From e04358312053af5234f750d46c60bd9b4563c4dc Mon Sep 17 00:00:00 2001 From: Chris Vogel Date: Mon, 17 Jun 2024 22:12:10 +0200 Subject: [PATCH 1/5] pipefail https://codeberg.org/flohmarkt/flohmarkt_ynh/issues/48 --- conf/systemd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index 697a162..60b7f43 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -8,7 +8,7 @@ User=__APP__ Group=__APP__ WorkingDirectory=__FLOHMARKT_APP_DIR__ Environment="VENV_DIR=__FLOHMARKT_VENV_DIR__" -ExecStart=/bin/bash -c "__FLOHMARKT_VENV_DIR__/bin/uvicorn --factory --host 127.0.0.1 --port __PORT__ flohmarkt.web:start 2>&1 | /usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%S'" +ExecStart=/bin/bash -c "set -o pipefail; __FLOHMARKT_VENV_DIR__/bin/uvicorn --factory --host 127.0.0.1 --port __PORT__ flohmarkt.web:start 2>&1 | /usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%S'" Restart=on-failure RestartSec=5s # nicer logfile naming https://codeberg.org/flohmarkt/flohmarkt_ynh/issues/38 From 8a3f8ddecbe15526570c54f6aaa62bdec40bcb47 Mon Sep 17 00:00:00 2001 From: Chris Vogel Date: Tue, 18 Jun 2024 09:53:14 +0200 Subject: [PATCH 2/5] cleaning, correct setting of permissions --- config_panel.toml | 7 ------- scripts/_common.sh | 16 +++++++++------- scripts/upgrade | 4 ---- 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/config_panel.toml b/config_panel.toml index fcd2243..7b4718b 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -24,10 +24,3 @@ version = "1.0" help.en = "open this url to finish your flohmarkt setup" help.de = "öffne die URL um flohmarkt fertig zu konfigurieren" -#[flohmarkt_setup] -# name = "setup" -# [flohmarkt_setup.flohmarkt_initial_setup_url] -# name = "initial setup url" -# type = "string" -# ask = "open this url to initially setup flohmarkt" -# help = "you can't change this value" diff --git a/scripts/_common.sh b/scripts/_common.sh index 75d9e77..fa64246 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -570,9 +570,11 @@ flohmarkt_ynh_create_symlinks() { # set file permissions and owner for installation flohmarkt_ynh_set_permission() { - # install dir - only root needs to write and $app reads - chown root:$app -R "$flohmarkt_install" - chmod g-w,o-rwx -R "$flohmarkt_install" + # venv and app - only root needs to write and $app reads + chown root:$app -R "$flohmarkt_venv_dir" + chmod g-w,o-rwx -R "$flohmarkt_venv_dir" + chown root:$app -R "$flohmarkt_app_dir" + chmod g-w,o-rwx -R "$flohmarkt_app_dir" } # start flohmarkt service @@ -759,8 +761,8 @@ flohmarkt_ynh_venv_requirements() { } flohmarkt_ynh_urlwatch_cron() { - mkdir -m 770 -p "${flohmarkt_install}/urlwatch" - chown root:${app} "${flohmarkt_install}/urlwatch" + mkdir -m 750 -p "${flohmarkt_install}/urlwatch" + chown ${app}:root "${flohmarkt_install}/urlwatch" ynh_add_config --template="../conf/urlwatch_config.yaml" \ --destination="${flohmarkt_install}/urlwatch/config.yaml" ynh_add_config --template="../conf/urlwatch_urls.yaml" \ @@ -771,9 +773,9 @@ flohmarkt_ynh_urlwatch_cron() { chmod 755 "/etc/cron.hourly/${flohmarkt_filename}" # run it once to initialize sudo -u ${app} urlwatch \ - --config /var/www/${app}/urlwatch/config.yaml \ + --config=/var/www/${app}/urlwatch/config.yaml \ --urls=/var/www/${app}/urlwatch/urls.yaml \ - --cache /var/www/${app}/urlwatch/cache.file + --cache=/var/www/${app}/urlwatch/cache.file } flohmarkt_initialized() { diff --git a/scripts/upgrade b/scripts/upgrade index 87537d7..d89db1b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,10 +9,6 @@ source /usr/share/yunohost/helpers # UPGRADE_SAME upgrade_type=$(ynh_check_app_version_changed) -# show variables - used from installed or from to be upgraded version? -# variables of the new upgrade version are used -# env - ynh_script_progression --message="Stopping flohmarkt and CouchDB..." --weight=5 # stop flohmarkt flohmarkt_ynh_stop_service From 8dd0ce4e0356e77b1ef6d6b0b50d5a92d1a1b0db Mon Sep 17 00:00:00 2001 From: Chris Vogel Date: Tue, 18 Jun 2024 10:53:33 +0200 Subject: [PATCH 3/5] make CI happy ...and probably some users with weird email addresses or setups --- scripts/_common.sh | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index fa64246..9354d63 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -771,11 +771,17 @@ flohmarkt_ynh_urlwatch_cron() { --destination="/etc/cron.hourly/${flohmarkt_filename}" chown root:root "/etc/cron.hourly/${flohmarkt_filename}" chmod 755 "/etc/cron.hourly/${flohmarkt_filename}" - # run it once to initialize - sudo -u ${app} urlwatch \ - --config=/var/www/${app}/urlwatch/config.yaml \ - --urls=/var/www/${app}/urlwatch/urls.yaml \ - --cache=/var/www/${app}/urlwatch/cache.file + # run urlwatch once to initialize if cache file does not exist, + # but if sending email fails (like on CI) just warn + local urlwatch_error + if ! [[ -s /var/www/${app}/urlwatch/cache.file ]] && + ! ynh_exec_warn sudo -u ${app} urlwatch \ + --config=/var/www/${app}/urlwatch/config.yaml \ + --urls=/var/www/${app}/urlwatch/urls.yaml \ + --cache=/var/www/${app}/urlwatch/cache.file + then + ynh_print_warn --message="initial call to urlwatch failed" + fi } flohmarkt_initialized() { From 83d943a64a378185d738c5fa0859311075c398d2 Mon Sep 17 00:00:00 2001 From: Chris Vogel Date: Tue, 18 Jun 2024 11:01:20 +0200 Subject: [PATCH 4/5] updated PRE_INSTALL.md --- doc/PRE_INSTALL.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md index 5f845b7..5adbd81 100644 --- a/doc/PRE_INSTALL.md +++ b/doc/PRE_INSTALL.md @@ -13,6 +13,8 @@ flohmarkt will send email and you'll be asked for an address used as the sender This [issue](https://codeberg.org/flohmarkt/flohmarkt_ynh/issues/50) contains information about the problem. +There's a [pull request to yunohost](https://github.com/YunoHost/yunohost/pull/1843) open that should solve the problem. + ## multiple flohmarkt on the same subdomain will not work flohmarkt **needs its own subdomain** to be installed on. Some of the discussion about this can be found here: @@ -28,12 +30,6 @@ https://codeberg.org/ChriChri/flohmarkt_ynh/issues/5 . ## removing -Removing a flohmarkt instance will **delete all of its data** for the time being. If you remove a flohmarkt **we strongly suggest to make a backup** beforehand. This [issue](https://codeberg.org/flohmarkt/flohmarkt_ynh/issues/29) describes how we'll handle `remove` with and without `--purge` in the future. - -**Warning:** This might break any existing installation of couchdb (there's an couchdb app to install just couchdb and expose its port via nginx reverse-proxy and possibly other software installing a couchdb). This could happen if you installed the couchdb app after you installed flohmarkt. - -https://codeberg.org/flohmarkt/flohmarkt_ynh/src/commit/7721103bac61787f31a4b2f2ae695c65d4f26fc9/scripts/remove#L44 - When installing flohmarkt on a a domain and letting it talk to other ActivityPub instances it will propagate a key associated to your domain. If you remove your flohmarkt from that domain and loose that key other instances might not want to talk to you anymore after you installed flohmarkt again on the same domain generating a new key. ## list of instances From 0f148b3fef5120927a5a7830a0e8090a92fb02dd Mon Sep 17 00:00:00 2001 From: Chris Vogel Date: Tue, 18 Jun 2024 12:05:29 +0200 Subject: [PATCH 5/5] CI not happy, yet ...and better not show the output from urlwatch, because it could contain passwords. --- scripts/_common.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 9354d63..0ef0c1e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -772,10 +772,10 @@ flohmarkt_ynh_urlwatch_cron() { chown root:root "/etc/cron.hourly/${flohmarkt_filename}" chmod 755 "/etc/cron.hourly/${flohmarkt_filename}" # run urlwatch once to initialize if cache file does not exist, - # but if sending email fails (like on CI) just warn - local urlwatch_error + # but if sending email fails (like on CI) just warn. We do not want + # to show the output that might contain passwords if ! [[ -s /var/www/${app}/urlwatch/cache.file ]] && - ! ynh_exec_warn sudo -u ${app} urlwatch \ + ! ynh_exec_fully_quiet sudo -u ${app} urlwatch \ --config=/var/www/${app}/urlwatch/config.yaml \ --urls=/var/www/${app}/urlwatch/urls.yaml \ --cache=/var/www/${app}/urlwatch/cache.file