#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers source ynh_install_ruby source ynh_add_secure_repos__2 #================================================= # LOAD SETTINGS #================================================= ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) path_url=$(ynh_app_setting_get $app path) admin=$(ynh_app_setting_get $app admin) is_public=$(ynh_app_setting_get $app is_public) final_path=$(ynh_app_setting_get $app final_path) language=$(ynh_app_setting_get $app language) db_name=$(ynh_app_setting_get $app db_name) db_pwd=$(ynh_app_setting_get $app db_pwd) admin_mail=$(ynh_user_get_info $admin 'mail') port_web=$(ynh_app_setting_get "$app" port_web) port_stream=$(ynh_app_setting_get "$app" port_stream) paperclip_secret=$(ynh_app_setting_get "$app" paperclip_secret) secret_key_base=$(ynh_app_setting_get "$app" secret_key_base) otp_secret=$(ynh_app_setting_get "$app" otp_secret) ldap_user=$(ynh_app_setting_get "$app" ldap_user) ldap_password=$(ynh_app_setting_get "$app" ldap_password) vapid_private_key=$(ynh_app_setting_get "$app" vapid_private_key) vapid_public_key=$(ynh_app_setting_get "$app" vapid_public_key) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_print_info "Ensuring downward compatibility..." # If db_name doesn't exist, create it if [ -z $db_name ]; then db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name fi # If final_path doesn't exist, create it if [ -z $final_path ]; then final_path=/var/www/$app ynh_app_setting_set $app final_path $final_path fi # Check if admin is not null if [[ "$admin" = "" || "$language" = "" ]]; then echo "Unable to upgrade, please contact support" ynh_die fi # If db_pwd doesn't exist, create it, need for old install if [[ -z "$db_pwd" ]]; then db_pwd=$(ynh_string_random) ynh_app_setting_set $app db_pwd $db_pwd ynh_psql_test_if_first_run sudo --login --user=postgres psql -c"ALTER user $app WITH PASSWORD '$db_pwd'" postgres ynh_replace_string "DB_PASS=" "DB_PASS=${db_pwd}" "${final_path}/live/.env.production" fi # If paperclip_secret doesn't exist, retrieve it or create it if [[ -z "$paperclip_secret" ]]; then paperclip_secret=$(grep -oP "PAPERCLIP_SECRET=\K\w+" test) if [[ -z "$paperclip_secret" ]]; then paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) fi ynh_app_setting_set "$app" paperclip_secret "$paperclip_secret" fi # If secret_key_base doesn't exist, retrieve it or create it if [[ -z "$secret_key_base" ]]; then secret_key_base=$(grep -oP "SECRET_KEY_BASE=\K\w+" test) if [[ -z "$secret_key_base" ]]; then secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) fi ynh_app_setting_set "$app" secret_key_base "$secret_key_base" fi # If otp_secret doesn't exist, retrieve it or create it if [[ -z "$otp_secret" ]]; then otp_secret=$(grep -oP "OTP_SECRET=\K\w+" test) if [[ -z "$otp_secret" ]]; then otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) fi ynh_app_setting_set "$app" otp_secret "$otp_secret" fi # If ldap_password doesn't exist, retrieve it or create it if [[ -z "$ldap_user" ]]; then ldap_user="${app}ldap" ynh_user_exists $ldap_user || ynh_die "LDAP User $ldap_user already exist" ldap_password=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) yunohost user create username -f $ldap_user -l $ldap_user -m $app@$domain -p $ldap_password -q 0 ynh_app_setting_set "$app" ldap_user "$ldap_user" ynh_app_setting_set "$app" ldap_password "$ldap_password" fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= ynh_print_info "Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { # restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # CHECK THE PATH #================================================= # Normalize the URL path syntax path_url=$(ynh_normalize_url_path $path_url) #================================================= # STANDARD UPGRADE STEPS #================================================= # STOP MASTODON SERVICES #================================================= ynh_print_info "Stopping Mastodon services..." yunohost service stop "$app-web" yunohost service stop "$app-sidekiq" yunohost service stop "$app-streaming" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_print_info "Upgrading source files..." # Download Mastodon mv "$final_path/live" "$final_path/live_back" ynh_setup_source "$final_path/live" if [ -z $final_path/live_back/public/system ]; then rsync -a "$final_path/live_back/public/system" "$final_path/live_back/public/." fi rsync -a "$final_path/live_back/.env.production" "$final_path/live/." rm -Rf "$final_path/live_back" # Clean files which are not needed anymore ynh_secure_remove $final_path/live/config/initializers/timeout.rb #================================================= # NGINX CONFIGURATION #================================================= ynh_print_info "Upgrading nginx web server configuration..." ynh_replace_string "__PORT_WEB__" "$port_web" "../conf/nginx.conf" ynh_replace_string "__PORT_STREAM__" "$port_stream" "../conf/nginx.conf" ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= ynh_print_info "Upgrading dependencies..." # Install extra_repo debian package backports & yarn if [ "$(lsb_release --codename --short)" == "jessie" ]; then ynh_install_extra_repo --repo="deb http://httpredir.debian.org/debian jessie-backports main" fi ynh_install_extra_repo --repo="deb https://dl.yarnpkg.com/debian/ stable main" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" ynh_package_update # Install nodejs ynh_install_nodejs 8 # TODO: use the same mecanism with other files ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE DEDICATED USER #================================================= ynh_print_info "Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create $app #================================================= # SPECIFIC UPGRADE #================================================= # INSTALLING RUBY AND BUNDLER #================================================= ynh_install_ruby --ruby_version=2.6.0 /opt/rbenv/versions/2.6.0/bin/gem update --system #/opt/rbenv/versions/2.6.0/bin/gem install bundler #================================================= # MODIFY A CONFIG FILE #================================================= cp -f ../conf/.env.production.sample "$final_path/live/.env.production" ynh_replace_string "__DB_USER__" "$app" "$final_path/live/.env.production" ynh_replace_string "__DB_NAME__" "$db_name" "$final_path/live/.env.production" ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/live/.env.production" ynh_replace_string "__DOMAIN__" "$domain" "$final_path/live/.env.production" ynh_replace_string "__SMTP_FROM_ADDRESS__" "$admin_mail" "${final_path}/live/.env.production" language="$(echo $language | head -c 2)" ynh_replace_string "__LANGUAGE__" "$language" "$final_path/live/.env.production" ynh_replace_string "PAPERCLIP_SECRET=" "PAPERCLIP_SECRET=$paperclip_secret" "${final_path}/live/.env.production" ynh_replace_string "__SECRET_KEY_BASE__" "$secret_key_base" "$final_path/live/.env.production" ynh_replace_string "__OTP_SECRET__" "$otp_secret" "$final_path/live/.env.production" ynh_replace_string "__LDAP_USER__" "$ldap_user" "${final_path}/live/.env.production" ynh_replace_string "__LDAP_PASSWORD__" "$ldap_password" "${final_path}/live/.env.production" #================================================= # UPGRADE MASTODON #================================================= ynh_print_info "Upgrading Mastodon..." chown -R "$app": "$final_path" pushd "$final_path/live" ynh_use_nodejs if [ "$(lsb_release --codename --short)" == "jessie" ]; then sudo -u "$app" env PATH=$PATH /opt/rbenv/versions/2.6.0/bin/bundle install --deployment --without development test else sudo -u "$app" env PATH=$PATH /opt/rbenv/versions/2.6.0/bin/bundle install --deployment --force --without development test fi sudo -u "$app" env PATH=$PATH yarn install --pure-lockfile sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails assets:clean sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails assets:precompile sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails db:migrate popd # If vapid_private_key doesn't exist, retrieve it or create it if [[ -z "$vapid_private_key" ]]; then sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K\w+" "$final_path/live/key.txt") vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K\w+" "$final_path/live/key.txt") ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key" ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key" ynh_secure_remove "$final_path/live/key.txt" fi # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum "${final_path}/live/.env.production" #================================================= # SETUP CRON JOB FOR REMOVING CACHE #================================================= ynh_print_info "Setuping a cron job for removing cache..." ynh_replace_string "__FINAL_PATH__" "$final_path" ../conf/cron ynh_replace_string "__USER__" "$app" ../conf/cron sudo cp -f ../conf/cron /etc/cron.d/$app #================================================= # SETUP SYSTEMD #================================================= ynh_print_info "Upgrading systemd configuration..." # Create a dedicated systemd config ynh_replace_string "__PORT_WEB__" "$port_web" "../conf/mastodon-web.service" ynh_replace_string "__PORT_STREAM__" "$port_stream" "../conf/mastodon-streaming.service" ynh_add_systemd_config "$app-web" "mastodon-web.service" ynh_add_systemd_config "$app-sidekiq" "mastodon-sidekiq.service" ynh_add_systemd_config "$app-streaming" "mastodon-streaming.service" yunohost service start "$app-web" yunohost service start "$app-sidekiq" yunohost service start "$app-streaming" # Waiting start all services sleep 30 #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions on app files chown -R $app: $final_path #================================================= # SETUP SSOWAT #================================================= ynh_print_info "Upgrading SSOwat configuration..." # Make app public if necessary if [ $is_public -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway ynh_app_setting_set $app unprotected_uris "/" fi #================================================= # RELOAD NGINX #================================================= ynh_print_info "Reloading nginx web server..." systemctl reload nginx #================================================= # END OF SCRIPT #================================================= ynh_print_info "Upgrade of $app completed"