YunoHost-Apps/grav_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/grav_ynh.git synced 2024-09-03 19:16:01 +02:00
Code Issues Activity Actions 1

Merge pull request #119 from YunoHost-Apps/upgrade

Browse source 
Upgrade
This commit is contained in:
yalh76 2022-12-09 21:34:35 +01:00 committed by GitHub
commit 5c4fb10806
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 314 additions and 284 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
.github/workflows/updater.sh vendored
View file

@ -17,56 +17,58 @@ echo "${#ASSETS[@]} available asset(s)"
# Let's loop over the array of assets URLs
for asset_url in ${ASSETS[@]}; do
echo "Handling asset at $asset_url"
echo "Handling asset at $asset_url"
# Assign the asset to a source file in conf/ directory
# Leave $src empty to ignore the asset
case $asset_url in
*"admin"*)
src="app"
;;
*"update"*)
src="app-upgrade"
;;
*)
src=""
;;
esac
# Assign the asset to a source file in conf/ directory
# Leave $src empty to ignore the asset
case $asset_url in
*"admin"*)
src="app"
;;
*"update"*)
src="app-upgrade"
;;
*)
src=""
;;
esac
# If $src is not empty, let's process the asset
if [ ! -z "$src" ]; then
# If $src is not empty, let's process the asset
if [ ! -z "$src" ]; then
# Create the temporary directory
tempdir="$(mktemp -d)"
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Delete temporary directory
rm -rf $tempdir
# Get extension
if [[ $filename == *.tar.gz ]]; then
extension=tar.gz
else
extension=${filename##*.}
fi
# Get extension
if [[ $filename == *.tar.gz ]]; then
extension=tar.gz
else
extension=${filename##*.}
fi
# Rewrite source file
cat <<EOT > conf/$src.src
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=$extension
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true
EOT
echo "... conf/$src.src updated"
echo "... conf/$src.src updated"
else
echo "... asset ignored"
fi
else
echo "... asset ignored"
fi
done
echo "Done!"

3
README.md
View file

@ -15,7 +15,8 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview
A modern open source flat-file CMS
Grav is a modern open source flat-file CMS.
**Shipped version:** 1.7.36~ynh1

1
README_fr.md
View file

@ -17,6 +17,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
Un CMS moderne basé sur des fichiers plats
**Version incluse :** 1.7.36~ynh1

4
check_process
View file

@ -6,9 +6,9 @@
; Manifest
domain="domain.tld"
path="/path"
admin="john"
language="fr_FR"
is_public=1
language="fr_FR"
admin="john"
; Actions
action_argument=arg1|arg2
is_public=1|0

2
conf/app.src
View file

@ -3,3 +3,5 @@ SOURCE_SUM=6f916a7d6ca1b44ceb4844516cfacba9e5a1c733c4bc1cb00148a1de70e6e70e
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

105
conf/nginx.conf
View file

@ -1,65 +1,66 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
alias __FINALPATH__/;
index index.php;
alias __FINALPATH__/;
index index.php;
client_max_body_size 30m;
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
client_max_body_size 50M;
# Add headers to serve security related headers
more_set_headers "Strict-Transport-Security: max-age=15768000";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
# Add headers to serve security related headers
more_set_headers "Strict-Transport-Security: max-age=15768000";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
# Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 )
try_files $uri $uri/ __PATH__/__PATH__/index.php?$query_string;
# Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 )
try_files $uri $uri/ __PATH__/__PATH__/index.php?$query_string;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
# https://learn.getgrav.org/webservers-hosting/servers/nginx#fix-against-httpoxy-vulnerability
fastcgi_param HTTP_PROXY "";
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
# https://learn.getgrav.org/webservers-hosting/servers/nginx#fix-against-httpoxy-vulnerability
fastcgi_param HTTP_PROXY "";
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
more_set_headers "Vary: Accept-Encoding";
log_not_found off;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
more_set_headers "Vary: Accept-Encoding";
log_not_found off;
}
location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|woff2|svg)$ {
access_log off;
expires 30d;
more_set_headers "Cache-Control: public";
location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|woff2|svg)$ {
access_log off;
expires 30d;
more_set_headers "Cache-Control: public";
## No need to bleed constant updates. Send the all shebang in one fell swoop.
tcp_nodelay off;
## No need to bleed constant updates. Send the all shebang in one fell swoop.
tcp_nodelay off;
## Set the OS file cache.
open_file_cache max=3000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}
## Set the OS file cache.
open_file_cache max=3000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}
## Begin - Security
# deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backups)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
## End - Security
## Begin - Security
# deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backups)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
## End - Security
#--PRIVATE--# Include SSOWAT user panel.
#--PRIVATE--include conf.d/yunohost_panel.conf.inc;
#--PRIVATE--# Include SSOWAT user panel.
#--PRIVATE--include conf.d/yunohost_panel.conf.inc;
}

63
conf/php-fpm.conf
View file

@ -1,10 +1,11 @@
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[__NAMETOCHANGE__]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
@ -24,17 +25,19 @@ group = __USER__
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
@ -44,8 +47,13 @@ listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
@ -59,7 +67,13 @@ listen.group = www-data
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; priority = -19
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; or group is differrent than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
@ -215,7 +229,7 @@ pm.max_requests = 500
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html
; It's available in: /usr/share/php/7.0/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
@ -275,7 +289,7 @@ pm.max_requests = 500
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: ouput header
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
@ -291,9 +305,13 @@ pm.max_requests = 500
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
@ -349,13 +367,22 @@ chdir = __FINALPATH__
; Default Value: no
catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
@ -391,5 +418,13 @@ catch_workers_output = yes
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
;php_admin_value[upload_max_filesize] =30M
;php_admin_value[post_max_size] =30M
; Common values to change to increase file upload limit
php_admin_value[upload_max_filesize] = 50M
php_admin_value[post_max_size] = 50M
; php_admin_flag[mail.add_x_header] = Off
; Other common parameters
; php_admin_value[max_execution_time] = 600
; php_admin_value[max_input_time] = 300
; php_admin_value[memory_limit] = 256M
; php_admin_flag[short_open_tag] = On

1
doc/DESCRIPTION.md Normal file
View file

@ -0,0 +1 @@
Grav is a modern open source flat-file CMS.

1
doc/DESCRIPTION_fr.md Normal file
View file

@ -0,0 +1 @@
Un CMS moderne basé sur des fichiers plats

8
manifest.json
View file

@ -55,10 +55,6 @@
"example": "/grav",
"default": "/grav"
},
{
"name": "admin",
"type": "user"
},
{
"name": "is_public",
"type": "boolean",
@ -80,6 +76,10 @@
"fr_FR"
],
"default": "fr_FR"
},
{
"name": "admin",
"type": "user"
}
]
}

11
scripts/_common.sh
View file

@ -4,11 +4,14 @@
# COMMON VARIABLES
#=================================================
# Version numbers
YNH_PHP_VERSION="7.3"
php_dependencies="php$YNH_DEFAULT_PHP_VERSION-zip php$YNH_DEFAULT_PHP_VERSION-mbstring php$YNH_DEFAULT_PHP_VERSION-curl php$YNH_DEFAULT_PHP_VERSION-dom php$YNH_DEFAULT_PHP_VERSION-gd php$YNH_DEFAULT_PHP_VERSION-xml php$YNH_DEFAULT_PHP_VERSION-ldap"
# dependencies used by the app
pkg_dependencies="php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-dom php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap"
# dependencies used by the app (must be on a single line)
pkg_dependencies="$php_dependencies"
#=================================================
# PERSONAL HELPERS
#=================================================
#=================================================
# EXPERIMENTAL HELPERS

10
scripts/backup
View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
@ -25,7 +26,6 @@ app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
@ -33,8 +33,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
@ -51,10 +49,12 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/php/${phpversion}/fpm/pool.d/$app.conf"
ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# BACKUP CRON
# SPECIFIC BACKUP
#=================================================
# BACKUP VARIOUS FILES
#=================================================
ynh_backup --src_path="/etc/cron.d/$app"

14
scripts/change_url
View file

@ -30,7 +30,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
@ -40,7 +40,7 @@ ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# restore it if the upgrade fails
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
@ -71,19 +71,19 @@ ynh_script_progression --message="Updating NGINX web server configuration..." --
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the nginx config file
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original nginx config file if modified
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for nginx helper
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated nginx config
# Create a dedicated NGINX config
ynh_add_nginx_config
fi
# Change the domain for nginx
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location

