diff --git a/README.md b/README.md index 18f48c4..3679653 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,8 @@ + + # Kanboard for YunoHost [![Integration level](https://dash.yunohost.org/integration/kanboard.svg)](https://dash.yunohost.org/appci/app/kanboard) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.maintain.svg) @@ -5,40 +10,22 @@ *[Lire ce readme en français.](./README_fr.md)* -> *This package allow you to install Kanboard quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* +> *This package allows you to install Kanboard quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview -Kanboard is a visual task manager that makes it easy to manage small projects in a collaborative way. The tool is particularly suitable for people who use the Kanban method. Kanboard can be seen as a (Simplified) alternative to the proprietary Trello software. Kanboard is a minimalist software, it focuses only on the features that are really necessary. The user interface is simple and clear. The tool is designed to run on a small machine such as a Raspberry Pi or a Virtual Private Server (VPS). There are no external dependencies, drag and drop of tasks uses the new HTML5 APIs. -**Shipped version:** 1.2.18 +Kanban project management software + +**Shipped version:** 1.2.19~ynh1 + +**Demo:** https://demo.yunohost.org/kanboard/ ## Screenshots -![](https://kanboard.org/assets/img/board.png) +![](./doc/screenshots/board.png) -## Demo - -* [YunoHost demo](https://demo.yunohost.org/kanboard/) - -## Configuration - -## Documentation - - * Official documentation: https://docs.kanboard.org/en/latest/ - * YunoHost documentation: https://yunohost.org/#/app_kanboard - -## YunoHost specific features - -#### Multi-users support - - * Are LDAP and HTTP auth supported? **No** - * Can the app be used by multiple users? **Yes** - -#### Supported architectures - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/kanboard%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/kanboard/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/kanboard%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/kanboard/) +## Disclaimers / important information ## Limitations @@ -54,18 +41,18 @@ Then you can connect. This is due to a Kanboard limitation. -## Links +## Documentation and resources - * Report a bug: https://github.com/YunoHost-Apps/kanboard_ynh/issues - * Kanboard website: https://kanboard.org - * Upstream app repository: https://github.com/kanboard/kanboard - * YunoHost website: https://yunohost.org/ +* Official app website: https://kanboard.net +* Official user documentation: https://yunohost.org/#/app_kanboard +* Official admin documentation: https://docs.kanboard.org/en/latest/ +* Upstream app code repository: https://github.com/kanboard/kanboard +* YunoHost documentation for this app: https://yunohost.org/app_kanboard +* Report a bug: https://github.com/YunoHost-Apps/kanboard_ynh/issues ---- +## Developer info -## Developers info - -Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing). +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing). To try the testing branch, please proceed like that. ``` @@ -73,3 +60,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/kanboard_ynh/tree/tes or sudo yunohost app upgrade kanboard -u https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing --debug ``` + +**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/README_fr.md b/README_fr.md index 67db2dc..05c364f 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,44 +1,27 @@ # Kanboard pour YunoHost -[![Integration level](https://dash.yunohost.org/integration/kanboard.svg)](https://dash.yunohost.org/appci/app/kanboard) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.maintain.svg) +[![Niveau d'intégration](https://dash.yunohost.org/integration/kanboard.svg)](https://dash.yunohost.org/appci/app/kanboard) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/kanboard.maintain.svg) [![Installer Kanboard avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=kanboard) -*[Read this readme in english.](./README.md)* +*[Read this readme in english.](./README.md)* +*[Lire ce readme en français.](./README_fr.md)* -> *Ce package vous permet d'installer Kanboard rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* +> *Ce package vous permet d'installer Kanboard rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* ## Vue d'ensemble -Kanboard est un gestionnaire de tâches visuel qui permet de gérer facilement des petits projets de manière collaborative. L'outil est particulièrement adapté aux personnes qui utilisent la méthode Kanban. On peut voir Kanboard comme une alternative (simplifiée) au logiciel propriétaire Trello. Kanboard est un logiciel minimaliste, il