From a93ada3001fcef2cef1d1b1e4848909baa10e70e Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 26 Jul 2021 10:28:14 +0200 Subject: [PATCH] Fix --- conf/nginx.conf | 2 +- conf/systemd.service | 4 ++-- scripts/_common.sh | 5 +++- scripts/install | 36 +++++++++++------------------ scripts/remove | 8 +++++++ scripts/restore | 34 +++++++++++++-------------- scripts/upgrade | 55 ++++++++++++++++++++++++++------------------ 7 files changed, 76 insertions(+), 68 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 8c9099c..c89e930 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -25,7 +25,7 @@ location ^~ __PATH__/ { location ~ ^__PATH__/index\.php(/.*|)$ { fastcgi_split_path_info ^(.+?\.php)(/.*|)$; set $path_info $fastcgi_path_info; - fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; diff --git a/conf/systemd.service b/conf/systemd.service index 76cdf64..8d37f0e 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,12 +1,12 @@ [Unit] -Description=Small description of the service +Description=invoiceninja: Create and email invoices After=network.target [Service] Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ +WorkingDirectory=__FINALPATH__ ExecStart=__FINALPATH__/script >> /var/log/__APP__/__APP__.log 2>&1 [Install] diff --git a/scripts/_common.sh b/scripts/_common.sh index 37902ca..449a6a1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -9,7 +9,10 @@ YNH_PHP_VERSION="7.4" nodejs_version=12 # dependencies used by the app -pkg_dependencies="phantomjs php7.4-zip php7.4-gmp php7.4-gd php7.4-bcmath php7.4-fileinfo php7.4-json php7.4-mbstring php7.4-pdo php7.4-tokenizer php7.4-xml php7.4-curl php7.4-mysql gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget" +pkg_dependencies="phantomjs gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget" + +extra_php_dependencies="php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-gmp php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-bcmath php${YNH_PHP_VERSION}-fileinfo php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-pdo php${YNH_PHP_VERSION}-tokenizer php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-mysql" + #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 0b6fc37..4fc1f82 100755 --- a/scripts/install +++ b/scripts/install @@ -72,7 +72,6 @@ db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name - #================================================= # INSTALL DEPENDENCIES #================================================= @@ -83,6 +82,14 @@ ynh_install_app_dependencies $pkg_dependencies ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version ynh_use_nodejs +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -92,6 +99,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -100,21 +111,13 @@ ynh_script_progression --message="Configuring nginx web server..." # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring php-fpm..." # Create a dedicated php-fpm config -ynh_add_fpm_config +ynh_add_fpm_config --package="$extra_php_dependencies" phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= @@ -171,19 +174,6 @@ ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" chown root: "/etc/cron.d/$app" chmod 644 "/etc/cron.d/$app" -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions to app files -#chown -R root: $final_path - -chmod -R 755 $final_path/ -chown -R $app: $final_path/ - #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/remove b/scripts/remove index b82d4b9..db21366 100755 --- a/scripts/remove +++ b/scripts/remove @@ -74,6 +74,14 @@ ynh_script_progression --message="Removing the cron file..." # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." + +# Delete a system user +ynh_system_user_delete --username=$app + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 124a46e..1286ab3 100755 --- a/scripts/restore +++ b/scripts/restore @@ -52,6 +52,14 @@ ynh_script_progression --message="Restoring the nginx configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -59,32 +67,20 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= -ynh_script_progression --message="Restoring user rights..." - -# Restore permissions on app files -chown -R root: $final_path - +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" chmod -R 755 $final_path/storage -chown -R $app: $final_path/storage $final_path/bootstrap $final_path/public/logo $final_path/.env #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Restoring PHP-FPM configuration..." +ynh_script_progression --message="Restoring the PHP-FPM configuration..." ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +ynh_add_fpm_config --package="$extra_php_dependencies" + #================================================= # RESTORE THE MYSQL DATABASE #================================================= @@ -108,6 +104,8 @@ ynh_install_app_dependencies $pkg_dependencies ynh_script_progression --message="Restoring the cron file..." ynh_restore_file --origin_path="/etc/cron.d/$app" +chown root: "/etc/cron.d/$app" +chmod 644 "/etc/cron.d/$app" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index 96f7a88..73bc368 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -31,6 +31,20 @@ db_user=$db_name upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -48,19 +62,20 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors + ynh_app_setting_delete --app=$app --key=is_public +fi + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -77,6 +92,10 @@ then ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -93,21 +112,13 @@ ynh_script_progression --message="Upgrading nginx web server configuration..." ynh_add_nginx_config phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Upgrading php-fpm configuration..." # Create a dedicated php-fpm config -ynh_add_fpm_config +ynh_add_fpm_config --package="$extra_php_dependencies" #================================================= # SPECIFIC UPGRADE @@ -164,10 +175,8 @@ popd ynh_script_progression --message="Securing files and directories..." # Set permissions on app files -chown -R root: $final_path chmod -R 755 $final_path/storage -chown -R $app: $final_path/storage $final_path/bootstrap $final_path/public/logo $final_path/.env #================================================= # RELOAD NGINX