From f1b8557b1e27fa122361516ecf077855b84f9643 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 10 Aug 2018 00:06:26 +0200 Subject: [PATCH] Refactoring and version upgrade --- check_process | 74 ++++++++-------- conf/app.src | 6 ++ conf/nginx.conf | 112 ++++++++++++++----------- conf/php-fpm.conf | 46 +++++----- conf/php-fpm.ini | 13 ++- manifest.json | 145 ++++++++++++++++---------------- scripts/.fonctions | 204 --------------------------------------------- scripts/_common.sh | 13 +++ scripts/backup | 56 +++++++++---- scripts/install | 159 +++++++++++++++++++++++------------ scripts/remove | 65 +++++++++++---- scripts/restore | 122 ++++++++++++++++----------- scripts/upgrade | 166 +++++++++++++++++++++++++++--------- sources/source_dir | 1 - sources/source_md5 | 1 - sources/source_url | 1 - 16 files changed, 623 insertions(+), 561 deletions(-) create mode 100644 conf/app.src delete mode 100644 scripts/.fonctions create mode 100644 scripts/_common.sh delete mode 100644 sources/source_dir delete mode 100644 sources/source_md5 delete mode 100644 sources/source_url diff --git a/check_process b/check_process index 4e51f1b..7907fd5 100644 --- a/check_process +++ b/check_process @@ -1,37 +1,39 @@ -;; Test complet sans multisite - auto_remove=1 - ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) - language="fr_FR" - multisite="No" - is_public="Yes" (PUBLIC|public=Yes|private=No) - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - backup_restore=1 - multi_instance=1 - wrong_user=1 - wrong_path=1 - incorrect_path=1 - corrupt_source=0 - fail_download_source=0 - port_already_use=0 - final_path_already_use=0 +# See here for more informations +# https://github.com/YunoHost/package_check#syntax-check_process-file + +;; Test complet + ; Manifest + domain="domain.tld" (DOMAIN) + path="/path" (PATH) + admin="john" (USER) + language="fr" + is_public=1 (PUBLIC|public=1|private=0) + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_nourl=0 + setup_private=1 + setup_public=1 + upgrade=1 + backup_restore=1 + multi_instance=1 + incorrect_path=1 + port_already_use=0 + change_url=0 ;;; Levels - Level 1=auto - Level 2=auto - Level 3=auto - Level 4=0 - Level 5=auto - Level 6=auto - Level 7=auto - Level 8=0 - Level 9=0 - Level 10=0 \ No newline at end of file + Level 1=auto + Level 2=auto + Level 3=auto +# Level 4: If the app supports LDAP and SSOwat, turn level 4 to '1' and add a link to an issue or a part of your code to show it. +# If the app does not use LDAP nor SSOwat, and can't use them, turn level 4 to 'na' and explain as well. + Level 4=0 + Level 5=auto + Level 6=auto + Level 7=auto + Level 8=0 + Level 9=0 + Level 10=0 +;;; Options +Email= +Notification=none diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..88bf341 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/getgrav/grav/releases/download/1.4.8/grav-admin-v1.4.8.zip +SOURCE_SUM=0948596A139D6B4E71AA70CDDF2EA4CF4E0F70466F9B8D1650D3A94AA9942887 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=zip +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/nginx.conf b/conf/nginx.conf index 9ac47a7..0bd21b0 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,54 +1,70 @@ -location __PATHTOCHANGE__ { - alias __FINALPATH__/; - index index.php; +location __PATH__ +{ + alias __FINALPATH__/; + index index.php; - if (!-e $request_filename) - { - rewrite ^(.+)$ __PATHTOCHANGE__/index.php?q=$1 last; - } - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - client_max_body_size 30m; + if (!-e $request_filename) + { + rewrite ^(.+)$ __PATH__/index.php?q=$1 last; + } + if ($scheme = http) + { + rewrite ^ https://$server_name$request_uri? permanent; + } + client_max_body_size 30m; - # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000;"; - add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; + # Add headers to serve security related headers + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; - location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3|pdf)$ { - # Le contenu statique, est signalé au navigateur comme étant - # à garder en cache une semaine. Si il y a un proxy sur la - # route, celui-ci est autorisé à faire une copie et à la - # cacher. - expires 1w; - add_header Cache-Control public; - } - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-__NAMETOCHANGE__.