From 1d91e9370a893fc46d4d799b004694a845cfa40a Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 23 Mar 2021 20:51:39 +0100 Subject: [PATCH] protect config file --- README.md | 2 +- check_process | 1 - manifest.json | 22 +--------------------- scripts/install | 20 +++++++++----------- scripts/restore | 1 + scripts/upgrade | 27 +++++++++------------------ 6 files changed, 21 insertions(+), 52 deletions(-) diff --git a/README.md b/README.md index 0abd787..fea324a 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ You can modify some configurations using the Framaforms administration panel. Yo ## Documentation * Official documentation: https://docs.framasoft.org/fr/framaforms/ - * YunoHost documentation: https://yunohost.org/#/app_framaforms + * YunoHost documentation: https://yunohost.org/en/app_framaforms ## YunoHost specific features diff --git a/check_process b/check_process index 91243cc..9df3169 100644 --- a/check_process +++ b/check_process @@ -22,7 +22,6 @@ upgrade=1 from_commit=25e97123f0e82ec1b9375774f3e86b7d8f5d73cf backup_restore=1 multi_instance=1 - port_already_use=0 change_url=1 ;;; Options Email=ljf+framaforms_ynh@reflexlibre.net diff --git a/manifest.json b/manifest.json index 7f7e32d..ffe8d39 100644 --- a/manifest.json +++ b/manifest.json @@ -10,7 +10,7 @@ "url": "https://framagit.org/framasoft/framaforms", "license": "GPL-2.0-only", "requirements": { - "yunohost": ">= 4.0.0" + "yunohost": ">= 4.1.7" }, "maintainer": { "name": "ljf", @@ -28,38 +28,22 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for Framaforms", - "fr": "Choisissez un nom de domaine pour Framaforms" - }, "example": "domain.org" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Framaforms", - "fr": "Choisissez un chemin pour Framaforms" - }, "example": "/poll", "default": "/poll" }, { "name": "admin", "type": "user", - "ask": { - "en": "Choose an admin user", - "fr": "Choisissez l’administrateur" - }, "example": "johndoe" }, { "name": "password", "type": "password", - "ask": { - "en": "Set the administrator password", - "fr": "Définissez le mot de passe administrateur" - }, "example": "Choose a password" }, { @@ -101,10 +85,6 @@ { "name": "is_public", "type": "boolean", - "ask": { - "en": "Are visitors who do not have a YunoHost account on this server allowed to register and create forms?", - "fr": "Les visiteurs qui n'ont pas de compte YunoHost sur ce serveur sont-ils autorisés à s'inscrire et à créer des formulaires ?" - }, "help": { "en": "If no, only person with an account on your server will be able to create forms. In all cases, visitors will be able to reply to form.", "fr": "Si non, seule la personne disposant d'un compte sur votre serveur pourra créer des formulaires. Dans tous les cas, les visiteurs pourront répondre au formulaire." diff --git a/scripts/install b/scripts/install index 76605ab..a989a98 100644 --- a/scripts/install +++ b/scripts/install @@ -52,7 +52,6 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=password --value=$password -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=expiration --value=$expiration ynh_app_setting_set --app=$app --key=deletion --value=$deletion @@ -78,6 +77,14 @@ db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_psql_setup_db --db_user=$db_user --db_name=$db_name +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=3 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -95,14 +102,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=3 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -265,6 +264,7 @@ ynh_script_progression --message="Securing files and directories..." --weight=1 # Set permissions to app files chown -R $app: $final_path +chmod 600 $config_file #================================================= # SETUP SSOWAT @@ -274,8 +274,6 @@ ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi diff --git a/scripts/restore b/scripts/restore index a07bd39..023609f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -78,6 +78,7 @@ chmod 2775 "$final_path/app/sites/default/files" mkdir -p "/home/yunohost.app/$app/data" chown -R $app: "/home/yunohost.app/$app/data" chmod 775 "/home/yunohost.app/$app/data" +chmod 600 "$final_path/app/sites/default/settings.php" #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 4af4b9b..dac08ac 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,7 +18,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) admin=$(ynh_app_setting_get --app=$app --key=admin) db_name=$(ynh_app_setting_get --app=$app --key=db_name) @@ -36,15 +35,6 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name=$(ynh_sanitize_dbid --db_name=$app) @@ -83,6 +73,14 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -112,14 +110,6 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=5 ynh_install_app_dependencies $pkg_dependencies -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -190,6 +180,7 @@ chown -R $app: $final_path mkdir -p "/home/yunohost.app/$app/data" chown -R $app: "/home/yunohost.app/$app/data" chmod 775 "/home/yunohost.app/$app/data" +chmod 600 $config_file #================================================= # RELOAD NGINX