From c7f347fe8185ca380efc32a3ec92a841576af8a8 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Mon, 15 Mar 2021 00:26:30 +0100 Subject: [PATCH 1/6] [autopatch] Autopatch to migrate to new permission system --- scripts/install | 14 ++++++-------- scripts/upgrade | 10 ++++++++++ 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/scripts/install b/scripts/install index e3d7f38..ca96b7f 100644 --- a/scripts/install +++ b/scripts/install @@ -109,7 +109,7 @@ ynh_script_progression --message="Installing Leed with cURL..." --weight=5 chown -R $app: $final_path # Set the app as temporarily public for curl call -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + # Regen SSOwat configuration yunohost app ssowatconf @@ -162,14 +162,12 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg #================================================= ynh_script_progression --message="Configuring SSOwat..." --weight=2 -# Make app private if necessary -ynh_app_setting_set --app=$app --key=is_public --value="$is_public" -if [ $is_public -eq 0 ]; + + +# Make app public if necessary +if [ "$is_public" -eq 1 ] then - # Remove the public access - ynh_app_setting_delete --app=$app --key=unprotected_uris - # Set the action.php script public for the cron task - ynh_app_setting_set --app=$app --key=skipped_uris --value="/action.php" + ynh_permission_update --permission="main" --add="visitors" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 80e3ab7..d6edaaf 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -132,6 +132,16 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# Migrate legacy permissions to new system +#================================================= +if ynh_legacy_permissions_exists +then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + #================================================= # ACTIVATE MAINTENANCE MODE #================================================= From 23a3f52eceb66a11dc036b3632756474d5652935 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Thu, 13 May 2021 17:48:36 +0200 Subject: [PATCH 2/6] [autopatch] Update issue and PR templates --- .github/ISSUE_TEMPLATE.md | 55 ++++++++++++++++++++++++++++++++ .github/PULL_REQUEST_TEMPLATE.md | 16 ++++++++++ pull_request_template.md | 22 ------------- 3 files changed, 71 insertions(+), 22 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md delete mode 100644 pull_request_template.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..2729a6b --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,55 @@ +--- +name: Bug report +about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* + - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* + - *When in doubt, post here and we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +### Describe the bug + +*A clear and concise description of what the bug is.* + +### Context + +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* + +### Steps to reproduce + +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install the_app + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '...'* + 3. *Scroll down to '...'* + 4. *See error* + +### Expected behavior + +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +### Logs + +*When an operation fails, YunoHost provides a simple way to share the logs.* +- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.* +- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.* + +*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)* + +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) diff --git a/pull_request_template.md b/pull_request_template.md deleted file mode 100644 index bce5a0b..0000000 --- a/pull_request_template.md +++ /dev/null @@ -1,22 +0,0 @@ -## Problem -- *Description of why you made this PR* - -## Solution -- *And how do you fix that problem* - -## PR Status -- [ ] Code finished. -- [ ] Tested with Package_check. -- [ ] Fix or enhancement tested. -- [ ] Upgrade from last version tested. -- [ ] Can be reviewed and tested. - -## Validation ---- -- [ ] **Code review** : -- [ ] **Approval (LGTM)** : -*Code review and approval have to be from a member of @YunoHost-Apps/apps-group* -- **CI succeeded** : -[![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/leed_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/leed_ynh%20PR-NUM-/) -*Please replace '-NUM-' in this link by the PR number.* -When the PR is marked as ready to merge, you have to wait for 3 days before really merging it. From 74947ca371bde1825712b222b28259e7afad622b Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 16 May 2021 16:15:54 +0200 Subject: [PATCH 3/6] Apply last example_ynh --- README.md | 2 +- README_fr.md | 2 +- check_process | 10 ++- conf/app.src | 3 +- conf/nginx.conf | 5 +- manifest.json | 42 ++++--------- scripts/backup | 22 ++++--- scripts/change_url | 40 +++++++----- scripts/install | 80 +++++++++++------------- scripts/remove | 19 +++--- scripts/restore | 65 ++++++++++---------- scripts/upgrade | 149 +++++++++++++++++++-------------------------- 12 files changed, 205 insertions(+), 234 deletions(-) diff --git a/README.md b/README.md index 95c765f..39cf47d 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to ## Overview Leed (short for Light Feed) is a minimalist RSS/ATOM aggregator which offers fast RSS consultation and non-intrusive features. -**Shipped version:** 1.8.3 +**Shipped version:** 1.9.0 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 27dda6a..d3be59b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,7 +11,7 @@ Si vous n'avez pas YunoHost, merci de regarder [ici](https://yunohost.org/#/inst ## Résumé Leed (contraction de Light Feed) est un agrégateur RSS/ATOM minimaliste qui permet la consultation de flux RSS de manière rapide et non intrusive. -**Version embarquée :** 1.8.3 +**Version embarquée :** 1.9.0 ## Captures d'écran diff --git a/check_process b/check_process index fa02326..b4a82e3 100644 --- a/check_process +++ b/check_process @@ -1,8 +1,8 @@ ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/leed" (PATH) - admin="john" (USER) + domain="domain.tld" + path="/leed" + admin="john" password="pass" language="fr" market=1 @@ -26,6 +26,8 @@ setup_public=1 upgrade=1 upgrade=1 from_commit=8b622d430db9ab860aee156a32086507669243fd + # 1.8.3~ynh10 + upgrade=1 from_commit=ea31e4850ded0939c1b0d024db8f45325fcebac1 backup_restore=1 multi_instance=1 port_already_use=0 @@ -39,3 +41,5 @@ Notification=change ; commit=8b622d430db9ab860aee156a32086507669243fd name=MAJ 1.8.2 manifest_arg=domain=DOMAIN&path=PATH&admin=USER&password=pass&language=fr&market=1&is_public=1& + ; commit=ea31e4850ded0939c1b0d024db8f45325fcebac1 + name=1.8.3~ynh10 diff --git a/conf/app.src b/conf/app.src index b6c2d9f..dc60845 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,7 @@ -SOURCE_URL=https://github.com/LeedRSS/Leed/archive/v1.8.3.tar.gz +SOURCE_URL=https://github.com/LeedRSS/Leed/archive/v1.9.0.tar.gz SOURCE_SUM=792215b9a4429c66ac52b4619fbda4b664c83ef03543a62a8b58e2c631874001 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/nginx.conf b/conf/nginx.conf index b554f21..5e8cb7d 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -15,10 +15,11 @@ location __PATH__/ { location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } diff --git a/manifest.json b/manifest.json index 50a026f..9bb6fd1 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Minimalistic RSS feed aggregator which allows quick and non-intrusive reading of feeds.", "fr": "Agrégateur RSS minimaliste qui permet la consultation de flux RSS de manière rapide et non intrusive." }, - "version": "1.8.3~ynh10", + "version": "1.9.0~ynh1", "url": "http://leed.idleman.fr/", "license": "AGPL-3.0", "maintainer": { @@ -31,39 +31,27 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for Leed", - "fr": "Choisissez un domaine pour Leed" - }, "example": "domain.org" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Leed", - "fr": "Choisissez un chemin pour Leed" - }, "example": "/leed", "default": "/leed" }, { "name": "admin", "type": "user", - "ask": { - "en": "Choose the Leed administrator (must be an existing YunoHost user)", - "fr": "Choisissez un administrateur Leed (doit être un utilisateur YunoHost)" - }, "example": "john" }, { - "name": "password", - "type": "password", - "ask": { - "en": "Set the administrator password Leed", - "fr": "Définissez le mot de passe administrateur de Leed" - }, - "example": "Choose a password" + "name": "is_public", + "type": "boolean", + "default": false, + "help": { + "en": "A public Leed will be accessible for third party apps. By turning on 'anonymous readers' in Leed configuration, you can made your feeds public.", + "fr": "Un Leed public sera accessible pour les applications tierces. En autorisant 'la lecture anonyme' dans la configuration de Leed, vous pouvez rendre vos flux publics." + } }, { "name": "language", @@ -76,17 +64,9 @@ "default" : "en" }, { - "name": "is_public", - "type": "boolean", - "ask": { - "en": "Is it a public website?", - "fr": "Est-ce un site public ?" - }, - "default": false, - "help": { - "en": "A public Leed will be accessible for third party apps. By turning on 'anonymous readers' in Leed configuration, you can made your feeds public.", - "fr": "Un Leed public sera accessible pour les applications tierces. En autorisant 'la lecture anonyme' dans la configuration de Leed, vous pouvez rendre vos flux publics." - } + "name": "password", + "type": "password", + "example": "Choose a password" } ] } diff --git a/scripts/backup b/scripts/backup index