YunoHost-Apps/grav_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/grav_ynh.git synced 2024-09-03 19:16:01 +02:00
Code Issues Activity Actions 1

Refactoring and version upgrade

Browse source
This commit is contained in:
tituspijean 2018-08-10 00:06:26 +02:00
parent b2a1500bb8
commit f1b8557b1e
16 changed files with 623 additions and 561 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
check_process
View file

@ -1,37 +1,39 @@
;; Test complet sans multisite # See here for more informations
auto_remove=1 # https://github.com/YunoHost/package_check#syntax-check_process-file
; Manifest
domain="domain.tld" (DOMAIN) ;; Test complet
path="/path" (PATH) ; Manifest
admin="john" (USER) domain="domain.tld" (DOMAIN)
language="fr_FR" path="/path" (PATH)
multisite="No" admin="john" (USER)
is_public="Yes" (PUBLIC|public=Yes|private=No) language="fr"
; Checks is_public=1 (PUBLIC|public=1|private=0)
pkg_linter=1 ; Checks
setup_sub_dir=1 pkg_linter=1
setup_root=1 setup_sub_dir=1
setup_nourl=0 setup_root=1
setup_private=1 setup_nourl=0
setup_public=1 setup_private=1
upgrade=1 setup_public=1
backup_restore=1 upgrade=1
multi_instance=1 backup_restore=1
wrong_user=1 multi_instance=1
wrong_path=1 incorrect_path=1
incorrect_path=1 port_already_use=0
corrupt_source=0 change_url=0
fail_download_source=0
port_already_use=0
final_path_already_use=0
;;; Levels ;;; Levels
Level 1=auto Level 1=auto
Level 2=auto Level 2=auto
Level 3=auto Level 3=auto
Level 4=0 # Level 4: If the app supports LDAP and SSOwat, turn level 4 to '1' and add a link to an issue or a part of your code to show it.
Level 5=auto # If the app does not use LDAP nor SSOwat, and can't use them, turn level 4 to 'na' and explain as well.
Level 6=auto Level 4=0
Level 7=auto Level 5=auto
Level 8=0 Level 6=auto
Level 9=0 Level 7=auto
Level 10=0 Level 8=0
Level 9=0
Level 10=0
;;; Options
Email=
Notification=none

6
conf/app.src Normal file
View file

@ -0,0 +1,6 @@
SOURCE_URL=https://github.com/getgrav/grav/releases/download/1.4.8/grav-admin-v1.4.8.zip
SOURCE_SUM=0948596A139D6B4E71AA70CDDF2EA4CF4E0F70466F9B8D1650D3A94AA9942887
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

112
conf/nginx.conf
View file

@ -1,54 +1,70 @@
location __PATHTOCHANGE__ { location __PATH__
alias __FINALPATH__/; {
index index.php; alias __FINALPATH__/;
index index.php;
if (!-e $request_filename) if (!-e $request_filename)
{ {
rewrite ^(.+)$ __PATHTOCHANGE__/index.php?q=$1 last; rewrite ^(.+)$ __PATH__/index.php?q=$1 last;
} }
if ($scheme = http) { if ($scheme = http)
rewrite ^ https://$server_name$request_uri? permanent; {
} rewrite ^ https://$server_name$request_uri? permanent;
client_max_body_size 30m; }
client_max_body_size 30m;
# Add headers to serve security related headers # Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000;"; add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN";
add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block";
add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none;
add_header X-Robots-Tag none; add_header X-Download-Options noopen;
add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Permitted-Cross-Domain-Policies none;
location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3|pdf)$ { location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3|pdf)$
# Le contenu statique, est signalé au navigateur comme étant {
# à garder en cache une semaine. Si il y a un proxy sur la # Le contenu statique, est signalé au navigateur comme étant
# route, celui-ci est autorisé à faire une copie et à la # à garder en cache une semaine. Si il y a un proxy sur la
# cacher. # route, celui-ci est autorisé à faire une copie et à la
expires 1w; # cacher.
add_header Cache-Control public; expires 1w;
} add_header Cache-Control public;
location ~ [^/]\.php(/|$) { }
fastcgi_split_path_info ^(.+?\.php)(/.*)$; location ~ [^/]\.php(/|$)
fastcgi_pass unix:/var/run/php5-fpm-__NAMETOCHANGE__.sock; {
fastcgi_index index.php; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include fastcgi_params; fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
fastcgi_param REMOTE_USER $remote_user; fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_path_info; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param REMOTE_USER $remote_user;
} fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_PROXY "";
}
## Begin - Security ## Begin - Security
# deny all direct access for these folders # deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backups)/.*$ { return 403; } location ~* /(.git|cache|bin|logs|backups)/.*$
# deny running scripts inside core system folders {
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } return 403;
# deny running scripts inside user folder }
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny running scripts inside core system folders
# deny access to specific files in the root folder location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$
location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; } {
## End - Security return 403;
}
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$
{
return 403;
}
# deny access to specific files in the root folder
location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess)
{
return 403;
}
## End - Security
#--PRIVATE--# Include SSOWAT user panel. #--PRIVATE--# Include SSOWAT user panel.
#--PRIVATE--include conf.d/yunohost_panel.conf.inc; #--PRIVATE--include conf.d/yunohost_panel.conf.inc;
} }

46
conf/php-fpm.conf
View file

@ -19,8 +19,8 @@
; Unix user/group of processes ; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group ; Note: The user is mandatory. If the group is not set, the default user's group
; will be used. ; will be used.
user = www-data user = __USER__
group = www-data group = __USER__
; The address on which to accept FastCGI requests. ; The address on which to accept FastCGI requests.
; Valid syntaxes are: ; Valid syntaxes are:
@ -32,19 +32,19 @@ group = www-data
; Note: This value is mandatory. ; Note: This value is mandatory.
listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog. ; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: 128 (-1 on FreeBSD and OpenBSD) ; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128 ;listen.backlog = 128
; Set permissions for unix socket, if one is used. In Linux, read/write ; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many ; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. ; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user ; Default Values: user and group are set as the running user
; mode is set to 0660 ; mode is set to 0660
listen.owner = www-data listen.owner = www-data
listen.group = www-data listen.group = www-data
;listen.mode = 0660 ;listen.mode = 0660
; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
@ -117,7 +117,7 @@ pm.max_spare_servers = 3
; Note: Used only when pm is set to 'ondemand' ; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s ; Default Value: 10s
;pm.process_idle_timeout = 10s; ;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning. ; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For ; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
@ -170,7 +170,7 @@ pm.max_requests = 500
; ;
; By default the status page only outputs short status. Passing 'full' in the ; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process. ; query string will also return status for each pool process.
; Example: ; Example:
; http://www.foo.bar/status?full ; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full ; http://www.foo.bar/status?html&full
@ -220,9 +220,9 @@ pm.max_requests = 500
; Note: The value must start with a leading slash (/). The value can be ; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it ; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file. ; may conflict with a real PHP file.
; Default Value: not set ; Default Value: not set
;pm.status_path = /status ;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no ; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside ; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to ; that FPM is alive and responding, or to
@ -283,7 +283,7 @@ pm.max_requests = 500
; - .... ; - ....
; %p: PID of the child that serviced the request ; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request ; %P: PID of the parent of the child that serviced the request
; %q: the query string ; %q: the query string
; %Q: the '?' character if query string exists ; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q) ; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address ; %R: remote IP address
@ -298,50 +298,50 @@ pm.max_requests = 500
; ;
; Default: "%R - %u %t \"%m %r\" %s" ; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests ; The log file for slow requests
; Default Value: not set ; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set ; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log
; The timeout for serving a single request after which a PHP backtrace will be ; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0 ; Default Value: 0
request_slowlog_timeout = 5s request_slowlog_timeout = 5s
; The timeout for serving a single request after which the worker process will ; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option ; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'. ; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0 ; Default Value: 0
request_terminate_timeout = 1d request_terminate_timeout = 1d
; Set open file descriptor rlimit. ; Set open file descriptor rlimit.
; Default Value: system defined value ; Default Value: system defined value
;rlimit_files = 1024 ;rlimit_files = 1024
; Set max core size rlimit. ; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value ; Default Value: system defined value
;rlimit_core = 0 ;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an ; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used. ; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix ; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead. ; will be used instead.
; Note: chrooting is a great security feature and should be used whenever ; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot ; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...). ; (error_log, sessions.save_path, ...).
; Default Value: not set ; Default Value: not set
;chroot = ;chroot =
; Chdir to this directory at the start. ; Chdir to this directory at the start.
; Note: relative path can be used. ; Note: relative path can be used.
; Default Value: current directory or / when chroot ; Default Value: current directory or / when chroot
chdir = __FINALPATH__ chdir = __FINALPATH__
; Redirect worker stdout and stderr into main error log. If not set, stdout and ; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs. ; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page ; Note: on highloaded environement, this can cause some delay in the page
@ -356,7 +356,7 @@ catch_workers_output = yes
; Note: set an empty value to allow all extensions. ; Note: set an empty value to allow all extensions.
; Default Value: .php ; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 ;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment. ; the current environment.
; Default Value: clean env ; Default Value: clean env
@ -370,7 +370,7 @@ catch_workers_output = yes
; overwrite the values previously defined in the php.ini. The directives are the ; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI: ; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can ; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'. ; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by ; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set' ; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
@ -389,4 +389,4 @@ catch_workers_output = yes
;php_flag[display_errors] = off ;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log ;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on ;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M ;php_admin_value[memory_limit] = 32M

13
conf/php-fpm.ini
View file

@ -1,3 +1,10 @@
upload_max_filesize=30M ; Common values to change to increase file upload limit
post_max_size=30M upload_max_filesize = 50M
; max_execution_time=60 post_max_size = 50M
; mail.add_x_header = Off
; Other common parameters
; max_execution_time = 600
; max_input_time = 300
; memory_limit = 256M
; short_open_tag = On

145
manifest.json
View file

@ -1,74 +1,73 @@
{ {
"name": "Grav", "name": "Grav",
"id": "grav", "id": "grav",
"packaging_format": 1, "packaging_format": 1,
"description": { "description": {
"en": "Grav - Grav is a modern open source flat-file CMS", "en": "Grav - a modern open source flat-file CMS",
"fr": "Grav - Grav is a modern open source flat-file CMS" "fr": "Grav - un CMS moderne, libre, et sans base de données"
}, },
"version": "1.4.5", "version": "1.4.8",
"url": "https://www.getgrav.org/", "url": "https://www.getgrav.org/",
"license": "free", "license": "free",
"maintainer": { "maintainer": {
"name": "cyp, lithrel", "name": "cyp, lithrel, tituspijean",
"email": "cyp@rouquin.me, lithrel@randomdomainname.net" "email": "cyp@rouquin.me, lithrel@randomdomainname.net, tituspijean@outlook.com"
}, },
"requirements": { "requirements": {
"yunohost": ">> 2.7.0" "yunohost": ">= 2.7.14"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [
"nginx", "nginx",
"php5-fpm" "php5-fpm"
], ],
"arguments": { "arguments": {
"install" : [ "install": [{
{ "name": "domain",
"name": "domain", "type": "domain",
"type": "domain", "ask": {
"ask": { "en": "Choose a domain name for Grav",
"en": "Choose a domain name for Grav", "fr": "Choisissez un nom de domaine pour Grav"
"fr": "Choisissez un nom de domaine pour Grav" },
}, "example": "example.org"
"example": "example.org" },
}, {
{ "name": "path",
"name": "path", "type": "path",
"type": "path", "ask": {
"ask": { "en": "Choose a path for Grav",
"en": "Choose a path for Grav", "fr": "Choisissez un chemin pour Grav"
"fr": "Choisissez un chemin pour Grav" },
}, "example": "/grav",
"example": "/grav", "default": "/grav"
"default": "/grav" },
}, {
{ "name": "admin",
"name": "admin", "type": "user",
"type": "user", "ask": {
"ask": { "en": "Choose the Grav administrator (must be an existing YunoHost user)",
"en": "Choose the Grav administrator (must be an existing YunoHost user)", "fr": "Administrateur du site (doit être un utilisateur YunoHost existant)"
"fr": "Administrateur du site (doit être un utilisateur YunoHost existant)" },
}, "example": "johndoe"
"example": "johndoe" },
}, {
{ "name": "is_public",
"name": "is_public", "type": "boolean",
"ask": { "ask": {
"en": "Is it a public Grav site ?", "en": "Is it a public application?",
"fr": "Est-ce un site public ?" "fr": "Est-ce une application publique ?"
}, },
"choices": ["Yes", "No"], "default": true
"default": "Yes" },
}, {
{ "name": "language",
"name": "language", "ask": {
"ask": { "en": "Choose the application language",
"en": "Choose the application language", "fr": "Choisissez la langue de l'application"
"fr": "Choisissez la langue de l'application" },
}, "choices": ["en_EN", "fr_FR"],
"choices": ["en_EN", "fr_FR"], "default": "fr_FR"
"default": "fr_FR" }
} ]
] }
} }
}

204
scripts/.fonctions
View file

@ -1,204 +0,0 @@
#!/bin/bash
ynh_version="2.4"
YNH_VERSION () { # Returns the version number of the Yunohost moulinette
ynh_version=$(sudo yunohost -v | grep "moulinette:" | cut -d' ' -f2 | cut -d'.' -f1,2)
}
CHECK_VAR () { # Verifies that the variable is not empty.
# $1 = Variable to be checked
# $2 = Display text on error
test -n "$1" || (echo "$2" >&2 && false)
}
EXIT_PROPERLY () { # Causes the script to stop in the event of an error. And clean the residue.
trap '' ERR
echo -e "\e[91m \e[1m" # Shell in light red bold
echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2
if type -t CLEAN_SETUP > /dev/null; then # Checks the existence of the function before executing it.
CLEAN_SETUP # Call the specific cleanup function of the install script.
fi
# Compensates the ssowat bug that does not remove the app's input in case of installation error.
sudo sed -i "\@\"$domain$path/\":@d" /etc/ssowat/conf.json
if [ "$ynh_version" = "2.2" ]; then
/bin/bash $script_dir/remove
fi
ynh_die
}
TRAP_ON () { # Activate signal capture
trap EXIT_PROPERLY ERR # Capturing exit signals on error
}
TRAP_OFF () { # Ignoring signal capture until TRAP_ON
trap '' ERR # Ignoring exit signals
}
CHECK_USER () { # Check the validity of the user admin
# $1 = User admin variable
ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false)
}
CHECK_PATH () { # Checks / at the beginning of the path. And his absence at the end.
if [ "${path:0:1}" != "/" ]; then # If the first character is not /
path="/$path" # Add / at the beginning of path
fi
if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # If the last character is a / and it is not the only character.
path="${path:0:${#path}-1}" # Delete last character
fi
}
CHECK_DOMAINPATH () { # Checks the availability of the path and domain.
sudo yunohost app checkurl $domain$path -a $app
}
CHECK_FINALPATH () { # Checks that the destination folder is not already in use.
final_path=/var/www/$app
if [ -e "$final_path" ]
then
echo "This path already contains a folder" >&2
false
fi
}
GENERATE_DB () { # Create a database and a dedicated user in the name of the app
# $1 = Database name
# Generates a random password.
db_user=$1
db_pwd=$(head -n20 /dev/urandom | tr -c -d 'A-Za-z0-9' | head -c20)
CHECK_VAR "$db_pwd" "db_pwd empty"
# Uses '$ app' as user name and database
# Initializes the database and stores the mysql password.
ynh_mysql_create_db "$db_user" "$db_user" $db_pwd
ynh_app_setting_set $app mysqlpwd $db_pwd
}
SETUP_SOURCE () { # Download source, decompress and copu into $final_path
src=$(cat ../sources/source_md5 | awk -F' ' {'print $2'})
sudo wget -nv -i ../sources/source_url -O $src
# Checks the checksum of the downloaded source.
# md5sum -c ../sources/source_md5 --status || ynh_die "Corrupt source"
# Decompress source
if [ "$(echo ${src##*.})" == "tgz" ]; then
tar -x -f $src
elif [ "$(echo ${src##*.})" == "zip" ]; then
unzip -q $src
else
false # Unsupported archive format.
fi
# Copy file source
sudo cp -a $(cat ../sources/source_dir)/. "$final_path"
# Copy additional file and modified
if test -e "../sources/ajouts"; then
sudo cp -a ../sources/ajouts/. "$final_path"
fi
}
POOL_FPM () { # Create the php-fpm pool configuration file and configure it.
sed -i "s@__NAMETOCHANGE__@$app@g" ../conf/php-fpm.conf
sed -i "s@__FINALPATH__@$final_path@g" ../conf/php-fpm.conf
finalphpconf=/etc/php5/fpm/pool.d/$app.conf
sudo cp ../conf/php-fpm.conf $finalphpconf
sudo chown root: $finalphpconf
finalphpini=/etc/php5/fpm/conf.d/20-$app.ini
sudo cp ../conf/php-fpm.ini $finalphpini
sudo chown root: $finalphpini
sudo systemctl reload php5-fpm
}
STORE_MD5_CONFIG () { # Saves the checksum of the config file
# $1 = Name of the conf file for storage in settings.yml
# $2 = Full name and path of the conf file.
ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1)
}
CHECK_MD5_CONFIG () { # Created a backup of the config file if it was changed.
# $1 = Name of the conf file for storage in settings.yml
# $2 = Full name and path of the conf file.onf.
if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then
sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" # Si le fichier de config a été modifié, créer un backup.
fi
}
FIND_PORT () { # Search free port
# $1 = Port number to start the search.
port=$1
while ! sudo yunohost app checkport $port ; do
port=$((port+1))
done
CHECK_VAR "$port" "port empty"
}
### REMOVE SCRIPT
REMOVE_NGINX_CONF () { # Delete nginx configuration
if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config
echo "Delete nginx config"
sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf"
sudo systemctl reload nginx
fi
}
REMOVE_FPM_CONF () { # Delete pool php-fpm configuration
if [ -e "/etc/php5/fpm/pool.d/$app.conf" ]; then # Delete fpm config
echo "Delete fpm config"
sudo rm "/etc/php5/fpm/pool.d/$app.conf"
fi
if [ -e "/etc/php5/fpm/conf.d/20-$app.ini" ]; then # Delete php config
echo "Delete php config"
sudo rm "/etc/php5/fpm/conf.d/20-$app.ini"
fi
sudo systemctl reload php5-fpm
}
REMOVE_LOGROTATE_CONF () { # Delete logrotate configuration
if [ -e "/etc/logrotate.d/$app" ]; then
echo "Delete logrotate config"
sudo rm "/etc/logrotate.d/$app"
fi
}
SECURE_REMOVE () { # Deleting a folder with variable verification
chaine="$1" # The argument must be given between simple quotes '', to avoid interpreting the variables.
no_var=0
while (echo "$chaine" | grep -q '\$') # Loop as long as there are $ in the string
do
no_var=1
global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole the first variable found.
only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole completely the variable by adding the $ at the beginning and keeping only the name of the variable. Mostly gets rid of / and a possible path behind.
real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` Allows to interpret a variable contained in a variable.
if test -z "$real_var" || [ "$real_var" = "/" ]; then
echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2
return 1
fi
chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # Replaces variable with its value in the string.
done
if [ "$no_var" -eq 1 ]
then
if [ -e "$chaine" ]; then
echo "Delete directory $chaine"
sudo rm -r "$chaine"
fi
return 0
else
echo "No detected variable." >&2
return 1
fi
}
REMOVE_BDD () { # Delete database and users
# $1 = Database name
# Uses '$app' as user name and database
db_user=$1
if mysqlshow -u root -p$(sudo cat $MYSQL_ROOT_PWD_FILE) | grep -q "^| $db_user"; then
echo "Delete db"
ynh_mysql_drop_db $db_user
ynh_mysql_drop_user $db_user
fi
}

13
scripts/_common.sh Normal file
View file

@ -0,0 +1,13 @@
#!/bin/bash
# ============= FUTURE YUNOHOST HELPER =============
# Delete a file checksum from the app settings
#
# $app should be defined when calling this helper
#
# usage: ynh_remove_file_checksum file
# | arg: file - The file for which the checksum will be deleted
ynh_delete_file_checksum () {
local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_'
ynh_app_setting_delete $app $checksum_setting_name
}

56
scripts/backup
View file

@ -1,23 +1,51 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Source app helpers source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Get multi-instances specific variables #=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Retrieve app settings final_path=$(ynh_app_setting_get $app final_path)
domain=$(ynh_app_setting_get "$app" domain) domain=$(ynh_app_setting_get $app domain)
# Copy the app files #=================================================
final_path="/var/www/${app}" # STANDARD BACKUP STEPS
ynh_backup "$final_path" "sources" 1 #=================================================
# BACKUP THE APP MAIN DIR
#=================================================
# Copy the nginx conf files ynh_backup "$final_path"
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
# Copy the php-fpm conf files #=================================================
ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf" # BACKUP THE NGINX CONFIGURATION
ynh_backup "/etc/php5/fpm/conf.d/20-${app}.ini" "php-fpm.ini" #=================================================
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini"

159
scripts/install
View file

@ -1,86 +1,137 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source .fonctions # Loads the generic functions usually used in the script source _common.sh
source /usr/share/yunohost/helpers # Source app helpers source /usr/share/yunohost/helpers
CLEAN_SETUP () { #=================================================
# Clean installation residues that are not supported by the remove script. # MANAGE SCRIPT FAILURE
# Clean hosts #=================================================
sudo sed -i '/#GRAV/d' /etc/hosts
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
} }
TRAP_ON # Active trap to stop the script if an error is detected. # Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path=$YNH_APP_ARG_PATH path_url=$YNH_APP_ARG_PATH
admin_grav=$YNH_APP_ARG_ADMIN admin=$YNH_APP_ARG_ADMIN
language=$YNH_APP_ARG_LANGUAGE
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
CHECK_VAR "$app" "app name not set" #=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
CHECK_USER "$admin_grav" # Set and test the installation path
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
CHECK_PATH # Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)
CHECK_DOMAINPATH # Check web path availability
ynh_webpath_available $domain $path_url
# Register (book) web path
ynh_webpath_register $app $domain $path_url
CHECK_FINALPATH #=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_app_setting_set $app domain $domain ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app path $path ynh_app_setting_set $app path $path_url
ynh_app_setting_set $app admin $admin_grav ynh_app_setting_set $app admin $admin
ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app language $language ynh_app_setting_set $app language $language
# Creates the destination directory and stores its location. #=================================================
sudo mkdir "$final_path" # STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_install_app_dependencies php7.0-zip
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
### downloaded from an upstream source, like a git repository.
### `ynh_setup_source` use the file conf/app.src
ynh_app_setting_set $app final_path $final_path ynh_app_setting_set $app final_path $final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
# Get source #=================================================
SETUP_SOURCE # NGINX CONFIGURATION
#=================================================
# Grav install ### `ynh_add_nginx_config` will use the file conf/nginx.conf
sudo $final_path/bin/grav
# Set permissions # Create a dedicated nginx config
sudo chown -R www-data: $final_path ynh_add_nginx_config
echo -e "127.0.0.1 $domain #GRAV" | sudo tee -a /etc/hosts #=================================================
# CREATE DEDICATED USER
#=================================================
# Copy nginx config # Create a system user
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf ynh_system_user_create $app
# Modif the variables in the nginx configuration file #=================================================
sudo sed -i "s@__PATHTOCHANGE__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf # PHP-FPM CONFIGURATION
sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/$domain.d/$app.conf #=================================================
sudo sed -i "s@__NAMETOCHANGE__@$app@g" /etc/nginx/conf.d/$domain.d/$app.conf
if [ "$is_public" = "Yes" ]; # Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC SETUP
#=================================================
# ...
#=================================================
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Grav is a file-based CMS, its user should have write access
# Set permissions to app files
chown -R $app:www-data $final_path
#=================================================
# SETUP SSOWAT
#=================================================
# Make app public if necessary
if [ $is_public -eq 1 ]
then then
sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf # unprotected_uris allows SSO credentials to be passed anyway.
ynh_app_setting_set $app unprotected_uris "/"
fi fi
# Create the php-fpm pool config #=================================================
POOL_FPM # RELOAD NGINX
#=================================================
# Setup SSOwat systemctl reload nginx
ynh_app_setting_set "$app" is_public "$is_public"
if [ "$is_public" = "Yes" ];
then
ynh_app_setting_set "$app" unprotected_uris "/"
fi
# Reload SSOwat configuration
sudo yunohost app ssowatconf
# Reload Nginx and regenerate SSOwat conf
sudo systemctl reload php5-fpm
sudo systemctl reload nginx
# Nettoyer hosts
sudo sed -i '/#GRAV/d' /etc/hosts

