mirror of
https://github.com/YunoHost-Apps/glitchsoc_ynh.git
synced 2024-09-03 19:15:59 +02:00
[fix] secure rm + upgrade
This commit is contained in:
parent
cfdc9938e2
commit
128aa107ba
5 changed files with 52 additions and 15 deletions
|
@ -226,3 +226,31 @@ ynh_psql_drop_db() {
|
|||
ynh_psql_drop_user() {
|
||||
sudo su -c "dropuser ${1}" postgres
|
||||
}
|
||||
|
||||
# Remove a file or a directory securely
|
||||
#
|
||||
# usage: ynh_secure_remove path_to_remove
|
||||
# | arg: path_to_remove - File or directory to remove
|
||||
ynh_secure_remove () {
|
||||
path_to_remove=$1
|
||||
forbidden_path=" \
|
||||
/var/www \
|
||||
/home/yunohost.app"
|
||||
|
||||
if [[ "$forbidden_path" =~ "$path_to_remove" \
|
||||
# Match all path or subpath in $forbidden_path
|
||||
|| "$path_to_remove" =~ ^/[[:alnum:]]+$ \
|
||||
# Match all first level path from / (Like /var, /root, etc...)
|
||||
|| "${path_to_remove:${#path_to_remove}-1}" = "/" ]]
|
||||
# Match if the path finish by /. Because it's seems there is an empty variable
|
||||
then
|
||||
echo "Avoid deleting of $path_to_remove." >&2
|
||||
else
|
||||
if [ -e "$path_to_remove" ]
|
||||
then
|
||||
sudo rm -R "$path_to_remove"
|
||||
else
|
||||
echo "$path_to_remove doesn't deleted because it's not exist." >&2
|
||||
fi
|
||||
fi
|
||||
}
|
|
@ -25,6 +25,7 @@ ynh_backup "/etc/systemd/system/mastodon-streaming.service" "systemd_streaming.s
|
|||
|
||||
# Backup db
|
||||
sudo su - postgres <<COMMANDS
|
||||
pg_dump mastodon_production > /home/backup/mastodon_db.sql
|
||||
pg_dump -U mastodon mastodon_production > mastodon_db.sql
|
||||
COMMANDS
|
||||
ynh_backup "/home/backup/mastodon_db.sql" "mastodon_db.sql"
|
||||
ynh_backup "./mastodon_db.sql" "mastodon_db.sql"
|
||||
ynh_secure_remove /var/lib/postgresql/mastodon_db.sql
|
|
@ -17,7 +17,7 @@ domain=$(ynh_app_setting_get "$app" domain)
|
|||
if [ -e "/etc/systemd/system/mastodon-web.service" ]; then
|
||||
echo "Delete systemd script"
|
||||
sudo systemctl stop mastodon-web.service
|
||||
sudo rm "/etc/systemd/system/mastodon-web.service"
|
||||
ynh_secure_remove "/etc/systemd/system/mastodon-web.service"
|
||||
sudo systemctl disable mastodon-web.service
|
||||
fi
|
||||
|
||||
|
@ -25,7 +25,7 @@ fi
|
|||
if [ -e "/etc/systemd/system/mastodon-sidekiq.service" ]; then
|
||||
echo "Delete systemd script"
|
||||
sudo systemctl stop mastodon-sidekiq.service
|
||||
sudo rm "/etc/systemd/system/mastodon-sidekiq.service"
|
||||
ynh_secure_remove "/etc/systemd/system/mastodon-sidekiq.service"
|
||||
sudo systemctl disable mastodon-sidekiq.service
|
||||
fi
|
||||
|
||||
|
@ -33,7 +33,7 @@ fi
|
|||
if [ -e "/etc/systemd/system/mastodon-streaming.service" ]; then
|
||||
echo "Delete systemd script"
|
||||
sudo systemctl stop mastodon-sidekiq.streaming
|
||||
sudo rm "/etc/systemd/system/mastodon-streaming.service"
|
||||
ynh_secure_remove "/etc/systemd/system/mastodon-streaming.service"
|
||||
sudo systemctl disable mastodon-streaming.service
|
||||
fi
|
||||
|
||||
|
@ -73,27 +73,25 @@ sudo apt-get remove --purge -y yarn
|
|||
#sudo apt-get remove --purge -y autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev
|
||||
|
||||
# Delete app directory and configurations
|
||||
SECURE_REMOVE '/opt/$app'
|
||||
ynh_secure_remove /opt/$app
|
||||
[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf"
|
||||
|
||||
# Delete nginx configuration
|
||||
REMOVE_NGINX_CONF
|
||||
|
||||
# Delete log
|
||||
SECURE_REMOVE '/var/log/$app/'
|
||||
# Delete cronlog
|
||||
SECURE_REMOVE '/etc/cron.d/$app'
|
||||
ynh_secure_remove /etc/cron.d/$app
|
||||
# Delete source.list
|
||||
sudo rm /etc/apt/sources.list.d/backports.list
|
||||
sudo rm /etc/apt/sources.list.d/yarn.list
|
||||
ynh_secure_remove /etc/apt/sources.list.d/backports.list
|
||||
ynh_secure_remove /etc/apt/sources.list.d/yarn.list
|
||||
|
||||
# Delete ruby exec
|
||||
sudo rm /usr/bin/ruby
|
||||
ynh_secure_remove /usr/bin/ruby
|
||||
|
||||
# Remove user
|
||||
sudo userdel -f $app
|
||||
|
||||
# Reload services
|
||||
sudo service nginx reload
|
||||
sudo systemctl reload nginx
|
||||
|
||||
echo -e "\e[0m" # Restore normal color
|
||||
|
|
|
@ -61,10 +61,20 @@ sudo cp -a ./sources "$final_path"
|
|||
# Set permissions
|
||||
sudo chown -R $app: "$final_path"
|
||||
|
||||
# Set UTF8 encoding by default
|
||||
sudo su -c "psql" postgres <<< \
|
||||
"update pg_database set datistemplate='false' where datname='template1';"
|
||||
sudo su -c "psql" postgres <<< \
|
||||
"drop database template1;"
|
||||
sudo su -c "psql" postgres <<< \
|
||||
"create database template1 encoding='UTF8' template template0;"
|
||||
sudo su -c "psql" postgres <<< \
|
||||
"update pg_database set datistemplate='true' where datname='template1';"
|
||||
|
||||
# Restore db
|
||||
ynh_psql_create_db_without_password "$app"
|
||||
sudo su - postgres <<COMMANDS
|
||||
pg_dump mastodon_production < ./mastodon_db.sql
|
||||
pg_dump -U mastodon mastodon_production < ./mastodon_db.sql
|
||||
COMMANDS
|
||||
|
||||
# Restore Mastodon
|
||||
|
|
|
@ -39,7 +39,7 @@ sudo su - $app <<COMMANDS
|
|||
pushd ~/live
|
||||
git fetch
|
||||
git pull https://github.com/tootsuite/mastodon.git master
|
||||
git checkout v1.2
|
||||
git checkout $(git tag | tail -n 1)
|
||||
bin/bundle install
|
||||
yarn install --production
|
||||
RAILS_ENV=production bundle exec rails assets:clean
|
||||
|
|
Loading…
Reference in a new issue