ebed36f..a999cf3 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -25,8 +26,8 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP @@ -40,23 +41,17 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$final_path" #================================================= -# BACKUP NGINX CONFIGURATION +# BACKUP THE NGINX CONFIGURATION #================================================= ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= -# BACKUP PHP-FPM CONFIGURATION +# BACKUP THE PHP-FPM CONFIGURATION #================================================= ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# BACKUP THE MYSQL DATABASE -#================================================= - -ynh_mysql_dump_db --database="$db_name" > db.sql - #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= @@ -67,11 +62,18 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= # SPECIFIC BACKUP #================================================= -# BACKUP THE CRON FILE +# BACKUP VARIOUS FILES #================================================= ynh_backup --src_path="/etc/cron.d/$app" +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= +ynh_print_info --message="Backing up the MySQL database..." + +ynh_mysql_dump_db --database="$db_name" > db.sql + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/change_url b/scripts/change_url index e3f6fc2..dbb52f2 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -26,6 +26,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= ynh_script_progression --message="Loading installation settings..." --weight=2 +# Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -37,6 +38,23 @@ path_url=$old_path domain=$old_domain ynh_maintenance_mode_ON +#================================================= +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # CHECK WHICH PARTS SHOULD BE CHANGED #================================================= @@ -53,43 +71,33 @@ then change_path=1 fi -#================================================= -# MANAGE FAILURE OF THE SCRIPT -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD MODIFICATIONS #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2 +ynh_script_progression --message="Updating NGINX web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf -# Change the path in the nginx config file +# Change the path in the NGINX config file if [ $change_path -eq 1 ] then - # Make a backup of the original nginx config file if modified + # Make a backup of the original NGINX config file if modified ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - - # Set global variables for nginx helper + # Set global variables for NGINX helper domain="$old_domain" path_url="$new_path" - - # Create a dedicated nginx config + # Create a dedicated NGINX config ynh_add_nginx_config fi -# Change the domain for nginx +# Change the domain for NGINX if [ $change_domain -eq 1 ] then # Delete file checksum for the old conf file location ynh_delete_file_checksum --file="$nginx_conf_path" mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi diff --git a/scripts/install b/scripts/install index ca96b7f..a56a5b8 100644 --- a/scripts/install +++ b/scripts/install @@ -1,7 +1,7 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -10,7 +10,7 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# MANAGE FAILURE OF THE SCRIPT +# MANAGE SCRIPT FAILURE #================================================= # Exit if an error occurs during the execution of the script @@ -23,14 +23,14 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN -ynh_print_OFF; user_pwd=$YNH_APP_ARG_PASSWORD; ynh_print_ON -language=$YNH_APP_ARG_LANGUAGE is_public=$YNH_APP_ARG_IS_PUBLIC +language=$YNH_APP_ARG_LANGUAGE +ynh_print_OFF; user_pwd=$YNH_APP_ARG_PASSWORD; ynh_print_ON app=$YNH_APP_INSTANCE_NAME #================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=2 @@ -45,9 +45,11 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= ynh_script_progression --message="Storing installation settings..." --weight=2 + +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=language --value=$language -ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=overwrite_nginx --value=1 ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=1 @@ -55,14 +57,23 @@ ynh_app_setting_set --app=$app --key=admin_mail_html --value=1 #================================================= # STANDARD MODIFICATIONS +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=2 + +# Create a system user +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # CREATE A MYSQL DATABASE #================================================= ynh_script_progression --message="Creating a MySQL database..." db_name=$(ynh_sanitize_dbid --db_name=$app) +db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -73,6 +84,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -81,14 +96,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=2 - -# Create a dedicated system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -101,26 +108,24 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # SPECIFIC SETUP #================================================= -# SETTING UP WITH CURL +# SETUP APPLICATION WITH CURL #================================================= -ynh_script_progression --message="Installing Leed with cURL..." --weight=5 - -# Set right permissions for curl install -chown -R $app: $final_path +ynh_script_progression --message="Setuping application with CURL..." --weight=5 # Set the app as temporarily public for curl call +ynh_script_progression --message="Configuring SSOwat..." +# Making the app public for curl +ynh_permission_update --permission="main" --add="visitors" -# Regen SSOwat configuration -yunohost app ssowatconf - -# Reload Nginx -ynh_systemd_action --service_name=nginx --action=reload - -# Leed installation via curl +# Installation with curl +ynh_script_progression --message="Finalizing installation..." ynh_print_OFF ynh_local_curl "/install.php?installButton" "install_changeLngLeed=$language" "root=$domain$path_url" "mysqlHost=localhost" "mysqlLogin=$db_name" "mysqlMdp=$db_pwd" "mysqlBase=$db_name" "mysqlPrefix=leed_" "login=$admin" "password=$user_pwd" ynh_print_ON +# Remove the public access +ynh_permission_update --permission="main" --remove="visitors" + #================================================= # RETRIEVE SYNCHRONISATION CODE #================================================= @@ -132,29 +137,16 @@ code_sync=$(mysql -h localhost -u $db_name -p$db_pwd -s $db_name -e 'SELECT valu #================================================= ynh_script_progression --message="Setting up a cron file..." -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file=../conf/cron_leed -ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file=../conf/cron_leed -ynh_replace_string --match_string="__CODESYNC__" --replace_string="$code_sync" --target_file=../conf/cron_leed -cp ../conf/cron_leed /etc/cron.d/$app +ynh_add_config --template="../conf/cron_leed" --destination="/etc/cron.d/$app" #================================================= # GENERIC FINALISATION -#================================================= -# SECURING FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path -# $app need write permissions in plugins, cache and updates -mkdir $final_path/cache -chown -R $app $final_path/cache $final_path/plugins $final_path/updates - #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=9 -# Create a dedicated fail2ban config +# Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="PHP message: Leed: wrong login for .* client: " --max_retry=5 #================================================= @@ -165,8 +157,10 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=2 # Make app public if necessary -if [ "$is_public" -eq 1 ] +if [ $is_public -eq 1 ] then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi diff --git a/scripts/remove b/scripts/remove index 1d5b879..42e8c1f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,7 +1,7 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -18,6 +18,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -28,7 +29,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) ynh_script_progression --message="Removing the MySQL database..." # Remove a database if it exists, along with the associated user -ynh_mysql_remove_db --db_user=$db_name --db_name=$db_name +ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name #================================================= # REMOVE APP MAIN DIR @@ -41,9 +42,9 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." --weight=2 +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=2 -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= @@ -59,25 +60,27 @@ ynh_remove_fpm_config #================================================= ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=5 -# Remove the dedicated fail2ban config +# Remove the dedicated Fail2Ban config ynh_remove_fail2ban_config #================================================= # SPECIFIC REMOVE #================================================= -# REMOVE THE CRON FILE +# REMOVE VARIOUS FILES #================================================= +ynh_script_progression --message="Removing various files..." +# Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" #================================================= -# GENERIC FINALISATION +# GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= ynh_script_progression --message="Removing the dedicated system user..." --weight=2 -# Delete dedicated system user +# Delete a system user