From 6210a0eb35965fca8bcaffc29ab95689d09b729c Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 17 Feb 2021 23:50:49 +0100 Subject: [PATCH] Fix --- conf/common.php | 6 +- conf/cron | 2 + conf/ldap.sql | 3 +- scripts/backup | 92 +++++++++++--- scripts/install | 331 ++++++++++++++++++++++++++++++++++++++---------- scripts/remove | 114 ++++++++++++++--- 6 files changed, 436 insertions(+), 112 deletions(-) create mode 100644 conf/cron diff --git a/conf/common.php b/conf/common.php index 66d0b33..2068012 100644 --- a/conf/common.php +++ b/conf/common.php @@ -3,9 +3,9 @@ return [ 'components' => [ 'db' => [ - 'dsn' => 'mysql:host=localhost;dbname=DBNAME_TO_CHANGE', - 'username' => 'DBUSER_TO_CHANGE', - 'password' => 'DBPASS_TO_CHANGE', + 'dsn' => 'mysql:host=localhost;dbname=__DB_NAME__', + 'username' => '__DB_USER__', + 'password' => '__DB_PWD__', ], ] ]; diff --git a/conf/cron b/conf/cron new file mode 100644 index 0000000..ac9af3a --- /dev/null +++ b/conf/cron @@ -0,0 +1,2 @@ +* * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/protected/yii queue/run >/dev/null 2>&1 +* * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/protected/yii cron/run >/dev/null 2>&1 \ No newline at end of file diff --git a/conf/ldap.sql b/conf/ldap.sql index 12429c2..58820ec 100644 --- a/conf/ldap.sql +++ b/conf/ldap.sql @@ -15,5 +15,4 @@ REPLACE INTO setting (`name`, `value`, `module_id`) VALUES ('auth.allowGuestAccess', '0', 'user'), ('auth.internalUsersCanInvite', '0', 'user'); -UPDATE `user` SET `auth_mode` = 'ldap' WHERE `user`.`username` = 'YNH_ADMIN_USER'; - +UPDATE `user` SET `auth_mode` = 'ldap' WHERE `user`.`username` = '__ADMIN__'; diff --git a/scripts/backup b/scripts/backup index a3b93f1..5ea23bb 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,26 +1,84 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -# Source YunoHost helpers - source /usr/share/yunohost/helpers +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -# Backup sources & data - ynh_backup "/var/www/${app}" "sources" - ynh_backup "/etc/cron.d/${app}" "cron" +#================================================= +# DECLARE DATA AND CONF FILES TO BACKUP +#================================================= +ynh_print_info --message="Declaring files to be backed up..." -# MySQL - dbname=$app - dbuser=$app - dbpass=$(ynh_app_setting_get "$app" mysqlpwd) - mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= -# Copy NGINX configuration - domain=$(ynh_app_setting_get "$app" domain) - ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" +ynh_backup --src_path="$final_path" -# Copy PHP-FPM configuration - ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf" +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP SYSTEMD +#================================================= + +ynh_backup --src_path="/etc/systemd/system/$app.service" + +#================================================= +# BACKUP VARIOUS FILES +#================================================= + +ynh_backup --src_path="/etc/cron.d/$app" + +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= +ynh_print_info --message="Backing up the MySQL database..." + +ynh_mysql_dump_db --database="$db_name" > db.sql + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/install b/scripts/install index 8880bb2..4da467a 100644 --- a/scripts/install +++ b/scripts/install @@ -1,45 +1,271 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + +domain=$YNH_APP_ARG_DOMAIN +path_url=$YNH_APP_ARG_PATH +admin=$YNH_APP_ARG_ADMIN +is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME -version=$(cat ../sources/version) -source='https://sourceforge.net/projects/humhub/files/' -# Retrieve arguments - domain=$YNH_APP_ARG_DOMAIN - path=$YNH_APP_ARG_PATH - admin=$YNH_APP_ARG_ADMIN - is_public=$YNH_APP_ARG_IS_PUBLIC +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= +ynh_script_progression --message="Validating installation parameters..." --time --weight=1 -# Source YunoHost helpers - source /usr/share/yunohost/helpers - source ./_extrahelpers +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" + +# Register (book) web path +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url + +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= +ynh_script_progression --message="Storing installation settings..." --time --weight=1 + +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# FIND AND OPEN A PORT +#================================================= +ynh_script_progression --message="Finding an available port..." --time --weight=1 + +# Find an available port +port=$(ynh_find_port --port=8095) +ynh_app_setting_set --app=$app --key=port --value=$port + +#================================================= +# INSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Installing dependencies..." --time --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# CREATE A MYSQL DATABASE +#================================================= +ynh_script_progression --message="Creating a MySQL database..." --time --weight=1 + +db_name=$(ynh_sanitize_dbid --db_name=$app) +db_user=$db_name +ynh_app_setting_set --app=$app --key=db_name --value=$db_name +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= +ynh_script_progression --message="Setting