diff --git a/README.md b/README.md index acb3068..fd4175e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Framagames for YunoHost [![Integration level](https://dash.yunohost.org/integration/framagames.svg)](https://dash.yunohost.org/appci/app/framagames) ![](https://ci-apps.yunohost.org/ci/badges/framagames.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/framagames.maintain.svg) -[![Install Framagames with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=framagames) +[![Install Framagames with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=framagames) > *This package allows you to install Framagames quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* @@ -13,8 +13,8 @@ Set of games from Framagames #### Supported architectures -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/framagames%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/framagames/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/framagames%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/framagames/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/framagames.svg)](https://ci-apps.yunohost.org/ci/apps/framagames/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/framagames.svg)](https://ci-apps-arm.yunohost.org/ci/apps/framagames/) ## Links diff --git a/check_process b/check_process index 25c2da1..daac097 100644 --- a/check_process +++ b/check_process @@ -1,8 +1,6 @@ # See here for more information # https://github.com/YunoHost/package_check#syntax-check_process-file -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest domain="domain.tld" (DOMAIN) @@ -17,14 +15,9 @@ setup_private=1 setup_public=1 upgrade=1 - upgrade=1 from_commit=bd2c87a6fd4212771f9c06e7965598a5ea744ffc backup_restore=1 multi_instance=1 - port_already_use=0 change_url=1 -;;; Levels - # If the level 5 (Package linter) is forced to 1. Please add justifications here. - Level 5=auto ;;; Options Email= Notification=none diff --git a/conf/nginx.conf b/conf/nginx.conf index 5a2a7b1..a9e3b82 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,7 +2,7 @@ location __PATH__/ { # Path to source - alias __FINALPATH__/ ; + alias __FINALPATH__/; # Force usage of https if ($scheme = http) { diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index a8f0ca0..ece5b40 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -20,8 +20,8 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = www-data -group = www-data +user = __USER__ +group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -46,7 +46,7 @@ listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock ; mode is set to 0660 listen.owner = www-data listen.group = www-data -listen.mode = 0600 +;listen.mode = 0660 ; When POSIX Access Control Lists are supported you can set them using ; these options, value is a comma separated list of user/group names. ; When set, listen.owner and listen.group are ignored @@ -110,22 +110,22 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 6 +pm.max_children = 5 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 3 +pm.start_servers = 2 ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 3 +pm.min_spare_servers = 1 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 5 +pm.max_spare_servers = 3 ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to 'ondemand' @@ -136,7 +136,7 @@ pm.max_spare_servers = 5 ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -pm.max_requests = 500 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: @@ -235,7 +235,7 @@ pm.max_requests = 500 ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -pm.status_path = /fpm-status +;pm.status_path = /status ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside @@ -247,7 +247,7 @@ pm.status_path = /fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -ping.path = /ping +;ping.path = /ping ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. @@ -320,29 +320,29 @@ ping.path = /ping ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log +;slowlog = log/$pool.log.slow ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = 5s +;request_slowlog_timeout = 0 ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_terminate_timeout = 120s +request_terminate_timeout = 1d ; Set open file descriptor rlimit. ; Default Value: system defined value -rlimit_files = 4096 +;rlimit_files = 1024 ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value -rlimit_core = 0 +;rlimit_core = 0 ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. @@ -365,7 +365,7 @@ chdir = __FINALPATH__ ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no -catch_workers_output = yes +;catch_workers_output = yes ; Clear environment in FPM workers ; Prevents arbitrary environment variables from reaching FPM worker processes diff --git a/manifest.json b/manifest.json index 8677126..7e3f6eb 100644 --- a/manifest.json +++ b/manifest.json @@ -8,47 +8,35 @@ }, "version": "1.0~ynh3", "url": "https://framagit.org/framasoft/framagames", - "license": "free", + "license": "AGPL-3.0-only", "maintainer": { "name": "polytan02", "email": "polytan02@mcgva.org" }, "requirements": { - "yunohost": ">= 4.0.0" + "yunohost": ">= 4.1.7" }, "multi_instance": true, "services": [ "nginx", - "php7.0-fpm" + "php7.3-fpm" ], "arguments": { "install" : [ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for your Framagames", - "fr": "Choisissez un domaine pour vos Framagames" - }, "example": "example.com" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path to access your Framagames", - "fr": "Choisissez un chemin pour acceder à vos Framagames" - }, "example": "/framagames", "default": "/framagames" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "default": true } ] diff --git a/pull_request_template.md b/pull_request_template.md index 6bcff4d..6c28fc5 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -13,6 +13,4 @@ ## Package_check results --- -*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results* - -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/framagames_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/framagames_ynh%20PR-NUM-%20(USERNAME)/) +* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"* diff --git a/scripts/_common.sh b/scripts/_common.sh index aae521c..d7614e9 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -6,9 +6,6 @@ YNH_PHP_VERSION="7.3" -# dependencies used by the app -pkg_dependencies="" - #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/change_url b/scripts/change_url index dfa4e60..8fd83e9 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,7 +24,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) @@ -32,7 +32,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --time --weight=1 +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -65,7 +65,7 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." --weight=2 +ynh_script_progression --message="Updating NGINX web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -94,7 +94,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINXweb server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/install b/scripts/install index 55c7285..bdadbdd 100644 --- a/scripts/install +++ b/scripts/install @@ -43,7 +43,14 @@ ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=is_public --value=$is_public + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app #================================================= # STANDARD MODIFICATIONS @@ -80,20 +87,18 @@ ynh_add_fpm_config ynh_script_progression --message="Securing files and directories..." # Set permissions to app files +chown -R $app:www-data $final_path chmod -R 775 $final_path -chown -hR www-data:www-data $final_path #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." # Make app public if necessary or protect it if [ $is_public -eq 1 ] then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission "main" --add "visitors" + ynh_permission_update --permission="main" --add="visitors" fi #================================================= @@ -107,4 +112,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index cbdd8f5..1372957 100644 --- a/scripts/remove +++ b/scripts/remove @@ -45,8 +45,16 @@ ynh_script_progression --message="Removing PHP-FPM configuration..." # Remove the dedicated PHP-FPM config ynh_remove_fpm_config +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." + +# Delete a system user +ynh_system_user_delete --username=$app + #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 362c4d8..0933759 100755 --- a/scripts/restore +++ b/scripts/restore @@ -42,10 +42,18 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the nginx configuration..." +ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -59,7 +67,9 @@ ynh_restore_file --origin_path="$final_path" ynh_script_progression --message="Restoring user rights..." # Restore permissions on app files -chown -R www-data:www-data $final_path +chown -R $app:www-data $final_path +chmod -R o-rwx $final_path +chmod -R 775 $final_path #================================================= # RESTORE THE PHP-FPM CONFIGURATION @@ -82,4 +92,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index b1b50a0..d9efbb8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,7 +18,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -33,15 +32,6 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name=$(ynh_sanitize_dbid --db_name=$app) @@ -54,6 +44,13 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -68,6 +65,14 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -107,8 +112,8 @@ ynh_add_fpm_config ynh_script_progression --message="Securing files and directories..." # Set permissions on app files +chown -R $app:www-data $final_path chmod -R 775 $final_path -chown -hR www-data:www-data $final_path #================================================= # RELOAD NGINX @@ -121,4 +126,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" +ynh_script_progression --message="Upgrade of $app completed" --last