From c5cc50f1b1f326080f4f657b7805f2c27c1c3f20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Mon, 12 Sep 2022 15:28:42 +0200 Subject: [PATCH 1/9] Testing (#92) * 0.5.5 (#89) * Upgrade binaries * Auto-update README Co-authored-by: yunohost-bot * Auto-update README * Update upgrade * 0.6 (#91) * 0.6 * Auto-update README Co-authored-by: yunohost-bot Co-authored-by: yunohost-bot --- README.md | 3 ++- README_fr.md | 3 ++- conf/amd64.src | 4 ++-- conf/arm64.src | 4 ++-- conf/armhf.src | 4 ++-- conf/i386.src | 4 ++-- manifest.json | 2 +- scripts/upgrade | 2 +- 8 files changed, 14 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 87d257a..ccb7d65 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,8 @@ Galène is a videoconference server (an “SFU”) that is easy to deploy and th - built-in TURN server. -**Shipped version:** 0.5.5~ynh1 +**Shipped version:** 0.6~ynh1 + **Demo:** https://galene.org:8443/ diff --git a/README_fr.md b/README_fr.md index 691644b..ff4cbfd 100644 --- a/README_fr.md +++ b/README_fr.md @@ -27,7 +27,8 @@ Galène est un serveur de visioconférence (un « SFU ») facile à déployer et - détection d'activité -**Version incluse :** 0.5.5~ynh1 +**Version incluse :** 0.6~ynh1 + **Démo :** https://galene.org:8443/ diff --git a/conf/amd64.src b/conf/amd64.src index 337882c..3ad39c0 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.5.5/galene_0.5.5_Linux_amd64.tar.gz -SOURCE_SUM=9db7bb92fbbcbfaf0a2b8cd614a63a7f08f700a81220122b2b7ecfa1602c17b5 +SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.6/galene_0.6_Linux_amd64.tar.gz +SOURCE_SUM=57264497dfb882d5843d0351e2f11e2e78a36f78e0622d32237896ff7c654326 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/arm64.src b/conf/arm64.src index ba44b9c..95dc8fa 100644 --- a/conf/arm64.src +++ b/conf/arm64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.5.5/galene_0.5.5_Linux_arm64.tar.gz -SOURCE_SUM=a603e3526e70684f6732f12d00f08d8d1f63a15e037d6d01e1b8bfed49b085b8 +SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.6/galene_0.6_Linux_arm64.tar.gz +SOURCE_SUM=8116b3b36fb70075ad94dd3a9b23b61ba0a1640b405ea1dda2baecc2b725070a SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/armhf.src b/conf/armhf.src index 3ce0a49..f8fb3a7 100644 --- a/conf/armhf.src +++ b/conf/armhf.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.5.5/galene_0.5.5_Linux_arm7.tar.gz -SOURCE_SUM=aef5381f2d858efe5f34f038866cab17d71ed0fb0611a413f23fa44e270420e7 +SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.6/galene_0.6_Linux_arm7.tar.gz +SOURCE_SUM=723d154471267af5d64a98bb9b901e867a034a34e45f054401299fb59e09518f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/i386.src b/conf/i386.src index b1def50..cf818a9 100644 --- a/conf/i386.src +++ b/conf/i386.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.5.5/galene_0.5.5_Linux_i386.tar.gz -SOURCE_SUM=6d6e466a1efb22a912d6081016b2711ad78f0430e449a409efc584148b8deb9e +SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.6/galene_0.6_Linux_i386.tar.gz +SOURCE_SUM=898c8a01c17aa012457d39b6e918fb70dc5263df7a893b814241f8b9c236177f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index 34c85ca..7b6c79e 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Videoconferencing server that is easy to deploy", "fr": "Serveur de visioconférence facile à déployer" }, - "version": "0.5.5~ynh1", + "version": "0.6~ynh1", "url": "https://galene.org/", "upstream": { "license": "MIT", diff --git a/scripts/upgrade b/scripts/upgrade index 24a2846..5fd5ef1 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -103,7 +103,7 @@ then # Remove the app directory securely ynh_secure_remove --file=$final_path - ynh_setup_source --dest_dir="$final_path" --source_id=$YNH_ARCH #--keep="$final_path/data/config.json" + ynh_setup_source --dest_dir="$final_path" --source_id=$YNH_ARCH #--keep="data/config.json" fi chmod 750 "$final_path" From 289e896fa99719104ebd0076734e739dfaa98e0b Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 5 Oct 2022 00:36:46 +0200 Subject: [PATCH 2/9] Implement LDAP authentication --- .github/workflows/updater.sh | 135 +++++++++++++++++++ .github/workflows/updater.yml | 49 +++++++ check_process | 3 +- conf/amd64.src | 6 - conf/app.src | 7 + conf/arm64.src | 6 - conf/armhf.src | 6 - conf/config.json | 2 +- conf/galene-ldap.json | 8 ++ conf/groupname-ldap.json | 8 ++ conf/groupname.json | 6 +- conf/i386.src | 6 - conf/ice-servers.json | 18 +-- conf/ldap.service | 15 +++ conf/ldap.src | 7 + conf/nginx.conf | 19 ++- conf/systemd.service | 6 +- doc/DISCLAIMER.md | 1 + doc/DISCLAIMER_fr.md | 1 + manifest.json | 20 +-- scripts/_common.sh | 5 + scripts/backup | 11 +- scripts/change_url | 43 ++++-- scripts/install | 110 ++++++++++----- scripts/remove | 35 +++-- scripts/restore | 43 +++--- scripts/upgrade | 132 +++++++++++++----- scripts/ynh_install_go | 247 ++++++++++++++++++++++++++++++++++ 28 files changed, 791 insertions(+), 164 deletions(-) create mode 100644 .github/workflows/updater.sh create mode 100644 .github/workflows/updater.yml delete mode 100644 conf/amd64.src create mode 100644 conf/app.src delete mode 100644 conf/arm64.src delete mode 100644 conf/armhf.src create mode 100644 conf/galene-ldap.json create mode 100644 conf/groupname-ldap.json delete mode 100644 conf/i386.src create mode 100644 conf/ldap.service create mode 100644 conf/ldap.src create mode 100644 scripts/ynh_install_go diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100644 index 0000000..4740d92 --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,135 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/tags" | jq -r '.[] | .name' | sort -V | tail -1) +assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +echo "REPO=$repo" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) +echo "${#assets[@]} available asset(s)" + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Here we use the $assets variable to get the resources published in the upstream release. +# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. + +# Let's loop over the array of assets URLs +for asset_url in ${assets[@]}; do + + echo "Handling asset at $asset_url" + + # Assign the asset to a source file in conf/ directory + # Here we base the source file name upon a unique keyword in the assets url (admin vs. update) + # Leave $src empty to ignore the asset + case $asset_url in + *"admin"*) + src="app" + ;; + *"update"*) + src="app-upgrade" + ;; + *) + src="" + ;; + esac + + # If $src is not empty, let's process the asset + if [ ! -z "$src" ]; then + + # Create the temporary directory + tempdir="$(mktemp -d)" + + # Download sources and calculate checksum + filename=${asset_url##*/} + curl --silent -4 -L $asset_url -o "$tempdir/$filename" + checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + + # Delete temporary directory + rm -rf $tempdir + + # Get extension + if [[ $filename == *.tar.gz ]]; then + extension=tar.gz + else + extension=${filename##*.} + fi + + # Rewrite source file + cat < conf/$src.src +SOURCE_URL=$asset_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=$extension +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true +EOT + echo "... conf/$src.src updated" + + else + echo "... asset ignored" + fi + +done + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..fb72ba0 --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,49 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the updater script + /bin/bash .github/workflows/updater.sh + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + base: testing + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + draft: false diff --git a/check_process b/check_process index ed7a603..f20c2ee 100644 --- a/check_process +++ b/check_process @@ -2,8 +2,8 @@ ; Manifest domain="domain.tld" path="/path" - admin="john" is_public=1 + admin="john" password="password" group_name="public with space" group_description="My public space" @@ -18,6 +18,7 @@ upgrade=1 from_commit=aaae7fbe83ce001fabd40509882e765a5d8da2c1 backup_restore=1 multi_instance=0 + port_already_use=0 change_url=1 ;;; Options Email= diff --git a/conf/amd64.src b/conf/amd64.src deleted file mode 100644 index 3ad39c0..0000000 --- a/conf/amd64.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.6/galene_0.6_Linux_amd64.tar.gz -SOURCE_SUM=57264497dfb882d5843d0351e2f11e2e78a36f78e0622d32237896ff7c654326 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_EXTRACT=true diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..8fb7dbd --- /dev/null +++ b/conf/app.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://github.com/jech/galene/archive/refs/tags/galene-0.6.tar.gz +SOURCE_SUM=672645e6d888e5a0c3b843355c85801e21bfea6f054fd6bafda5a0e9aebc589e +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/arm64.src b/conf/arm64.src deleted file mode 100644 index 95dc8fa..0000000 --- a/conf/arm64.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.6/galene_0.6_Linux_arm64.tar.gz -SOURCE_SUM=8116b3b36fb70075ad94dd3a9b23b61ba0a1640b405ea1dda2baecc2b725070a -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_EXTRACT=true diff --git a/conf/armhf.src b/conf/armhf.src deleted file mode 100644 index f8fb3a7..0000000 --- a/conf/armhf.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.6/galene_0.6_Linux_arm7.tar.gz -SOURCE_SUM=723d154471267af5d64a98bb9b901e867a034a34e45f054401299fb59e09518f -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_EXTRACT=true diff --git a/conf/config.json b/conf/config.json index b7392e5..1a49c26 100644 --- a/conf/config.json +++ b/conf/config.json @@ -1,4 +1,4 @@ { "canonicalHost": "__DOMAIN__", "admin":[{"username":"__ADMIN__","password":"__PASSWORD__"}] -} \ No newline at end of file +} diff --git a/conf/galene-ldap.json b/conf/galene-ldap.json new file mode 100644 index 0000000..1480001 --- /dev/null +++ b/conf/galene-ldap.json @@ -0,0 +1,8 @@ +{ + "httpAddress": "127.0.0.1:__LDAP_PORT__", + "ldapServer": "ldap://localhost:389", + "ldapBase": "ou=users,dc=yunohost,dc=org", + "key": __KEY__, + "groups": ["YunoHost_Users"], + "insecure": true +} diff --git a/conf/groupname-ldap.json b/conf/groupname-ldap.json new file mode 100644 index 0000000..0e2c7d3 --- /dev/null +++ b/conf/groupname-ldap.json @@ -0,0 +1,8 @@ +{ + "description": "Group of YunoHost users", + "public": true, + "authServer": "https://__DOMAIN__/auth/", + "authKeys": [ + __KEY__ + ] +} diff --git a/conf/groupname.json b/conf/groupname.json index a54d029..eff91e8 100644 --- a/conf/groupname.json +++ b/conf/groupname.json @@ -3,7 +3,7 @@ "presenter": [{}], "description": "__GROUP_DESCRIPTION__", "public": true, - "allow-anonymous": true, - "allow-recording": true, - "allow-subgroups": true + "allow-anonymous": true, + "allow-recording": true, + "allow-subgroups": true } diff --git a/conf/i386.src b/conf/i386.src deleted file mode 100644 index cf818a9..0000000 --- a/conf/i386.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.6/galene_0.6_Linux_i386.tar.gz -SOURCE_SUM=898c8a01c17aa012457d39b6e918fb70dc5263df7a893b814241f8b9c236177f -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_EXTRACT=true diff --git a/conf/ice-servers.json b/conf/ice-servers.json index e283063..476c111 100644 --- a/conf/ice-servers.json +++ b/conf/ice-servers.json @@ -1,11 +1,11 @@ [ - { - "urls": [ - "turn:turn.example.org:5349", - "turn:turn.example.org:5349?transport=tcp" - ], - "username": "galene", - "credential": "secret", - "credentialType": "hmac-sha1" - } + { + "urls": [ + "turn:turn.example.org:5349", + "turn:turn.example.org:5349?transport=tcp" + ], + "username": "galene", + "credential": "secret", + "credentialType": "hmac-sha1" + } ] diff --git a/conf/ldap.service b/conf/ldap.service new file mode 100644 index 0000000..6efb10d --- /dev/null +++ b/conf/ldap.service @@ -0,0 +1,15 @@ +[Unit] +Description=Galène: LDAP integration for the videoconferencing server +Documentation=https://galene.org +After=network.target + +[Service] +Type=simple +User=__APP__ +Group=__APP__ +WorkingDirectory=__FINALPATH__/live_ldap/ +ExecStart=__FINALPATH__/live_ldap/galene-ldap -data __FINALPATH__/live_ldap/data/ +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target diff --git a/conf/ldap.src b/conf/ldap.src new file mode 100644 index 0000000..5572ac7 --- /dev/null +++ b/conf/ldap.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://github.com/jech/galene-ldap/archive/d0ffa0eadcf17150450d0222c07a2f8cf4e28d7e.tar.gz +SOURCE_SUM=e779ee173770799e3e0f398461a24f24576d87b1c8918712a8ee70702b74d4c9 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/nginx.conf b/conf/nginx.conf index a1d2e03..a37e798 100755 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,21 @@ -location / { +location /auth/ { - proxy_pass https://127.0.0.1:__PORT__; + proxy_pass http://127.0.0.1:__LDAP_PORT__/; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; +} + +location / { + + proxy_pass http://127.0.0.1:__PORT__/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/conf/systemd.service b/conf/systemd.service index d804274..1417126 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,14 +1,14 @@ [Unit] -Description=Galène: videoconferencing server +Description=Galène: Videoconferencing server Documentation=https://galene.org After=network.target [Service] Type=simple -WorkingDirectory=__FINALPATH__/ User=__APP__ Group=__APP__ -ExecStart=__FINALPATH__/galene -turn __PUBLIC_IP4__:__TURN_PORT__ -udp-range 49152-65535 -groups /home/yunohost.app/__APP__/groups -recordings /home/yunohost.app/__APP__/recordings +WorkingDirectory=__FINALPATH__/live/ +ExecStart=__FINALPATH__/live/galene -http "127.0.0.1:__PORT__" -insecure -turn __PUBLIC_IP4__:__TURN_PORT__ -udp-range 49152-65535 -groups __DATADIR__/groups -recordings __DATADIR__/recordings -data __FINALPATH__/live/data/ LimitNOFILE=65536 [Install] diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index b956ea9..35f908f 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,6 +1,7 @@ ### Accessing groups *Galène* meeting rooms are called "groups". Any group is accessible at `https://domain.tld/group/GroupName`, by typing its name in the home page search field, or by selecting it in the public list (if the group is configured as publicly visible, see below). +During install a group is created with YunoHost LDAP authentication, accessible at `https://domain.tld/group/YunoHost_Users`. #### Creating and configuring groups diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index a045ba4..5db048d 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,6 +1,7 @@ ### Accéder à des groupes Les salles de réunion *Galène* sont appelées « groupes ». Tout groupe est accessible sur `https://domain.tld/group/GroupName`, en tapant son nom dans le champ de recherche de la page d'accueil, ou en le sélectionnant dans la liste publique (si le groupe est configuré comme visible publiquement, voir ci-dessous). +Pendant l'installation, un groupe est créé avec l'authentification LDAP de YunoHost, accessible à `https://domain.tld/group/YunoHost_Users`. #### Ajouter et configurer des groupes diff --git a/manifest.json b/manifest.json index 7b6c79e..b0d06a0 100644 --- a/manifest.json +++ b/manifest.json @@ -29,11 +29,20 @@ "nginx" ], "arguments": { - "install" : [ + "install": [ { "name": "domain", "type": "domain" }, + { + "name": "is_public", + "type": "boolean", + "help": { + "en": "If enabled, Galène will be accessible by people who do not have an account. This can be changed later via the webadmin.", + "fr": "Si cette case est cochée, Galène sera accessible aux personnes n’ayant pas de compte. Vous pourrez changer ceci plus tard via la webadmin." + }, + "default": true + }, { "name": "admin", "type": "user" @@ -46,15 +55,6 @@ "fr": "Définissez le mot de passe administrateur (entre 8 et 30 caractères)" } }, - { - "name": "is_public", - "type": "boolean", - "help": { - "en": "If enabled, Galène will be accessible by people who do not have an account. This can be changed later via the webadmin.", - "fr": "Si cette case est cochée, Galène sera accessible aux personnes n’ayant pas de compte. Vous pourrez changer ceci plus tard via la webadmin." - }, - "default": true - }, { "name": "group_name", "type": "string", diff --git a/scripts/_common.sh b/scripts/_common.sh index 944a65e..87199a3 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,6 +4,11 @@ # COMMON VARIABLES #================================================= +go_version=1.19 + +# dependencies used by the app (must be on a single line) +pkg_dependencies="jose" + #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 5f1b0d0..cf11da9 100755 --- a/scripts/backup +++ b/scripts/backup @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -13,6 +14,9 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -50,17 +54,12 @@ ynh_backup --src_path="$datadir" --is_big ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# BACKUP LOGROTATE -#================================================= - -ynh_backup --src_path="/etc/logrotate.d/$app" - #================================================= # BACKUP SYSTEMD #================================================= ynh_backup --src_path="/etc/systemd/system/$app.service" +ynh_backup --src_path="/etc/systemd/system/${app}_ldap.service" #================================================= # END OF SCRIPT diff --git a/scripts/change_url b/scripts/change_url index 6d0abea..a843d25 100755 --- a/scripts/change_url +++ b/scripts/change_url @@ -28,12 +28,17 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) + +# Add settings here as needed by your application admin=$(ynh_app_setting_get --app=$app --key=admin) password=$(ynh_app_setting_get --app=$app --key=password) +group_name=$(ynh_app_setting_get --app=$app --key=group_name) +port=$(ynh_app_setting_get --app=$app --key=port) +ldap_port=$(ynh_app_setting_get --app=$app --key=ldap_port) +key=$(ynh_app_setting_get --app=$app --key=key) #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 @@ -72,7 +77,8 @@ fi #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action=stop --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" +ynh_systemd_action --service_name=${app}_ldap --action="stop" --log_path="systemd" #================================================= # MODIFY URL IN NGINX CONF @@ -104,15 +110,32 @@ then fi #================================================= -# CREATE DATA AND GROUPS FOLDER +# SPECIFIC MODIFICATIONS #================================================= -ynh_script_progression --message="Updating configuration file..." --weight=2 +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating a configuration file..." --weight=2 domain="$new_domain" -ynh_add_config --template="../conf/config.json" --destination="$final_path/data/config.json" +# Configure Galene +ynh_add_config --template="../conf/config.json" --destination="$final_path/live/data/config.json" +chmod 400 "$final_path/live/data/config.json" +chown $app:$app "$final_path/live/data/config.json" -chmod 400 "$final_path/data/config.json" -chown $app:$app "$final_path/data/config.json" +# Configure Galene LDAP +ynh_add_config --template="../conf/galene-ldap.json" --destination="$final_path/live_ldap/data/galene-ldap.json" +chmod 400 "$final_path/live_ldap/data/galene-ldap.json" +chown $app:$app "$final_path/live_ldap/data/galene-ldap.json" + +# Create a group name config +ynh_add_config --template="../conf/groupname.json" --destination="$datadir/groups/$group_name.json" +chmod 400 "$datadir/groups/$group_name.json" +chown $app:$app "$datadir/groups/$group_name.json" + +# Create a group name authenticated on LDAP +ynh_add_config --template="../conf/groupname-ldap.json" --destination="$datadir/groups/YunoHost_Users.json" +chmod 400 "$datadir/groups/YunoHost_Users.json" +chown $app:$app "$datadir/groups/YunoHost_Users.json" #================================================= # GENERIC FINALISATION @@ -121,7 +144,9 @@ chown $app:$app "$final_path/data/config.json" #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=3 -ynh_systemd_action --service_name=$app --action=start --log_path="systemd" +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd" #================================================= # RELOAD NGINX diff --git a/scripts/install b/scripts/install index 5a89c69..f5b85cd 100755 --- a/scripts/install +++ b/scripts/install @@ -7,12 +7,16 @@ #================================================= source _common.sh +source ynh_install_go source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -22,8 +26,8 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" -admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC +admin=$YNH_APP_ARG_ADMIN password=$YNH_APP_ARG_PASSWORD group_name=$YNH_APP_ARG_GROUP_NAME group_description=$YNH_APP_ARG_GROUP_DESCRIPTION @@ -61,9 +65,12 @@ ynh_app_setting_set --app=$app --key=group_description --value="$group_descripti ynh_script_progression --message="Finding an available port..." --weight=3 # Find an available port -port=$(ynh_find_port --port=8443) +port=$(ynh_find_port --port=8095) ynh_app_setting_set --app=$app --key=port --value=$port +ldap_port=$(ynh_find_port --port=$(($port + 1))) +ynh_app_setting_set --app=$app --key=port --value=$ldap_port + # Find an available port for TURN turn_port=$(ynh_find_port --port=1194) ynh_app_setting_set --app=$app --key=turn_port --value=$turn_port @@ -76,6 +83,13 @@ ynh_exec_warn_less yunohost firewall allow Both $turn_port # Reserve UDP Port range 49152:65535 ynh_exec_warn_less yunohost firewall allow UDP -4 49152:65535 +#================================================= +# INSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Installing dependencies..." --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + #================================================= # CREATE DEDICATED USER #================================================= @@ -91,24 +105,17 @@ ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" --source_id=$YNH_ARCH +ynh_setup_source --dest_dir="$final_path/build" +ynh_setup_source --dest_dir="$final_path/build_ldap" --source_id="ldap" +mkdir -p "$final_path/live/data" +mkdir -p "$final_path/live_ldap/data" +cp -r "$final_path/build/static/" "$final_path/live/" +ynh_replace_string --match_string="
Galène
" --replace_string="
Galène
" --target_file="$final_path/live/static/galene.html" chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -#================================================= -# CREATE DATA AND GROUPS FOLDER -#================================================= - -# Create data folder -mkdir -p "$final_path/data" - -ynh_add_config --template="../conf/config.json" --destination="$final_path/data/config.json" - -chmod 400 "$final_path/data/config.json" -chown $app:$app "$final_path/data/config.json" - #================================================= # NGINX CONFIGURATION #================================================= @@ -117,6 +124,28 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# SPECIFIC SETUP +#================================================= +# BUILD APP +#================================================= +ynh_script_progression --message="Building app..." --weight=1 + +ynh_install_go --go_version=$go_version +ynh_use_go +pushd $final_path/build/ + ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live/ +popd +pushd $final_path/build_ldap/ + ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live_ldap/ +popd +ynh_remove_go +ynh_secure_remove --file="$final_path/build/" +ynh_secure_remove --file="$final_path/build_ldap/" +ynh_secure_remove --file="$final_path/.cache/" +ynh_secure_remove --file="$final_path/go/" +ynh_secure_remove --file="$final_path/.go-version" + #================================================= # CREATE DATA DIRECTORY #================================================= @@ -131,6 +160,33 @@ chmod 750 "$datadir" chmod -R o-rwx "$datadir" chown -R $app:www-data "$datadir" +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a configuration file..." --weight=1 + +# Configure Galene +ynh_add_config --template="../conf/config.json" --destination="$final_path/live/data/config.json" +chmod 400 "$final_path/live/data/config.json" +chown $app:$app "$final_path/live/data/config.json" + +# Configure Galene LDAP +key=$(jose jwk gen -i '{"kty":"oct","alg":"HS256"}') +ynh_app_setting_set --app=$app --key=key --value="$key" +ynh_add_config --template="../conf/galene-ldap.json" --destination="$final_path/live_ldap/data/galene-ldap.json" +chmod 400 "$final_path/live_ldap/data/galene-ldap.json" +chown $app:$app "$final_path/live_ldap/data/galene-ldap.json" + +# Create a group name config +ynh_add_config --template="../conf/groupname.json" --destination="$datadir/groups/$group_name.json" +chmod 400 "$datadir/groups/$group_name.json" +chown $app:$app "$datadir/groups/$group_name.json" + +# Create a group name authenticated on LDAP +ynh_add_config --template="../conf/groupname-ldap.json" --destination="$datadir/groups/YunoHost_Users.json" +chmod 400 "$datadir/groups/YunoHost_Users.json" +chown $app:$app "$datadir/groups/YunoHost_Users.json" + #================================================= # SETUP SYSTEMD #================================================= @@ -140,28 +196,17 @@ public_ip4="$(curl -s ip.yunohost.org)" || true # Create a dedicated systemd config ynh_add_systemd_config +ynh_add_systemd_config --service=${app}_ldap --template="ldap.service" #================================================= -# MODIFY A CONFIG FILES -#================================================= - -# Create a group name config -ynh_add_config --template="../conf/groupname.json" --destination="$datadir/groups/$group_name.json" - -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 - -# Use logrotate to manage application logfile(s) -ynh_use_logrotate - +# GENERIC FINALIZATION #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports="$turn_port" +yunohost service add $app --description="Videoconferencing server" --needs_exposed_ports="$turn_port" +yunohost service add ${app}_ldap --description="LDAP integration for the videoconferencing server" #================================================= # START SYSTEMD SERVICE @@ -169,7 +214,8 @@ yunohost service add $app --description="Videoconferencing server" --log="/var/l ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action=start --log_path="systemd" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd" #================================================= # SETUP SSOWAT @@ -179,6 +225,8 @@ ynh_script_progression --message="Configuring permissions..." --weight=2 # Make app public if necessary if [ $is_public -eq 1 ] then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi diff --git a/scripts/remove b/scripts/remove index 89cf791..dc1df05 100755 --- a/scripts/remove +++ b/scripts/remove @@ -17,7 +17,6 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) -port=$(ynh_app_setting_get --app=$app --key=port) turn_port=$(ynh_app_setting_get --app=$app --key=turn_port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) datadir=$(ynh_app_setting_get --app=$app --key=datadir) @@ -34,6 +33,12 @@ then ynh_script_progression --message="Removing $app service integration..." --weight=1 yunohost service remove $app fi +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) +if ynh_exec_warn_less yunohost service status ${app}_ldap >/dev/null +then + ynh_script_progression --message="Removing ${app}_ldap service integration..." --weight=1 + yunohost service remove ${app}_ldap +fi #================================================= # STOP AND REMOVE SERVICE @@ -42,14 +47,7 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config - -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 - -# Remove the app-specific logrotate config -ynh_remove_logrotate +ynh_remove_systemd_config --service=${app}_ldap #================================================= # REMOVE APP MAIN DIR @@ -63,11 +61,11 @@ ynh_secure_remove --file="$final_path" # REMOVE DATA DIR #================================================= -# Remove the app data directory with the command `yunohost app remove galene --purge` +# Remove the data directory if --purge option is used if [ "${YNH_APP_PURGE:-0}" -eq 1 ] then - ynh_script_progression --message="Removing $app data directory..." --weight=2 - ynh_secure_remove --file="$datadir" + ynh_script_progression --message="Removing app data directory..." --weight=1 + ynh_secure_remove --file="$datadir" fi #================================================= @@ -78,21 +76,32 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." --weight=1 + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + #================================================= # CLOSE A PORT #================================================= -ynh_script_progression --message="Closing ports..." --weight=1 if yunohost firewall list | grep -q "\- $turn_port$" then + ynh_script_progression --message="Closing port $turn_port..." --weight=1 ynh_exec_warn_less yunohost firewall disallow both $turn_port fi if yunohost firewall list | grep -q "\- 49152:65535" then + ynh_script_progression --message="Closing UDP ports..." --weight=1 ynh_exec_warn_less yunohost firewall disallow UDP 49152:65535 fi +#================================================= +# SPECIFIC REMOVE #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 25a6d81..3ab3d80 100755 --- a/scripts/restore +++ b/scripts/restore @@ -14,6 +14,9 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -36,16 +39,11 @@ datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=1 -test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " +test ! -d $final_path \ + || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - #================================================= # RECREATE THE DEDICATED USER #================================================= @@ -78,34 +76,47 @@ chmod 750 "$datadir" chmod -R o-rwx "$datadir" chown -R $app:www-data "$datadir" +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling dependencies..." --weight=1 + +# Define and install dependencies +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + #================================================= # RESTORE SYSTEMD #================================================= ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +ynh_restore_file --origin_path="/etc/systemd/system/${app}_ldap.service" systemctl enable $app.service --quiet -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/logrotate.d/$app" - #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports="$turn_port" +yunohost service add $app --description="Videoconferencing server" --needs_exposed_ports="$turn_port" +yunohost service add ${app}_ldap --description="LDAP integration for the videoconferencing server" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=3 -ynh_systemd_action --service_name=$app --action=start --log_path="systemd" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index 5fd5ef1..f124703 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -7,6 +7,7 @@ #================================================= source _common.sh +source ynh_install_go source /usr/share/yunohost/helpers #================================================= @@ -23,6 +24,8 @@ password=$(ynh_app_setting_get --app=$app --key=password) final_path=$(ynh_app_setting_get --app=$app --key=final_path) group_name=$(ynh_app_setting_get --app=$app --key=group_name) port=$(ynh_app_setting_get --app=$app --key=port) +ldap_port=$(ynh_app_setting_get --app=$app --key=ldap_port) +key=$(ynh_app_setting_get --app=$app --key=key) turn_port=$(ynh_app_setting_get --app=$app --key=turn_port) if ynh_compare_current_package_version --comparison le --version 0.3.5~ynh3 @@ -33,6 +36,7 @@ fi #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." --weight=1 upgrade_type=$(ynh_check_app_version_changed) @@ -50,6 +54,16 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=3 + +ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" +ynh_systemd_action --service_name=${app}_ldap --action="stop" --log_path="systemd" + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -68,6 +82,12 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# If ldap_port doesn't exist, create it +if [ -z "$ldap_port" ]; then + ldap_port=$(ynh_find_port --port=$(($port + 1))) + ynh_app_setting_set --app=$app --key=port --value=$ldap_port +fi + # Cleaning legacy permissions if ynh_legacy_permissions_exists; then ynh_legacy_permissions_delete_all @@ -75,6 +95,11 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi +# We remove the old admin/password file if present +if [ -f "$final_path/data/passwd" ] ; then + ynh_secure_remove --file="$final_path/data/passwd" +fi + #================================================= # CREATE DEDICATED USER #================================================= @@ -83,15 +108,6 @@ ynh_script_progression --message="Making sure dedicated system user exists..." - # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=3 - -ynh_systemd_action --service_name=$app --action=stop --log_path="/var/log/$app/$app.log" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -100,33 +116,25 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=2 - # Remove the app directory securely - ynh_secure_remove --file=$final_path - - ynh_setup_source --dest_dir="$final_path" --source_id=$YNH_ARCH #--keep="data/config.json" + ynh_setup_source --dest_dir="$final_path/build" + ynh_setup_source --dest_dir="$final_path/build_ldap" --source_id="ldap" fi +mkdir -p "$final_path/live/data" +mkdir -p "$final_path/live_ldap/data" +ynh_secure_remove --file="$final_path/live/static/" +cp -r "$final_path/build/static/" "$final_path/live/" +ynh_replace_string --match_string="
Galne
" --replace_string="
Galne
