diff --git a/README.md b/README.md index acb3068..4751612 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Framagames for YunoHost [![Integration level](https://dash.yunohost.org/integration/framagames.svg)](https://dash.yunohost.org/appci/app/framagames) ![](https://ci-apps.yunohost.org/ci/badges/framagames.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/framagames.maintain.svg) -[![Install Framagames with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=framagames) +[![Install Framagames with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=framagames) > *This package allows you to install Framagames quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* diff --git a/check_process b/check_process index 25c2da1..bc6f52d 100644 --- a/check_process +++ b/check_process @@ -22,9 +22,6 @@ multi_instance=1 port_already_use=0 change_url=1 -;;; Levels - # If the level 5 (Package linter) is forced to 1. Please add justifications here. - Level 5=auto ;;; Options Email= Notification=none diff --git a/conf/nginx.conf b/conf/nginx.conf index 5a2a7b1..a9e3b82 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,7 +2,7 @@ location __PATH__/ { # Path to source - alias __FINALPATH__/ ; + alias __FINALPATH__/; # Force usage of https if ($scheme = http) { diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index a8f0ca0..ece5b40 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -20,8 +20,8 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = www-data -group = www-data +user = __USER__ +group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -46,7 +46,7 @@ listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock ; mode is set to 0660 listen.owner = www-data listen.group = www-data -listen.mode = 0600 +;listen.mode = 0660 ; When POSIX Access Control Lists are supported you can set them using ; these options, value is a comma separated list of user/group names. ; When set, listen.owner and listen.group are ignored @@ -110,22 +110,22 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 6 +pm.max_children = 5 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 3 +pm.start_servers = 2 ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 3 +pm.min_spare_servers = 1 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 5 +pm.max_spare_servers = 3 ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to 'ondemand' @@ -136,7 +136,7 @@ pm.max_spare_servers = 5 ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -pm.max_requests = 500 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: @@ -235,7 +235,7 @@ pm.max_requests = 500 ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -pm.status_path = /fpm-status +;pm.status_path = /status ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside @@ -247,7 +247,7 @@ pm.status_path = /fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -ping.path = /ping +;ping.path = /ping ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. @@ -320,29 +320,29 @@ ping.path = /ping ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log +;slowlog = log/$pool.log.slow ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = 5s +;request_slowlog_timeout = 0 ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_terminate_timeout = 120s +request_terminate_timeout = 1d ; Set open file descriptor rlimit. ; Default Value: system defined value -rlimit_files = 4096 +;rlimit_files = 1024 ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value -rlimit_core = 0 +;rlimit_core = 0 ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. @@ -365,7 +365,7 @@ chdir = __FINALPATH__ ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no -catch_workers_output = yes +;catch_workers_output = yes ; Clear environment in FPM workers ; Prevents arbitrary environment variables from reaching FPM worker processes diff --git a/manifest.json b/manifest.json index 8677126..1500004 100644 --- a/manifest.json +++ b/manifest.json @@ -8,7 +8,7 @@ }, "version": "1.0~ynh3", "url": "https://framagit.org/framasoft/framagames", - "license": "free", + "license": "AGPL-3.0-only", "maintainer": { "name": "polytan02", "email": "polytan02@mcgva.org" @@ -19,7 +19,7 @@ "multi_instance": true, "services": [ "nginx", - "php7.0-fpm" + "php7.3-fpm" ], "arguments": { "install" : [ diff --git a/pull_request_template.md b/pull_request_template.md index 6bcff4d..6c28fc5 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -13,6 +13,4 @@ ## Package_check results --- -*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results* - -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/framagames_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/framagames_ynh%20PR-NUM-%20(USERNAME)/) +* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"* diff --git a/scripts/_common.sh b/scripts/_common.sh index aae521c..d7614e9 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -6,9 +6,6 @@ YNH_PHP_VERSION="7.3" -# dependencies used by the app -pkg_dependencies="" - #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/change_url b/scripts/change_url index dfa4e60..b6f1f80 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,7 +24,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) @@ -32,7 +32,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --time --weight=1 +ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -65,7 +65,7 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." --weight=2 +ynh_script_progression --message="Updating nginx web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -94,7 +94,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINXweb server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/install b/scripts/install index 55c7285..ebe60ed 100644 --- a/scripts/install +++ b/scripts/install @@ -64,6 +64,14 @@ ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app + #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -80,13 +88,13 @@ ynh_add_fpm_config ynh_script_progression --message="Securing files and directories..." # Set permissions to app files +chown -R $app: $final_path chmod -R 775 $final_path -chown -hR www-data:www-data $final_path #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." # Make app public if necessary or protect it if [ $is_public -eq 1 ] @@ -107,4 +115,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index cbdd8f5..1372957 100644 --- a/scripts/remove +++ b/scripts/remove @@ -45,8 +45,16 @@ ynh_script_progression --message="Removing PHP-FPM configuration..." # Remove the dedicated PHP-FPM config ynh_remove_fpm_config +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." + +# Delete a system user +ynh_system_user_delete --username=$app + #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 362c4d8..c64bfd1 100755 --- a/scripts/restore +++ b/scripts/restore @@ -42,7 +42,7 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the nginx configuration..." +ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" @@ -59,7 +59,8 @@ ynh_restore_file --origin_path="$final_path" ynh_script_progression --message="Restoring user rights..." # Restore permissions on app files -chown -R www-data:www-data $final_path +chown -hR $app: $final_path +chmod -R 775 $final_path #================================================= # RESTORE THE PHP-FPM CONFIGURATION @@ -82,4 +83,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index b1b50a0..9522fdd 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -91,6 +91,14 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app + #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -107,8 +115,8 @@ ynh_add_fpm_config ynh_script_progression --message="Securing files and directories..." # Set permissions on app files +chown -hR $app: $final_path chmod -R 775 $final_path -chown -hR www-data:www-data $final_path #================================================= # RELOAD NGINX @@ -121,4 +129,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" +ynh_script_progression --message="Upgrade of $app completed" --last