YunoHost-Apps/kresus_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/kresus_ynh.git synced 2024-09-03 19:36:10 +02:00
Code Issues Activity Actions

Merge pull request #15 from Jibec/master

Browse source 
Improve file permissions, send email to admin
This commit is contained in:
LowMem 2018-08-19 15:41:29 +02:00 committed by GitHub
commit 72c16d1c11
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 122 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -16,13 +16,12 @@ Kresus is an open-source libre self-hosted personal finance manager. It allows y
* to be added: * to be added:
* [ ] Email support * [ ] Email support
* [ ] Restrict more file access ($app is owner of everything, we should limit it more) * [ ] Improve log file and add logrotate
* [ ] Add user who will access the app (by default every one has access to the installed app) * [ ] Add user who will access the app (by default every one has access to the installed app)
* [ ] Email admin about installation with ynh_send_readme_to_admin helper
## Links ## Links
* Report a bug about this package: https://github.com/YunoHost-Apps/kresus_ynh * Report a bug about this package: https://github.com/YunoHost-Apps/kresus_ynh
* Report a bug about Kresus itself: https://framagit.org/kresusapp/kresus * Report a bug about Kresus itself: https://framagit.org/kresusapp/kresus
* Kresus website: https://kresus.org * Kresus website: https://kresus.org
* YunoHost website: https://yunohost.org/ * YunoHost website: https://yunohost.org

2
manifest.json
View file

@ -15,7 +15,7 @@
"requirements": { "requirements": {
"yunohost": ">= 2.7.14" "yunohost": ">= 2.7.14"
}, },
"version": "0.13.2~ynh2", "version": "0.13.2~ynh3",
"multi_instance": true, "multi_instance": true,
"services": [ "services": [
"nginx" "nginx"

61
scripts/_common.sh
View file

@ -164,3 +164,64 @@ EOF
chmod +x "/etc/cron.daily/node_update" chmod +x "/etc/cron.daily/node_update"
} }
# Send an email to inform the administrator
#
# usage: ynh_send_readme_to_admin app_message [recipients]
# | arg: app_message - The message to send to the administrator.
# | arg: recipients - The recipients of this email. Use spaces to separate multiples recipients. - default: root
# example: "root admin@domain"
# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
# example: "root admin@domain user1 user2"
ynh_send_readme_to_admin() {
local app_message="${1:-...No specific information...}"
local recipients="${2:-root}"
# Retrieve the email of users
find_mails () {
local list_mails="$1"
local mail
local recipients=" "
# Read each mail in argument
for mail in $list_mails
do
# Keep root or a real email address as it is
if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
then
recipients="$recipients $mail"
else
# But replace an user name without a domain after by its email
if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
then
recipients="$recipients $mail"
fi
fi
done
echo "$recipients"
}
recipients=$(find_mails "$recipients")
local mail_subject="☁️🆈🅽🅷☁️: \`$app\` was just installed!"
local mail_message="This is an automated message from your beloved YunoHost server.
Specific information for the application $app.
$app_message
---
Automatic diagnosis data from YunoHost
$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')"
# Define binary to use for mail command
if [ -e /usr/bin/bsd-mailx ]
then
local mail_bin=/usr/bin/bsd-mailx
else
local mail_bin=/usr/bin/mail.mailutils
fi
# Send the email to the recipients
echo "$mail_message" | $mail_bin -a "Content-Type: text/plain; charset=UTF-8" -s "$mail_subject" "$recipients"
}

26
scripts/install
View file

@ -152,7 +152,11 @@ ynh_add_systemd_config
#================================================= #=================================================
# Set permissions to app files # Set permissions to app files
chown -R $app: $final_path chown -R "$app":"$app" "$final_path/data/"
chmod -R 750 "$final_path/data/"
# Set permissions to config file
chown "$app" "$final_path/config.ini"
chmod 600 "$final_path/config.ini" chmod 600 "$final_path/config.ini"
#================================================= #=================================================
@ -161,3 +165,23 @@ chmod 600 "$final_path/config.ini"
service "$app" start service "$app" start
service nginx reload service nginx reload
#=================================================
# SEND README TO ADMIN
#=================================================
message="
Domain: $domain
Path : $path_url
Config: $final_path/config.ini
Please remember the default behavior of YunoHost when installing a new app is: everyone has access to the app.
This may be an issue for Kresus as it is a personnal tool. Please remember to edit access rights in the YunoHost web administration panel or using command line interface.
Note about config.ini: this package will regenerate the config file on upgrade.
If you changed it manually and upgrade Kresus, you'll find a backup in $final_path.
Are you facing an issue, want to improve this app or say thank you?
Please open a new issue in this project: https://github.com/YunoHost-Apps/kresus_ynh
"
ynh_send_readme_to_admin "$message"

37
scripts/upgrade
View file

@ -16,8 +16,6 @@ source /usr/share/yunohost/helpers
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
# TODO: handle "/home/ynh$app" to final_path migration
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain) domain=$(ynh_app_setting_get $app domain)
@ -136,6 +134,8 @@ ynh_use_nodejs
# CONFIGURE HASTE # CONFIGURE HASTE
#================================================= #=================================================
ynh_backup_if_checksum_is_different "$final_path/config.ini"
cp ../conf/config.ini "$final_path/config.ini" cp ../conf/config.ini "$final_path/config.ini"
ynh_replace_string "__PORT__" "$port" "$final_path/config.ini" ynh_replace_string "__PORT__" "$port" "$final_path/config.ini"
@ -162,8 +162,15 @@ ynh_add_systemd_config
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
#================================================= #=================================================
# Set right permissions for curl installation # Reset permissions
chown -R $app: $final_path chown -R root:root "$final_path"
# Set permissions to app files
chown -R "$app":"$app" "$final_path/data/"
chmod -R 750 "$final_path/data/"
# Set permissions to config file
chown "$app" "$final_path/config.ini"
chmod 600 "$final_path/config.ini" chmod 600 "$final_path/config.ini"
#================================================= #=================================================
@ -172,3 +179,25 @@ chmod 600 "$final_path/config.ini"
service "$app" restart service "$app" restart
systemctl reload nginx systemctl reload nginx
#=================================================
# SEND README TO ADMIN
#=================================================
message="
Kresus was updated!
Domain: $domain
Path : $path_url
Config: $final_path/config.ini
Please remember the default behavior of YunoHost when installing a new app is: everyone has access to the app.
This may be an issue for Kresus as it is a personnal tool. Please remember to edit access rights in the YunoHost web administration panel or using command line interface.
Note about config.ini: this package will regenerate the config file on upgrade.
If you changed it manually and upgrade Kresus, you'll find a backup in $final_path.
Are you facing an issue, want to improve this app or say thank you?
Please open a new issue in this project: https://github.com/YunoHost-Apps/kresus_ynh
"
ynh_send_readme_to_admin "$message"