YunoHost-Apps/ghost_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/ghost_ynh.git synced 2024-09-03 19:16:02 +02:00
Code Issues Activity Actions

Merge pull request #61 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
tituspijean 2021-10-26 23:13:55 +02:00 committed by GitHub
commit 8b926a1e45
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 143 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -15,9 +15,9 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview ## Overview
Just a blogging platform Publishing, memberships, subscriptions and newsletters platform
**Shipped version:** 4.16.0~ynh1 **Shipped version:** 4.20.3~ynh1

4
README_fr.md
View file

@ -11,9 +11,9 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
## Vue d'ensemble ## Vue d'ensemble
Plateforme de blogging Plateforme d'édition, d'adhésions, d'abonnements et de newsletters
**Version incluse :** 4.16.0~ynh1 **Version incluse :** 4.20.3~ynh1

4
check_process
View file

@ -11,8 +11,6 @@
setup_private=1 setup_private=1
setup_public=1 setup_public=1
upgrade=1 upgrade=1
# 4.3.3
upgrade=1 from_commit=198004df76b0b3ef22a6dfe1b9a2738af62f0786
# 4.9.4 # 4.9.4
upgrade=1 from_commit=7a150ab29ee969f72dd7846539ae12ac1975165b upgrade=1 from_commit=7a150ab29ee969f72dd7846539ae12ac1975165b
backup_restore=1 backup_restore=1
@ -22,7 +20,5 @@
Email= Email=
Notification=none Notification=none
;;; Upgrade options ;;; Upgrade options
; commit=198004df76b0b3ef22a6dfe1b9a2738af62f0786
name=4.3.3
; commit=7a150ab29ee969f72dd7846539ae12ac1975165b ; commit=7a150ab29ee969f72dd7846539ae12ac1975165b
name=4.9.4 name=4.9.4

4
conf/admin.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/TryGhost/Admin/archive/refs/tags/v4.16.0.zip SOURCE_URL=https://github.com/TryGhost/Admin/archive/refs/tags/v4.20.3.zip
SOURCE_SUM=91b674c26838bd55a57a3cbc0cfbf873e6aa5dec625bc1245405d653f3410c99 SOURCE_SUM=7d65b09ead2096c4f8a424b680bfbbe64453d7ae10decd6f7b5f680e55e03f31
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=false SOURCE_IN_SUBDIR=false

5
conf/app.src
View file

@ -1,6 +1,5 @@
SOURCE_URL=https://github.com/TryGhost/Ghost/releases/download/v4.16.0/Ghost-4.16.0.zip SOURCE_URL=https://github.com/TryGhost/Ghost/releases/download/v4.20.3/Ghost-4.20.3.zip
SOURCE_SUM=DE7041DA31362BB8DF1043864A94026D6B692EBCEF8FEBD886F635BEF8E3DA84 SOURCE_SUM=50d88c47cd9aa8d2b06a6b84729b015352a1cf311fdce5f441bb0e7def0c4fbf
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=false SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

28
conf/systemd.service
View file

@ -12,5 +12,33 @@ Environment="NODE_ENV=production"
ExecStart=__YNH_NODE__ index.js run ExecStart=__YNH_NODE__ index.js run
Restart=always Restart=always
# Sandboxing options to harden security
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

8
manifest.json
View file

@ -3,10 +3,10 @@
"id": "ghost", "id": "ghost",
"packaging_format": 1, "packaging_format": 1,
"description": { "description": {
"en": "Just a blogging platform", "en": "Publishing, memberships, subscriptions and newsletters platform",
"fr": "Plateforme de blogging" "fr": "Plateforme d'édition, d'adhésions, d'abonnements et de newsletters"
}, },
"version": "4.16.0~ynh1", "version": "4.20.3~ynh1",
"url": "https://ghost.org/", "url": "https://ghost.org/",
"upstream": { "upstream": {
"license": "MIT", "license": "MIT",
@ -28,7 +28,7 @@
"mysql" "mysql"
], ],
"arguments": { "arguments": {
"install" : [ "install": [
{ {
"name": "domain", "name": "domain",
"type": "domain" "type": "domain"

6
scripts/backup
View file

@ -50,6 +50,12 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#================================================= #=================================================
# SPECIFIC BACKUP # SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_backup --src_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# BACKUP SYSTEMD # BACKUP SYSTEMD
#================================================= #=================================================

55
scripts/install
View file

@ -72,6 +72,14 @@ ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
# Install Yarn # Install Yarn
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#================================================= #=================================================
# CREATE A MYSQL DATABASE # CREATE A MYSQL DATABASE
#================================================= #=================================================
@ -81,15 +89,6 @@ db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name db_user=$db_name
ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
@ -104,6 +103,10 @@ ynh_setup_source --dest_dir="$final_path"
mkdir -p $final_path/core/client/Admin mkdir -p $final_path/core/client/Admin
ynh_setup_source --dest_dir="$final_path/core/client/Admin" --source_id="admin" ynh_setup_source --dest_dir="$final_path/core/client/Admin" --source_id="admin"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
@ -120,23 +123,23 @@ ynh_add_nginx_config
ynh_script_progression --message="Modifying a config file..." ynh_script_progression --message="Modifying a config file..."
ynh_add_config --template="../conf/config.production.json" --destination="$final_path/config.production.json" ynh_add_config --template="../conf/config.production.json" --destination="$final_path/config.production.json"
chmod 400 "$final_path/config.production.json"
chown $app:$app "$final_path/config.production.json"
#============================================== #==============================================
# BUILD GHOST # BUILD GHOST
#============================================== #==============================================
ynh_script_progression --message="Building $app... (this will take some time and resources!)" ynh_script_progression --message="Building Ghost... (this will take some time and resources!)"
pushd "$final_path" || ynh_die
pushd "$final_path"
ynh_use_nodejs ynh_use_nodejs
ynh_exec_warn_less yarn install --non-interactive --silent ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --non-interactive
ynh_exec_warn_less yarn global add knex-migrator ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn add knex-migrator
ynh_exec_warn_less NODE_ENV=production knex-migrator init ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH NODE_ENV=production $final_path/node_modules/.bin/knex-migrator init
ynh_exec_warn_less yarn global add grunt-cli ember-cli ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn add grunt-cli ember-cli
ynh_exec_warn_less NODE_ENV=production grunt symlink ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH NODE_ENV=production $final_path/node_modules/.bin/grunt symlink
ynh_exec_warn_less NODE_ENV=production grunt init --force ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH NODE_ENV=production $final_path/node_modules/.bin/grunt init --force
popd
popd || ynh_die
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
@ -147,14 +150,12 @@ ynh_script_progression --message="Configuring a systemd service..."
ynh_add_systemd_config ynh_add_systemd_config
#================================================= #=================================================
# GENERIC FINALIZATION # SETUP LOGROTATE
#================================================= #=================================================
# SECURE FILES AND DIRECTORIES ynh_script_progression --message="Configuring log rotation..."
#=================================================
ynh_script_progression --message="Securing files and directories..."
# Set permissions to app files # Use logrotate to manage application logfile(s)
chown -R $app: $final_path ynh_use_logrotate
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
@ -169,7 +170,7 @@ yunohost service add $app --description="$app daemon for Ghost" --log="/var/log/
ynh_script_progression --message="Starting a systemd service..." ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service # Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Ghost boot" ynh_systemd_action --service_name=$app --action="start"
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT

16
scripts/remove
View file

@ -43,6 +43,14 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config # Remove the dedicated systemd config
ynh_remove_systemd_config ynh_remove_systemd_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#================================================= #=================================================
# REMOVE THE MYSQL DATABASE # REMOVE THE MYSQL DATABASE
#================================================= #=================================================
@ -77,6 +85,14 @@ ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated nginx config # Remove the dedicated nginx config
ynh_remove_nginx_config ynh_remove_nginx_config
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing log files..."
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================

