YunoHost-Apps/kanboard_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/kanboard_ynh.git synced 2024-09-03 19:36:17 +02:00
Code Issues Activity Actions

Merge pull request #77 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
JimboJoe 2019-03-22 19:33:36 +01:00 committed by GitHub
commit 1000cbf444
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 1119 additions and 327 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

92
README.md
View file

@ -1,49 +1,47 @@
Kanboard for Yunohost
=====================
# Kanboard for Yunohost
[![Integration level](https://dash.yunohost.org/integration/kanboard.svg)](https://dash.yunohost.org/appci/app/kanboard)
[![Install Kanboard with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=kanboard)
> *This package allow you to install Kanboard quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
## Overview
Kanboard is a simple visual task board web application.
Official website: <http://kanboard.net>
Requirements
------------
**Shipped version:** 1.2.8
Functionnal instance of [Yunohost](https://yunohost.org/#/)
## Screenshots
Installation
------------
![](https://kanboard.org/assets/img/board.png)
From yunohost admin panel:
## Demo
1. Use yunohost admin panel and enter the repository url
![2015-02-19 16_58_52-yunohost admin](https://cloud.githubusercontent.com/assets/6364564/6270409/1597e646-b85a-11e4-97af-b3b5b2a6b286.png)
2. Configure the app
![2015-02-19 16_59_28-yunohost admin](https://cloud.githubusercontent.com/assets/6364564/6270411/19f9a54e-b85a-11e4-83da-eb813c0457f7.png)
3. Click install
* [YunoHost demo](https://demo.yunohost.org/dokuwiki/)
From command line:
## Configuration
`sudo yunohost app install -l kanboard https://github.com/YunoHost-Apps/kanboard_ynh`
## Documentation
* Official documentation: https://docs.kanboard.org/en/latest/
* YunoHost documentation: If specific documentation is needed, feel free to contribute.
Upgrade
-------
From command line:
## YunoHost specific features
`sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/kanboard_ynh kanboard`
#### Multi-users support
Infos
-----
Kanboard v1.2.0
#### Supported architectures
Yunohost forum thread: <https://forum.yunohost.org/t/kanboard-package/78>
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/kanboard%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/kanboard/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/kanboard%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/kanboard/)
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/kanboard%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/kanboard/)
Kanboard and SSOwat
-------------------
Kanboard use SSOwat for user authentification (it means it use the user that the web server (nginx) sent him throught SSOwat), but can't list all user of the system.
If you wish to add a user, just log in with that user into Kanboard so the software knows him and displays it.
## Limitations
## Additional information
### How to connect as external (non-SSOwat) users
How to connect as external (non-SSOwat) users
-------------------
You have to edit this file `/var/www/kanboard/config.php`, find the line `define('REVERSE_PROXY_AUTH', true);` and change it from `true` to `false`.
**Warning** this disables the possibility to connect with SSOwat users. You will *only* be able to connect with Kanboard users created inside of Kanboard.
Then you can connect.
@ -52,27 +50,23 @@ Then you can connect.
This is due to a Kanboard limitation.
Developer infos
## Links
* Report a bug: https://github.com/YunoHost-Apps/kanboard_ynh/issues
* Kanboard website: http://kanboard.ne
* YunoHost website: https://yunohost.org/
---
Developers info
----------------
Please do your pull request to the dev branch.
Update package version in `scripts/_common.sh`
Then do a manual diff between `conf/config.php` and `config.default.php` [from upstream Kanboard project](https://github.com/kanboard/kanboard/blob/master/config.default.php) to see if there are new config options
Update readme with the new version
Test it
Test or upgrade to dev version:
**Only if you want to use a testing branch for coding, instead of merging directly into master.**
Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
su - admin
git clone -b dev https://github.com/YunoHost-Apps/kanboard_ynh
# to install
sudo yunohost app install -l Kanboard /home/admin/kanboard_ynh
# to upgrade
sudo yunohost app upgrade -f /home/admin/kanboard_ynh kanboard
sudo yunohost app install https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing --debug
or
sudo yunohost app upgrade kanboard -u https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing --debug
```

7
check_process
View file

@ -1,5 +1,4 @@
;; Test complet
auto_remove=1
; Manifest
domain="domain.tld" (DOMAIN)
path="/path" (PATH)
@ -16,13 +15,9 @@
upgrade=1 from_commit=f159f7a9bdbe470ec026edf09a6eebf10f23425e
backup_restore=1
multi_instance=1
wrong_user=1
wrong_path=1
incorrect_path=1
corrupt_source=0
fail_download_source=0
port_already_use=0
final_path_already_use=0
change_url=0
;;; Levels
Level 1=auto
Level 2=auto

6
conf/app.src
View file

@ -1,4 +1,6 @@
SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.3.tar.gz
SOURCE_SUM=e0b013df560bf5f60a6f43bf5499e90ca6e793808e5e0fb48e86ef31a234d062
SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.8.tar.gz
SOURCE_SUM=70fe5c2202f3ee98687ef6d898a88676dd1ce47b8234950901a9ac2b3d31a328
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

12
conf/config.php
View file

@ -34,7 +34,7 @@ define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files');
define('MAIL_CONFIGURATION', true);
// E-mail address for the "From" header (notifications)
define('MAIL_FROM', 'yuno_email');
define('MAIL_FROM', '__EMAIL__');
// Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
define('MAIL_TRANSPORT', 'mail');
@ -58,16 +58,16 @@ define('DB_RUN_MIGRATIONS', false);
define('DB_DRIVER', 'mysql');
// Mysql/Postgres username
define('DB_USERNAME', 'yuno_dbuser');
define('DB_USERNAME', '__DB_NAME__');
// Mysql/Postgres password
define('DB_PASSWORD', 'yuno_dbpdw');
define('DB_PASSWORD', '__DB_PWD__');
// Mysql/Postgres hostname
define('DB_HOSTNAME', 'localhost');
// Mysql/Postgres database name
define('DB_NAME', 'yuno_dbuser');
define('DB_NAME', '__DB_NAME__');
// Mysql/Postgres custom port (null = default port)
define('DB_PORT', null);
@ -180,10 +180,10 @@ define('REVERSE_PROXY_AUTH', true);
define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER');
// Username of the admin, by default blank
define('REVERSE_PROXY_DEFAULT_ADMIN', 'yuno_admin');
define('REVERSE_PROXY_DEFAULT_ADMIN', '__USER__');
// Default domain to use for setting the email address
define('REVERSE_PROXY_DEFAULT_DOMAIN', 'yuno_domain');
define('REVERSE_PROXY_DEFAULT_DOMAIN', '__DOMAIN__');
// Enable/disable remember me authentication
define('REMEMBER_ME_AUTH', false);

7
conf/nginx.conf
View file

@ -1,9 +1,14 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
# Path to source
alias __FINALPATH__/;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
index index.php;
client_max_body_size 50M;
try_files $uri $uri/ /index.php?$args;
@ -13,7 +18,7 @@ location __PATH__/ {
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;

415
conf/php-fpm.conf
View file

@ -1,70 +1,433 @@
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[__NAMETOCHANGE__]
; The address on which to accept FastCGI requests.
listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
; Set permissions for unix socket, if one is used.
listen.owner = www-data
listen.group = www-data
listen.mode = 0600
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes.
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = __USER__
group = __USER__
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; or group is differrent than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes to be created when pm is set to 'dynamic'.
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 6
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 3
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 3
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 5
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
pm.max_requests = 500
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page.
pm.status_path = /fpm-status
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/share/php/7.0/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page.
ping.path = /ping
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; The timeout for serving a single request after which the worker process will
; be killed.
request_terminate_timeout = 1d
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
request_slowlog_timeout = 5s
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The log file for slow requests.
slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_terminate_timeout = 1d
; Set open file descriptor rlimit.
rlimit_files = 4096
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
rlimit_core = 0
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
chdir = __FINALPATH__
; Redirect worker stdout and stderr into main error log.
catch_workers_output = yes
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Do not clear environment in FPM workers.
clear_env = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Additional php.ini defines, specific to this pool of workers.
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
; Common values to change to increase file upload limit
; php_admin_value[upload_max_filesize] = 50M
; php_admin_value[post_max_size] = 50M
; php_admin_flag[mail.add_x_header] = Off
; Other common parameters
; php_admin_value[max_execution_time] = 600
; php_admin_value[max_input_time] = 300
; php_admin_value[memory_limit] = 256M
; php_admin_flag[short_open_tag] = On
php_value[upload_max_filesize] = 10G
php_value[post_max_size] = 10G
php_value[default_charset] = UTF-8

30
manifest.json
View file

@ -5,60 +5,64 @@
"description": {
"en": "Kanboard is a simple visual task board web application"
},
"version": "1.2.3~ynh1",
"version": "1.2.8~ynh2",
"url": "https://kanboard.net/",
"license": "AGPL-3.0",
"requirements": {
"yunohost": ">= 2.7.0"
},
"maintainer": {
"name": "jibec",
"email": "jean-baptiste@holcroft.fr"
"name": "YunoHost Contributors",
"email": "apps@yunohost.org"
},
"requirements": {
"yunohost": ">= 3.2.0"
},
"previous_maintainers": [{
"name": "mbugeia",
"email": "maxime@max.privy.place"
},
{
"name": "jibec",
"email": "jean-baptiste@holcroft.fr"
}],
"multi_instance": true,
"services": [
"nginx",
"php5-fpm",
"php7.0-fpm",
"mysql"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain",
"ask": {
"en": "Choose a domain for Kanboard"
},
"example": "domain.org",
"type": "domain"
"example": "domain.org"
},
{
"name": "path",
"type": "path",
"ask": {
"en": "Choose a path for Kanboard"
},
"type": "path",
"example": "/kanboard",
"default": "/kanboard"
},
{
"name": "admin",
"type": "user",
"ask": {
"en": "Choose the admin user for Kanboard"
},
"type": "user",
"example": "johndoe"
},
{
"name": "is_public",
"type": "boolean",
"ask": {
"en": "Is it a public site ?"
