diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100644 index 00000000..83913d7a --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,133 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://framagit.org/api/v4/projects/27084/releases" | jq -r '.[] | select( .upcoming_release != true ) | .tag_name' | sort -V | tail -1) +assets=("https://framagit.org/hubzilla/core/-/archive/$version/core-$version.tar.gz" "https://framagit.org/hubzilla/addons/-/archive/$version/addons-$version.tar.gz") + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) +echo "${#assets[@]} available asset(s)" + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Here we use the $assets variable to get the resources published in the upstream release. +# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. + +# Let's loop over the array of assets URLs +for asset_url in ${assets[@]}; do + + echo "Handling asset at $asset_url" + + # Assign the asset to a source file in conf/ directory + # Here we base the source file name upon a unique keyword in the assets url (admin vs. update) + # Leave $src empty to ignore the asset + case $asset_url in + *"core"*) + src="app" + ;; + *"addons"*) + src="app_addons" + ;; + *) + src="" + ;; + esac + + # If $src is not empty, let's process the asset + if [ ! -z "$src" ]; then + + # Create the temporary directory + tempdir="$(mktemp -d)" + + # Download sources and calculate checksum + filename=${asset_url##*/} + curl --silent -4 -L $asset_url -o "$tempdir/$filename" + checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + + # Delete temporary directory + rm -rf $tempdir + + # Get extension + if [[ $filename == *.tar.gz ]]; then + extension=tar.gz + else + extension=${filename##*.} + fi + + # Rewrite source file + cat < conf/$src.src +SOURCE_URL=$asset_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=$extension +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true +EOT + echo "... conf/$src.src updated" + + else + echo "... asset ignored" + fi + +done + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 00000000..64f2a2f8 --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,52 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the updater script + /bin/bash .github/workflows/updater.sh + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + base: testing + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + [See upstream release page](${{ env.RELEASE }}) + Provided description: + ${{ env.DESCRIPTION }} + draft: false diff --git a/README.md b/README.md index 83a4169e..654bba26 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -Hubzilla is a social networking platform built with control of your privacy at center stage. Your online communications can be as public as you wish or as private as you require. Private conversations, private photos, private videos. Your media isn't hidden behind an obscure URL which can be guessed, it is protected by state-of-the-art cross-domain authentication. +[Hubzilla](https://hub.libranet.de/directory?f=&global=1&pubforums=1) is a social networking platform built with control of your privacy at center stage. Your online communications can be as public as you wish or as private as you require. Private conversations, private photos, private videos. Your media isn't hidden behind an obscure URL which can be guessed, it is protected by state-of-the-art cross-domain authentication. What this all means for you: **less drama**. **Shipped version:** 8.4.1~ynh1 @@ -25,6 +25,26 @@ Hubzilla is a social networking platform built with control of your privacy at c ![Screenshot of Hubzilla](./doc/screenshots/hubzilla-1.png) +## Disclaimers / important information + +## Installation +Before installing, read the [Hubzilla installation instructions](https://framagit.org/hubzilla/core/blob/master/install/INSTALL.txt) for important information about: + +### Register a new domain and add it to YunoHost +- Hubzilla requires a dedicated domain, so obtain one and add it using the YunoHost admin panel. **Domains -> Add domain**. As Hubzilla uses the full domain and is installed on the root, you can create a subdomain such as hubzilla.domain.tld. Don't forget to update your DNS if you manage them manually. + +## Ldap Admin user rights, logs and failed database updates + +- **For admin rights**: When installation is complete, you will need to visit your new hub's page and login with the **admin account username** which was entered at the time of installation process. You should then be able to create