From 9a121aece6d1a6e66ad6b7f47ac709b6f8cf1eec Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Date: Thu, 2 Aug 2018 21:55:26 +0200 Subject: [PATCH 01/14] set maintainer to yunohost-apps --- manifest.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index 668a6d4..a66dc0a 100644 --- a/manifest.json +++ b/manifest.json @@ -12,12 +12,14 @@ "yunohost": ">= 2.7.0" }, "maintainer": { - "name": "jibec", - "email": "jean-baptiste@holcroft.fr" + "name": "yunohost-apps" }, "previous_maintainers": [{ "name": "mbugeia", "email": "maxime@max.privy.place" + }, + {"name": "jibec", + "email": "jean-baptiste@holcroft.fr" }], "multi_instance": true, "services": [ From ca7324a1b4588fa549421ed39eb123fbb6d5c133 Mon Sep 17 00:00:00 2001 From: anmol Date: Wed, 21 Nov 2018 03:13:27 +0530 Subject: [PATCH 02/14] Added Fail2ban --- scripts/_common.sh | 64 ++++++++++++++++++++++++++++++++++++++++++++++ scripts/backup | 7 +++++ scripts/install | 6 +++++ scripts/remove | 6 +++++ scripts/restore | 8 ++++++ scripts/upgrade | 6 +++++ 6 files changed, 97 insertions(+) diff --git a/scripts/_common.sh b/scripts/_common.sh index 4169852..fc2b2ac 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -8,3 +8,67 @@ if [ "$(lsb_release --codename --short)" == "jessie" ]; then else pkg_dependencies="php-gd php-zip php-dom php-mbstring" fi + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +# Create a dedicated fail2ban config (jail and filter conf files) +# +# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]] +# | arg: log_file - Log file to be checked by fail2ban +# | arg: failregex - Failregex to be looked for by fail2ban +# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3 +# | arg: ports - Ports blocked for a banned IP address - default: http,https +ynh_add_fail2ban_config () { + # Process parameters + logpath=$1 + failregex=$2 + max_retry=${3:-3} + ports=${4:-http,https} + + test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." + test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." + + finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf" + finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf" + ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1 + ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1 + + sudo tee $finalfail2banjailconf <&2 + echo "WARNING${fail2ban_error#*WARNING}" >&2 + fi +} + +# Remove the dedicated fail2ban config (jail and filter conf files) +# +# usage: ynh_remove_fail2ban_config +ynh_remove_fail2ban_config () { + ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf" + ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf" + sudo systemctl restart fail2ban +} diff --git a/scripts/backup b/scripts/backup index 4ff3af0..d7f361a 100644 --- a/scripts/backup +++ b/scripts/backup @@ -55,6 +55,13 @@ ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup "/etc/fail2ban/jail.d/$app.conf" +ynh_backup "/etc/fail2ban/filter.d/$app.conf" + #================================================= # BACKUP THE MYSQL DATABASE #================================================= diff --git a/scripts/install b/scripts/install index c6be758..0ab5275 100644 --- a/scripts/install +++ b/scripts/install @@ -141,6 +141,12 @@ chown -R root:root "$final_path" chown -R "$app" "$final_path"/{data,plugins,sessions} chmod -R 700 "$final_path"/sessions +#================================================= +# SETUP FAIL2BAN +#================================================= + +ynh_add_fail2ban_config "/var/log/nginx/$domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: ,.*$" 5 + #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/remove b/scripts/remove index 06959c0..75929f6 100644 --- a/scripts/remove +++ b/scripts/remove @@ -53,3 +53,9 @@ ynh_remove_nginx_config #================================================= ynh_remove_fpm_config + +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= + +ynh_remove_fail2ban_config diff --git a/scripts/restore b/scripts/restore index b37c685..dcefb62 100644 --- a/scripts/restore +++ b/scripts/restore @@ -98,6 +98,14 @@ chmod -R 700 "$final_path"/sessions ynh_restore_file "/etc/php5/fpm/pool.d/${app}.conf" +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= + +ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +systemctl restart fail2ban + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 992d464..d02369e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -188,6 +188,12 @@ else ynh_app_setting_set "$app" unprotected_uris "/jsonrpc.php" fi +#================================================= +# SETUP FAIL2BAN +#================================================= + +ynh_add_fail2ban_config "/var/log/nginx/$domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: ,.*$" 5 + #================================================= # RELOAD NGINX #================================================= From 9dc5343a2749ebd86ad0d1afdc9ee1737238e7a1 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Wed, 5 Dec 2018 20:28:51 +0100 Subject: [PATCH 03/14] Update manifest.json --- manifest.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index a66dc0a..05ec499 100644 --- a/manifest.json +++ b/manifest.json @@ -12,13 +12,15 @@ "yunohost": ">= 2.7.0" }, "maintainer": { - "name": "yunohost-apps" + "name": "YunoHost Contributors", + "email": "apps@yunohost.org" }, "previous_maintainers": [{ "name": "mbugeia", "email": "maxime@max.privy.place" }, - {"name": "jibec", + { + "name": "jibec", "email": "jean-baptiste@holcroft.fr" }], "multi_instance": true, From fea19eca8720c0f7d4416f66067a8f1e2211bba8 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 3 Feb 2019 10:36:35 +0100 Subject: [PATCH 04/14] Upgrade to upstream version 1.2.8 --- README.md | 2 +- conf/app.src | 4 ++-- manifest.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ce7cdd4..9f95fcc 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ From command line: Infos ----- -Kanboard v1.2.0 +Kanboard v1.2.8 Yunohost forum thread: diff --git a/conf/app.src b/conf/app.src index 4649788..0d09959 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,4 +1,4 @@ -SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.3.tar.gz -SOURCE_SUM=e0b013df560bf5f60a6f43bf5499e90ca6e793808e5e0fb48e86ef31a234d062 +SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.8.tar.gz +SOURCE_SUM=04c1d863918383f53cf98f7a3e989728eecbb90d0ae0d5ebaf0c8a1151b3f771 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz diff --git a/manifest.json b/manifest.json index 05ec499..14bd5d1 100644 --- a/manifest.json +++ b/manifest.json @@ -5,7 +5,7 @@ "description": { "en": "Kanboard is a simple visual task board web application" }, - "version": "1.2.3~ynh1", + "version": "1.2.8~ynh1", "url": "https://kanboard.net/", "license": "AGPL-3.0", "requirements": { From 3c094585277e245d8544d8f32e7fd1b54e9c9197 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 15 Feb 2019 19:49:22 +0100 Subject: [PATCH 05/14] Normalization from example_ynh --- check_process | 7 +-- conf/app.src | 2 + conf/config.php | 12 ++--- conf/nginx.conf | 5 ++ manifest.json | 12 ++--- scripts/backup | 22 +++----- scripts/install | 81 ++++++++++++++-------------- scripts/remove | 25 ++++++--- scripts/restore | 68 ++++++++++-------------- scripts/upgrade | 137 +++++++++++++++++++++++++----------------------- 10 files changed, 185 insertions(+), 186 deletions(-) diff --git a/check_process b/check_process index 5e6b4fb..7527ae6 100644 --- a/check_process +++ b/check_process @@ -1,5 +1,4 @@ ;; Test complet - auto_remove=1 ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) @@ -16,13 +15,9 @@ upgrade=1 from_commit=f159f7a9bdbe470ec026edf09a6eebf10f23425e backup_restore=1 multi_instance=1 - wrong_user=1 - wrong_path=1 incorrect_path=1 - corrupt_source=0 - fail_download_source=0 port_already_use=0 - final_path_already_use=0 + change_url=0 ;;; Levels Level 1=auto Level 2=auto diff --git a/conf/app.src b/conf/app.src index 0d09959..474e2e6 100644 --- a/conf/app.src +++ b/conf/app.src @@ -2,3 +2,5 @@ SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.8.tar.gz SOURCE_SUM=04c1d863918383f53cf98f7a3e989728eecbb90d0ae0d5ebaf0c8a1151b3f771 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/config.php b/conf/config.php index 5269a5a..6b8b1e2 100644 --- a/conf/config.php +++ b/conf/config.php @@ -34,7 +34,7 @@ define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files'); define('MAIL_CONFIGURATION', true); // E-mail address for the "From" header (notifications) -define('MAIL_FROM', 'yuno_email'); +define('MAIL_FROM', '__EMAIL__'); // Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid" define('MAIL_TRANSPORT', 