mirror of
https://github.com/YunoHost-Apps/flarum_ynh.git
synced 2024-09-03 18:36:24 +02:00
App user ownership and change composer directory
This commit is contained in:
parent
1444cf4166
commit
4d8aa27cb0
7 changed files with 106 additions and 88 deletions
13
conf/configuration.yml
Normal file
13
conf/configuration.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
baseUrl : "https://__DOMAIN__/__PATH__"
|
||||||
|
databaseConfiguration :
|
||||||
|
host : "localhost"
|
||||||
|
database : "__USER__"
|
||||||
|
username : "__USER__"
|
||||||
|
password : "__DB_PWD__"
|
||||||
|
adminUser :
|
||||||
|
username : "__ADMIN__"
|
||||||
|
password : "__ADMIN_PWD__"
|
||||||
|
password_confirmation : "__ADMIN_PWD__"
|
||||||
|
email : "__ADMIN_EML__"
|
||||||
|
settings :
|
||||||
|
forum_title : "__FORUM_TITLE__"
|
|
@ -6,14 +6,14 @@ location ^~ __PATH__ {
|
||||||
|
|
||||||
alias __FINALPATH__/;
|
alias __FINALPATH__/;
|
||||||
try_files $uri $uri/ /index.php?$query_string;
|
try_files $uri $uri/ /index.php?$query_string;
|
||||||
index YNH_WWW_ROOTPATH/index.php;
|
index __LOCATION_HACK__/index.php;
|
||||||
|
|
||||||
# Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 )
|
# Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 )
|
||||||
location YNH_WWW_ROOTPATH/ { try_files $uri $uri/ YNH_WWW_ROOTAPP/index.php?$query_string; }
|
location __LOCATION_HACK__/ { try_files $uri $uri/ __PATH_HACK__/index.php?$query_string; }
|
||||||
location YNH_WWW_ROOTPATH/api { try_files $uri $uri/ YNH_WWW_ROOTAPP/api.php?$query_string; }
|
location __LOCATION_HACK__/api { try_files $uri $uri/ __PATH_HACK__/api.php?$query_string; }
|
||||||
location YNH_WWW_ROOTPATH/admin { try_files $uri $uri/ YNH_WWW_ROOTAPP/admin.php?$query_string; }
|
location __LOCATION_HACK__/admin { try_files $uri $uri/ __PATH_HACK__/admin.php?$query_string; }
|
||||||
|
|
||||||
location YNH_WWW_ROOTPATH/flarum {
|
location __LOCATION_HACK__/flarum {
|
||||||
deny all;
|
deny all;
|
||||||
return 404;
|
return 404;
|
||||||
}
|
}
|
||||||
|
|
|
@ -43,14 +43,14 @@ listen = /var/run/php5-fpm-__USER__.sock
|
||||||
; BSD-derived systems allow connections regardless of permissions.
|
; BSD-derived systems allow connections regardless of permissions.
|
||||||
; Default Values: user and group are set as the running user
|
; Default Values: user and group are set as the running user
|
||||||
; mode is set to 0666
|
; mode is set to 0666
|
||||||
listen.owner = www-data
|
listen.owner = __USER__
|
||||||
listen.group = www-data
|
listen.group = www-data
|
||||||
listen.mode = 0600
|
listen.mode = 0660
|
||||||
|
|
||||||
; Unix user/group of processes
|
; Unix user/group of processes
|
||||||
; Note: The user is mandatory. If the group is not set, the default user's group
|
; Note: The user is mandatory. If the group is not set, the default user's group
|
||||||
; will be used.
|
; will be used.
|
||||||
user = www-data
|
user = __USER__
|
||||||
group = www-data
|
group = www-data
|
||||||
|
|
||||||
; Choose how the process manager will control the number of child processes.
|
; Choose how the process manager will control the number of child processes.