se concentre uniquement sur les fonctionnalités réellement nécessaires. L'interface utilisateur est simple et clair. L'outil est prévu pour fonctionner sur une petite machine tel qu'un Raspberry Pi ou un serveur virtuel privé (VPS). Il n'y a aucune dépendance externe, le glisser-déposer des tâches utilise les nouvelles API de HTML5. -**Version incluse :** 1.2.18 +Logiciel de gestion de projet Kanban + +**Version incluse :** 1.2.19~ynh1 + +**Démo :** https://demo.yunohost.org/kanboard/ ## Captures d'écran -![](https://kanboard.org/assets/img/board.png) +![](./doc/screenshots/board.png) -## Démo - -* [Démo YunoHost](https://demo.yunohost.org/kanboard/) - -## Configuration - -## Documentation - - * Documentation officielle : https://docs.kanboard.org/fr/latest/ - * Documentation YunoHost : https://yunohost.org/#/app_kanboard_fr - -## Caractéristiques spécifiques YunoHost - -#### Support multi-utilisateur - -* L'authentification LDAP et HTTP est-elle prise en charge ? **Non** -* L'application peut-elle être utilisée par plusieurs utilisateurs ? **Oui** - -#### Architectures supportées - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/kanboard%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/kanboard/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/kanboard%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/kanboard/) +## Avertissements / informations importantes ## Limitations @@ -54,14 +37,14 @@ Ensuite, vous pouvez vous connecter. Cela est dû à une limitation de Kanboard. -## Liens +## Documentations et ressources - * Signaler un bug : https://github.com/YunoHost-Apps/kanboard_ynh/issues - * Site de l'application : https://kanboard.org - * Dépôt de l'application principale : https://github.com/kanboard/kanboard - * Site web YunoHost : https://yunohost.org/ - ---- +* Site officiel de l'app : https://kanboard.net +* Documentation officielle utilisateur : https://yunohost.org/#/app_kanboard +* Documentation officielle de l'admin : https://docs.kanboard.org/en/latest/ +* Dépôt de code officiel de l'app : https://github.com/kanboard/kanboard +* Documentation YunoHost pour cette app : https://yunohost.org/app_kanboard +* Signaler un bug : https://github.com/YunoHost-Apps/kanboard_ynh/issues ## Informations pour les développeurs @@ -73,3 +56,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/kanboard_ynh/tree/tes ou sudo yunohost app upgrade kanboard -u https://github.com/YunoHost-Apps/kanboard_ynh/tree/testing --debug ``` + +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/check_process b/check_process index 3ecab30..82cfcb1 100644 --- a/check_process +++ b/check_process @@ -1,9 +1,9 @@ ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) - is_public=1 (PUBLIC|public=1|private=0) + domain="domain.tld" + path="/path" + admin="john" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -12,12 +12,11 @@ setup_private=1 setup_public=1 upgrade=1 - upgrade=1 from_commit=f159f7a9bdbe470ec026edf09a6eebf10f23425e + upgrade=1 from_commit=c20bdd69644de72736cdc4438a36faab9ab24c72 backup_restore=1 multi_instance=1 - port_already_use=0 change_url=1 ;;; Upgrade options - ; commit=f159f7a9bdbe470ec026edf09a6eebf10f23425e - name=Create check_process + ; commit=c20bdd69644de72736cdc4438a36faab9ab24c72 + name=Merge pull request #114 from YunoHost-Apps/testing manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=Yes& diff --git a/conf/app.src b/conf/app.src index bcdcbda..5a82481 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/kanboard/kanboard/archive/v1.2.18.tar.gz -SOURCE_SUM=10851cdc42c66b2bc742ac5b656a09da1b60c65c1f73876fc6c689e9385d5811 +SOURCE_URL=https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.19.tar.gz +SOURCE_SUM=8c2ee5394ab23a71c71525081b2738a86f1592d40d814e679791c09cede562d0 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/config.php b/conf/config.php index 49ef0ad..2a097d3 100644 --- a/conf/config.php +++ b/conf/config.php @@ -183,7 +183,7 @@ define('REVERSE_PROXY_AUTH', true); define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER'); // Username of the admin, by default blank -define('REVERSE_PROXY_DEFAULT_ADMIN', '__USER__'); +define('REVERSE_PROXY_DEFAULT_ADMIN', '__ADMIN__'); // Default domain to use for setting the email address define('REVERSE_PROXY_DEFAULT_DOMAIN', '__DOMAIN__'); diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..45d0412 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,13 @@ +## Limitations + +## Additional information + +### How to connect as external (non-SSOwat) users + +You have to edit this file `/var/www/kanboard/config.php`, find the line `define('REVERSE_PROXY_AUTH', true);` and change it from `true` to `false`. +**Warning** this disables the possibility to connect with SSOwat users. You will *only* be able to connect with Kanboard users created inside of Kanboard. +Then you can connect. + +**NB**: if you don't make that change, you will get the following error message "Access Forbidden". + +This is due to a Kanboard limitation. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md new file mode 100644 index 0000000..7ea5b57 --- /dev/null +++ b/doc/DISCLAIMER_fr.md @@ -0,0 +1,13 @@ +## Limitations + +## Informations additionnelles + +### Comment se connecter en tant qu'utilisateurs externes (non SSOwat) + +Vous devez éditer ce fichier `/var/www/kanboard/config.php`, trouver la ligne `define('REVERSE_PROXY_AUTH', true);` et la changer de `true` à `false`. +**Attention** cela désactive la possibilité de se connecter avec les utilisateurs SSOwat. Vous ne pourrez *que* vous connecter avec les utilisateurs Kanboard créés à l'intérieur de Kanboard. +Ensuite, vous pouvez vous connecter. + +**NB**: si vous n'effectuez pas cette modification, vous obtiendrez le message d'erreur suivant "Accès interdit". + +Cela est dû à une limitation de Kanboard. diff --git a/doc/screenshots/board.png b/doc/screenshots/board.png new file mode 100644 index 0000000..4109def Binary files /dev/null and b/doc/screenshots/board.png differ diff --git a/manifest.json b/manifest.json index 293d496..17fff64 100644 --- a/manifest.json +++ b/manifest.json @@ -6,15 +6,23 @@ "en": "Kanban project management software", "fr": "Logiciel de gestion de projet Kanban" }, - "version": "1.2.18~ynh2", - "url": "https://kanboard.net/", + "version": "1.2.19~ynh1", + "url": "https://kanboard.net", + "upstream": { + "license": "MIT", + "website": "https://kanboard.net", + "demo": "https://demo.yunohost.org/kanboard/", + "admindoc": "https://docs.kanboard.org/en/latest/", + "userdoc": "https://yunohost.org/#/app_kanboard", + "code": "https://github.com/kanboard/kanboard" + }, "license": "MIT", "maintainer": { "name": "", "email": "" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.2.4" }, "previous_maintainers": [{ "name": "mbugeia", @@ -27,7 +35,7 @@ "multi_instance": true, "services": [ "nginx", - "php7.0-fpm", + "php7.3-fpm", "mysql" ], "arguments": { @@ -35,38 +43,22 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain name for Kanboard", - "fr": "Choisissez un nom de domaine pour Kanboard" - }, "example": "domain.org" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Kanboard", - "fr": "Choisissez un chemin pour Kanboard" - }, "example": "/kanboard", "default": "/kanboard" }, { "name": "admin", "type": "user", - "ask": { - "en": "Choose the admin user", - "fr": "Choisissez l'administrateur" - }, "example": "johndoe" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "default": false } ] diff --git a/scripts/install b/scripts/install index 5ca045b..c5fe364 100644 --- a/scripts/install +++ b/scripts/install @@ -23,6 +23,7 @@ domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC +email=$(ynh_user_get_info --username=$admin --key=mail) app=$YNH_APP_INSTANCE_NAME @@ -45,7 +46,6 @@ ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=adminusername --value=$admin -ynh_app_setting_set --app=$app --key=is_public --value=$is_public #================================================= # STANDARD MODIFICATIONS @@ -58,6 +58,14 @@ db_name=$(ynh_sanitize_dbid --db_name=$app) ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=2 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -69,6 +77,12 @@ ynh_setup_source --dest_dir="$final_path" mkdir -p $final_path/sessions/ +chmod 750 "$final_path" +chown -R $app $final_path/{data,plugins,sessions} +chmod -R 700 $final_path/sessions +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -77,14 +91,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=2 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -101,18 +107,16 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= ynh_script_progression --message="Configuring Kanboard..." -# Retrieve admin email -email=$(ynh_user_get_info --username=$admin --key=mail) +cp ../conf/config.php "$final_path/config.php" -# Copy and edit config.php -config_php="${final_path}/config.php" +ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/config.php" +ynh_replace_string --match_string="__DB_NAME__" --replace_string=$db_name --target_file="$final_path/config.php" +ynh_replace_string --match_string="__ADMIN__" --replace_string=$admin --target_file="$final_path/config.php" +ynh_replace_string --match_string="__EMAIL__" --replace_string=$email --target_file="$final_path/config.php" +ynh_replace_string --match_string="__DOMAIN__" --replace_string=$domain --target_file="$final_path/config.php" -cp ../conf/config.php "$config_php" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config_php" -ynh_replace_string --match_string="__DB_NAME__" --replace_string=$db_name --target_file="$config_php" -ynh_replace_string --match_string="__USER__" --replace_string=$admin --target_file="$config_php" -ynh_replace_string --match_string="__EMAIL__" --replace_string=$email --target_file="$config_php" -ynh_replace_string --match_string="__DOMAIN__" --replace_string=$domain --target_file="$config_php" +chmod 400 "$final_path/config.php" +chown $app "$final_path/config.php" #================================================= # DATABASE INITIALIZATION @@ -120,22 +124,11 @@ ynh_replace_string --match_string="__DOMAIN__" --replace_string=$domain --targ ynh_script_progression --message="Initializing database..." --weight=7 ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" < "${final_path}/app/Schema/Sql/mysql.sql" -( - cd "$final_path" + +pushd $final_path # Launch database migration - php$YNH_PHP_VERSION cli db:migrate --no-interaction --verbose -) - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================ - -# Set permissions to app files -chown -R root: $final_path -chown -R $app $final_path/{data,plugins,sessions} -chmod -R 700 $final_path/sessions + php$phpversion cli db:migrate --no-interaction --verbose +popd #================================================= # SETUP FAIL2BAN @@ -147,12 +140,10 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex #================================================= # SETUP CRON #================================================= -ynh_script_progression --message="Setuping a cron..." +ynh_script_progression --message="Setuping a cron..." --weight=1 + +ynh_add_config --template="../conf/cron_kanboard" --destination="/etc/cron.d/$app" -cp ../conf/cron_kanboard /etc/cron.d/$app -ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path/" --target_file="/etc/cron.d/$app" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="/etc/cron.d/$app" -ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$phpversion" --target_file="/etc/cron.d/$app" chmod 644 "/etc/cron.d/$app" #================================================= @@ -163,22 +154,22 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=2 # Make app public or private if [ $is_public -eq 1 ] then - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" - ynh_replace_string --match_string="define('LDAP_AUTH'.*$" --replace_string="define('LDAP_AUTH', true);" --target_file="$config_php" - ynh_replace_string --match_string="define('HIDE_LOGIN_FORM'.*$" --replace_string="define('HIDE_LOGIN_FORM', false);" --target_file="$config_php" - ynh_replace_string --match_string="define('REMEMBER_ME_AUTH'.*$" --replace_string="define('REMEMBER_ME_AUTH', true);" --target_file="$config_php" - ynh_replace_string --match_string="define('DISABLE_LOGOUT'.*$" --replace_string="define('DISABLE_LOGOUT', false);" --target_file="$config_php" + ynh_permission_update --permission="main" --add="visitors" + ynh_replace_string --match_string="define('LDAP_AUTH'.*$" --replace_string="define('LDAP_AUTH', true);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('HIDE_LOGIN_FORM'.*$" --replace_string="define('HIDE_LOGIN_FORM', false);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('REMEMBER_ME_AUTH'.*$" --replace_string="define('REMEMBER_ME_AUTH', true);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('DISABLE_LOGOUT'.*$" --replace_string="define('DISABLE_LOGOUT', false);" --target_file="$final_path/config.php" else ynh_app_setting_set --app=$app --key=unprotected_uris --value="/jsonrpc.php" fi # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$config_php" +ynh_store_file_checksum --file="$final_path/config.php" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/restore b/scripts/restore index e29c830..3ca47c6 100644 --- a/scripts/restore +++ b/scripts/restore @@ -46,6 +46,14 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -53,19 +61,9 @@ ynh_script_progression --message="Restoring Kanboard main directory..." --weight ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions to app files +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" chown -R $app $final_path/{data,plugins,sessions} #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 22f3485..815fbec 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,7 +22,9 @@ admin=$(ynh_app_setting_get --app=$app --key=adminusername) is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +email=$(ynh_user_get_info --username=$admin --key=mail) #================================================= # CHECK VERSION @@ -35,15 +37,6 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name=$(ynh_sanitize_dbid --db_name=$app) @@ -56,6 +49,13 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -70,6 +70,14 