Fix #3

conf/common.config.php

@@ -26,9 +26,9 @@ $CONFIG = array(
 	'db' => array(
 		'host' => 'localhost',
 		'port' => '3306',
-		'dbname' => '#DBNAME#',
-		'username' => '#USERNAME#',
-		'password' => '#PASSWORD#',
+		'dbname' => '__DB_NAME__',
+		'username' => '__DB_USER__',
+		'password' => '__DB_PWD__',
 	),
 );
-?>
+ 

conf/cronjeedom

@@ -0,0 +1 @@
+* * * * * www-data /usr/bin/php__PHPVERSION__ -f __FINALPATH__/core/php/jeeCron.php"

conf/cronjeedom_watchdog

@@ -0,0 +1 @@
+* * * * * root  /usr/bin/php__PHPVERSION__ -f __FINALPATH__/core/php/watchdog.php

conf/nginx.conf

@@ -21,10 +21,10 @@ location __PATH__/ {
 
     fastcgi_index index.php;
     include fastcgi_params;
-	fastcgi_buffer_size 128k;
-	fastcgi_buffers 4 256k;
-	fastcgi_busy_buffers_size 256k;
-	fastcgi_read_timeout 300;
+    fastcgi_buffer_size 128k;
+    fastcgi_buffers 4 256k;
+    fastcgi_busy_buffers_size 256k;
+    fastcgi_read_timeout 300;
     fastcgi_param REMOTE_USER $remote_user;
     fastcgi_param PATH_INFO $fastcgi_path_info;
     fastcgi_param SCRIPT_FILENAME $request_filename;

conf/php-fpm.conf

@@ -20,8 +20,8 @@
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
-user = __USER__
-group = __USER__
+user =  www-data
+group =  www-data
 
 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:

scripts/_common.sh

@@ -5,8 +5,25 @@
 #=================================================
 
 # dependencies used by the app
-pkg_dependencies="php-curl php-gd php-imap php-xml php-opcache php-soap php-xmlrpc php-common php-dev php-zip php-ssh2 php-mbstring php-ldap"
+pkg_dependencies="ntp ca-certificates unzip curl sudo cron \
+locate tar telnet wget logrotate fail2ban dos2unix ntpdate htop iotop vim iftop smbclient \
+git python python-pip \
+python3 python3-pip \
+software-properties-common \
+libexpat1 ssl-cert \
+apt-transport-https \
+xvfb cutycapt xauth \
+duplicity \
+at \
+php-curl php-gd php-imap php-xml php-opcache php-soap php-xmlrpc php-common php-dev php-zip php-ssh2 php-mbstring php-ldap"
 # ntp usb-modeswitch python-serial
+extra_pkg_dependencies="libav-tools \
+libsox-fmt-mp3 sox libttspico-utils \
+espeak \
+mbrola \
+brltty \
+net-tools \
+nmap"
 
 #=================================================
 # PERSONAL HELPERS

scripts/install

@@ -7,6 +7,7 @@
 #=================================================
 
 source _common.sh
+source ynh_add_config
 source /usr/share/yunohost/helpers
 
 #=================================================
@@ -58,6 +59,14 @@ ynh_script_progression --message="Installing dependencies..."
 
 ynh_install_app_dependencies $pkg_dependencies
 
+#=================================================
+# INSTALL EXTRA DEPENDENCIES
+#=================================================
+ynh_print_info --message="Installing extra dependencies ..."
+
+lsb_name="$(lsb_release --codename --short)"
+ynh_install_extra_app_dependencies --repo="deb http://deb.debian.org/debian $lsb_name non-free" --package="$extra_pkg_dependencies"
+
 #=================================================
 # CREATE A MYSQL DATABASE
 #=================================================
@@ -85,33 +94,6 @@ ynh_script_progression --message="Configuring nginx web server..."
 # Create a dedicated nginx config
 ynh_add_nginx_config
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..."
-
-# Create a system user
-ynh_system_user_create --username=$app
-
-# For nginx user to be able to communicate with home automation devices
-	if [ $(getent group dialout) ]; then
-		usermod -a -G dialout $app
-	fi
-	if [ $(getent group gpio) ]; then
-		usermod -a -G gpio $app
-	fi
-	if [ $(getent group tty) ]; then
-		usermod -a -G tty $app
-	fi
-
-# Sudo permissions to the user if agreed to
-	if [ $sudo ]; then
-		usermod -a -G sudo $app
-		if [ $(sudo grep "$app ALL=(ALL) NOPASSWD: ALL" /etc/sudoers | wc -l) -eq 0 ];then
-			bash -c 'echo "'${app}' ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)'
-		fi
-	fi
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -119,47 +101,61 @@ ynh_script_progression --message="Configuring php-fpm..."
 
 # Create a dedicated php-fpm config
 ynh_add_fpm_config
+phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
 #=================================================
 # SPECIFIC SETUP
+#=================================================
+# CONFIGURING RIGHTS
+#=================================================
+ynh_script_progression --message="Configuring rights..."
+
+# Create tmp required by Jeedom
+mkdir -p /tmp/jeedom
+chmod 777 -R /tmp/jeedom
+chown www-data:www-data -R /tmp/jeedom
+
+# For nginx user to be able to communicate with home automation devices
+if [ $(getent group dialout) ]; then
+	usermod -a -G dialout www-data
+fi
+if [ $(getent group gpio) ]; then
+	usermod -a -G gpio www-data
+fi
+if [ $(getent group tty) ]; then
+	usermod -a -G tty www-data
+fi
+
+# Sudo permissions to the user if agreed to
+if [ $sudo ]; then
+	usermod -a -G sudo www-data
+	if [ $(grep "www-data ALL=(ALL) NOPASSWD: ALL" /etc/sudoers | wc -l) -eq 0 ];then
+		bash -c 'echo "www-data ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)'
+	fi
+fi
+
 #=================================================
 # INSTALL JEEDOM
 #=================================================
 ynh_script_progression --message="Installing Jeedom..."
 
-# Configure Jeedom database and initialize app
-ynh_replace_string "#DBNAME#" "$db_name" ../conf/common.config.php
-ynh_replace_string "#USERNAME#" "$db_name" ../conf/common.config.php
-ynh_replace_string "#PASSWORD#" "$db_pwd" ../conf/common.config.php
-sudo cp ../conf/common.config.php $final_path/core/config/common.config.php
+# Configure Jeedom database
+ynh_add_config --template="common.config.php" --destination="$final_path/core/config/common.config.php"
 
-# Install Jeedom	
-sudo php $final_path/install/install.php mode=force
+# Install Jeedom
+php$phpversion $final_path/install/install.php mode=force
 
 # Configure LDAP and the Admin User and access settings
-ynh_replace_string "__ADMIN__" "$admin" ../conf/config.sql
-mysql -u $db_name -p$db_pwd $db_name < ../conf/config.sql
+ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="../conf/config.sql"
+ynh_mysql_execute_file_as_root --file="../conf/config.sql" --database=$db_name
 
 # Cron
-echo "* * * * * $app /usr/bin/php -f $final_path/core/php/jeeCron.php" > cronjeedom
-sudo mv cronjeedom /etc/cron.d/${app}
-sudo chown root /etc/cron.d/${app}
-
-echo "* * * * * $app /usr/bin/php -f $final_path/core/php/watchdog.php" > cronjeedom_watchdog
-sudo mv cronjeedom_watchdog /etc/cron.d/${app}_watchdog
-sudo chown root /etc/cron.d/${app}_watchdog
+ynh_add_config --template="cronjeedom" --destination="/etc/cron.d/${app}"
+ynh_add_config --template="cronjeedom_watchdog" --destination="/etc/cron.d/${app}_watchdog"
 
 # Check
 #sudo php $final_path/install/sick.php
 
-#=================================================
-# STORE THE CONFIG FILE CHECKSUM
-#=================================================
-ynh_script_progression --message="Storing the config file checksum..."
-
-# Calculate and store the config file checksum into the app settings
-ynh_store_file_checksum --file="$final_path/core/config/common.config.php"
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -168,12 +164,12 @@ ynh_store_file_checksum --file="$final_path/core/config/common.config.php"
 ynh_script_progression --message="Securing files and directories..."
 
 # Set permissions to app files
-chown -R $app: $final_path
 chmod 775 -R $final_path
+chown -R www-data:www-data $final_path
 
 # Create tmp required by Jeedom
-mkdir -p /tmp/jeedom
 chmod 777 -R /tmp/jeedom
+chown www-data:www-data -R /tmp/jeedom
 
 #=================================================
 # SETUP SSOWAT

scripts/remove

@@ -64,24 +64,21 @@ ynh_script_progression --message="Removing php-fpm configuration..."
 ynh_remove_fpm_config
 
 #=================================================
-# REMOVE THE CRON FILE
+# SPECIFIC REMOVE
 #=================================================
-ynh_script_progression --message="Removing the cron file..."
+# REMOVE VARIOUS FILES
+#=================================================
+ynh_script_progression --message="Removing various files..."
 
 # Remove cron files
 ynh_secure_remove --file="/etc/cron.d/${app}"
 ynh_secure_remove --file="/etc/cron.d/${app}_watchdog"
 
+# Remove cron files
+ynh_secure_remove --file="/tmp/jeedom"
+
 #=================================================
 # GENERIC FINALIZATION
-#=================================================
-# REMOVE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Removing the dedicated system user..."
-
-# Delete a system user
-ynh_system_user_delete --username=$app
-
 #=================================================
 # END OF SCRIPT
 #=================================================

scripts/restore

@@ -62,44 +62,14 @@ ynh_script_progression --message="Restoring the app main directory..."
 ynh_restore_file --origin_path="$final_path"
 
 #=================================================
-# RECREATE THE DEDICATED USER
+# RESTORE RIGHTS
 #=================================================
-ynh_script_progression --message="Recreating the dedicated system user..."
-
-# Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
-# For nginx user to be able to communicate with home automation devices
-	if [ $(getent group dialout) ]; then
-		usermod -a -G dialout $app
-	fi
-	if [ $(getent group gpio) ]; then
-		usermod -a -G gpio $app
-	fi
-	if [ $(getent group tty) ]; then
-		usermod -a -G tty $app
-	fi
-
-# Sudo permissions to the user if agreed to
-	if [ $sudo ]; then
-		usermod -a -G sudo $app
-		if [ $(sudo grep "$app ALL=(ALL) NOPASSWD: ALL" /etc/sudoers | wc -l) -eq 0 ];then
-			bash -c 'echo "'${app}' ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)'
-		fi
-	fi
-
-#=================================================
-# RESTORE USER RIGHTS
-#=================================================
-ynh_script_progression --message="Restoring user rights..."
+ynh_script_progression --message="Restoring rights..."
 
 # Restore permissions on app files
 chown -R $app: $final_path
 chmod 775 -R $final_path
 
-# Create tmp required by Jeedom
-mkdir -p /tmp/jeedom
-chmod 777 -R /tmp/jeedom
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
@@ -118,6 +88,43 @@ ynh_script_progression --message="Reinstalling dependencies..."
 # Define and install dependencies
 ynh_install_app_dependencies $pkg_dependencies
 
+#=================================================
+# REINSTALL EXTRA DEPENDENCIES
+#=================================================
+ynh_print_info --message="Reinstalling extra dependencies ..."
+
+lsb_name="$(lsb_release --codename --short)"
+ynh_install_extra_app_dependencies --repo="deb http://deb.debian.org/debian $lsb_name non-free" --package="$extra_pkg_dependencies"
+
+#=================================================
+# CONFIGURING RIGHTS
+#=================================================
+ynh_script_progression --message="Configuring rights..."
+
+# Create tmp required by Jeedom
+mkdir -p /tmp/jeedom
+chmod 777 -R /tmp/jeedom
+chown www-data:www-data -R /tmp/jeedom
+
+# For nginx user to be able to communicate with home automation devices
+if [ $(getent group dialout) ]; then
+	usermod -a -G dialout www-data
+fi
+if [ $(getent group gpio) ]; then
+	usermod -a -G gpio www-data
+fi
+if [ $(getent group tty) ]; then
+	usermod -a -G tty www-data
+fi
+
+# Sudo permissions to the user if agreed to
+if [ $sudo ]; then
+	usermod -a -G sudo www-data
+	if [ $(grep "www-data ALL=(ALL) NOPASSWD: ALL" /etc/sudoers | wc -l) -eq 0 ];then
+		bash -c 'echo "www-data ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)'
+	fi
+fi
+
 #=================================================
 # RESTORE THE MYSQL DATABASE
 #=================================================
@@ -127,7 +134,6 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
 ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
 
-
 #=================================================
 # RESTORE THE CRON FILES
 #=================================================

scripts/upgrade

@@ -40,8 +40,8 @@ if [ "$sudo" = "Yes" ]; then
 	ynh_app_setting_set --app=$app --key=sudo --value=1
 	sudo=1
 	# Removes sudo to www-data
-	if [ $(sudo grep "www-data ALL=(ALL) NOPASSWD: ALL" /etc/sudoers | wc -l) -eq 0 ];then
-			sudo sed -i "/www-data ALL=(ALL) NOPASSWD: ALL/d" /etc/sudoers
+	if [ $(grep "www-data ALL=(ALL) NOPASSWD: ALL" /etc/sudoers | wc -l) -eq 0 ];then
+			sed -i "/www-data ALL=(ALL) NOPASSWD: ALL/d" /etc/sudoers
 	fi
 elif [ "$sudo" = "No" ]; then
 	ynh_app_setting_set --app=$app --key=sudo --value=0
@@ -111,31 +111,12 @@ ynh_script_progression --message="Upgrading dependencies..."
 ynh_install_app_dependencies $pkg_dependencies
 
 #=================================================
-# CREATE DEDICATED USER
+# UPGRADE EXTRA DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..."
+ynh_print_info --message="Upgrading extra dependencies ..."
 
-# Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
-# For nginx user to be able to communicate with home automation devices
-	if [ $(getent group dialout) ]; then
-		usermod -a -G dialout $app
-	fi
-	if [ $(getent group gpio) ]; then
-		usermod -a -G gpio $app
-	fi
-	if [ $(getent group tty) ]; then
-		usermod -a -G tty $app
-	fi
-
-# Sudo permissions to the user if agreed to
-	if [ $sudo ]; then
-		usermod -a -G sudo $app
-		if [ $(grep "$app ALL=(ALL) NOPASSWD: ALL" /etc/sudoers | wc -l) -eq 0 ];then
-			bash -c 'echo "'${app}' ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)'
-		fi
-	fi
+lsb_name="$(lsb_release --codename --short)"
+ynh_install_extra_app_dependencies --repo="deb http://deb.debian.org/debian $lsb_name non-free" --package="$extra_pkg_dependencies"
 
 #=================================================
 # PHP-FPM CONFIGURATION
@@ -144,25 +125,50 @@ ynh_script_progression --message="Upgrading php-fpm configuration..."
 
 # Create a dedicated php-fpm config
 ynh_add_fpm_config
+phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
 #=================================================
 # SPECIFIC UPGRADE
+#=================================================
+# CONFIGURING RIGHTS
+#=================================================
+ynh_script_progression --message="Configuring rights..."
+
+# Create tmp required by Jeedom
+mkdir -p /tmp/jeedom
+chmod 777 -R /tmp/jeedom
+chown www-data:www-data -R /tmp/jeedom
+
+# For nginx user to be able to communicate with home automation devices
+if [ $(getent group dialout) ]; then
+	usermod -a -G dialout www-data
+fi
+if [ $(getent group gpio) ]; then
+	usermod -a -G gpio www-data
+fi
+if [ $(getent group tty) ]; then
+	usermod -a -G tty www-data
+fi
+
+# Sudo permissions to the user if agreed to
+if [ $sudo ]; then
+	usermod -a -G sudo www-data
+	if [ $(grep "www-data ALL=(ALL) NOPASSWD: ALL" /etc/sudoers | wc -l) -eq 0 ];then
+		bash -c 'echo "www-data ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)'
+	fi
+fi
+
 #=================================================
 # UPGRADE JEEDOM
 #=================================================
 ynh_script_progression --message="Upgrading Jeedom..."
 
 # Upgrade Jeedom	
-php $final_path/install/install.php mode=force
+php$phpversion $final_path/install/install.php mode=force
 
 # Cron
-echo "* * * * * $app /usr/bin/php -f $final_path/core/php/jeeCron.php" > cronjeedom
-sudo mv cronjeedom /etc/cron.d/${app}
-sudo chown root /etc/cron.d/${app}
-
-echo "* * * * * $app /usr/bin/php -f $final_path/core/php/watchdog.php" > cronjeedom_watchdog
-mv cronjeedom_watchdog /etc/cron.d/${app}_watchdog
-chown root /etc/cron.d/${app}_watchdog
+ynh_add_config --template="cronjeedom" --destination="/etc/cron.d/${app}"
+ynh_add_config --template="cronjeedom_watchdog" --destination="/etc/cron.d/${app}_watchdog"
 
 # Check
 #php $final_path/install/sick.php
@@ -175,12 +181,12 @@ chown root /etc/cron.d/${app}_watchdog
 ynh_script_progression --message="Securing files and directories..."
 
 # Set permissions to app files
-chown -R $app: $final_path
 chmod 775 -R $final_path
+chown -R www-data:www-data $final_path
 
 # Create tmp required by Jeedom
-mkdir -p /tmp/jeedom
 chmod 777 -R /tmp/jeedom
+chown www-data:www-data -R /tmp/jeedom
 
 #=================================================
 # SETUP SSOWAT

scripts/ynh_add_config

@@ -0,0 +1,137 @@
+#!/bin/bash
+
+# Create a dedicated config file from a template
+#
+# examples: 
+#    ynh_add_config --template=".env" --destination="$final_path/.env"
+#    ynh_add_config --template="../conf/.env" --destination="$final_path/.env"
+#    ynh_add_config --template="/etc/nginx/sites-available/default" --destination="etc/nginx/sites-available/mydomain.conf"
+#
+# usage: ynh_add_config --template="template" --destination="destination"
+# | arg: -t, --template=     - Template config file to use
+# | arg: -d, --destination=    - Destination of the config file
+#
+# The template can be by default the name of a file in the conf directory
+# of a YunoHost Package, a relative path or an absolute path
+# The helper will use the template $template to generate a config file
+# $destination by replacing the following keywords with global variables
+# that should be defined before calling this helper :
+#   __PATH__             by  $path_url
+#   __NAME__            by $app
+#   __NAMETOCHANGE__    by $app
+#   __USER__            by $app
+#   __FINALPATH__       by $final_path
+#   __PHPVERSION__      by $YNH_PHP_VERSION
+#
+# And any dynamic variables that should be defined before calling this helper like:
+#   __DOMAIN__   by $domain
+#   __APP__      by $app
+#   __VAR_1__    by $var_1
+#   __VAR_2__    by $var_2
+#
+# The helper will verify the checksum and backup the destination file
+# if it's different before applying the new template.
+# And it will calculate and store the destination file checksum
+# into the app settings when configuration is done.
+#
+#
+ynh_add_config () {
+    # Declare an array to define the options of this helper.
+    local legacy_args=tdv
+    local -A args_array=( [t]=template= [d]=destination= )
+    local template
+    local destination
+    # Manage arguments with getopts
+    ynh_handle_getopts_args "$@"
+    local template_path
+
+    if [ -f "../conf/$template" ]; then
+        template_path="../conf/$template"
+    elif [ -f "../settings/conf/$template" ]; then
+        template_path="../settings/conf/$template"
+    elif [ -f "$template" ]; then
+        template_path=$template
+    else
+        ynh_die --message="The provided template $template doesn't exist"
+    fi
+
+    ynh_backup_if_checksum_is_different --file="$destination"
+
+    cp "$template_path" "$destination"
+
+    ynh_replace_vars --file="$destination"
+
+    ynh_store_file_checksum --file="$destination"
+}
+
+# Replace variables in a file
+#
+# usage: ynh_replace_vars --file="file"
+# | arg: -f, --file=     - File where to replace variables
+#
+# The helper will replace the following keywords with global variables
+# that should be defined before calling this helper :
+#   __PATH__             by  $path_url
+#   __NAME__            by $app
+#   __NAMETOCHANGE__    by $app
+#   __USER__            by $app
+#   __FINALPATH__       by $final_path
+#   __PHPVERSION__      by $YNH_PHP_VERSION
+#
+# And any dynamic variables that should be defined before calling this helper like:
+#   __DOMAIN__   by $domain
+#   __APP__      by $app
+#   __VAR_1__    by $var_1
+#   __VAR_2__    by $var_2
+#
+#
+ynh_replace_vars () {
+    # Declare an array to define the options of this helper.
+    local legacy_args=f
+    local -A args_array=( [f]=file= )
+    local file
+    # Manage arguments with getopts
+    ynh_handle_getopts_args "$@"
+
+    # Replace specific YunoHost variables
+    if test -n "${path_url:-}"
+    then
+        # path_url_slash_less is path_url, or a blank value if path_url is only '/'
+        local path_url_slash_less=${path_url%/}
+        ynh_replace_string --match_string="__PATH__/" --replace_string="$path_url_slash_less/" --target_file="$file"
+        ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$file"
+    fi
+    if test -n "${app:-}"; then
+        ynh_replace_string --match_string="__NAME__" --replace_string="$app" --target_file="$file"
+        ynh_replace_string --match_string="__NAMETOCHANGE__" --replace_string="$app" --target_file="$file"
+        ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$file"
+    fi
+    if test -n "${final_path:-}"; then
+        ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$file"
+    fi
+    if test -n "${YNH_PHP_VERSION:-}"; then
+        ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$YNH_PHP_VERSION" --target_file="$file"
+    fi
+
+    # Replace othes variables
+
+    # List other unique (__ __) variables in $file
+    local uniques_vars=( $(grep -o '__[A-Z0-9_]*__' $file | sort --unique | sed "s@__\([^.]*\)__@\L\1@g" ))
+
+    # Do the replacement
+    local delimit=@
+    for one_var in "${uniques_vars[@]}"
+    do
+        # Validate that one_var is indeed defined
+        test -n "${!one_var:-}" || ynh_die --message="\$$one_var wasn't initialized when trying to replace __${one_var^^}__ in $file"
+        
+        # Escape delimiter in match/replace string
+        match_string="__${one_var^^}__"
+        match_string=${match_string//${delimit}/"\\${delimit}"}
+        replace_string="${!one_var}"
+        replace_string=${replace_string//${delimit}/"\\${delimit}"}
+        
+        # Actually replace (sed is used instead of ynh_replace_string to avoid triggering an epic amount of debug logs)
+        sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$file"
+    done
+}