85
scripts/install
View file

@ -22,9 +22,9 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
language=$YNH_APP_ARG_LANGUAGE
is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE
admin=$YNH_APP_ARG_ADMIN
app=$YNH_APP_INSTANCE_NAME
@ -34,7 +34,7 @@ app=$YNH_APP_INSTANCE_NAME
ynh_script_progression --message="Validating installation parameters..." --weight=1
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
@ -46,11 +46,13 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=language --value=$language
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=with_sftp --value="false"
ynh_app_setting_set --app=$app --key=password --value=$(ynh_string_random)
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
@ -64,10 +66,8 @@ ynh_install_app_dependencies $pkg_dependencies
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app --home_dir=$final_path
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -75,29 +75,8 @@ ynh_script_progression --message="Setting up source files..." --weight=2
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir=$final_path
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring PHP-FPM..." --weight=3
# Create a dedicated php-fpm config
ynh_add_fpm_config --usage=medium --footprint=medium
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
ynh_setup_source --dest_dir="$final_path"
ynh_setup_source --dest_dir="$final_path/user/plugins/login-ldap" --source_id="ldap"
# Set permissions on app files
chown -R $app:www-data "$final_path"
@ -107,12 +86,28 @@ find "$final_path" -type d -exec chmod 750 {} \;
find "$final_path" -type d -exec chmod +s {} \;
#=================================================
# INSTALL LDAP PLUGIN
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Installing and configuring LDAP plugin..." --weight=1
ynh_script_progression --message="Configuring PHP-FPM..." --weight=3
# Download LDAP source
ynh_setup_source --dest_dir="$final_path/user/plugins/login-ldap" --source_id="ldap"
# Create a dedicated PHP-FPM config
ynh_add_fpm_config --usage=medium --footprint=medium
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
# Preparing config
ynh_exec_as $app mkdir -p "$final_path/user/config/plugins/login-ldap"
@ -126,29 +121,33 @@ chmod 640 "$final_path/user/config/plugins/login-ldap.yaml"
#=================================================
# CREATE A CRON TASK
#=================================================
ynh_script_progression --message="Creating a cron task..." --weight=1
echo "* * * * * $app php${YNH_PHP_VERSION} $final_path/bin/grav scheduler 1>> /dev/null 2>&1" > /etc/cron.d/$app
echo "* * * * * $app php$phpversion $final_path/bin/grav scheduler 1>> /dev/null 2>&1" > /etc/cron.d/$app
chmod 644 /etc/cron.d/$app
#=================================================
# SETUP PERMISSIONS
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
# Giving admin permission to the specified used
ynh_permission_create --permission "admin" --allowed $admin
# Creating user permission
ynh_permission_create --permission "user"
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission "main" --add "visitors"
ynh_permission_update --permission="main" --add="visitors"
fi
# Giving admin permission to the specified used
ynh_permission_create --permission="admin" --allowed=$admin
# Creating user permission
ynh_permission_create --permission="user"
#=================================================
# RELOAD NGINX
#=================================================

30
scripts/remove
View file

@ -14,29 +14,13 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
# Get multi-instances specific variables
app=$YNH_APP_INSTANCE_NAME
# Retrieve app settings
domain=$(ynh_app_setting_get --app=$app --key=domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=2
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# REMOVE THE CRON
#=================================================
ynh_secure_remove --file="/etc/cron.d/$app"
#=================================================
# REMOVE APP MAIN DIR
#=================================================
@ -50,7 +34,7 @@ ynh_secure_remove --file="$final_path"
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated nginx config
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
@ -58,7 +42,7 @@ ynh_remove_nginx_config
#=================================================
ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=2
# Remove the dedicated php-fpm config
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
#=================================================
@ -69,6 +53,16 @@ ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..." --weight=1
# Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================

61
scripts/restore
View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
@ -14,24 +15,22 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading settings..." --weight=1
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
@ -40,23 +39,18 @@ fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
@ -65,11 +59,6 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=
ynh_restore_file --origin_path="$final_path"
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Restore permissions on app files
chown -R $app:www-data "$final_path"
find "$final_path" -type f -exec chmod 640 {} \;
find "$final_path/bin" -type f -exec chmod 750 {} \;
@ -77,19 +66,7 @@ find "$final_path" -type d -exec chmod 750 {} \;
find "$final_path" -type d -exec chmod +s {} \;
#=================================================
# RESTORE THE CRON
#=================================================
ynh_restore_file --origin_path="/etc/cron.d/$app"
chmod 644 /etc/cron.d/$app
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
# Restore the file first, so it can have a backup if different
ynh_restore_file --origin_path="/etc/php/$YNH_PHP_VERSION/fpm/pool.d/$app.conf"
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
@ -98,6 +75,28 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=1
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=1
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE VARIOUS FILES
#=================================================
ynh_script_progression --message="Restoring various files..." --weight=1
ynh_restore_file --origin_path="/etc/cron.d/$app"
chmod 644 /etc/cron.d/$app
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -105,7 +104,7 @@ ynh_install_app_dependencies $pkg_dependencies
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1
ynh_systemd_action --service_name=php${YNH_PHP_VERSION}-fpm --action=restart
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================

