diff --git a/check_process b/check_process index f84104e..316790e 100644 --- a/check_process +++ b/check_process @@ -1,5 +1,4 @@ ;; Test complet - auto_remove=1 ; Manifest domain="domain.tld" path="/path" diff --git a/manifest.json b/manifest.json index 602050e..7a1cef1 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "RSS aggregator with a nice and mobile-friendly design", "fr": "Agrégateur de flux RSS avec une interface adaptée au mobile" }, - "version": "1.18.0~ynh1", + "version": "1.18.1~ynh1", "url": "http://freshrss.org/", "license": "AGPL-3.0-only", "maintainer": { diff --git a/scripts/_common.sh b/scripts/_common.sh index 71401d9..77aad72 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,17 +10,6 @@ YNH_PHP_VERSION="7.3" extra_php_dependencies="php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-dom php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-gmp php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-sqlite3 php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-xml" -#================================================= -# PERSONAL HELPERS -#================================================= - -function set_permissions { - chown -R root:$app $final_path - chmod -R g=u,g-w,o-rwx $final_path - chown -R $app:$app $final_path/{data,extensions} - setfacl -n -R -m u:www-data:rx -m d:u:www-data:rx $final_path -} - #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/change_url b/scripts/change_url index c9a4230..65bfa4c 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -120,7 +120,7 @@ fi # SPECIFIC MODIFICATIONS #================================================= -sudo -u $app $final_path/cli/reconfigure.php --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name +ynh_exec_as $app $final_path/cli/reconfigure.php --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name #================================================= # GENERIC FINALIZATION diff --git a/scripts/install b/scripts/install index 93bb6b6..ddd7843 100755 --- a/scripts/install +++ b/scripts/install @@ -63,7 +63,7 @@ ynh_install_app_dependencies $pkg_dependencies ynh_script_progression --message="Configuring system user..." # Create a system user -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # CREATE A MYSQL DATABASE @@ -84,7 +84,9 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" -set_permissions +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # NGINX CONFIGURATION @@ -108,7 +110,7 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= ynh_script_progression --message="FreshRSS setup script..." -sudo -u $app $final_path/cli/do-install.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name +ynh_exec_as $app $final_path/cli/do-install.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name #================================================= # CREATE DEDICATED USER @@ -118,7 +120,7 @@ ynh_script_progression --message="Creating users..." for myuser in $(ynh_user_list) do user_token=$(ynh_string_random) - sudo -u $app $final_path/cli/create-user.php --user $myuser --language $language --token $user_token + ynh_exec_as $app $final_path/cli/create-user.php --user $myuser --language $language --token $user_token done #================================================= @@ -134,12 +136,15 @@ chmod 644 "/etc/cron.d/$app" #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." --weight=1 -#skip api directory -ynh_app_setting_set --app="$app" --key=skipped_uris --value="/api/,/scripts/api.js" -ynh_app_setting_delete --app="$app" --key=unprotected_regex -ynh_app_setting_delete --app="$app" --key=unprotected_uris +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" +fi #================================================= # RELOAD NGINX @@ -153,4 +158,3 @@ ynh_systemd_action --service_name=nginx --action=reload #================================================= ynh_script_progression --message="Installation of $app completed" --last - diff --git a/scripts/restore b/scripts/restore index d324575..bb5a383 100644 --- a/scripts/restore +++ b/scripts/restore @@ -55,7 +55,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # REINSTALL DEPENDENCIES @@ -72,7 +72,9 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -set_permissions +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 06cbe61..ffdbd63 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -79,8 +79,8 @@ ynh_abort_if_errors ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -134,6 +134,10 @@ cp -r $final_path/extensions/. $tmp_path/extensions/ ynh_secure_remove "$final_path" cp -rp "$tmp_path" "$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # CRON SETUP #================================================= @@ -152,19 +156,8 @@ fi # SECURE FILES AND DIRECTORIES #================================================= -set_permissions - # reconfigure application with latest parameters -sudo -u $app $final_path/cli/reconfigure.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -ynh_app_setting_set --app="$app" --key=skipped_uris --value="/api/,/scripts/api.js" -ynh_app_setting_delete --app="$app" --key=unprotected_regex -ynh_app_setting_delete --app="$app" --key=unprotected_uris +ynh_exec-as $app $final_path/cli/reconfigure.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name #================================================= # RELOAD NGINX AND PHP-FPM