|
||||||
|
@ -249,4 +249,4 @@ php_value[max_input_time] = 600
|
||||||
;php_value[memory_limit] = 256M
|
;php_value[memory_limit] = 256M
|
||||||
;php_value[short_open_tag] = On
|
;php_value[short_open_tag] = On
|
||||||
|
|
||||||
env[COMPOSER_HOME]= /opt/__USER___composer'
|
env[COMPOSER_HOME]= "__FINALPATH__/.composer"
|
||||||
|
|
|
@ -4,13 +4,49 @@ exec_as() {
|
||||||
local USER=$1
|
local USER=$1
|
||||||
shift 1
|
shift 1
|
||||||
|
|
||||||
if [[ $USER = $(whoami) ]]; then
|
if [[ $USER = $(whoami) ]]
|
||||||
eval "$@"
|
then
|
||||||
|
eval $@
|
||||||
else
|
else
|
||||||
sudo -u "$USER" "$@"
|
sudo -u "$USER" $@
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Execute a composer command from a given directory
|
||||||
|
# usage: composer_exec AS_USER WORKDIR COMMAND [ARG ...]
|
||||||
|
exec_composer() {
|
||||||
|
local AS_USER=$1
|
||||||
|
local WORKDIR=$2
|
||||||
|
shift 2
|
||||||
|
|
||||||
|
# Do not run composer as root
|
||||||
|
if [ $AS_USER = "root" ] ; then ynh_die "Do not run composer as root" ; fi
|
||||||
|
|
||||||
|
exec_as "$AS_USER" COMPOSER_HOME="${WORKDIR}/.composer" \
|
||||||
|
php "${WORKDIR}/composer.phar" $@ \
|
||||||
|
-d "${WORKDIR}" -d memory_limit=-1 --quiet --no-interaction
|
||||||
|
}
|
||||||
|
|
||||||
|
# Install and initialize Composer in the given directory
|
||||||
|
# usage: init_composer destdir
|
||||||
|
init_composer() {
|
||||||
|
local AS_USER=$1
|
||||||
|
local WORKDIR=$2
|
||||||
|
|
||||||
|
# Do not install composer as root
|
||||||
|
if [ $AS_USER = "root" ] ; then ynh_die "Do not install composer as root" ; fi
|
||||||
|
|
||||||
|
# install composer
|
||||||
|
curl -sS https://getcomposer.org/installer \
|
||||||
|
| COMPOSER_HOME="${WORKDIR}/.composer" \
|
||||||
|
php -- --quiet --install-dir="$WORKDIR" \
|
||||||
|
|| ynh_die "Unable to install Composer"
|
||||||
|
|
||||||
|
# update dependencies to create composer.lock
|
||||||
|
#exec_composer "$AS_USER" "$WORKDIR" install --no-dev \
|
||||||
|
# || ynh_die "Unable to update core dependencies with Composer"
|
||||||
|
}
|
||||||
|
|
||||||
# Send an email to inform the administrator
|
# Send an email to inform the administrator
|
||||||
#
|
#
|
||||||
# usage: ynh_send_readme_to_admin app_message [recipients]
|
# usage: ynh_send_readme_to_admin app_message [recipients]
|
||||||
|
|
|
@ -72,43 +72,18 @@ ynh_app_setting_set $app final_path $final_path
|
||||||
# CREATE DEDICATED USER
|
# CREATE DEDICATED USER
|
||||||
#===================================================
|
#===================================================
|
||||||
|
|
||||||
ynh_system_user_create $app "$final_path"
|
ynh_system_user_create $app $final_path
|
||||||
sudo usermod -a -G www-data $app
|
sudo usermod -a -G www-data $app
|
||||||
|
# Create working directory
|
||||||
|
sudo mkdir -p "$final_path/.composer"
|
||||||
|
sudo chown -R $app:www-data $final_path
|
||||||
|
sudo chmod -R 0775 $final_path
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# COMPOSER INSTALLATION
|
# COMPOSER INSTALLATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
composer_path=/opt/${app}_composer
|
init_composer $app $final_path
|
||||||
# Test if composer is installed
|
|
||||||
if ! type "${composer_path}/composer" > /dev/null; then
|
|
||||||
|
|
||||||
# Prepare composer directories
|
|
||||||
sudo mkdir -p $composer_path
|
|
||||||
sudo mkdir -p $composer_path/cache
|
|
||||||
sudo chown -R $app:www-data $composer_path
|
|
||||||
sudo chmod -R 0775 $composer_path
|
|
||||||
|
|
||||||
# Install composer (https://getcomposer.org)
|
|
||||||
EXPECTED_SIGNATURE=$(wget https://composer.github.io/installer.sig -O - -q)
|
|
||||||
php -r "copy('https://getcomposer.org/installer', '$composer_path/composer-setup.php');"
|
|
||||||
ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', '$composer_path/composer-setup.php');")
|
|
||||||
if [ "$EXPECTED_SIGNATURE" = "$ACTUAL_SIGNATURE" ]
|
|
||||||
then
|
|
||||||
sudo su - $app -s /bin/bash -c "php $composer_path/composer-setup.php --install-dir=$composer_path --filename=composer --quiet"
|
|
||||||
RESULT=$?
|
|
||||||
else
|
|
||||||
>&2 echo 'ERROR: Invalid Composer installer signature'
|
|
||||||
RESULT=1
|
|
||||||
fi
|
|
||||||
if [ $RESULT != 0 ]
|
|
||||||
then
|
|
||||||
ynh_die 'Composer could not be installed'
|
|
||||||
fi
|
|
||||||
|
|
||||||
fi
|
|
||||||
|
|
||||||
COMPOSER_HOME=$composer_path
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# FLARUM INSTALLATION
|
# FLARUM INSTALLATION
|
||||||
|
@ -121,12 +96,13 @@ sudo chown -R $app:www-data $tmp
|
||||||
sudo chmod -R 0775 $tmp
|
sudo chmod -R 0775 $tmp
|
||||||
|
|
||||||
# Install Flarum
|
# Install Flarum
|
||||||
sudo su - $app -s /bin/bash -c "php -d memory_limit=-1 $composer_path/composer create-project flarum/flarum $tmp $flarum_version --stability=beta --ansi"
|
exec_composer $app $final_path "create-project flarum/flarum $tmp $flarum_version --stability=beta --ansi"
|
||||||
|
|
||||||
|
# Copy Flarum to working directory and clean temp directory
|
||||||
sudo cp -Rf $tmp/* $final_path
|
sudo cp -Rf $tmp/* $final_path
|
||||||
sudo chown -R $app:www-data $final_path
|
sudo chown -R $app:www-data $final_path
|
||||||
sudo chmod 0775 -R $final_path
|
sudo chmod -R 0775 $final_path
|
||||||
ynh_secure_remove "$tmp"
|
ynh_secure_remove $tmp
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE A MYSQL DATABASE
|
# CREATE A MYSQL DATABASE
|
||||||
|
@ -143,11 +119,11 @@ ynh_app_setting_set "$app" db_pwd "$db_pwd"
|
||||||
|
|
||||||
# Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 )
|
# Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 )
|
||||||
if [ $path_url = "/" ]; then
|
if [ $path_url = "/" ]; then
|
||||||
sed -i "s@YNH_WWW_ROOTPATH@@g" ../conf/nginx.conf
|
sed -i "s@__LOCATION_HACK__@@g" ../conf/nginx.conf
|
||||||
sed -i "s@YNH_WWW_ROOTAPP@/@g" ../conf/nginx.conf
|
sed -i "s@__PATH_HACK__@/@g" ../conf/nginx.conf
|
||||||
else
|
else
|
||||||
sed -i "s@YNH_WWW_ROOTPATH@$path_url@g" ../conf/nginx.conf
|
sed -i "s@__LOCATION_HACK__@$path_url@g" ../conf/nginx.conf
|
||||||
sed -i "s@YNH_WWW_ROOTAPP@$path_url$path_url@g" ../conf/nginx.conf
|
sed -i "s@__PATH_HACK__@$path_url$path_url@g" ../conf/nginx.conf
|
||||||
fi
|
fi
|
||||||
# Create a dedicated nginx config
|
# Create a dedicated nginx config
|
||||||
ynh_add_nginx_config
|
ynh_add_nginx_config
|
||||||
|
@ -191,27 +167,31 @@ systemctl reload nginx
|
||||||
# FLARUM POST-INSTALL
|
# FLARUM POST-INSTALL
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Only if admin user or title were specified
|
|
||||||
if [[ -n $admin && -n $title ]]; then
|
if [[ -n $admin && -n $title ]]; then
|
||||||
|
# If admin user and title were specified, start post-installation
|
||||||
|
# Copy the configuration.yml to working directory
|
||||||
finalflarumconf="$final_path/configuration.yml"
|
finalflarumconf="$final_path/configuration.yml"
|
||||||
cp ../sources/configuration.yml $finalflarumconf