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -81,11 +89,17 @@ then ynh_script_progression --message="Upgrading source files..." --weight=3 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$final_path" --keep="$final_path/config.php" fi mkdir -p $final_path/sessions/ +chmod 750 "$final_path" +chown -R $app $final_path/{data,plugins,sessions} +chmod -R 700 $final_path/sessions +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -94,14 +108,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -110,52 +116,17 @@ ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=5 # Create a dedicated PHP-FPM config ynh_add_fpm_config --package="$extra_php_dependencies" -#================================================= -# SPECIFIC UPGRADE -#================================================= -# CREATE CONFIG.PHP -#================================================= -ynh_script_progression --message="Reconfiguring Kanboard..." --weight=2 - -# Retrieve admin email -email=$(ynh_user_get_info --username=$admin --key=mail) - -# Copy and edit config.php -config_php="${final_path}/config.php" - -ynh_backup_if_checksum_is_different --file="$config_php" - -cp ../conf/config.php "$config_php" -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config_php" -ynh_replace_string --match_string="__DB_NAME__" --replace_string=$db_name --target_file="$config_php" -ynh_replace_string --match_string="__USER__" --replace_string=$admin --target_file="$config_php" -ynh_replace_string --match_string="__EMAIL__" --replace_string=$email --target_file="$config_php" -ynh_replace_string --match_string="__DOMAIN__" --replace_string=$domain --target_file="$config_php" - #================================================= # UPGRADE KANBOARD #================================================= ynh_script_progression --message="Upgrading Kanboard..." --weight=2 -( - cd "$final_path" +pushd $final_path # Launch database migration - php$YNH_PHP_VERSION cli db:migrate --no-interaction --verbose + php$phpversion cli db:migrate --no-interaction --verbose # Launch plugins migration - php$YNH_PHP_VERSION cli plugin:upgrade --no-interaction --verbose -) - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path -chown -R $app $final_path/{data,plugins,sessions} -chmod -R 700 $final_path/sessions + php$phpversion cli plugin:upgrade --no-interaction --verbose +popd #================================================= # SETUP FAIL2BAN @@ -169,10 +140,8 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex #================================================= ynh_script_progression --message="Setuping a cron..." -cp ../conf/cron_kanboard /etc/cron.d/$app -ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path/" --target_file="/etc/cron.d/$app" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="/etc/cron.d/$app" -ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$phpversion" --target_file="/etc/cron.d/$app" +ynh_add_config --template="../conf/cron_kanboard" --destination="/etc/cron.d/$app" + chmod 644 "/etc/cron.d/$app" #================================================= @@ -183,18 +152,15 @@ ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=2 # Make app public or private if [ $is_public -eq 1 ] then - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" - ynh_replace_string --match_string="define('LDAP_AUTH'.*$" --replace_string="define('LDAP_AUTH', true);" --target_file="$config_php" - ynh_replace_string --match_string="define('HIDE_LOGIN_FORM'.*$" --replace_string="define('HIDE_LOGIN_FORM', false);" --target_file="$config_php" - ynh_replace_string --match_string="define('REMEMBER_ME_AUTH'.*$" --replace_string="define('REMEMBER_ME_AUTH', true);" --target_file="$config_php" - ynh_replace_string --match_string="define('DISABLE_LOGOUT'.*$" --replace_string="define('DISABLE_LOGOUT', false);" --target_file="$config_php" + ynh_permission_update --permission="main" --add="visitors" + ynh_replace_string --match_string="define('LDAP_AUTH'.*$" --replace_string="define('LDAP_AUTH', true);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('HIDE_LOGIN_FORM'.*$" --replace_string="define('HIDE_LOGIN_FORM', false);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('REMEMBER_ME_AUTH'.*$" --replace_string="define('REMEMBER_ME_AUTH', true);" --target_file="$final_path/config.php" + ynh_replace_string --match_string="define('DISABLE_LOGOUT'.*$" --replace_string="define('DISABLE_LOGOUT', false);" --target_file="$final_path/config.php" else ynh_app_setting_set --app=$app --key=unprotected_uris --value="/jsonrpc.php" fi -# Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$config_php" - #================================================= # RELOAD NGINX #=================================================