your first channel and have the **admin rights** for the hub. + +- **For normal YunoHost users**: Normal LDAP users can login through LDAP authentication and create there channels. + +- **Failing to get admin rights**: If the admin cannot access the admin settings at `https://hubzilla.example.com/admin` then you have to **manually add 4096** to the **account_roles** under **accounts** for that user in the **database through phpMyAdmin**. + +- **For logs**: Go to **admin->logs** and enter the file name **php.log**. + +- **Failed Database after Upgrade:** Some times databse upgrade fails after version upgrade. You can go to hub eg. `https://hubzilla.example.com/admin/dbsync/` and check the numbers of failled update. These updates will have to be ran manually by **phpMyAdmin**. + ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index 3125ddc1..bd28ac56 100644 --- a/README_fr.md +++ b/README_fr.md @@ -16,7 +16,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po ## Vue d’ensemble -Hubzilla est une plate-forme de réseau social conçue avec le contrôle de votre vie privée au centre de la scène. Vos communications en ligne peuvent être aussi publiques que vous le souhaitez ou aussi privées que vous le souhaitez. Conversations privées, photos privées, vidéos privées. Votre média n'est pas caché derrière une URL obscure qui peut être devinée, il est protégé par une authentification interdomaine de pointe. +[Hubzilla](https://hub.libranet.de/directory?f=&global=1&pubforums=1) est une plate-forme de réseau social conçue avec le contrôle de votre vie privée au centre de la scène. Vos communications en ligne peuvent être aussi publiques que vous le souhaitez ou aussi privées que vous le souhaitez. Conversations privées, photos privées, vidéos privées. Votre média n'est pas caché derrière une URL obscure qui peut être devinée, il est protégé par une authentification interdomaine de pointe. Qu'est-ce que tout cela signifie pour vous : **moins de drames**. **Version incluse :** 8.4.1~ynh1 @@ -25,6 +25,26 @@ Hubzilla est une plate-forme de réseau social conçue avec le contrôle de votr ![Capture d’écran de Hubzilla](./doc/screenshots/hubzilla-1.png) +## Avertissements / informations importantes + +## Installation +Avant l'installation, lisez les [instructions d'installation de Hubzilla](https://framagit.org/hubzilla/core/blob/master/install/INSTALL.txt) pour obtenir des informations importantes sur : + +### Enregistrez un nouveau domaine et ajoutez-le à YunoHost +- Hubzilla nécessite un domaine dédié, alors obtenez-en un et ajoutez-le à l'aide du panneau d'administration YunoHost. **Domaines -> Ajouter un domaine**. Comme Hubzilla utilise le domaine complet et est installé à la racine, vous pouvez créer un sous-domaine tel que hubzilla.domain.tld. N'oubliez pas de mettre à jour vos DNS si vous les gérez manuellement. + +## Droits d'utilisateur de l'administrateur Ldap, journaux et échec des mises à jour de la base de données + +- **Pour les droits d'administrateur** : lorsque l'installation est terminée, vous devrez visiter la page de votre nouveau hub et vous connecter avec le **nom d'utilisateur du compte administrateur** qui a été saisi au moment du processus d'installation. Vous devriez alors pouvoir créer votre premier canal et disposer des **droits d'administrateur** pour le hub. + +- **Pour les utilisateurs YunoHost normaux** : les utilisateurs LDAP normaux peuvent se connecter via l'authentification LDAP et y créer des canaux. + +- **Échec de l'obtention des droits d'administrateur** : si l'administrateur ne peut pas accéder aux paramètres d'administration sur `https://hubzilla.example.com/admin`, vous devez **ajouter manuellement 4096** aux **account_roles* * sous **comptes** pour cet utilisateur dans la **base de données via phpMyAdmin**. + +- **Pour les logs** : Allez dans **admin->logs** et saisissez le nom du fichier **php.log**. + +- **Échec de la base de données après la mise à niveau :** Parfois, la mise à niveau de la base de données échoue après la mise à niveau de la version. Vous pouvez aller au hub, par exemple. `https://hubzilla.example.com/admin/dbsync/` et vérifiez le nombre de mises à jour défaillantes. Ces mises à jour devront être exécutées manuellement par **phpMyAdmin**. + ## Documentations et ressources * Site officiel de l’app : diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 00000000..ac2a22ae --- /dev/null +++ b/conf/app.