21
scripts/restore
View file

@ -57,7 +57,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_script_progression --message="Recreating the dedicated system user..." ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing) # Create the dedicated user (if not existing)
ynh_system_user_create --username=$app ynh_system_user_create --username=$app --home_dir="$final_path"
#================================================= #=================================================
# RESTORE THE APP MAIN DIR # RESTORE THE APP MAIN DIR
@ -66,13 +66,9 @@ ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path" ynh_restore_file --origin_path="$final_path"
#================================================= chmod 750 "$final_path"
# RESTORE USER RIGHTS chmod -R o-rwx "$final_path"
#================================================= chown -R $app:www-data "$final_path"
ynh_script_progression --message="Restoring user rights..."
# Restore permissions on app files
chown -R $app: $final_path
#================================================= #=================================================
# SPECIFIC RESTORATION # SPECIFIC RESTORATION
@ -107,6 +103,13 @@ ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/systemd/system/$app.service" ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet systemctl enable $app.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..."
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
@ -119,7 +122,7 @@ yunohost service add $app --description="$app daemon for Ghost" --log="/var/log/
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action=start --log_path=systemd --line_match="Ghost boot" ynh_systemd_action --service_name=$app --action=start
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION

71
scripts/upgrade
View file

@ -27,10 +27,24 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
#================================================= #=================================================
# CHECK VERSION # CHECK VERSION
#================================================= #=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_clean_check_starting
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# ENSURE DOWNWARD COMPATIBILITY # ENSURE DOWNWARD COMPATIBILITY
#================================================= #=================================================
@ -49,21 +63,6 @@ if ynh_legacy_permissions_exists; then
ynh_app_setting_delete --app=$app --key=is_public ynh_app_setting_delete --app=$app --key=is_public
fi fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_clean_check_starting
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
#================================================= #=================================================
@ -71,7 +70,7 @@ ynh_abort_if_errors
#================================================= #=================================================
ynh_script_progression --message="Stopping a systemd service..." ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action=stop --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action=stop
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
@ -79,7 +78,7 @@ ynh_systemd_action --service_name=$app --action=stop --log_path="/var/log/$app/$
ynh_script_progression --message="Making sure dedicated system user exists..." ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing) # Create a dedicated user (if not existing)
ynh_system_user_create --username=$app ynh_system_user_create --username=$app --home_dir="$final_path"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
@ -118,6 +117,10 @@ then
ynh_secure_remove --file="$tmpdir" ynh_secure_remove --file="$tmpdir"
fi fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
@ -147,23 +150,25 @@ ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ st
ynh_script_progression --message="Modifying a config file..." ynh_script_progression --message="Modifying a config file..."
ynh_add_config --template="../conf/config.production.json" --destination="$final_path/config.production.json" ynh_add_config --template="../conf/config.production.json" --destination="$final_path/config.production.json"
chmod 400 "$final_path/config.production.json"
chown $app:$app "$final_path/config.production.json"
#============================================== #==============================================
# BUILD GHOST # BUILD GHOST
#============================================== #==============================================
if [ "$upgrade_type" == "UPGRADE_APP" ] if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
ynh_script_progression --message="Building $app... (this will take some time and resources!)" ynh_script_progression --message="Building Ghost... (this will take some time and resources!)"
pushd "$final_path" || ynh_die pushd "$final_path"
ynh_exec_warn_less yarn install ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --non-interactive
ynh_exec_warn_less yarn global add knex-migrator ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn add knex-migrator
ynh_exec_warn_less NODE_ENV=production knex-migrator init ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH NODE_ENV=production $final_path/node_modules/.bin/knex-migrator init
ynh_exec_warn_less yarn global add grunt ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn add grunt-cli ember-cli
ynh_exec_warn_less NODE_ENV=production grunt symlink ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH NODE_ENV=production $final_path/node_modules/.bin/grunt symlink
ynh_exec_warn_less NODE_ENV=production grunt init --force ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH NODE_ENV=production $final_path/node_modules/.bin/grunt init --force
popd
popd || ynh_die
fi fi
#================================================= #=================================================
@ -177,12 +182,12 @@ ynh_script_progression --message="Upgrading systemd configuration..."
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# SECURE FILES AND DIRECTORIES # SETUP LOGROTATE
#================================================= #=================================================
ynh_script_progression --message="Securing files and directories..." ynh_script_progression --message="Upgrading logrotate configuration..."
# Set permissions on app files # Use logrotate to manage app-specific logfile(s)
chown -R $app: $final_path ynh_use_logrotate --non-append
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
@ -196,7 +201,7 @@ yunohost service add $app --description="$app daemon for Ghost" --log="/var/log/
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action=start --log_path=systemd --line_match="Ghost boot" ynh_systemd_action --service_name=$app --action=start
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX