#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading installation settings..." app="$YNH_APP_INSTANCE_NAME" final_path=$(ynh_app_setting_get --app="$app" --key=final_path) landing_page_user=$(ynh_app_setting_get --app="$app" --key=landing_page_user) domain=$(ynh_app_setting_get --app="$app" --key=domain) port=$(ynh_app_setting_get --app="$app" --key=port) path_url=$(ynh_app_setting_get --app="$app" --key=path_url) client_max_body_size=$(ynh_app_setting_get --app="$app" --key=client_max_body_size) db_name=$(ynh_app_setting_get --app="$app" --key=db_name) db_user=$(ynh_app_setting_get --app="$app" --key=db_user) db_pwd=$(ynh_app_setting_get --app="$app" --key=db_pwd) datadir=$(ynh_app_setting_get --app="$app" --key=datadir) cache_memory_target=$(ynh_app_setting_get --app="$app" --key=cache_memory_target) instance_federation_mode=$(ynh_app_setting_get --app="$app" --key=instance_federation_mode) instance_expose_peers=$(ynh_app_setting_get --app="$app" --key=instance_expose_peers) instance_expose_suspended=$(ynh_app_setting_get --app="$app" --key=instance_expose_suspended) instance_expose_suspended_web=$(ynh_app_setting_get --app="$app" --key=instance_expose_suspended_web) instance_expose_public_timeline=$(ynh_app_setting_get --app="$app" --key=instance_expose_public_timeline) instance_deliver_to_shared_inboxes=$(ynh_app_setting_get --app="$app" --key=instance_deliver_to_shared_inboxes) instance_inject_mastodon_version=$(ynh_app_setting_get --app="$app" --key=instance_inject_mastodon_version) accounts_registration_open=$(ynh_app_setting_get --app="$app" --key=accounts_registration_open) accounts_approval_required=$(ynh_app_setting_get --app="$app" --key=accounts_approval_required) accounts_reason_required=$(ynh_app_setting_get --app="$app" --key=accounts_reason_required) accounts_allow_custom_css=$(ynh_app_setting_get --app="$app" --key=accounts_allow_custom_css) accounts_custom_css_length=$(ynh_app_setting_get --app="$app" --key=accounts_custom_css_length) media_image_max_size=$(ynh_app_setting_get --app="$app" --key=media_image_max_size) media_video_max_size=$(ynh_app_setting_get --app="$app" --key=media_video_max_size) media_description_min_chars=$(ynh_app_setting_get --app="$app" --key=media_description_min_chars) media_description_max_chars=$(ynh_app_setting_get --app="$app" --key=media_description_max_chars) media_remote_cache_days=$(ynh_app_setting_get --app="$app" --key=media_remote_cache_days) media_emoji_local_max_size=$(ynh_app_setting_get --app="$app" --key=media_emoji_local_max_size) media_emoji_remote_max_size=$(ynh_app_setting_get --app="$app" --key=media_emoji_remote_max_size) storage_backend=$(ynh_app_setting_get --app="$app" --key=storage_backend) storage_s3_endpoint=$(ynh_app_setting_get --app="$app" --key=storage_s3_endpoint) storage_s3_proxy=$(ynh_app_setting_get --app="$app" --key=storage_s3_proxy) storage_s3_access_key=$(ynh_app_setting_get --app="$app" --key=storage_s3_access_key) storage_s3_secret_key=$(ynh_app_setting_get --app="$app" --key=storage_s3_secret_key) storage_s3_bucket=$(ynh_app_setting_get --app="$app" --key=storage_s3_bucket) statuses_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_max_chars) statuses_cw_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_cw_max_chars) statuses_poll_max_options=$(ynh_app_setting_get --app="$app" --key=statuses_poll_max_options) statuses_poll_option_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_poll_option_max_chars) statuses_media_max_files=$(ynh_app_setting_get --app="$app" --key=statuses_media_max_files) smtp_host=$(ynh_app_setting_get --app="$app" --key=smtp_host) smtp_port=$(ynh_app_setting_get --app="$app" --key=smtp_port) smtp_username=$(ynh_app_setting_get --app="$app" --key=smtp_username) smtp_password=$(ynh_app_setting_get --app="$app" --key=smtp_password) smtp_from=$(ynh_app_setting_get --app="$app" --key=smtp_from) smtp_disclose_recipients=$(ynh_app_setting_get --app="$app" --key=smtp_disclose_recipients) advanced_cookies_samesite=$(ynh_app_setting_get --app="$app" --key=advanced_cookies_samesite) advanced_rate_limit_requests=$(ynh_app_setting_get --app="$app" --key=advanced_rate_limit_requests) #================================================= # CHECK VERSION #================================================= ### This helper will compare the version of