diff --git a/conf/extra_php-fpm.conf b/conf/extra_php-fpm.conf deleted file mode 100644 index 700c37c..0000000 --- a/conf/extra_php-fpm.conf +++ /dev/null @@ -1,4 +0,0 @@ -; Additional php.ini defines, specific to this pool of workers. - -php_admin_value[upload_max_filesize] = 50M -php_admin_value[post_max_size] = 50M diff --git a/conf/freshrss.cron b/conf/freshrss.cron index fc2907d..cba0185 100644 --- a/conf/freshrss.cron +++ b/conf/freshrss.cron @@ -1,2 +1,2 @@ MAILTO="root" -*/10 * * * * __APP__ /usr/bin/php__PHPVERSION__ __INSTALL_DIR__/app/actualize_script.php >/var/log/__APP__/__APP__.log 2>&1 +*/10 * * * * __APP__ /usr/bin/php__PHP_VERSION__ __INSTALL_DIR__/app/actualize_script.php >/var/log/__APP__/__APP__.log 2>&1 diff --git a/conf/nginx.conf b/conf/nginx.conf index ff6aa79..15ae802 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -12,7 +12,7 @@ location __PATH__/ { try_files $uri $uri/ /index.php?$args; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php__PHP_VERSION__-fpm-__APP__.sock; fastcgi_index index.php; include fastcgi_params; diff --git a/manifest.toml b/manifest.toml index 55dd3d8..9c1bc91 100644 --- a/manifest.toml +++ b/manifest.toml @@ -17,7 +17,8 @@ admindoc = "https://freshrss.github.io/FreshRSS/" code = "https://github.com/FreshRSS/FreshRSS" [integration] -yunohost = ">= 11.2.8" +yunohost = ">= 11.2.18" +helpers_version = "2.1" architectures = "all" multi_instance = true @@ -63,6 +64,7 @@ ram.runtime = "50M" [resources.system_user] [resources.install_dir] + group = "www-data:r-x" [resources.permissions] main.url = "/" diff --git a/scripts/_common.sh b/scripts/_common.sh index 944a65e..3d7f008 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,17 +1,5 @@ #!/bin/bash #================================================= -# COMMON VARIABLES -#================================================= - -#================================================= -# PERSONAL HELPERS -#================================================= - -#================================================= -# EXPERIMENTAL HELPERS -#================================================= - -#================================================= -# FUTURE OFFICIAL HELPERS +# COMMON VARIABLES AND CUSTOM HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 39612b8..5e062ce 100755 --- a/scripts/backup +++ b/scripts/backup @@ -1,50 +1,41 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# DECLARE DATA AND CONF FILES TO BACKUP -#================================================= -ynh_print_info --message="Declaring files to be backed up..." +ynh_print_info "Declaring files to be backed up..." #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$install_dir" +ynh_backup "$install_dir" #================================================= # SYSTEM CONFIGURATION #================================================= -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +ynh_backup "/etc/php/$php_version/fpm/pool.d/$app.conf" -ynh_backup --src_path="/etc/logrotate.d/$app" +ynh_backup "/etc/logrotate.d/$app" -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +ynh_backup "/etc/fail2ban/jail.d/$app.conf" +ynh_backup "/etc/fail2ban/filter.d/$app.conf" -ynh_backup --src_path="/etc/cron.d/$app" +ynh_backup "/etc/cron.d/$app" #================================================= # BACKUP THE MYSQL DATABASE #================================================= -ynh_print_info --message="Backing up the MySQL database..." +ynh_print_info "Backing up the MySQL database..." -ynh_mysql_dump_db --database="$db_name" > db.sql +ynh_mysql_dump_db > db.sql #================================================= # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 3952683..9b92c84 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -1,34 +1,26 @@ #!/bin/bash -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD MODIFICATIONS #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 +ynh_script_progression "Updating NGINX web server configuration..." -ynh_change_url_nginx_config +ynh_config_change_url_nginx #================================================= # SPECIFIC MODIFICATIONS #================================================= # UPGRADING FRESHRSS #================================================= -ynh_script_progression --message="Upgrading $app..." --weight=1 +ynh_script_progression "Upgrading $app..." -ynh_exec_warn_less ynh_exec_as "$app" "$install_dir/cli/reconfigure.php" --auth_type http_auth --environment production --base_url "https://$new_domain$new_path" --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user "$db_name" --db-password "$db_pwd" --db-base "$db_name" +ynh_hide_warnings ynh_exec_as_app "$install_dir/cli/reconfigure.php" --auth_type http_auth --environment production --base_url "https://$new_domain$new_path" --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user "$db_name" --db-password "$db_pwd" --db-base "$db_name" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression "Change of URL completed for $app" diff --git a/scripts/install b/scripts/install index ffdd3a0..b3da434 100755 --- a/scripts/install +++ b/scripts/install @@ -1,82 +1,73 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=1 +ynh_script_progression "Setting up source files..." # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" -chmod -R o-rwx "$install_dir" -chown -R "$app":www-data "$install_dir" - +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app":www-data "$install_dir" #================================================= # SYSTEM CONFIGURATION #================================================= -ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 +ynh_script_progression "Adding system configurations related to $app..." # Create a dedicated PHP-FPM config -ynh_add_fpm_config +ynh_config_add_phpfpm # Create a dedicated NGINX config -ynh_add_nginx_config +ynh_config_add_nginx -ynh_add_config --template="freshrss.cron" --destination="/etc/cron.d/$app" -chown root: "/etc/cron.d/$app" -chmod 644 "/etc/cron.d/$app" +ynh_config_add --template="freshrss.cron" --destination="/etc/cron.d/$app" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown root: "/etc/cron.d/$app" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 644 "/etc/cron.d/$app" log_path="/var/log/$app" mkdir -p "$log_path" chown "$app":www-data "$log_path" -#================================================= -# GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 +ynh_script_progression "Configuring log rotation..." # Use logrotate to manage application logfile(s) -ynh_use_logrotate +ynh_config_add_logrotate #================================================= # SETUP FAIL2BAN #================================================= -ynh_script_progression --message="Upgrading fail2ban configuration..." +ynh_script_progression "Upgrading fail2ban configuration..." # Create the logfile, required before configuring fail2ban touch "/var/log/${domain}-access.log" # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-access.log" --failregex=" .* \"GET /api/.*\" 401" --max_retry=5 +ynh_config_add_fail2ban --logpath="/var/log/nginx/${domain}-access.log" --failregex=" .* \"GET /api/.*\" 401" #================================================= # SPECIFIC SETUP #================================================= # SETUPING FRESHRSS #================================================= -ynh_script_progression --message="$app setup..." --weight=1 +ynh_script_progression "$app setup..." -ynh_exec_warn_less ynh_exec_as "$app" "$install_dir/cli/do-install.php" --default_user "$admin" --auth_type http_auth --environment production --base_url "https://$domain$path" --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user "$db_name" --db-password "$db_pwd" --db-base "$db_name" +ynh_hide_warnings ynh_exec_as_app "$install_dir/cli/do-install.php" --default_user "$admin" --auth_type http_auth --environment production --base_url "https://$domain$path" --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user "$db_name" --db-password "$db_pwd" --db-base "$db_name" for myuser in $(ynh_user_list) do user_token=$(ynh_string_random) - ynh_exec_as "$app" "$install_dir/cli/create-user.php" --user "$myuser" --language "$language" --token "$user_token" + ynh_exec_as_app "$install_dir/cli/create-user.php" --user "$myuser" --language "$language" --token "$user_token" done #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index 3102036..9c47d0a 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,35 +1,29 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers #================================================= # REMOVE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 +ynh_script_progression "Removing system configurations related to $app..." # Remove the dedicated NGINX config -ynh_remove_nginx_config +ynh_config_remove_nginx # Remove the dedicated PHP-FPM config -ynh_remove_fpm_config +ynh_config_remove_phpfpm # Remove a cron file -ynh_secure_remove --file="/etc/cron.d/$app" +ynh_safe_rm "/etc/cron.d/$app" # Remove the app-specific logrotate config -ynh_remove_logrotate +ynh_config_remove_logrotate -ynh_remove_fail2ban_config +ynh_config_remove_fail2ban #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index f39723b..0888d19 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,11 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -13,49 +7,46 @@ source /usr/share/yunohost/helpers #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=1 +ynh_script_progression "Restoring the app main directory..." -ynh_restore_file --origin_path="$install_dir" - -chmod -R o-rwx "$install_dir" -chown -R "$app":www-data "$install_dir" +ynh_restore "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app":www-data "$install_dir" #================================================= # RESTORE THE MYSQL DATABASE #================================================= -ynh_script_progression --message="Restoring the MySQL database..." --weight=1 +ynh_script_progression "Restoring the MySQL database..." -ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < ./db.sql +ynh_mysql_db_shell < ./db.sql #================================================= # RESTORE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 +ynh_script_progression "Restoring system configurations related to $app..." -ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +ynh_restore "/etc/php/$php_version/fpm/pool.d/$app.conf" -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore "/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_restore_file --origin_path="/etc/cron.d/$app" +ynh_restore "/etc/cron.d/$app" -ynh_restore_file --origin_path="/etc/logrotate.d/$app" +ynh_restore "/etc/logrotate.d/$app" -ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban +ynh_restore "/etc/fail2ban/jail.d/$app.conf" +ynh_restore "/etc/fail2ban/filter.d/$app.conf" +ynh_systemctl --action=restart --service=fail2ban -#================================================= -# GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= -ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 +ynh_script_progression "Reloading NGINX web server and $app's service..." -ynh_systemd_action --service_name="php$phpversion-fpm" --action=reload -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemctl --service="php$php_version-fpm" --action=reload +ynh_systemctl --service=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index ac52039..15b94c5 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,71 +1,62 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD UPGRADE STEPS #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +ynh_script_progression "Ensuring downward compatibility..." if [ -z "$admin" ]; then - admin=$(ynh_app_setting_get --app="$app" --key=admin_user) + admin=$(ynh_app_setting_get --key=admin_user) if [ -z "$admin" ]; then - ynh_die --message="no admin user found" + ynh_die "no admin user found" fi; - ynh_app_setting_delete --app="$app" --key=admin_user - ynh_app_setting_set --app="$app" --key=admin --value="$admin" + ynh_app_setting_delete --key=admin_user + ynh_app_setting_set --key=admin --value="$admin" fi #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Upgrading source files..." --weight=1 +ynh_script_progression "Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$install_dir" --keep="data/config.php data/users/ extensions/" #--full_replace=1 - -chmod -R o-rwx "$install_dir" -chown -R "$app":www-data "$install_dir" +ynh_setup_source --dest_dir="$install_dir" --keep="data/config.php data/users/ extensions/" #--full_replace +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app":www-data "$install_dir" #================================================= # UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Updating $app's configuration files..." --weight=1 +ynh_script_progression "Updating $app's configuration files..." # Create a dedicated PHP-FPM config -ynh_add_fpm_config +ynh_config_add_phpfpm # Create a dedicated NGINX config -ynh_add_nginx_config +ynh_config_add_nginx #================================================= # CRON CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading Cron configuration..." +ynh_script_progression "Upgrading Cron configuration..." -ynh_add_config --template="freshrss.cron" --destination="/etc/cron.d/$app" -chown root: "/etc/cron.d/$app" -chmod 644 "/etc/cron.d/$app" +ynh_config_add --template="freshrss.cron" --destination="/etc/cron.d/$app" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown root: "/etc/cron.d/$app" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 644 "/etc/cron.d/$app" #================================================= # LOG FILES #================================================= if [ -f /tmp/FreshRSS.log ]; then - ynh_secure_remove --file="/tmp/FreshRSS.log" + ynh_safe_rm "/tmp/FreshRSS.log" fi if [ -f "$install_dir/$app.log" ]; then - ynh_secure_remove --file="/var/www/$app/$app.log" + ynh_safe_rm "/var/www/$app/$app.log" fi log_path="/var/log/$app" @@ -75,15 +66,15 @@ chown "$app":www-data "$log_path" #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." +ynh_script_progression "Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate --non-append +ynh_config_add_logrotate #================================================= # SETUP FAIL2BAN #================================================= -ynh_script_progression --message="Upgrading Fail2Ban configuration..." +ynh_script_progression "Upgrading Fail2Ban configuration..." # If it doesn't exist, create the logfile, required before configuring fail2ban if [ ! -f "/var/log/${domain}-access.log" ]; then @@ -91,20 +82,18 @@ if [ ! -f "/var/log/${domain}-access.log" ]; then fi # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-access.log" --failregex=" .* \"GET /api/.*\" 401" --max_retry=5 +ynh_config_add_fail2ban --logpath="/var/log/nginx/${domain}-access.log" --failregex=" .* \"GET /api/.*\" 401" -#================================================= -# SPECIFIC UPGRADE #================================================= # UPGRADING FRESHRSS #================================================= -ynh_script_progression --message="Upgrading $app..." --weight=1 +ynh_script_progression "Upgrading $app..." # reconfigure application with latest parameters -ynh_exec_warn_less ynh_exec_as "$app" "$install_dir/cli/reconfigure.php" --default_user "$admin" --auth_type http_auth --environment production --base_url "https://$domain$path" --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user "$db_name" --db-password "$db_pwd" --db-base "$db_name" +ynh_hide_warnings ynh_exec_as_app "$install_dir/cli/reconfigure.php" --default_user "$admin" --auth_type http_auth --environment production --base_url "https://$domain$path" --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user "$db_name" --db-password "$db_pwd" --db-base "$db_name" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression "Upgrade of $app completed"