail') +email=$(ynh_user_get_info --username=$admin --key='mail') # setup application config sudo cp ../conf/.env $final_path/.env #================================================= # MODIFY A CONFIG FILE #================================================= -ynh_replace_string "random_key" "$random_key" "$final_path/.env" -ynh_replace_string "yunouser" "$db_name" "$final_path/.env" -ynh_replace_string "yunopass" "$db_pwd" "$final_path/.env" -ynh_replace_string "yunobase" "$db_name" "$final_path/.env" -ynh_replace_string "yunomail" "$email" "$final_path/.env" -ynh_replace_string "yunodomain" "$domain" "$final_path/.env" - +ynh_replace_string --match_string"random_key" --replace_string="$random_key" --file="$final_path/.env" +ynh_replace_string --match_string"yunouser" --replace_string="$db_name" --file="$final_path/.env" +ynh_replace_string --match_string"yunopass" --replace_string="$db_pwd" --file="$final_path/.env" +ynh_replace_string --match_string"yunobase" --replace_string="$db_name" --file="$final_path/.env" +ynh_replace_string --match_string"yunomail" --replace_string="$email" --file="$final_path/.env" +ynh_replace_string --match_string"yunodomain" --replace_string="$domain" --file="$final_path/.env" init_composer $final_path cd $final_path && sudo /usr/bin/php7.2 artisan migrate --env=production --force @@ -151,10 +188,9 @@ cd $final_path && sudo /usr/bin/php7.2 artisan firefly:verify cd $final_path && sudo /usr/bin/php7.2 artisan passport:install # Verify the checksum and backup the file if it's different -ynh_backup_if_checksum_is_different "$final_path/.env" +ynh_backup_if_checksum_is_different --file="$final_path/.env" # Recalculate and store the config file checksum into the app settings -ynh_store_file_checksum "$final_path/.env" - +ynh_store_file_checksum --file="$final_path/.env" #================================================= # GENERIC FINALIZATION @@ -162,32 +198,31 @@ ynh_store_file_checksum "$final_path/.env" # SECURE FILES AND DIRECTORIES #================================================= -# Set right permissions +# Set right permissions chown -R $app: $final_path #================================================= # SETUP SSOWAT #================================================= +ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1 -if [ $is_public -eq 0 ] -then # Remove the public access - ynh_app_setting_delete $app skipped_uris -fi # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set $app unprotected_uris "/" + # unprotected_uris allows SSO credentials to be passed anyway + ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" fi #================================================= # RELOAD NGINX #================================================= -systemctl reload php7.2-fpm -systemctl reload nginx -# Set default php to php5 or php7.2 -if [ "$(lsb_release --codename --short)" == "jessie" ]; then - update-alternatives --set php /usr/bin/php5 -else - update-alternatives --set php /usr/bin/php7.0 -fi +ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload +ynh_systemd_action --service_name=php7.2-fpm --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --time --last From 5b3bad7dd867a4c9c00a04cf749303d9b6b06d9b Mon Sep 17 00:00:00 2001 From: Alex Budurovici Date: Sun, 23 Jun 2019 01:22:06 +0200 Subject: [PATCH 4/9] Update all script to match newer YUNOHOST standards and use native methods to install php7.2 --- check_process | 62 ++++++++++++----------- scripts/_common.sh | 105 ++++++++++++++++++++------------------ scripts/backup | 40 +++++++++++---- scripts/change_url | 44 +++++++++------- scripts/install | 124 +++++++++++++++++++++++++++++++++------------ scripts/remove | 62 ++++++++++++++++++++--- scripts/restore | 111 +++++++++++++++++++++++++--------------- 7 files changed, 362 insertions(+), 186 deletions(-) diff --git a/check_process b/check_process index 8f1cf5c..428726a 100644 --- a/check_process +++ b/check_process @@ -4,36 +4,40 @@ # Move this file from check_process.default to check_process when you have filled it. ;; Test complet - ; Manifest - domain="domain.tld" (DOMAIN) - admin="john" (USER) - is_public=1 (PUBLIC|public=1|private=0) - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - backup_restore=1 - multi_instance=1 - incorrect_path=1 - port_already_use=0 - change_url=0 + ; Manifest + domain="domain.tld" (DOMAIN) + admin="john" (USER) + is_public=1 (PUBLIC|public=1|private=0) + ; Checks + pkg_linter=1 + setup_sub_dir=0 + setup_root=1 + setup_nourl=0 + setup_private=1 + setup_public=1 + upgrade=1 + backup_restore=1 + multi_instance=1 + incorrect_path=1 + port_already_use=0 + change_url=0 ;;; Levels - Level 1=auto - Level 2=auto - Level 3=auto -# Level 4: - Level 4=0 -# Level 5: - Level 5=auto - Level 6=auto - Level 7=auto - Level 8=0 - Level 9=0 - Level 10=0 + Level 1=auto + Level 2=auto + Level 3=auto +# Level 4: + Level 4=0 +# Level 5: + Level 5=auto + Level 6=auto + Level 7=auto + Level 8=0 + Level 9=0 + Level 10=0 ;;; Options Email=anmol@datamol.org Notification=change +;;; Upgrade options + ; commit=CommitHash + name=Name and date of the commit. + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=1&password=pass& diff --git a/scripts/_common.sh b/scripts/_common.sh index c67634c..772e721 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,5 +1,12 @@ #!/bin/bash +#================================================= +# COMMON VARIABLES +#================================================= + +# dependencies used by the app +pkg_dependencies="php7.2 php7.2-zip php7.2-fpm php7.2-mysql php7.2-xml php7.2-intl php7.2-mbstring php7.2-gd php7.2-curl php7.2-bcmath php7.2-opcache php7.2-ldap" + # ============= FUTURE YUNOHOST HELPER ============= # Delete a file checksum from the app settings # @@ -15,44 +22,46 @@ ynh_delete_file_checksum () { # Create a dedicated php-fpm config # # usage: ynh_add_fpm_config -ynh_add_fpm7.2_config () { - # Configure PHP-FPM 7.1 by default - ynh_secure_remove "/etc/php/7.1/fpm/pool.d/$app.conf" 2>&1 - ynh_secure_remove "/etc/php/7.1/fpm/conf.d/20-$app.ini" 2>&1 - local fpm_config_dir="/etc/php/7.2/fpm" - local fpm_service="php7.2-fpm" - ynh_app_setting_set $app fpm_config_dir "$fpm_config_dir" - ynh_app_setting_set $app fpm_service "$fpm_service" - finalphpconf="$fpm_config_dir/pool.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalphpconf" - sudo cp ../conf/php-fpm.conf "$finalphpconf" - ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" - ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf" - ynh_replace_string "__USER__" "$app" "$finalphpconf" - sudo chown root: "$finalphpconf" - ynh_store_file_checksum "$finalphpconf" - if [ -e "../conf/php-fpm.ini" ] - then - finalphpini="$fpm_config_dir/conf.d/20-$app.ini" - ynh_backup_if_checksum_is_different "$finalphpini" - sudo cp ../conf/php-fpm.ini "$finalphpini" - sudo chown root: "$finalphpini" - ynh_store_file_checksum "$finalphpini" - fi - sudo systemctl reload $fpm_service -} +# ynh_add_fpm7.2_config () { +# # Configure PHP-FPM 7.1 by default +# ynh_secure_remove "/etc/php/7.1/fpm/pool.d/$app.conf" 2>&1 +# ynh_secure_remove "/etc/php/7.1/fpm/conf.d/20-$app.ini" 2>&1 +# local fpm_config_dir="/etc/php/7.2/fpm" +# local fpm_service="php7.2-fpm" +# ynh_app_setting_set $app fpm_config_dir "$fpm_config_dir" +# ynh_app_setting_set $app fpm_service "$fpm_service" +# finalphpconf="$fpm_config_dir/pool.d/$app.conf" +# ynh_backup_if_checksum_is_different "$finalphpconf" +# sudo cp ../conf/php-fpm.conf "$finalphpconf" +# ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" +# ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf" +# ynh_replace_string "__USER__" "$app" "$finalphpconf" +# sudo chown root: "$finalphpconf" +# ynh_store_file_checksum "$finalphpconf" + +# if [ -e "../conf/php-fpm.ini" ] +# then +# finalphpini="$fpm_config_dir/conf.d/20-$app.ini" +# ynh_backup_if_checksum_is_different "$finalphpini" +# sudo cp ../conf/php-fpm.ini "$finalphpini" +# sudo chown root: "$finalphpini" +# ynh_store_file_checksum "$finalphpini" +# fi +# sudo systemctl reload $fpm_service +# } # Remove the dedicated php-fpm config # # usage: ynh_remove_fpm7.1_config -ynh_remove_fpm7.2_config () { - local fpm_config_dir=$(ynh_app_setting_get $app fpm_config_dir) - local fpm_service=$(ynh_app_setting_get $app fpm_service) - ynh_secure_remove "$fpm_config_dir/pool.d/$app.conf" - ynh_secure_remove "$fpm_config_dir/conf.d/20-$app.ini" 2>&1 - sudo systemctl reload $fpm_service -} + +# ynh_remove_fpm7.2_config () { +# local fpm_config_dir=$(ynh_app_setting_get $app fpm_config_dir) +# local fpm_service=$(ynh_app_setting_get $app fpm_service) +# ynh_secure_remove "$fpm_config_dir/pool.d/$app.conf" +# ynh_secure_remove "$fpm_config_dir/conf.d/20-$app.ini" 2>&1 +# sudo systemctl reload $fpm_service +# } @@ -110,22 +119,22 @@ sudo_path () { # PHP7 helpers # -ynh_install_php7 () { +# ynh_install_php7 () { - ynh_package_update - ynh_package_install apt-transport-https --no-install-recommends +# ynh_package_update +# ynh_package_install apt-transport-https --no-install-recommends - wget -q -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php7.list +# wget -q -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg +# echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php7.list - ynh_package_update - ynh_install_app_dependencies php7.2 php7.2-zip php7.2-fpm php7.2-mysql php7.2-xml php7.2-intl php7.2-mbstring php7.2-gd php7.2-curl php7.2-bcmath php7.2-opcache php7.2-ldap - sudo update-alternatives --install /usr/bin/php php /usr/bin/php5 70 -} +# ynh_package_update +# ynh_install_app_dependencies php7.2 php7.2-zip php7.2-fpm php7.2-mysql php7.2-xml php7.2-intl php7.2-mbstring php7.2-gd php7.2-curl php7.2-bcmath php7.2-opcache php7.2-ldap +# sudo update-alternatives --install /usr/bin/php php /usr/bin/php5 70 +# } -ynh_remove_php7 () { - sudo rm -f /etc/apt/sources.list.d/php7.list - sudo apt-key del 4096R/89DF5277 - sudo apt-key del 2048R/11A06851 - ynh_remove_app_dependencies php7.2 php7.2-zip php7.2-fpm php7.2-mysql php7.2-xml php7.2-intl php7.2-mbstring php7.2-gd php7.2-curl php7.2-bcmath php7.2-opcache -} +# ynh_remove_php7 () { +# sudo rm -f /etc/apt/sources.list.d/php7.list +# sudo apt-key del 4096R/89DF5277 +# sudo apt-key del 2048R/11A06851 +# ynh_remove_app_dependencies php7.2 php7.2-zip php7.2-fpm php7.2-mysql php7.2-xml php7.2-intl php7.2-mbstring php7.2-gd php7.2-curl php7.2-bcmath php7.2-opcache +# } diff --git a/scripts/backup b/scripts/backup index 676dc2c..42f767f 100755 --- a/scripts/backup +++ b/scripts/backup @@ -24,39 +24,61 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -final_path=$(ynh_app_setting_get $app final_path) -domain=$(ynh_app_setting_get $app domain) -db_name=$(ynh_app_setting_get $app db_name) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) -#================================================= -# STANDARD BACKUP STEPS #================================================= # BACKUP THE APP MAIN DIR #================================================= +ynh_script_progression --message="Backing up the main app directory..." --time --weight=1 -ynh_backup "$final_path" +ynh_backup --src_path="$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Backing up nginx web server configuration..." --time --weight=1 -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Backing up php-fpm configuration..." --time --weight=1 -ynh_backup "/etc/php/7.2/fpm/pool.d/$app.conf" +ynh_backup --src_path="/etc/php/7.2/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE #================================================= +ynh_script_progression --message="Backing up the MySQL database..." --time --weight=1 -ynh_mysql_dump_db "$db_name" > db.sql +ynh_mysql_dump_db --database="$db_name" > db.sql +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Backing up fail2ban configuration..." --time --weight=1 +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP LOGROTATE +#================================================= +ynh_script_progression --message="Backing up logrotate configuration..." --time --weight=1 +ynh_backup --src_path="/etc/logrotate.d/$app" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --time --last diff --git a/scripts/change_url b/scripts/change_url index 51b3b36..689ff59 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -37,13 +37,13 @@ old_path=$(ynh_normalize_url_path $old_path) change_domain=0 if [ "$old_domain" != "$new_domain" ] then - change_domain=1 + change_domain=1 fi change_path=0 if [ "$old_path" != "$new_path" ] then - change_path=1 + change_path=1 fi #================================================= @@ -51,31 +51,32 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= +ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # Change the path in the nginx config file if [ $change_path -eq 1 ] then - # Make a backup of the original nginx config file if modified - ynh_backup_if_checksum_is_different "$nginx_conf_path" - # Replace locations starting with old_path - # Look for every location possible patterns (see https://nginx.org/en/docs/http/ngx_http_core_module.html#location) - ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? $old_path" "location\1 $new_path" "$nginx_conf_path" - # Replace path in "return" directives - ynh_replace_string "return \([[:digit:]]\{3\}\) $old_path" "return \1 $new_path" "$nginx_conf_path" - # Calculate and store the nginx config file checksum - ynh_store_file_checksum "$nginx_conf_path" + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different --file="$nginx_conf_path" + # Replace locations starting with old_path + # Look for every location possible patterns (see https://nginx.org/en/docs/http/ngx_http_core_module.html#location) + ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? $old_path" "location\1 $new_path" "$nginx_conf_path" + # Replace path in "return" directives + ynh_replace_string "return \([[:digit:]]\{3\}\) $old_path" "return \1 $new_path" "$nginx_conf_path" + # Calculate and store the nginx config file checksum + ynh_store_file_checksum --file="$nginx_conf_path" fi # Change the domain for nginx if [ $change_domain -eq 1 ] then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum "$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" + # Delete file checksum for the old conf file location + ynh_delete_file_checksum --file="$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi #================================================= @@ -84,10 +85,15 @@ fi # ... #================================================= -#================================================= -# GENERIC FINALISATION #================================================= # RELOAD NGINX #================================================= +ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --time --last diff --git a/scripts/install b/scripts/install index 0cbf8c3..8796e60 100755 --- a/scripts/install +++ b/scripts/install @@ -41,55 +41,57 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_script_progression --message="Validating installation parameters..." --time --weight=1 final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" -# Normalize the url path syntax -path_url=$(ynh_normalize_url_path $path_url) - -# Check web path availability -ynh_webpath_available $domain $path_url # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_script_progression --message="Storing installation settings..." --time --weight=1 -ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app path $path_url -ynh_app_setting_set $app admin $admin -ynh_app_setting_set $app is_public $is_public -ynh_app_setting_set $app random_key $random_key +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin +ynh_app_setting_set --app=$app --key=is_public --value=$is_public +ynh_app_setting_set --app=$app --key=random_key --value=$random_key #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_script_progression --message="Installing dependencies..." --time --weight=1 -ynh_install_php7 +# ynh_install_php7 +ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE A MYSQL DATABASE #================================================= -# If your app uses a MySQL database, you can use these lines to bootstrap -# a database, an associated user and save the password in app settings +ynh_script_progression --message="Creating a MySQL database..." --time --weight=1 -db_name=$(ynh_sanitize_dbid $app) -ynh_app_setting_set $app db_name $db_name -ynh_mysql_setup_db $db_name $db_name +db_name=$(ynh_sanitize_dbid --db_name=$app) +db_user=$db_name +ynh_app_setting_set --app=$app --key=db_name --value=$db_name +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression --message="Setting up source files..." --time --weight=1 -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Configuring nginx web server..." --time --weight=1 # Create a dedicated nginx config ynh_add_nginx_config @@ -97,16 +99,19 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Configuring system user..." --time --weight=1 # Create a system user -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # PHP-FPM 7.2 CONFIGURATION #================================================= +ynh_script_progression --message="Configuring php-fpm..." --time --weight=1 # Create a dedicated php-fpm7.1 config -ynh_add_fpm7.2_config +# ynh_add_fpm7.2_config +ynh_add_fpm_config --phpversion=7.2 #================================================= # SPECIFIC SETUP @@ -117,6 +122,7 @@ email=$(ynh_user_get_info $admin 'mail') # setup application config sudo cp ../conf/.env $final_path/.env + #================================================= # MODIFY A CONFIG FILE #================================================= @@ -137,11 +143,12 @@ db_name=$(ynh_sanitize_dbid $app) cd $final_path && sudo /usr/bin/php7.2 artisan -q :refresh --seed --force cd $final_path && sudo /usr/bin/php7.2 artisan passport:install --force ) + #================================================= # SETUP APPLICATION PERMISSIONS #================================================= -# Set right permissions +# Set right permissions chown -R $app: $final_path #================================================= @@ -154,26 +161,79 @@ ynh_store_file_checksum "$final_path/.env" #================================================= # SETUP SSOWAT #================================================= +ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 if [ $is_public -eq 0 ] then # Remove the public access - ynh_app_setting_delete $app skipped_uris + ynh_app_setting_delete $app skipped_uris fi # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set $app unprotected_uris "/" + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set $app unprotected_uris "/" fi +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Configuring log rotation..." --time --weight=1 + +### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. +### Use this helper only if there is effectively a log file for this app. +### If you're not using this helper: +### - Remove the section "BACKUP LOGROTATE" in the backup script +### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script +### - And the section "SETUP LOGROTATE" in the upgrade script + +# Use logrotate to manage application logfile(s) +ynh_use_logrotate + +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +### `yunohost service add` is a CLI yunohost command to add a service in the admin panel. +### You'll find the service in the 'services' section of YunoHost admin panel. +### This CLI command would be useless if the app does not have any services (systemd or sysvinit) +### If you're not using these lines: +### - You can remove these files in conf/. +### - Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script +### - As well as the section "ADVERTISE SERVICE IN ADMIN PANEL" in the restore script + +yunohost service add $app --log "/var/log/$app/$app.log" +# if using yunohost version 3.2 or more in the 'manifest.json', a description can be added +#yunohost service add $app --description "$app daemon for XXX" --log "/var/log/$app/$app.log" + +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring fail2ban..." --time --weight=1 + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + #================================================= # RELOAD NGINX #================================================= -systemctl reload php7.2-fpm -systemctl reload nginx +ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 + +# systemctl reload php7.2-fpm +# systemctl reload nginx + +ynh_systemd_action --service_name=php7.2-fpm --action=reload +ynh_systemd_action --service_name=nginx --action=reload + # Set default php to php5 or php7.0 -if [ "$(lsb_release --codename --short)" == "jessie" ]; then - update-alternatives --set php /usr/bin/php5 -else - update-alternatives --set php /usr/bin/php7.0 -fi +# if [ "$(lsb_release --codename --short)" == "jessie" ]; then +# update-alternatives --set php /usr/bin/php5 +# else +# update-alternatives --set php /usr/bin/php7.0 +# fi + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --time --last diff --git a/scripts/remove b/scripts/remove index c04c43f..cd63178 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,31 +12,57 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -db_name=$(ynh_app_setting_get $app db_name) +domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name -final_path=$(ynh_app_setting_get $app final_path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# STANDARD REMOVE +#================================================= +# REMOVE SERVICE FROM ADMIN PANEL +#================================================= + +# Remove a service from the admin panel, added by `yunohost service add` +if yunohost service status $app >/dev/null 2>&1 +then + ynh_script_progression --message="Removing $app service..." --time --weight=1 + yunohost service remove $app +fi #================================================= # REMOVE THE MYSQL DATABASE #================================================= +ynh_script_progression --message="Removing the MySQL database..." --time --weight=1 # Remove a database if it exists, along with the associated user -ynh_mysql_remove_db $db_user $db_name +ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name + +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." --time --weight=1 + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_script_progression --message="Removing app main directory..." --time --weight=1 # Remove the app directory securely -ynh_secure_remove "$final_path" +ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Removing nginx web server configuration..." --time --weight=1 # Remove the dedicated nginx config ynh_remove_nginx_config @@ -44,20 +70,40 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Removing php-fpm configuration..." --time --weight=1 # Remove the dedicated php-fpm config -ynh_remove_fpm7.2_config +ynh_remove_fpm_config +# ynh_remove_fpm7.2_config #================================================= -# SPECIFIC REMOVE +# REMOVE LOGROTATE CONFIGURATION #================================================= +ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1 +# Remove the app-specific logrotate config +ynh_remove_logrotate + +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Removing fail2ban configuration..." --time --weight=1 + +# Remove the dedicated fail2ban config +ynh_remove_fail2ban_config #================================================= # GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= +ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 # Delete a system user -ynh_system_user_delete $app +ynh_system_user_delete --username=$app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --time --last diff --git a/scripts/restore b/scripts/restore index 62668e9..4004350 100755 --- a/scripts/restore +++ b/scripts/restore @@ -7,10 +7,11 @@ #================================================= if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh fi + source _common.sh source /usr/share/yunohost/helpers @@ -24,32 +25,25 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -final_path=$(ynh_app_setting_get $app final_path) -db_name=$(ynh_app_setting_get $app db_name) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 -ynh_webpath_available $domain $path_url \ - || ynh_die "Path not available: ${domain}${path_url}" +ynh_webpath_available --domain=$domain --path_url=$path_url \ +|| ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ - || ynh_die "There is already a directory: $final_path " - - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= - -# Define and install dependencies -ynh_install_php7 +|| ynh_die --message="There is already a directory: $final_path "s #================================================= # STANDARD RESTORATION STEPS @@ -57,29 +51,23 @@ ynh_install_php7 # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" - - -#================================================= -# RESTORE THE MYSQL DATABASE -#================================================= - -db_pwd=$(ynh_app_setting_get $app mysqlpwd) -ynh_mysql_setup_db $db_name $db_name $db_pwd -ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_restore_file "$final_path" +ynh_script_progression --message="Restoring the app main directory..." --time --weight=1 + +ynh_restore_file --origin_path="$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1 # Create the dedicated user (if not existing) -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # RESTORE USER RIGHTS @@ -92,7 +80,47 @@ chown -R $app: $final_path # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file "/etc/php/7.2/fpm/pool.d/$app.conf" +ynh_restore_file --origin_path="/etc/php/7.2/fpm/pool.d/$app.conf" + +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the fail2ban configuration..." --time --weight=1 + +ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1 + +# Define and install dependencies +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= +ynh_script_progression --message="Restoring the MySQL database..." --time --weight=1 + +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql + +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +yunohost service add $app --log "/var/log/$app/$app.log" + +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= # SPECIFIC UPGRADE @@ -109,12 +137,13 @@ cd $final_path && sudo /usr/bin/php7.2 artisan passport:install #================================================= # RELOAD NGINX AND PHP-FPM #================================================= +ynh_script_progression --message="Reloading nginx web server and php-fpm..." --time --weight=1 -systemctl reload php7.2-fpm -systemctl reload nginx -# Set default php to php5 or php7.0 -if [ "$(lsb_release --codename --short)" == "jessie" ]; then - update-alternatives --set php /usr/bin/php5 -else - update-alternatives --set php /usr/bin/php7.0 -fi +ynh_systemd_action --service_name=php7.2-fpm --action=reload +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --time --last From 481780d690ace2b8f4621b31485ce791a776bec6 Mon Sep 17 00:00:00 2001 From: Alex Budurovici Date: Sun, 23 Jun 2019 01:32:31 +0200 Subject: [PATCH 5/9] Update yunohost version requirement --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index eb8b715..321166f 100644 --- a/manifest.json +++ b/manifest.json @@ -15,7 +15,7 @@ "url": "https://datamol.org" }, "requirements": { - "yunohost": ">= 2.7.2" + "yunohost": ">= 3.5.0" }, "multi_instance": true, "services": [ From 8077e55640c5506a6785a9c16d70b23f5b93e55d Mon Sep 17 00:00:00 2001 From: Alex Budurovici Date: Sun, 23 Jun 2019 01:49:21 +0200 Subject: [PATCH 6/9] Change to run composer as local user and not root --- scripts/_common.sh | 3 ++- scripts/install | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 772e721..d6b0ab2 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -90,7 +90,8 @@ exec_composer() { shift 1 COMPOSER_HOME="${WORKDIR}/.composer" \ - sudo /usr/bin/php7.2 "${WORKDIR}/composer.phar" $@ \ + # sudo /usr/bin/php7.2 "${WORKDIR}/composer.phar" $@ \ + /usr/bin/php7.2 "${WORKDIR}/composer.phar" $@ \ -d "${WORKDIR}" --no-interaction } diff --git a/scripts/install b/scripts/install index 8796e60..304e79b 100755 --- a/scripts/install +++ b/scripts/install @@ -133,7 +133,7 @@ ynh_replace_string "yunobase" "$db_name" "$final_path/.env" ynh_replace_string "yunomail" "$email" "$final_path/.env" ynh_replace_string "yunodomain" "$domain" "$final_path/.env" -init_composer $final_path +init_composer $final_path $app ( cd $final_path && sudo /usr/bin/php7.2 artisan config:clear ) db_name=$(ynh_sanitize_dbid $app) From a904264002b4a8f3c68b3a4a4f465014820881a9 Mon Sep 17 00:00:00 2001 From: Alex Budurovici Date: Sun, 23 Jun 2019 01:53:34 +0200 Subject: [PATCH 7/9] Comment out fail2ban setup --- scripts/backup | 6 +++--- scripts/install | 7 ++++--- scripts/remove | 6 +++--- scripts/restore | 8 ++++---- scripts/upgrade | 6 +++--- 5 files changed, 17 insertions(+), 16 deletions(-) diff --git a/scripts/backup b/scripts/backup index 42f767f..7ad24d2 100755 --- a/scripts/backup +++ b/scripts/backup @@ -63,10 +63,10 @@ ynh_mysql_dump_db --database="$db_name" > db.sql #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Backing up fail2ban configuration..." --time --weight=1 +# ynh_script_progression --message="Backing up fail2ban configuration..." --time --weight=1 -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +# ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +# ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= # SPECIFIC BACKUP diff --git a/scripts/install b/scripts/install index 304e79b..5d3b91a 100755 --- a/scripts/install +++ b/scripts/install @@ -209,10 +209,11 @@ yunohost service add $app --log "/var/log/$app/$app.log" #================================================= # SETUP FAIL2BAN #================================================= -ynh_script_progression --message="Configuring fail2ban..." --time --weight=1 +# ynh_script_progression --message="Configuring fail2ban..." --time --weight=1 + +# # Create a dedicated fail2ban config +# ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: ,.