From 7d723ee446de4c1d9403a60c56a222620d8398c1 Mon Sep 17 00:00:00 2001 From: ljf Date: Thu, 2 Feb 2017 03:37:01 +0100 Subject: [PATCH] [enh] Install and remove works --- app.src | 2 + conf/{config.php.template => config.php.j2} | 18 +- conf/data.sql.j2 | 44 +++ conf/ldap.php | 144 ------- conf/mysql_data.sql | 26 -- conf/nginx.conf | 20 - conf/nginx.conf.j2 | 29 ++ conf/php-fpm.conf.j2 | 393 ++++++++++++++++++++ conf/php-fpm.ini | 3 + manifest.json | 4 +- scripts/_common.sh | 327 ++++++++++++++++ scripts/install | 123 +++--- scripts/remove | 24 +- 13 files changed, 868 insertions(+), 289 deletions(-) create mode 100644 app.src rename conf/{config.php.template => config.php.j2} (81%) create mode 100644 conf/data.sql.j2 delete mode 100644 conf/ldap.php delete mode 100644 conf/mysql_data.sql delete mode 100644 conf/nginx.conf create mode 100644 conf/nginx.conf.j2 create mode 100644 conf/php-fpm.conf.j2 create mode 100644 conf/php-fpm.ini create mode 100644 scripts/_common.sh diff --git a/app.src b/app.src new file mode 100644 index 0000000..00a2b11 --- /dev/null +++ b/app.src @@ -0,0 +1,2 @@ +SOURCE_URL=https://www.limesurvey.org/stable-release?download=1984:limesurvey2620%20170124targz +SOURCE_SUM=2e414c2b6aa031e28a88693e0abb1a7f78b5e80444dbedb2164519886058a0e5 diff --git a/conf/config.php.template b/conf/config.php.j2 similarity index 81% rename from conf/config.php.template rename to conf/config.php.j2 index f079545..5a99217 100644 --- a/conf/config.php.template +++ b/conf/config.php.j2 @@ -24,24 +24,26 @@ return array( 'components' => array( 'db' => array( - 'connectionString' => 'mysql:host=localhost;port=3306;dbname=yunobase;', + 'connectionString' => 'mysql:host=localhost;port=3306;dbname={{ db_name }};', 'emulatePrepare' => true, - 'username' => 'yunouser', - 'password' => 'yunopass', - 'charset' => 'utf8', - 'tablePrefix' => 'prefix_', + 'username' => '{{ db_user }}', + 'password' => '{{ db_pwd }}', + 'charset' => 'utf8mb4', + 'tablePrefix' => 'lime_', ), // Uncomment the following line if you need table-based sessions // 'session' => array ( - // 'class' => 'system.web.CDbHttpSession', + // 'class' => 'application.core.web.DbHttpSession', // 'connectionID' => 'db', - // 'sessionTableName' => '{{sessions}}', + // 'sessionTableName' => '{% raw %}{{sessions}}{% endraw %}', // ), 'urlManager' => array( 'urlFormat' => 'get', - 'rules' => require('routes.php'), + 'rules' => array( + // You can add your own rules here + ), 'showScriptName' => true, ), diff --git a/conf/data.sql.j2 b/conf/data.sql.j2 new file mode 100644 index 0000000..b3f92d9 --- /dev/null +++ b/conf/data.sql.j2 @@ -0,0 +1,44 @@ +INSERT INTO `lime_plugins` (`id`, `name`, `active`) VALUES +(2,'AuditLog',0), +(3,'oldUrlCompat',0), +(4,'ExportR',0), +(5,'Authwebserver',1), +(6,'extendedStartPage',0), +(7,'ExportSTATAxml',0), +(8,'QuickMenu',0), +(9,'AuthLDAP',0); + +INSERT INTO `lime_permissions` (`id`, `entity`, `entity_id`, `uid`, `permission`, `create_p`, `read_p`, `update_p`, `delete_p`, `import_p`, `export_p`) VALUES +(1,'global',0,1,'superadmin',0,1,0,0,0,0), +(2,'global',0,2,'auth_ldap',0,1,0,0,0,0), +(3,'global',0,2,'surveys',1,0,0,0,0,0); + + +INSERT INTO `lime_plugin_settings` (`id`, `plugin_id`, `model`, `model_id`, `key`, `value`) VALUES +(1,9,NULL,NULL,'server','\"ldap:\\/\\/localhost\"'), +(2,9,NULL,NULL,'ldapport','\"\"'), +(3,9,NULL,NULL,'ldapversion','\"3\"'), +(4,9,NULL,NULL,'ldapoptreferrals','\"1\"'), +(5,9,NULL,NULL,'ldaptls','\"0\"'), +(6,9,NULL,NULL,'ldapmode','\"searchandbind\"'), +(7,9,NULL,NULL,'userprefix','null'), +(8,9,NULL,NULL,'domainsuffix','null'), +(9,9,NULL,NULL,'searchuserattribute','\"uid\"'), +(10,9,NULL,NULL,'usersearchbase','\"ou=users,dc=yunohost,dc=org\"'), +(11,9,NULL,NULL,'extrauserfilter','\"(objectClass=inetOrgPerson)\"'), +(12,9,NULL,NULL,'binddn','\"\"'), +(13,9,NULL,NULL,'bindpwd','\"\"'), +(14,9,NULL,NULL,'mailattribute','\"mail\"'), +(15,9,NULL,NULL,'fullnameattribute','\"displayName\"'), +(16,9,NULL,NULL,'is_default','\"0\"'), +(17,9,NULL,NULL,'autocreate','\"1\"'), +(18,9,NULL,NULL,'automaticsurveycreation','\"1\"'); + +INSERT