the currently installed app and the version of the upstream package. ### $upgrade_type can have 2 different values ### - UPGRADE_APP if the upstream app version has changed ### - UPGRADE_PACKAGE if only the YunoHost package has changed ### ynh_check_app_version_changed will stop the upgrade if the app is up to date. ### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/$app.log" #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." # Upgrade from <0.2.1~ynh4: if ynh_compare_current_package_version --comparison lt --version 0.2.1~ynh4 || [ -z "$db_user" ] then # import old parameters registration_open=$(ynh_app_setting_get --app="$app" --key=registration_open) registration_approval=$(ynh_app_setting_get --app="$app" --key=registration_approval) registration_reason=$(ynh_app_setting_get --app="$app" --key=registration_reason) # declaration of new parameters client_max_body_size="100M" media_image_max_size="2097152" media_video_max_size="10485760" media_description_min_chars="0" media_description_max_chars="500" media_remote_cache_days="30" statuses_max_chars="5000" statuses_cw_max_chars="100" statuses_poll_max_options="6" statuses_poll_option_max_chars="50" statuses_media_max_files="6" # conversion of old parameters registration_open=$(convert_bool "$registration_open") registration_approval=$(convert_bool "$registration_approval") registration_reason=$(convert_bool "$registration_reason") # fix db_user existence db_user=$db_name ynh_app_setting_set --app="$app" --key=db_user --value="$db_user" # registration of new parameters ynh_app_setting_set --app="$app" --key=client_max_body_size --value="$client_max_body_size" ynh_app_setting_set --app="$app" --key=media_image_max_size --value="$media_image_max_size" ynh_app_setting_set --app="$app" --key=media_video_max_size --value="$media_video_max_size" ynh_app_setting_set --app="$app" --key=media_description_min_chars --value="$media_description_min_chars" ynh_app_setting_set --app="$app" --key=media_description_max_chars --value="$media_description_max_chars" ynh_app_setting_set --app="$app" --key=media_remote_cache_days --value="$media_remote_cache_days" ynh_app_setting_set --app="$app" --key=statuses_max_chars --value="$statuses_max_chars" ynh_app_setting_set --app="$app" --key=statuses_cw_max_chars --value="$statuses_cw_max_chars" ynh_app_setting_set --app="$app" --key=statuses_poll_max_options --value="$statuses_poll_max_options" ynh_app_setting_set --app="$app" --key=statuses_poll_option_max_chars --value="$statuses_poll_option_max_chars" ynh_app_setting_set --app="$app" --key=statuses_media_max_files --value="$statuses_media_max_files" # registration of converted parameters ynh_app_setting_set --app="$app" --key=registration_open --value="$registration_open" ynh_app_setting_set --app="$app" --key=registration_approval --value="$registration_approval" ynh_app_setting_set --app="$app" --key=registration_reason --value="$registration_reason" fi # Upgrade from <0.3.7~ynh1: if ynh_compare_current_package_version --comparison lt --version 0.3.7~ynh1 || [ -z "$instance_expose_peers" ] then # import old parameters registration_open=$(ynh_app_setting_get --app="$app" --key=registration_open) registration_approval=$(ynh_app_setting_get --app="$app" --key=registration_approval) registration_reason=$(ynh_app_setting_get --app="$app" --key=registration_reason) # declaration of new parameters instance_expose_peers="false" instance_expose_suspended="false" # conversion of old parameters if [ "$registration_open" = "true" ] || [ "$registration_open" = "false" ]; then accounts_registration_open=$registration_open accounts_approval_required=$registration_approval accounts_reason_required=$registration_reason else accounts_registration_open="false" accounts_approval_required="true" accounts_reason_required="false" fi # registration of new parameters ynh_app_setting_set --app="$app" --key=instance_expose_peers --value="$instance_expose_peers" ynh_app_setting_set --app="$app" --key=instance_expose_suspended --value="$instance_expose_suspended" # registration of converted parameters ynh_app_setting_set --app="$app" --key=accounts_registration_open --value="$accounts_registration_open" ynh_app_setting_set --app="$app" --key=accounts_approval_required --value="$accounts_approval_required" ynh_app_setting_set --app="$app" --key=accounts_reason_required --value="$accounts_reason_required" # deletion of old parameters ynh_app_setting_delete --app="$app" --key=registration_open ynh_app_setting_delete --app="$app" --key=registration_approval ynh_app_setting_delete --app="$app" --key=registration_reason fi # Upgrade from <0.5.0~ynh1: if ynh_compare_current_package_version --comparison lt --version 0.5.0~ynh1 || [ -z "$accounts_allow_custom_css" ] then # declaration of new parameters accounts_allow_custom_css="false" instance_deliver_to_shared_inboxes="true" media_emoji_local_max_size="51200" media_emoji_remote_max_size="102400" # registration of new parameters ynh_app_setting_set --app="$app" --key=accounts_allow_custom_css --value="$accounts_allow_custom_css" ynh_app_setting_set --app="$app" --key=instance_deliver_to_shared_inboxes --value="$instance_deliver_to_shared_inboxes" ynh_app_setting_set --app="$app" --key=media_emoji_local_max_size --value="$media_emoji_local_max_size" ynh_app_setting_set --app="$app" --key=media_emoji_remote_max_size --value="$media_emoji_remote_max_size" fi # Upgrade from <0.6.0~ynh1: if ynh_compare_current_package_version --comparison lt --version 0.6.0~ynh1 || [ -z "$instance_expose_public_timeline" ] then # declaration of new parameters landing_page_user="" instance_expose_public_timeline="false" storage_backend="local" storage_s3_endpoint="" storage_s3_proxy="false" storage_s3_access_key="" storage_s3_secret_key="" storage_s3_bucket="" advanced_cookies_samesite="lax" advanced_rate_limit_requests="1000" # registration of new parameters ynh_app_setting_set --app="$app" --key=landing_page_user --value="$landing_page_user" ynh_app_setting_set --app="$app" --key=instance_expose_public_timeline --value="$instance_expose_public_timeline" ynh_app_setting_set --app="$app" --key=storage_backend --value="$storage_backend" ynh_app_setting_set --app="$app" --key=storage_s3_endpoint --value="$storage_s3_endpoint" ynh_app_setting_set --app="$app" --key=storage_s3_proxy --value="$storage_s3_proxy" ynh_app_setting_set --app="$app" --key=storage_s3_access_key --value="$storage_s3_access_key" ynh_app_setting_set --app="$app" --key=storage_s3_secret_key --value="$storage_s3_secret_key" ynh_app_setting_set --app="$app" --key=storage_s3_bucket --value="$storage_s3_bucket" ynh_app_setting_set --app="$app" --key=advanced_cookies_samesite --value="$advanced_cookies_samesite" ynh_app_setting_set --app="$app" --key=advanced_rate_limit_requests --value="$advanced_rate_limit_requests" fi # Upgrade from <0.7.1~ynh1: if ynh_compare_current_package_version --comparison lt --version 0.7.1~ynh1 || [ -z "$instance_expose_suspended_web" ] then # updating parameters advanced_rate_limit_requests="300" # declaration of new parameter instance_expose_suspended_web="false" # registration of parameters ynh_app_setting_set --app="$app" --key=advanced_rate_limit_requests --value="$advanced_rate_limit_requests" ynh_app_setting_set --app="$app" --key=instance_expose_suspended_web --value="$instance_expose_suspended_web" fi # Upgrade from <0.8.0~ynh2: if ynh_compare_current_package_version --comparison lt --version 0.8.0~ynh2 || [ -z "$smtp_host" ] then # declaration of new parameter smtp_host="localhost" smtp_port="25" smtp_username="" smtp_password="" smtp_from="noreply@$domain" smtp_disclose_recipients="false" # registration of parameters ynh_app_setting_set --app="$app" --key=smtp_host --value="$smtp_host" ynh_app_setting_set --app="$app" --key=smtp_port --value="$smtp_port" ynh_app_setting_set --app="$app" --key=smtp_username --value="$smtp_username" ynh_app_setting_set --app="$app" --key=smtp_password --value="$smtp_password" ynh_app_setting_set --app="$app" --key=smtp_from --value="$smtp_from" ynh_app_setting_set --app="$app" --key=smtp_disclose_recipients --value="$smtp_disclose_recipients" fi # Upgrade from <0.8.0~ynh3: if ynh_compare_current_package_version --comparison lt --version 0.8.0~ynh3 then # get settings from problem key allow_custom_css=$(ynh_app_setting_get --app="$app" --key=allow_custom_css) approval_required=$(ynh_app_setting_get --app="$app" --key=approval_required) reason_required=$(ynh_app_setting_get --app="$app" --key=reason_required) registration_open=$(ynh_app_setting_get --app="$app" --key=registration_open) # apply setting to correct key if set on old key if [ -n "$allow_custom_css" ] then ynh_app_setting_set --app="$app" --key=accounts_allow_custom_css --value="$allow_custom_css" ynh_app_setting_delete --app="$app" --key=allow_custom_css fi if [ -n "$approval_required" ] then ynh_app_setting_set --app="$app" --key=accounts_approval_required --value="$approval_required" ynh_app_setting_delete --app="$app" --key=approval_required fi if [ -n "$reason_required" ] then ynh_app_setting_set --app="$app" --key=accounts_reason_required --value="$reason_required" ynh_app_setting_delete --app="$app" --key=reason_required fi if [ -n "$registration_open" ] then ynh_app_setting_set --app="$app" --key=accounts_registration_open --value="$registration_open" ynh_app_setting_delete --app="$app" --key=registration_open fi fi # Upgrade from <0.10.0~ynh1: if ynh_compare_current_package_version --comparison lt --version 0.10.0~ynh1 || [ -z "$accounts_custom_css_length" ] then # declaration of new parameter accounts_custom_css_length="10000" # registration of parameter ynh_app_setting_set --app="$app" --key=accounts_custom_css_length --value="$accounts_custom_css_length" fi # Upgrade from <0.11.0~ynh1: if ynh_compare_current_package_version --comparison lt --version 0.11.0~ynh1 || [ -z "$cache_memory_target" ] then # declaration of new parameter cache_memory_target="100MiB" instance_inject_mastodon_version="false" # update default config if [ "$media_remote_cache_days" == "30" ]; then # "30" is the old default value, "7" the new one # updating to the new default only if the old default value is used (to not overwrite an user modified value) media_remote_cache_days="7" ynh_app_setting_set --app="$app" --key=media_remote_cache_days --value="$media_remote_cache_days" fi # registration of parameter ynh_app_setting_set --app="$app" --key=cache_memory_target --value="$cache_memory_target" ynh_app_setting_set --app="$app" --key=instance_inject_mastodon_version --value="$instance_inject_mastodon_version" fi # Upgrade from <0.12.0~ynh1: if ynh_compare_current_package_version --comparison lt --version 0.12.0~ynh1 || [ -z "$instance_federation_mode" ] then # declaration of new parameter instance_federation_mode="blocklist" # registration of parameter ynh_app_setting_set --app="$app" --key=instance_federation_mode --value="$instance_federation_mode" fi #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create --username="$app" --home_dir="$final_path" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." # detect_arch comes from _common.sh / personnal helpers architecture=$(detect_arch) # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" --keep="config.yaml" fi # FIXME: this should be managed by the core in the future # Here, as a packager, you may have to tweak the ownerhsip/permissions # such that the appropriate users (e.g. maybe www-data) can access # files in some cases. # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - # this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R "$app:www-data" "$final_path" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated NGINX config for the main domain ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= ynh_script_progression --message="Upgrading dependencies..." ynh_exec_warn_less ynh_install_app_dependencies "$pkg_dependencies" #================================================= # UPDATE A CONFIG FILE #================================================= ynh_script_progression --message="Updating a configuration file..." ### Same as during install ### ### The file will automatically be backed-up if it's found to be manually modified (because ### ynh_add_config keeps track of the file's checksum) ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" # FIXME: this should be handled by the core in the future # You may need to use chmod 600 instead of 400, # for example if the app is expected to be able to modify its own config chmod 400 "$final_path/config.yaml" chown "$app:$app" "$final_path/config.yaml" #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Upgrading systemd configuration..." # Create a dedicated systemd config ynh_add_systemd_config #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Upgrading fail2ban configuration..." # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add "$app" --description="Gotosocial server" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed"