diff --git a/issue_template.md b/.github/ISSUE_TEMPLATE.md similarity index 91% rename from issue_template.md rename to .github/ISSUE_TEMPLATE.md index 53d9f38..2729a6b 100644 --- a/issue_template.md +++ b/.github/ISSUE_TEMPLATE.md @@ -6,11 +6,11 @@ about: When creating a bug report, please use the following template to provide **How to post a meaningful bug report** 1. *Read this whole template first.* -2. *Make sure you are on the right place:* +2. *Determine if you are on the right place:* - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* - - *In doubt, ask here and we will figure it out together.* -3. *Delete these italic comments as you write over them below, and remove this guide.* + - *When in doubt, post here and we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* --- ### Describe the bug @@ -31,7 +31,7 @@ about: When creating a bug report, please use the following template to provide - *If you performed a command from the CLI, the command itself is enough. For example:* ```sh - sudo yunohost app install kanboard + sudo yunohost app install the_app ``` - *If you used the webadmin, please perform the equivalent command from the CLI first.* - *If the error occurs in your browser, explain what you did:* diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) diff --git a/README.md b/README.md index 18f48c4..a9d93e7 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,8 @@ + + # Kanboard for YunoHost [![Integration level](https://dash.yunohost.org/integration/kanboard.svg)](https://dash.yunohost.org/appci/app/kanboard) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.maintain.svg) @@ -5,40 +10,22 @@ *[Lire ce readme en français.](./README_fr.md)* -> *This package allow you to install Kanboard quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* +> *This package allows you to install Kanboard quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview -Kanboard is a visual task manager that makes it easy to manage small projects in a collaborative way. The tool is particularly suitable for people who use the Kanban method. Kanboard can be seen as a (Simplified) alternative to the proprietary Trello software. Kanboard is a minimalist software, it focuses only on the features that are really necessary. The user interface is simple and clear. The tool is designed to run on a small machine such as a Raspberry Pi or a Virtual Private Server (VPS). There are no external dependencies, drag and drop of tasks uses the new HTML5 APIs. -**Shipped version:** 1.2.18 +Kanban project management software + +**Shipped version:** 1.2.20~ynh1 + +**Demo:** https://demo.yunohost.org/kanboard/ ## Screenshots -![](https://kanboard.org/assets/img/board.png) +![](./doc/screenshots/board.png) -## Demo - -* [YunoHost demo](https://demo.yunohost.org/kanboard/) - -## Configuration - -## Documentation - - * Official documentation: https://docs.kanboard.org/en/latest/ - * YunoHost documentation: https://yunohost.org/#/app_kanboard - -## YunoHost specific features - -#### Multi-users support - - * Are LDAP and HTTP auth supported? **No** - * Can the app be used by multiple users? **Yes** - -#### Supported architectures - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/kanboard%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/kanboard/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/kanboard%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/kanboard/) +## Disclaimers / important information ## Limitations @@ -54,18 +41,18 @@ Then you can connect. This is due to a Kanboard limitation. -## Links +## Documentation and resources - * Report a bug: https://github.com/YunoHost-Apps/kanboard_ynh/issues - * Kanboard website: https://kanboard.org - * Upstream app repository: https://github.com/kanboard/kanboard - * YunoHost website: https://yunohost.org/ +* Official app website: https://kanboard.net +* Official user documentation: https://yunohost.org/#/app_kanboard +* Official admin documentation: https://docs.kanboard.org/en/latest/ +* Upstream app code repository: https://github.com/kanboard/kanboard +* YunoHost documentation for this app: https://yunohost.org/app_kanboard +* Report a bug: https://github.com/YunoHost-Apps/kanboard_ynh/issues ---- +## Developer info -## Developers info - -Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing). +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing). To