up source files..." --time --weight=1 + +ynh_app_setting_set --app=$app --key=final_path --value=$final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1 + +# Create a dedicated NGINX config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --time --weight=1 + +# Create a system user +ynh_system_user_create --username=$app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1 + +# Create a dedicated PHP-FPM config +ynh_add_fpm_config --package="$extra_php_dependencies" +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) + +#================================================= +# SPECIFIC SETUP +#================================================= +# ... +#================================================= + +#================================================= +# SETUP APPLICATION WITH CURL +#================================================= + +### Use these lines only if the app installation needs to be finalized through +### web forms. We generally don't want to ask the final user, +### so we're going to use curl to automatically fill the fields and submit the +### forms. + +# Set right permissions for curl install +chown -R $app: $final_path + +# Set the app as temporarily public for curl call +ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 +# Making the app public for curl +ynh_permission_update --permission="main" --add="visitors" +# Reload SSOwat config +yunohost app ssowatconf + +# Reload NGINX +ynh_systemd_action --service_name=nginx --action=reload + +# Installation with curl +ynh_script_progression --message="Finalizing installation..." --time --weight=1 +ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" + +# Remove the public access +ynh_permission_update --permission="main" --remove="visitors" + +#================================================= +# MODIFY A CONFIG FILE +#================================================= + +ynh_add_config --template="../conf/common.php" --destination="$final_path/protected/config/common.php" + +ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE" + +#================================================= +# STORE THE CONFIG FILE CHECKSUM +#================================================= + +### `ynh_store_file_checksum` is used to store the checksum of a file. +### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`, +### you can make a backup of this file before modifying it again if the admin had modified it. + +# Calculate and store the config file checksum into the app settings +ynh_store_file_checksum --file="$final_path/CONFIG_FILE" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions to app files +chown -R www-data: $final_path + +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Configuring log rotation..." --time --weight=1 + +### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. +### Use this helper only if there is effectively a log file for this app. +### If you're not using this helper: +### - Remove the section "BACKUP LOGROTATE" in the backup script +### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script +### - And the section "SETUP LOGROTATE" in the upgrade script + +# Use logrotate to manage application logfile(s) +ynh_use_logrotate + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 + +yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" + +### Additional options starting with 3.8: +### +### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed +### which will then be checked by YunoHost's diagnosis system +### (N.B. DO NOT USE THIS is the port is only internal!!!) +### +### --test_status "some command" a custom command to check the status of the service +### (only relevant if 'systemctl status' doesn't do a good job) +### +### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service +### +### Re-calling 'yunohost service add' during the upgrade script is the right way +### to proceed if you later realize that you need to enable some flags that +### weren't enabled on old installs (be careful it'll override the existing +### service though so you should re-provide all relevant flags when doing so) + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --time --weight=1 + +### `ynh_systemd_action` is used to start a systemd service for an app. +### Only needed if you have configure a systemd service +### If you're not using these lines: +### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script +### - As well as the section "START SYSTEMD SERVICE" in the restore script +### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script +### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1 + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring permissions..." --time --weight=1 + +# Make app public if necessary +if [ $is_public -eq 1 ] +then + ynh_permission_update --permission="main" --add="visitors" +fi + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --last -# Correct path: puts a / at the start and nothing at the end - if [ "${path:0:1}" != "/" ]; then - path="/$path" - fi - if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then - path="${path:0:${#path}-1}" - fi -# Check domain/path availability - sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || ynh_die "Path not available: ${domain}${path}" -# Check admin