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://framagit.org/hubzilla/core/-/archive/8.4.1/core-8.4.1.tar.gz +SOURCE_SUM=93dd8fc4d30da8a79a77303381b1451f8215c62f8b913e215664a9396cf47d61 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/app_addons.src b/conf/app_addons.src new file mode 100644 index 00000000..05da7ff7 --- /dev/null +++ b/conf/app_addons.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://framagit.org/hubzilla/addons/-/archive/8.4.1/addons-8.4.1.tar.gz +SOURCE_SUM=67f7b881f195b258c3d61922a6ce0f92832b907cafd5feb11b8abea4b2b055a0 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/nginx.conf b/conf/nginx.conf index 402ac09c..e1f9b4e1 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,7 +2,7 @@ location __PATH__/ { # Path to source - alias __INSTALL_DIR__/; + alias __FINALPATH__/; if (!-e $request_filename) { rewrite ^(.*)$ /index.php?q=$1; diff --git a/conf/poller-cron b/conf/poller-cron index 23967c05..b07e685f 100644 --- a/conf/poller-cron +++ b/conf/poller-cron @@ -1,2 +1,2 @@ # Run poller periodically to update Hubzilla -*/10 * * * * __APP__ /usr/bin/php__PHPVERSION__ -f __INSTALL_DIR__/Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1 +*/10 * * * * __APP__ /usr/bin/php__PHPVERSION__ -f __FINALPATH__/Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1 diff --git a/doc/ADMIN.md b/doc/ADMIN.md deleted file mode 100644 index 585d562e..00000000 --- a/doc/ADMIN.md +++ /dev/null @@ -1,11 +0,0 @@ -## Ldap Admin user rights, logs and failed database updates - -- **For admin rights**: When installation is complete, you will need to visit your new hub's page and login with the **admin account username** which was entered at the time of installation process. You should then be able to create your first channel and have the **admin rights** for the hub. - -- **For normal YunoHost users**: Normal LDAP users can login through LDAP authentication and create there channels. - -- **Failing to get admin rights**: If the admin cannot access the admin settings at `https://__DOMAIN__/admin` then you have to **manually add 4096** to the **account_roles** under **accounts** for that user in the **database through phpMyAdmin**. - -- **For logs**: Go to **admin->logs** and enter the file name **php.log**. - -- **Failed Database after Upgrade:** Some times databse upgrade fails after version upgrade. You can go to hub eg. `https://__DOMAIN__/admin/dbsync/` and check the numbers of failled update. These updates will have to be ran manually by **phpMyAdmin**. diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 2007147a..ff21f97a 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1 +1 @@ -Hubzilla is a social networking platform built with control of your privacy at center stage. Your online communications can be as public as you wish or as private as you require. Private conversations, private photos, private videos. Your media isn't hidden behind an obscure URL which can be guessed, it is protected by state-of-the-art cross-domain authentication. +[Hubzilla](https://hub.libranet.de/directory?f=&global=1&pubforums=1) is a social networking platform built with control of your privacy at center stage. Your online communications can be as public as you wish or as private as you require. Private conversations, private photos, private videos. Your media isn't hidden behind an obscure URL which can be guessed, it is protected by state-of-the-art cross-domain authentication. What this all means for you: **less drama**. diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index 390a662f..11636de6 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -1 +1 @@ -Hubzilla est une plate-forme de réseau social conçue avec le contrôle de votre vie privée au centre de la scène. Vos communications en ligne peuvent être aussi publiques que vous le souhaitez ou aussi privées que vous le souhaitez. Conversations privées, photos privées, vidéos privées. Votre média n'est pas caché derrière une URL obscure qui peut être devinée, il est protégé par une authentification interdomaine de pointe. +[Hubzilla](https://hub.libranet.de/directory?f=&global=1&pubforums=1) est une plate-forme de réseau social conçue avec le contrôle de votre vie privée au centre de la scène. Vos communications en ligne peuvent être aussi publiques que vous le souhaitez ou aussi privées que vous le souhaitez. Conversations privées, photos privées, vidéos privées. Votre média n'est pas caché derrière une URL obscure qui peut être devinée, il est protégé par une authentification interdomaine de pointe. Qu'est-ce que tout cela signifie pour vous : **moins de drames**. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 00000000..7fbd776d --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,17 @@ +## Installation +Before installing, read the [Hubzilla installation instructions](https://framagit.org/hubzilla/core/blob/master/install/INSTALL.txt) for important information about: + +### Register a new domain and add it to YunoHost +- Hubzilla requires a dedicated domain, so obtain one and add it using the YunoHost admin panel. **Domains -> Add domain**. As Hubzilla uses the full domain and is installed on the root, you can create a subdomain such as hubzilla.domain.tld. Don't forget to update your DNS if you manage them manually. + +## Ldap Admin user rights, logs and failed database updates + +- **For admin rights**: When installation is complete, you will need to visit your new hub's page and login with the **admin account username** which was entered at the time of installation process. You should then be able to create your first channel and have the **admin rights** for the hub. + +- **For normal YunoHost users**: Normal LDAP users can login through LDAP authentication and create there channels. + +- **Failing to get admin rights**: If the admin cannot access the admin settings at `https://hubzilla.example.com/admin` then you have to **manually add 4096** to the **account_roles** under **accounts** for that user in the **database through phpMyAdmin**. + +- **For logs**: Go to **admin->logs** and enter the file name **php.log**. + +- **Failed Database after Upgrade:** Some times databse upgrade fails after version upgrade. You can go to hub eg. `https://hubzilla.example.com/admin/dbsync/` and check the numbers of failled update. These updates will have to be ran manually by **phpMyAdmin**. diff --git a/doc/ADMIN_fr.md b/doc/DISCLAIMER_fr.md similarity index 63% rename from doc/ADMIN_fr.md rename to doc/DISCLAIMER_fr.md index 5ec943ba..cf4be09b 100644 --- a/doc/ADMIN_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,4 +1,10 @@ -## Droits d'utilisateur de l'administrateur Ldap, journaux et échec des mises à jour de la base de données +## Installation +Avant l'installation, lisez les [instructions d'installation de Hubzilla](https://framagit.org/hubzilla/core/blob/master/install/INSTALL.txt) pour obtenir des informations importantes sur : + +### Enregistrez un nouveau domaine et ajoutez-le à YunoHost +- Hubzilla nécessite un domaine dédié, alors obtenez-en un et ajoutez-le à l'aide du panneau d'administration YunoHost. **Domaines -> Ajouter un domaine**. Comme Hubzilla utilise le domaine complet et est installé à la racine, vous pouvez créer un sous-domaine tel que hubzilla.domain.tld. N'oubliez pas de mettre à jour vos DNS si vous les gérez manuellement. + +## Droits d'utilisateur de l'administrateur Ldap, journaux et échec des mises à jour de la base de données - **Pour les droits d'administrateur** : lorsque l'installation est terminée, vous devrez visiter la page de votre nouveau hub et vous connecter avec le **nom d'utilisateur du compte administrateur** qui a été saisi au moment du processus d'installation. Vous devriez alors pouvoir créer votre premier canal et disposer des **droits d'administrateur** pour le hub. diff --git a/manifest.json b/manifest.json new file mode 100644 index 00000000..965ce346 --- /dev/null +++ b/manifest.json @@ -0,0 +1,58 @@ +{ + "packaging_format": 1, + "id": "hubzilla", + "name": "Hubzilla", + "description": { + "en": "Decentralized publication platform and social network.", + "fr": "Plateforme de publication décentralisée et un réseau social." + }, + "version": "8.4.1~ynh1", + "url": "https://zotlabs.org/page/hubzilla/hubzilla-project", + "upstream": { + "license": "MIT", + "website": "https://zotlabs.org/page/hubzilla/hubzilla-project", + "code": "https://framagit.org/hubzilla/core" + }, + "license": "MIT", + "maintainer": { + "name": "Anmol Sharma" + }, + "previous_maintainers": { + "name": "Andrew Manning", + "email": "andrew@reticu.li" + }, + "requirements": { + "yunohost": ">= 11.0.9" + }, + "multi_instance": true, + "services": [ + "nginx", + "php8.0-fpm", + "mysql" + ], + "arguments": { + "install": [ + { + "name": "domain", + "type": "domain" + }, + { + "name": "admin", + "type": "user" + }, + { + "name": "database", + "type": "string", + "ask": { + "en": "Choose the database to be used for the Hubzilla]", + "fr": "Choisissez la database de Hubzilla" + }, + "choices": [ + "mysql", + "postgresql" + ], + "default": "mysql" + } + ] + } +} diff --git a/manifest.toml b/manifest.toml deleted file mode 100644 index 5f1eb927..00000000 --- a/manifest.toml +++ /dev/null @@ -1,59 +0,0 @@ -packaging_format = 2 - -id = "hubzilla" -name = "Hubzilla" -description.en = "Decentralized publication platform and social network." -description.fr = "Plateforme de publication décentralisée et un réseau social." - -version = "8.4.1~ynh1" - -maintainers = ["Anmol Sharma"] - -[upstream] -license = "MIT" -website = "https://zotlabs.org/page/hubzilla/hubzilla-project" -code = "https://framagit.org/hubzilla/core" - -[integration] -yunohost = ">= 11.1.19" -architectures = "all" -multi_instance = true -ldap = true -sso = false -disk = "50M" -ram.build = "50M" -ram.runtime = "50M" - -[install] - [install.domain] - type = "domain" - full_domain = true - - [install.admin] - type = "user" - -[resources] - [resources.sources] - [resources.sources.main] - url = "https://framagit.org/hubzilla/core/-/archive/8.4.1/core-8.4.1.tar.gz" - sha256 = "93dd8fc4d30da8a79a77303381b1451f8215c62f8b913e215664a9396cf47d61" - autoupdate.strategy = "latest_github_tag" - - [resources.sources.app_addons] - url = "https://framagit.org/hubzilla/addons/-/archive/8.4.1/addons-8.4.1.tar.gz" - sha256 = "67f7b881f195b258c3d61922a6ce0f92832b907cafd5feb11b8abea4b2b055a0" - autoupdate.strategy = "latest_github_tag" - - - [resources.system_user] - - [resources.install_dir] - - [resources.permissions] - main.url = "/" - - [resources.apt] - packages = "mariadb-server php8.2-curl php8.2-gd php8.2-mysql php8.2-mbstring php8.2-xml php8.2-zip php8.2-cli php8.2-imagick" - - [resources.database] - type = "mysql" diff --git a/scripts/_common.sh b/scripts/_common.sh index 1e47ce72..441538f2 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -6,6 +6,15 @@ # PHP APP SPECIFIC #================================================= +YNH_PHP_VERSION="8.2" + +php_dependencies="php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-cli php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-pgsql php${YNH_PHP_VERSION}-json" + +# dependencies used by the app (must be on a single line) +pkg_dependencies="$php_dependencies" + +pg_pkg_dependencies="postgresql postgresql-contrib" + #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 9d780ff6..b9d99fe9 100644 --- a/scripts/backup +++ b/scripts/backup @@ -10,6 +10,29 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info --message="Loading settings..." + +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +database=$(ynh_app_setting_get --app=$app --key=database) + #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -19,7 +42,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$install_dir" +ynh_backup --src_path="$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -57,9 +80,16 @@ ynh_backup --src_path="/etc/cron.d/$app" #================================================= # BACKUP THE DATABASE #================================================= -ynh_print_info --message="Backup of the MySQL database..." -ynh_mysql_dump_db --database="$db_name" > db.sql +if [ $database = "mysql" ]; then + # Backup MySQL database + ynh_print_info --message="Backup of the MySQL database..." + ynh_mysql_dump_db --database="$db_name" > db.sql +elif [ $database = "postgresql" ]; then + # Backup PostgreSQL database + ynh_print_info --message="Backup of the PostgreSQL database..." + ynh_psql_dump_db --database="$db_name" > db.sql +fi #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 827a4e64..bdae0868 100755 --- a/scripts/install +++ b/scripts/install @@ -9,18 +9,46 @@ source _common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= +domain=$YNH_APP_ARG_DOMAIN +path_url="/" +admin=$YNH_APP_ARG_ADMIN +database=$YNH_APP_ARG_DATABASE +phpversion=$YNH_PHP_VERSION + +app=$YNH_APP_INSTANCE_NAME + email=$(ynh_user_get_info --username=$admin --key=mail) random_string="$(ynh_string_random --length=48)" timezone=$(cat /etc/timezone) - fpm_footprint="low" fpm_free_footprint=0 fpm_usage="low" +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= +ynh_script_progression --message="Validating installation parameters..." --weight=1 + +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" + +# Register (book) web path +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url + #================================================= # STORE SETTINGS FROM MANIFEST #================================================= @@ -31,22 +59,66 @@ ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# INSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Installing