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - } + location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3|pdf)$ + { + # Le contenu statique, est signalé au navigateur comme étant + # à garder en cache une semaine. Si il y a un proxy sur la + # route, celui-ci est autorisé à faire une copie et à la + # cacher. + expires 1w; + add_header Cache-Control public; + } + location ~ [^/]\.php(/|$) + { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_param HTTP_PROXY ""; + } - ## Begin - Security - # deny all direct access for these folders - location ~* /(.git|cache|bin|logs|backups)/.*$ { return 403; } - # deny running scripts inside core system folders - location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } - # deny running scripts inside user folder - location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } - # deny access to specific files in the root folder - location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; } - ## End - Security + ## Begin - Security + # deny all direct access for these folders + location ~* /(.git|cache|bin|logs|backups)/.*$ + { + return 403; + } + # deny running scripts inside core system folders + location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ + { + return 403; + } + # deny running scripts inside user folder + location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ + { + return 403; + } + # deny access to specific files in the root folder + location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) + { + return 403; + } + ## End - Security - #--PRIVATE--# Include SSOWAT user panel. - #--PRIVATE--include conf.d/yunohost_panel.conf.inc; + #--PRIVATE--# Include SSOWAT user panel. + #--PRIVATE--include conf.d/yunohost_panel.conf.inc; } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 5672f10..2aec4a2 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -19,8 +19,8 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = www-data -group = www-data +user = __USER__ +group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -32,19 +32,19 @@ group = www-data ; Note: This value is mandatory. listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock -; Set listen(2) backlog. +; Set listen(2) backlog. A value of '-1' means unlimited. ; Default Value: 128 (-1 on FreeBSD and OpenBSD) ;listen.backlog = 128 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. +; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data listen.group = www-data ;listen.mode = 0660 - + ; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address @@ -117,7 +117,7 @@ pm.max_spare_servers = 3 ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s ;pm.process_idle_timeout = 10s; - + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. @@ -170,7 +170,7 @@ pm.max_requests = 500 ; ; By default the status page only outputs short status. Passing 'full' in the ; query string will also return status for each pool process. -; Example: +; Example: ; http://www.foo.bar/status?full ; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?html&full @@ -220,9 +220,9 @@ pm.max_requests = 500 ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. -; Default Value: not set +; Default Value: not set ;pm.status_path = /status - + ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside ; that FPM is alive and responding, or to @@ -283,7 +283,7 @@ pm.max_requests = 500 ; - .... ; %p: PID of the child that serviced the request ; %P: PID of the parent of the child that serviced the request -; %q: the query string +; %q: the query string ; %Q: the '?' character if query string exists ; %r: the request URI (without the query string, see %q and %Q) ; %R: remote IP address @@ -298,50 +298,50 @@ pm.max_requests = 500 ; ; Default: "%R - %u %t \"%m %r\" %s" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - + ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log - + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_slowlog_timeout = 5s - + ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_terminate_timeout = 1d - + ; Set open file descriptor rlimit. ; Default Value: system defined value ;rlimit_files = 1024 - + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value ;rlimit_core = 0 - + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set -;chroot = - +;chroot = + ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot chdir = __FINALPATH__ - + ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. ; Note: on highloaded environement, this can cause some delay in the page @@ -356,7 +356,7 @@ catch_workers_output = yes ; Note: set an empty value to allow all extensions. ; Default Value: .php ;security.limit_extensions = .php .php3 .php4 .php5 - + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -370,7 +370,7 @@ catch_workers_output = yes ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. @@ -389,4 +389,4 @@ catch_workers_output = yes ;php_flag[display_errors] = off ;php_admin_value[error_log] = /var/log/fpm-php.www.log ;php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M \ No newline at end of file +;php_admin_value[memory_limit] = 32M diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini index 55e2ba7..212240d 100644 --- a/conf/php-fpm.ini +++ b/conf/php-fpm.ini @@ -1,3 +1,10 @@ -upload_max_filesize=30M -post_max_size=30M -; max_execution_time=60 \ No newline at end of file +; Common values to change to increase file upload limit +upload_max_filesize = 50M +post_max_size = 50M +; mail.add_x_header = Off + +; Other common parameters +; max_execution_time = 600 +; max_input_time = 300 +; memory_limit = 256M +; short_open_tag = On diff --git a/manifest.json b/manifest.json index a5ae34a..7b6e2b4 100644 --- a/manifest.json +++ b/manifest.json @@ -1,74 +1,73 @@ { - "name": "Grav", - "id": "grav", - "packaging_format": 1, - "description": { - "en": "Grav - Grav is a modern open source flat-file CMS", - "fr": "Grav - Grav is a modern open source flat-file CMS" - }, - "version": "1.4.5", - "url": "https://www.getgrav.org/", - "license": "free", - "maintainer": { - "name": "cyp, lithrel", - "email": "cyp@rouquin.me, lithrel@randomdomainname.net" - }, - "requirements": { - "yunohost": ">> 2.7.0" - }, - "multi_instance": true, - "services": [ - "nginx", - "php5-fpm" - ], - "arguments": { - "install" : [ - { - "name": "domain", - "type": "domain", - "ask": { - "en": "Choose a domain name for Grav", - "fr": "Choisissez un nom de domaine pour Grav" - }, - "example": "example.org" - }, - { - "name": "path", - "type": "path", - "ask": { - "en": "Choose a path for Grav", - "fr": "Choisissez un chemin pour Grav" - }, - "example": "/grav", - "default": "/grav" - }, - { - "name": "admin", - "type": "user", - "ask": { - "en": "Choose the Grav administrator (must be an existing YunoHost user)", - "fr": "Administrateur du site (doit être un utilisateur YunoHost existant)" - }, - "example": "johndoe" - }, - { - "name": "is_public", - "ask": { - "en": "Is it a public Grav site ?", - "fr": "Est-ce un site public ?" - }, - "choices": ["Yes", "No"], - "default": "Yes" - }, - { - "name": "language", - "ask": { - "en": "Choose the application language", - "fr": "Choisissez la langue de l'application" - }, - "choices": ["en_EN", "fr_FR"], - "default": "fr_FR" - } - ] - } -} + "name": "Grav", + "id": "grav", + "packaging_format": 1, + "description": { + "en": "Grav - a modern open source flat-file CMS", + "fr": "Grav - un CMS moderne, libre, et sans base de données" + }, + "version": "1.4.8", + "url": "https://www.getgrav.org/", + "license": "free", + "maintainer": { + "name": "cyp, lithrel, tituspijean", + "email": "cyp@rouquin.me, lithrel@randomdomainname.net, tituspijean@outlook.com" + }, + "requirements": { + "yunohost": ">= 2.7.14" + }, + "multi_instance": true, + "services": [ + "nginx", + "php5-fpm" + ], + "arguments": { + "install": [{ + "name": "domain", + "type": "domain", + "ask": { + "en": "Choose a domain name for Grav", + "fr": "Choisissez un nom de domaine pour Grav" + }, + "example": "example.org" + }, + { + "name": "path", + "type": "path", + "ask": { + "en": "Choose a path for Grav", + "fr": "Choisissez un chemin pour Grav" + }, + "example": "/grav", + "default": "/grav" + }, + { + "name": "admin", + "type": "user", + "ask": { + "en": "Choose the Grav administrator (must be an existing YunoHost user)", + "fr": "Administrateur du site (doit être un utilisateur YunoHost existant)" + }, + "example": "johndoe" + }, + { + "name": "is_public", + "type": "boolean", + "ask": { + "en": "Is it a public application?", + "fr": "Est-ce une application publique ?" + }, + "default": true + }, + { + "name": "language", + "ask": { + "en": "Choose the application language", + "fr": "Choisissez la langue de l'application" + }, + "choices": ["en_EN", "fr_FR"], + "default": "fr_FR" + } + ] + } +} \ No newline at end of file diff --git a/scripts/.fonctions b/scripts/.fonctions deleted file mode 100644 index d9bc244..0000000 --- a/scripts/.fonctions +++ /dev/null @@ -1,204 +0,0 @@ -#!