},
"type": "boolean",
"default": "0"
"default": false
}
]
}

159
scripts/_common.sh
View file

@ -1,10 +1,157 @@
#!/bin/bash
#
# Common variables
#
if [ "$(lsb_release --codename --short)" == "jessie" ]; then
pkg_dependencies="php5-gd"
else
#=================================================
# COMMON VARIABLES
#=================================================
pkg_dependencies="php-gd php-zip php-dom php-mbstring"
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================
# Create a dedicated fail2ban config (jail and filter conf files)
#
# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
# | arg: -l, --logpath= - Log file to be checked by fail2ban
# | arg: -r, --failregex= - Failregex to be looked for by fail2ban
# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https
#
# -----------------------------------------------------------------------------
#
# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
# | arg: -t, --use_template - Use this helper in template mode
# | arg: -v, --others_var= - List of others variables to replace separeted by a space
# | for example : 'var_1 var_2 ...'
#
# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
# __APP__ by $app
#
# You can dynamically replace others variables by example :
# __VAR_1__ by $var_1
# __VAR_2__ by $var_2
#
# Generally your template will look like that by example (for synapse):
#
# f2b_jail.conf:
# [__APP__]
# enabled = true
# port = http,https
# filter = __APP__
# logpath = /var/log/__APP__/logfile.log
# maxretry = 3
#
# f2b_filter.conf:
# [INCLUDES]
# before = common.conf
# [Definition]
#
# # Part of regex definition (just used to make more easy to make the global regex)
# __synapse_start_line = .? \- synapse\..+ \-
#
# # Regex definition.
# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
#
# ignoreregex =
#
# -----------------------------------------------------------------------------
#
# Note about the "failregex" option:
# regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
#
# You can find some more explainations about how to make a regex here :
# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
#
# Note that the logfile need to exist before to call this helper !!
#
# To validate your regex you can test with this command:
# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
#
ynh_add_fail2ban_config () {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
local logpath
local failregex
local max_retry
local ports
local others_var
local use_template
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
use_template="${use_template:-0}"
max_retry=${max_retry:-3}
ports=${ports:-http,https}
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
if [ $use_template -eq 1 ]
then
# Usage 2, templates
cp ../conf/f2b_jail.conf $finalfail2banjailconf
cp ../conf/f2b_filter.conf $finalfail2banfilterconf
if [ -n "${app:-}" ]
then
ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
fi
# Replace all other variable given as arguments
for var_to_replace in ${others_var:-}; do
# ${var_to_replace^^} make the content of the variable on upper-cases
# ${!var_to_replace} get the content of the variable named $var_to_replace
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
done
else
# Usage 1, no template. Build a config file from scratch.
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
tee $finalfail2banjailconf <<EOF
[$app]
enabled = true
port = $ports
filter = $app
logpath = $logpath
maxretry = $max_retry
EOF
tee $finalfail2banfilterconf <<EOF
[INCLUDES]
before = common.conf
[Definition]
failregex = $failregex
ignoreregex =
EOF
fi
# Common to usage 1 and 2.
ynh_store_file_checksum "$finalfail2banjailconf"
ynh_store_file_checksum "$finalfail2banfilterconf"
systemctl try-reload-or-restart fail2ban
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
if [[ -n "$fail2ban_error" ]]; then
ynh_print_err "Fail2ban failed to load the jail for $app"
ynh_print_warn "${fail2ban_error#*WARNING}"
fi
}
# Remove the dedicated fail2ban config (jail and filter conf files)
#
# usage: ynh_remove_fail2ban_config
ynh_remove_fail2ban_config () {
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
systemctl try-reload-or-restart fail2ban
}

213
scripts/_getopts_fix.sh Normal file
View file