*POST $path_url.*$" --max_retry=5 -# Create a dedicated fail2ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" #================================================= # RELOAD NGINX diff --git a/scripts/remove b/scripts/remove index cd63178..2df1b93 100755 --- a/scripts/remove +++ b/scripts/remove @@ -87,10 +87,10 @@ ynh_remove_logrotate #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Removing fail2ban configuration..." --time --weight=1 +# ynh_script_progression --message="Removing fail2ban configuration..." --time --weight=1 -# Remove the dedicated fail2ban config -ynh_remove_fail2ban_config +# # Remove the dedicated fail2ban config +# ynh_remove_fail2ban_config #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index 4004350..7d49034 100755 --- a/scripts/restore +++ b/scripts/restore @@ -85,11 +85,11 @@ ynh_restore_file --origin_path="/etc/php/7.2/fpm/pool.d/$app.conf" #================================================= # RESTORE FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the fail2ban configuration..." --time --weight=1 +# ynh_script_progression --message="Restoring the fail2ban configuration..." --time --weight=1 -ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban +# ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +# ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +# ynh_systemd_action --action=restart --service_name=fail2ban #================================================= # SPECIFIC RESTORATION diff --git a/scripts/upgrade b/scripts/upgrade index 2d4d560..9af9722 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -157,10 +157,10 @@ ynh_use_logrotate --non-append #================================================= # UPGRADE FAIL2BAN #================================================= -ynh_script_progression --message="Reconfiguring fail2ban..." --time --weight=1 +# ynh_script_progression --message="Reconfiguring fail2ban..." --time --weight=1 -# Create a dedicated fail2ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +# # Create a dedicated fail2ban config +# ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: ,.*POST $path_url.*$" --max_retry=5 #================================================= # SPECIFIC UPGRADE From 328b9178c079c8aa67d906436d6c42d10057c661 Mon Sep 17 00:00:00 2001 From: Alex Budurovici Date: Sun, 23 Jun 2019 12:39:48 +0200 Subject: [PATCH 8/9] Cleanup obsolete helpers in common.sh --- scripts/_common.sh | 70 ---------------------------------------------- 1 file changed, 70 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index d6b0ab2..1e86d02 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -19,52 +19,6 @@ ynh_delete_file_checksum () { ynh_app_setting_delete $app $checksum_setting_name } -# Create a dedicated php-fpm config -# -# usage: ynh_add_fpm_config - -# ynh_add_fpm7.2_config () { -# # Configure PHP-FPM 7.1 by default -# ynh_secure_remove "/etc/php/7.1/fpm/pool.d/$app.conf" 2>&1 -# ynh_secure_remove "/etc/php/7.1/fpm/conf.d/20-$app.ini" 2>&1 -# local fpm_config_dir="/etc/php/7.2/fpm" -# local fpm_service="php7.2-fpm" -# ynh_app_setting_set $app fpm_config_dir "$fpm_config_dir" -# ynh_app_setting_set $app fpm_service "$fpm_service" -# finalphpconf="$fpm_config_dir/pool.d/$app.conf" -# ynh_backup_if_checksum_is_different "$finalphpconf" -# sudo cp ../conf/php-fpm.conf "$finalphpconf" -# ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" -# ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf" -# ynh_replace_string "__USER__" "$app" "$finalphpconf" -# sudo chown root: "$finalphpconf" -# ynh_store_file_checksum "$finalphpconf" - -# if [ -e "../conf/php-fpm.ini" ] -# then -# finalphpini="$fpm_config_dir/conf.d/20-$app.ini" -# ynh_backup_if_checksum_is_different "$finalphpini" -# sudo cp ../conf/php-fpm.ini "$finalphpini" -# sudo chown root: "$finalphpini" -# ynh_store_file_checksum "$finalphpini" -# fi -# sudo systemctl reload $fpm_service -# } - -# Remove the dedicated php-fpm config -# -# usage: ynh_remove_fpm7.1_config - -# ynh_remove_fpm7.2_config () { -# local fpm_config_dir=$(ynh_app_setting_get $app fpm_config_dir) -# local fpm_service=$(ynh_app_setting_get $app fpm_service) -# ynh_secure_remove "$fpm_config_dir/pool.d/$app.conf" -# ynh_secure_remove "$fpm_config_dir/conf.d/20-$app.ini" 2>&1 -# sudo systemctl reload $fpm_service -# } - - - # Execute a command as another user # usage: exec_as USER COMMAND [ARG ...] exec_as() { @@ -115,27 +69,3 @@ init_composer() { sudo_path () { sudo env "PATH=$PATH" $@ } - -# -# PHP7 helpers -# - -# ynh_install_php7 () { - -# ynh_package_update -# ynh_package_install apt-transport-https --no-install-recommends - -# wget -q -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg -# echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php7.list - -# ynh_package_update -# ynh_install_app_dependencies php7.2 php7.2-zip php7.2-fpm php7.2-mysql php7.2-xml php7.2-intl php7.2-mbstring php7.2-gd php7.2-curl php7.2-bcmath php7.2-opcache php7.2-ldap -# sudo update-alternatives --install /usr/bin/php php /usr/bin/php5 70 -# } - -# ynh_remove_php7 () { -# sudo rm -f /etc/apt/sources.list.d/php7.list -# sudo apt-key del 4096R/89DF5277 -# sudo apt-key del 2048R/11A06851 -# ynh_remove_app_dependencies php7.2 php7.2-zip php7.2-fpm php7.2-mysql php7.2-xml php7.2-intl php7.2-mbstring php7.2-gd php7.2-curl php7.2-bcmath php7.2-opcache -# } From 32d6a496c8f0da9245abe91cea828f19b0ce7fae Mon Sep 17 00:00:00 2001 From: Alex Budurovici Date: Sun, 23 Jun 2019 12:40:35 +0200 Subject: [PATCH 9/9] Cleanup fail2ban comments --- scripts/backup | 8 -------- scripts/install | 9 --------- scripts/remove | 8 -------- scripts/restore | 9 --------- scripts/upgrade | 10 ---------- 5 files changed, 44 deletions(-) diff --git a/scripts/backup b/scripts/backup index 7ad24d2..4b08dcd 100755 --- a/scripts/backup +++ b/scripts/backup @@ -60,14 +60,6 @@ ynh_script_progression --message="Backing up the MySQL database..." --time --wei ynh_mysql_dump_db --database="$db_name" > db.sql -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= -# ynh_script_progression --message="Backing up fail2ban configuration..." --time --weight=1 - -# ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -# ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" - #================================================= # SPECIFIC BACKUP #================================================= diff --git a/scripts/install b/scripts/install index 5d3b91a..67bb35a 100755 --- a/scripts/install +++ b/scripts/install @@ -206,15 +206,6 @@ yunohost service add $app --log "/var/log/$app/$app.log" # if using yunohost version 3.2 or more in the 'manifest.json', a description can be added #yunohost service add $app --description "$app daemon for XXX" --log "/var/log/$app/$app.log" -#================================================= -# SETUP FAIL2BAN -#================================================= -# ynh_script_progression --message="Configuring fail2ban..." --time --weight=1 - -# # Create a dedicated fail2ban config -# ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: ,.*POST $path_url.*$" --max_retry=5 - - #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/remove b/scripts/remove index 2df1b93..18b5612 100755 --- a/scripts/remove +++ b/scripts/remove @@ -84,14 +84,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --time -- # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -# ynh_script_progression --message="Removing fail2ban configuration..." --time --weight=1 - -# # Remove the dedicated fail2ban config -# ynh_remove_fail2ban_config - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 7d49034..d330801 100755 --- a/scripts/restore +++ b/scripts/restore @@ -82,15 +82,6 @@ chown -R $app: $final_path ynh_restore_file --origin_path="/etc/php/7.2/fpm/pool.d/$app.conf" -#================================================= -# RESTORE FAIL2BAN CONFIGURATION -#================================================= -# ynh_script_progression --message="Restoring the fail2ban configuration..." --time --weight=1 - -# ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" -# ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" -# ynh_systemd_action --action=restart --service_name=fail2ban - #================================================= # SPECIFIC RESTORATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 9af9722..fcb09da 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -152,16 +152,6 @@ ynh_script_progression --message="Upgrading logrotate configuration..." --time - # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append -#================================================= -# GENERIC FINALIZATION -#================================================= -# UPGRADE FAIL2BAN -#================================================= -# ynh_script_progression --message="Reconfiguring fail2ban..." --time --weight=1 - -# # Create a dedicated fail2ban config -# ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: ,.*POST $path_url.*$" --max_retry=5 - #================================================= # SPECIFIC UPGRADE #=================================================