INTO `lime_plugin_settings` (`id`, `plugin_id`, `model`, `model_id`, `key`, `value`) VALUES +(19, 5, NULL, NULL, 'strip_domain', 'null'), +(20, 5, NULL, NULL, 'serverkey', '"REMOTE_USER"'), +(21, 5,NULL,NULL,'is_default','\"1\"'); + +INSERT INTO `lime_settings_global` VALUES ('defaultlang','{{ language }}'),('AssetsVersion','2620'); + +INSERT INTO `lime_users` VALUES (1,'{{ admin }}','9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08','Administrator',0,'{{ language }}','','default','default','default',NULL,1,'2017-02-02 01:03:08',NULL); diff --git a/conf/ldap.php b/conf/ldap.php deleted file mode 100644 index 0c0067f..0000000 --- a/conf/ldap.php +++ /dev/null @@ -1,144 +0,0 @@ - $ldap_server, 'ldap_queries' => $ldap_queries); -?> diff --git a/conf/mysql_data.sql b/conf/mysql_data.sql deleted file mode 100644 index 3c968b1..0000000 --- a/conf/mysql_data.sql +++ /dev/null @@ -1,26 +0,0 @@ -INSERT INTO `prefix_plugins` (`id`, `name`, `active`) VALUES (1, 'Authdb', 1); -INSERT INTO `prefix_plugins` (`id`, `name`, `active`) VALUES (3, 'AuthLDAP', 1); -INSERT INTO `prefix_plugins` (`id`, `name`, `active`) VALUES (7, 'Authwebserver', 0); - -INSERT INTO `prefix_permissions` (`id`, `entity`, `entity_id`, `uid`, `permission`, `create_p`, `read_p`, `update_p`, `delete_p`, `import_p`, `export_p`) VALUES (1, 'global', 0, 1, 'superadmin', 0, 1, 0, 0, 0, 0); -INSERT INTO `prefix_users` (`uid`, `users_name`, `password`, `full_name`, `parent_id`, `lang`, `email`, `htmleditormode`, `templateeditormode`, `questionselectormode`, `one_time_pw`, `dateformat`, `created`, `modified`) VALUES (1, 'yunoadmin', 0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438, 'Administrator', 0, 'fr', '', 'default', 'default', 'default', NULL, 1, '2014-07-11 22:51:35', NULL); - -INSERT INTO `prefix_plugin_settings` (`id`, `plugin_id`, `model`, `model_id`, `key`, `value`) VALUES -(1, 3, NULL, NULL, 'server', '"localhost"'), -(2, 3, NULL, NULL, 'ldapport', '"389"'), -(3, 3, NULL, NULL, 'ldapversion', '"3"'), -(4, 3, NULL, NULL, 'ldapoptreferrals', '"1"'), -(5, 3, NULL, NULL, 'ldaptls', '"0"'), -(6, 3, NULL, NULL, 'ldapmode', '"searchandbind"'), -(7, 3, NULL, NULL, 'userprefix', 'null'), -(8, 3, NULL, NULL, 'domainsuffix', 'null'), -(9, 3, NULL, NULL, 'searchuserattribute', '"uid"'), -(10, 3, NULL, NULL, 'usersearchbase', '"ou=users,dc=yunohost,dc=org"'), -(11, 3, NULL, NULL, 'extrauserfilter', '""'), -(12, 3, NULL, NULL, 'binddn', '""'), -(13, 3, NULL, NULL, 'bindpwd', '""'), -(14, 3, NULL, NULL, 'is_default', '1'); - -INSERT INTO `prefix_plugin_settings` (`id`, `plugin_id`, `model`, `model_id`, `key`, `value`) VALUES -(15, 7, NULL, NULL, 'strip_domain', 'null'), -(16, 7, NULL, NULL, 'serverkey', '"REMOTE_USER"'); diff --git a/conf/nginx.conf b/conf/nginx.conf deleted file mode 100644 index 44e0cfa..0000000 --- a/conf/nginx.conf +++ /dev/null @@ -1,20 +0,0 @@ -location PATHTOCHANGE { - alias ALIASTOCHANGE; - index index.php; - try_files $uri $uri/ /index.php; - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm.sock; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - fastcgi_param SCRIPT_FILENAME $request_filename; - } - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; -} - -location ~ ^PATHTOCHANGE/(data|config|\.ht|db_structure\.xml|README) { - deny all; -} diff --git a/conf/nginx.conf.j2 b/conf/nginx.conf.j2 new file mode 100644 index 0000000..9b741fd --- /dev/null +++ b/conf/nginx.conf.j2 @@ -0,0 +1,29 @@ +location {{ path }} { + alias {{ local_path }}/; + index index.php; + # if (!