Testing (#33)

* remove firewall allow for 8443

README.md

@@ -69,8 +69,8 @@ To check if Galène can connect to the TURN server, connect to Galène as operat
 
 #### Supported architectures
 
-* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/galene%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/galene/)
-* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/galene%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/galene/)
+* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/galene.svg)](https://ci-apps.yunohost.org/ci/apps/galene/)
+* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/galene.svg)](https://ci-apps-arm.yunohost.org/ci/apps/galene/)
 
 ## Limitations
 

README_fr.md

@@ -69,8 +69,8 @@ Pour vérifier si Galène peut se connecter au serveur TURN, connectez-vous à G
 
 #### Supported architectures
 
-* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/galene%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/galene/)
-* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/galene%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/galene/)
+* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/galene.svg)](https://ci-apps.yunohost.org/ci/apps/galene/)
+* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/galene.svg)](https://ci-apps-arm.yunohost.org/ci/apps/galene/)
 
 ## Limitations
 

check_process

@@ -23,7 +23,6 @@
 		upgrade=1	from_commit=c06f6235a93587e16524fa5b124e4d9e138a8109
 		backup_restore=1
 		multi_instance=0
-		port_already_use=1
 		change_url=1
 ;;; Options
 Email=

manifest.json

@@ -6,7 +6,7 @@
         "en": "Videoconferencing server that is easy to deploy",
         "fr": "Serveur de visioconférence facile à déployer"
     },
-    "version": "0.3.2~ynh3",
+    "version": "0.3.2~ynh4",
     "url": "https://galene.org/",
     "license": "MIT",
     "maintainer": {

scripts/change_url

@@ -17,7 +17,7 @@ old_domain=$YNH_APP_OLD_DOMAIN
 old_path=$YNH_APP_OLD_PATH
 
 new_domain=$YNH_APP_NEW_DOMAIN
-new_path=$YNH_APP_NEW_PATH
+new_path="/"
 
 app=$YNH_APP_INSTANCE_NAME
 

scripts/install

@@ -85,7 +85,6 @@ port=$(ynh_find_port --port=8443)
 turnserver_port=$(ynh_find_port --port=1194)
 
 # Open the ports
-ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
 ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
 
 # Store opened ports
@@ -215,13 +214,10 @@ mkdir -p "$groups"
 #=================================================
 
 ynh_add_config --template="../conf/passwd" --destination="$final_path/data/passwd"
-ynh_store_file_checksum --file="$final_path/data/passwd"
 
 ynh_add_config --template="../conf/groupname.json" --destination="$final_path/groups/$group_name.json"
-ynh_store_file_checksum --file="$final_path/groups/$group_name.json"
 
 ynh_add_config --template="../conf/ice-servers.json" --destination="$final_path/data/ice-servers.json"
-ynh_store_file_checksum --file="$final_path/data/ice-servers.json"
 
 #=================================================
 # ADD SCRIPT FOR COTURN CRON AND APP SERVICE
@@ -249,13 +245,15 @@ chmod -R u=rwX,g=rX,o= /etc/$app
 chmod 770 $final_path/Coturn_config_rotate.sh
 setfacl -R -m user:turnserver:rX  /etc/$app
 setfacl -R -m user:turnserver:rwX  /var/log/$app
+chmod 600 $final_path/data/passwd
+chmod 600 $final_path/data/ice-servers.json
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
 
-yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port
+yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
 yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
 
 #=================================================

scripts/remove

@@ -87,11 +87,6 @@ ynh_remove_logrotate
 #=================================================
 ynh_script_progression --message="Closing ports..." --weight=1
 
-if yunohost firewall list | grep -q "\- $port$"
-then
-	ynh_exec_warn_less yunohost firewall disallow TCP $port
-fi
-
 if yunohost firewall list | grep -q "\- $turnserver_port$"
 then
     ynh_exec_warn_less yunohost firewall disallow Both $turnserver_port 

scripts/restore

@@ -96,7 +96,7 @@ systemctl enable coturn-$app.service --quiet
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
 
-yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port
+yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
 yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
 
 #=================================================
@@ -127,7 +127,6 @@ fi
 #=================================================
 
 # Ouvre le port dans le firewall
-ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
 ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
 
 #=================================================
@@ -146,6 +145,9 @@ chmod -R u=rwX,g=rX,o= /etc/$app
 chmod 770 $final_path/Coturn_config_rotate.sh
 setfacl -R -m user:turnserver:rX  /etc/$app
 setfacl -R -m user:turnserver:rwX  /var/log/$app
+# Set permissions on config files
+chmod 600 $final_path/data/passwd
+chmod 600 $final_path/data/ice-servers.json
 
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION

scripts/upgrade

@@ -37,6 +37,12 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
 
+# If open, close direct access to $port in firewall
+if yunohost firewall list | grep -q "\- $port$"
+then
+    ynh_exec_warn_less yunohost firewall disallow TCP $port
+fi
+
 # If final_path doesn't exist, create it
 if [ -z "$final_path" ]; then
 	final_path=/opt/yunohost/$app
@@ -110,13 +116,11 @@ then
 	# Remove the tmp directory securely
 	ynh_secure_remove --file="$tmpdir"
 
-    ynh_backup_if_checksum_is_different --file="$final_path/data/passwd"
     ynh_add_config --template="../conf/passwd" --destination="$final_path/data/passwd"
-    ynh_store_file_checksum --file="$final_path/data/passwd"
+    chmod 600 $final_path/data/passwd
 
-    ynh_backup_if_checksum_is_different --file="$final_path/data/ice-servers.json"
     ynh_add_config --template="../conf/ice-servers.json" --destination="$final_path/data/ice-servers.json"
-    ynh_store_file_checksum --file="$final_path/data/ice-servers.json"
+    chmod 600 $final_path/data/ice-servers.json
 
 	# Recreate certificates
 	pushd "$final_path/data"
@@ -252,7 +256,6 @@ ynh_add_systemd_config
 # Set permissions on app files
 chown -R $app: $final_path
 chmod -R 755 $final_path
-chown -R $app /var/log/$app
 chown -R $app:root /etc/$app
 chown turnserver:root $coturn_config_path
 chmod -R u=rwX,g=rX,o= /etc/$app
@@ -273,7 +276,7 @@ ynh_use_logrotate --non-append
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
 
-yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port
+yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
 yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
 
 #=================================================