@ -0,0 +1,213 @@
#!/bin/bash
#=================================================
# FIX OF YNH_HANDLE_GETOPTS_ARGS FROM UNSTABLE
#=================================================
# Internal helper design to allow helpers to use getopts to manage their arguments
#
# [internal]
#
# example: function my_helper()
# {
# declare -Ar args_array=( [a]=arg1= [b]=arg2= [c]=arg3 )
# local arg1
# local arg2
# local arg3
# ynh_handle_getopts_args "$@"
#
# [...]
# }
# my_helper --arg1 "val1" -b val2 -c
#
# usage: ynh_handle_getopts_args "$@"
# | arg: $@ - Simply "$@" to tranfert all the positionnal arguments to the function
#
# This helper need an array, named "args_array" with all the arguments used by the helper
# that want to use ynh_handle_getopts_args
# Be carreful, this array has to be an associative array, as the following example:
# declare -Ar args_array=( [a]=arg1 [b]=arg2= [c]=arg3 )
# Let's explain this array:
# a, b and c are short options, -a, -b and -c
# arg1, arg2 and arg3 are the long options associated to the previous short ones. --arg1, --arg2 and --arg3
# For each option, a short and long version has to be defined.
# Let's see something more significant
# declare -Ar args_array=( [u]=user [f]=finalpath= [d]=database )
#
# NB: Because we're using 'declare' without -g, the array will be declared as a local variable.
#
# Please keep in mind that the long option will be used as a variable to store the values for this option.
# For the previous example, that means that $finalpath will be fill with the value given as argument for this option.
#
# Also, in the previous example, finalpath has a '=' at the end. That means this option need a value.
# So, the helper has to be call with --finalpath /final/path, --finalpath=/final/path or -f /final/path, the variable $finalpath will get the value /final/path
# If there's many values for an option, -f /final /path, the value will be separated by a ';' $finalpath=/final;/path
# For an option without value, like --user in the example, the helper can be called only with --user or -u. $user will then get the value 1.
#
# To keep a retrocompatibility, a package can still call a helper, using getopts, with positional arguments.
# The "legacy mode" will manage the positional arguments and fill the variable in the same order than they are given in $args_array.
# e.g. for `my_helper "val1" val2`, arg1 will be filled with val1, and arg2 with val2.
ynh_handle_getopts_args () {
# Manage arguments only if there's some provided
set +x
if [ $# -ne 0 ]
then
# Store arguments in an array to keep each argument separated
local arguments=("$@")
# For each option in the array, reduce to short options for getopts (e.g. for [u]=user, --user will be -u)
# And built parameters string for getopts
# ${!args_array[@]} is the list of all option_flags in the array (An option_flag is 'u' in [u]=user, user is a value)
local getopts_parameters=""
local option_flag=""
for option_flag in "${!args_array[@]}"
do
# Concatenate each option_flags of the array to build the string of arguments for getopts
# Will looks like 'abcd' for -a -b -c -d
# If the value of an option_flag finish by =, it's an option with additionnal values. (e.g. --user bob or -u bob)
# Check the last character of the value associate to the option_flag
if [ "${args_array[$option_flag]: -1}" = "=" ]
then
# For an option with additionnal values, add a ':' after the letter for getopts.
getopts_parameters="${getopts_parameters}${option_flag}:"
else
getopts_parameters="${getopts_parameters}${option_flag}"
fi
# Check each argument given to the function
local arg=""
# ${#arguments[@]} is the size of the array
for arg in `seq 0 $(( ${#arguments[@]} - 1 ))`
do
# And replace long option (value of the option_flag) by the short option, the option_flag itself
# (e.g. for [u]=user, --user will be -u)
# Replace long option with =
arguments[arg]="${arguments[arg]//--${args_array[$option_flag]}/-${option_flag} }"
# And long option without =
arguments[arg]="${arguments[arg]//--${args_array[$option_flag]%=}/-${option_flag}}"
done
done
# Read and parse all the arguments
# Use a function here, to use standart arguments $@ and be able to use shift.
parse_arg () {
# Read all arguments, until no arguments are left
while [ $# -ne 0 ]
do
# Initialize the index of getopts
OPTIND=1
# Parse with getopts only if the argument begin by -, that means the argument is an option
# getopts will fill $parameter with the letter of the option it has read.
local parameter=""
getopts ":$getopts_parameters" parameter || true
if [ "$parameter" = "?" ]
then
ynh_die --message="Invalid argument: -${OPTARG:-}"
elif [ "$parameter" = ":" ]
then
ynh_die --message="-$OPTARG parameter requires an argument."