/bin/bash - -ynh_version="2.4" - -YNH_VERSION () { # Returns the version number of the Yunohost moulinette - ynh_version=$(sudo yunohost -v | grep "moulinette:" | cut -d' ' -f2 | cut -d'.' -f1,2) -} - -CHECK_VAR () { # Verifies that the variable is not empty. - # $1 = Variable to be checked - # $2 = Display text on error - test -n "$1" || (echo "$2" >&2 && false) -} - -EXIT_PROPERLY () { # Causes the script to stop in the event of an error. And clean the residue. - trap '' ERR - echo -e "\e[91m \e[1m" # Shell in light red bold - echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2 - - if type -t CLEAN_SETUP > /dev/null; then # Checks the existence of the function before executing it. - CLEAN_SETUP # Call the specific cleanup function of the install script. - fi - - # Compensates the ssowat bug that does not remove the app's input in case of installation error. - sudo sed -i "\@\"$domain$path/\":@d" /etc/ssowat/conf.json - - if [ "$ynh_version" = "2.2" ]; then - /bin/bash $script_dir/remove - fi - - ynh_die -} - -TRAP_ON () { # Activate signal capture - trap EXIT_PROPERLY ERR # Capturing exit signals on error -} - -TRAP_OFF () { # Ignoring signal capture until TRAP_ON - trap '' ERR # Ignoring exit signals -} - -CHECK_USER () { # Check the validity of the user admin - # $1 = User admin variable - ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false) -} - -CHECK_PATH () { # Checks / at the beginning of the path. And his absence at the end. - if [ "${path:0:1}" != "/" ]; then # If the first character is not / - path="/$path" # Add / at the beginning of path - fi - if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # If the last character is a / and it is not the only character. - path="${path:0:${#path}-1}" # Delete last character - fi -} - -CHECK_DOMAINPATH () { # Checks the availability of the path and domain. - sudo yunohost app checkurl $domain$path -a $app -} - -CHECK_FINALPATH () { # Checks that the destination folder is not already in use. - final_path=/var/www/$app - if [ -e "$final_path" ] - then - echo "This path already contains a folder" >&2 - false - fi -} - -GENERATE_DB () { # Create a database and a dedicated user in the name of the app - # $1 = Database name - # Generates a random password. - db_user=$1 - db_pwd=$(head -n20 /dev/urandom | tr -c -d 'A-Za-z0-9' | head -c20) - CHECK_VAR "$db_pwd" "db_pwd empty" - # Uses '$ app' as user name and database - # Initializes the database and stores the mysql password. - ynh_mysql_create_db "$db_user" "$db_user" $db_pwd - ynh_app_setting_set $app mysqlpwd $db_pwd -} - -SETUP_SOURCE () { # Download source, decompress and copu into $final_path - src=$(cat ../sources/source_md5 | awk -F' ' {'print $2'}) - sudo wget -nv -i ../sources/source_url -O $src - # Checks the checksum of the downloaded source. - # md5sum -c ../sources/source_md5 --status || ynh_die "Corrupt source" - # Decompress source - if [ "$(echo ${src##*.})" == "tgz" ]; then - tar -x -f $src - elif [ "$(echo ${src##*.})" == "zip" ]; then - unzip -q $src - else - false # Unsupported archive format. - fi - # Copy file source - sudo cp -a $(cat ../sources/source_dir)/. "$final_path" - # Copy additional file and modified - if test -e "../sources/ajouts"; then - sudo cp -a ../sources/ajouts/. "$final_path" - fi -} - -POOL_FPM () { # Create the php-fpm pool configuration file and configure it. - sed -i "s@__NAMETOCHANGE__@$app@g" ../conf/php-fpm.conf - sed -i "s@__FINALPATH__@$final_path@g" ../conf/php-fpm.conf - finalphpconf=/etc/php5/fpm/pool.d/$app.conf - sudo cp ../conf/php-fpm.conf $finalphpconf - sudo chown root: $finalphpconf - finalphpini=/etc/php5/fpm/conf.d/20-$app.ini - sudo cp ../conf/php-fpm.ini $finalphpini - sudo chown root: $finalphpini - sudo systemctl reload php5-fpm -} - -STORE_MD5_CONFIG () { # Saves the checksum of the config file - # $1 = Name of the conf file for storage in settings.yml - # $2 = Full name and path of the conf file. - ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1) -} - -CHECK_MD5_CONFIG () { # Created a backup of the config file if it was changed. - # $1 = Name of the conf file for storage in settings.yml - # $2 = Full name and path of the conf file.onf. - if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then - sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" # Si le fichier de config a été modifié, créer un backup. - fi -} - -FIND_PORT () { # Search free port - # $1 = Port number to start the search. - port=$1 - while ! sudo yunohost app checkport $port ; do - port=$((port+1)) - done - CHECK_VAR "$port" "port empty" -} - - -### REMOVE SCRIPT - -REMOVE_NGINX_CONF () { # Delete nginx configuration - if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config - echo "Delete nginx config" - sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf" - sudo systemctl reload nginx - fi -} - -REMOVE_FPM_CONF () { # Delete pool php-fpm configuration - if [ -e "/etc/php5/fpm/pool.d/$app.conf" ]; then # Delete fpm config - echo "Delete fpm config" - sudo rm "/etc/php5/fpm/pool.d/$app.conf" - fi - if [ -e "/etc/php5/fpm/conf.d/20-$app.ini" ]; then # Delete php config - echo "Delete php config" - sudo rm "/etc/php5/fpm/conf.d/20-$app.ini" - fi - sudo systemctl reload php5-fpm -} - -REMOVE_LOGROTATE_CONF () { # Delete logrotate configuration - if [ -e "/etc/logrotate.d/$app" ]; then - echo "Delete logrotate config" - sudo rm "/etc/logrotate.d/$app" - fi -} - -SECURE_REMOVE () { # Deleting a folder with variable verification - chaine="$1" # The argument must be given between simple quotes '', to avoid interpreting the variables. - no_var=0 - while (echo "$chaine" | grep -q '\$') # Loop as long as there are $ in the string - do - no_var=1 - global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole the first variable found. - only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole completely the variable by adding the $ at the beginning and keeping only the name of the variable. Mostly gets rid of / and a possible path behind. - real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` Allows to interpret a variable contained in a variable. - if test -z "$real_var" || [ "$real_var" = "/" ]; then - echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2 - return 1 - fi - chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # Replaces variable with its value in the string. - done - if [ "$no_var" -eq 1 ] - then - if [ -e "$chaine" ]; then - echo "Delete directory $chaine" - sudo rm -r "$chaine" - fi - return 0 - else - echo "No detected variable." >&2 - return 1 - fi -} - -REMOVE_BDD () { # Delete database and users - # $1 = Database name - # Uses '$app' as user name and database - db_user=$1 - if mysqlshow -u root -p$(sudo cat $MYSQL_ROOT_PWD_FILE) | grep -q "^| $db_user"; then - echo "Delete db" - ynh_mysql_drop_db $db_user - ynh_mysql_drop_user $db_user - fi -} diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..24bd7ba --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# ============= FUTURE YUNOHOST HELPER ============= +# Delete a file checksum from the app settings +# +# $app should be defined when calling this helper +# +# usage: ynh_remove_file_checksum file +# | arg: file - The file for which the checksum will be deleted +ynh_delete_file_checksum () { + local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' + ynh_app_setting_delete $app $checksum_setting_name +} diff --git a/scripts/backup b/scripts/backup index 2859743..60c9d80 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,23 +1,51 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source app helpers +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -# Get multi-instances specific variables +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) +final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get $app domain) -# Copy the app files -final_path="/var/www/${app}" -ynh_backup "$final_path" "sources" 1 +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= -# Copy the nginx conf files -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" -# Copy the php-fpm conf files -ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf" -ynh_backup "/etc/php5/fpm/conf.d/20-${app}.ini" "php-fpm.ini" \ No newline at end of file +ynh_backup "$final_path" + +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" diff --git a/scripts/install b/scripts/install index 620b11b..126e9d1 100644 --- a/scripts/install +++ b/scripts/install @@ -1,86 +1,137 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -source .fonctions # Loads the generic functions usually used in the script -source /usr/share/yunohost/helpers # Source app helpers +source _common.sh +source /usr/share/yunohost/helpers -CLEAN_SETUP () { - # Clean installation residues that are not supported by the remove script. - # Clean hosts - sudo sed -i '/#GRAV/d' /etc/hosts +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true } -TRAP_ON # Active trap to stop the script if an error is detected. +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= domain=$YNH_APP_ARG_DOMAIN -path=$YNH_APP_ARG_PATH -admin_grav=$YNH_APP_ARG_ADMIN -language=$YNH_APP_ARG_LANGUAGE +path_url=$YNH_APP_ARG_PATH +admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC +language=$YNH_APP_ARG_LANGUAGE app=$YNH_APP_INSTANCE_NAME -CHECK_VAR "$app" "app name not set" +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= -CHECK_USER "$admin_grav" +# Set and test the installation path +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -CHECK_PATH +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) -CHECK_DOMAINPATH +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url -CHECK_FINALPATH +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app path $path -ynh_app_setting_set $app admin $admin_grav +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app admin $admin ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app language $language -# Creates the destination directory and stores its location. -sudo mkdir "$final_path" +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# INSTALL DEPENDENCIES +#================================================= + +ynh_install_app_dependencies php7.0-zip + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +### `ynh_setup_source` is used to install an app from a zip or tar.gz file, +### downloaded from an upstream source, like a git repository. +### `ynh_setup_source` use the file conf/app.src + ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" -# Get source -SETUP_SOURCE +#================================================= +# NGINX CONFIGURATION +#================================================= -# Grav install -sudo $final_path/bin/grav +### `ynh_add_nginx_config` will use the file conf/nginx.conf -# Set permissions -sudo chown -R www-data: $final_path +# Create a dedicated nginx config +ynh_add_nginx_config -echo -e "127.0.0.1 $domain #GRAV" | sudo tee -a /etc/hosts +#================================================= +# CREATE DEDICATED USER +#================================================= -# Copy nginx config -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf +# Create a system user +ynh_system_user_create $app -# Modif the variables in the nginx configuration file -sudo sed -i "s@__PATHTOCHANGE__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf -sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/$domain.d/$app.conf -sudo sed -i "s@__NAMETOCHANGE__@$app@g" /etc/nginx/conf.d/$domain.d/$app.conf +#================================================= +# PHP-FPM CONFIGURATION +#================================================= -if [ "$is_public" = "Yes" ]; +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC SETUP +#================================================= +# ... +#================================================= + + + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Grav is a file-based CMS, its user should have write access +# Set permissions to app files +chown -R $app:www-data $final_path + +#================================================= +# SETUP SSOWAT +#================================================= + +# Make app public if necessary +if [ $is_public -eq 1 ] then - sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set $app unprotected_uris "/" fi -# Create the php-fpm pool config -POOL_FPM +#================================================= +# RELOAD NGINX +#================================================= -# Setup SSOwat -ynh_app_setting_set "$app" is_public "$is_public" -if [ "$is_public" = "Yes" ]; -then - ynh_app_setting_set "$app" unprotected_uris "/" -fi - -# Reload SSOwat configuration -sudo yunohost app ssowatconf - -# Reload Nginx and regenerate SSOwat conf -sudo systemctl reload php5-fpm -sudo systemctl reload nginx - -# Nettoyer hosts -sudo sed -i '/#GRAV/d' /etc/hosts \ No newline at end of file +systemctl reload nginx diff --git a/scripts/remove b/scripts/remove index a62ac0c..7da9d84 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,25 +1,58 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -u +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Loads the generic functions usually used in the script -source .fonctions -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers -# Get multi-instances specific variables +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) +domain=$(ynh_app_setting_get $app domain) +final_path=$(ynh_app_setting_get $app final_path) -# Delete app directory and configurations -SECURE_REMOVE '/var/www/$app' # Delete directory application -sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf" -sudo rm -f "/etc/php5/fpm/conf.d/20-${app}.ini" -[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" +#================================================= +# STANDARD REMOVE +#================================================= +# REMOVE DEPENDENCIES +#================================================= -# Reload services -sudo systemctl reload php5-fpm -sudo systemctl reload nginx \ No newline at end of file +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + +#================================================= +# REMOVE APP MAIN DIR +#================================================= + +# Remove the app directory securely +ynh_secure_remove "$final_path" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= + +# Delete a system user +ynh_system_user_delete $app diff --git a/scripts/restore b/scripts/restore index 3070e9b..26d3019 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,66 +1,92 @@ #!/bin/bash -# This restore script is adapted to Yunohost >=2.4 -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source app helpers +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -# The parameter $app is the id of the app instance ex: ynhexample__2 +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Get old parameter of the app domain=$(ynh_app_setting_get $app domain) -path=$(ynh_app_setting_get $app path) -is_public=$(ynh_app_setting_get $app is_public) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "${app}" \ - || ynh_die "Path not available: ${domain}${path}" +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= -# Check $final_path -final_path="/var/www/${app}" -if [ -d "${final_path}" ]; then - ynh_die "There is already a directory: ${final_path}" -fi +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " -# Check configuration files nginx -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -if [ -f "${nginx_conf}" ]; then - ynh_die "The NGINX configuration already exists at '${nginx_conf}'. You should safely delete it before restoring this app." -fi +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# REINSTALL DEPENDENCIES +#================================================= -# Check configuration files php-fpm -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -if [ -f "${phpfpm_conf}" ]; then - ynh_die "The PHP FPM configuration already exists at '${phpfpm_conf}'. You should safely delete it before restoring this app." -fi +# Define and install dependencies +ynh_install_app_dependencies php7.0-zip -phpfpm_ini="/etc/php5/fpm/conf.d/20-${app}.ini" -if [ -f "${phpfpm_ini}" ]; then - ynh_die "The PHP FPM INI configuration already exists at '${phpfpm_ini}'. You should safely delete it before restoring this app." -fi +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= - # Restore sources & data -sudo cp -a ./sources "${final_path}" +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" -# Set permissions -sudo chown -R www-data: "${final_path}" +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= -# Restore nginx configuration files -sudo cp -a ./nginx.conf "${nginx_conf}" -# Restore php-fpm configuration files -sudo cp -a ./php-fpm.conf "${phpfpm_conf}" -sudo cp -a ./php-fpm.ini "${phpfpm_ini}" +ynh_restore_file "$final_path" -# Set ssowat config -if [ "$is_public" = "No" ]; -then - ynh_app_setting_delete $app skipped_uris -fi +#================================================= +# RECREATE THE DEDICATED USER +#================================================= -# Reload services -sudo systemctl reload php5-fpm -sudo systemctl reload nginx -sudo yunohost app ssowatconf +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Grav is a file-based CMS, its user should have write access +# Restore permissions on app files +chown -R $app: $final_path + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= + +systemctl reload php5-fpm +systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index 6aadad5..a203b24 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,51 +1,139 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -source .fonctions # Loads the generic functions usually used in the script -source /usr/share/yunohost/helpers # Source YunoHost helpers +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= -# See comments in install script app=$YNH_APP_INSTANCE_NAME -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -admin=$(ynh_app_setting_get "$app" admin) -is_public=$(ynh_app_setting_get "$app" is_public) -language=$(ynh_app_setting_get "$app" language) +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +admin=$(ynh_app_setting_get $app admin) +is_public=$(ynh_app_setting_get $app is_public) +final_path=$(ynh_app_setting_get $app final_path) +language=$(ynh_app_setting_get $app language) -CHECK_PATH # Checks and corrects the syntax of the path. +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= -final_path=/var/www/$app - -# Get source -SETUP_SOURCE - -# Modify Nginx configuration file and copy it to Nginx conf directory -sudo sed -i "s@__PATHTOCHANGE__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf -sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/$domain.d/$app.conf -sudo sed -i "s@__NAMETOCHANGE__@$app@g" /etc/nginx/conf.d/$domain.d/$app.conf - -if [ "$is_public" = "Yes" ]; -then - sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf +# Fix is_public as a boolean value +if [ "$is_public" = "Yes" ]; then + ynh_app_setting_set $app is_public 1 + is_public=1 +elif [ "$is_public" = "No" ]; then + ynh_app_setting_set $app is_public 0 + is_public=0 fi -# Create the php-fpm pool config -POOL_FPM - -sudo chown -R www-data: "${final_path}" - -# Setup SSOwat -ynh_app_setting_set "$app" is_public "$is_public" -if [ "$is_public" = "Yes" ]; -then - ynh_app_setting_set "$app" unprotected_uris "/" +# If db_name doesn't exist, create it +if [ -z $db_name ]; then + db_name=$(ynh_sanitize_dbid $app) + ynh_app_setting_set $app db_name $db_name fi -# Reload Nginx -sudo systemctl reload php5-fpm -sudo systemctl reload nginx -sudo yunohost app ssowatconf \ No newline at end of file +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path=/var/www/$app + ynh_app_setting_set $app final_path $final_path +fi + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +#================================================= +# UPGRADE DEPENDENCIES +#================================================= + +ynh_install_app_dependencies php7.0-zip + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# ... +#================================================= + + + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Grav is a file-based CMS, its user should have write access +# Set permissions on app files +chown -R $app: $final_path + +#================================================= +# SETUP SSOWAT +#================================================= + +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway + ynh_app_setting_set $app unprotected_uris "/" +fi + +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx diff --git a/sources/source_dir b/sources/source_dir deleted file mode 100644 index f07b028..0000000 --- a/sources/source_dir +++ /dev/null @@ -1 +0,0 @@ -grav-admin \ No newline at end of file diff --git a/sources/source_md5 b/sources/source_md5 deleted file mode 100644 index 832237d..0000000 --- a/sources/source_md5 +++ /dev/null @@ -1 +0,0 @@ -3ffcbca0cbf596db839aaf499f821497 grav-admin-v1.4.5.zip diff --git a/sources/source_url b/sources/source_url deleted file mode 100644 index 6333ebf..0000000 --- a/sources/source_url +++ /dev/null @@ -1 +0,0 @@ -https://github.com/getgrav/grav/releases/download/1.4.5/grav-admin-v1.4.5.zip