user parameter - ynh_user_exists "$admin" \ - || ynh_die "The chosen admin user does not exist" - ynh_app_setting_set "$app" admin "$admin" -# Copy source files - src_path=/var/www/$app - sudo mkdir -p $src_path - sudo wget -q "${source}humhub-${version}.zip/download" -O humhub-${version}.zip - sudo unzip -qq humhub-${version}.zip - sudo cp -a humhub-${version}/. $src_path # Hotfixes # Fix LDAP email. See https://github.com/humhub/humhub/issues/1949 @@ -49,19 +275,7 @@ source='https://sourceforge.net/projects/humhub/files/' sudo sed -i "s@defined('YII_DEBUG') or define('YII_DEBUG', true);@//defined('YII_DEBUG') or define('YII_DEBUG', true);@g" $src_path/index.php sudo sed -i "s@defined('YII_ENV') or define('YII_ENV', 'dev');@//defined('YII_ENV') or define('YII_ENV', 'dev');@g" $src_path/index.php -# MySQL - dbuser=$app - dbname=$app - dbpass=$(ynh_string_random 12) - ynh_app_setting_set "$app" mysqlpwd "$dbpass" - ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" - -# Conf - app_conf=../conf/common.php - sed -i "s@DBNAME_TO_CHANGE@$dbname@g" $app_conf - sed -i "s@DBUSER_TO_CHANGE@$dbuser@g" $app_conf - sed -i "s@DBPASS_TO_CHANGE@$dbpass@g" $app_conf - sudo cp $app_conf $src_path/protected/config/common.php + # Set permissions to app files sudo chown -R www-data: $src_path @@ -72,24 +286,6 @@ source='https://sourceforge.net/projects/humhub/files/' sudo mv cron /etc/cron.d/${app} sudo chown root /etc/cron.d/${app} -# Modify Nginx configuration file and copy it to Nginx conf directory - nginx_conf=../conf/nginx.conf - sed -i "s@YNH_WWW_PATH@${path:-/}@g" $nginx_conf - sed -i "s@YNH_WWW_ALIAS@$src_path/@g" $nginx_conf - sed -i "s@YNH_WWW_APP@$app@g" $nginx_conf - sudo cp $nginx_conf /etc/nginx/conf.d/$domain.d/$app.conf - -# PHP - sed -i "s@YNH_WWW_APP@$app@g" ../conf/php-fpm.conf - sed -i "s@YNH_WWW_ALIAS@$src_path/@g" ../conf/php-fpm.conf - finalphpconf=/etc/php5/fpm/pool.d/$app.conf - sudo cp ../conf/php-fpm.conf $finalphpconf - sudo chown root: $finalphpconf - sudo chmod 644 $finalphpconf - -# Reload services - sudo service php5-fpm reload - sudo service nginx reload # Install # Disable SSO @@ -125,11 +321,6 @@ source='https://sourceforge.net/projects/humhub/files/' # Populate the LDAP parameters sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/ldap.sql - mysql -u ${dbuser} -p${dbpass} ${dbname} < ../conf/ldap.sql + mysql -u $db_user -p${db_pwd} $db_name < ../conf/ldap.sql + - # Enable SSO if chosen by the user - if [ $is_public = 0 ]; - then - ynh_app_setting_delete $app unprotected_uris - sudo yunohost app ssowatconf - fi diff --git a/scripts/remove b/scripts/remove index 3ca064d..9b4acfd 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,30 +1,104 @@ #!/bin/bash -set -u + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -# Source YunoHost helpers - source /usr/share/yunohost/helpers +domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# Retrieve app settings - domain=$(ynh_app_setting_get "$app" domain) +#================================================= +# STANDARD REMOVE +#================================================= +# REMOVE SERVICE INTEGRATION IN YUNOHOST +#================================================= -# Remove sources - sudo rm -rf /var/www/$app - sudo rm -f /etc/cron.d/$app +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) +if ynh_exec_warn_less yunohost service status $app >/dev/null +then + ynh_script_progression --message="Removing $app service integration..." --time --weight=1 + yunohost service remove $app +fi -# Remove nginx configuration file - sudo rm -f /etc/nginx/conf.d/$domain.d/$app.conf +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= +ynh_script_progression --message="Removing the MySQL database..." --time --weight=1 -# Remove PHP-FPM configuration file - sudo rm -f /etc/php5/fpm/pool.d/$app.conf +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name -# MySQL - dbname=$app - dbuser=$app - ynh_mysql_drop_db "$dbname" || true - ynh_mysql_drop_user "$dbuser" || true +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." --time --weight=1 -# Reload services - sudo service php5-fpm reload - sudo service nginx reload +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + +#================================================= +# REMOVE APP MAIN DIR +#================================================= +ynh_script_progression --message="Removing app main directory..." --time --weight=1 + +# Remove the app directory securely +ynh_secure_remove --file="$final_path" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1 + +# Remove the dedicated NGINX config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1 + +# Remove the dedicated PHP-FPM config +ynh_remove_fpm_config + +#================================================= +# SPECIFIC REMOVE +#================================================= +# REMOVE VARIOUS FILES +#================================================= + +# Remove a cron file +ynh_secure_remove --file="/etc/cron.d/$app" + +# Remove the log files +ynh_secure_remove --file="/var/log/$app/" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 + +# Delete a system user +ynh_system_user_delete --username=$app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --time --last