125
scripts/upgrade
View file

@ -18,10 +18,9 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
language=$(ynh_app_setting_get --app=$app --key=language)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
language=$(ynh_app_setting_get --app=$app --key=language)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
@ -31,20 +30,31 @@ password=$(ynh_app_setting_get --app=$app --key=password)
#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..." --weight=1
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# If db_name doesn't exist, create it
if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/var/www/$app
@ -59,15 +69,15 @@ if ynh_legacy_permissions_exists; then
fi
# Giving admin permission to the specified used
if ! ynh_permission_exists --permission "admin"
if ! ynh_permission_exists --permission="admin"
then
ynh_permission_create --permission "admin" --allowed "$admin"
ynh_permission_create --permission="admin" --allowed="$admin"
fi
# Creating user permission
if ! ynh_permission_exists --permission "user"
if ! ynh_permission_exists --permission="user"
then
ynh_permission_create --permission "user"
ynh_permission_create --permission="user"
fi
# If fpm_footprint doesn't exist, create it
@ -88,22 +98,19 @@ if [ -z "$with_sftp" ] || [ -z "$password" ]; then
ynh_app_setting_set --app=$app --key=password --value=$(ynh_string_random)
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Delete existing ini configuration file (backward compatibility)
if [ -f /etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini ]; then
ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini
fi
#=================================================
# STANDARD UPGRADE STEPS
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=3
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -114,15 +121,15 @@ then
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path" --source_id="app-upgrade"
ynh_setup_source --dest_dir="$final_path/user/plugins/login-ldap" --source_id="ldap"
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
# Create a dedicated nginx config
ynh_add_nginx_config
# Set permissions on app files
chown -R $app:www-data "$final_path"
find "$final_path" -type f -exec chmod 640 {} \;
find "$final_path/bin" -type f -exec chmod 750 {} \;
find "$final_path" -type d -exec chmod 750 {} \;
find "$final_path" -type d -exec chmod +s {} \;
#=================================================
# UPGRADE DEPENDENCIES
@ -131,36 +138,29 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=3
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
# Create a dedicated php-fpm config
# Create a dedicated PHP-FPM config
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
# Delete existing ini configuration file (backward compatibility)
if [ -f /etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini ]; then
ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# UPGRADE LDAP PLUGIN
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Installing and configuring LDAP plugin..." --weight=3
# Download LDAP source
ynh_setup_source --dest_dir="$final_path/user/plugins/login-ldap" --source_id="ldap"
ynh_script_progression --message="Updating a configuration file..." --weight=3
mkdir -p "$final_path/user/config/plugins/login-ldap"
touch "$final_path/user/accounts/admin.yaml"
@ -169,17 +169,6 @@ ynh_add_config --template="../conf/login-ldap.yaml" --destination="$final_path/u
chown $app:$app "$final_path/user/config/plugins/login-ldap.yaml"
chmod 640 "$final_path/user/config/plugins/login-ldap.yaml"
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Set permissions on app files
chown -R $app:www-data "$final_path"
find "$final_path" -type f -exec chmod 640 {} \;
find "$final_path/bin" -type f -exec chmod 750 {} \;
find "$final_path" -type d -exec chmod 750 {} \;
find "$final_path" -type d -exec chmod +s {} \;
#=================================================
# UPGRADE PLUGINS
#=================================================
@ -190,18 +179,20 @@ pushd "$final_path"
popd
#=================================================
# CREATE A CRON TASK
#=================================================
# UPDATE A CRON TASK
#================================================
ynh_script_progression --message="Updating a cron task..." --weight=1
echo "* * * * * $app php${YNH_PHP_VERSION} $final_path/bin/grav scheduler 1>> /dev/null 2>&1" > /etc/cron.d/$app
chmod 644 /etc/cron.d/$app
#=================================================
# RELOAD NGINX AND PHP-FPM
# GENERIC FINALIZATION
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=php${YNH_PHP_VERSION}-fpm --action=restart
ynh_systemd_action --service_name=nginx --action=reload
#=================================================