From 7b54c16fa70444b9aa4c632ed306b7e657a67d95 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 26 Jan 2022 23:56:22 +0100 Subject: [PATCH] Apply last example_ynh --- conf/nginx.conf | 33 +++++++++++------------ conf/php-fpm.conf | 67 ++++++++++++++++++++++++++++++++-------------- manifest.json | 6 ++--- scripts/_common.sh | 5 +--- scripts/backup | 7 +++-- scripts/change_url | 36 ++++++++++++------------- scripts/install | 6 ++--- scripts/remove | 17 +++++++----- scripts/restore | 11 ++++---- scripts/upgrade | 21 +++++++++------ 10 files changed, 119 insertions(+), 90 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 6a8bd52..b468e8b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,29 +4,26 @@ location __PATH__/ { # Path to source alias __FINALPATH__/www/; - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - index index.php /_route.php; - try_files $uri $uri/ __PATH__/__PATH__/_route.php?$query_string; - - location ~ \.php$ { - if (!-e $request_filename) { - rewrite ^__PATH__/?(.*)$ __PATH__/_route.php?/$1 last; - break; - } - fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - } # Increase size limit client_max_body_size 2M; + try_files $uri $uri/ __PATH__/__PATH__/_route.php?$query_string; + location ~ \.php$ { + if (!-e $request_filename) { + rewrite ^__PATH__/?(.*)$ __PATH__/_route.php?/$1 last; + break; + } + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 9be1163..5f1eb97 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,10 +1,11 @@ ; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the +; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) [__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: +; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' @@ -24,17 +25,19 @@ group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock -; Set listen(2) backlog. A value of '-1' means unlimited. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many @@ -44,8 +47,13 @@ listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock listen.owner = www-data listen.group = www-data ;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = -; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be @@ -59,7 +67,13 @@ listen.group = www-data ; - The pool processes will inherit the master process priority ; unless it specified otherwise ; Default Value: no set -; priority = -19 +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -215,7 +229,7 @@ pm.max_requests = 500 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html +; It's available in: /usr/share/php/7.0/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it @@ -275,7 +289,7 @@ pm.max_requests = 500 ; - %{megabytes}M ; - %{mega}M ; %n: pool name -; %o: ouput header +; %o: output header ; it must be associated with embraces to specify the name of the header: ; - %{Content-Type}o ; - %{X-Powered-By}o @@ -291,9 +305,13 @@ pm.max_requests = 500 ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" @@ -349,13 +367,22 @@ chdir = __FINALPATH__ ; Default Value: no catch_workers_output = yes +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. +; execute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 +;security.limit_extensions = .php .php3 .php4 .php5 .php7 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. @@ -392,12 +419,12 @@ catch_workers_output = yes ;php_admin_value[memory_limit] = 32M ; Common values to change to increase file upload limit -; php_value[upload_max_filesize] = 50M -; php_value[post_max_size] = 50M -; php_valuemail.add_x_header = Off +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off ; Other common parameters -; php_value[max_execution_time] = 600 -; php_value[max_input_time] = 300 -; php_value[memory_limit] = 256M -; php_value[short_open_tag] = On \ No newline at end of file +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On diff --git a/manifest.json b/manifest.json index 5be81f5..3b64bc2 100644 --- a/manifest.json +++ b/manifest.json @@ -20,8 +20,8 @@ "name": "frju365", "email": "win10@tutanota.com" }, - "requirements": { - "yunohost": ">=4.2.4" + "requirements": { + "yunohost": ">= 4.3.0" }, "multi_instance": true, "services": [ @@ -29,7 +29,7 @@ "php7.4-fpm" ], "arguments": { - "install" : [ + "install": [ { "name": "domain", "type": "domain" diff --git a/scripts/_common.sh b/scripts/_common.sh index b126a6d..470d603 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,6 +3,7 @@ #================================================= # COMMON VARIABLES #================================================= + # dependencies used by the app #pkg_dependencies="imagemagick" @@ -21,7 +22,3 @@ extra_php_dependencies="php${YNH_PHP_VERSION} php${YNH_PHP_VERSION}-sqlite3 php$ #================================================= # FUTURE OFFICIAL HELPERS #================================================= - -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= diff --git a/scripts/backup b/scripts/backup index 551df9d..75ce3e0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -20,7 +20,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Declaring files to be backed up..." +ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -33,8 +33,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= ynh_print_info --message="Declaring files to be backed up..." -#================================================= -# STANDARD BACKUP STEPS #================================================= # BACKUP THE APP MAIN DIR #================================================= @@ -56,4 +54,5 @@ ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # END OF SCRIPT #================================================= + ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 0035ee1..21df615 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -38,11 +38,11 @@ ynh_script_progression --message="Backing up the app before changing its URL (ma # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - # Restore it if the upgrade fails - ynh_restore_upgradebackup + # Restore it if the upgrade fails + ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -75,24 +75,24 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # Change the path in the NGINX config file if [ $change_path -eq 1 ] then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config - ynh_add_config --template="config.local.yunohost.php" --destination="$final_path/config.local.yunohost.php" + # Make a backup of the original NGINX config file if modified + ynh_backup_if_checksum_is_different --file="$nginx_conf_path" + # Set global variables for NGINX helper + domain="$old_domain" + path_url="$new_path" + # Create a dedicated NGINX config + ynh_add_nginx_config + ynh_add_config --template="config.local.yunohost.php" --destination="$final_path/config.local.yunohost.php" fi # Change the domain for NGINX if [ $change_domain -eq 1 ] then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + # Delete file checksum for the old conf file location + ynh_delete_file_checksum --file="$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi #================================================= @@ -104,8 +104,6 @@ ynh_script_progression --message="Reloading NGINX web server..." --weight=2 ynh_systemd_action --service_name=nginx --action=reload -#================================================= -# last configuration #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 9964cf1..3519255 100644 --- a/scripts/install +++ b/scripts/install @@ -17,7 +17,7 @@ source /usr/share/yunohost/helpers ynh_abort_if_errors #================================================= -# Retrieve arguments +# RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN @@ -80,7 +80,7 @@ ynh_install_app_dependencies "$extra_php_dependencies" ynh_add_fpm_config #================================================= -# ADD A CONFIGURATION +# ADD A CONFIGURATION #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=5 @@ -111,7 +111,7 @@ ynh_script_progression --message="Configuring permissions..." --weight=8 # Make app public if necessary if [ $is_public -eq 1 ] then - ynh_permission_update --permission="main" --add="visitors" + ynh_permission_update --permission="main" --add="visitors" fi #================================================= diff --git a/scripts/remove b/scripts/remove index 8c4ebd5..cf50e90 100644 --- a/scripts/remove +++ b/scripts/remove @@ -22,7 +22,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing Garradin main directory..." --weight=3 +ynh_script_progression --message="Removing app main directory..." --weight=3 # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -40,14 +40,19 @@ ynh_remove_nginx_config #================================================= ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=2 -# Remove the app dependencies installed along with php-fpm -ynh_remove_app_dependencies - # Remove the dedicated PHP-FPM config # NB: If there is a warning because it cannot locate the garradin-ynh-deps package, ignore # It's just it has been removed before. # https://github.com/YunoHost/yunohost/blob/509ba1e8a28e0be598aa0617eda06669b7b0f1d8/data/helpers.d/php#L284-L287 -ynh_remove_fpm_config 2> >(grep -v 'WARNING E: Unable to locate package') +ynh_remove_fpm_config + +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies #================================================= # GENERIC FINALIZATION @@ -63,4 +68,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of Garradin completed" --last +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index d712603..3d4048b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -42,8 +42,9 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." -ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RECREATE THE DEDICATED USER @@ -56,7 +57,7 @@ ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring Garradin main directory..." --weight=5 +ynh_script_progression --message="Restoring the app main directory..." --weight=5 ynh_restore_file --origin_path="$final_path" @@ -78,7 +79,7 @@ chmod 660 "$final_path/config.local.user.php" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=6 +ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=6 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" @@ -99,4 +100,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for Garradin" --last +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index accbb30..771b894 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -25,23 +25,26 @@ secret_key=$(ynh_string_random --length=50) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up Garradin before upgrading (may take a while)..." --weight=30 +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30 # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup + # Restore it if the upgrade fails + ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# STANDARD UPGRADE STEPS #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -194,12 +197,13 @@ ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Upgrading source files..." --weight=5 if [ "$upgrade_type" == "UPGRADE_APP" ] then - # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --keep="config.local.user.php" --dest_dir="$final_path" + ynh_script_progression --message="Upgrading source files..." --weight=5 + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --keep="config.local.user.php" --dest_dir="$final_path" fi #================================================= @@ -253,7 +257,6 @@ then ynh_secure_remove $backup_skel_dist fi - #================================================= # ADD A CONFIGURATION #================================================= @@ -278,6 +281,8 @@ chmod 440 "$final_path/config.local.php" chmod 440 "$final_path/config.local.yunohost.php" chmod 660 "$final_path/config.local.user.php" +#================================================= +# GENERIC FINALIZATION #================================================= # RELOAD NGINX #================================================= @@ -296,4 +301,4 @@ ynh_local_curl "/admin/index.php" # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of Garradin completed" --last +ynh_script_progression --message="Upgrade of $app completed" --last