diff --git a/scripts/backup b/scripts/backup new file mode 100755 index 0000000..6e3da91 --- /dev/null +++ b/scripts/backup @@ -0,0 +1,45 @@ +#!/bin/bash + +# Exit on command errors and treat unset variables as an error +#set -eu + +#TRAP_ON () { # Activate signal capture +# trap EXIT_PROPERLY ERR # Capturing ex it signals on error +#} + +# Active trap pour arrêter le script si une erreur est détectée. +#TRAP_ON + +# See comments in install script +app=$YNH_APP_INSTANCE_NAME + +# Source YunoHost helpers +source /usr/share/yunohost/helpers + +final_path=$(ynh_app_setting_get $app final_path) +path=$(ynh_app_setting_get $app path) +domain=$(ynh_app_setting_get $app domain) +is_public=$(ynh_app_setting_get $app is_public) +finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) +finalphpconf=$(ynh_app_setting_get $app finalphpconf) + +# Backup sources & data +# Note: the last argument is where to save this path, see the restore script. +ynh_backup "$final_path" "sources" + +### MySQL (remove if not used) ### +# If a MySQL database is used: +# # Dump the database +# dbname=$app +# dbuser=$app +# dbpass=$(ynh_app_setting_get "$app" mysqlpwd) +# mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql +### MySQL end ### + +# Copy NGINX configuration +ynh_backup "$finalnginxconf" "nginx.conf" + +### PHP (remove if not used) ### +# If a dedicated php-fpm process is used: +# # Copy PHP-FPM pool configuration +ynh_backup "$finalphpconf" "php-fpm.conf" diff --git a/scripts/install b/scripts/install index b9331a4..221a79f 100644 --- a/scripts/install +++ b/scripts/install @@ -1,67 +1,200 @@ #!/bin/bash +#set -eu + +# Charge les fonctions génériques habituellement utilisées dans le script +#source fonctions + +# Active trap pour arrêter le script si une erreur est détectée. +EXIT_PROPERLY () { # Provoque l'arrêt du script en cas d'erreur. Et nettoye les résidus. + exit_code=$? + if [ "$exit_code" -eq 0 ]; then + exit 0 # Quitte sans erreur si le script se termine correctement. + fi + trap '' EXIT + set +eu + echo -e "\e[91m \e[1m" # Shell in light red bold + echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2 + + if type -t CLEAN_SETUP > /dev/null; then # Vérifie l'existance de la fonction avant de l'exécuter. + CLEAN_SETUP # Appel la fonction de nettoyage spécifique du script install. + fi + + # Compense le bug de ssowat qui ne supprime pas l'entrée de l'app en cas d'erreur d'installation. + sudo sed -i "\@\"$domain$path/\":@d" /etc/ssowat/conf.json + + ynh_die +} + +TRAP_ON () { # Activate signal capture + set -eu # Exit if a command fail, and if a variable is used unset. + trap EXIT_PROPERLY EXIT # Capturing exit signals on shell script +} + +TRAP_ON + +# Source app helpers +source /usr/share/yunohost/helpers # Retrieve arguments -app=framagames -domain=$1 -path=$2 -is_public=$3 +app=$YNH_APP_INSTANCE_NAME +domain=$YNH_APP_ARG_DOMAIN +path=$YNH_APP_ARG_PATH +is_public=$YNH_APP_ARG_IS_PUBLIC +runninguser=$YNH_APP_ARG_RUNNINGUSER +calibre=$YNH_APP_ARG_CALIBRE -sudo yunohost app setting $app path -v $path - -if [ $path = "/" ] +# No basic auth if app is private +if [ "$is_public" = "Yes" ]; then - sitename="root" + basicauthcreate=$YNH_APP_ARG_BASICAUTHCREATE + basicauthname=$YNH_APP_ARG_BASICAUTHNAME + basicauthpass=$YNH_APP_ARG_BASICAUTHPASS else - # sitename == path without any "/" - sitename=$(echo $path | cut -d '/' -f 2) - # Removal of trailing / - # path can be null but not really an issue for the remaining commands - path=${path%/} + basicauthcreate="No" fi +# We check variables are not empty +CHECK_VAR () { # Vérifie que la variable n'est pas vide. +# $1 = Variable à vérifier +# $2 = Texte à afficher en cas d'erreur + test -n "$1" || (echo "$2" >&2 && false) +} + +CHECK_VAR "$app" "app name not set" + +# Check the path value and correct it (adds / at begining and removes it at the end) +CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin. + if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un / + path="/$path" # Ajoute un / en début de path + fi + if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas l$ + path="${path:0:${#path}-1}" # Supprime le dernier caractère + fi +} + +CHECK_PATH; + +# Check domain and path availibility +CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine. + sudo yunohost app checkurl $domain$path -a $app +} + +CHECK_DOMAINPATH + +# Check destination folder is not used already +CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé. + final_path=/var/www/$app + if [ -e "$final_path" ] + then + echo "This path already contains a folder" >&2 + false + fi +} + +CHECK_FINALPATH + +# We check that calibre path is correct +CHECK_CALIBRE () { # Vérifie la présence du / en début de path. Et son absence à la fin. + if [ "${calibre:0:1}" != "/" ]; then # Si le premier caractère n'est pas un / + calibre="/$calibre" # Ajoute un / en début de path + fi + if [ "${calibre:${#calibre}-1}" == "/" ] && [ ${#calibre} -gt 1 ]; then # Si le dernier caractère est un / $ + calibre="${calibre:0:${#calibre}-1}" # Supprime le dernier caractère + fi +} + +CHECK_CALIBRE; + final_path=/var/www/$app -# Check domain/path availability -sudo yunohost app checkurl $domain$path -a $app -if [[ ! $? -eq 0 ]]; then - exit 1 -fi +# Define variables and Save app settings +ynh_app_setting_set "$app" domain "$domain" +#ynh_app_setting_set "$app" path "$path" +ynh_app_setting_set "$app" is_public "$is_public" +ynh_app_setting_set "$app" final_path "$final_path" +ynh_app_setting_set "$app" runninguser "$runninguser" +ynh_app_setting_set "$app" calibre "$calibre" +ynh_app_setting_set "$app" basicauthcreate "$basicauthcreate" -sudo yunohost app setting $app final_path -v $final_path -#sudo yunohost app setting $app domain -v $domain -sudo yunohost app setting $app sitename -v $sitename +finalnginxconf="/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_app_setting_set "$app" finalnginxconf "$finalnginxconf" + +finalphpconf="/etc/php5/fpm/pool.d/${app}.conf" +ynh_app_setting_set "$app" finalphpconf "$finalphpconf" + +# We install dependencies +sudo apt-get update -y +sudo apt-get install php5-gd php5-sqlite php5-json php5-intl -y # Creation of folder -sudo rm -rf $final_path sudo mkdir -p $final_path -# Copy of sources -sudo cp -a ../sources/* $final_path/ +# We download the sources and check the md5sum +cops_file=`sudo cat ../sources/source_file`; +sudo wget -nv -i ../sources/source_url -O $cops_file +sudo md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false) +sudo unzip ${cops_file} -d $final_path + +# Site adjustments +sed -i "s@CALIBRETOCHANGE@$calibre@g" ../conf/config_local.php +timezone=`sudo cat /etc/timezone`; +sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php + +sudo cp ../conf/config_local.php $final_path +sudo cp ../conf/robots.txt $final_path # Set permissions sudo chmod 775 -R $final_path -sudo chown -hR www-data:www-data $final_path +sudo chown -hR $runninguser:$runninguser $final_path -# Modify Nginx configuration file and copy it to Nginx conf directory +# Add basic auth if requested +if [ "$basicauthcreate" = "Yes" ]; +then + ynh_app_setting_set "$app" basicauthname "$basicauthname" + ynh_app_setting_set "$app" basicauthpass "$basicauthpass" + + # Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/ + SALT="$(openssl rand -base64 3)" + (SHA1=$(printf "$basicauthpass$SALT" | + openssl dgst -binary -sha1 | xxd -ps | + sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' | + xxd -r -ps | + base64);printf "$basicauthname:{SSHA}$SHA1\n" >> ../sources/htpasswd) + sudo cp ../sources/htpasswd $final_path + sudo chmod 440 $final_path/htpasswd + sudo chown www-data:www-data $final_path/htpasswd + + # Modif nginx + sed -i "s|^.