else
local shift_value=1
# Use the long option, corresponding to the short option read by getopts, as a variable
# (e.g. for [u]=user, 'user' will be used as a variable)
# Also, remove '=' at the end of the long option
# The variable name will be stored in 'option_var'
local option_var="${args_array[$parameter]%=}"
# If this option doesn't take values
# if there's a '=' at the end of the long option name, this option takes values
if [ "${args_array[$parameter]: -1}" != "=" ]
then
# 'eval ${option_var}' will use the content of 'option_var'
eval ${option_var}=1
else
# Read all other arguments to find multiple value for this option.
# Load args in a array
local all_args=("$@")
# If the first argument is longer than 2 characters,
# There's a value attached to the option, in the same array cell
if [ ${#all_args[0]} -gt 2 ]; then
# Remove the option and the space, so keep only the value itself.
all_args[0]="${all_args[0]#-${parameter} }"
# Reduce the value of shift, because the option has been removed manually
shift_value=$(( shift_value - 1 ))
fi
# Declare the content of option_var as a variable.
eval ${option_var}=""
# Then read the array value per value
local i
for i in `seq 0 $(( ${#all_args[@]} - 1 ))`
do
# If this argument is an option, end here.
if [ "${all_args[$i]:0:1}" == "-" ]
then
# Ignore the first value of the array, which is the option itself
if [ "$i" -ne 0 ]; then
break
fi
else
# Else, add this value to this option
# Each value will be separated by ';'
if [ -n "${!option_var}" ]
then
# If there's already another value for this option, add a ; before adding the new value
eval ${option_var}+="\;"
fi
# Escape double quote to prevent any interpretation during the eval
all_args[$i]="${all_args[$i]//\"/\\\"}"
eval ${option_var}+=\"${all_args[$i]}\"
shift_value=$(( shift_value + 1 ))
fi
done
fi
fi
# Shift the parameter and its argument(s)
shift $shift_value
done
}
# LEGACY MODE
# Check if there's getopts arguments
if [ "${arguments[0]:0:1}" != "-" ]
then
# If not, enter in legacy mode and manage the arguments as positionnal ones..
# Dot not echo, to prevent to go through a helper output. But print only in the log.
set -x; echo "! Helper used in legacy mode !" > /dev/null; set +x
local i
for i in `seq 0 $(( ${#arguments[@]} -1 ))`
do
# Try to use legacy_args as a list of option_flag of the array args_array
# Otherwise, fallback to getopts_parameters to get the option_flag. But an associative arrays isn't always sorted in the correct order...
# Remove all ':' in getopts_parameters
getopts_parameters=${legacy_args:-${getopts_parameters//:}}
# Get the option_flag from getopts_parameters, by using the option_flag according to the position of the argument.
option_flag=${getopts_parameters:$i:1}
if [ -z "$option_flag" ]; then
ynh_print_warn --message="Too many arguments ! \"${arguments[$i]}\" will be ignored."
continue
fi
# Use the long option, corresponding to the option_flag, as a variable
# (e.g. for [u]=user, 'user' will be used as a variable)
# Also, remove '=' at the end of the long option
# The variable name will be stored in 'option_var'
local option_var="${args_array[$option_flag]%=}"
# Escape double quote to prevent any interpretation during the eval
arguments[$i]="${arguments[$i]//\"/\\\"}"
# Store each value given as argument in the corresponding variable
# The values will be stored in the same order than $args_array
eval ${option_var}+=\"${arguments[$i]}\"
done
unset legacy_args
else
# END LEGACY MODE
# Call parse_arg and pass the modified list of args as an array of arguments.
parse_arg "${arguments[@]}"
fi
fi
set -x
}

42
scripts/backup
View file

@ -6,12 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Get the _common.sh file if it's not in the current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -24,39 +19,54 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
# Set app specific variables
dbname=$app
# Retrieve app settings
domain=$(ynh_app_setting_get "$app" domain)
final_path=$(ynh_app_setting_get "$app" final_path)
domain=$(ynh_app_setting_get $app domain)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_print_info "Backing up the main app directory..."
# Copy the app source files
ynh_backup "$final_path"
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_print_info "Backing up nginx web server configuration..."
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Backing up php-fpm configuration..."
ynh_backup "/etc/php5/fpm/pool.d/${app}.conf"
ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_print_info "Backing up fail2ban configuration..."
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_print_info "Backing up the MySQL database..."
ynh_mysql_dump_db "$dbname" > ./db.sql
ynh_mysql_dump_db "$db_name" > db.sql
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

116
scripts/install
View file

@ -8,6 +8,9 @@
source _common.sh
source /usr/share/yunohost/helpers
# Overload the helper ynh_handle_getopts_args to have fixes from unstable.
# Needed for ynh_add_fail2ban_config
source _getopts_fix.sh
#=================================================
# MANAGE SCRIPT FAILURE
@ -20,7 +23,6 @@ ynh_abort_if_errors
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
@ -31,104 +33,107 @@ app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_print_info "Validating installation parameters..."
# Check destination directory
final_path="/var/www/$app"
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path "$path_url")
# Check web path availability
ynh_webpath_available "$domain" "$path_url"
# Register (book) web path
ynh_webpath_register "$app" "$domain" "$path_url"
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_print_info "Storing installation settings..."
ynh_app_setting_set "$app" domain "$domain"
ynh_app_setting_set "$app" final_path "$final_path"
ynh_app_setting_set "$app" adminusername "$admin"
ynh_app_setting_set "$app" is_public "$is_public"
ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app adminusername $admin
ynh_app_setting_set $app is_public $is_public
#=================================================
# STANDARD MODIFICATIONS
#=================================================
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_print_info "Installing dependencies..."