ynh_system_user_delete --username=$app #================================================= diff --git a/scripts/restore b/scripts/restore index ed832c7..673ae98 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -19,7 +20,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." --weight=2 +ynh_script_progression --message="Loading installation settings..." --weight=2 app=$YNH_APP_INSTANCE_NAME @@ -27,8 +28,9 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -admin=$(ynh_app_setting_get --app=$app --key=admin) +db_user=$db_name phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +admin=$(ynh_app_setting_get --app=$app --key=admin) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -48,13 +50,22 @@ ynh_script_progression --message="Activating maintenance mode..." --weight=2 ynh_maintenance_mode_ON #================================================= -# STANDARD RESTORE STEPS +# STANDARD RESTORATION STEPS #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=2 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -62,60 +73,52 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -#================================================= -# RESTORE THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Restoring the MySQL database..." --weight=3 - -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd -ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ./db.sql - -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=2 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the PHP-FPM configuration..." ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # RESTORE FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=7 +ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=7 ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" ynh_systemd_action --action=restart --service_name=fail2ban #================================================= -# SPECIFIC RESTORE +# SPECIFIC RESTORATION #================================================= -# RESTORE THE CRON FILE +# RESTORE THE MYSQL DATABASE #================================================= +ynh_script_progression --message="Restoring the MySQL database..." --weight=3 + +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql + +#================================================= +# RESTORE VARIOUS FILES +#================================================= +ynh_script_progression --message="Restoring various files..." ynh_restore_file --origin_path="/etc/cron.d/$app" #================================================= -# RESTORE USER RIGHTS -#================================================= - -chown -R $app $final_path/cache $final_path/plugins $final_path/updates - -#================================================= -# GENERIC FINALISATION +# GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." -ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index d6edaaf..8a42559 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,7 +1,7 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -35,9 +35,33 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# ACTIVATE MAINTENANCE MODE +#================================================= +ynh_script_progression --message="Activating maintenance mode..." + +ynh_maintenance_mode_ON + +#================================================= +# STANDARD UPGRADE STEPS #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -118,69 +142,48 @@ if [ -z "$fpm_usage" ]; then ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage fi -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# Migrate legacy permissions to new system -#================================================= -if ynh_legacy_permissions_exists -then +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then ynh_legacy_permissions_delete_all ynh_app_setting_delete --app=$app --key=is_public fi -#================================================= -# ACTIVATE MAINTENANCE MODE -#================================================= -ynh_script_progression --message="Activating maintenance mode..." - -ynh_maintenance_mode_ON - -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= - -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." --weight=3 - # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" -fi - -#================================================= -# NGINX CONFIGURATION -#================================================= - -# Overwrite the nginx configuration only if it's allowed -if [ $overwrite_nginx -eq 1 ] -then - ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=2 - # Create a dedicated nginx config - ynh_add_nginx_config -fi - #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir=$final_path + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=3 + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" +fi + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Overwrite the nginx configuration only if it's allowed +if [ $overwrite_nginx -eq 1 ] +then + ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 + # Create a dedicated NGINX config + ynh_add_nginx_config +fi #================================================= # PHP-FPM CONFIGURATION @@ -190,7 +193,7 @@ ynh_system_user_create --username=$app if [ $overwrite_phpfpm -eq 1 ] then ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2 - # Create a dedicated php-fpm config + # Create a dedicated PHP-FPM config ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint fi @@ -205,23 +208,9 @@ code_sync=$(mysql -h localhost -u $db_name -p$db_pwd -s $db_name -e 'SELECT valu #================================================= # SETUP CRON FILE FOR SYNCHRONISATION #================================================= +ynh_script_progression --message="Setting up a cron file..." -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file=../conf/cron_leed -ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file=../conf/cron_leed -ynh_replace_string --match_string="__CODESYNC__" --replace_string="$code_sync" --target_file=../conf/cron_leed -cp ../conf/cron_leed /etc/cron.d/$app - -#================================================= -# SECURING FILES AND DIRECTORIES -#================================================= - -# Set permissions on app files -chown -R root: $final_path -# $app need write permissions in plugins, cache and updates -# Clear leed cache -ynh_secure_remove --file=$final_path/cache -mkdir -p $final_path/cache -chown -R $app $final_path/cache $final_path/plugins $final_path/updates +ynh_add_config --template="../conf/cron_leed" --destination="/etc/cron.d/$app" #================================================= # UPGRADE WITH CURL @@ -239,33 +228,19 @@ then fi #================================================= -# GENERIC FINALISATION +# GENERIC FINALIZATION #================================================= # UPGRADE FAIL2BAN #================================================= ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8 -# Create a dedicated fail2ban config +# Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="PHP message: Leed: wrong login for .* client: " --max_retry=5 -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -# Make app private if necessary -if [ $is_public -eq 0 ] -then - # Remove the public access - ynh_app_setting_delete --app=$app --key=unprotected_uris - # Set the action.php script public for the cron task - ynh_app_setting_set --app=$app --key=skipped_uris --value="/action.php" -fi - #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=2 +ynh_script_progression --message="Reloading NGINX web server..." --weight=2 ynh_systemd_action --service_name=nginx --action=reload From 79cb6cb108c5bf22791e3c09ed169a799a3c1057 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 18 May 2021 02:55:50 +0200 Subject: [PATCH 4/6] Fix checksum --- conf/app.src | 2 +- manifest.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/app.src b/conf/app.src index dc60845..ee55626 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ SOURCE_URL=https://github.com/LeedRSS/Leed/archive/v1.9.0.tar.gz -SOURCE_SUM=792215b9a4429c66ac52b4619fbda4b664c83ef03543a62a8b58e2c631874001 +SOURCE_SUM=e8a9c4586234169e2dd96e6c6e90e140a2336950c3b259947b70b0b0b6ff903c SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index 9bb6fd1..70b97ce 100644 --- a/manifest.json +++ b/manifest.json @@ -18,7 +18,7 @@ "email": "maniackc_dev@crudelis.fr" }], "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.1.0" }, "multi_instance": true, "services": [ From 0a6d9113b755d6e2b528dcbffffa854b0a341656 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 18 May 2021 04:29:45 +0200 Subject: [PATCH 5/6] Fix missing __CODESYNC__ --- conf/cron_leed | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/cron_leed b/conf/cron_leed index dc66ef7..4ef3990 100644 --- a/conf/cron_leed +++ b/conf/cron_leed @@ -1,3 +1,3 @@ # Mise a jour de Leed toutes les 2 heures. -0 */2 * * * root wget -q -O - "https://__DOMAIN____PATH__/action.php?action=synchronize&code=__CODESYNC__" > /dev/null 2>&1 +0 */2 * * * root wget -q -O - "https://__DOMAIN____PATH__/action.php?action=synchronize&code=__CODE_SYNC__" > /dev/null 2>&1 From 6c5c19f63368e2046e714acfb7221ffe36b02a37 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 19 May 2021 23:48:55 +0200 Subject: [PATCH 6/6] Update check_process --- check_process | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check_process b/check_process index b4a82e3..ba5e955 100644 --- a/check_process +++ b/check_process @@ -32,7 +32,7 @@ multi_instance=1 port_already_use=0 change_url=1 - actions=1 + actions=0 config_panel=1 ;;; Options Email=