*\bauth_basic\b.*$| auth_basic \"Private Library\";|" ../conf/nginx.conf; + sed -i "s|^.*\bauth_basic_user_file\b.*$| auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf; +else + echo "No basic auth"; +fi + +# Modify Nginx configuration file and copy it to Nginx conf.d directory sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf -sed -i "s@FOLDERTOCHANGE@$final_path/@g" ../conf/nginx.conf -sed -i "s@NAMETOCHANGE@$sitename@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$sitename.conf +sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf +sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf +sudo cp ../conf/nginx.conf $finalnginxconf -sed -i "s@NAMETOCHANGE@$sitename@g" ../conf/php-fpm.conf -finalphpconf=/etc/php5/fpm/pool.d/$app.conf +# Modify php-fpm configuration file and copy it to php-fpm pool.d directory +sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf +sed -i "s@FOLDERTOCHANGE@$final_path@g" ../conf/php-fpm.conf +sed -i "s@USERTOCHANGE@$runninguser@g" ../conf/php-fpm.conf sudo cp ../conf/php-fpm.conf $finalphpconf sudo chown root: $finalphpconf sudo chmod 644 $finalphpconf # Make app public if necessary -sudo yunohost app setting $app is_public -v "$is_public" +is_public=$(ynh_app_setting_get $app is_public) if [ "$is_public" = "Yes" ]; then - sudo yunohost app setting $app skipped_uris -v "/" + ynh_app_setting_set $app skipped_uris "/" +else + ynh_app_setting_set $app protected_uris "/" fi # Reload Nginx and regenerate SSOwat conf -sudo service php5-fpm restart +sudo service php5-fpm reload sudo service nginx reload sudo yunohost app ssowatconf diff --git a/scripts/remove b/scripts/remove index 6b9870b..74c31b2 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,22 +1,41 @@ #!/bin/bash +#set -eu -app=framagames +# Charge les fonctions génériques habituellement utilisées dans le script +#source fonctions -#user=$(sudo yunohost app setting $app user) -path=$(sudo yunohost app setting $app path) -sitename=$(sudo yunohost app setting $app sitename) -domain=$(sudo yunohost app setting $app domain) -final_path=$(sudo yunohost app setting $app final_path) +# Active trap pour arrêter le script si une erreur est détectée. +#TRAP_ON +# Source app helpers +source /usr/share/yunohost/helpers + +# We retrieve app parameters +app=$YNH_APP_INSTANCE_NAME + +# We check variables are not empty + +CHECK_VAR () { # Vérifie que la variable n'est pas vide. +# $1 = Variable à vérifier +# $2 = Texte à afficher en cas d'erreur + test -n "$1" || (echo "$2" >&2 && false) +} +CHECK_VAR "$app" "app name not set" + +path=$(ynh_app_setting_get $app path) +domain=$(ynh_app_setting_get $app domain) +final_path=$(ynh_app_setting_get $app final_path) +finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) +finalphpconf=$(ynh_app_setting_get $app finalphpconf) # Suppression du dossier de la webapp sudo rm -rf $final_path # Suppression de la config nginx de la webapp -sudo rm -f /etc/nginx/conf.d/$domain.d/$sitename.conf -sudo rm -f /etc/php5/fpm/pool.d/$app.conf -sudo rm -rf /var/www/$app/ +sudo rm -f $finalnginxconf +sudo rm -f $finalphpconf -sudo service php5-fpm restart +# We reload the services +sudo service php5-fpm reload sudo service nginx reload sudo yunohost app ssowatconf diff --git a/scripts/restore b/scripts/restore new file mode 100755 index 0000000..f815291 --- /dev/null +++ b/scripts/restore @@ -0,0 +1,75 @@ +#!