try the testing branch, please proceed like that. ``` @@ -73,3 +60,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/kanboard_ynh/tree/tes or sudo yunohost app upgrade kanboard -u https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing --debug ``` + +**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/README_fr.md b/README_fr.md index 67db2dc..62a47dd 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,44 +1,27 @@ # Kanboard pour YunoHost -[![Integration level](https://dash.yunohost.org/integration/kanboard.svg)](https://dash.yunohost.org/appci/app/kanboard) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.maintain.svg) +[![Niveau d'intégration](https://dash.yunohost.org/integration/kanboard.svg)](https://dash.yunohost.org/appci/app/kanboard) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.maintain.svg) [![Installer Kanboard avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=kanboard) -*[Read this readme in english.](./README.md)* +*[Read this readme in english.](./README.md)* +*[Lire ce readme en français.](./README_fr.md)* -> *Ce package vous permet d'installer Kanboard rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* +> *Ce package vous permet d'installer Kanboard rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* ## Vue d'ensemble -Kanboard est un gestionnaire de tâches visuel qui permet de gérer facilement des petits projets de manière collaborative. L'outil est particulièrement adapté aux personnes qui utilisent la méthode Kanban. On peut voir Kanboard comme une alternative (simplifiée) au logiciel propriétaire Trello. Kanboard est un logiciel minimaliste, il se concentre uniquement sur les fonctionnalités réellement nécessaires. L'interface utilisateur est simple et clair. L'outil est prévu pour fonctionner sur une petite machine tel qu'un Raspberry Pi ou un serveur virtuel privé (VPS). Il n'y a aucune dépendance externe, le glisser-déposer des tâches utilise les nouvelles API de HTML5. -**Version incluse :** 1.2.18 +Logiciel de gestion de projet Kanban + +**Version incluse :** 1.2.20~ynh1 + +**Démo :** https://demo.yunohost.org/kanboard/ ## Captures d'écran -![](https://kanboard.org/assets/img/board.png) +![](./doc/screenshots/board.png) -## Démo - -* [Démo YunoHost](https://demo.yunohost.org/kanboard/) - -## Configuration - -## Documentation - - * Documentation officielle : https://docs.kanboard.org/fr/latest/ - * Documentation YunoHost : https://yunohost.org/#/app_kanboard_fr - -## Caractéristiques spécifiques YunoHost - -#### Support multi-utilisateur - -* L'authentification LDAP et HTTP est-elle prise en charge ? **Non** -* L'application peut-elle être utilisée par plusieurs utilisateurs ? **Oui** - -#### Architectures supportées - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/kanboard%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/kanboard/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/kanboard%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/kanboard/) +## Avertissements / informations importantes ## Limitations @@ -54,14 +37,14 @@ Ensuite, vous pouvez vous connecter. Cela est dû à une limitation de Kanboard. -## Liens +## Documentations et ressources - * Signaler un bug : https://github.com/YunoHost-Apps/kanboard_ynh/issues - * Site de l'application : https://kanboard.org - * Dépôt de l'application principale : https://github.com/kanboard/kanboard - * Site web YunoHost : https://yunohost.org/ - ---- +* Site officiel de l'app : https://kanboard.net +* Documentation officielle utilisateur : https://yunohost.org/#/app_kanboard +* Documentation officielle de l'admin : https://docs.kanboard.org/en/latest/ +* Dépôt de code officiel de l'app : https://github.com/kanboard/kanboard +* Documentation YunoHost pour cette app : https://yunohost.org/app_kanboard +* Signaler un bug : https://github.com/YunoHost-Apps/kanboard_ynh/issues ## Informations pour les développeurs @@ -73,3 +56,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/kanboard_ynh/tree/tes ou sudo yunohost app upgrade kanboard -u https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing --debug ``` + +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/check_process b/check_process index 3ecab30..82cfcb1 100644 --- a/check_process +++ b/check_process @@ -1,9 +1,9 @@ ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) - is_public=1 (PUBLIC|public=1|private=0) + domain="domain.tld" + path="/path" + admin="john" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -12,12 +12,11 @@ setup_private=1 setup_public=1 upgrade=1 - upgrade=1 from_commit=f159f7a9bdbe470ec026edf09a6eebf10f23425e + upgrade=1 from_commit=c20bdd69644de72736cdc4438a36faab9ab24c72 backup_restore=1 multi_instance=1 - port_already_use=0 change_url=1 ;;; Upgrade options - ; commit=f159f7a9bdbe470ec026edf09a6eebf10f23425e - name=Create check_process + ; commit=c20bdd69644de72736cdc4438a36faab9ab24c72 + name=Merge pull request #114 from YunoHost-Apps/testing manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=Yes& diff --git a/conf/app.src b/conf/app.src index bcdcbda..e4223ab 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.18.tar.gz -SOURCE_SUM=10851cdc42c66b2bc742ac5b656a09da1b60c65c1f73876fc6c689e9385d5811 +SOURCE_URL=https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.20.tar.gz +SOURCE_SUM=ac401a9884b7c56d62faa3efda0402498dfa7ab6a60fc7cba4512a453b70c2ec SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/config.php b/conf/config.php index 49ef0ad..2a097d3 100644 --- a/conf/config.php +++ b/conf/config.php @@ -183,7 +183,7 @@ define('REVERSE_PROXY_AUTH', true); define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER'); // Username of the admin, by default blank -define('REVERSE_PROXY_DEFAULT_ADMIN', '__USER__'); +define('REVERSE_PROXY_DEFAULT_ADMIN', '__ADMIN__'); // Default domain to use for setting the email address define('REVERSE_PROXY_DEFAULT_DOMAIN', '__DOMAIN__'); diff --git a/conf/nginx.conf b/conf/nginx.conf index f1689fc..acf6565 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -14,7 +14,7 @@ location __PATH__/ { try_files $uri $uri/ /index.php?$args; # Override CSP header to make SSOWAT user panel compatible with kanboard - more_set_headers Content-Security-Policy "default-src 'self' 'unsafe-eval' data:;"; + more_set_headers 'Content-Security-Policy: default-src self unsafe-eval data:'; location __PATH__/(?:kanboard|config.php|config.default.php) { deny all; diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..45d0412 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,13 @@ +## Limitations + +## Additional information + +### How to connect as external (non-SSOwat) users + +You have to edit this file `/var/www/kanboard/config.php`, find the line `define('REVERSE_PROXY_AUTH', true);` and change it from `true` to `false`. +**Warning** this disables the possibility to connect with SSOwat users. You will *only* be able to connect with Kanboard users created inside of Kanboard. +Then you can connect. + +**NB**: if you don't make that change, you will get the following error message "Access Forbidden". + +This is due to a Kanboard limitation. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md new file mode 100644 index 0000000..7ea5b57 --- /dev/null +++ b/doc/DISCLAIMER_fr.md @@ -0,0 +1,13 @@ +## Limitations + +## Informations additionnelles + +### Comment se connecter en tant qu'utilisateurs externes (non SSOwat) + +Vous devez éditer ce fichier `/var/www/kanboard/config.php`, trouver la ligne `define('REVERSE_PROXY_AUTH', true);` et la changer de `true` à `false`. +**Attention** cela désactive la possibilité de se connecter avec les utilisateurs SSOwat. Vous ne pourrez *que* vous connecter avec les utilisateurs Kanboard créés à l'intérieur de Kanboard. +Ensuite, vous pouvez vous connecter. + +**NB**: si vous n'effectuez pas cette modification, vous obtiendrez le message d'erreur suivant "Accès interdit". + +Cela est dû à une limitation de Kanboard. diff --git a/doc/screenshots/board.png b/doc/screenshots/board.png new file mode 100644 index 0000000..4109def Binary files /dev/null and b/doc/screenshots/board.png differ diff --git a/manifest.json b/manifest.json index 293d496..8e96838 100644 --- a/manifest.json +++ b/manifest.json @@ -6,15 +6,23 @@ "en": "Kanban project management software", "fr": "Logiciel de gestion de projet Kanban" }, - "version": "1.2.18~ynh2", - "url": "https://kanboard.net/", + "version": "1.2.20~ynh1", + "url": "https://kanboard.net", + "upstream": { + "license": "MIT", + "website": "https://kanboard.net", + "demo": "https://demo.yunohost.org/kanboard/", + "admindoc": "https://docs.kanboard.org/en/latest/", + "userdoc": "https://yunohost.org/#/app_kanboard", + "code": "https://github.com/kanboard/kanboard" + }, "license": "MIT", "maintainer": { "name": "", "email": "" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.2.4" }, "previous_maintainers": [{ "name": "mbugeia", @@ -27,7 +35,7 @@ "multi_instance": true, "services": [ "nginx", - "php7.0-fpm", + "php7.3-fpm", "mysql" ], "arguments": { @@ -35,38 +43,22 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain name for Kanboard", - "fr": "Choisissez un nom de domaine pour Kanboard" - }, "example": "domain.org" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Kanboard", - "fr": "Choisissez un chemin pour Kanboard" - }, "example": "/kanboard", "default": "/kanboard" }, { "name": "admin", "type": "user", - "ask": { - "en": "Choose the admin user", - "fr": "Choisissez l'administrateur" - }, "example": "johndoe" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "default": false } ] diff --git a/pull_request_template.md b/pull_request_template.md deleted file mode 100644 index cde4a25..0000000 --- a/pull_request_template.md +++ /dev/null @@ -1,24 +0,0 @@ -## Problem -- *Description of why you made this PR* - -## Solution -- *And how you fix that* - -## PR Status -- [ ] Code finished. -- [ ] Tested with Package_check. -- [ ] Fix or enhancement tested. -- [ ] Upgrade from last version tested. -- [ ] Can be reviewed and tested. - -## Validation ---- -*Minor decision* -- **Upgrade previous version** : -- [ ] **Code review** : -- [ ] **Approval (LGTM)** : -- [ ] **Approval (LGTM)** : -- **CI succeeded** : -[![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/kanboard_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/kanboard_ynh%20PR-NUM-/) -*Please replace '-NUM-' in this link by the PR number.* -When the PR is marked as ready to merge, you have to wait for 3 days before really merging it. diff --git a/scripts/install b/scripts/install index 5ca045b..c5fe364 100644 --- a/scripts/install +++ b/scripts/install @@ -23,6 +23,7 @@ domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC +email=$(ynh_user_get_info --username=$admin --key=mail) app=$YNH_APP_INSTANCE_NAME @@ -45,7 +46,6 @@ ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=adminusername --value=$admin -ynh_app_setting_set --app=$app --key=is_public --value=$is_public #================================================= # STANDARD MODIFICATIONS @@ -58,6 +58,14 @@ db_name=$(ynh_sanitize_dbid --db_name=$app) ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=2 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -69,6 +77,12 @@ ynh_setup_source --dest_dir="$final_path" mkdir -p $final_path/sessions/ +chmod 750 "$final_path" +chown -R $app $final_path/{data,plugins,sessions} +chmod -R 700 $final_path/sessions +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -77,14 +91,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=2 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -101,18 +107,16 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= ynh_script_progression --message="Configuring Kanboard..." -# Retrieve admin email -email=$(ynh_user_get_info --username=$admin --key=mail) +cp ../conf/config.php "$final_path/config.php" -# Copy and edit config.php -config_php="${final_path}/config.php" +ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/config.php" +ynh_replace_string --match_string="__DB_NAME__" --replace_string=$db_name --target_file="$final_path/config.php" +ynh_replace_string --match_string="__ADMIN__" --replace_string=$admin --target_file="$final_path/config.php" +ynh_replace_string --match_string="__EMAIL__" --replace_string=$email --target_file="$final_path/config.php" +ynh_replace_string --match_string="__DOMAIN__" --replace_string=$domain --target_file="$final_path/config.php" -cp ../conf/config.php "$config_php" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config_php" -ynh_replace_string --match_string="__DB_NAME__" --replace_string=$db_name --target_file="$config_php" -ynh_replace_string --match_string="__USER__" --replace_string=$admin --target_file="$config_php" -ynh_replace_string --match_string="__EMAIL__" --replace_string=$email --target_file="$config_php" -ynh_replace_string --match_string="__DOMAIN__" --replace_string=$domain --target_file="$config_php" +chmod 400 "$final_path/config.php" +chown $app "$final_path/config.php" #================================================= # DATABASE INITIALIZATION @@ -120,22 +124,11 @@ ynh_replace_string --match_string="__DOMAIN__" --replace_string=$domain --targ ynh_script_progression --message="Initializing database..." --weight=7 ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" < "${final_path}/app/Schema/Sql/mysql.sql" -( - cd "$final_path" + +pushd $final_path # Launch database migration - php$YNH_PHP_VERSION cli db:migrate --no-interaction --verbose -) - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================ - -# Set permissions to app files -chown -R root: $final_path -chown -R $app $final_path/{data,plugins,sessions} -chmod -R 700 $final_path/sessions + php$phpversion cli db:migrate --no-interaction --verbose +popd #================================================= # SETUP FAIL2BAN @@ -147,12 +140,10 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex #================================================= # SETUP CRON #================================================= -ynh_script_progression --message="Setuping a cron..." +ynh_script_progression --message="Setuping a cron..." --weight=1 + +ynh_add_config --template="../conf/cron_kanboard" --destination="/etc/cron.d/$app" -cp ../conf/cron_kanboard /etc/cron.d/$app -ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path/" --target_file="/etc/cron.d/$app" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="/etc/cron.d/$app" -ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$phpversion" --target_file="/etc/cron.d/$app" chmod 644 "/etc/cron.d/$app" #================================================= @@ -163,22 +154,22 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=2 # Make app public or private if [ $is_public -eq 1 ] then - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" - ynh_replace_string --match_string="define('LDAP_AUTH'.*$" --replace_string="define('LDAP_AUTH', true);" --target_file="$config_php" - ynh_replace_string --match_string="define('HIDE_LOGIN_FORM'.*$" --replace_string="define('HIDE_LOGIN_FORM', false);" --target_file="$config_php" - ynh_replace_string --match_string="define('REMEMBER_ME_AUTH'.*$" --replace_string="define('REMEMBER_ME_AUTH', true);" --target_file="$config_php" - ynh_replace_string --match_string="define('DISABLE_LOGOUT'.*$" --replace_string="define('DISABLE_LOGOUT', false);" --target_file="$config_php" + ynh_permission_update --permission="main" --add="visitors" + ynh_replace_string --match_string="define('LDAP_AUTH'.*$" --replace_string="define('LDAP_AUTH', true);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('HIDE_LOGIN_FORM'.*$" --replace_string="define('HIDE_LOGIN_FORM', false);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('REMEMBER_ME_AUTH'.*$" --replace_string="define('REMEMBER_ME_AUTH', true);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('DISABLE_LOGOUT'.*$" --replace_string="define('DISABLE_LOGOUT', false);" --target_file="$final_path/config.php" else ynh_app_setting_set --app=$app --key=unprotected_uris --value="/jsonrpc.php" fi # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$config_php" +ynh_store_file_checksum --file="$final_path/config.php" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/restore b/scripts/restore index e29c830..3ca47c6 100644 --- a/scripts/restore +++ b/scripts/restore @@ -46,6 +46,14 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -53,19 +61,9 @@ ynh_script_progression --message="Restoring Kanboard main directory..." --weight ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions to app files +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" chown -R $app $final_path/{data,plugins,sessions} #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 22f3485..815fbec 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,7 +22,9 @@ admin=$(ynh_app_setting_get --app=$app --key=adminusername) is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +email=$(ynh_user_get_info --username=$admin --key=mail) #================================================= # CHECK VERSION @@ -35,15 +37,6 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name=$(ynh_sanitize_dbid --db_name=$app) @@ -56,6 +49,13 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -70,6 +70,14 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -81,11 +89,17 @@ then ynh_script_progression --message="Upgrading source files..." --weight=3 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$final_path" --keep="$final_path/config.php" fi mkdir -p $final_path/sessions/ +chmod 750 "$final_path" +chown -R $app $final_path/{data,plugins,sessions} +chmod -R 700 $final_path/sessions +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -94,14 +108,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -110,52 +116,17 @@ ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=5 # Create a dedicated PHP-FPM config ynh_add_fpm_config --package="$extra_php_dependencies" -#================================================= -# SPECIFIC UPGRADE -#================================================= -# CREATE CONFIG.PHP -#================================================= -ynh_script_progression --message="Reconfiguring Kanboard..." --weight=2 - -# Retrieve admin email -email=$(ynh_user_get_info --username=$admin --key=mail) - -# Copy and edit config.php -config_php="${final_path}/config.php" - -ynh_backup_if_checksum_is_different --file="$config_php" - -cp ../conf/config.php "$config_php" -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config_php" -ynh_replace_string --match_string="__DB_NAME__" --replace_string=$db_name --target_file="$config_php" -ynh_replace_string --match_string="__USER__" --replace_string=$admin --target_file="$config_php" -ynh_replace_string --match_string="__EMAIL__" --replace_string=$email --target_file="$config_php" -ynh_replace_string --match_string="__DOMAIN__" --replace_string=$domain --target_file="$config_php" - #================================================= # UPGRADE KANBOARD #================================================= ynh_script_progression --message="Upgrading Kanboard..." --weight=2 -( - cd "$final_path" +pushd $final_path # Launch database migration - php$YNH_PHP_VERSION cli db:migrate --no-interaction --verbose + php$phpversion cli db:migrate --no-interaction --verbose # Launch plugins migration - php$YNH_PHP_VERSION cli plugin:upgrade --no-interaction --verbose -) - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path -chown -R $app $final_path/{data,plugins,sessions} -chmod -R 700 $final_path/sessions + php$phpversion cli plugin:upgrade --no-interaction --verbose +popd #================================================= # SETUP FAIL2BAN @@ -169,10 +140,8 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex #================================================= ynh_script_progression --message="Setuping a cron..." -cp ../conf/cron_kanboard /etc/cron.d/$app -ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path/" --target_file="/etc/cron.d/$app" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="/etc/cron.d/$app" -ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$phpversion" --target_file="/etc/cron.d/$app" +ynh_add_config --template="../conf/cron_kanboard" --destination="/etc/cron.d/$app" + chmod 644 "/etc/cron.d/$app" #================================================= @@ -183,18 +152,15 @@ ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=2 # Make app public or private if [ $is_public -eq 1 ] then - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" - ynh_replace_string --match_string="define('LDAP_AUTH'.*$" --replace_string="define('LDAP_AUTH', true);" --target_file="$config_php" - ynh_replace_string --match_string="define('HIDE_LOGIN_FORM'.*$" --replace_string="define('HIDE_LOGIN_FORM', false);" --target_file="$config_php" - ynh_replace_string --match_string="define('REMEMBER_ME_AUTH'.*$" --replace_string="define('REMEMBER_ME_AUTH', true);" --target_file="$config_php" - ynh_replace_string --match_string="define('DISABLE_LOGOUT'.*$" --replace_string="define('DISABLE_LOGOUT', false);" --target_file="$config_php" + ynh_permission_update --permission="main" --add="visitors" + ynh_replace_string --match_string="define('LDAP_AUTH'.*$" --replace_string="define('LDAP_AUTH', true);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('HIDE_LOGIN_FORM'.*$" --replace_string="define('HIDE_LOGIN_FORM', false);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('REMEMBER_ME_AUTH'.*$" --replace_string="define('REMEMBER_ME_AUTH', true);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('DISABLE_LOGOUT'.*$" --replace_string="define('DISABLE_LOGOUT', false);" --target_file="$final_path/config.php" else ynh_app_setting_set --app=$app --key=unprotected_uris --value="/jsonrpc.php" fi -# Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$config_php" - #================================================= # RELOAD NGINX #=================================================