From 5103261a790ec1f7b9102a4518e3358279a6a433 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Fri, 30 Aug 2024 22:55:34 +0200 Subject: [PATCH] [autopatch] Automatic patch attempt for helpers 2.1 --- manifest.toml | 3 +- scripts/_common.sh | 28 +++++++-------- scripts/backup | 33 +++++++----------- scripts/change_url | 28 +++++---------- scripts/install | 44 ++++++++++++------------ scripts/remove | 28 ++++++--------- scripts/restore | 63 +++++++++++++++------------------- scripts/upgrade | 85 ++++++++++++++++++++-------------------------- 8 files changed, 132 insertions(+), 180 deletions(-) diff --git a/manifest.toml b/manifest.toml index e774c92..1155618 100644 --- a/manifest.toml +++ b/manifest.toml @@ -17,7 +17,8 @@ userdoc = "https://forgejo.org/docs/latest/user/" code = "https://codeberg.org/forgejo/forgejo" [integration] -yunohost = ">= 11.2" +yunohost = ">= 11.2.18" +helpers_version = "2.1" architectures = [ "amd64", "arm64", "armhf" ] multi_instance = true ldap = true diff --git a/scripts/_common.sh b/scripts/_common.sh index dad63d9..e2bffb5 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,44 +5,44 @@ #================================================= function set_forgejo_login_source() { - ynh_print_info --message="Creating forgejo login source" + ynh_print_info "Creating forgejo login source" pushd "$install_dir" - ynh_exec_as "$app" ./forgejo admin auth add-ldap-simple --security-protocol "Unencrypted" --name "YunoHost LDAP" --host "localhost" --port "389" --skip-tls-verify --user-search-base "ou=users,dc=yunohost,dc=org" --user-dn "uid=%s,ou=Users,dc=yunohost,dc=org" --user-filter "(&(objectclass=posixAccount)(uid=%s)(permission=cn=$app.main,ou=permission,dc=yunohost,dc=org))" --admin-filter "(permission=cn=forgejo.admin,ou=permission,dc=yunohost,dc=org)" --username-attribute "uid" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" + ynh_exec_as_app ./forgejo admin auth add-ldap-simple --security-protocol "Unencrypted" --name "YunoHost LDAP" --host "localhost" --port "389" --skip-tls-verify --user-search-base "ou=users,dc=yunohost,dc=org" --user-dn "uid=%s,ou=Users,dc=yunohost,dc=org" --user-filter "(&(objectclass=posixAccount)(uid=%s)(permission=cn=$app.main,ou=permission,dc=yunohost,dc=org))" --admin-filter "(permission=cn=forgejo.admin,ou=permission,dc=yunohost,dc=org)" --username-attribute "uid" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" popd } function enable_login_source_sync() { - ynh_print_info --message="Set forgejo login source as synchronizable" + ynh_print_info "Set forgejo login source as synchronizable" # Enable login source synchronisation manualy because forgejo command does not allow it (https://codeberg.org/forgejo/forgejo/issues/952) - ynh_psql_execute_as_root --database "$db_name" --sql "update login_source set is_sync_enabled = true where type = 5 and name = 'YunoHost LDAP'" + ynh_psql_db_shell "$db_name" --sql "update login_source set is_sync_enabled = true where type = 5 and name = 'YunoHost LDAP'" } function create_forgejo_api_user() { - ynh_print_info --message="Creating forgejo api user" + ynh_print_info "Creating forgejo api user" forgejo_api_user=yunohost_api forgejo_api_pwd=$(ynh_string_random --length=24) - ynh_app_setting_set --app="$app" --key=forgejo_api_user --value="$forgejo_api_user" - ynh_app_setting_set --app="$app" --key=forgejo_api_pwd --value="$forgejo_api_pwd" + ynh_app_setting_set --key=forgejo_api_user --value="$forgejo_api_user" + ynh_app_setting_set --key=forgejo_api_pwd --value="$forgejo_api_pwd" pushd "$install_dir" - ynh_exec_as "$app" ./forgejo admin user create --username "$forgejo_api_user" --password "$forgejo_api_pwd" --email "admin@${domain}" --admin --must-change-password=false - forgejo_api_token=$(ynh_exec_as "$app" ./forgejo admin user generate-access-token --username "$forgejo_api_user" --token-name "admin" --scopes "write:admin" --raw | tail -1) - ynh_app_setting_set --app="$app" --key=forgejo_api_token --value="$forgejo_api_token" + ynh_exec_as_app ./forgejo admin user create --username "$forgejo_api_user" --password "$forgejo_api_pwd" --email "admin@${domain}" --admin --must-change-password=false + forgejo_api_token=$(ynh_exec_as_app ./forgejo admin user generate-access-token --username "$forgejo_api_user" --token-name "admin" --scopes "write:admin" --raw | tail -1) + ynh_app_setting_set --key=forgejo_api_token --value="$forgejo_api_token" popd } function set_users_login_source() { # Previously created users have «Local» login source. It should be «YunoHost LDAP» for username in $(ynh_user_list); do - ynh_print_info --message="Updating forgejo user login type for ${username}" + ynh_print_info "Updating forgejo user login type for ${username}" - ynh_psql_execute_as_root --database "$db_name" --sql "update public.user set login_source = (select id