65
scripts/remove
View file

@ -1,25 +1,58 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -u # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Loads the generic functions usually used in the script source _common.sh
source .fonctions
# Source app helpers
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Get multi-instances specific variables #=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Retrieve app settings domain=$(ynh_app_setting_get $app domain)
domain=$(ynh_app_setting_get "$app" domain) final_path=$(ynh_app_setting_get $app final_path)
# Delete app directory and configurations #=================================================
SECURE_REMOVE '/var/www/$app' # Delete directory application # STANDARD REMOVE
sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf" #=================================================
sudo rm -f "/etc/php5/fpm/conf.d/20-${app}.ini" # REMOVE DEPENDENCIES
[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" #=================================================
# Reload services # Remove metapackage and its dependencies
sudo systemctl reload php5-fpm ynh_remove_app_dependencies
sudo systemctl reload nginx
#=================================================
# REMOVE APP MAIN DIR
#=================================================
# Remove the app directory securely
ynh_secure_remove "$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
# Remove the dedicated nginx config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
# Delete a system user
ynh_system_user_delete $app

122
scripts/restore
View file

@ -1,66 +1,92 @@
#!/bin/bash #!/bin/bash
# This restore script is adapted to Yunohost >=2.4
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Source app helpers source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# The parameter $app is the id of the app instance ex: ynhexample__2 #=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Get old parameter of the app
domain=$(ynh_app_setting_get $app domain) domain=$(ynh_app_setting_get $app domain)
path=$(ynh_app_setting_get $app path) path_url=$(ynh_app_setting_get $app path)
is_public=$(ynh_app_setting_get $app is_public) final_path=$(ynh_app_setting_get $app final_path)
# Check domain/path availability #=================================================
sudo yunohost app checkurl "${domain}${path}" -a "${app}" \ # CHECK IF THE APP CAN BE RESTORED
|| ynh_die "Path not available: ${domain}${path}" #=================================================
# Check $final_path ynh_webpath_available $domain $path_url \
final_path="/var/www/${app}" || ynh_die "Path not available: ${domain}${path_url}"
if [ -d "${final_path}" ]; then test ! -d $final_path \
ynh_die "There is already a directory: ${final_path}" || ynh_die "There is already a directory: $final_path "
fi
# Check configuration files nginx #=================================================
nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" # STANDARD RESTORATION STEPS
if [ -f "${nginx_conf}" ]; then #=================================================
ynh_die "The NGINX configuration already exists at '${nginx_conf}'. You should safely delete it before restoring this app." # REINSTALL DEPENDENCIES
fi #=================================================
# Check configuration files php-fpm # Define and install dependencies
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" ynh_install_app_dependencies php7.0-zip
if [ -f "${phpfpm_conf}" ]; then
ynh_die "The PHP FPM configuration already exists at '${phpfpm_conf}'. You should safely delete it before restoring this app."
fi
phpfpm_ini="/etc/php5/fpm/conf.d/20-${app}.ini" #=================================================
if [ -f "${phpfpm_ini}" ]; then # RESTORE THE NGINX CONFIGURATION
ynh_die "The PHP FPM INI configuration already exists at '${phpfpm_ini}'. You should safely delete it before restoring this app." #=================================================
fi
# Restore sources & data ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
sudo cp -a ./sources "${final_path}"
# Set permissions #=================================================
sudo chown -R www-data: "${final_path}" # RESTORE THE APP MAIN DIR
#=================================================
# Restore nginx configuration files ynh_restore_file "$final_path"
sudo cp -a ./nginx.conf "${nginx_conf}"
# Restore php-fpm configuration files
sudo cp -a ./php-fpm.conf "${phpfpm_conf}"
sudo cp -a ./php-fpm.ini "${phpfpm_ini}"
# Set ssowat config #=================================================
if [ "$is_public" = "No" ]; # RECREATE THE DEDICATED USER
then #=================================================
ynh_app_setting_delete $app skipped_uris
fi
# Reload services # Create the dedicated user (if not existing)
sudo systemctl reload php5-fpm ynh_system_user_create $app
sudo systemctl reload nginx
sudo yunohost app ssowatconf #=================================================
# RESTORE USER RIGHTS
#=================================================
# Grav is a file-based CMS, its user should have write access
# Restore permissions on app files
chown -R $app: $final_path
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf"
ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
systemctl reload php5-fpm
systemctl reload nginx

