1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/flarum_ynh.git synced 2024-09-03 18:36:24 +02:00

App user ownership and change composer directory

This commit is contained in:
tituspijean 2018-02-15 18:37:46 +01:00
parent 1444cf4166
commit 4d8aa27cb0
7 changed files with 106 additions and 88 deletions

13
conf/configuration.yml Normal file
View file

@ -0,0 +1,13 @@
baseUrl : "https://__DOMAIN__/__PATH__"
databaseConfiguration :
host : "localhost"
database : "__USER__"
username : "__USER__"
password : "__DB_PWD__"
adminUser :
username : "__ADMIN__"
password : "__ADMIN_PWD__"
password_confirmation : "__ADMIN_PWD__"
email : "__ADMIN_EML__"
settings :
forum_title : "__FORUM_TITLE__"

View file

@ -6,14 +6,14 @@ location ^~ __PATH__ {
alias __FINALPATH__/; alias __FINALPATH__/;
try_files $uri $uri/ /index.php?$query_string; try_files $uri $uri/ /index.php?$query_string;
index YNH_WWW_ROOTPATH/index.php; index __LOCATION_HACK__/index.php;
# Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 ) # Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 )
location YNH_WWW_ROOTPATH/ { try_files $uri $uri/ YNH_WWW_ROOTAPP/index.php?$query_string; } location __LOCATION_HACK__/ { try_files $uri $uri/ __PATH_HACK__/index.php?$query_string; }
location YNH_WWW_ROOTPATH/api { try_files $uri $uri/ YNH_WWW_ROOTAPP/api.php?$query_string; } location __LOCATION_HACK__/api { try_files $uri $uri/ __PATH_HACK__/api.php?$query_string; }
location YNH_WWW_ROOTPATH/admin { try_files $uri $uri/ YNH_WWW_ROOTAPP/admin.php?$query_string; } location __LOCATION_HACK__/admin { try_files $uri $uri/ __PATH_HACK__/admin.php?$query_string; }
location YNH_WWW_ROOTPATH/flarum { location __LOCATION_HACK__/flarum {
deny all; deny all;
return 404; return 404;
} }

View file

@ -43,14 +43,14 @@ listen = /var/run/php5-fpm-__USER__.sock
; BSD-derived systems allow connections regardless of permissions. ; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user ; Default Values: user and group are set as the running user
; mode is set to 0666 ; mode is set to 0666
listen.owner = www-data listen.owner = __USER__
listen.group = www-data listen.group = www-data
listen.mode = 0600 listen.mode = 0660
; Unix user/group of processes ; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group ; Note: The user is mandatory. If the group is not set, the default user's group
; will be used. ; will be used.
user = www-data user = __USER__
group = www-data group = www-data
; Choose how the process manager will control the number of child processes. ; Choose how the process manager will control the number of child processes.
@ -249,4 +249,4 @@ php_value[max_input_time] = 600
;php_value[memory_limit] = 256M ;php_value[memory_limit] = 256M
;php_value[short_open_tag] = On ;php_value[short_open_tag] = On
env[COMPOSER_HOME]= /opt/__USER___composer' env[COMPOSER_HOME]= "__FINALPATH__/.composer"