|
cp ../conf/configuration.yml $finalflarumconf
|
||||||
|
# Generate admin password and retrieve their email address
|
||||||
admin_pwd=$(ynh_string_random 8)
|
admin_pwd=$(ynh_string_random 8)
|
||||||
sed -i "s@YNH_APP_DOMAIN@$domain@g" $finalflarumconf
|
|
||||||
sed -i "s@/YNH_WWW_PATH@$path_url@g" $finalflarumconf
|
|
||||||
sed -i "s@YNH_WWW_APP@$app@g" $finalflarumconf
|
|
||||||
sed -i "s@YNH_DB_PASS@$db_pwd@g" $finalflarumconf
|
|
||||||
sed -i "s@YNH_ADMIN_USER@$admin@g" $finalflarumconf
|
|
||||||
sed -i "s@YNH_ADMIN_PASS@$admin_pwd@g" $finalflarumconf
|
|
||||||
admin_mail=$(ynh_user_get_info $admin mail)
|
admin_mail=$(ynh_user_get_info $admin mail)
|
||||||
sed -i "s%YNH_ADMIN_EMAIL%$admin_mail%g" $finalflarumconf
|
# Populate configuration.yml
|
||||||
sed -i "s@YNH_FORUM_TITLE@$title@g" $finalflarumconf
|
sed -i "s@__DOMAIN__@$domain@g" $finalflarumconf
|
||||||
cd "$final_path"
|
sed -i "s@/__PATH__@$path_url@g" $finalflarumconf
|
||||||
exec_as www-data \
|
sed -i "s@__USER__@$app@g" $finalflarumconf
|
||||||
php -d memory_limit=-1 flarum install -f configuration.yml
|
sed -i "s@__DB_PWD__@$db_pwd@g" $finalflarumconf
|
||||||
|
sed -i "s@__ADMIN__@$admin@g" $finalflarumconf
|
||||||
|
sed -i "s@__ADMIN_PWD__@$admin_pwd@g" $finalflarumconf
|
||||||
|
sed -i "s%__ADMIN_EML__%$admin_mail%g" $finalflarumconf
|
||||||
|
sed -i "s@__FORUM_TITLE__@$title@g" $finalflarumconf
|
||||||
|
# Execute post-installation
|
||||||
|
cd $final_path
|
||||||
|
exec_as $app "php -d memory_limit=-1 flarum install -f configuration.yml"
|
||||||
|
# Delete configuration.yml as it sensitive data
|
||||||
ynh_secure_remove $finalflarumconf
|
ynh_secure_remove $finalflarumconf
|
||||||
|
|
||||||
# Install the SSOwat auth extension
|
# Install the SSOwat auth extension
|
||||||
sudo su - www-data -s /bin/bash -c "cd $final_path && $composer_path/composer require 'tituspijean/flarum-ext-auth-ssowat:*@dev' --ansi"
|
exec_composer $app $final_path "require tituspijean/flarum-ext-auth-ssowat:*@dev --ansi"
|
||||||
|
|
||||||
# Configure SSOwat auth extension
|
# Configure SSOwat auth extension
|
||||||
ssowatdomain=$(</etc/yunohost/current_host)
|
ssowatdomain=$(</etc/yunohost/current_host)
|
||||||
|
@ -219,19 +199,23 @@ if [[ -n $admin && -n $title ]]; then
|
||||||
ynh_mysql_execute_as_root "$sql_command" $db_name
|
ynh_mysql_execute_as_root "$sql_command" $db_name
|
||||||
|
|
||||||
# Enable SSOwat auth extension
|
# Enable SSOwat auth extension
|
||||||
|
# Retrieve current enabled extensions
|
||||||
sql_command="SELECT \`value\` FROM settings WHERE \`key\` = 'extensions_enabled'"
|
sql_command="SELECT \`value\` FROM settings WHERE \`key\` = 'extensions_enabled'"
|
||||||
old_extensions_enabled=$(ynh_mysql_execute_as_root "$sql_command" $db_name | tail -1)
|