-e $request_filename) + #{ + # rewrite ^(.+)$ {{ path }}/index.php?q=$1 last; + #} + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + client_max_body_size 30m; + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php5-fpm-{{ app }}.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; +} + +location ~ ^{{ path }}(data|config|\.ht|db_structure\.xml|README) { + deny all; +} diff --git a/conf/php-fpm.conf.j2 b/conf/php-fpm.conf.j2 new file mode 100644 index 0000000..3daf747 --- /dev/null +++ b/conf/php-fpm.conf.j2 @@ -0,0 +1,393 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[{{ app }}] + +; Per pool prefix +; It only applies on the following directives: +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = {{ app }} +group = {{ app }} + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php5-fpm-{{ app }}.sock + +; Set listen(2) backlog. +; Default Value: 128 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 128 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/{{ app }}.slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_slowlog_timeout = 5s + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = {{ local_path }} + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +catch_workers_output = yes + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M + diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini new file mode 100644 index 0000000..a4538e8 --- /dev/null +++ b/conf/php-fpm.ini @@ -0,0 +1,3 @@ +upload_max_filesize=30M +post_max_size=30M +; max_execution_time=60 diff --git a/manifest.json b/manifest.json index 84b8037..e1807ab 100644 --- a/manifest.json +++ b/manifest.json @@ -59,8 +59,8 @@ "en": "Choose the default language of this LimeSurvey", "fr": "Choisissez la langue par défault de LimeSurvey" }, - "choices": ["en_GB", "fr_FR","es_ES", "de_DE"], - "default": "en_GB" + "choices": ["en", "fr","es", "de"], + "default": "en" }, { "name": "is_public", diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..ebadf0a --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,327 @@ +#!/bin/bash + +# App package root directory should be the parent folder +PKG_DIR=$(cd ../; pwd) + +ynh_check_var () { + test -n "$1" || ynh_die "$2" +} + +ynh_exit_properly () { + exit_code=$? + if [ "$exit_code" -eq 0 ]; then + exit 0 + fi + trap '' EXIT + set +eu + echo -e "\e[91m \e[1m" + echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2 + + if type -t CLEAN_SETUP > /dev/null; then + CLEAN_SETUP + fi + + ynh_die +} + +# Activate signal capture +# Exit if a command fail, and if a variable is used unset. +# Capturing exit signals on shell script +# +# example: CLEAN_SETUP () { +# # Clean residual file un remove by remove script +# } +# ynh_trap_on +ynh_trap_on () { + set -eu + trap ynh_exit_properly EXIT # Capturing exit signals on shell script +} + +ynh_export () { + local ynh_arg="" + for var in $@; + do + ynh_arg=$(echo $var | awk '{print toupper($0)}') + ynh_arg="YNH_APP_ARG_$ynh_arg" + export $var=${!ynh_arg} + done +} + +# Check availability of a web path +# +# example: ynh_path_validity $domain$path +# +# usage: ynh_path_validity $domain_and_path +# | arg: domain_and_path - complete path to check +ynh_path_validity () { + sudo yunohost app checkurl $1 -a $app +} + +# Normalize the url path syntax +# Handle the slash at the beginning of path and its absence at ending +# Return a normalized url path +# +# example: url_path=$(ynh_normalize_url_path $url_path) +# ynh_normalize_url_path example -> /example +# ynh_normalize_url_path /example -> /example +# ynh_normalize_url_path /example/ -> /example +# +# usage: ynh_normalize_url_path path_to_normalize +# | arg: url_path_to_normalize - URL path to normalize before