View file

@ -4,13 +4,49 @@ exec_as() {
local USER=$1 local USER=$1
shift 1 shift 1
if [[ $USER = $(whoami) ]]; then if [[ $USER = $(whoami) ]]
eval "$@" then
eval $@
else else
sudo -u "$USER" "$@" sudo -u "$USER" $@
fi fi
} }
# Execute a composer command from a given directory
# usage: composer_exec AS_USER WORKDIR COMMAND [ARG ...]
exec_composer() {
local AS_USER=$1
local WORKDIR=$2
shift 2
# Do not run composer as root
if [ $AS_USER = "root" ] ; then ynh_die "Do not run composer as root" ; fi
exec_as "$AS_USER" COMPOSER_HOME="${WORKDIR}/.composer" \
php "${WORKDIR}/composer.phar" $@ \
-d "${WORKDIR}" -d memory_limit=-1 --quiet --no-interaction
}
# Install and initialize Composer in the given directory
# usage: init_composer destdir
init_composer() {
local AS_USER=$1
local WORKDIR=$2
# Do not install composer as root
if [ $AS_USER = "root" ] ; then ynh_die "Do not install composer as root" ; fi
# install composer
curl -sS https://getcomposer.org/installer \
| COMPOSER_HOME="${WORKDIR}/.composer" \
php -- --quiet --install-dir="$WORKDIR" \
|| ynh_die "Unable to install Composer"
# update dependencies to create composer.lock
#exec_composer "$AS_USER" "$WORKDIR" install --no-dev \
# || ynh_die "Unable to update core dependencies with Composer"
}
# Send an email to inform the administrator # Send an email to inform the administrator
# #
# usage: ynh_send_readme_to_admin app_message [recipients] # usage: ynh_send_readme_to_admin app_message [recipients]