dependencies..." --weight=1 + +if [ $database = "postgresql" ]; then + pkg_dependencies="$pkg_dependencies $pg_pkg_dependencies" +fi +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + +#================================================= +# CREATE A DATABASE +#================================================= + +db_name=$(ynh_sanitize_dbid --db_name=$app) +db_user=$db_name +ynh_app_setting_set --app=$app --key=db_name --value=$db_name + +if [ $database = "mysql" ]; then + ynh_script_progression --message="Creating a MySQL database..." --weight=1 + ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name + + ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \ + <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" + + db_type=0 +elif [ $database = "postgresql" ]; then + ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1 + ynh_psql_test_if_first_run + ynh_psql_setup_db --db_user=$db_user --db_name=$db_name + db_type=1 +fi + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 +ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$install_dir" -ynh_setup_source --dest_dir="$install_dir/addon" --source_id="app_addons" +ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir="$final_path/addon" --source_id="app_addons" +touch "$final_path/php.log" +mkdir -p "$final_path/store" +mkdir -p "$final_path/cache/smarty3" -touch "$install_dir/php.log" -mkdir -p "$install_dir/store" -mkdir -p "$install_dir/cache/smarty3" - -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" -chmod -R 775 $install_dir/store $install_dir/cache +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" +chmod -R 775 $final_path/store $final_path/cache #================================================= # PHP-FPM CONFIGURATION @@ -55,6 +127,7 @@ ynh_script_progression --message="Configuring PHP-FPM..." --weight=1 # Create a dedicated PHP-FPM config ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) # Create a dedicated NGINX config ynh_add_nginx_config @@ -66,23 +139,27 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Provisionning database..." --weight=1 -ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" < $install_dir/install/schema_mysql.sql +if [ $database = "mysql" ]; then + ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" < $final_path/install/schema_mysql.sql +elif [ $database = "postgresql" ]; then + ynh_psql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" < $final_path/install/schema_postgres.sql +fi #================================================= # ADD A CONFIGURATION #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template="../conf/htconfig.sample.php" --destination="$install_dir/.htconfig.php" +ynh_add_config --template="../conf/htconfig.sample.php" --destination="$final_path/.htconfig.php" # addon ldap config ynh_script_progression --message="Push LDAP configuration to .htconfig.php..." -cat ../conf/ldap_conf.php >> $install_dir/.htconfig.php -ynh_store_file_checksum --file=$install_dir/.htconfig.php +cat ../conf/ldap_conf.php >> $final_path/.htconfig.php +ynh_store_file_checksum --file=$final_path/.htconfig.php -chmod 600 "$install_dir/.htconfig.php" -chown $app:$app "$install_dir/.htconfig.php" +chmod 600 "$final_path/.htconfig.php" +chown $app:$app "$final_path/.htconfig.php" #================================================= # SET CRON JOB @@ -95,10 +172,26 @@ chown root: "/etc/cron.d/$app" chmod 644 "/etc/cron.d/$app" # Use logrotate to manage application logfile(s) -ynh_use_logrotate "$install_dir/php.log" +ynh_use_logrotate "$final_path/php.log" # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="$install_dir/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP .*$" --max_retry="5" +ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP .*$" --max_retry="5" + +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring permissions..." --weight=1 + +# Everyone can access the app. +# The "main" permission is automatically created before the install script. +ynh_permission_update --permission="main" --add="visitors" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 29061af7..6f5cc569 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,6 +9,19 @@ source _common.sh source /usr/share/yunohost/helpers +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading settings..." --weight=1 + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +database=$(ynh_app_setting_get --app=$app --key=database) + #================================================= # STANDARD REMOVE #================================================= @@ -31,6 +44,16 @@ ynh_remove_fail2ban_config # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 + +# Delete a system user +ynh_system_user_delete --username=$app + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index d08f2e5c..4131a4e6 100644 --- a/scripts/restore +++ b/scripts/restore @@ -10,15 +10,63 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading settings..." --weight=1 + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +database=$(ynh_app_setting_get --app=$app --key=database) + +fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) +fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) + +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= +ynh_script_progression --message="Validating restoration parameters..." --weight=1 + +test ! -d $final_path \ + || ynh_die --message="There is already a directory: $final_path " + +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$install_dir" +ynh_restore_file --origin_path="$final_path" -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE MYSQL DATABASE diff --git a/scripts/upgrade b/scripts/upgrade index c1e968ba..e6bdb67b 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -14,15 +14,43 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Loading settings..." --weight=1 +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +database=$(ynh_app_setting_get --app=$app --key=database) +upload=$(ynh_app_setting_get --app=$app --key=upload) +random_string=$(ynh_app_setting_get --app=$app --key=random_string) + email=$(ynh_user_get_info --username=$admin --key=mail) timezone=$(cat /etc/timezone) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." --weight=1 upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -30,24 +58,60 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path +fi + +# If db_name doesn't exist, create it +if [ -z "$db_name" ]; then + db_name=$(ynh_sanitize_dbid --db_name=$app) + ynh_app_setting_set --app=$app --key=db_name --value=$db_name +fi + # If fpm_footprint doesn't exist, create it -if [ -z "${fpm_footprint:-}" ]; then +if [ -z "$fpm_footprint" ]; then fpm_footprint=low ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint fi # If fpm_free_footprint doesn't exist, create it -if [ -z "${fpm_free_footprint:-}" ]; then +if [ -z "$fpm_free_footprint" ]; then fpm_free_footprint=0 ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint fi # If fpm_usage doesn't exist, create it -if [ -z "${fpm_usage:-}" ]; then +if [ -z "$fpm_usage" ]; then fpm_usage=low ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +# Switch $database to "mysql" or "postgresql" +if [[ $database == "1" ]] 2>/dev/null; then + database="mysql" + ynh_app_setting_set --app=$app --key=database --value=$database +elif [[ $database == "2" ]] 2>/dev/null; then + database="postgresql" + ynh_app_setting_set --app=$app --key=database --value=$database +fi + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -57,16 +121,26 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$install_dir" --keep="store/ .htconfig.php php.log" - ynh_setup_source --dest_dir="$install_dir/addon" --source_id="app_addons" + ynh_setup_source --dest_dir="$final_path" --keep="store/ .htconfig.php php.log" + ynh_setup_source --dest_dir="$final_path/addon" --source_id="app_addons" fi -mkdir -p "$install_dir/store" -mkdir -p "$install_dir/cache/smarty3" +mkdir -p "$final_path/store" +mkdir -p "$final_path/cache/smarty3" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" +chmod -R 775 $final_path/store $final_path/cache -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" -chmod -R 775 $install_dir/store $install_dir/cache +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=1 + +if [ $database = "postgresql" ]; then + pkg_dependencies="$pkg_dependencies $pg_pkg_dependencies" +fi +ynh_install_app_dependencies $pkg_dependencies #================================================= # REAPPLY SYSTEM CONFIGURATIONS @@ -88,7 +162,14 @@ chmod 644 "/etc/cron.d/$app" ynh_use_logrotate --non-append # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="$install_dir/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP .*$" --max_retry="5" +ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP .*$" --max_retry="5" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT diff --git a/tests.toml b/tests.toml deleted file mode 100644 index eb73b8d5..00000000 --- a/tests.toml +++ /dev/null @@ -1,3 +0,0 @@ -test_format = 1.0 - -[default] \ No newline at end of file