#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) admin=$(ynh_app_setting_get --app=$app --key=admin) final_path=$(ynh_app_setting_get --app=$app --key=final_path) language=$(ynh_app_setting_get --app=$app --key=language) fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name=$(ynh_sanitize_dbid --db_name=$app) ynh_app_setting_set --app=$app --key=db_name --value=$db_name fi # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/var/www/$app ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi # Cleaning legacy permissions is_public=$(ynh_app_setting_get --app=$app --key=is_public) if [ -n "$is_public" ]; then # Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7 # Remove skipped_uris. If the app was public, add visitors again to the main permission if ynh_permission_has_user --permission=main --user=visitors then # Remove unprotected_uris ynh_app_setting_delete --app=$app --key=unprotected_uris # Remove protected_uris ynh_app_setting_delete --app=$app --key=protected_uris # Remove skipped_uris ynh_app_setting_delete --app=$app --key=skipped_uris # Give visitors main permission ynh_permission_update --permission "main" --add "visitors" else # Remove unprotected_uris ynh_app_setting_delete --app=$app --key=unprotected_uris # Remove protected_uris ynh_app_setting_delete --app=$app --key=protected_uris # Remove skipped_uris ynh_app_setting_delete --app=$app --key=skipped_uris fi ynh_app_setting_delete --app=$app --key=is_public fi # If fpm_footprint doesn't exist, create it if [ -z "$fpm_footprint" ]; then fpm_footprint=medium ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint fi # If fpm_usage doesn't exist, create it if [ -z "$fpm_usage" ]; then fpm_usage=medium ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4 # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { # restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=2 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" --source_id="app-upgrade" fi #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 # Create a dedicated nginx config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." --weight=3 # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 # Create a dedicated php-fpm config ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --package="$extra_php_dependencies" # Delete existing ini configuration file (backward compatibility) if [ -f /etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini ]; then ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini fi #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions on app files chown -R $app:www-data $final_path find $final_path -type f -exec chmod 664 {} \; find $final_path/bin -type f -exec chmod 775 {} \; find $final_path -type d -exec chmod 775 {} \; find $final_path -type d -exec chmod +s {} \; #================================================= # SPECIFIC UPGRADE #================================================= # UPGRADE PLUGINS #================================================= ynh_script_progression --message="Updating all plugins..." --weight=1 pushd "$final_path" exec_as $app yes N | php${YNH_PHP_VERSION} bin/gpm update --all-yes --no-interaction popd #================================================= # INSTALL LDAP PLUGIN #================================================= ynh_script_progression --message="Installing and configuring LDAP plugin..." --weight=3 pushd "$final_path" exec_as $app php${YNH_PHP_VERSION} bin/gpm install login-ldap --all-yes --no-interaction exec_as $app mkdir -p user/config/plugins/login-ldap exec_as $app touch user/accounts/admin.yaml popd ynh_secure_remove "$final_path/user/plugins/login-ldap/login-ldap.yaml" exec_as $app cp ../conf/login-ldap.yaml "$final_path/user/plugins/login-ldap/login-ldap.yaml" ynh_replace_string "__ADMIN__" "$admin" "$final_path/user/plugins/login-ldap/login-ldap.yaml" ynh_replace_string "__APP__" "$app" "$final_path/user/plugins/login-ldap/login-ldap.yaml" exec_as $app cp "$final_path/user/plugins/login-ldap/login-ldap.yaml" "$final_path/user/config/plugins/login-ldap.yaml" #================================================= # CREATE A CRON TASK #================================================= echo "* * * * * $app php${YNH_PHP_VERSION} $final_path/bin/grav scheduler 1>> /dev/null 2>&1" > /etc/cron.d/$app #================================================= # SETUP PERMISSIONS #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 # Giving admin permission to the specified used if ! ynh_permission_exists --permission "admin" then ynh_permission_create --permission "admin" --allowed "$admin" else ynh_permission_update --permission "admin" --add "$admin" fi # Creating user permission if ! ynh_permission_exists --permission "user" then ynh_permission_create --permission "user" fi #================================================= # RELOAD NGINX AND PHP-FPM #================================================= ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1 ynh_systemd_action --service_name=php${YNH_PHP_VERSION}-fpm --action=restart ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed" --last