using it +ynh_normalize_url_path () { + path=$1 + test -n "$path" || ynh_die "ynh_normalize_url_path expect a URL path as first argument and received nothing." + if [ "${path:0:1}" != "/" ]; then # If the first character is not a / + path="/$path" # Add / at begin of path variable + fi + if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # If the last character is a / and that not the only character. + path="${path:0:${#path}-1}" # Delete the last character + fi + echo $path +} + +# Check the path doesn't exist +# usage: ynh_local_path_available PATH +ynh_local_path_available () { + if [ -e "$1" ] + then + ynh_die "This path '$1' already contains a folder" + fi +} + +# Save listed var in YunoHost app settings +# usage: ynh_save_args VARNAME1 [VARNAME2 [...]] +ynh_save_args () { + for var in $@; + do + ynh_app_setting_set $app $var ${!var} + done +} + +# Create a database, an user and its password. Then store the password in the app's config +# +# User of database will be store in db_user's variable. +# Name of database will be store in db_name's variable. +# And password in db_pwd's variable. +# +# usage: ynh_mysql_generate_db user name +# | arg: user - Proprietary of the database +# | arg: name - Name of the database +ynh_mysql_generate_db () { + export db_user=${1//[-.]/_} # Mariadb doesn't support - and . in the name of databases. It will be replace by _ + export db_name=${2//[-.]/_} + + export db_pwd=$(ynh_string_random) # Generate a random password + ynh_check_var "$db_pwd" "db_pwd empty" + + ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database + + ynh_app_setting_set $app mysqlpwd $db_pwd # Store the password in the app's config +} + +# Execute a command as another user +# usage: ynh_exec_as USER COMMAND [ARG ...] +ynh_exec_as() { + local USER=$1 + shift 1 + + if [[ $USER = $(whoami) ]]; then + eval "$@" + else + # use sudo twice to be root and be allowed to use another user + sudo sudo -u "$USER" "$@" + fi +} + +# Get sources, setup it into dest directory and deploy patches +# Try to find locally the sources and download it if missing. +# Check the integrity with an hash program (default: sha256sum) +# Source hash and location are get from a "SOURCE_ID.src" file, +# by default the SOURCE_ID is "app". +# Patches should be located in a "patches" dir, they should be +# named like "SOURCE_ID-*.patch". +# +# example: ynh_setup_source "/var/www/limesurvey/" "limesurvey" +# +# usage: ynh_setup_source DEST_DIR [USER [SOURCE_ID]] + +ynh_setup_source () { + local DEST=$1 + local AS_USER=${2:-admin} + local SOURCE_ID=${3:-app} + local SOURCE_FILE="$YNH_APP_ID.tar.gz" + local SUM_PRG="sha256sum" + source ../$SOURCE_ID.src + local LOCAL_SOURCE="/opt/yunohost-apps-src/$YNH_APP_ID/$SOURCE_FILE" + + if test -e $LOCAL_SOURCE; then + cp $LOCAL_SOURCE $SOURCE_FILE + else + wget -nv $SOURCE_URL -O $SOURCE_FILE + fi + echo "$SOURCE_SUM $SOURCE_FILE" |$SUM_PRG -c --status \ + || ynh_die "Corrupt source" + + sudo mkdir -p "$DEST" + sudo chown $AS_USER: "$DEST" + if [ "$(echo ${SOURCE_FILE##*.})" == "gz" ]; then + ynh_exec_as "$AS_USER" tar xf $SOURCE_FILE -C "$DEST" --strip-components 1 + elif [ "$(echo ${SOURCE_FILE##*.})" == "bz2" ]; then + ynh_exec_as "$AS_USER" tar xjf $SOURCE_FILE -C "$DEST" --strip-components 1 + elif [ "$(echo ${SOURCE_FILE##*.