diff --git a/scripts/_common.sh b/scripts/_common.sh index e115cb4..dad63d9 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -7,26 +7,26 @@ function set_forgejo_login_source() { ynh_print_info --message="Creating forgejo login source" pushd "$install_dir" - ynh_exec_as $app ./forgejo admin auth add-ldap-simple --security-protocol "Unencrypted" --name "YunoHost LDAP" --host "localhost" --port "389" --skip-tls-verify --user-search-base "ou=users,dc=yunohost,dc=org" --user-dn "uid=%s,ou=Users,dc=yunohost,dc=org" --user-filter "(&(objectclass=posixAccount)(uid=%s)(permission=cn=$app.main,ou=permission,dc=yunohost,dc=org))" --admin-filter "(permission=cn=forgejo.admin,ou=permission,dc=yunohost,dc=org)" --username-attribute "uid" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" + ynh_exec_as "$app" ./forgejo admin auth add-ldap-simple --security-protocol "Unencrypted" --name "YunoHost LDAP" --host "localhost" --port "389" --skip-tls-verify --user-search-base "ou=users,dc=yunohost,dc=org" --user-dn "uid=%s,ou=Users,dc=yunohost,dc=org" --user-filter "(&(objectclass=posixAccount)(uid=%s)(permission=cn=$app.main,ou=permission,dc=yunohost,dc=org))" --admin-filter "(permission=cn=forgejo.admin,ou=permission,dc=yunohost,dc=org)" --username-attribute "uid" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" popd } function enable_login_source_sync() { ynh_print_info --message="Set forgejo login source as synchronizable" # Enable login source synchronisation manualy because forgejo command does not allow it (https://codeberg.org/forgejo/forgejo/issues/952) - ynh_psql_execute_as_root --database $db_name --sql "update login_source set is_sync_enabled = true where type = 5 and name = 'YunoHost LDAP'" + ynh_psql_execute_as_root --database "$db_name" --sql "update login_source set is_sync_enabled = true where type = 5 and name = 'YunoHost LDAP'" } function create_forgejo_api_user() { ynh_print_info --message="Creating forgejo api user" forgejo_api_user=yunohost_api forgejo_api_pwd=$(ynh_string_random --length=24) - ynh_app_setting_set --app=$app --key=forgejo_api_user --value=$forgejo_api_user - ynh_app_setting_set --app=$app --key=forgejo_api_pwd --value=$forgejo_api_pwd + ynh_app_setting_set --app="$app" --key=forgejo_api_user --value="$forgejo_api_user" + ynh_app_setting_set --app="$app" --key=forgejo_api_pwd --value="$forgejo_api_pwd" pushd "$install_dir" - ynh_exec_as $app ./forgejo admin user create --username $forgejo_api_user --password $forgejo_api_pwd --email admin@${domain} --admin --must-change-password=false - forgejo_api_token=$(ynh_exec_as $app ./forgejo admin user generate-access-token --username $forgejo_api_user --token-name "admin" --scopes "write:admin" --raw | tail -1) - ynh_app_setting_set --app=$app --key=forgejo_api_token --value=$forgejo_api_token + ynh_exec_as "$app" ./forgejo admin user create --username "$forgejo_api_user" --password "$forgejo_api_pwd" --email "admin@${domain}" --admin --must-change-password=false + forgejo_api_token=$(ynh_exec_as "$app" ./forgejo admin user generate-access-token --username "$forgejo_api_user" --token-name "admin" --scopes "write:admin" --raw | tail -1) + ynh_app_setting_set --app="$app" --key=forgejo_api_token --value="$forgejo_api_token" popd } @@ -35,18 +35,18 @@ function set_users_login_source() { for username in $(ynh_user_list); do ynh_print_info --message="Updating forgejo user login type for ${username}" - ynh_psql_execute_as_root --database $db_name --sql "update public.user set login_source = (select id from login_source where name = 'YunoHost LDAP' and type = 5), login_name = name, login_type = 5 where name = '${username}'" + ynh_psql_execute_as_root --database "$db_name" --sql "update public.user set login_source = (select id from login_source where name = 'YunoHost LDAP' and type = 5), login_name = name, login_type = 5 where name = '${username}'" done } function synchronize_users() { ynh_print_info --message="Synchronizing forgejo users" # Fetch the token independently such that it's redacted by Yunohost logging mechanism - forgejo_api_token=$(ynh_app_setting_get --app=$app --key=forgejo_api_token) + forgejo_api_token=$(ynh_app_setting_get --app="$app" --key=forgejo_api_token) # Remove trailing slash from path local no_trailing_slash_path=${path%/} # User synchronization must be launched using API : no cli exists for this purpose (https://codeberg.org/forgejo/forgejo/issues/953) - curl --url https://${domain}${no_trailing_slash_path}/api/v1/admin/cron/sync_external_users -X POST -H "Authorization: token $forgejo_api_token" -kfsS + curl --url "https://${domain}${no_trailing_slash_path}/api/v1/admin/cron/sync_external_users" -X POST -H "Authorization: token $forgejo_api_token" -kfsS } diff --git a/scripts/change_url b/scripts/change_url index b834b48..7f6e399 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=2 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/forgejo.log" +ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/forgejo.log" #================================================= # MODIFY URL IN NGINX CONF @@ -34,7 +34,7 @@ ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") ynh_exec_warn_less ynh_add_config --template="../conf/app.ini" --destination="$install_dir/custom/conf/app.ini" chmod 640 "$install_dir/custom/conf/app.ini" -chown $app:$app "$install_dir/custom/conf/app.ini" +chown "$app:$app" "$install_dir/custom/conf/app.ini" #================================================= # GENERIC FINALISATION @@ -43,7 +43,7 @@ chown $app:$app "$install_dir/custom/conf/app.ini" #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=2 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 4441ee9..871236e 100644 --- a/scripts/install +++ b/scripts/install @@ -20,20 +20,20 @@ chmod +x "$install_dir/forgejo" mkdir -p "$install_dir/custom/conf" chmod -R o-rwx "$install_dir/custom" -chown -R $app:$app "$install_dir/custom" +chown -R "$app:$app" "$install_dir/custom" #================================================= # KEYS GENERATION #================================================= -secret_key=$($install_dir/forgejo generate secret SECRET_KEY) -lfs_jwt_secret=$($install_dir/forgejo generate secret JWT_SECRET) -internal_token=$($install_dir/forgejo generate secret INTERNAL_TOKEN) -oauth2_jwt_secret=$($install_dir/forgejo generate secret JWT_SECRET) -ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key -ynh_app_setting_set --app=$app --key=lfs_jwt_secret --value=$lfs_jwt_secret -ynh_app_setting_set --app=$app --key=internal_token --value=$internal_token -ynh_app_setting_set --app=$app --key=oauth2_jwt_secret --value=$oauth2_jwt_secret +secret_key=$("$install_dir/forgejo" generate secret SECRET_KEY) +lfs_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) +internal_token=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN) +oauth2_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) +ynh_app_setting_set --app="$app" --key=secret_key --value="$secret_key" +ynh_app_setting_set --app="$app" --key=lfs_jwt_secret --value="$lfs_jwt_secret" +ynh_app_setting_set --app="$app" --key=internal_token --value="$internal_token" +ynh_app_setting_set --app="$app" --key=oauth2_jwt_secret --value="$oauth2_jwt_secret" #================================================= # ADD A CONFIGURATION @@ -44,7 +44,7 @@ ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini" chmod 640 "$install_dir/custom/conf/app.ini" -chown $app:$app "$install_dir/custom/conf/app.ini" +chown "$app:$app" "$install_dir/custom/conf/app.ini" #================================================= # SETUP SYSTEMD @@ -70,7 +70,7 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate --logfile "/var/log/$app" --nonappend -chown -R $app:$app "/var/log/$app" +chown -R "$app:$app" "/var/log/$app" chmod u=rwX,g=rX,o= "/var/log/$app" #================================================= @@ -78,7 +78,7 @@ chmod u=rwX,g=rX,o= "/var/log/$app" #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Forgejo" --log="/var/log/$app/forgejo.log" +yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log" #================================================= # START SYSTEMD SERVICE @@ -86,7 +86,7 @@ yunohost service add $app --description="Forgejo" --log="/var/log/$app/forgejo.l ynh_script_progression --message="Starting a systemd service..." --weight=3 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" #================================================= # SETUP FAIL2BAN diff --git a/scripts/remove b/scripts/remove index 1f56823..0686a3c 100644 --- a/scripts/remove +++ b/scripts/remove @@ -16,10 +16,10 @@ source /usr/share/yunohost/helpers #================================================= # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null +if ynh_exec_warn_less yunohost service status "$app" >/dev/null then ynh_script_progression --message="Removing $app service integration..." --weight=1 - yunohost service remove $app + yunohost service remove "$app" fi # Remove the dedicated systemd config diff --git a/scripts/restore b/scripts/restore index a79ec3b..f2ee8f0 100644 --- a/scripts/restore +++ b/scripts/restore @@ -26,20 +26,20 @@ ynh_script_progression --message="Restoring $app main directory..." --weight=10 ynh_restore_file --origin_path="$install_dir" chmod -R o-rwx "$install_dir" -chown -R $app:$app "$install_dir" +chown -R "$app:$app" "$install_dir" #================================================= # RESTORE THE DATA DIRECTORY #================================================= ynh_script_progression --message="Restoring the data directory..." --weight=1 ynh_restore_file --origin_path="$data_dir" --not_mandatory -chown -R $app:$app "$data_dir" +chown -R "$app:$app" "$data_dir" #================================================= # RESTORE THE LOG DIRECTORY #================================================= ynh_restore_file --origin_path="/var/log/$app" -chown -R $app:$app "/var/log/$app" +chown -R "$app:$app" "/var/log/$app" chmod u=rwX,g=rX,o= "/var/log/$app" #================================================= @@ -56,7 +56,7 @@ ynh_systemd_action --action=restart --service_name=fail2ban #================================================= ynh_script_progression --message="Restoring the database..." --weight=6 -ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name +ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" #================================================= # RESTORE SYSTEMD @@ -64,7 +64,7 @@ ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name ynh_script_progression --message="Restoring the systemd configuration..." --weight=5 ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable $app.service --quiet +systemctl enable "$app.service" --quiet #================================================= # RESTORE THE LOGROTATE CONFIGURATION @@ -78,14 +78,14 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Forgejo" --log="/var/log/$app/forgejo.log" +yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=3 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index a4490af..f75b289 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,7 +21,7 @@ upgrade_type=$(ynh_check_app_version_changed) # STOP SYSTEMD SERVICE #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=2 -ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" +ynh_systemd_action --service_name="$app" --action="stop" --log_path="systemd" #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -30,18 +30,18 @@ ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # Update forgejo login source (1.19.3-0~ynh2) pushd "$install_dir" - old_login_source_id=$(ynh_exec_as $app ./forgejo admin auth list | grep "YunoHost LDAP" | grep "via BindDN" | cut -f 1) - if [ ! -z $old_login_source_id ]; then + old_login_source_id=$(ynh_exec_as "$app" ./forgejo admin auth list | grep "YunoHost LDAP" | grep "via BindDN" | cut -f 1) + if [ -n "$old_login_source_id" ]; then ynh_print_info --message="Delete obsolete forgejo login source (LDAP via BindDN)" # Ensure no user have this obsolete login source - ynh_psql_execute_as_root --database $db_name --sql "update public.user set login_source = 0, login_type = 0 where login_source = ${old_login_source_id}" + ynh_psql_execute_as_root --database "$db_name" --sql "update public.user set login_source = 0, login_type = 0 where login_source = ${old_login_source_id}" # Delete old login source - ynh_exec_as $app ./forgejo admin auth delete --id $old_login_source_id + ynh_exec_as "$app" ./forgejo admin auth delete --id "$old_login_source_id" fi - ynh_exec_as $app ./forgejo admin auth list | grep "YunoHost LDAP" | grep -q "LDAP (simple auth)" || + ynh_exec_as "$app" ./forgejo admin auth list | grep "YunoHost LDAP" | grep -q "LDAP (simple auth)" || # create new login source if not existing set_forgejo_login_source popd @@ -53,31 +53,31 @@ enable_login_source_sync # .ssh directory should move from old home dir (data_dir) to new one # (/var/www/$app is the default value for home in resources.system_user) if [ -d "$data_dir/.ssh" ]; then - mv "$data_dir/.ssh" /var/www/$app + mv "$data_dir/.ssh" "/var/www/$app" fi # If secret_key doesn't exist, create it -if [ -z ${secret_key:-} ]; then - secret_key=$($install_dir/forgejo generate secret SECRET_KEY) - ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key +if [ -z "${secret_key:-}" ]; then + secret_key=$("$install_dir/forgejo" generate secret SECRET_KEY) + ynh_app_setting_set --app="$app" --key=secret_key --value="$secret_key" fi # If lfs_jwt_secret doesn't exist, create it -if [ -z ${lfs_jwt_secret:-} ]; then - lfs_jwt_secret=$($install_dir/forgejo generate secret JWT_SECRET) - ynh_app_setting_set --app=$app --key=lfs_jwt_secret --value=$lfs_jwt_secret +if [ -z "${lfs_jwt_secret:-}" ]; then + lfs_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) + ynh_app_setting_set --app="$app" --key=lfs_jwt_secret --value="$lfs_jwt_secret" fi # If internal_token doesn't exist, create it -if [ -z ${internal_token:-} ]; then - internal_token=$($install_dir/forgejo generate secret INTERNAL_TOKEN) - ynh_app_setting_set --app=$app --key=internal_token --value=$internal_token +if [ -z "${internal_token:-}" ]; then + internal_token=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN) + ynh_app_setting_set --app="$app" --key=internal_token --value="$internal_token" fi # If oauth2_jwt_secret doesn't exist, create it -if [ -z ${oauth2_jwt_secret:-} ]; then - oauth2_jwt_secret=$($install_dir/forgejo generate secret JWT_SECRET) - ynh_app_setting_set --app=$app --key=oauth2_jwt_secret --value=$oauth2_jwt_secret +if [ -z "${oauth2_jwt_secret:-}" ]; then + oauth2_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) + ynh_app_setting_set --app="$app" --key=oauth2_jwt_secret --value="$oauth2_jwt_secret" fi #================================================= @@ -85,11 +85,11 @@ fi #================================================= ynh_script_progression --message="Setting up source files..." --weight=3 -ynh_setup_source --dest_dir=$install_dir --full_replace=1 --keep="custom .ssh" +ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="custom .ssh" xz -f -d "$install_dir/forgejo.xz" chmod -R o-rwx "$install_dir" -chown -R $app:$app "$install_dir" +chown -R "$app:$app" "$install_dir" chmod +x "$install_dir/forgejo" #================================================= @@ -101,7 +101,7 @@ ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini" chmod 640 "$install_dir/custom/conf/app.ini" -chown $app:$app "$install_dir/custom/conf/app.ini" +chown "$app:$app" "$install_dir/custom/conf/app.ini" #================================================= # SETUP SYSTEMD @@ -127,7 +127,7 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate --logfile "/var/log/$app" --nonappend -chown -R $app:$app "/var/log/$app" +chown -R "$app:$app" "/var/log/$app" chmod u=rwX,g=rX,o= "/var/log/$app" #================================================= @@ -135,7 +135,7 @@ chmod u=rwX,g=rX,o= "/var/log/$app" #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Forgejo" --log="/var/log/$app/forgejo.log" +yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log" #================================================= # START SYSTEMD SERVICE @@ -143,13 +143,13 @@ yunohost service add $app --description="Forgejo" --log="/var/log/$app/forgejo.l ynh_script_progression --message="Starting a systemd service..." --weight=3 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" #================================================= # Synchronize users (backward compatibility 1.19.3-0~ynh3) #================================================= -if [ -z ${forgejo_api_user:-} ]; then +if [ -z "${forgejo_api_user:-}" ]; then create_forgejo_api_user fi