From 196d5216ad0bc8f48b79dc2aff6416d4d24dfa61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 9 Jan 2024 19:23:08 +0100 Subject: [PATCH] v2 --- manifest.toml | 32 ++++++++++----- scripts/backup | 20 --------- scripts/install | 106 ++++++++---------------------------------------- scripts/remove | 58 +------------------------- scripts/restore | 49 ++-------------------- 5 files changed, 44 insertions(+), 221 deletions(-) diff --git a/manifest.toml b/manifest.toml index 8b66151..0a27dfb 100644 --- a/manifest.toml +++ b/manifest.toml @@ -15,23 +15,22 @@ website = "https://jitsi.org/" demo = "https://meet.jit.si/" userdoc = "https://jitsi.org/user-faq/" code = "https://github.com/jitsi/jitsi-meet" -cpe = "???" # FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number) -fund = "???" # FIXME: optional but recommended (or remove if irrelevant / not applicable). This is meant to be an URL where people can financially support this app, especially when its development is based on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin. [integration] -yunohost = ">= 11.0.8" -architectures = "all" # FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"] +yunohost = ">= 11.2" +architectures = "all" multi_instance = false -ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials. -sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal. -disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... -ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... -ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... + +ldap = true + +sso = false + +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" [install.domain] - # this is a generic question - ask strings are automatically handled by Yunohost's core type = "domain" - full_domain = true [resources] [resources.sources] @@ -78,8 +77,19 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen [resources.install_dir] + [resources.ports] + main.default = 4443 + main.exposed = "TCP" + videobridge.default = 10000 + videobridge.exposed = "UDP" + component.default = 5347 + [resources.permissions] main.url = "/" + + [resources.apt] + packages = "openjdk-8-jre-headless|openjdk-11-jre-headless|openjdk-17-jre-headless debconf|debconf-2.0 procps uuid-runtime lua-ldap prosody" + [[resources.apt.extras]] repo = "deb http://security.debian.org/debian-security stretch/updates main" key = "https://ftp-master.debian.org/keys/archive-key-9-security.asc" diff --git a/scripts/backup b/scripts/backup index 6fa3f6c..686d212 100644 --- a/scripts/backup +++ b/scripts/backup @@ -10,26 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -#REMOVEME? ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading settings..." - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= diff --git a/scripts/install b/scripts/install index d5a7b81..0e6924d 100644 --- a/scripts/install +++ b/scripts/install @@ -9,25 +9,10 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -#REMOVEME? ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -#REMOVEME? domain=$YNH_APP_ARG_DOMAIN -path="/" - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - #YOURSECRET3 focus_password=$(ynh_string_random --length=8) #YOURSECRET1 @@ -44,76 +29,36 @@ videobridge_user="jvb" max_memory=200 #125 mib with no user +1,5*50 users=75 mib -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -#REMOVEME? ynh_script_progression --message="Validating installation parameters..." --weight=1 - -#REMOVEME? install_dir=/var/www/$app -#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -#REMOVEME? ynh_webpath_register --app=$app --domain=$domain --path=$path - #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -#REMOVEME? ynh_script_progression --message="Storing installation settings..." --weight=1 +ynh_script_progression --message="Storing installation settings..." --weight=1 -#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain -#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path ynh_app_setting_set --app=$app --key=max_memory --value=$max_memory ynh_app_setting_set --app=$app --key=focus_user --value=$focus_user -#REMOVEME? ynh_app_setting_set --app=$app --key=focus_password --value=$focus_password +ynh_app_setting_set --app=$app --key=focus_password --value=$focus_password ynh_app_setting_set --app=$app --key=focus_secret --value=$focus_secret ynh_app_setting_set --app=$app --key=videobridge_user --value=$videobridge_user ynh_app_setting_set --app=$app --key=videobridge_secret --value=$videobridge_secret ynh_app_setting_set --app=$app --key=turn_secret --value=$turn_secret -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -#REMOVEME? ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port -port=4443 -# Open this port -ynh_exec_warn_less yunohost firewall allow TCP $port -#REMOVEME? ynh_app_setting_set --app=$app --key=port --value=$port - -# Find an available port -port_videobridge=10000 -# Open this port -ynh_exec_warn_less yunohost firewall allow UDP $port_videobridge -#REMOVEME? ynh_app_setting_set --app=$app --key=port_videobridge --value=$port_videobridge - -# Find an available port -port_component=5347 -#REMOVEME? ynh_app_setting_set --app=$app --key=port_component --value=$port_component - #================================================= # INSTALL DEPENDENCIES #================================================= -#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=1 - -ynh_install_apps --apps="$ynh_app_dependencies" -#REMOVEME? ynh_install_app_dependencies $pkg_dependencies +ynh_script_progression --message="Installing dependencies..." --weight=1 if [ $YNH_ARCH == "armhf" ] then -#REMOVEME? ynh_script_progression --message="Installing specific arm dependencies..." -#REMOVEME? ynh_install_extra_app_dependencies --repo="deb http://security.debian.org/debian-security stretch/updates main" --package="$pkg_extra_depedencies_arm" --key="https://ftp-master.debian.org/keys/archive-key-9-security.asc" + ynh_script_progression --message="Installing specific arm dependencies..." + ynh_install_extra_app_dependencies --repo="deb http://security.debian.org/debian-security stretch/updates main" --package="$pkg_extra_depedencies_arm" --key="https://ftp-master.debian.org/keys/archive-key-9-security.asc" fi #================================================= # CREATE DEDICATED USER #================================================= -#REMOVEME? ynh_script_progression --message="Configuring system user..." --weight=1 +ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user -#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir" gpasswd --add prosody $app gpasswd --add www-data $app @@ -122,7 +67,6 @@ gpasswd --add www-data $app #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -#REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir # Download, check integrity, uncompress and patch the source from app.src declare -A packages packages[jitsi-jicofo]="jicofo" @@ -139,7 +83,7 @@ do popd mv "$install_dir/${package}_temp/usr/share/${packages[$package]}/" "$install_dir/${package}/" -#REMOVEME? ynh_secure_remove --file="$install_dir/${package}_temp" + ynh_secure_remove --file="$install_dir/${package}_temp" done ynh_setup_source --dest_dir="$install_dir/jitsi-meet-prosody" --source_id=mod_auth_ldap @@ -163,7 +107,7 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Configuring prosody..." --weight=1 -ynh_add_config --template="../conf/prosody.cfg.lua" --destination="/etc/prosody/conf.avail/$domain.cfg.lua" +ynh_add_config --template="prosody.cfg.lua" --destination="/etc/prosody/conf.avail/$domain.cfg.lua" chmod 644 "/etc/prosody/conf.avail/$domain.cfg.lua" ln -s "/etc/prosody/conf.avail/$domain.cfg.lua" "/etc/prosody/conf.d/$domain.cfg.lua" @@ -200,15 +144,15 @@ ynh_app_setting_set --app=$app --key=muc_nickname --value=$muc_nickname mkdir -p "/etc/$app/videobridge" -ynh_add_config --template="../conf/jitsi-videobridge-callstats-java-sdk.properties" --destination="/etc/$app/videobridge/callstats-java-sdk.properties" +ynh_add_config --template="jitsi-videobridge-callstats-java-sdk.properties" --destination="/etc/$app/videobridge/callstats-java-sdk.properties" -ynh_add_config --template="../conf/jitsi-videobridge-jvb.conf" --destination="/etc/$app/videobridge/jvb.conf" +ynh_add_config --template="jitsi-videobridge-jvb.conf" --destination="/etc/$app/videobridge/jvb.conf" -ynh_add_config --template="../conf/jitsi-videobridge-logging.properties" --destination="/etc/$app/videobridge/logging.properties" +ynh_add_config --template="jitsi-videobridge-logging.properties" --destination="/etc/$app/videobridge/logging.properties" -ynh_add_config --template="../conf/jitsi-videobridge-sip-communicator.properties" --destination="/etc/$app/videobridge/sip-communicator.properties" +ynh_add_config --template="jitsi-videobridge-sip-communicator.properties" --destination="/etc/$app/videobridge/sip-communicator.properties" -ynh_add_config --template="../conf/jitsi-videobridge.config" --destination="/etc/$app/videobridge/config" +ynh_add_config --template="jitsi-videobridge.config" --destination="/etc/$app/videobridge/config" #================================================= # REPLACE JNIWRAPPER FOR ARMHF ARCHITECTURE IN JITSI-VIDEOBRIDGE @@ -218,7 +162,6 @@ if [ $YNH_ARCH == "armhf" ] then ynh_script_progression --message="Configuring jniwrapper for armhf ..." --weight=1 ynh_jniwrapper_armhf - fi #================================================= @@ -228,11 +171,11 @@ ynh_script_progression --message="Configuring Jitsi-Jicofo..." --weight=1 mkdir -p "/etc/$app/jicofo" -ynh_add_config --template="../conf/jitsi-jicofo-config" --destination="/etc/$app/jicofo/config" +ynh_add_config --template="jitsi-jicofo-config" --destination="/etc/$app/jicofo/config" -ynh_add_config --template="../conf/jitsi-jicofo-jicofo.conf" --destination="/etc/$app/jicofo/jicofo.conf" +ynh_add_config --template="jitsi-jicofo-jicofo.conf" --destination="/etc/$app/jicofo/jicofo.conf" -ynh_add_config --template="../conf/jitsi-jicofo-logging.properties" --destination="/etc/$app/jicofo/logging.properties" +ynh_add_config --template="jitsi-jicofo-logging.properties" --destination="/etc/$app/jicofo/logging.properties" #================================================= # CONFIGURE JITSI-MEET @@ -241,7 +184,7 @@ ynh_script_progression --message="Configuring Jitsi-Meet..." --weight=1 mkdir -p "/etc/$app/meet" -ynh_add_config --template="../conf/jitsi-meet-config.js" --destination="/etc/$app/meet/$domain-config.js" +ynh_add_config --template="jitsi-meet-config.js" --destination="/etc/$app/meet/$domain-config.js" chmod 644 "/etc/$app/meet/$domain-config.js" #================================================= @@ -297,21 +240,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app-jicofo --action="start" --log_path="/var/log/$app/$app-jicofo.log" ynh_systemd_action --service_name=$app-videobridge --action="start" --log_path="/var/log/$app/$app-videobridge.log" -#================================================= -# SETUP SSOWAT -#================================================= -#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public -#REMOVEME? ynh_permission_update --permission="main" --add="visitors" - -#================================================= -# RELOAD NGINX -#================================================= -#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index a5d51b8..980dd59 100644 --- a/scripts/remove +++ b/scripts/remove @@ -9,21 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading settings..." --weight=1 - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=port) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) -#REMOVEME? port_component=$(ynh_app_setting_get --app=$app --key=port_component) -#REMOVEME? focus_user=$(ynh_app_setting_get --app=$app --key=focus_user) -#REMOVEME? videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user) - #================================================= # STANDARD REMOVE #================================================= @@ -43,20 +28,10 @@ then yunohost service remove $app-jicofo fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 - # Remove the dedicated systemd config ynh_remove_systemd_config --service=$app-videobridge ynh_remove_systemd_config --service=$app-jicofo -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 - # Remove the app-specific logrotate config ynh_remove_logrotate @@ -87,14 +62,6 @@ update-ca-certificates -f ynh_systemd_action --service_name=prosody --action=restart -#================================================= -# REMOVE APP MAIN DIR -#================================================= -#REMOVEME? ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -#REMOVEME? ynh_secure_remove --file="$install_dir" - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -106,10 +73,7 @@ ynh_remove_nginx_config #================================================= # REMOVE DEPENDENCIES #================================================= -#REMOVEME? ynh_script_progression --message="Removing dependencies..." --weight=1 - -# Remove metapackage and its dependencies -#REMOVEME? ynh_remove_app_dependencies +ynh_script_progression --message="Removing dependencies..." --weight=1 # Remove Prosody ynh_app_setting_delete --app=$app --key=require_prosody @@ -117,22 +81,6 @@ gpasswd --delete prosody $app ynh_remove_apps -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - -if yunohost firewall list | grep -q "\- $port_videobridge$" -then - ynh_script_progression --message="Closing port $port_videobridge..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow UDP $port_videobridge -fi - #================================================= # SPECIFIC REMOVE #================================================= @@ -151,11 +99,9 @@ ynh_secure_remove --file="/var/log/$app" #================================================= # REMOVE DEDICATED USER #================================================= -#REMOVEME? ynh_script_progression --message="Removing the dedicated system user..." --weight=1 +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 gpasswd --delete www-data $app -# Delete a system user -#REMOVEME? ynh_system_user_delete --username=$app #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 9dea477..44a0e08 100644 --- a/scripts/restore +++ b/scripts/restore @@ -10,55 +10,14 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -#REMOVEME? ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading settings..." --weight=1 - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) - -#REMOVEME? focus_user=$(ynh_app_setting_get --app=$app --key=focus_user) -#REMOVEME? focus_password=$(ynh_app_setting_get --app=$app --key=focus_password) -#REMOVEME? focus_secret=$(ynh_app_setting_get --app=$app --key=focus_secret) - -#REMOVEME? videobridge_user=$(ynh_app_setting_get --app=$app --key=videobridge_user) -#REMOVEME? videobridge_secret=$(ynh_app_setting_get --app=$app --key=videobridge_secret) - -#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=port) -#REMOVEME? port_videobridge=$(ynh_app_setting_get --app=$app --key=port_videobridge) -#REMOVEME? port_component=$(ynh_app_setting_get --app=$app --key=port_component) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -#REMOVEME? test ! -d $install_dir \ - || ynh_die --message="There is already a directory: $install_dir " - #================================================= # STANDARD RESTORATION STEPS #================================================= # RECREATE THE DEDICATED USER #================================================= -#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 # Create the dedicated user (if not existing) -#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir" gpasswd --add www-data $app #================================================= @@ -81,12 +40,12 @@ chown -R $app:$app "$install_dir" # Define and install dependencies ynh_install_apps --apps="$ynh_app_dependencies" -#REMOVEME? ynh_install_app_dependencies $pkg_dependencies + ynh_install_app_dependencies $pkg_dependencies if [ $YNH_ARCH == "armhf" ] then -#REMOVEME? ynh_script_progression --message="Installing specific arm dependencies..." --weight=1 -#REMOVEME? ynh_install_extra_app_dependencies --repo="deb http://security.debian.org/debian-security stretch/updates main" --package="$pkg_extra_depedencies_arm" --key="https://ftp-master.debian.org/keys/archive-key-9-security.asc" + ynh_script_progression --message="Installing specific arm dependencies..." --weight=1 + ynh_install_extra_app_dependencies --repo="deb http://security.debian.org/debian-security stretch/updates main" --package="$pkg_extra_depedencies_arm" --key="https://ftp-master.debian.org/keys/archive-key-9-security.asc" fi gpasswd --add prosody $app