View file

@ -72,43 +72,18 @@ ynh_app_setting_set $app final_path $final_path
# CREATE DEDICATED USER # CREATE DEDICATED USER
#=================================================== #===================================================
ynh_system_user_create $app "$final_path" ynh_system_user_create $app $final_path
sudo usermod -a -G www-data $app sudo usermod -a -G www-data $app
# Create working directory
sudo mkdir -p "$final_path/.composer"
sudo chown -R $app:www-data $final_path
sudo chmod -R 0775 $final_path
#================================================= #=================================================
# COMPOSER INSTALLATION # COMPOSER INSTALLATION
#================================================= #=================================================
composer_path=/opt/${app}_composer init_composer $app $final_path
# Test if composer is installed
if ! type "${composer_path}/composer" > /dev/null; then
# Prepare composer directories
sudo mkdir -p $composer_path
sudo mkdir -p $composer_path/cache
sudo chown -R $app:www-data $composer_path
sudo chmod -R 0775 $composer_path
# Install composer (https://getcomposer.org)
EXPECTED_SIGNATURE=$(wget https://composer.github.io/installer.sig -O - -q)
php -r "copy('https://getcomposer.org/installer', '$composer_path/composer-setup.php');"
ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', '$composer_path/composer-setup.php');")
if [ "$EXPECTED_SIGNATURE" = "$ACTUAL_SIGNATURE" ]
then
sudo su - $app -s /bin/bash -c "php $composer_path/composer-setup.php --install-dir=$composer_path --filename=composer --quiet"
RESULT=$?
else
>&2 echo 'ERROR: Invalid Composer installer signature'
RESULT=1
fi
if [ $RESULT != 0 ]
then
ynh_die 'Composer could not be installed'
fi
fi
COMPOSER_HOME=$composer_path
#================================================= #=================================================
# FLARUM INSTALLATION # FLARUM INSTALLATION
@ -121,12 +96,13 @@ sudo chown -R $app:www-data $tmp
sudo chmod -R 0775 $tmp sudo chmod -R 0775 $tmp
# Install Flarum # Install Flarum
sudo su - $app -s /bin/bash -c "php -d memory_limit=-1 $composer_path/composer create-project flarum/flarum $tmp $flarum_version --stability=beta --ansi" exec_composer $app $final_path "create-project flarum/flarum $tmp $flarum_version --stability=beta --ansi"
# Copy Flarum to working directory and clean temp directory
sudo cp -Rf $tmp/* $final_path sudo cp -Rf $tmp/* $final_path
sudo chown -R $app:www-data $final_path sudo chown -R $app:www-data $final_path
sudo chmod 0775 -R $final_path sudo chmod -R 0775 $final_path
ynh_secure_remove "$tmp" ynh_secure_remove $tmp
#================================================= #=================================================
# CREATE A MYSQL DATABASE # CREATE A MYSQL DATABASE
@ -143,11 +119,11 @@ ynh_app_setting_set "$app" db_pwd "$db_pwd"
# Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 ) # Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 )
if [ $path_url = "/" ]; then if [ $path_url = "/" ]; then
sed -i "s@YNH_WWW_ROOTPATH@@g" ../conf/nginx.conf sed -i "s@__LOCATION_HACK__@@g" ../conf/nginx.conf
sed -i "s@YNH_WWW_ROOTAPP@/@g" ../conf/nginx.conf sed -i "s@__PATH_HACK__@/@g" ../conf/nginx.conf
else else
sed -i "s@YNH_WWW_ROOTPATH@$path_url@g" ../conf/nginx.conf sed -i "s@__LOCATION_HACK__@$path_url@g" ../conf/nginx.conf
sed -i "s@YNH_WWW_ROOTAPP@$path_url$path_url@g" ../conf/nginx.conf sed -i "s@__PATH_HACK__@$path_url$path_url@g" ../conf/nginx.conf
fi fi
# Create a dedicated nginx config # Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
@ -191,27 +167,31 @@ systemctl reload nginx
# FLARUM POST-INSTALL # FLARUM POST-INSTALL
#================================================= #=================================================
# Only if admin user or title were specified
if [[ -n $admin && -n $title ]]; then if [[ -n $admin && -n $title ]]; then
# If admin user and title were specified, start post-installation
# Copy the configuration.yml to working directory
finalflarumconf="$final_path/configuration.yml" finalflarumconf="$final_path/configuration.yml"
cp ../sources/configuration.yml $finalflarumconf cp ../conf/configuration.yml $finalflarumconf
# Generate admin password and retrieve their email address
admin_pwd=$(ynh_string_random 8) admin_pwd=$(ynh_string_random 8)
sed -i "s@YNH_APP_DOMAIN@$domain@g" $finalflarumconf
sed -i "s@/YNH_WWW_PATH@$path_url@g" $finalflarumconf
sed -i "s@YNH_WWW_APP@$app@g" $finalflarumconf
sed -i "s@YNH_DB_PASS@$db_pwd@g" $finalflarumconf
sed -i "s@YNH_ADMIN_USER@$admin@g" $finalflarumconf
sed -i "s@YNH_ADMIN_PASS@$admin_pwd@g" $finalflarumconf
admin_mail=$(ynh_user_get_info $admin mail) admin_mail=$(ynh_user_get_info $admin mail)
sed -i "s%YNH_ADMIN_EMAIL%$admin_mail%g" $finalflarumconf # Populate configuration.yml
sed -i "s@YNH_FORUM_TITLE@$title@g" $finalflarumconf sed -i "s@__DOMAIN__@$domain@g" $finalflarumconf
cd "$final_path" sed -i "s@/__PATH__@$path_url@g" $finalflarumconf
exec_as www-data \ sed -i "s@__USER__@$app@g" $finalflarumconf
php -d memory_limit=-1 flarum install -f configuration.yml sed -i "s@__DB_PWD__@$db_pwd@g" $finalflarumconf
sed -i "s@__ADMIN__@$admin@g" $finalflarumconf
sed -i "s@__ADMIN_PWD__@$admin_pwd@g" $finalflarumconf
sed -i "s%__ADMIN_EML__%$admin_mail%g" $finalflarumconf
sed -i "s@__FORUM_TITLE__@$title@g" $finalflarumconf
# Execute post-installation
cd $final_path
exec_as $app "php -d memory_limit=-1 flarum install -f configuration.yml"
# Delete configuration.yml as it sensitive data
ynh_secure_remove $finalflarumconf ynh_secure_remove $finalflarumconf
# Install the SSOwat auth extension # Install the SSOwat auth extension
sudo su - www-data -s /bin/bash -c "cd $final_path && $composer_path/composer require 'tituspijean/flarum-ext-auth-ssowat:*@dev' --ansi" exec_composer $app $final_path "require tituspijean/flarum-ext-auth-ssowat:*@dev --ansi"
# Configure SSOwat auth extension # Configure SSOwat auth extension
ssowatdomain=$(</etc/yunohost/current_host) ssowatdomain=$(</etc/yunohost/current_host)
@ -219,19 +199,23 @@ if [[ -n $admin && -n $title ]]; then
ynh_mysql_execute_as_root "$sql_command" $db_name ynh_mysql_execute_as_root "$sql_command" $db_name
# Enable SSOwat auth extension # Enable SSOwat auth extension
# Retrieve current enabled extensions
sql_command="SELECT \`value\` FROM settings WHERE \`key\` = 'extensions_enabled'" sql_command="SELECT \`value\` FROM settings WHERE \`key\` = 'extensions_enabled'"
old_extensions_enabled=$(ynh_mysql_execute_as_root "$sql_command" $db_name | tail -1) old_extensions_enabled=$(ynh_mysql_execute_as_root "$sql_command" $db_name | tail -1)
# Append the extension name at the end of the list
addition=",\"tituspijean-auth-ssowat\"]" addition=",\"tituspijean-auth-ssowat\"]"
new_extensions_enabled=${old_extensions_enabled::-1}$addition new_extensions_enabled=${old_extensions_enabled::-1}$addition
sql_command="UPDATE \`settings\` SET \`value\`='$new_extensions_enabled' WHERE \`key\`='extensions_enabled';" sql_command="UPDATE \`settings\` SET \`value\`='$new_extensions_enabled' WHERE \`key\`='extensions_enabled';"
ynh_mysql_execute_as_root "$sql_command" $db_name ynh_mysql_execute_as_root "$sql_command" $db_name
# Send login credentials to admin
app_message="User : $admin, password : $admin_pwd app_message="User : $admin, password : $admin_pwd
Change your password! Change your password!
Your forum is accessible at https://$domain$path_url" Your forum is accessible at https://$domain$path_url"
>&2 echo $app_message >&2 echo $app_message
ynh_send_readme_to_admin "$app_message" "$admin" ynh_send_readme_to_admin "$app_message" "$admin"
else else
# If admin user and title were not specified, ask admin to perform manual post-installation
app_message="Post-installation required, visit your Flarum instance." app_message="Post-installation required, visit your Flarum instance."
>&2 echo $app_message >&2 echo $app_message
ynh_send_readme_to_admin "$app_message" "$admin" ynh_send_readme_to_admin "$app_message" "$admin"

View file

@ -34,7 +34,6 @@ ynh_mysql_remove_db $db_user $db_name
# Remove the app directory securely # Remove the app directory securely
ynh_secure_remove "$final_path" ynh_secure_remove "$final_path"
ynh_secure_remove "/tmp/$app" ynh_secure_remove "/tmp/$app"
ynh_secure_remove "/opt/${app}_composer"
#================================================= #=================================================
# REMOVE NGINX CONFIGURATION # REMOVE NGINX CONFIGURATION
@ -65,4 +64,3 @@ ynh_remove_logrotate
# Delete a system user # Delete a system user
ynh_system_user_delete $app ynh_system_user_delete $app

View file

@ -1,13 +0,0 @@
baseUrl : "https://YNH_APP_DOMAIN/YNH_WWW_PATH"
databaseConfiguration :
host : "localhost"
database : "YNH_WWW_APP"
username : "YNH_WWW_APP"
password : "YNH_DB_PASS"
adminUser :
username : "YNH_ADMIN_USER"
password : "YNH_ADMIN_PASS"
password_confirmation : "YNH_ADMIN_PASS"
email : "YNH_ADMIN_EMAIL"
settings :
forum_title : "YNH_FORUM_TITLE"