old_extensions_enabled=$(ynh_mysql_execute_as_root "$sql_command" $db_name | tail -1)
|
||||||
|
# Append the extension name at the end of the list
|
||||||
addition=",\"tituspijean-auth-ssowat\"]"
|
addition=",\"tituspijean-auth-ssowat\"]"
|
||||||
new_extensions_enabled=${old_extensions_enabled::-1}$addition
|
new_extensions_enabled=${old_extensions_enabled::-1}$addition
|
||||||
sql_command="UPDATE \`settings\` SET \`value\`='$new_extensions_enabled' WHERE \`key\`='extensions_enabled';"
|
sql_command="UPDATE \`settings\` SET \`value\`='$new_extensions_enabled' WHERE \`key\`='extensions_enabled';"
|
||||||
ynh_mysql_execute_as_root "$sql_command" $db_name
|
ynh_mysql_execute_as_root "$sql_command" $db_name
|
||||||
|
|
||||||
|
# Send login credentials to admin
|
||||||
app_message="User : $admin, password : $admin_pwd
|
app_message="User : $admin, password : $admin_pwd
|
||||||
Change your password!
|
Change your password!
|
||||||
Your forum is accessible at https://$domain$path_url"
|
Your forum is accessible at https://$domain$path_url"
|
||||||
>&2 echo $app_message
|
>&2 echo $app_message
|
||||||
ynh_send_readme_to_admin "$app_message" "$admin"
|
ynh_send_readme_to_admin "$app_message" "$admin"
|
||||||
else
|
else
|
||||||
|
# If admin user and title were not specified, ask admin to perform manual post-installation
|
||||||
app_message="Post-installation required, visit your Flarum instance."
|
app_message="Post-installation required, visit your Flarum instance."
|
||||||
>&2 echo $app_message
|
>&2 echo $app_message
|
||||||
ynh_send_readme_to_admin "$app_message" "$admin"
|
ynh_send_readme_to_admin "$app_message" "$admin"
|
||||||
|
|
|
@ -34,7 +34,6 @@ ynh_mysql_remove_db $db_user $db_name
|
||||||
# Remove the app directory securely
|
# Remove the app directory securely
|
||||||
ynh_secure_remove "$final_path"
|
ynh_secure_remove "$final_path"
|
||||||
ynh_secure_remove "/tmp/$app"
|
ynh_secure_remove "/tmp/$app"
|
||||||
ynh_secure_remove "/opt/${app}_composer"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE NGINX CONFIGURATION
|
# REMOVE NGINX CONFIGURATION
|
||||||
|
@ -65,4 +64,3 @@ ynh_remove_logrotate
|
||||||
|
|
||||||
# Delete a system user
|
# Delete a system user
|
||||||
ynh_system_user_delete $app
|
ynh_system_user_delete $app
|
||||||
|
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
baseUrl : "https://YNH_APP_DOMAIN/YNH_WWW_PATH"
|
|
||||||
databaseConfiguration :
|
|
||||||
host : "localhost"
|
|
||||||
database : "YNH_WWW_APP"
|
|
||||||
username : "YNH_WWW_APP"
|
|
||||||
password : "YNH_DB_PASS"
|
|
||||||
adminUser :
|
|
||||||
username : "YNH_ADMIN_USER"
|
|
||||||
password : "YNH_ADMIN_PASS"
|
|
||||||
password_confirmation : "YNH_ADMIN_PASS"
|
|
||||||
email : "YNH_ADMIN_EMAIL"
|
|
||||||
settings :
|
|
||||||
forum_title : "YNH_FORUM_TITLE"
|
|
Loading…
Reference in a new issue