'mail'); @@ -58,16 +58,16 @@ define('DB_RUN_MIGRATIONS', false); define('DB_DRIVER', 'mysql'); // Mysql/Postgres username -define('DB_USERNAME', 'yuno_dbuser'); +define('DB_USERNAME', '__DB_NAME__'); // Mysql/Postgres password -define('DB_PASSWORD', 'yuno_dbpdw'); +define('DB_PASSWORD', '__DB_PWD__'); // Mysql/Postgres hostname define('DB_HOSTNAME', 'localhost'); // Mysql/Postgres database name -define('DB_NAME', 'yuno_dbuser'); +define('DB_NAME', '__DB_NAME__'); // Mysql/Postgres custom port (null = default port) define('DB_PORT', null); @@ -180,10 +180,10 @@ define('REVERSE_PROXY_AUTH', true); define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER'); // Username of the admin, by default blank -define('REVERSE_PROXY_DEFAULT_ADMIN', 'yuno_admin'); +define('REVERSE_PROXY_DEFAULT_ADMIN', '__USER__'); // Default domain to use for setting the email address -define('REVERSE_PROXY_DEFAULT_DOMAIN', 'yuno_domain'); +define('REVERSE_PROXY_DEFAULT_DOMAIN', '__DOMAIN__'); // Enable/disable remember me authentication define('REMEMBER_ME_AUTH', false); diff --git a/conf/nginx.conf b/conf/nginx.conf index c11efaa..20707a5 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,9 +1,14 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { + + # Path to source alias __FINALPATH__/; + + # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } + index index.php; client_max_body_size 50M; try_files $uri $uri/ /index.php?$args; diff --git a/manifest.json b/manifest.json index 14bd5d1..9659812 100644 --- a/manifest.json +++ b/manifest.json @@ -33,36 +33,36 @@ "install": [ { "name": "domain", + "type": "domain", "ask": { "en": "Choose a domain for Kanboard" }, - "example": "domain.org", - "type": "domain" + "example": "domain.org" }, { "name": "path", + "type": "path", "ask": { "en": "Choose a path for Kanboard" }, - "type": "path", "example": "/kanboard", "default": "/kanboard" }, { "name": "admin", + "type": "user", "ask": { "en": "Choose the admin user for Kanboard" }, - "type": "user", "example": "johndoe" }, { "name": "is_public", + "type": "boolean", "ask": { "en": "Is it a public site ?" }, - "type": "boolean", - "default": "0" + "default": false } ] } diff --git a/scripts/backup b/scripts/backup index d7f361a..5a45159 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,12 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -27,12 +22,9 @@ ynh_abort_if_errors app=$YNH_APP_INSTANCE_NAME -# Set app specific variables -dbname=$app - -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) -final_path=$(ynh_app_setting_get "$app" final_path) +domain=$(ynh_app_setting_get $app domain) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) #================================================= # STANDARD BACKUP STEPS @@ -40,14 +32,13 @@ final_path=$(ynh_app_setting_get "$app" final_path) # BACKUP THE APP MAIN DIR #================================================= -# Copy the app source files ynh_backup "$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION @@ -66,4 +57,5 @@ ynh_backup "/etc/fail2ban/filter.d/$app.conf" # BACKUP THE MYSQL DATABASE #================================================= -ynh_mysql_dump_db "$dbname" > ./db.sql +ynh_mysql_dump_db "$db_name" > db.sql + diff --git a/scripts/install b/scripts/install index 0ab5275..5613042 100644 --- a/scripts/install +++ b/scripts/install @@ -20,7 +20,6 @@ ynh_abort_if_errors # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -# Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN @@ -33,14 +32,12 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # Check destination directory -final_path="/var/www/$app" +final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax path_url=$(ynh_normalize_url_path "$path_url") -# Check web path availability -ynh_webpath_available "$domain" "$path_url" # Register (book) web path ynh_webpath_register "$app" "$domain" "$path_url" @@ -48,16 +45,13 @@ ynh_webpath_register "$app" "$domain" "$path_url" # STORE SETTINGS FROM MANIFEST #================================================= -ynh_app_setting_set "$app" domain "$domain" -ynh_app_setting_set "$app" final_path "$final_path" -ynh_app_setting_set "$app" adminusername "$admin" -ynh_app_setting_set "$app" is_public "$is_public" - +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set $app adminusername $admin +ynh_app_setting_set $app is_public $is_public #================================================= # STANDARD MODIFICATIONS -#================================================= - #================================================= # INSTALL DEPENDENCIES #================================================= @@ -68,27 +62,25 @@ ynh_install_app_dependencies $pkg_dependencies # CREATE A MYSQL DATABASE #================================================ -# Generate random password -dbpass=$(ynh_string_random) -dbname=$app -dbuser=$app - -# Initialize database and store mysql password for upgrade -ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -ynh_app_setting_set "$app" mysqlpwd "$dbpass" +db_name=$(ynh_sanitize_dbid $app) +ynh_app_setting_set $app db_name $db_name +ynh_mysql_setup_db $db_name $db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_app_setting_set $app final_path $final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" -mkdir -p "$final_path"/sessions/ + +mkdir -p $final_path/sessions/ #================================================= # NGINX CONFIGURATION #================================================= +# Create a dedicated nginx config ynh_add_nginx_config #================================================= @@ -96,39 +88,39 @@ ynh_add_nginx_config #================================================= # Create a system user -ynh_system_user_create "$app" +ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= +# Create a dedicated php-fpm config ynh_add_fpm_config #================================================= # SPECIFIC SETUP #================================================= -# Create config.php +# CREATE CONFIG.PHP #================================================= # Retrieve admin email -email=$(ynh_user_get_info "$admin" mail) +email=$(ynh_user_get_info $admin mail) # Copy and edit config.php config_php="${final_path}/config.php" cp ../conf/config.php "$config_php" -ynh_replace_string "yuno_dbpdw" "$dbpass" "$config_php" -ynh_replace_string "yuno_dbuser" "$dbuser" "$config_php" -ynh_replace_string "yuno_admin" "$admin" "$config_php" -ynh_replace_string "yuno_email" "$email" "$config_php" -ynh_replace_string "yuno_domain" "$domain" "$config_php" +ynh_replace_string "__DB_PWD__" "$db_pwd" "$config_php" +ynh_replace_string "__DB_NAME__" $db_name "$config_php" +ynh_replace_string "__USER__" $admin "$config_php" +ynh_replace_string "__EMAIL__" $email "$config_php" +ynh_replace_string "__DOMAIN__" $domain "$config_php" #================================================= -# Database initialization +# DATABASE INITIALIZATION #================================================= -# Init database -ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < "${final_path}/app/Schema/Sql/mysql.sql" +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "${final_path}/app/Schema/Sql/mysql.sql" #================================================= # GENERIC FINALIZATION @@ -136,10 +128,10 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < "${final_path}/app/Schema/S # SECURE FILES AND DIRECTORIES #================================================ -# Set permissions to kanboard and data directory -chown -R root:root "$final_path" -chown -R "$app" "$final_path"/{data,plugins,sessions} -chmod -R 700 "$final_path"/sessions +# Set permissions to app files +chown -R root: $final_path +chown -R $app $final_path/{data,plugins,sessions} +chmod -R 700 $final_path/sessions #================================================= # SETUP FAIL2BAN @@ -163,21 +155,26 @@ else fi # Make app public or private -if [[ "$is_public" -eq 1 ]]; +if [ $is_public -eq 1 ] then - ynh_app_setting_set "$app" unprotected_uris "/" + ynh_app_setting_set $app unprotected_uris "/" ynh_replace_string "define('LDAP_AUTH'.*$" "define('LDAP_AUTH', true);" "$config_php" ynh_replace_string "define('HIDE_LOGIN_FORM'.*$" "define('HIDE_LOGIN_FORM', false);" "$config_php" ynh_replace_string "define('REMEMBER_ME_AUTH'.*$" "define('REMEMBER_ME_AUTH', true);" "$config_php" ynh_replace_string "define('DISABLE_LOGOUT'.*$" "define('DISABLE_LOGOUT', false);" "$config_php" else - ynh_app_setting_set "$app" unprotected_uris "/jsonrpc.php" + ynh_app_setting_set $app unprotected_uris "/jsonrpc.php" fi +# Calculate and store the config file checksum into the app settings +ynh_store_file_checksum "$config_php" + +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx + #================================================= -# RELOAD NGINX & PHP5-FPM #================================================= -# Reload services -service php5-fpm restart -service nginx reload diff --git a/scripts/remove b/scripts/remove index 75929f6..b5df36f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -15,12 +15,13 @@ source /usr/share/yunohost/helpers app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get "$app" domain) -final_path=$(ynh_app_setting_get "$app" final_path) - -dbname=$app -dbuser=$app +domain=$(ynh_app_setting_get $app domain) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) +final_path=$(ynh_app_setting_get $app final_path) +#================================================= +# STANDARD REMOVE #================================================= # REMOVE DEPENDENCIES #================================================= @@ -33,12 +34,13 @@ ynh_remove_app_dependencies #================================================= # Remove a database if it exists, along with the associated user -ynh_mysql_remove_db "$dbuser" "$dbname" +ynh_mysql_remove_db $db_name $db_name #================================================= # REMOVE APP MAIN DIR #================================================= +# Remove the app directory securely ynh_secure_remove "$final_path" #================================================= @@ -52,10 +54,21 @@ ynh_remove_nginx_config # REMOVE PHP-FPM CONFIGURATION #================================================= +# Remove the dedicated php-fpm config ynh_remove_fpm_config +#================================================= +# GENERIC FINALIZATION #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= ynh_remove_fail2ban_config + +#================================================= +# REMOVE DEDICATED USER +#================================================= + +# Delete a system user +ynh_system_user_delete $app + diff --git a/scripts/restore b/scripts/restore index dcefb62..485a9b9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,12 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -21,22 +16,16 @@ source /usr/share/yunohost/helpers # Exit if an error occurs during the execution of the script ynh_abort_if_errors - #================================================= # LOAD SETTINGS #================================================= app=$YNH_APP_INSTANCE_NAME -# Set app specific variables -dbname=$app -dbuser=$app - -# Retrieve old app settings -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_app_setting_get "$app" path) -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) -final_path=$(ynh_app_setting_get "$app" final_path) +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -44,59 +33,57 @@ final_path=$(ynh_app_setting_get "$app" final_path) ynh_webpath_available $domain $path_url \ || ynh_die "Path not available: ${domain}${path_url}" - test ! -d $final_path \ -|| ynh_die "There is already a directory: $final_path " + || ynh_die "There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS -#================================================= -# REINSTALL DEPENDENCIES -#================================================= - -# Define and install dependencies -ynh_install_app_dependencies $pkg_dependencies - #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -# Restore the app files ynh_restore_file "$final_path" -#================================================= -# RESTORE THE MYSQL DATABASE -#================================================= - -ynh_mysql_setup_db "$dbuser" "$dbname" "$dbpass" -ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql - #================================================= # RECREATE THE DEDICATED USER #================================================= # Create the dedicated user (if not existing) -ynh_system_user_create "$app" +ynh_system_user_create $app #================================================= # RESTORE USER RIGHTS #================================================= -chown -R root:root "$final_path" -chown -R "$app" "$final_path"/{data,plugins,sessions} -chmod -R 700 "$final_path"/sessions +# Restore permissions to app files +chown -R $app $final_path/{data,plugins,sessions} #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file "/etc/php5/fpm/pool.d/${app}.conf" + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= + +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= + +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_mysql_setup_db $db_name $db_name $db_pwd +ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql #================================================= # RESTORE FAIL2BAN CONFIGURATION @@ -113,4 +100,5 @@ systemctl restart fail2ban #================================================= service php5-fpm restart -service nginx reload +systemctl reload nginx + diff --git a/scripts/upgrade b/scripts/upgrade index d02369e..30b6303 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -10,59 +10,47 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST +# LOAD SETTINGS #================================================= app=$YNH_APP_INSTANCE_NAME -# Set app specific variables -dbuser=$app +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +admin=$(ynh_app_setting_get $app adminusername) +is_public=$(ynh_app_setting_get $app is_public) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) -# Retrieve settings -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_app_setting_get "$app" path) -admin=$(ynh_app_setting_get "$app" adminusername) -email=$(ynh_user_get_info "$admin" mail) -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) -is_public=$(ynh_app_setting_get "$app" is_public) -final_path=$(ynh_app_setting_get "$app" final_path) - -if [[ -z "$is_public" ]] -then # Old version doesnt have is_public settings - is_public=0 - ynh_app_setting_set "$app" is_public "$is_public" -fi +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set "$app" is_public 1 + ynh_app_setting_set $app is_public 1 is_public=1 elif [ "$is_public" = "No" ]; then - ynh_app_setting_set "$app" is_public 0 + ynh_app_setting_set $app is_public 0 is_public=0 fi +# If db_name doesn't exist, create it +if [ -z $db_name ]; then + db_name=$(ynh_sanitize_dbid $app) + ynh_app_setting_set $app db_name $db_name +fi + # If final_path doesn't exist, create it -if [[ -z "$final_path" ]] -then - final_path="/var/www/$app" - ynh_app_setting_set "$app" final_path "$final_path" +if [ -z $final_path ]; then + final_path=/var/www/$app + ynh_app_setting_set $app final_path $final_path fi #================================================= -# CHECK THE PATH +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -# Normalize the URL path syntax -path_url=$(ynh_normalize_url_path $path_url) - # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { @@ -72,6 +60,13 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -81,6 +76,7 @@ ynh_abort_if_errors # Move old app dir mv "$final_path" "$final_path.old" +# Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" mkdir -p "$final_path"/sessions @@ -106,8 +102,8 @@ ynh_add_nginx_config # CREATE DEDICATED USER #================================================= -# Create a system user -ynh_system_user_create "$app" +# Create a dedicated user (if not existing) +ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION @@ -117,7 +113,7 @@ ynh_system_user_create "$app" ynh_add_fpm_config #================================================= -# INSTALL DEPENDENCIES +# UPGRADE DEPENDENCIES #================================================= ynh_install_app_dependencies $pkg_dependencies @@ -125,29 +121,35 @@ ynh_install_app_dependencies $pkg_dependencies #================================================= # SPECIFIC UPGRADE #================================================= -# Create config.php +# CREATE CONFIG.PHP #================================================= +# Retrieve admin email +email=$(ynh_user_get_info $admin mail) + # Copy and edit config.php -config_php="$final_path/config.php" -cp ../conf/config.php "$config_php" +config_php="${final_path}/config.php" -ynh_replace_string "yuno_dbpdw" "$dbpass" "$config_php" -ynh_replace_string "yuno_dbuser" "$dbuser" "$config_php" -ynh_replace_string "yuno_admin" "$admin" "$config_php" -ynh_replace_string "yuno_email" "$email" "$config_php" -ynh_replace_string "yuno_domain" "$domain" "$config_php" +ynh_backup_if_checksum_is_different "$config_php" + +cp ../conf/config.php "$config_php" +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_replace_string "__DB_PWD__" "$db_pwd" "$config_php" +ynh_replace_string "__DB_NAME__" $db_name "$config_php" +ynh_replace_string "__USER__" $admin "$config_php" +ynh_replace_string "__EMAIL__" $email "$config_php" +ynh_replace_string "__DOMAIN__" $domain "$config_php" #================================================= -# Database initialization +# UPGRADE KANBOARD #================================================= ( - cd "$final_path" - # Launch database migratio - php cli db:migrate --no-interaction --verbose - # Launch plugins migration - php cli plugin:upgrade --no-interaction --verbose + cd "$final_path" + # Launch database migration + php cli db:migrate --no-interaction --verbose + # Launch plugins migration + php cli plugin:upgrade --no-interaction --verbose ) #================================================= @@ -156,13 +158,13 @@ ynh_replace_string "yuno_domain" "$domain" "$config_php" # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions to kanboard and data directory -chown -R root:root "$final_path" -chown -R "$app" "$final_path"/{data,plugins,sessions} -chmod -R 700 "$final_path"/sessions +# Set permissions to app files +chown -R root: $final_path +chown -R $app $final_path/{data,plugins,sessions} +chmod -R 700 $final_path/sessions #================================================= -# SETUP SSOWAT +# SETUP FAIL2BAN #================================================= if [[ "$path_url" == "/" ]] @@ -175,28 +177,33 @@ else ynh_replace_string "^#sub_path_only" "" "$finalnginxconf" ynh_store_file_checksum "$finalnginxconf" fi +#================================================= +# SETUP SSOWAT +#================================================= # Make app public or private -if [[ "$is_public" -eq 1 ]]; +if [ $is_public -eq 1 ] then - ynh_app_setting_set "$app" unprotected_uris "/" + ynh_app_setting_set $app unprotected_uris "/" ynh_replace_string "define('LDAP_AUTH'.*$" "define('LDAP_AUTH', true);" "$config_php" ynh_replace_string "define('HIDE_LOGIN_FORM'.*$" "define('HIDE_LOGIN_FORM', false);" "$config_php" ynh_replace_string "define('REMEMBER_ME_AUTH'.*$" "define('REMEMBER_ME_AUTH', true);" "$config_php" ynh_replace_string "define('DISABLE_LOGOUT'.*$" "define('DISABLE_LOGOUT', false);" "$config_php" else - ynh_app_setting_set "$app" unprotected_uris "/jsonrpc.php" + ynh_app_setting_set $app unprotected_uris "/jsonrpc.php" fi -#================================================= -# SETUP FAIL2BAN -#================================================= - -ynh_add_fail2ban_config "/var/log/nginx/$domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: ,.*$" 5 +# Calculate and store the config file checksum into the app settings +ynh_store_file_checksum "$config_php" #================================================= # RELOAD NGINX #================================================= -service php5-fpm restart +ynh_add_fail2ban_config "/var/log/nginx/$domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: ,.*$" 5 systemctl reload nginx + +#================================================= +#================================================= + +service php5-fpm restart From fb7af31512a767c3c6fecbe76730ce2c5ad9c13c Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 15 Feb 2019 19:50:59 +0100 Subject: [PATCH 06/14] Use php7 --- conf/php-fpm.conf | 415 +++++++++++++++++++++++++++++++++++++++++++--- manifest.json | 8 +- scripts/backup | 2 +- scripts/restore | 3 +- scripts/upgrade | 1 - 5 files changed, 396 insertions(+), 33 deletions(-) diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 2a80b9b..3188f72 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,70 +1,433 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) [__NAMETOCHANGE__] -; The address on which to accept FastCGI requests. -listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock -; Set permissions for unix socket, if one is used. -listen.owner = www-data -listen.group = www-data -listen.mode = 0600 +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool -; Unix user/group of processes. +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. user = __USER__ group = __USER__ +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + ; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. pm = dynamic ; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. pm.max_children = 6 ; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 pm.start_servers = 3 ; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' pm.min_spare_servers = 3 ; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' pm.max_spare_servers = 5 +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + ; The number of requests each child process should execute before respawning. -pm.max_requests = 500 +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. -pm.status_path = /fpm-status +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.0/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status ; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. -ping.path = /ping +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping -; The timeout for serving a single request after which the worker process will -; be killed. -request_terminate_timeout = 1d +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. -request_slowlog_timeout = 5s +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 -; The log file for slow requests. -slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d ; Set open file descriptor rlimit. -rlimit_files = 4096 +; Default Value: system defined value +;rlimit_files = 1024 ; Set max core size rlimit. -rlimit_core = 0 +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = ; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot chdir = __FINALPATH__ -; Redirect worker stdout and stderr into main error log. -catch_workers_output = yes +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes -; Do not clear environment in FPM workers. -clear_env = no +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no -; Additional php.ini defines, specific to this pool of workers. +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M + +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On php_value[upload_max_filesize] = 10G php_value[post_max_size] = 10G php_value[default_charset] = UTF-8 diff --git a/manifest.json b/manifest.json index 9659812..f10c64c 100644 --- a/manifest.json +++ b/manifest.json @@ -8,13 +8,13 @@ "version": "1.2.8~ynh1", "url": "https://kanboard.net/", "license": "AGPL-3.0", - "requirements": { - "yunohost": ">= 2.7.0" - }, "maintainer": { "name": "YunoHost Contributors", "email": "apps@yunohost.org" }, + "requirements": { + "yunohost": ">= 3.0" + }, "previous_maintainers": [{ "name": "mbugeia", "email": "maxime@max.privy.place" @@ -26,7 +26,7 @@ "multi_instance": true, "services": [ "nginx", - "php5-fpm", + "php7.0-fpm", "mysql" ], "arguments": { diff --git a/scripts/backup b/scripts/backup index 5a45159..7c587ab 100644 --- a/scripts/backup +++ b/scripts/backup @@ -44,7 +44,7 @@ ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" +ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # BACKUP FAIL2BAN CONFIGURATION diff --git a/scripts/restore b/scripts/restore index 485a9b9..8fdb537 100644 --- a/scripts/restore +++ b/scripts/restore @@ -68,6 +68,7 @@ chown -R $app $final_path/{data,plugins,sessions} # RESTORE THE PHP-FPM CONFIGURATION #================================================= +ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # SPECIFIC RESTORATION @@ -99,6 +100,6 @@ systemctl restart fail2ban # RELOAD NGINX AND PHP-FPM #================================================= -service php5-fpm restart +systemctl reload php7.0-fpm systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index 30b6303..8d79865 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -206,4 +206,3 @@ systemctl reload nginx #================================================= #================================================= -service php5-fpm restart From 32f538338b3f8815343ee01c63a65142f0643f52 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 15 Feb 2019 19:52:01 +0100 Subject: [PATCH 07/14] Use php7 --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 20707a5..1048a82 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -18,7 +18,7 @@ location __PATH__/ { location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; From 6926d8e18a0ab43e9ff8727f5f0712f9e16ff823 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 15 Feb 2019 19:54:10 +0100 Subject: [PATCH 08/14] Update helpers --- scripts/_common.sh | 155 ++++++++++++++++++++++------- scripts/_getopts_fix.sh | 213 ++++++++++++++++++++++++++++++++++++++++ scripts/install | 5 +- scripts/upgrade | 5 +- 4 files changed, 340 insertions(+), 38 deletions(-) create mode 100644 scripts/_getopts_fix.sh diff --git a/scripts/_common.sh b/scripts/_common.sh index fc2b2ac..fd87c47 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,41 +1,122 @@ #!/bin/bash -# -# Common variables -# - -if [ "$(lsb_release --codename --short)" == "jessie" ]; then - pkg_dependencies="php5-gd" -else - pkg_dependencies="php-gd php-zip php-dom php-mbstring" -fi #================================================= -# EXPERIMENTAL HELPERS +# COMMON VARIABLES +#================================================= + +pkg_dependencies="php-gd php-zip php-dom php-mbstring" + +#================================================= +# FUTURE OFFICIAL HELPERS #================================================= # Create a dedicated fail2ban config (jail and filter conf files) # -# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]] -# | arg: log_file - Log file to be checked by fail2ban -# | arg: failregex - Failregex to be looked for by fail2ban -# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3 -# | arg: ports - Ports blocked for a banned IP address - default: http,https +# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports] +# | arg: -l, --logpath= - Log file to be checked by fail2ban +# | arg: -r, --failregex= - Failregex to be looked for by fail2ban +# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3 +# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https +# +# ----------------------------------------------------------------------------- +# +# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"] +# | arg: -t, --use_template - Use this helper in template mode +# | arg: -v, --others_var= - List of others variables to replace separeted by a space +# | for example : 'var_1 var_2 ...' +# +# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf +# __APP__ by $app +# +# You can dynamically replace others variables by example : +# __VAR_1__ by $var_1 +# __VAR_2__ by $var_2 +# +# Generally your template will look like that by example (for synapse): +# +# f2b_jail.conf: +# [__APP__] +# enabled = true +# port = http,https +# filter = __APP__ +# logpath = /var/log/__APP__/logfile.log +# maxretry = 3 +# +# f2b_filter.conf: +# [INCLUDES] +# before = common.conf +# [Definition] +# +# # Part of regex definition (just used to make more easy to make the global regex) +# __synapse_start_line = .? \- synapse\..+ \- +# +# # Regex definition. +# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- \- \d+ \- Received request\: POST /_matrix/client/r0/login\??%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$ +# +# ignoreregex = +# +# ----------------------------------------------------------------------------- +# +# Note about the "failregex" option: +# regex to match the password failure messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# +# You can find some more explainations about how to make a regex here : +# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters +# +# Note that the logfile need to exist before to call this helper !! +# +# To validate your regex you can test with this command: +# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf +# ynh_add_fail2ban_config () { - # Process parameters - logpath=$1 - failregex=$2 - max_retry=${3:-3} - ports=${4:-http,https} - - test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." - test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." - + # Declare an array to define the options of this helper. + declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=) + local logpath + local failregex + local max_retry + local ports + local others_var + local use_template + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + use_template="${use_template:-0}" + max_retry=${max_retry:-3} + ports=${ports:-http,https} + finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf" finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1 - ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1 - - sudo tee $finalfail2banjailconf <&2 - echo "WARNING${fail2ban_error#*WARNING}" >&2 + if [[ -n "$fail2ban_error" ]]; then + ynh_print_err "Fail2ban failed to load the jail for $app" + ynh_print_warn "${fail2ban_error#*WARNING}" fi } @@ -70,5 +153,5 @@ EOF ynh_remove_fail2ban_config () { ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf" ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf" - sudo systemctl restart fail2ban + systemctl try-reload-or-restart fail2ban } diff --git a/scripts/_getopts_fix.sh b/scripts/_getopts_fix.sh new file mode 100644 index 0000000..25a71be --- /dev/null +++ b/scripts/_getopts_fix.sh @@ -0,0 +1,213 @@ +#!/bin/bash + +#================================================= +# FIX OF YNH_HANDLE_GETOPTS_ARGS FROM UNSTABLE +#================================================= + +# Internal helper design to allow helpers to use getopts to manage their arguments +# +# [internal] +# +# example: function my_helper() +# { +# declare -Ar args_array=( [a]=arg1= [b]=arg2= [c]=arg3 ) +# local arg1 +# local arg2 +# local arg3 +# ynh_handle_getopts_args "$@" +# +# [...] +# } +# my_helper --arg1 "val1" -b val2 -c +# +# usage: ynh_handle_getopts_args "$@" +# | arg: $@ - Simply "$@" to tranfert all the positionnal arguments to the function +# +# This helper need an array, named "args_array" with all the arguments used by the helper +# that want to use ynh_handle_getopts_args +# Be carreful, this array has to be an associative array, as the following example: +# declare -Ar args_array=( [a]=arg1 [b]=arg2= [c]=arg3 ) +# Let's explain this array: +# a, b and c are short options, -a, -b and -c +# arg1, arg2 and arg3 are the long options associated to the previous short ones. --arg1, --arg2 and --arg3 +# For each option, a short and long version has to be defined. +# Let's see something more significant +# declare -Ar args_array=( [u]=user [f]=finalpath= [d]=database ) +# +# NB: Because we're using 'declare' without -g, the array will be declared as a local variable. +# +# Please keep in mind that the long option will be used as a variable to store the values for this option. +# For the previous example, that means that $finalpath will be fill with the value given as argument for this option. +# +# Also, in the previous example, finalpath has a '=' at the end. That means this option need a value. +# So, the helper has to be call with --finalpath /final/path, --finalpath=/final/path or -f /final/path, the variable $finalpath will get the value /final/path +# If there's many values for an option, -f /final /path, the value will be separated by a ';' $finalpath=/final;/path +# For an option without value, like --user in the example, the helper can be called only with --user or -u. $user will then get the value 1. +# +# To keep a retrocompatibility, a package can still call a helper, using getopts, with positional arguments. +# The "legacy mode" will manage the positional arguments and fill the variable in the same order than they are given in $args_array. +# e.g. for `my_helper "val1" val2`, arg1 will be filled with val1, and arg2 with val2. +ynh_handle_getopts_args () { + # Manage arguments only if there's some provided + set +x + if [ $# -ne 0 ] + then + # Store arguments in an array to keep each argument separated + local arguments=("$@") + + # For each option in the array, reduce to short options for getopts (e.g. for [u]=user, --user will be -u) + # And built parameters string for getopts + # ${!args_array[@]} is the list of all option_flags in the array (An option_flag is 'u' in [u]=user, user is a value) + local getopts_parameters="" + local option_flag="" + for option_flag in "${!args_array[@]}" + do + # Concatenate each option_flags of the array to build the string of arguments for getopts + # Will looks like 'abcd' for -a -b -c -d + # If the value of an option_flag finish by =, it's an option with additionnal values. (e.g. --user bob or -u bob) + # Check the last character of the value associate to the option_flag + if [ "${args_array[$option_flag]: -1}" = "=" ] + then + # For an option with additionnal values, add a ':' after the letter for getopts. + getopts_parameters="${getopts_parameters}${option_flag}:" + else + getopts_parameters="${getopts_parameters}${option_flag}" + fi + # Check each argument given to the function + local arg="" + # ${#arguments[@]} is the size of the array + for arg in `seq 0 $(( ${#arguments[@]} - 1 ))` + do + # And replace long option (value of the option_flag) by the short option, the option_flag itself + # (e.g. for [u]=user, --user will be -u) + # Replace long option with = + arguments[arg]="${arguments[arg]//--${args_array[$option_flag]}/-${option_flag} }" + # And long option without = + arguments[arg]="${arguments[arg]//--${args_array[$option_flag]%=}/-${option_flag}}" + done + done + + # Read and parse all the arguments + # Use a function here, to use standart arguments $@ and be able to use shift. + parse_arg () { + # Read all arguments, until no arguments are left + while [ $# -ne 0 ] + do + # Initialize the index of getopts + OPTIND=1 + # Parse with getopts only if the argument begin by -, that means the argument is an option + # getopts will fill $parameter with the letter of the option it has read. + local parameter="" + getopts ":$getopts_parameters" parameter || true + + if [ "$parameter" = "?" ] + then + ynh_die --message="Invalid argument: -${OPTARG:-}" + elif [ "$parameter" = ":" ] + then + ynh_die --message="-$OPTARG parameter requires an argument." + else + local shift_value=1 + # Use the long option, corresponding to the short option read by getopts, as a variable + # (e.g. for [u]=user, 'user' will be used as a variable) + # Also, remove '=' at the end of the long option + # The variable name will be stored in 'option_var' + local option_var="${args_array[$parameter]%=}" + # If this option doesn't take values + # if there's a '=' at the end of the long option name, this option takes values + if [ "${args_array[$parameter]: -1}" != "=" ] + then + # 'eval ${option_var}' will use the content of 'option_var' + eval ${option_var}=1 + else + # Read all other arguments to find multiple value for this option. + # Load args in a array + local all_args=("$@") + + # If the first argument is longer than 2 characters, + # There's a value attached to the option, in the same array cell + if [ ${#all_args[0]} -gt 2 ]; then + # Remove the option and the space, so keep only the value itself. + all_args[0]="${all_args[0]#-${parameter} }" + # Reduce the value of shift, because the option has been removed manually + shift_value=$(( shift_value - 1 )) + fi + + # Declare the content of option_var as a variable. + eval ${option_var}="" + # Then read the array value per value + local i + for i in `seq 0 $(( ${#all_args[@]} - 1 ))` + do + # If this argument is an option, end here. + if [ "${all_args[$i]:0:1}" == "-" ] + then + # Ignore the first value of the array, which is the option itself + if [ "$i" -ne 0 ]; then + break + fi + else + # Else, add this value to this option + # Each value will be separated by ';' + if [ -n "${!option_var}" ] + then + # If there's already another value for this option, add a ; before adding the new value + eval ${option_var}+="\;" + fi + # Escape double quote to prevent any interpretation during the eval + all_args[$i]="${all_args[$i]//\"/\\\"}" + + eval ${option_var}+=\"${all_args[$i]}\" + shift_value=$(( shift_value + 1 )) + fi + done + fi + fi + + # Shift the parameter and its argument(s) + shift $shift_value + done + } + + # LEGACY MODE + # Check if there's getopts arguments + if [ "${arguments[0]:0:1}" != "-" ] + then + # If not, enter in legacy mode and manage the arguments as positionnal ones.. + # Dot not echo, to prevent to go through a helper output. But print only in the log. + set -x; echo "! Helper used in legacy mode !" > /dev/null; set +x + local i + for i in `seq 0 $(( ${#arguments[@]} -1 ))` + do + # Try to use legacy_args as a list of option_flag of the array args_array + # Otherwise, fallback to getopts_parameters to get the option_flag. But an associative arrays isn't always sorted in the correct order... + # Remove all ':' in getopts_parameters + getopts_parameters=${legacy_args:-${getopts_parameters//:}} + # Get the option_flag from getopts_parameters, by using the option_flag according to the position of the argument. + option_flag=${getopts_parameters:$i:1} + if [ -z "$option_flag" ]; then + ynh_print_warn --message="Too many arguments ! \"${arguments[$i]}\" will be ignored." + continue + fi + # Use the long option, corresponding to the option_flag, as a variable + # (e.g. for [u]=user, 'user' will be used as a variable) + # Also, remove '=' at the end of the long option + # The variable name will be stored in 'option_var' + local option_var="${args_array[$option_flag]%=}" + + # Escape double quote to prevent any interpretation during the eval + arguments[$i]="${arguments[$i]//\"/\\\"}" + + # Store each value given as argument in the corresponding variable + # The values will be stored in the same order than $args_array + eval ${option_var}+=\"${arguments[$i]}\" + done + unset legacy_args + else + # END LEGACY MODE + # Call parse_arg and pass the modified list of args as an array of arguments. + parse_arg "${arguments[@]}" + fi + fi + set -x +} diff --git a/scripts/install b/scripts/install index 5613042..295f144 100644 --- a/scripts/install +++ b/scripts/install @@ -8,6 +8,9 @@ source _common.sh source /usr/share/yunohost/helpers +# Overload the helper ynh_handle_getopts_args to have fixes from unstable. +# Needed for ynh_add_fail2ban_config +source _getopts_fix.sh #================================================= # MANAGE SCRIPT FAILURE @@ -137,7 +140,7 @@ chmod -R 700 $final_path/sessions # SETUP FAIL2BAN #================================================= -ynh_add_fail2ban_config "/var/log/nginx/$domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: ,.*$" 5 +ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: ,.*$" --max_retry=5 #================================================= # SETUP SSOWAT diff --git a/scripts/upgrade b/scripts/upgrade index 8d79865..984b507 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -8,6 +8,9 @@ source _common.sh source /usr/share/yunohost/helpers +# Overload the helper ynh_handle_getopts_args to have fixes from unstable. +# Needed for ynh_add_fail2ban_config +source _getopts_fix.sh #================================================= # LOAD SETTINGS @@ -171,6 +174,7 @@ if [[ "$path_url" == "/" ]] then # ynh panel is only comptable with non-root installation ynh_replace_string " include conf.d/" " #include conf.d/" "$finalnginxconf" +ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: ,.*$" --max_retry=5 ynh_store_file_checksum "$finalnginxconf" else @@ -200,7 +204,6 @@ ynh_store_file_checksum "$config_php" # RELOAD NGINX #================================================= -ynh_add_fail2ban_config "/var/log/nginx/$domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: ,.*$" 5 systemctl reload nginx #================================================= From e581138cbb3607aa540fd0182a2e1c7a7cf1af68 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 15 Feb 2019 19:56:29 +0100 Subject: [PATCH 09/14] Restore ynh_panel What's the fuck !? "only comptable with non-root installation" ??? Why that !? --- scripts/install | 11 ----------- scripts/upgrade | 9 --------- 2 files changed, 20 deletions(-) diff --git a/scripts/install b/scripts/install index 295f144..3c732ef 100644 --- a/scripts/install +++ b/scripts/install @@ -146,17 +146,6 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex # SETUP SSOWAT #================================================= -if [[ "$path_url" == "/" ]] -then - # ynh panel is only comptable with non-root installation - ynh_replace_string " include conf.d/" " #include conf.d/" "$finalnginxconf" - - ynh_store_file_checksum "$finalnginxconf" -else - ynh_replace_string "^#sub_path_only" "" "$finalnginxconf" - ynh_store_file_checksum "$finalnginxconf" -fi - # Make app public or private if [ $is_public -eq 1 ] then diff --git a/scripts/upgrade b/scripts/upgrade index 984b507..f8be406 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -170,17 +170,8 @@ chmod -R 700 $final_path/sessions # SETUP FAIL2BAN #================================================= -if [[ "$path_url" == "/" ]] -then - # ynh panel is only comptable with non-root installation - ynh_replace_string " include conf.d/" " #include conf.d/" "$finalnginxconf" ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: ,.