166
scripts/upgrade
View file

@ -1,51 +1,139 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source .fonctions # Loads the generic functions usually used in the script source _common.sh
source /usr/share/yunohost/helpers # Source YunoHost helpers source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
# See comments in install script
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Retrieve app settings domain=$(ynh_app_setting_get $app domain)
domain=$(ynh_app_setting_get "$app" domain) path_url=$(ynh_app_setting_get $app path)
path=$(ynh_app_setting_get "$app" path) admin=$(ynh_app_setting_get $app admin)
admin=$(ynh_app_setting_get "$app" admin) is_public=$(ynh_app_setting_get $app is_public)
is_public=$(ynh_app_setting_get "$app" is_public) final_path=$(ynh_app_setting_get $app final_path)
language=$(ynh_app_setting_get "$app" language) language=$(ynh_app_setting_get $app language)
CHECK_PATH # Checks and corrects the syntax of the path. #=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
final_path=/var/www/$app # Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
# Get source ynh_app_setting_set $app is_public 1
SETUP_SOURCE is_public=1
elif [ "$is_public" = "No" ]; then
# Modify Nginx configuration file and copy it to Nginx conf directory ynh_app_setting_set $app is_public 0
sudo sed -i "s@__PATHTOCHANGE__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf is_public=0
sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/$domain.d/$app.conf
sudo sed -i "s@__NAMETOCHANGE__@$app@g" /etc/nginx/conf.d/$domain.d/$app.conf
if [ "$is_public" = "Yes" ];
then
sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf
fi fi
# Create the php-fpm pool config # If db_name doesn't exist, create it
POOL_FPM if [ -z $db_name ]; then
db_name=$(ynh_sanitize_dbid $app)
sudo chown -R www-data: "${final_path}" ynh_app_setting_set $app db_name $db_name
# Setup SSOwat
ynh_app_setting_set "$app" is_public "$is_public"
if [ "$is_public" = "Yes" ];
then
ynh_app_setting_set "$app" unprotected_uris "/"
fi fi
# Reload Nginx # If final_path doesn't exist, create it
sudo systemctl reload php5-fpm if [ -z $final_path ]; then
sudo systemctl reload nginx final_path=/var/www/$app
sudo yunohost app ssowatconf ynh_app_setting_set $app final_path $final_path
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK THE PATH
#=================================================
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_install_app_dependencies php7.0-zip
#=================================================
# NGINX CONFIGURATION
#=================================================
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
# Create a dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# ...
#=================================================
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Grav is a file-based CMS, its user should have write access
# Set permissions on app files
chown -R $app: $final_path
#=================================================
# SETUP SSOWAT
#=================================================
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway
ynh_app_setting_set $app unprotected_uris "/"
fi
#=================================================
# RELOAD NGINX
#=================================================
systemctl reload nginx

1
sources/source_dir
View file

@ -1 +0,0 @@
grav-admin

1
sources/source_md5
View file

@ -1 +0,0 @@
3ffcbca0cbf596db839aaf499f821497 grav-admin-v1.4.5.zip

1
sources/source_url
View file

@ -1 +0,0 @@
https://github.com/getgrav/grav/releases/download/1.4.5/grav-admin-v1.4.5.zip