diff --git a/README.md b/README.md index 0330a74..1c0266d 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network. -**Shipped version:** 1.2.10~ynh2 +**Shipped version:** 1.2.10~ynh3 **Demo:** https://demo.funkwhale.audio @@ -26,20 +26,6 @@ Funkwhale is a community-driven project that lets you listen and share music and ![Screenshot of Funkwhale](./doc/screenshots/screenshot1.png) -## Disclaimers / important information - -* Installation requires a dedicated domain or subdomain. Installing in a subpath is not supported by the upstream project due to dependency requirements. - -* Admin - * The admin uses the login you provided at installation. The password is the same you use for YunoHost. - * The admin interface is accessible at the address: `your.domain.fr/api/admin` - -To add a collection of music files to a library in your YunoHost installation of Funkwhale, create a symlink to your collection titled "music" in `/home/yunohost.app/funkwhale/data` -```console -foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music -``` -The files can then be added to your library from the *uploading* tab in a music library under the heading **Import music from your server**. - ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index 60f2c8f..2c5360c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé. -**Version incluse :** 1.2.10~ynh2 +**Version incluse :** 1.2.10~ynh3 **Démo :** https://demo.funkwhale.audio @@ -26,18 +26,6 @@ Funkwhale est un projet communautaire qui vous permet d'écouter et de partager ![Capture d’écran de Funkwhale](./doc/screenshots/screenshot1.png) -## Avertissements / informations importantes - -* L'installation nécessite un domaine ou un sous-domaine dédié. L'installation dans un chemin du domaine n'est pas prise en charge par le projet en amont en raison des exigences de dépendance. - -* Admin - * L'administrateur utilise le login que vous avez fourni lors de l'installation. Le mot de passe est le même que celui que vous utilisez pour YunoHost. - * L'interface d'administration est accessible à l'adresse : votre.domaine.fr/api/admin - -Pour ajouter une collection de fichiers musicaux à une bibliothèque dans votre installation YunoHost de Funkwhale, créez un lien symbolique vers votre collection intitulée "music" dans `/home/yunohost.app/funkwhale/data/`. -`foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music` -Les fichiers peuvent ensuite être ajoutés à votre bibliothèque à partir de l'onglet *Envoi* dans une bibliothèque musicale sous la rubrique **Importer de la musique de votre serveur**. - ## Documentations et ressources * Site officiel de l’app : diff --git a/check_process b/check_process deleted file mode 100644 index 536630a..0000000 --- a/check_process +++ /dev/null @@ -1,40 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - is_public=1 - admin="john" - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - # 1.1~ynh1 - upgrade=1 from_commit=8172790fb461d16f09089593fdac380f0d499c83 - # 1.1.1~ynh1 - upgrade=0 from_commit=fa9587f61e4bb4f9db8667b1c6701ede37ac8e91 - # 1.1.2~ynh1 - upgrade=1 from_commit=74255c1c278562eb174fb13ce538d4754f01186c - # 1.1.4~ynh2 - upgrade=1 from_commit=313335d5aa851a497fa92cd7ac264f989e1052d9 - # 1.2.1~ynh1 - upgrade=0 from_commit=9fc8b84ba24260e28f791aa9c47688c1a1f085c2 - # 1.2.2~ynh2 - upgrade=0 from_commit=192afe93f66bb08cc7d487db02dc4d187e5b29e2 - # 1.2.3~ynh1 - upgrade=0 from_commit=1c1b64b8b04ee917a63580dce21d149182ee319d - # 1.2.4~ynh1 - upgrade=0 from_commit=5961e7283e52963329e30ca22df4d5505adfc256 - #1.2.5~ynh1 - upgrade=0 from_commit=a070baf105a94ac6fefc280f0335b044db643ec8 - #1.2.7~ynh1 - upgrade=0 from_commit=557386e0c1306f78c43ccf2e5ec7b3b46a07ab56 - backup_restore=1 - multi_instance=1 - port_already_use=0 - change_url=1 -;;; Options -Email=cda@rootkey.co.uk -Notification=all diff --git a/conf/api.src b/conf/api.src deleted file mode 100644 index f92a438..0000000 --- a/conf/api.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.2.10/download?job=build_api -SOURCE_SUM=fc6f54d37993f74e057d1a59438e21b68a8cff1a7f9438415459ede7cf7f09d0 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=zip -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/env.prod b/conf/env.prod index 5b32746..ae37480 100644 --- a/conf/env.prod +++ b/conf/env.prod @@ -110,12 +110,12 @@ CACHE_URL=redis://127.0.0.1:6379/__REDIS_DB__ # Where media files (such as album covers or audio tracks) should be stored # on your system? # (Ensure this directory actually exists) -MEDIA_ROOT=__DATADIR__/media +MEDIA_ROOT=__DATA_DIR__/data/media # Where static files (such as API css or icons) should be compiled # on your system? # (Ensure this directory actually exists) -STATIC_ROOT=__DATADIR__/static +STATIC_ROOT=__DATA_DIR__/data/static # which settings module should django use? # You don't have to touch this unless you really know what you're doing @@ -138,8 +138,8 @@ DJANGO_SECRET_KEY=__KEY__ # MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music # # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed -MUSIC_DIRECTORY_PATH=__DATADIR__/music -#MUSIC_DIRECTORY_SERVE_PATH=__DATADIR__/import +MUSIC_DIRECTORY_PATH=__DATA_DIR__/data/music +#MUSIC_DIRECTORY_SERVE_PATH=__DATA_DIR__/data/import # LDAP settings # Use the following options to allow authentication on your Funkwhale instance @@ -157,8 +157,8 @@ LDAP_START_TLS=False LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org LDAP_USER_ATTR_MAP=username:uid -FUNKWHALE_FRONTEND_PATH=__FINALPATH__/front/dist -FUNKWHALE_SPA_HTML_ROOT=__FINALPATH__/front/dist/index.html +FUNKWHALE_FRONTEND_PATH=__INSTALL_DIR__/front/dist +FUNKWHALE_SPA_HTML_ROOT=__INSTALL_DIR__/front/dist/index.html # Nginx related configuration NGINX_MAX_BODY_SIZE=100M diff --git a/conf/front.src b/conf/front.src deleted file mode 100644 index f5316c7..0000000 --- a/conf/front.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.2.10/download?job=build_front -SOURCE_SUM=bcf0ba380295be58dfcfe4d88605cfce357859adf623c8236fb1182095c38bfd -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=zip -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/funkwhale-beat.service b/conf/funkwhale-beat.service index 2efd191..7747cb1 100644 --- a/conf/funkwhale-beat.service +++ b/conf/funkwhale-beat.service @@ -6,9 +6,43 @@ PartOf=__APP__.target [Service] User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/api -EnvironmentFile=__FINALPATH__/config/.env -ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO +WorkingDirectory=__INSTALL_DIR__/api +EnvironmentFile=__INSTALL_DIR__/config/.env +ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/conf/funkwhale-server.service b/conf/funkwhale-server.service index 59d5dd2..ddb56af 100644 --- a/conf/funkwhale-server.service +++ b/conf/funkwhale-server.service @@ -6,9 +6,21 @@ PartOf=__APP__.target [Service] User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/api -EnvironmentFile=__FINALPATH__/config/.env -ExecStart=__FINALPATH__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} +WorkingDirectory=__INSTALL_DIR__/api +EnvironmentFile=__INSTALL_DIR__/config/.env +ExecStart=__INSTALL_DIR__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/conf/funkwhale-worker.service b/conf/funkwhale-worker.service index ca8bd26..b82e4e3 100644 --- a/conf/funkwhale-worker.service +++ b/conf/funkwhale-worker.service @@ -6,9 +6,43 @@ PartOf=__APP__.target [Service] User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/api -EnvironmentFile=__FINALPATH__/config/.env -ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0 +WorkingDirectory=__INSTALL_DIR__/api +EnvironmentFile=__INSTALL_DIR__/config/.env +ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0 + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/conf/nginx.conf b/conf/nginx.conf index 920e2c7..e01ed0f 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,4 @@ -root __FINALPATH__/front/dist; +root __INSTALL_DIR__/front/dist; location / { @@ -26,7 +26,7 @@ location /front/ { more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; more_set_headers "Service-Worker-Allowed: /"; more_set_headers "X-Frame-Options: SAMEORIGIN"; - alias __FINALPATH__/front/dist/; + alias __INSTALL_DIR__/front/dist/; expires 30d; more_set_headers "Pragma: public"; more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate"; @@ -37,7 +37,7 @@ location /front/embed.html { more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; more_set_headers "X-Frame-Options: ALLOW"; - alias __FINALPATH__/front/dist/embed.html; + alias __INSTALL_DIR__/front/dist/embed.html; expires 30d; more_set_headers "Pragma: public"; more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate"; @@ -102,11 +102,11 @@ location /.well-known/ { } location /media/__sized__/ { - alias __DATADIR__/media/__sized__/; + alias __DATA_DIR__/data/media/__sized__/; } location /media/attachments/ { - alias __DATADIR__//media/attachments/; + alias __DATA_DIR__/data/media/attachments/; } location /_protected/media/ { @@ -114,7 +114,7 @@ location /_protected/media/ { # audio files once correct permission / authentication # has been checked on API side internal; - alias __DATADIR__/media/; + alias __DATA_DIR__/data/media/; } # Comment the previous location and uncomment this one if you're storing @@ -132,10 +132,10 @@ location /_protected/music/ { # has been checked on API side # Set this to the same value as your MUSIC_DIRECTORY_PATH setting internal; - alias __DATADIR__/music/; + alias __DATA_DIR__/data/music/; } location /staticfiles/ { # django static files - alias __DATADIR__/static/; + alias __DATA_DIR__/data/static/; } diff --git a/doc/DISCLAIMER.md b/doc/ADMIN.md similarity index 71% rename from doc/DISCLAIMER.md rename to doc/ADMIN.md index 8e16d23..808552c 100644 --- a/doc/DISCLAIMER.md +++ b/doc/ADMIN.md @@ -2,10 +2,10 @@ * Admin * The admin uses the login you provided at installation. The password is the same you use for YunoHost. - * The admin interface is accessible at the address: `your.domain.fr/api/admin` + * The admin interface is accessible at the address: `__DOMAIN__/api/admin` -To add a collection of music files to a library in your YunoHost installation of Funkwhale, create a symlink to your collection titled "music" in `/home/yunohost.app/funkwhale/data` +To add a collection of music files to a library in your YunoHost installation of Funkwhale, create a symlink to your collection titled "music" in `__DATA_DIR__/data` ```console -foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music +foo@bar:~$sudo ln -s /your/music/collection __DATA_DIR__/data/music ``` The files can then be added to your library from the *uploading* tab in a music library under the heading **Import music from your server**. diff --git a/doc/DISCLAIMER_fr.md b/doc/ADMIN_fr.md similarity index 71% rename from doc/DISCLAIMER_fr.md rename to doc/ADMIN_fr.md index 30590da..eb21687 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/ADMIN_fr.md @@ -2,8 +2,8 @@ * Admin * L'administrateur utilise le login que vous avez fourni lors de l'installation. Le mot de passe est le même que celui que vous utilisez pour YunoHost. - * L'interface d'administration est accessible à l'adresse : votre.domaine.fr/api/admin + * L'interface d'administration est accessible à l'adresse : __DOMAIN__/api/admin -Pour ajouter une collection de fichiers musicaux à une bibliothèque dans votre installation YunoHost de Funkwhale, créez un lien symbolique vers votre collection intitulée "music" dans `/home/yunohost.app/funkwhale/data/`. -`foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music` +Pour ajouter une collection de fichiers musicaux à une bibliothèque dans votre installation YunoHost de Funkwhale, créez un lien symbolique vers votre collection intitulée "music" dans `__DATA_DIR__/data/`. +`foo@bar:~$sudo ln -s /your/music/collection __DATA_DIR__/data/music` Les fichiers peuvent ensuite être ajoutés à votre bibliothèque à partir de l'onglet *Envoi* dans une bibliothèque musicale sous la rubrique **Importer de la musique de votre serveur**. diff --git a/manifest.json b/manifest.json deleted file mode 100644 index b2bbeb1..0000000 --- a/manifest.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "name": "Funkwhale", - "id": "funkwhale", - "packaging_format": 1, - "description": { - "en": "Convivial and modern music server", - "fr": "Serveur de musique moderne et convivial" - }, - "version": "1.2.10~ynh2", - "url": "https://funkwhale.audio", - "upstream": { - "license": "AGPL-3.0-or-later", - "website": "https://funkwhale.audio/", - "demo": "https://demo.funkwhale.audio", - "admindoc": "https://docs.funkwhale.audio/admin/index.html", - "userdoc": "https://docs.funkwhale.audio/users/index.html", - "code": "https://dev.funkwhale.audio/funkwhale/funkwhale" - }, - "license": "AGPL-3.0-or-later", - "maintainer": { - "name": "Ciarán Ainsworth", - "email": "cda@rootkey.co.uk" - }, - "previous_maintainers": [ - { - "name": "Jean-Baptiste Holcroft", - "email": "jean-baptiste@holcroft.fr" - } - ], - "requirements": { - "yunohost": ">= 11.0.0" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "is_public", - "type": "boolean", - "help": { - "en": "If enabled, Funkwhale will be accessible by Funkwhale for Android and by users without a YunoHost account. This can be changed later in the webadmin.", - "fr": "Si cette case est cochée, Funkwhale sera accessible par Funkwhale for Android et par les utilisateurs n’ayant pas de compte YunoHost. Vous pourrez changer cela dans la webadmin." - }, - "default": true - }, - { - "name": "admin", - "type": "user" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..1e82b33 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,76 @@ +packaging_format = 2 + +id = "funkwhale" +name = "Funkwhale" +description.en = "Convivial and modern music server" +description.fr = "Serveur de musique moderne et convivial" + +version = "1.2.10~ynh3" + +maintainers = ["Ciarán Ainsworth"] + +[upstream] +license = "AGPL-3.0-or-later" +website = "https://funkwhale.audio/" +demo = "https://demo.funkwhale.audio" +admindoc = "https://docs.funkwhale.audio/admin/index.html" +userdoc = "https://docs.funkwhale.audio/users/index.html" +code = "https://dev.funkwhale.audio/funkwhale/funkwhale" + +[integration] +yunohost = ">= 11.1.15" +architectures = "all" +multi_instance = true +ldap = false +sso = false +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" + +[install] + [install.domain] + type = "domain" + full_domain = true + + [install.init_main_permission] + help.en = "If enabled, Funkwhale will be accessible by Funkwhale for Android and by users without a YunoHost account. This can be changed later in the webadmin." + help.fr = "Si cette case est cochée, Funkwhale sera accessible par Funkwhale for Android et par les utilisateurs n’ayant pas de compte YunoHost. Vous pourrez changer cela dans la webadmin." + type = "group" + default = "visitors" + + [install.admin] + type = "user" + +[resources] + [resources.sources] + [resources.sources.api] + url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.2.10/download?job=build_api" + sha256 = "fc6f54d37993f74e057d1a59438e21b68a8cff1a7f9438415459ede7cf7f09d0" + in_subdir = true + extract = true + format = "zip" + + [resources.sources.front] + url = "https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.2.10/download?job=build_front" + sha256 = "bcf0ba380295be58dfcfe4d88605cfce357859adf623c8236fb1182095c38bfd" + in_subdir = true + extract = true + format = "zip" + + [resources.ports] + + [resources.system_user] + + [resources.install_dir] + + [resources.data_dir] + group = "www-data:rx" + + [resources.permissions] + main.url = "/" + + [resources.apt] + packages = "postgresql curl python3-pip python3-venv git unzip libldap2-dev libsasl2-dev gettext-base zlib1g-dev libffi-dev libssl-dev build-essential ffmpeg libjpeg-dev libmagic-dev libpq-dev python3-dev make zlib1g-dev libffi-dev libssl-dev" + + [resources.database] + type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index e031277..b2c67eb 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,13 +4,6 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app (must be on a single line) -pkg_dependencies="curl python3-pip python3-venv git unzip libldap2-dev libsasl2-dev gettext-base zlib1g-dev libffi-dev libssl-dev \ - build-essential ffmpeg libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-contrib python3-dev make \ - redis-server \ - `# add arm support` \ - zlib1g-dev libffi-dev libssl-dev" - #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 52b125d..13fa6d1 100644 --- a/scripts/backup +++ b/scripts/backup @@ -10,28 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -41,13 +19,13 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE DATA DIR #================================================= -ynh_backup --src_path="$datadir" --is_big +ynh_backup --src_path="$data_dir" --is_big #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 67769f4..673e8a1 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,69 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) -key=$(ynh_app_setting_get --app=$app --key=key) -redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) -port=$(ynh_app_setting_get --app=$app --key=port) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) -redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) -key=$(ynh_app_setting_get --app=$app --key=key) - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= @@ -88,29 +25,7 @@ ynh_systemd_action --service_name="$app-worker" --action=stop --log_path="/var/l #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi +ynh_change_url_nginx_config #================================================= # MODIFY THE CONFIG FILE @@ -118,14 +33,14 @@ fi ynh_script_progression --message="Modifying a config file..." --weight=1 domain=$new_domain -ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env" +ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env" #================================================= # MODIFY THE FEDERATION #================================================= -source $final_path/virtualenv/bin/activate -ynh_exec_warn_less python3 $final_path/api/manage.py fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input +source $install_dir/virtualenv/bin/activate +ynh_exec_warn_less python3 $install_dir/api/manage.py fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input #================================================= # START SYSTEMD SERVICE @@ -136,21 +51,6 @@ ynh_systemd_action --service_name="$app-beat" --action="start" --log_path="/var/ ynh_systemd_action --service_name="$app-server" --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name="$app-worker" --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 - -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/$new_domain-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5 - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 65c38df..b267235 100644 --- a/scripts/install +++ b/scripts/install @@ -9,104 +9,26 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -domain=$YNH_APP_ARG_DOMAIN -path_url="/" -is_public=$YNH_APP_ARG_IS_PUBLIC -admin=$YNH_APP_ARG_ADMIN - -app=$YNH_APP_INSTANCE_NAME - admin_mail=$(ynh_user_get_info --username="$admin" --key="mail") -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -datadir=/home/yunohost.app/$app/data - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=admin --value=$admin - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port -port=$(ynh_find_port --port=8095) -ynh_app_setting_set --app=$app --key=port --value=$port - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=1 - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1 - -ynh_psql_test_if_first_run -db_name=$(ynh_sanitize_dbid --db_name=$app) -db_user=$db_name -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path/api" --source_id="api" -ynh_setup_source --dest_dir="$final_path/front" --source_id="front" +ynh_setup_source --dest_dir="$install_dir/api" --source_id="api" +ynh_setup_source --dest_dir="$install_dir/front" --source_id="front" -mkdir -p $final_path/config +mkdir -p $install_dir/config -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # NGINX CONFIGURATION @@ -123,14 +45,12 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Creating a data directory..." --weight=1 -ynh_app_setting_set --app=$app --key=datadir --value=$datadir +mkdir -p $data_dir/data +mkdir -p $data_dir/{static,media,music} -mkdir -p $datadir -mkdir -p $datadir/{static,media,music} - -chmod 750 "$datadir" -chmod -R o-rwx "$datadir" -chown -R $app:www-data "$datadir" +chmod 750 "$data_dir" +chmod -R o-rwx "$data_dir/" +chown -R $app:www-data "$data_dir/" #================================================= # ADD A CONFIGURATION @@ -143,10 +63,10 @@ redis_db=$(ynh_redis_get_free_db) ynh_app_setting_set --app=$app --key=key --value=$key ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db -ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env" +ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env" -chmod 400 "$final_path/config/.env" -chown $app:$app "$final_path/config/.env" +chmod 400 "$install_dir/config/.env" +chown $app:$app "$install_dir/config/.env" #================================================= # SETUP SYSTEMD @@ -165,14 +85,14 @@ ynh_add_systemd_config --service="${app}-beat" --template="funkwhale-beat.serv #================================================= ynh_script_progression --message="Installing Python dependencies..." --weight=1 -pushd $final_path - python3 -m venv $final_path/virtualenv - source $final_path/virtualenv/bin/activate +pushd $install_dir + python3 -m venv $install_dir/virtualenv + source $install_dir/virtualenv/bin/activate pip install --upgrade pip pip install --upgrade setuptools - ynh_exec_warn_less pip install wheel + ynh_exec_warn_less pip install wheel toml # Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' - ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$final_path/api/requirements/base.txt" + ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt" ynh_exec_warn_less pip install -r api/requirements.txt popd @@ -181,8 +101,8 @@ popd #================================================= ynh_script_progression --message="Building funkwhale..." --weight=1 -pushd $final_path - source $final_path/virtualenv/bin/activate +pushd $install_dir + source $install_dir/virtualenv/bin/activate # needed for enabling the 'unaccent' extension ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name" @@ -192,9 +112,9 @@ pushd $final_path echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic popd -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # GENERIC FINALIZATION @@ -225,26 +145,6 @@ ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5 -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 1271cb7..cafe155 100644 --- a/scripts/remove +++ b/scripts/remove @@ -9,21 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -port=$(ynh_app_setting_get --app=$app --key=port) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) -redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) - #================================================= # STANDARD REMOVE #================================================= @@ -65,33 +50,6 @@ ynh_remove_systemd_config --service="${app}-worker" ynh_secure_remove --file="/etc/systemd/system/$app.target" -#================================================= -# REMOVE THE POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1 - -# Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user=$db_user --db_name=$db_name - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE DATA DIR -#================================================= - -# Remove the data directory if --purge option is used -if [ "${YNH_APP_PURGE:-0}" -eq 1 ] -then - ynh_script_progression --message="Removing app data directory..." --weight=1 - ynh_secure_remove --file="$datadir" -fi - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -100,14 +58,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=1 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= @@ -126,16 +76,6 @@ ynh_script_progression --message="Removing the Redis database..." --weight=1 # Remove a database if it exists, along with the associated user ynh_redis_remove_db $redis_db -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 848bdd7..66c9940 100644 --- a/scripts/restore +++ b/scripts/restore @@ -10,83 +10,29 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # RESTORE THE DATA DIRECTORY #================================================= ynh_script_progression --message="Restoring the data directory..." --weight=1 -ynh_restore_file --origin_path="$datadir" --not_mandatory +ynh_restore_file --origin_path="$data_dir/" --not_mandatory -mkdir -p $datadir +mkdir -p $data_dir/data +mkdir -p $data_dir/{static,media,music} -mkdir -p $datadir/{static,media,music} - -chmod 750 "$datadir" -chmod -R o-rwx "$datadir" -chown -R $app:www-data "$datadir" - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=1 - -# Define and install dependencies -ynh_install_app_dependencies $pkg_dependencies +chmod 750 "$data_dir/" +chmod -R o-rwx "$data_dir/" +chown -R $app:www-data "$data_dir/" #================================================= # RESTORE THE NGINX CONFIGURATION @@ -100,9 +46,6 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 -ynh_psql_test_if_first_run -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 9763ca9..28b57ca 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,45 +9,12 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) -port=$(ynh_app_setting_get --app=$app --key=port) -redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) -key=$(ynh_app_setting_get --app=$app --key=key) - #================================================= # CHECK VERSION #================================================= -ynh_script_progression --message="Checking version..." --weight=1 upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -59,95 +26,62 @@ ynh_systemd_action --action="stop" --service_name="${app}-beat" --log_path="syst ynh_systemd_action --action="stop" --service_name="${app}-server" --log_path="systemd" --line_match="Stopped" ynh_systemd_action --action="stop" --service_name="${app}-worker" --log_path="systemd" --line_match="Stopped" -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 - -# If redis_db doesn't exist, create it -if [ -z "$redis_db" ]; then - redis_db=$(ynh_redis_get_free_db) - ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db -fi - -# If db_pwd doesn't exist, create it -if [ -z "$db_pwd" ]; then - db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) - ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd -fi - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - #================================================= # MOVE DATAS #================================================= -# If datadir doesn't exist, create it -if [ -z "$datadir" ]; then +# If data_dir doesn't exist, create it +if [ -z "$data_dir/" ]; then # Do a full backup before moving datas yunohost backup create --apps $app - datadir="/home/yunohost.app/${app}/data" - ynh_script_progression --message="Moving datas to $datadir..." --weight=1 + data_dir="/home/yunohost.app/${app}/data" + ynh_script_progression --message="Moving datas to $data_dir..." --weight=1 - mkdir -p $datadir - mkdir -p $datadir/{static,media,music} + mkdir -p $data_dir + mkdir -p $data_dir/{static,media,music} - chmod 750 "$datadir" - chmod -R o-rwx "$datadir" - chown -R $app:www-data "$datadir" + chmod 750 "$data_dir" + chmod -R o-rwx "$data_dir" + chown -R $app:www-data "$data_dir" - ynh_backup_if_checksum_is_different --file="$final_path/code/config/.env" - mkdir -p $final_path/config - rsync -a $final_path/code/config/ $final_path/config/ - chmod 400 $final_path/config/.env - ynh_store_file_checksum --file="$final_path/config/.env" - ynh_delete_file_checksum --file="$final_path/code/config/.env" + ynh_backup_if_checksum_is_different --file="$install_dir/code/config/.env" + mkdir -p $install_dir/config + rsync -a $install_dir/code/config/ $install_dir/config/ + chmod 400 $install_dir/config/.env + ynh_store_file_checksum --file="$install_dir/config/.env" + ynh_delete_file_checksum --file="$install_dir/code/config/.env" - if [ -d "$final_path/code/data/static/" ]; then - rsync -a $final_path/code/data/static/ $datadir/static/ + if [ -d "$install_dir/code/data/static/" ]; then + rsync -a $install_dir/code/data/static/ $data_dir/static/ fi - if [ -d "$final_path/media/" ]; then - rsync -a $final_path/media/ $datadir/media/ + if [ -d "$install_dir/media/" ]; then + rsync -a $install_dir/media/ $data_dir/media/ fi - if [ -d "$final_path/code/data/media/" ]; then - rsync -a $final_path/code/data/media/ $datadir/media/ + if [ -d "$install_dir/code/data/media/" ]; then + rsync -a $install_dir/code/data/media/ $data_dir/media/ fi - if [ -d "$final_path/import/" ]; then - rsync -a $final_path/import/ $datadir/music/ + if [ -d "$install_dir/import/" ]; then + rsync -a $install_dir/import/ $data_dir/music/ fi - if [ -d "$final_path/code/data/music/" ]; then - rsync -a $final_path/code/data/music/ $datadir/music/ + if [ -d "$install_dir/code/data/music/" ]; then + rsync -a $install_dir/code/data/music/ $data_dir/music/ fi - ynh_secure_remove --file="$final_path/code" - ynh_secure_remove --file="$final_path/media" - ynh_secure_remove --file="$final_path/code/data/media" - ynh_secure_remove --file="$final_path/import" - ynh_secure_remove --file="$final_path/code/data/music" + ynh_secure_remove --file="$install_dir/code" + ynh_secure_remove --file="$install_dir/media" + ynh_secure_remove --file="$install_dir/static" + ynh_secure_remove --file="$install_dir/code/data/media" + ynh_secure_remove --file="$install_dir/import" + ynh_secure_remove --file="$install_dir/code/data/music" - ynh_app_setting_set --app=$app --key=datadir --value=$datadir - - chmod 750 "$datadir" - chmod -R o-rwx "$datadir" - chown -R $app:www-data "$datadir" + chmod 750 "$data_dir/data/" + chmod -R o-rwx "$data_dir/data/" + chown -R $app:www-data "$data_dir/data/" upgrade_type="UPGRADE_APP" fi -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -156,23 +90,14 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=1 - ynh_secure_remove --file="$final_path/api" - ynh_secure_remove --file="$final_path/front" # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path/api" --source_id="api" - ynh_setup_source --dest_dir="$final_path/front" --source_id="front" + ynh_setup_source --dest_dir="$install_dir/api" --source_id="api" + ynh_setup_source --dest_dir="$install_dir/front" --source_id="front" fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=1 - -ynh_install_app_dependencies $pkg_dependencies +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # NGINX CONFIGURATION @@ -189,15 +114,15 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Installing Python dependencies..." --weight=1 -pushd $final_path - ynh_secure_remove --file="$final_path/virtualenv" - python3 -m venv $final_path/virtualenv - source $final_path/virtualenv/bin/activate +pushd $install_dir +ynh_secure_remove --file="$install_dir/virtualenv" + python3 -m venv $install_dir/virtualenv + source $install_dir/virtualenv/bin/activate pip install --upgrade pip pip install --upgrade setuptools - ynh_exec_warn_less pip install wheel + ynh_exec_warn_less pip install wheel toml # Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' - ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$final_path/api/requirements/base.txt" + ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt" ynh_exec_warn_less pip install -r api/requirements.txt popd @@ -206,18 +131,18 @@ popd #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 -ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env" +ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env" -chmod 400 "$final_path/config/.env" -chown $app:$app "$final_path/config/.env" +chmod 400 "$install_dir/config/.env" +chown $app:$app "$install_dir/config/.env" #================================================= # UPGRADE FUNKWHALE #================================================= ynh_script_progression --message="Upgrading Funkwhale..." --weight=1 -pushd $final_path - source $final_path/virtualenv/bin/activate +pushd $install_dir + source $install_dir/virtualenv/bin/activate echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic --clear --noinput @@ -227,9 +152,9 @@ pushd $final_path ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name" popd -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # SETUP SYSTEMD @@ -272,13 +197,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5 -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..c60f8ef --- /dev/null +++ b/tests.toml @@ -0,0 +1,8 @@ +test_format = 1.0 + +[default] + + exclude = ["install.nourl"] + + test_upgrade_from.7a50028.name = "Upgrade from 1.2.9" + test_upgrade_from.945e3d4.name = "Upgrade from 1.2.10~ynh1"