/bin/bash + +# Note: each files and directories you've saved using the ynh_backup helper +# will be located in the current directory, regarding the last argument. + +# Exit on command errors and treat unset variables as an error +#set -eu + +#TRAP_ON () { # Activate signal capture +# trap EXIT_PROPERLY ERR # Capturing ex it signals on error +#} + +# Active trap pour arrêter le script si une erreur est détectée. +#TRAP_ON + +# See comments in install script +app=$YNH_APP_INSTANCE_NAME + +# Source YunoHost helpers +source /usr/share/yunohost/helpers + +# Retrieve old app settings +final_path=$(ynh_app_setting_get $app final_path) +path=$(ynh_app_setting_get $app path) +domain=$(ynh_app_setting_get $app domain) +is_public=$(ynh_app_setting_get $app is_public) +finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) +finalphpconf=$(ynh_app_setting_get $app finalphpconf) +runninguser=$(ynh_app_setting_get $app runninguser) +basicauthcreate=$(ynh_app_setting_get $app basicauthcreate) + +# We install dependencies +sudo apt-get update -y +sudo apt-get install php5-gd php5-sqlite php5-json php5-intl -y + +# Restore sources & data +sudo mkdir -p $final_path +sudo cp -a ./sources/* $final_path/ + +# Restore permissions to app files +# you may need to make some file and/or directory writeable by www-data (nginx user) +sudo chown -R $runninguser:$runninguser $final_path + +if [ "$basicauthcreate" = "Yes" ]; +then + sudo chmod 440 $final_path/htpasswd + sudo chown www-data:www-data $final_path/htpasswd +else + echo "Nothing to do" +fi + +# Restore NGINX configuration +sudo cp -a ./nginx.conf $finalnginxconf + +### PHP (remove if not used) ### +# If a dedicated php-fpm process is used: +# # Copy PHP-FPM pool configuration and reload the service +sudo cp -a ./php-fpm.conf $finalphpconf +### PHP end ### + +# Make app public if necessary +is_public=$(ynh_app_setting_get $app is_public) +if [ "$is_public" = "Yes" ]; +then + ynh_app_setting_set $app skipped_uris "/" +else + ynh_app_setting_set $app protected_uris "/" +fi + + +# Restart webserver +sudo service nginx reload +sudo service php5-fpm reload +sudo yunohost app ssowatconf + diff --git a/scripts/upgrade b/scripts/upgrade index 16af047..38646ff 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,46 +1,121 @@ #!/bin/bash +#set -eu -# Retrieve arguments -app=framagames +# Charge les fonctions génériques habituellement utilisées dans le script +#source fonctions -#domain=$(sudo yunohost app setting $app domain) -path=$(sudo yunohost app setting $app path) -sitename=$(sudo yunohost app setting $app sitename) -#user=$(sudo yunohost app setting $app user) -is_public=$(sudo yunohost app setting $app is_public) -final_path=$(sudo yunohost app setting $app final_path) +# Active trap pour arrêter le script si une erreur est détectée. +#TRAP_ON -# Modify Nginx configuration file and copy it to Nginx conf directory +# Source app helpers +source /usr/share/yunohost/helpers + +# We retrieve app parameters +app=$YNH_APP_INSTANCE_NAME + +# We check variables are not empty +CHECK_VAR () { # Vérifie que la variable n'est pas vide. +# $1 = Variable à vérifier +# $2 = Texte à afficher en cas d'erreur + test -n "$1" || (echo "$2" >&2 && false) +} +CHECK_VAR "$app" "app name not set" + +path=$(ynh_app_setting_get $app path) +domain=$(ynh_app_setting_get $app domain) +final_path=$(ynh_app_setting_get $app final_path) +finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) +finalphpconf=$(ynh_app_setting_get $app finalphpconf) +runninguser=$(ynh_app_setting_get $app runninguser) +calibre=$(ynh_app_setting_get $app calibre) +basicauthcreate=$(ynh_app_setting_get $app basicauthcreate) + +# We check that calibre path is correct +CHECK_CALIBRE () { # Vérifie la présence du / en début de path. Et son absence à la fin. + if [ "${calibre:0:1}" != "/" ]; then # Si le premier caractère n'est pas un / + calibre="/$calibre" # Ajoute un / en début de path + fi + if [ "${calibre:${#calibre}-1}" == "/" ] && [ ${#calibre} -gt 1 ]; then # Si le dernier caractère est un / $ + calibre="${calibre:0:${#calibre}-1}" # Supprime le dernier caractère + fi +} + +CHECK_CALIBRE + +# We install dependencies +sudo apt-get update -y +sudo apt-get install php5-gd php5-sqlite php5-json php5-intl -y + +# Removal of old folder and restart from fresh +sudo rm -rf $final_path +sudo mkdir -p $final_path + +# We download the sources and check the md5sum +cops_file=`sudo cat ../sources/source_file`; +sudo wget -nv -i ../sources/source_url -O $cops_file +sudo md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false) +sudo unzip ${cops_file} -d $final_path + +# Site adjustments +sed -i "s@CALIBRETOCHANGE@$calibrepath@g" ../conf/config_local.php +timezone=`sudo cat /etc/timezone`; +sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php + +sudo cp ../conf/config_local.php $final_path +sudo cp ../conf/robots.txt $final_path + +# Set permissions +sudo chmod 775 -R $final_path +sudo chown -hR $runninguser:$runninguser $final_path + +# Add basic auth if requested +if [ "$basicauthcreate" = "Yes" ]; +then + basicauthname=$(ynh_app_setting_get $app basicauthname) + basicauthpass=$(ynh_app_setting_get $app basicauthpass) + + # Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/ + SALT="$(openssl rand -base64 3)" + (SHA1=$(printf "$basicauthpass$SALT" | + openssl dgst -binary -sha1 | xxd -ps | + sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' | + xxd -r -ps | + base64);printf "$basicauthname:{SSHA}$SHA1\n" >> ../sources/htpasswd) + sudo cp ../sources/htpasswd $final_path + sudo chmod 440 $final_path/htpasswd + sudo chown www-data:www-data $final_path/htpasswd + + # Modif nginx + sed -i "s|^.*\bauth_basic\b.*$| auth_basic \"Private Library\";|" ../conf/nginx.conf; + sed -i "s|^.*\bauth_basic_user_file\b.*$| auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf; +else + echo "No basic auth"; +fi + +# Modify Nginx configuration file and copy it to Nginx conf.d directory sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf -sed -i "s@FOLDERTOCHANGE@$final_path/@g" ../conf/nginx.conf -sed -i "s@NAMETOCHANGE@$sitename@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$sitename.conf +sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf +sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf +sudo cp ../conf/nginx.conf $finalnginxconf -sed -i "s@NAMETOCHANGE@$sitename@g" ../conf/php-fpm.conf -finalphpconf=/etc/php5/fpm/pool.d/$app.conf +# Modify php-fpm configuration file and copy it to php-fpm pool.d directory +sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf +sed -i "s@FOLDERTOCHANGE@$final_path@g" ../conf/php-fpm.conf +sed -i "s@USERTOCHANGE@$runninguser@g" ../conf/php-fpm.conf sudo cp ../conf/php-fpm.conf $finalphpconf sudo chown root: $finalphpconf sudo chmod 644 $finalphpconf -# We copy sources again -rm -rf /var/www/$app -mkdir -p /var/www/$app -cp -a ../sources/* /var/www/$app - -# We adjust permissions -sudo chmod 775 -R /var/www/$app -sudo chown -hR www-data:www-data /var/www/$app - # Make app public if necessary -sudo yunohost app setting $app is_public -v "$is_public" +is_public=$(ynh_app_setting_get $app is_public) if [ "$is_public" = "Yes" ]; then - sudo yunohost app setting $app skipped_uris -v "/" + ynh_app_setting_set $app skipped_uris "/" else - sudo yunohost app setting $app protected_uris -v "/" + ynh_app_setting_set $app protected_uris "/" fi # Reload Nginx and regenerate SSOwat conf -sudo servive php5-fpm reload +sudo service php5-fpm reload sudo service nginx reload sudo yunohost app ssowatconf