" --target_file="$final_path/live/static/galene.html" chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" #================================================= -# UPGRADING CONFIGURATION FILE +# UPGRADE DEPENDENCIES #================================================= -ynh_script_progression --message="Upgrading configuration file..." --weight=2 +ynh_script_progression --message="Upgrading dependencies..." --weight=1 -# Create data folder -mkdir -p "$final_path/data" - -# We remove the old admin/password file if present -if [ -f "$final_path/data/passwd" ] ; then - ynh_secure_remove --file="$final_path/data/passwd" -fi - -ynh_add_config --template="../conf/config.json" --destination="$final_path/data/config.json" - -chmod 400 "$final_path/data/config.json" -chown $app:$app "$final_path/data/config.json" +ynh_install_app_dependencies $pkg_dependencies #================================================= # NGINX CONFIGURATION @@ -136,6 +144,61 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# SPECIFIC UPGRADE +#================================================= +# BUILD APP +#================================================= +ynh_script_progression --message="Building app..." --weight=1 + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_install_go --go_version=$go_version + ynh_use_go + pushd $final_path/build/ + ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live/ + popd + pushd $final_path/build_ldap/ + ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live_ldap/ + popd + ynh_remove_go + ynh_secure_remove --file="$final_path/build/" + ynh_secure_remove --file="$final_path/build_ldap/" + ynh_secure_remove --file="$final_path/.cache/" + ynh_secure_remove --file="$final_path/go/" + ynh_secure_remove --file="$final_path/.go-version" +fi + +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating a configuration file..." --weight=2 + +# Configure Galene +ynh_add_config --template="../conf/config.json" --destination="$final_path/live/data/config.json" +chmod 400 "$final_path/live/data/config.json" +chown $app:$app "$final_path/live/data/config.json" + +# Configure Galene LDAP +# If key doesn't exist, create it +if [ -z "$key" ]; then + key=$(jose jwk gen -i '{"kty":"oct","alg":"HS256"}') + ynh_app_setting_set --app=$app --key=key --value=$key +fi +ynh_add_config --template="../conf/galene-ldap.json" --destination="$final_path/live_ldap/data/galene-ldap.json" +chmod 400 "$final_path/live_ldap/data/galene-ldap.json" +chown $app:$app "$final_path/live_ldap/data/galene-ldap.json" + +# Create a group name config +ynh_add_config --template="../conf/groupname.json" --destination="$datadir/groups/$group_name.json" +chmod 400 "$datadir/groups/$group_name.json" +chown $app:$app "$datadir/groups/$group_name.json" + +# Create a group name authenticated on LDAP +ynh_add_config --template="../conf/groupname-ldap.json" --destination="$datadir/groups/YunoHost_Users.json" +chmod 400 "$datadir/groups/YunoHost_Users.json" +chown $app:$app "$datadir/groups/YunoHost_Users.json" + #================================================= # SETUP SYSTEMD #================================================= @@ -145,28 +208,25 @@ public_ip4="$(curl -s ip.yunohost.org)" || true # Create a dedicated systemd config ynh_add_systemd_config +ynh_add_systemd_config --service=${app}_ldap --template="ldap.service" #================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 - -# Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate --non-append - +# GENERIC FINALIZATION #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports="$turn_port" +yunohost service add $app --description="Videoconferencing server" --needs_exposed_ports="$turn_port" +yunohost service add ${app}_ldap --description="LDAP integration for the videoconferencing server" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action=start --log_path="systemd" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd" #================================================= # RELOAD NGINX diff --git a/scripts/ynh_install_go b/scripts/ynh_install_go new file mode 100644 index 0000000..e3ad06a --- /dev/null +++ b/scripts/ynh_install_go @@ -0,0 +1,247 @@ +#!/bin/bash + +ynh_go_try_bash_extension() { + if [ -x src/configure ]; then + src/configure && make -C src || { + ynh_print_info --message="Optional bash extension failed to build, but things will still work normally." + } + fi +} + +goenv_install_dir="/opt/goenv" +go_version_path="$goenv_install_dir/versions" +# goenv_ROOT is the directory of goenv, it needs to be loaded as a environment variable. +export GOENV_ROOT="$goenv_install_dir" + +# Load the version of Go for an app, and set variables. +# +# ynh_use_go has to be used in any app scripts before using Go for the first time. +# This helper will provide alias and variables to use in your scripts. +# +# To use gem or Go, use the alias `ynh_gem` and `ynh_go` +# Those alias will use the correct version installed for the app +# For example: use `ynh_gem install` instead of `gem install` +# +# With `sudo` or `ynh_exec_as`, use instead the fallback variables `$ynh_gem` and `$ynh_go` +# And propagate $PATH to sudo with $ynh_go_load_path +# Exemple: `ynh_exec_as $app $ynh_go_load_path $ynh_gem install` +# +# $PATH contains the path of the requested version of Go. +# However, $PATH is duplicated into $go_path to outlast any manipulation of $PATH +# You can use the variable `$ynh_go_load_path` to quickly load your Go version +# in $PATH for an usage into a separate script. +# Exemple: $ynh_go_load_path $final_path/script_that_use_gem.sh` +# +# +# Finally, to start a Go service with the correct version, 2 solutions +# Either the app is dependent of Go or gem, but does not called it directly. +# In such situation, you need to load PATH +# `Environment="__YNH_GO_LOAD_PATH__"` +# `ExecStart=__FINALPATH__/my_app` +# You will replace __YNH_GO_LOAD_PATH__ with $ynh_go_load_path +# +# Or Go start the app directly, then you don't need to load the PATH variable +# `ExecStart=__YNH_GO__ my_app run` +# You will replace __YNH_GO__ with $ynh_go +# +# +# one other variable is also available +# - $go_path: The absolute path to Go binaries for the chosen version. +# +# usage: ynh_use_go +# +# Requires YunoHost version 3.2.2 or higher. +ynh_use_go () { + go_version=$(ynh_app_setting_get --app=$app --key=go_version) + + # Get the absolute path of this version of Go + go_path="$go_version_path/$go_version/bin" + + # Allow alias to be used into bash script + shopt -s expand_aliases + + # Create an alias for the specific version of Go and a variable as fallback + ynh_go="$go_path/go" + alias ynh_go="$ynh_go" + + # Load the path of this version of Go in $PATH + if [[ :$PATH: != *":$go_path"* ]]; then + PATH="$go_path:$PATH" + fi + # Create an alias to easily load the PATH + ynh_go_load_path="PATH=$PATH" + + # Sets the local application-specific Go version + pushd $final_path + $goenv_install_dir/bin/goenv local $go_version + popd +} + +# Install a specific version of Go +# +# ynh_install_go will install the version of Go provided as argument by using goenv. +# +# This helper creates a /etc/profile.d/goenv.sh that configures PATH environment for goenv +# for every LOGIN user, hence your user must have a defined shell (as opposed to /usr/sbin/nologin) +# +# Don't forget to execute go-dependent command in a login environment +# (e.g. sudo --login option) +# When not possible (e.g. in systemd service definition), please use direct path +# to goenv shims (e.g. $goenv_ROOT/shims/bundle) +# +# usage: ynh_install_go --go_version=go_version +# | arg: -v, --go_version= - Version of go to install. +# +# Requires YunoHost version 3.2.2 or higher. +ynh_install_go () { + # Declare an array to define the options of this helper. + local legacy_args=v + local -A args_array=( [v]=go_version= ) + local go_version + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # Load goenv path in PATH + local CLEAR_PATH="$goenv_install_dir/bin:$PATH" + + # Remove /usr/local/bin in PATH in case of Go prior installation + PATH=$(echo $CLEAR_PATH | sed 's@/usr/local/bin:@@') + + # Move an existing Go binary, to avoid to block goenv + test -x /usr/bin/go && mv /usr/bin/go /usr/bin/go_goenv + + # Install or update goenv + goenv="$(command -v goenv $goenv_install_dir/bin/goenv | head -1)" + if [ -n "$goenv" ]; then + ynh_print_info --message="goenv already seems installed in \`$goenv'." + pushd "${goenv%/*/*}" + if git remote -v 2>/dev/null | grep "https://github.com/syndbg/goenv.git"; then + echo "Trying to update with git..." + git pull -q --tags origin master + cd .. + ynh_go_try_bash_extension + fi + popd + else + ynh_print_info --message="Installing goenv with git..." + mkdir -p $goenv_install_dir + pushd $goenv_install_dir + git init -q + git remote add -f -t master origin https://github.com/syndbg/goenv.git > /dev/null 2>&1 + git checkout -q -b master origin/master + ynh_go_try_bash_extension + goenv=$goenv_install_dir/bin/goenv + popd + fi + + goenv_latest="$(command -v "$goenv_install_dir"/plugins/*/bin/goenv-latest goenv-latest | head -1)" + if [ -n "$goenv_latest" ]; then + ynh_print_info --message="\`goenv latest' command already available in \`$goenv_latest'." + pushd "${goenv_latest%/*/*}" + if git remote -v 2>/dev/null | grep "https://github.com/momo-lab/xxenv-latest.git"; then + ynh_print_info --message="Trying to update xxenv-latest with git..." + git pull -q origin master + fi + popd + else + ynh_print_info --message="Installing xxenv-latest with git..." + mkdir -p "${goenv_install_dir}/plugins" + git clone -q https://github.com/momo-lab/xxenv-latest.git "${goenv_install_dir}/plugins/xxenv-latest" + fi + + # Enable caching + mkdir -p "${goenv_install_dir}/cache" + + # Create shims directory if needed + mkdir -p "${goenv_install_dir}/shims" + + # Restore /usr/local/bin in PATH + PATH=$CLEAR_PATH + + # And replace the old Go binary + test -x /usr/bin/go_goenv && mv /usr/bin/go_goenv /usr/bin/go + + # Install the requested version of Go + local final_go_version=$(goenv latest --print $go_version) + ynh_print_info --message="Installation of Go-$final_go_version" + goenv install --skip-existing $final_go_version + + # Store go_version into the config of this app + ynh_app_setting_set --app=$YNH_APP_INSTANCE_NAME --key=go_version --value=$final_go_version + + # Cleanup Go versions + ynh_cleanup_go + + # Set environment for Go users + echo "#goenv +export GOENV_ROOT=$goenv_install_dir +export PATH=\"$goenv_install_dir/bin:$PATH\" +eval \"\$(goenv init -)\" +#goenv" > /etc/profile.d/goenv.sh + + # Load the environment + eval "$(goenv init -)" +} + +# Remove the version of Go used by the app. +# +# This helper will also cleanup Go versions +# +# usage: ynh_remove_go +ynh_remove_go () { + local go_version=$(ynh_app_setting_get --app=$YNH_APP_INSTANCE_NAME --key=go_version) + + # Load goenv path in PATH + local CLEAR_PATH="$goenv_install_dir/bin:$PATH" + + # Remove /usr/local/bin in PATH in case of Go prior installation + PATH=$(echo $CLEAR_PATH | sed 's@/usr/local/bin:@@') + + # Remove the line for this app + ynh_app_setting_delete --app=$YNH_APP_INSTANCE_NAME --key=go_version + + # Cleanup Go versions + ynh_cleanup_go +} + +# Remove no more needed versions of Go used by the app. +# +# This helper will check what Go version are no more required, +# and uninstall them +# If no app uses Go, goenv will be also removed. +# +# usage: ynh_cleanup_go +ynh_cleanup_go () { + + # List required Go versions + local installed_apps=$(yunohost app list --output-as json --quiet | jq -r .apps[].id) + local required_go_versions="" + for installed_app in $installed_apps + do + local installed_app_go_version=$(ynh_app_setting_get --app=$installed_app --key="go_version") + if [[ $installed_app_go_version ]] + then + required_go_versions="${installed_app_go_version}\n${required_go_versions}" + fi + done + + # Remove no more needed Go versions + local installed_go_versions=$(goenv versions --bare --skip-aliases | grep -Ev '/') + for installed_go_version in $installed_go_versions + do + if ! `echo ${required_go_versions} | grep "${installed_go_version}" 1>/dev/null 2>&1` + then + ynh_print_info --message="Removing of Go-$installed_go_version" + $goenv_install_dir/bin/goenv uninstall --force $installed_go_version + fi + done + + # If none Go version is required + if [[ ! $required_go_versions ]] + then + # Remove goenv environment configuration + ynh_print_info --message="Removing of goenv" + ynh_secure_remove --file="$goenv_install_dir" + ynh_secure_remove --file="/etc/profile.d/goenv.sh" + fi +} From 431f40661d75cff2559ffc3d0ede08e29141b0d0 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 4 Oct 2022 22:36:54 +0000 Subject: [PATCH 3/9] Auto-update README --- README.md | 1 + README_fr.md | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index ccb7d65..e9f6c6f 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ Galène is a videoconference server (an “SFU”) that is easy to deploy and th ### Accessing groups *Galène* meeting rooms are called "groups". Any group is accessible at `https://domain.tld/group/GroupName`, by typing its name in the home page search field, or by selecting it in the public list (if the group is configured as publicly visible, see below). +During install a group is created with YunoHost LDAP authentication, accessible at `https://domain.tld/group/YunoHost_Users`. #### Creating and configuring groups diff --git a/README_fr.md b/README_fr.md index ff4cbfd..a92c843 100644 --- a/README_fr.md +++ b/README_fr.md @@ -41,6 +41,7 @@ Galène est un serveur de visioconférence (un « SFU ») facile à déployer et ### Accéder à des groupes Les salles de réunion *Galène* sont appelées « groupes ». Tout groupe est accessible sur `https://domain.tld/group/GroupName`, en tapant son nom dans le champ de recherche de la page d'accueil, ou en le sélectionnant dans la liste publique (si le groupe est configuré comme visible publiquement, voir ci-dessous). +Pendant l'installation, un groupe est créé avec l'authentification LDAP de YunoHost, accessible à `https://domain.tld/group/YunoHost_Users`. #### Ajouter et configurer des groupes From 0c6823973675be807ee50316fb0a2564d53361af Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 5 Oct 2022 02:04:58 +0200 Subject: [PATCH 4/9] Update upgrade --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index f124703..797c715 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -124,7 +124,7 @@ mkdir -p "$final_path/live/data" mkdir -p "$final_path/live_ldap/data" ynh_secure_remove --file="$final_path/live/static/" cp -r "$final_path/build/static/" "$final_path/live/" -ynh_replace_string --match_string="