*$" --max_retry=5 - ynh_store_file_checksum "$finalnginxconf" -else - ynh_replace_string "^#sub_path_only" "" "$finalnginxconf" - ynh_store_file_checksum "$finalnginxconf" -fi #================================================= # SETUP SSOWAT #================================================= From 4f2ec313ce18f5fc7b9421ff7efd03f910fa2f6b Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 15 Feb 2019 19:57:17 +0100 Subject: [PATCH 10/14] Remove useless copy of final_path during upgrade --- scripts/upgrade | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index f8be406..3205fbd 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -75,24 +75,12 @@ path_url=$(ynh_normalize_url_path $path_url) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= - -# Move old app dir -mv "$final_path" "$final_path.old" +ynh_print_info "Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" -mkdir -p "$final_path"/sessions -# restore data -cp -a "$final_path.old/data" "$final_path" - -# restore plugins -if [ -e "$final_path.old/plugins" ] -then - cp -a "$final_path.old/plugins" "$final_path" -fi -# delete temp directory -ynh_secure_remove "$final_path.old" +mkdir -p $final_path/sessions/ #================================================= # NGINX CONFIGURATION From 271b517fbe894dc837ceb4e8fd40683aeeb893e6 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 15 Feb 2019 20:09:06 +0100 Subject: [PATCH 11/14] Update README --- README.md | 88 ++++++++++++++++++++++++++----------------------------- 1 file changed, 41 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index 9f95fcc..fec1b82 100644 --- a/README.md +++ b/README.md @@ -1,68 +1,62 @@ -Kanboard for Yunohost -===================== +# Kanboard for Yunohost +[![Integration level](https://dash.yunohost.org/integration/kanboard.svg)](https://dash.yunohost.org/appci/app/kanboard) +[![Install Kanboard with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=kanboard) + +> *This package allow you to install Kanboard quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* + +## Overview Kanboard is a simple visual task board web application. -Official website: -Requirements ------------- +**Shipped version:** 1.2.8 -Functionnal instance of [Yunohost](https://yunohost.org/#/) +## Screenshots -Installation ------------- +![](https://kanboard.org/assets/img/board.png) -From yunohost admin panel: +## Demo -1. Use yunohost admin panel and enter the repository url -![2015-02-19 16_58_52-yunohost admin](https://cloud.githubusercontent.com/assets/6364564/6270409/1597e646-b85a-11e4-97af-b3b5b2a6b286.png) -2. Configure the app -![2015-02-19 16_59_28-yunohost admin](https://cloud.githubusercontent.com/assets/6364564/6270411/19f9a54e-b85a-11e4-83da-eb813c0457f7.png) -3. Click install +* [YunoHost demo](https://demo.yunohost.org/dokuwiki/) -From command line: +## Configuration -`sudo yunohost app install -l kanboard https://github.com/YunoHost-Apps/kanboard_ynh` +## Documentation + * Official documentation: https://docs.kanboard.org/en/latest/ + * YunoHost documentation: If specific documentation is needed, feel free to contribute. -Upgrade -------- -From command line: +## YunoHost specific features -`sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/kanboard_ynh kanboard` +#### Multi-users support -Infos ------ -Kanboard v1.2.8 +#### Supported architectures -Yunohost forum thread: +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/kanboard%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/kanboard/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/kanboard%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/kanboard/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/kanboard%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/kanboard/) -Kanboard and SSOwat -------------------- -Kanboard use SSOwat for user authentification (it means it use the user that the web server (nginx) sent him throught SSOwat), but can't list all user of the system. -If you wish to add a user, just log in with that user into Kanboard so the software knows him and displays it. +## Limitations -Developer infos +## Additional information + +## Links + + * Report a bug: https://github.com/YunoHost-Apps/kanboard_ynh/issues + * Kanboard website: http://kanboard.ne + * YunoHost website: https://yunohost.org/ + +--- + +Developers info ---------------- -Please do your pull request to the dev branch. - -Update package version in `scripts/_common.sh` - -Then do a manual diff between `conf/config.php` and `config.default.php` [from upstream Kanboard project](https://github.com/kanboard/kanboard/blob/master/config.default.php) to see if there are new config options - -Update readme with the new version - -Test it - -Test or upgrade to dev version: +**Only if you want to use a testing branch for coding, instead of merging directly into master.** +Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing). +To try the testing branch, please proceed like that. ``` -su - admin -git clone -b dev https://github.com/YunoHost-Apps/kanboard_ynh -# to install -sudo yunohost app install -l Kanboard /home/admin/kanboard_ynh -# to upgrade -sudo yunohost app upgrade -f /home/admin/kanboard_ynh kanboard - +sudo yunohost app install https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing --debug +or +sudo yunohost app upgrade kanboard -u https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing --debug ``` From 2109226b18333c9d3ed044978e14044f602a88de Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 17 Feb 2019 20:55:37 +0100 Subject: [PATCH 12/14] Add progression with ynh_print_info --- conf/app.src | 2 +- manifest.json | 2 +- scripts/backup | 11 +++++++++++ scripts/install | 15 +++++++++++++++ scripts/remove | 13 +++++++++++++ scripts/restore | 12 ++++++++++++ scripts/upgrade | 14 ++++++++++++++ 7 files changed, 67 insertions(+), 2 deletions(-) diff --git a/conf/app.src b/conf/app.src index 474e2e6..38883fd 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.8.tar.gz -SOURCE_SUM=04c1d863918383f53cf98f7a3e989728eecbb90d0ae0d5ebaf0c8a1151b3f771 +SOURCE_SUM=70fe5c2202f3ee98687ef6d898a88676dd1ce47b8234950901a9ac2b3d31a328 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index f10c64c..5fe81bb 100644 --- a/manifest.json +++ b/manifest.json @@ -5,7 +5,7 @@ "description": { "en": "Kanboard is a simple visual task board web application" }, - "version": "1.2.8~ynh1", + "version": "1.2.8~ynh2", "url": "https://kanboard.net/", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/backup b/scripts/backup index 7c587ab..a66a284 100644 --- a/scripts/backup +++ b/scripts/backup @@ -19,6 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -31,24 +32,28 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # BACKUP THE APP MAIN DIR #================================================= +ynh_print_info "Backing up the main app directory..." ynh_backup "$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= +ynh_print_info "Backing up nginx web server configuration..." ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Backing up php-fpm configuration..." ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= +ynh_print_info "Backing up fail2ban configuration..." ynh_backup "/etc/fail2ban/jail.d/$app.conf" ynh_backup "/etc/fail2ban/filter.d/$app.conf" @@ -56,6 +61,12 @@ ynh_backup "/etc/fail2ban/filter.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE #================================================= +ynh_print_info "Backing up the MySQL database..." ynh_mysql_dump_db "$db_name" > db.sql +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/install b/scripts/install index 3c732ef..a0de8a5 100644 --- a/scripts/install +++ b/scripts/install @@ -33,6 +33,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_print_info "Validating installation parameters..." # Check destination directory final_path=/var/www/$app @@ -47,6 +48,7 @@ ynh_webpath_register "$app" "$domain" "$path_url" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Storing installation settings..." ynh_app_setting_set $app domain $domain ynh_app_setting_set $app final_path $final_path @@ -58,12 +60,14 @@ ynh_app_setting_set $app is_public $is_public #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_print_info "Installing dependencies..." ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE A MYSQL DATABASE #================================================ +ynh_print_info "Creating a MySQL database..." db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name @@ -72,6 +76,7 @@ ynh_mysql_setup_db $db_name $db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_print_info "Setting up source files..." ynh_app_setting_set $app final_path $final_path # Download, check integrity, uncompress and patch the source from app.src @@ -82,6 +87,7 @@ mkdir -p $final_path/sessions/ #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Configuring nginx web server..." # Create a dedicated nginx config ynh_add_nginx_config @@ -89,6 +95,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Configuring system user..." # Create a system user ynh_system_user_create $app @@ -96,6 +103,7 @@ ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Configuring php-fpm..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -105,6 +113,7 @@ ynh_add_fpm_config #================================================= # CREATE CONFIG.PHP #================================================= +ynh_print_info "Configuring kanboard..." # Retrieve admin email email=$(ynh_user_get_info $admin mail) @@ -122,6 +131,7 @@ ynh_replace_string "__DOMAIN__" $domain "$config_php" #================================================= # DATABASE INITIALIZATION #================================================= +ynh_print_info "Initializing database..." ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "${final_path}/app/Schema/Sql/mysql.sql" @@ -139,12 +149,14 @@ chmod -R 700 $final_path/sessions #================================================= # SETUP FAIL2BAN #================================================= +ynh_print_info "Configuring fail2ban..." ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: ,.*$" --max_retry=5 #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Configuring SSOwat..." # Make app public or private if [ $is_public -eq 1 ] @@ -164,9 +176,12 @@ ynh_store_file_checksum "$config_php" #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx #================================================= +# END OF SCRIPT #================================================= +ynh_print_info "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index b5df36f..ed0ba16 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,6 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -25,6 +26,7 @@ final_path=$(ynh_app_setting_get $app final_path) #================================================= # REMOVE DEPENDENCIES #================================================= +ynh_print_info "Removing dependencies" # Remove metapackage and its dependencies ynh_remove_app_dependencies @@ -32,6 +34,7 @@ ynh_remove_app_dependencies #================================================= # REMOVE THE MYSQL DATABASE #================================================= +ynh_print_info "Removing the MySQL database" # Remove a database if it exists, along with the associated user ynh_mysql_remove_db $db_name $db_name @@ -39,6 +42,7 @@ ynh_mysql_remove_db $db_name $db_name #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_print_info "Removing app main directory" # Remove the app directory securely ynh_secure_remove "$final_path" @@ -46,6 +50,7 @@ ynh_secure_remove "$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_print_info "Removing nginx web server configuration" # Remove the dedicated nginx config ynh_remove_nginx_config @@ -53,6 +58,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Removing php-fpm configuration" # Remove the dedicated php-fpm config ynh_remove_fpm_config @@ -62,13 +68,20 @@ ynh_remove_fpm_config #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= +ynh_print_info "Removing fail2ban configuration" ynh_remove_fail2ban_config #================================================= # REMOVE DEDICATED USER #================================================= +ynh_print_info "Removing the dedicated system user" # Delete a system user ynh_system_user_delete $app +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index 8fdb537..c4b1f73 100644 --- a/scripts/restore +++ b/scripts/restore @@ -19,6 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading settings..." app=$YNH_APP_INSTANCE_NAME @@ -30,6 +31,7 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_print_info "Validating restoration parameters..." ynh_webpath_available $domain $path_url \ || ynh_die "Path not available: ${domain}${path_url}" @@ -47,12 +49,14 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= +ynh_print_info "Restoring the app main directory..." ynh_restore_file "$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= +ynh_print_info "Recreating the dedicated system user..." # Create the dedicated user (if not existing) ynh_system_user_create $app @@ -75,12 +79,14 @@ ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # REINSTALL DEPENDENCIES #================================================= +ynh_print_info "Reinstalling dependencies..." ynh_install_app_dependencies $pkg_dependencies #================================================= # RESTORE THE MYSQL DATABASE #================================================= +ynh_print_info "Restoring the MySQL database..." db_pwd=$(ynh_app_setting_get $app mysqlpwd) ynh_mysql_setup_db $db_name $db_name $db_pwd @@ -99,7 +105,13 @@ systemctl restart fail2ban #================================================= # RELOAD NGINX AND PHP-FPM #================================================= +ynh_print_info "Reloading nginx web server and php-fpm..." systemctl reload php7.0-fpm systemctl reload nginx +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index 3205fbd..3ffd9a5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -15,6 +15,7 @@ source _getopts_fix.sh #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -28,6 +29,7 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= +ynh_print_info "Ensuring downward compatibility..." # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then @@ -53,6 +55,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= +ynh_print_info "Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -85,6 +88,7 @@ mkdir -p $final_path/sessions/ #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config @@ -92,6 +96,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create $app @@ -99,6 +104,7 @@ ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Upgrading php-fpm configuration..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -106,6 +112,7 @@ ynh_add_fpm_config #================================================= # UPGRADE DEPENDENCIES #================================================= +ynh_print_info "Upgrading dependencies..." ynh_install_app_dependencies $pkg_dependencies @@ -114,6 +121,7 @@ ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE CONFIG.PHP #================================================= +ynh_print_info "Reconfiguring kanboard..." # Retrieve admin email email=$(ynh_user_get_info $admin mail) @@ -134,6 +142,7 @@ ynh_replace_string "__DOMAIN__" $domain "$config_php" #================================================= # UPGRADE KANBOARD #================================================= +ynh_print_info "Upgrading kanboard..." ( cd "$final_path" @@ -157,12 +166,14 @@ chmod -R 700 $final_path/sessions #================================================= # SETUP FAIL2BAN #================================================= +ynh_print_info "Upgrading fail2ban configuration..." ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: ,.*$" --max_retry=5 #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Upgrading SSOwat configuration..." # Make app public or private if [ $is_public -eq 1 ] @@ -182,9 +193,12 @@ ynh_store_file_checksum "$config_php" #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx #================================================= +# END OF SCRIPT #================================================= +ynh_print_info "Upgrade of $app completed" From 17b655075fc9d4bfac3fac879b676782731e4082 Mon Sep 17 00:00:00 2001 From: anmol Date: Fri, 22 Feb 2019 01:39:45 +0530 Subject: [PATCH 13/14] Fixed checksum for version 1.2.8 --- conf/app.src | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/app.src b/conf/app.src index 0d09959..5a1c81c 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,4 +1,4 @@ SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.8.tar.gz -SOURCE_SUM=04c1d863918383f53cf98f7a3e989728eecbb90d0ae0d5ebaf0c8a1151b3f771 +SOURCE_SUM=70fe5c2202f3ee98687ef6d898a88676dd1ce47b8234950901a9ac2b3d31a328 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz From 35b9d4f2b77c2f943df9c811b3008c321881cd6c Mon Sep 17 00:00:00 2001 From: Kayou Date: Wed, 6 Mar 2019 10:03:31 +0100 Subject: [PATCH 14/14] Bump requirements --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 5fe81bb..ff5072f 100644 --- a/manifest.json +++ b/manifest.json @@ -13,7 +13,7 @@ "email": "apps@yunohost.org" }, "requirements": { - "yunohost": ">= 3.0" + "yunohost": ">= 3.2.0" }, "previous_maintainers": [{ "name": "mbugeia",