mirror of
https://github.com/YunoHost-Apps/grav_ynh.git
synced 2024-09-03 19:16:01 +02:00
2909df6045
* Fix check_process (#34) * Upgrade to 1.6.26, YNH v3.7 permissions system and PHP version handling (#37) * [upg] grav 1.6.16 Makes the app agnostic regarding the needed PHP version. Includes experimental helpers to install various PHP versions, if needed. Includes Grav v1.6.16 with PHP 7.2. * [enh] adding LDAP login for designated admin It is a bit hacky, since YNH does not have yet LDAP groups support: groups=usernames. To add more users, manually edit the configuration file in the admin. * [enh] use the permissions system * [enh] setting permissions up * [enh] restore php before adding conf file * [enh] avoid adding repo if sury list already exists This prevents getting multiple warning messages about duplicated repos. * [fix] remove order * [fix] testing and setting permissions * [upg] app version and remove php7.0-fpm dependency * Fix check_process (#34) * [upg] permissions configuration for install and upgrade * [upg] grav v1.6.23 * [upg] new permissions system * [fix] check_process is_public * [fix] missing 1 more_set_headers in nginx.conf * [fix] upgrade: allow visitors if was public * [fix] experimental_helpers directory in remove * [fix] retrieve phpversion in remove * [fix] remove old php-fpm config if needed in upgrade * [fix] helpers in subdirectory * [enh] no default group needed * [enh] update all plugins during upgrade * [enh] adding progress messages * [fix] specify phpversion in change_url * [enh] to v3.7 standards * [upg] grav v1.6.26 * [rem] ynh_permission_has_user is now official * [upg] check_process * [fix] php-fpm upgrade * [fix] use YNH_PHP_VERSION instead of phpversion in restore * [fix] php and chown in upgrade * [fix] check_process * [fix] app-upgrade.src * [fix] php-fpm and [rem] progression --time * [fix] restart php-fpm instead of reloading * [fix] user home_dir and permissions * [fix] upgrade publicness * [fix] CI badge on README (#38) * Fix failing check_process (#35) * Fix check_process (#34) * Fix CI badge on README Co-authored-by: tituspijean <tituspijean@outlook.com> Co-authored-by: Kayou <pierre.moltess@gmail.com> Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
230 lines
8.4 KiB
Bash
230 lines
8.4 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# LOAD SETTINGS
|
|
#=================================================
|
|
ynh_script_progression --message="Loading installation settings..." --time --weight=1
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
|
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
language=$(ynh_app_setting_get --app=$app --key=language)
|
|
|
|
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
|
|
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
|
|
|
|
#=================================================
|
|
# CHECK VERSION
|
|
#=================================================
|
|
|
|
### This helper will compare the version of the currently installed app and the version of the upstream package.
|
|
### $upgrade_type can have 2 different values
|
|
### - UPGRADE_APP if the upstream app version has changed
|
|
### - UPGRADE_PACKAGE if only the YunoHost package has changed
|
|
### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
|
|
### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
|
|
upgrade_type=$(ynh_check_app_version_changed)
|
|
|
|
#=================================================
|
|
# ENSURE DOWNWARD COMPATIBILITY
|
|
#=================================================
|
|
ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
|
|
|
|
# If db_name doesn't exist, create it
|
|
if [ -z "$db_name" ]; then
|
|
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
|
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
|
fi
|
|
|
|
# If final_path doesn't exist, create it
|
|
if [ -z "$final_path" ]; then
|
|
final_path=/var/www/$app
|
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|
fi
|
|
|
|
# Cleaning legacy permissions
|
|
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
|
|
|
if [ -n "$is_public" ]; then
|
|
# Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7
|
|
# Remove skipped_uris. If the app was public, add visitors again to the main permission
|
|
if ynh_permission_has_user --permission=main --user=visitors
|
|
then
|
|
# Remove unprotected_uris
|
|
ynh_app_setting_delete --app=$app --key=unprotected_uris
|
|
# Remove protected_uris
|
|
ynh_app_setting_delete --app=$app --key=protected_uris
|
|
# Remove skipped_uris
|
|
ynh_app_setting_delete --app=$app --key=skipped_uris
|
|
# Give visitors main permission
|
|
ynh_permission_update --permission "main" --add "visitors"
|
|
else
|
|
# Remove unprotected_uris
|
|
ynh_app_setting_delete --app=$app --key=unprotected_uris
|
|
# Remove protected_uris
|
|
ynh_app_setting_delete --app=$app --key=protected_uris
|
|
# Remove skipped_uris
|
|
ynh_app_setting_delete --app=$app --key=skipped_uris
|
|
fi
|
|
ynh_app_setting_delete --app=$app --key=is_public
|
|
fi
|
|
|
|
# If fpm_footprint doesn't exist, create it
|
|
if [ -z "$fpm_footprint" ]; then
|
|
fpm_footprint=medium
|
|
ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint
|
|
fi
|
|
|
|
# If fpm_usage doesn't exist, create it
|
|
if [ -z "$fpm_usage" ]; then
|
|
fpm_usage=medium
|
|
ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
|
|
fi
|
|
|
|
#=================================================
|
|
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
|
#=================================================
|
|
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1
|
|
|
|
# Backup the current version of the app
|
|
ynh_backup_before_upgrade
|
|
ynh_clean_setup () {
|
|
# restore it if the upgrade fails
|
|
ynh_restore_upgradebackup
|
|
}
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# CHECK THE PATH
|
|
#=================================================
|
|
|
|
# Normalize the URL path syntax
|
|
path_url=$(ynh_normalize_url_path --path_url=$path_url)
|
|
|
|
#=================================================
|
|
# STANDARD UPGRADE STEPS
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
|
|
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
|
then
|
|
ynh_script_progression --message="Upgrading source files..." --time --weight=1
|
|
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
ynh_setup_source --dest_dir="$final_path" --source_id="app-upgrade"
|
|
fi
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading nginx web server configuration..." --time --weight=1
|
|
|
|
# Create a dedicated nginx config
|
|
ynh_add_nginx_config YNH_PHP_VERSION
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1
|
|
|
|
# Create a dedicated user (if not existing)
|
|
ynh_system_user_create --username=$app --home_dir=$final_path
|
|
|
|
#=================================================
|
|
# PHP-FPM CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading php-fpm configuration..." --time --weight=1
|
|
|
|
# Create a dedicated php-fpm config
|
|
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependencies"
|
|
|
|
# Delete existing ini configuration file (backward compatibility)
|
|
if [ -f /etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini ]; then
|
|
ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini
|
|
fi
|
|
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# Set permissions on app files
|
|
chown -R $app:www-data $final_path
|
|
find $final_path -type f -exec chmod 664 {} \;
|
|
find $final_path/bin -type f -exec chmod 775 {} \;
|
|
find $final_path -type d -exec chmod 775 {} \;
|
|
find $final_path -type d -exec chmod +s {} \;
|
|
|
|
#=================================================
|
|
# SPECIFIC UPGRADE
|
|
#=================================================
|
|
# UPGRADE PLUGINS
|
|
#=================================================
|
|
ynh_script_progression --message="Updating all plugins..." --time --weight=1
|
|
|
|
pushd "$final_path"
|
|
exec_as $app php${YNH_PHP_VERSION} bin/gpm update -y
|
|
popd
|
|
|
|
#=================================================
|
|
# INSTALL LDAP PLUGIN
|
|
#=================================================
|
|
ynh_script_progression --message="Installing and configuring LDAP plugin..." --time --weight=1
|
|
|
|
pushd "$final_path"
|
|
exec_as $app php${YNH_PHP_VERSION} bin/gpm install login-ldap -y
|
|
exec_as $app mkdir -p user/config/plugins/login-ldap
|
|
exec_as $app touch user/accounts/admin.yaml
|
|
popd
|
|
|
|
ynh_secure_remove "$final_path/user/plugins/login-ldap/login-ldap.yaml"
|
|
exec_as $app cp ../conf/login-ldap.yaml "$final_path/user/plugins/login-ldap/login-ldap.yaml"
|
|
ynh_replace_string "__ADMIN__" "$admin" "$final_path/user/plugins/login-ldap/login-ldap.yaml"
|
|
ynh_replace_string "__APP__" "$app" "$final_path/user/plugins/login-ldap/login-ldap.yaml"
|
|
exec_as $app cp "$final_path/user/plugins/login-ldap/login-ldap.yaml" "$final_path/user/config/plugins/login-ldap.yaml"
|
|
|
|
#=================================================
|
|
# SETUP PERMISSIONS
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring permissions..." --time --weight=1
|
|
|
|
# Giving admin permission to the specified used
|
|
if ! ynh_permission_exists --permission "admin"
|
|
then
|
|
ynh_permission_create --permission "admin" --allowed "$admin"
|
|
else
|
|
ynh_permission_update --permission "admin" --add "$admin"
|
|
fi
|
|
|
|
# Creating user permission
|
|
if ! ynh_permission_exists --permission "user"
|
|
then
|
|
ynh_permission_create --permission "user"
|
|
fi
|
|
|
|
#=================================================
|
|
# RELOAD NGINX AND PHP-FPM
|
|
#=================================================
|
|
ynh_script_progression --message="Reloading nginx web server and php-fpm..." --time --weight=1
|
|
|
|
ynh_systemd_action --service_name=php${YNH_PHP_VERSION}-fpm --action=restart
|
|
ynh_systemd_action --service_name=nginx --action=reload
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Upgrade of $app completed" --time --last
|