Galne
" --replace_string="
Galne
" --target_file="$final_path/live/static/galene.html" +ynh_replace_string --match_string="
Galène
" --replace_string="
Galène
" --target_file="$final_path/live/static/galene.html" chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" From ae1a15bcfe2b8db784aaba6c99dc64ca4690204e Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 5 Oct 2022 02:43:00 +0200 Subject: [PATCH 5/9] Fix datadir --- scripts/change_url | 1 + scripts/install | 2 +- scripts/upgrade | 3 ++- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index a843d25..cb35cc4 100755 --- a/scripts/change_url +++ b/scripts/change_url @@ -36,6 +36,7 @@ group_name=$(ynh_app_setting_get --app=$app --key=group_name) port=$(ynh_app_setting_get --app=$app --key=port) ldap_port=$(ynh_app_setting_get --app=$app --key=ldap_port) key=$(ynh_app_setting_get --app=$app --key=key) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP diff --git a/scripts/install b/scripts/install index f5b85cd..e6264c7 100755 --- a/scripts/install +++ b/scripts/install @@ -131,7 +131,7 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Building app..." --weight=1 -ynh_install_go --go_version=$go_version +ynh_exec_warn_less ynh_install_go --go_version=$go_version ynh_use_go pushd $final_path/build/ ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live/ diff --git a/scripts/upgrade b/scripts/upgrade index 797c715..c1fe7f1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -27,6 +27,7 @@ port=$(ynh_app_setting_get --app=$app --key=port) ldap_port=$(ynh_app_setting_get --app=$app --key=ldap_port) key=$(ynh_app_setting_get --app=$app --key=key) turn_port=$(ynh_app_setting_get --app=$app --key=turn_port) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) if ynh_compare_current_package_version --comparison le --version 0.3.5~ynh3 then @@ -153,7 +154,7 @@ ynh_script_progression --message="Building app..." --weight=1 if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_install_go --go_version=$go_version + ynh_exec_warn_less ynh_install_go --go_version=$go_version ynh_use_go pushd $final_path/build/ ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live/ From 4bf6a318b3f1178c51fefe43233c91edc3c302c0 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 5 Oct 2022 20:30:57 +0200 Subject: [PATCH 6/9] Update scripts/install MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index e6264c7..7282a02 100755 --- a/scripts/install +++ b/scripts/install @@ -137,7 +137,7 @@ pushd $final_path/build/ ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live/ popd pushd $final_path/build_ldap/ - ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live_ldap/ + ynh_exec_warn_less ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live_ldap/ popd ynh_remove_go ynh_secure_remove --file="$final_path/build/" From 1bed958175a843a7fc797284e7dfafe4ee19f94a Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 5 Oct 2022 20:31:02 +0200 Subject: [PATCH 7/9] Update scripts/install MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 7282a02..0fef646 100755 --- a/scripts/install +++ b/scripts/install @@ -134,7 +134,7 @@ ynh_script_progression --message="Building app..." --weight=1 ynh_exec_warn_less ynh_install_go --go_version=$go_version ynh_use_go pushd $final_path/build/ - ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live/ + ynh_exec_warn_less ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live/ popd pushd $final_path/build_ldap/ ynh_exec_warn_less ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $final_path/live_ldap/ From 15579b528e0c524ad28a6efec9b8e1fccf7a9e0f Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 5 Oct 2022 20:31:11 +0200 Subject: [PATCH 8/9] Update conf/groupname-ldap.json MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> --- conf/groupname-ldap.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/groupname-ldap.json b/conf/groupname-ldap.json index 0e2c7d3..1a0a6df 100644 --- a/conf/groupname-ldap.json +++ b/conf/groupname-ldap.json @@ -1,5 +1,5 @@ { - "description": "Group of YunoHost users", + "description": "YunoHost User Group", "public": true, "authServer": "https://__DOMAIN__/auth/", "authKeys": [ From 503fd4372d379ab84458de1abe085a717fd4ac40 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 5 Oct 2022 21:39:19 +0200 Subject: [PATCH 9/9] Fix upgrade from 0.6~ynh1 and before --- check_process | 2 ++ scripts/upgrade | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/check_process b/check_process index f20c2ee..1819cef 100644 --- a/check_process +++ b/check_process @@ -16,6 +16,8 @@ setup_public=1 upgrade=1 upgrade=1 from_commit=aaae7fbe83ce001fabd40509882e765a5d8da2c1 + # 0.6~ynh1 + upgrade=1 from_commit=c5cc50f1b1f326080f4f657b7805f2c27c1c3f20 backup_restore=1 multi_instance=0 port_already_use=0 diff --git a/scripts/upgrade b/scripts/upgrade index c1fe7f1..b594a71 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -23,6 +23,7 @@ admin=$(ynh_app_setting_get --app=$app --key=admin) password=$(ynh_app_setting_get --app=$app --key=password) final_path=$(ynh_app_setting_get --app=$app --key=final_path) group_name=$(ynh_app_setting_get --app=$app --key=group_name) +group_description=$(ynh_app_setting_get --app=$app --key=group_description) port=$(ynh_app_setting_get --app=$app --key=port) ldap_port=$(ynh_app_setting_get --app=$app --key=ldap_port) key=$(ynh_app_setting_get --app=$app --key=key) @@ -101,6 +102,18 @@ if [ -f "$final_path/data/passwd" ] ; then ynh_secure_remove --file="$final_path/data/passwd" fi +# For version 0.6~ynh1 and before +if [[ ! -d "$final_path/live" ]] +then + tempdir="$(mktemp -d)" + mv $final_path $tempdir + mkdir -p "$final_path/live" + mv $tempdir/$app/galene "$final_path/live/" + mv $tempdir/$app/data/ "$final_path/live/" + mv $tempdir/$app/static/ "$final_path/live/" + ynh_secure_remove --file="$tempdir" +fi + #================================================= # CREATE DEDICATED USER #=================================================