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE A MYSQL DATABASE
#================================================
ynh_print_info "Creating a MySQL database..."
# Generate random password
dbpass=$(ynh_string_random)
dbname=$app
dbuser=$app
# Initialize database and store mysql password for upgrade
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
ynh_app_setting_set "$app" mysqlpwd "$dbpass"
db_name=$(ynh_sanitize_dbid $app)
ynh_app_setting_set $app db_name $db_name
ynh_mysql_setup_db $db_name $db_name
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_print_info "Setting up source files..."
ynh_app_setting_set $app final_path $final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
mkdir -p "$final_path"/sessions/
mkdir -p $final_path/sessions/
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info "Configuring nginx web server..."
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info "Configuring system user..."
# Create a system user
ynh_system_user_create "$app"
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Configuring php-fpm..."
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC SETUP
#=================================================
# Create config.php
# CREATE CONFIG.PHP
#=================================================
ynh_print_info "Configuring kanboard..."
# Retrieve admin email
email=$(ynh_user_get_info "$admin" mail)
email=$(ynh_user_get_info $admin mail)
# Copy and edit config.php
config_php="${final_path}/config.php"
cp ../conf/config.php "$config_php"
ynh_replace_string "yuno_dbpdw" "$dbpass" "$config_php"
ynh_replace_string "yuno_dbuser" "$dbuser" "$config_php"
ynh_replace_string "yuno_admin" "$admin" "$config_php"
ynh_replace_string "yuno_email" "$email" "$config_php"
ynh_replace_string "yuno_domain" "$domain" "$config_php"
ynh_replace_string "__DB_PWD__" "$db_pwd" "$config_php"
ynh_replace_string "__DB_NAME__" $db_name "$config_php"
ynh_replace_string "__USER__" $admin "$config_php"
ynh_replace_string "__EMAIL__" $email "$config_php"
ynh_replace_string "__DOMAIN__" $domain "$config_php"
#=================================================
# Database initialization
# DATABASE INITIALIZATION
#=================================================
ynh_print_info "Initializing database..."
# Init database
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < "${final_path}/app/Schema/Sql/mysql.sql"
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "${final_path}/app/Schema/Sql/mysql.sql"
#=================================================
# GENERIC FINALIZATION
@ -136,42 +141,47 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < "${final_path}/app/Schema/S
# SECURE FILES AND DIRECTORIES
#================================================
# Set permissions to kanboard and data directory
chown -R root:root "$final_path"
chown -R "$app" "$final_path"/{data,plugins,sessions}
chmod -R 700 "$final_path"/sessions
# Set permissions to app files
chown -R root: $final_path
chown -R $app $final_path/{data,plugins,sessions}
chmod -R 700 $final_path/sessions
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_print_info "Configuring fail2ban..."
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: <HOST>,.*$" --max_retry=5
#=================================================
# SETUP SSOWAT
#=================================================
if [[ "$path_url" == "/" ]]
then
# ynh panel is only comptable with non-root installation
ynh_replace_string " include conf.d/" " #include conf.d/" "$finalnginxconf"
ynh_store_file_checksum "$finalnginxconf"
else
ynh_replace_string "^#sub_path_only" "" "$finalnginxconf"
ynh_store_file_checksum "$finalnginxconf"
fi
ynh_print_info "Configuring SSOwat..."
# Make app public or private
if [[ "$is_public" -eq 1 ]];
if [ $is_public -eq 1 ]
then
ynh_app_setting_set "$app" unprotected_uris "/"
ynh_app_setting_set $app unprotected_uris "/"
ynh_replace_string "define('LDAP_AUTH'.*$" "define('LDAP_AUTH', true);" "$config_php"
ynh_replace_string "define('HIDE_LOGIN_FORM'.*$" "define('HIDE_LOGIN_FORM', false);" "$config_php"
ynh_replace_string "define('REMEMBER_ME_AUTH'.*$" "define('REMEMBER_ME_AUTH', true);" "$config_php"
ynh_replace_string "define('DISABLE_LOGOUT'.*$" "define('DISABLE_LOGOUT', false);" "$config_php"
else
ynh_app_setting_set "$app" unprotected_uris "/jsonrpc.php"
ynh_app_setting_set $app unprotected_uris "/jsonrpc.php"
fi
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum "$config_php"
#=================================================
# RELOAD NGINX & PHP5-FPM
# RELOAD NGINX
#=================================================
ynh_print_info "Reloading nginx web server..."
systemctl reload nginx
#=================================================
# END OF SCRIPT
#=================================================
# Reload services
service php5-fpm restart
service nginx reload
ynh_print_info "Installation of $app completed"

44
scripts/remove
View file

@ -12,18 +12,21 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get "$app" domain)
final_path=$(ynh_app_setting_get "$app" final_path)
dbname=$app
dbuser=$app
domain=$(ynh_app_setting_get $app domain)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
final_path=$(ynh_app_setting_get $app final_path)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_print_info "Removing dependencies"
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
@ -31,19 +34,23 @@ ynh_remove_app_dependencies
#=================================================
# REMOVE THE MYSQL DATABASE
#=================================================
ynh_print_info "Removing the MySQL database"
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db "$dbuser" "$dbname"
ynh_mysql_remove_db $db_name $db_name
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_print_info "Removing app main directory"
# Remove the app directory securely
ynh_secure_remove "$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_print_info "Removing nginx web server configuration"
# Remove the dedicated nginx config
ynh_remove_nginx_config
@ -51,5 +58,30 @@ ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Removing php-fpm configuration"
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_print_info "Removing fail2ban configuration"
ynh_remove_fail2ban_config
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_print_info "Removing the dedicated system user"
# Delete a system user
ynh_system_user_delete $app
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Removal of $app completed"

89
scripts/restore
View file

@ -6,12 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Get the _common.sh file if it's not in the current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -21,88 +16,102 @@ source /usr/share/yunohost/helpers
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading settings..."
app=$YNH_APP_INSTANCE_NAME
# Set app specific variables
dbname=$app
dbuser=$app
# Retrieve old app settings
domain=$(ynh_app_setting_get "$app" domain)
path_url=$(ynh_app_setting_get "$app" path)
dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
final_path=$(ynh_app_setting_get "$app" final_path)
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_print_info "Validating restoration parameters..."
ynh_webpath_available $domain $path_url \
|| ynh_die "Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf"
ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_print_info "Restoring the app main directory..."
# Restore the app files
ynh_restore_file "$final_path"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_mysql_setup_db "$dbuser" "$dbname" "$dbpass"
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info "Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create "$app"
ynh_system_user_create $app
#=================================================
# RESTORE USER RIGHTS
#=================================================
chown -R root:root "$final_path"
chown -R "$app" "$final_path"/{data,plugins,sessions}
chmod -R 700 "$final_path"/sessions
# Restore permissions to app files
chown -R $app $final_path/{data,plugins,sessions}
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_restore_file "/etc/php5/fpm/pool.d/${app}.conf"
ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_print_info "Reinstalling dependencies..."
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_print_info "Restoring the MySQL database..."
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
ynh_mysql_setup_db $db_name $db_name $db_pwd
ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
systemctl restart fail2ban
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_print_info "Reloading nginx web server and php-fpm..."
service php5-fpm restart
service nginx reload
systemctl reload php7.0-fpm
systemctl reload nginx
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Restoration completed for $app"

200
scripts/upgrade
View file

@ -8,60 +8,54 @@
source _common.sh
source /usr/share/yunohost/helpers
# Overload the helper ynh_handle_getopts_args to have fixes from unstable.
# Needed for ynh_add_fail2ban_config
source _getopts_fix.sh
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
admin=$(ynh_app_setting_get $app adminusername)
is_public=$(ynh_app_setting_get $app is_public)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_print_info "Ensuring downward compatibility..."
# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set $app is_public 1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set $app is_public 0
is_public=0
fi
# If db_name doesn't exist, create it
if [ -z $db_name ]; then
db_name=$(ynh_sanitize_dbid $app)
ynh_app_setting_set $app db_name $db_name
fi
# If final_path doesn't exist, create it
if [ -z $final_path ]; then
final_path=/var/www/$app
ynh_app_setting_set $app final_path $final_path
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
app=$YNH_APP_INSTANCE_NAME
# Set app specific variables
dbuser=$app
# Retrieve settings
domain=$(ynh_app_setting_get "$app" domain)
path_url=$(ynh_app_setting_get "$app" path)
admin=$(ynh_app_setting_get "$app" adminusername)
email=$(ynh_user_get_info "$admin" mail)
dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
is_public=$(ynh_app_setting_get "$app" is_public)
final_path=$(ynh_app_setting_get "$app" final_path)
if [[ -z "$is_public" ]]
then # Old version doesnt have is_public settings
is_public=0
ynh_app_setting_set "$app" is_public "$is_public"
fi
# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set "$app" is_public 1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set "$app" is_public 0
is_public=0
fi
# If final_path doesn't exist, create it
if [[ -z "$final_path" ]]
then
final_path="/var/www/$app"
ynh_app_setting_set "$app" final_path "$final_path"
fi
#=================================================
# CHECK THE PATH
#=================================================
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
ynh_print_info "Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
@ -72,32 +66,29 @@ ynh_clean_setup () {
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK THE PATH
#=================================================
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_print_info "Upgrading source files..."
# Move old app dir
mv "$final_path" "$final_path.old"
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
mkdir -p "$final_path"/sessions
# restore data
cp -a "$final_path.old/data" "$final_path"
# restore plugins
if [ -e "$final_path.old/plugins" ]
then
cp -a "$final_path.old/plugins" "$final_path"
fi
# delete temp directory
ynh_secure_remove "$final_path.old"
mkdir -p $final_path/sessions/
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info "Upgrading nginx web server configuration..."
# Create a dedicated nginx config
ynh_add_nginx_config
@ -105,46 +96,57 @@ ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info "Making sure dedicated system user exists..."
# Create a system user
ynh_system_user_create "$app"
# Create a dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Upgrading php-fpm configuration..."
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# INSTALL DEPENDENCIES
# UPGRADE DEPENDENCIES
#=================================================
ynh_print_info "Upgrading dependencies..."
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# SPECIFIC UPGRADE
#=================================================
# Create config.php
# CREATE CONFIG.PHP
#=================================================
ynh_print_info "Reconfiguring kanboard..."
# Retrieve admin email
email=$(ynh_user_get_info $admin mail)
# Copy and edit config.php
config_php="$final_path/config.php"
config_php="${final_path}/config.php"
ynh_backup_if_checksum_is_different "$config_php"
cp ../conf/config.php "$config_php"
ynh_replace_string "yuno_dbpdw" "$dbpass" "$config_php"
ynh_replace_string "yuno_dbuser" "$dbuser" "$config_php"
ynh_replace_string "yuno_admin" "$admin" "$config_php"
ynh_replace_string "yuno_email" "$email" "$config_php"
ynh_replace_string "yuno_domain" "$domain" "$config_php"
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
ynh_replace_string "__DB_PWD__" "$db_pwd" "$config_php"
ynh_replace_string "__DB_NAME__" $db_name "$config_php"
ynh_replace_string "__USER__" $admin "$config_php"
ynh_replace_string "__EMAIL__" $email "$config_php"
ynh_replace_string "__DOMAIN__" $domain "$config_php"
#=================================================
# Database initialization
# UPGRADE KANBOARD
#=================================================
ynh_print_info "Upgrading kanboard..."
(
cd "$final_path"
# Launch database migratio
# Launch database migration
php cli db:migrate --no-interaction --verbose
# Launch plugins migration
php cli plugin:upgrade --no-interaction --verbose
@ -156,41 +158,47 @@ ynh_replace_string "yuno_domain" "$domain" "$config_php"
# SECURE FILES AND DIRECTORIES
#=================================================
# Set permissions to kanboard and data directory
chown -R root:root "$final_path"
chown -R "$app" "$final_path"/{data,plugins,sessions}
chmod -R 700 "$final_path"/sessions
# Set permissions to app files
chown -R root: $final_path
chown -R $app $final_path/{data,plugins,sessions}
chmod -R 700 $final_path/sessions
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_print_info "Upgrading fail2ban configuration..."
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure\" while reading response header from upstream, client: <HOST>,.*$" --max_retry=5
#=================================================
# SETUP SSOWAT
#=================================================
if [[ "$path_url" == "/" ]]
then
# ynh panel is only comptable with non-root installation
ynh_replace_string " include conf.d/" " #include conf.d/" "$finalnginxconf"
ynh_store_file_checksum "$finalnginxconf"
else
ynh_replace_string "^#sub_path_only" "" "$finalnginxconf"
ynh_store_file_checksum "$finalnginxconf"
fi
ynh_print_info "Upgrading SSOwat configuration..."
# Make app public or private
if [[ "$is_public" -eq 1 ]];
if [ $is_public -eq 1 ]
then
ynh_app_setting_set "$app" unprotected_uris "/"
ynh_app_setting_set $app unprotected_uris "/"
ynh_replace_string "define('LDAP_AUTH'.*$" "define('LDAP_AUTH', true);" "$config_php"
ynh_replace_string "define('HIDE_LOGIN_FORM'.*$" "define('HIDE_LOGIN_FORM', false);" "$config_php"
ynh_replace_string "define('REMEMBER_ME_AUTH'.*$" "define('REMEMBER_ME_AUTH', true);" "$config_php"
ynh_replace_string "define('DISABLE_LOGOUT'.*$" "define('DISABLE_LOGOUT', false);" "$config_php"
else
ynh_app_setting_set "$app" unprotected_uris "/jsonrpc.php"
ynh_app_setting_set $app unprotected_uris "/jsonrpc.php"
fi
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum "$config_php"
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info "Reloading nginx web server..."
service php5-fpm restart
systemctl reload nginx
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Upgrade of $app completed"