From 6d2d0204e00184a14d528fd06f9b705bfaa217b8 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Wed, 8 Aug 2018 23:28:10 +0200 Subject: [PATCH 1/4] Improve file permissions --- README.md | 3 +-- manifest.json | 2 +- scripts/install | 6 +++++- scripts/upgrade | 11 +++++++++-- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d44239c..0cf1343 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,6 @@ Kresus is an open-source libre self-hosted personal finance manager. It allows y * to be added: * [ ] Email support - * [ ] Restrict more file access ($app is owner of everything, we should limit it more) * [ ] Add user who will access the app (by default every one has access to the installed app) * [ ] Email admin about installation with ynh_send_readme_to_admin helper @@ -24,4 +23,4 @@ Kresus is an open-source libre self-hosted personal finance manager. It allows y * Report a bug about this package: https://github.com/YunoHost-Apps/kresus_ynh * Report a bug about Kresus itself: https://framagit.org/kresusapp/kresus * Kresus website: https://kresus.org - * YunoHost website: https://yunohost.org/ + * YunoHost website: https://yunohost.org diff --git a/manifest.json b/manifest.json index 8944e6c..c380122 100644 --- a/manifest.json +++ b/manifest.json @@ -15,7 +15,7 @@ "requirements": { "yunohost": ">= 2.7.14" }, - "version": "0.13.2~ynh2", + "version": "0.13.2~ynh3", "multi_instance": true, "services": [ "nginx" diff --git a/scripts/install b/scripts/install index 204de79..476baa1 100644 --- a/scripts/install +++ b/scripts/install @@ -152,7 +152,11 @@ ynh_add_systemd_config #================================================= # Set permissions to app files -chown -R $app: $final_path +chown -R "$app":"$app" "$final_path/data/" +chmod -R 750 "$final_path/data/" + +# Set permissions to config file +chown "$app" "$final_path/config.ini" chmod 600 "$final_path/config.ini" #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index bc1f861..539918a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -162,8 +162,15 @@ ynh_add_systemd_config # SECURE FILES AND DIRECTORIES #================================================= -# Set right permissions for curl installation -chown -R $app: $final_path +# Reset permissions +chown -R root:root "$final_path" + +# Set permissions to app files +chown -R "$app":"$app" "$final_path/data/" +chmod -R 750 "$final_path/data/" + +# Set permissions to config file +chown "$app" "$final_path/config.ini" chmod 600 "$final_path/config.ini" #================================================= From 94678ab633ed1ee2dac23ce677d08150542ec9bd Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Wed, 8 Aug 2018 23:35:41 +0200 Subject: [PATCH 2/4] Send email to admin to inform about installation and/or install --- README.md | 1 - scripts/_common.sh | 61 ++++++++++++++++++++++++++++++++++++++++++++++ scripts/install | 17 +++++++++++++ scripts/upgrade | 19 +++++++++++++++ 4 files changed, 97 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0cf1343..7930042 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,6 @@ Kresus is an open-source libre self-hosted personal finance manager. It allows y * to be added: * [ ] Email support * [ ] Add user who will access the app (by default every one has access to the installed app) - * [ ] Email admin about installation with ynh_send_readme_to_admin helper ## Links diff --git a/scripts/_common.sh b/scripts/_common.sh index c7e475c..c92fb21 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -164,3 +164,64 @@ EOF chmod +x "/etc/cron.daily/node_update" } + +# Send an email to inform the administrator +# +# usage: ynh_send_readme_to_admin app_message [recipients] +# | arg: app_message - The message to send to the administrator. +# | arg: recipients - The recipients of this email. Use spaces to separate multiples recipients. - default: root +# example: "root admin@domain" +# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you +# example: "root admin@domain user1 user2" +ynh_send_readme_to_admin() { + local app_message="${1:-...No specific information...}" + local recipients="${2:-root}" + + # Retrieve the email of users + find_mails () { + local list_mails="$1" + local mail + local recipients=" " + # Read each mail in argument + for mail in $list_mails + do + # Keep root or a real email address as it is + if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@" + then + recipients="$recipients $mail" + else + # But replace an user name without a domain after by its email + if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null) + then + recipients="$recipients $mail" + fi + fi + done + echo "$recipients" + } + recipients=$(find_mails "$recipients") + + local mail_subject="☁️🆈🅽🅷☁️: \`$app\` was just installed!" + + local mail_message="This is an automated message from your beloved YunoHost server. + +Specific information for the application $app. + +$app_message + +--- +Automatic diagnosis data from YunoHost + +$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')" + + # Define binary to use for mail command + if [ -e /usr/bin/bsd-mailx ] + then + local mail_bin=/usr/bin/bsd-mailx + else + local mail_bin=/usr/bin/mail.mailutils + fi + + # Send the email to the recipients + echo "$mail_message" | $mail_bin -a "Content-Type: text/plain; charset=UTF-8" -s "$mail_subject" "$recipients" +} diff --git a/scripts/install b/scripts/install index 476baa1..1d92f19 100644 --- a/scripts/install +++ b/scripts/install @@ -165,3 +165,20 @@ chmod 600 "$final_path/config.ini" service "$app" start service nginx reload + +#================================================= +# SEND README TO ADMIN +#================================================= + +message=" +Domain: $domain +Path : $path_url +Config: $final_path/config.ini + +Please remember the default behavior of YunoHost when installing a new app is: everyone has access to the app. +This may be an issue for Kresus as it is a personnal tool. Please remember to edit access rights in the YunoHost web administration panel or using command line interface. + +Are you facing an issue, want to improve this app or say thank you? +Please open a new issue in this project: https://github.com/YunoHost-Apps/kresus_ynh +" +ynh_send_readme_to_admin "$message" diff --git a/scripts/upgrade b/scripts/upgrade index 539918a..1ddc2cc 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -179,3 +179,22 @@ chmod 600 "$final_path/config.ini" service "$app" restart systemctl reload nginx + +#================================================= +# SEND README TO ADMIN +#================================================= + +message=" +Kresus was updated! + +Domain: $domain +Path : $path_url +Config: $final_path/config.ini + +Please remember the default behavior of YunoHost when installing a new app is: everyone has access to the app. +This may be an issue for Kresus as it is a personnal tool. Please remember to edit access rights in the YunoHost web administration panel or using command line interface. + +Are you facing an issue, want to improve this app or say thank you? +Please open a new issue in this project: https://github.com/YunoHost-Apps/kresus_ynh +" +ynh_send_readme_to_admin "$message" \ No newline at end of file From 0f51c6d7273680edee02b227bc1f49277cf4aaf0 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Wed, 8 Aug 2018 23:43:20 +0200 Subject: [PATCH 3/4] add information about config.ini and ynh_backup_if_checksum_is_different --- scripts/install | 3 +++ scripts/upgrade | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/scripts/install b/scripts/install index 1d92f19..c1162f2 100644 --- a/scripts/install +++ b/scripts/install @@ -178,6 +178,9 @@ Config: $final_path/config.ini Please remember the default behavior of YunoHost when installing a new app is: everyone has access to the app. This may be an issue for Kresus as it is a personnal tool. Please remember to edit access rights in the YunoHost web administration panel or using command line interface. +Note about config.ini: this package will regenerate the config file on upgrade. +If you changed it manually and upgrade Kresus, you'll find a backup in $final_path. + Are you facing an issue, want to improve this app or say thank you? Please open a new issue in this project: https://github.com/YunoHost-Apps/kresus_ynh " diff --git a/scripts/upgrade b/scripts/upgrade index 1ddc2cc..d1fad6f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -136,6 +136,8 @@ ynh_use_nodejs # CONFIGURE HASTE #================================================= +ynh_backup_if_checksum_is_different "$final_path/config.ini" + cp ../conf/config.ini "$final_path/config.ini" ynh_replace_string "__PORT__" "$port" "$final_path/config.ini" @@ -194,6 +196,9 @@ Config: $final_path/config.ini Please remember the default behavior of YunoHost when installing a new app is: everyone has access to the app. This may be an issue for Kresus as it is a personnal tool. Please remember to edit access rights in the YunoHost web administration panel or using command line interface. +Note about config.ini: this package will regenerate the config file on upgrade. +If you changed it manually and upgrade Kresus, you'll find a backup in $final_path. + Are you facing an issue, want to improve this app or say thank you? Please open a new issue in this project: https://github.com/YunoHost-Apps/kresus_ynh " From 7bfc4118f9c7a34c55316a5692ca02423a055320 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Wed, 8 Aug 2018 23:53:57 +0200 Subject: [PATCH 4/4] add log task to readme --- README.md | 1 + scripts/upgrade | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 7930042..7e28f8e 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ Kresus is an open-source libre self-hosted personal finance manager. It allows y * to be added: * [ ] Email support + * [ ] Improve log file and add logrotate * [ ] Add user who will access the app (by default every one has access to the installed app) ## Links diff --git a/scripts/upgrade b/scripts/upgrade index d1fad6f..1c78c69 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -16,8 +16,6 @@ source /usr/share/yunohost/helpers # Exit if an error occurs during the execution of the script ynh_abort_if_errors -# TODO: handle "/home/ynh$app" to final_path migration - app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain)