#!/bin/bash #================================================= # GENERIC STARTING #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) path_url=$(ynh_app_setting_get $app path) admin=$(ynh_app_setting_get $app admin) is_public=$(ynh_app_setting_get $app is_public) final_path=$(ynh_app_setting_get $app final_path) db_pwd=$(ynh_app_setting_get $app mysqlpwd) db_name=$(ynh_app_setting_get $app db_name) overwrite_nginx=$(ynh_app_setting_get $app overwrite_nginx) overwrite_phpfpm=$(ynh_app_setting_get $app overwrite_phpfpm) #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/var/www/$app ynh_app_setting_set $app final_path $final_path fi # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name=$(ynh_make_valid_dbid $app) ynh_app_setting_set $app db_name $db_name fi # If is_public doesn't exist, create it if [ -z "$is_public" ]; then public_check=$(ynh_app_setting_get $app skipped_uris) # If skipped_uris is empty, that was a public installation. if [ -z "$public_check" ]; then is_public=1 else is_public=0 fi ynh_app_setting_set $app is_public $is_public else # Fix is_public as a boolean if [ "$is_public" = "Yes" ]; then ynh_app_setting_set $app is_public 1 is_public=1 elif [ "$is_public" = "No" ]; then ynh_app_setting_set $app is_public 0 is_public=0 fi fi # If overwrite_nginx doesn't exist, create it if [ -z "$overwrite_nginx" ]; then overwrite_nginx=1 ynh_app_setting_set $app overwrite_nginx $overwrite_nginx fi # If overwrite_phpfpm doesn't exist, create it if [ -z "$overwrite_phpfpm" ]; then overwrite_phpfpm=1 ynh_app_setting_set $app overwrite_phpfpm $overwrite_phpfpm fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { # restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # CHECK THE PATH #================================================= # Normalize the URL path syntax path_url=$(ynh_normalize_url_path $path_url) #================================================= # ACTIVATE MAINTENANCE MODE #================================================= ynh_maintenance_mode_ON #================================================= # STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" fi #================================================= # NGINX CONFIGURATION #================================================= # Overwrite the nginx configuration only if it's allowed if [ $overwrite_nginx -eq 1 ] then # Create a dedicated nginx config ynh_add_nginx_config fi #================================================= # CREATE DEDICATED USER #================================================= # Create a dedicated user (if not existing) ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= # Overwrite the php-fpm configuration only if it's allowed if [ $overwrite_phpfpm -eq 1 ] then # Create a dedicated php-fpm config ynh_add_fpm_config fi #================================================= # SPECIFIC UPGRADE #================================================= # RETRIEVE SYNCHRONISATION CODE #================================================= code_sync=$(mysql -h localhost -u $db_name -p$db_pwd -s $db_name -e 'SELECT value FROM leed_configuration WHERE `key`="synchronisationCode"' | sed -n 1p) #================================================= # SETUP CRON FILE FOR SYNCHRONISATION #================================================= ynh_replace_string "__ADMIN__" "$admin" ../conf/cron_leed ynh_replace_string "__DOMAIN__" "$domain" ../conf/cron_leed ynh_replace_string "__PATH__" "$path_url" ../conf/cron_leed ynh_replace_string "__CODESYNC__" "$code_sync" ../conf/cron_leed cp ../conf/cron_leed /etc/cron.d/$app #================================================= # SECURING FILES AND DIRECTORIES #================================================= # Set permissions on app files chown -R root: $final_path # $app need write permissions in plugins, cache and updates mkdir -p $final_path/cache chown -R $app $final_path/cache $final_path/plugins $final_path/updates #================================================= # UPGRADE WITH CURL #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then # Clear leed cache ynh_secure_remove $final_path/cache/* # Set the app as temporarily public for curl call ynh_app_setting_set $app unprotected_uris "/" # Regen SSOwat configuration yunohost app ssowatconf # Start the upgrade procedure of leed. ynh_local_curl "/" fi #================================================= # GENERIC FINALISATION #================================================= # UPGRADE FAIL2BAN #================================================= # Create a dedicated fail2ban config ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="PHP message: Leed: wrong login for .* client: " --max_retry=5 #================================================= # SETUP SSOWAT #================================================= # Make app private if necessary if [ $is_public -eq 0 ]; then # Remove the public access ynh_app_setting_delete $app unprotected_uris # Set the action.php script public for the cron task ynh_app_setting_set $app skipped_uris "/action.php" fi #================================================= # RELOAD NGINX #================================================= ynh_systemd_action --action=reload --service_name=nginx #================================================= # DEACTIVE MAINTENANCE MODE #================================================= ynh_maintenance_mode_OFF