from login_source where name = 'YunoHost LDAP' and type = 5), login_name = name, login_type = 5 where name = '${username}'" + ynh_psql_db_shell "$db_name" --sql "update public.user set login_source = (select id from login_source where name = 'YunoHost LDAP' and type = 5), login_name = name, login_type = 5 where name = '${username}'" done } function synchronize_users() { - ynh_print_info --message="Synchronizing forgejo users" + ynh_print_info "Synchronizing forgejo users" # Fetch the token independently such that it's redacted by Yunohost logging mechanism - forgejo_api_token=$(ynh_app_setting_get --app="$app" --key=forgejo_api_token) + forgejo_api_token=$(ynh_app_setting_get --key=forgejo_api_token) # Remove trailing slash from path local no_trailing_slash_path=${path%/} diff --git a/scripts/backup b/scripts/backup index ada8d65..5c2b869 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,43 +1,34 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# DECLARE DATA AND CONF FILES TO BACKUP -#================================================= -ynh_print_info --message="Declaring files to be backed up..." +ynh_print_info "Declaring files to be backed up..." #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$install_dir" +ynh_backup "$install_dir" #================================================= # BACKUP THE DATA DIR #================================================= -ynh_backup --src_path="$data_dir" --is_big +ynh_backup "$data_dir" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +ynh_backup "/etc/fail2ban/jail.d/$app.conf" +ynh_backup "/etc/fail2ban/filter.d/$app.conf" #================================================= # SPECIFIC BACKUP @@ -45,29 +36,29 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" # BACKUP LOGROTATE #================================================= -ynh_backup --src_path="/etc/logrotate.d/$app" +ynh_backup "/etc/logrotate.d/$app" #================================================= # BACKUP SYSTEMD #================================================= -ynh_backup --src_path="/etc/systemd/system/$app.service" +ynh_backup "/etc/systemd/system/$app.service" #================================================= # BACKUP VARIOUS FILES #================================================= -ynh_backup --src_path="/var/log/$app" +ynh_backup "/var/log/$app" #================================================= # BACKUP THE DATABASE #================================================= -ynh_print_info --message="Backing up the database..." +ynh_print_info "Backing up the database..." -ynh_psql_dump_db --database="$db_name" > db.sql +ynh_psql_dump_db > db.sql #================================================= # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 7f6e399..5bf1d24 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -1,52 +1,42 @@ #!/bin/bash -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD MODIFICATIONS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=2 +ynh_script_progression "Stopping $app's systemd service..." -ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/forgejo.log" +ynh_systemctl --service="$app" --action="stop" --log_path="/var/log/$app/forgejo.log" #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --weight=3 +ynh_script_progression "Updating NGINX web server configuration..." -ynh_change_url_nginx_config +ynh_config_change_url_nginx #================================================= # SPECIFIC MODIFICATIONS #================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 +ynh_script_progression "Adding $app's configuration..." ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") -ynh_exec_warn_less ynh_add_config --template="../conf/app.ini" --destination="$install_dir/custom/conf/app.ini" +ynh_hide_warnings ynh_config_add --template="app.ini" --destination="$install_dir/custom/conf/app.ini" chmod 640 "$install_dir/custom/conf/app.ini" chown "$app:$app" "$install_dir/custom/conf/app.ini" -#================================================= -# GENERIC FINALISATION #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=2 +ynh_script_progression "Starting $app's systemd service..." -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression "Change of URL completed for $app" diff --git a/scripts/install b/scripts/install index 871236e..6d76b21 100644 --- a/scripts/install +++ b/scripts/install @@ -30,18 +30,18 @@ secret_key=$("$install_dir/forgejo" generate secret SECRET_KEY) lfs_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) internal_token=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN) oauth2_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) -ynh_app_setting_set --app="$app" --key=secret_key --value="$secret_key" -ynh_app_setting_set --app="$app" --key=lfs_jwt_secret --value="$lfs_jwt_secret" -ynh_app_setting_set --app="$app" --key=internal_token --value="$internal_token" -ynh_app_setting_set --app="$app" --key=oauth2_jwt_secret --value="$oauth2_jwt_secret" +ynh_app_setting_set --key=secret_key --value="$secret_key" +ynh_app_setting_set --key=lfs_jwt_secret --value="$lfs_jwt_secret" +ynh_app_setting_set --key=internal_token --value="$internal_token" +ynh_app_setting_set --key=oauth2_jwt_secret --value="$oauth2_jwt_secret" #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 +ynh_script_progression "Adding $app's configuration..." ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") -ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini" +ynh_config_add --template="app.ini" --destination="$install_dir/custom/conf/app.ini" chmod 640 "$install_dir/custom/conf/app.ini" chown "$app:$app" "$install_dir/custom/conf/app.ini" @@ -49,56 +49,54 @@ chown "$app:$app" "$install_dir/custom/conf/app.ini" #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression "Upgrading systemd configuration..." -ynh_add_systemd_config +ynh_config_add_systemd #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 +ynh_script_progression "Upgrading NGINX web server configuration..." -ynh_add_nginx_config +ynh_config_add_nginx -#================================================= -# GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 +ynh_script_progression "Configuring log rotation..." # Use logrotate to manage application logfile(s) -ynh_use_logrotate --logfile "/var/log/$app" --nonappend +ynh_config_add_logrotate "/var/log/$app" -chown -R "$app:$app" "/var/log/$app" -chmod u=rwX,g=rX,o= "/var/log/$app" +#REMOVEME? Assuming ynh_config_add_logrotate is called, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:$app" "/var/log/$app" +#REMOVEME? Assuming ynh_config_add_logrotate is called, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod u=rwX,g=rX,o= "/var/log/$app" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 +ynh_script_progression "Integrating service in YunoHost..." yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=3 +ynh_script_progression "Starting $app's systemd service..." # Start a systemd service -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:" #================================================= # SETUP FAIL2BAN #================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 +ynh_script_progression "Configuring Fail2Ban..." -ynh_add_fail2ban_config --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 +ynh_config_add_fail2ban --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= # LDAP CONFIGURATION #================================================= -ynh_script_progression --message="Adding LDAP configuration..." --weight=1 +ynh_script_progression "Adding LDAP configuration..." set_forgejo_login_source enable_login_source_sync @@ -112,4 +110,4 @@ synchronize_users # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index ed4ac1b..b446f0b 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,11 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers @@ -16,30 +10,30 @@ source /usr/share/yunohost/helpers #================================================= # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status "$app" >/dev/null +if ynh_hide_warnings yunohost service status "$app" >/dev/null then - ynh_script_progression --message="Removing $app service integration..." --weight=1 + ynh_script_progression "Removing $app service integration..." yunohost service remove "$app" fi # Remove the dedicated systemd config -ynh_script_progression --message="Removing systemd configuration..." --weight=1 -ynh_remove_systemd_config +ynh_script_progression "Removing systemd configuration..." +ynh_config_remove_systemd # Remove the app-specific logrotate config -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 -ynh_remove_logrotate +ynh_script_progression "Removing logrotate configuration..." +ynh_config_remove_logrotate # Remove the dedicated NGINX config -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 -ynh_remove_nginx_config +ynh_script_progression "Removing NGINX web server configuration..." +ynh_config_remove_nginx # Remove the dedicated Fail2Ban config -ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 -ynh_remove_fail2ban_config +ynh_script_progression "Removing Fail2Ban configuration..." +ynh_config_remove_fail2ban #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index f2ee8f0..acdd9ab 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,11 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -14,90 +8,87 @@ source /usr/share/yunohost/helpers #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1 +ynh_script_progression "Restoring the NGINX configuration..." -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring $app main directory..." --weight=10 +ynh_script_progression "Restoring $app main directory..." -ynh_restore_file --origin_path="$install_dir" - -chmod -R o-rwx "$install_dir" -chown -R "$app:$app" "$install_dir" +ynh_restore "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:$app" "$install_dir" #================================================= # RESTORE THE DATA DIRECTORY #================================================= -ynh_script_progression --message="Restoring the data directory..." --weight=1 -ynh_restore_file --origin_path="$data_dir" --not_mandatory +ynh_script_progression "Restoring the data directory..." +ynh_restore "$data_dir" chown -R "$app:$app" "$data_dir" #================================================= # RESTORE THE LOG DIRECTORY #================================================= -ynh_restore_file --origin_path="/var/log/$app" -chown -R "$app:$app" "/var/log/$app" -chmod u=rwX,g=rX,o= "/var/log/$app" +ynh_restore "/var/log/$app" +#REMOVEME? Assuming ynh_config_add_logrotate is called, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:$app" "/var/log/$app" +#REMOVEME? Assuming ynh_config_add_logrotate is called, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod u=rwX,g=rX,o= "/var/log/$app" #================================================= # RESTORE FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1 +ynh_script_progression "Restoring the Fail2Ban configuration..." -ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban +ynh_restore "/etc/fail2ban/jail.d/$app.conf" +ynh_restore "/etc/fail2ban/filter.d/$app.conf" +ynh_systemctl --action=restart --service=fail2ban #================================================= # RESTORE THE DATABASE #================================================= -ynh_script_progression --message="Restoring the database..." --weight=6 +ynh_script_progression "Restoring the database..." -ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" +ynh_psql_db_shell " < "./db.sql"" #================================================= # RESTORE SYSTEMD #================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=5 +ynh_script_progression "Restoring $app's systemd service..." -ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +ynh_restore "/etc/systemd/system/$app.service" systemctl enable "$app.service" --quiet #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 +ynh_script_progression "Restoring the logrotate configuration..." -ynh_restore_file --origin_path="/etc/logrotate.d/$app" +ynh_restore "/etc/logrotate.d/$app" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 +ynh_script_progression "Integrating service in YunoHost..." yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=3 +ynh_script_progression "Starting $app's systemd service..." -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:" -#================================================= -# GENERIC FINALIZATION #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression "Reloading NGINX web server..." -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemctl --service=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index f75b289..7e00991 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,47 +1,33 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# CHECK VERSION -#================================================= - -upgrade_type=$(ynh_check_app_version_changed) - -#================================================= -# STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=2 -ynh_systemd_action --service_name="$app" --action="stop" --log_path="systemd" +ynh_script_progression "Stopping $app's systemd service..." +ynh_systemctl --service="$app" --action="stop" --log_path="systemd" #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +ynh_script_progression "Ensuring downward compatibility..." # Update forgejo login source (1.19.3-0~ynh2) pushd "$install_dir" - old_login_source_id=$(ynh_exec_as "$app" ./forgejo admin auth list | grep "YunoHost LDAP" | grep "via BindDN" | cut -f 1) + old_login_source_id=$(ynh_exec_as_app ./forgejo admin auth list | grep "YunoHost LDAP" | grep "via BindDN" | cut -f 1) if [ -n "$old_login_source_id" ]; then - ynh_print_info --message="Delete obsolete forgejo login source (LDAP via BindDN)" + ynh_print_info "Delete obsolete forgejo login source (LDAP via BindDN)" # Ensure no user have this obsolete login source - ynh_psql_execute_as_root --database "$db_name" --sql "update public.user set login_source = 0, login_type = 0 where login_source = ${old_login_source_id}" + ynh_psql_db_shell "$db_name" --sql "update public.user set login_source = 0, login_type = 0 where login_source = ${old_login_source_id}" # Delete old login source - ynh_exec_as "$app" ./forgejo admin auth delete --id "$old_login_source_id" + ynh_exec_as_app ./forgejo admin auth delete --id "$old_login_source_id" fi - ynh_exec_as "$app" ./forgejo admin auth list | grep "YunoHost LDAP" | grep -q "LDAP (simple auth)" || + ynh_exec_as_app ./forgejo admin auth list | grep "YunoHost LDAP" | grep -q "LDAP (simple auth)" || # create new login source if not existing set_forgejo_login_source popd @@ -57,48 +43,52 @@ if [ -d "$data_dir/.ssh" ]; then fi # If secret_key doesn't exist, create it +# FIXMEhelpers2.1: maybe replace with: ynh_app_setting_set_default --key=secret_key --value=$("$install_dir/forgejo" generate secret SECRET_KEY) if [ -z "${secret_key:-}" ]; then secret_key=$("$install_dir/forgejo" generate secret SECRET_KEY) - ynh_app_setting_set --app="$app" --key=secret_key --value="$secret_key" + ynh_app_setting_set --key=secret_key --value="$secret_key" fi # If lfs_jwt_secret doesn't exist, create it +# FIXMEhelpers2.1: maybe replace with: ynh_app_setting_set_default --key=lfs_jwt_secret --value=$("$install_dir/forgejo" generate secret JWT_SECRET) if [ -z "${lfs_jwt_secret:-}" ]; then lfs_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) - ynh_app_setting_set --app="$app" --key=lfs_jwt_secret --value="$lfs_jwt_secret" + ynh_app_setting_set --key=lfs_jwt_secret --value="$lfs_jwt_secret" fi # If internal_token doesn't exist, create it +# FIXMEhelpers2.1: maybe replace with: ynh_app_setting_set_default --key=internal_token --value=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN) if [ -z "${internal_token:-}" ]; then internal_token=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN) - ynh_app_setting_set --app="$app" --key=internal_token --value="$internal_token" + ynh_app_setting_set --key=internal_token --value="$internal_token" fi # If oauth2_jwt_secret doesn't exist, create it +# FIXMEhelpers2.1: maybe replace with: ynh_app_setting_set_default --key=oauth2_jwt_secret --value=$("$install_dir/forgejo" generate secret JWT_SECRET) if [ -z "${oauth2_jwt_secret:-}" ]; then oauth2_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) - ynh_app_setting_set --app="$app" --key=oauth2_jwt_secret --value="$oauth2_jwt_secret" + ynh_app_setting_set --key=oauth2_jwt_secret --value="$oauth2_jwt_secret" fi #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=3 +ynh_script_progression "Setting up source files..." -ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="custom .ssh" +ynh_setup_source --dest_dir="$install_dir" --full_replace --keep="custom .ssh" xz -f -d "$install_dir/forgejo.xz" -chmod -R o-rwx "$install_dir" -chown -R "$app:$app" "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:$app" "$install_dir" chmod +x "$install_dir/forgejo" #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 +ynh_script_progression "Adding $app's configuration..." ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") -ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini" +ynh_config_add --template="app.ini" --destination="$install_dir/custom/conf/app.ini" chmod 640 "$install_dir/custom/conf/app.ini" chown "$app:$app" "$install_dir/custom/conf/app.ini" @@ -106,45 +96,42 @@ chown "$app:$app" "$install_dir/custom/conf/app.ini" #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression "Upgrading systemd configuration..." -ynh_add_systemd_config +ynh_config_add_systemd #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 +ynh_script_progression "Upgrading NGINX web server configuration..." -ynh_add_nginx_config +ynh_config_add_nginx -#================================================= -# GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 +ynh_script_progression "Configuring log rotation..." # Use logrotate to manage application logfile(s) -ynh_use_logrotate --logfile "/var/log/$app" --nonappend +ynh_config_add_logrotate "/var/log/$app" -chown -R "$app:$app" "/var/log/$app" -chmod u=rwX,g=rX,o= "/var/log/$app" +#REMOVEME? Assuming ynh_config_add_logrotate is called, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:$app" "/var/log/$app" +#REMOVEME? Assuming ynh_config_add_logrotate is called, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod u=rwX,g=rX,o= "/var/log/$app" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 +ynh_script_progression "Integrating service in YunoHost..." yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=3 +ynh_script_progression "Starting $app's systemd service..." # Start a systemd service -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" - +ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:" #================================================= # Synchronize users (backward compatibility 1.19.3-0~ynh3) @@ -160,12 +147,12 @@ synchronize_users #================================================= # SETUP FAIL2BAN #================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 +ynh_script_progression "Configuring Fail2Ban..." -ynh_add_fail2ban_config --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 +ynh_config_add_fail2ban --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression "Upgrade of $app completed"