})" == "zip" ]; then + mkdir -p "/tmp/$SOURCE_FILE" + ynh_exec_as "$AS_USER" unzip -q $SOURCE_FILE -d "/tmp/$SOURCE_FILE" + ynh_exec_as "$AS_USER" mv "/tmp/$SOURCE_FILE"/./. "$DEST" + rmdir "$/tmp/$SOURCE_FILE" + else + false + fi + + # Apply patches + if [ -f ${PKG_DIR}/patches/$SOURCE_ID-*.patch ]; then + (cd "$DEST" \ + && for p in ${PKG_DIR}/patches/$SOURCE_ID-*.patch; do \ + ynh_exec_as "$AS_USER" patch -p1 < $p; done) \ + || ynh_die "Unable to apply patches" + + fi +} + +ynh_mv_to_home () { + local APP_PATH="/home/yunohost.app/$app/" + local DATA_PATH="$1" + sudo mkdir -p "$APP_PATH" + sudo chown $app: "$APP_PATH" + ynh_exec_as "$app" mv "$DATA_PATH" "$APP_PATH" + ynh_exec_as "$app" ln -s "$APP_PATH$DATA_PATH" "$DATA_PATH" + +} + +ynh_set_default_perm () { + local DIRECTORY=$1 + # Set permissions + sudo chown -R $app:$app $DIRECTORY + sudo chmod -R 664 $DIRECTORY + sudo find $DIRECTORY -type d -print0 | xargs -0 sudo chmod 775 \ + || echo "No file to modify" + +} + +# Create a system user +# +# usage: ynh_system_user_create user_name [home_dir] +# | arg: user_name - Name of the system user that will be create +# | arg: home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home +ynh_system_user_create () { + if ! ynh_system_user_exists "$1" # Check if the user exists on the system + then # If the user doesn't exist + if [ $# -ge 2 ]; then # If a home dir is mentioned + user_home_dir="-d $2" + else + user_home_dir="--no-create-home" + fi + sudo useradd $user_home_dir --system --user-group $1 --shell /usr/sbin/nologin || ynh_die "Unable to create $1 system account" + fi +} + +# Delete a system user +# +# usage: ynh_system_user_delete user_name +# | arg: user_name - Name of the system user that will be create +ynh_system_user_delete () { + if ynh_system_user_exists "$1" # Check if the user exists on the system + then + sudo userdel $1 + else + echo "The user $1 was not found" >&2 + fi +} + + +ynh_configure () { + local TEMPLATE=$1 + local DEST=$2 + type j2 2>/dev/null || pip install j2cli + j2 "${PKG_DIR}/conf/$TEMPLATE.j2" > "${PKG_DIR}/conf/$TEMPLATE" + sudo cp "${PKG_DIR}/conf/$TEMPLATE" "$DEST" +} + +ynh_configure_nginx () { + ynh_configure nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf + sudo service nginx reload +} + +ynh_configure_php_fpm () { + finalphpconf=/etc/php5/fpm/pool.d/$app.conf + ynh_configure php-fpm.conf /etc/php5/fpm/pool.d/$app.conf + sudo chown root: $finalphpconf + + finalphpini=/etc/php5/fpm/conf.d/20-$app.ini + sudo cp ../conf/php-fpm.ini $finalphpini + sudo chown root: $finalphpini + + sudo service php5-fpm reload +} + +# Find a free port and return it +# +# example: port=$(ynh_find_port 8080) +# +# usage: ynh_find_port begin_port +# | arg: begin_port - port to start to search +ynh_find_port () { + port=$1 + test -n "$port" || ynh_die "The argument of ynh_find_port must be a valid port." + while netcat -z 127.0.0.1 $port # Check if the port is free + do + port=$((port+1)) # Else, pass to next port + done + echo $port +} + + +### REMOVE SCRIPT + +# Remove a database if it exist and the associated user +# +# usage: ynh_mysql_remove_db user name +# | arg: user - Proprietary of the database +# | arg: name - Name of the database +ynh_mysql_remove_db () { + if mysqlshow -u root -p$(sudo cat $MYSQL_ROOT_PWD_FILE) | grep -q "^| $2"; then # Check if the database exist + ynh_mysql_drop_db $2 # Remove the database + ynh_mysql_drop_user $1 # Remove the associated user to database + else + echo "Database $2 not found" >&2 + fi +} + +ynh_rm_nginx_conf () { + if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then + sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf" + sudo service nginx reload + fi +} + +ynh_rm_php_fpm_conf () { + if [ -e "/etc/php5/fpm/pool.d/$app.conf" ]; then + sudo rm "/etc/php5/fpm/pool.d/$app.conf" + fi + if [ -e "/etc/php5/fpm/conf.d/20-$app.ini" ]; then + sudo rm "/etc/php5/fpm/conf.d/20-$app.ini" + fi + sudo service php5-fpm reload +} + +REMOVE_LOGROTATE_CONF () { + if [ -e "/etc/logrotate.d/$app" ]; then + sudo rm "/etc/logrotate.d/$app" + fi +} + +ynh_secure_rm () { + [[ "/var/www /opt /home/yunohost.app" =~ $1 ]] \ + || (test -n "$1" && sudo rm -Rf $1 ) +} + + diff --git a/scripts/install b/scripts/install index e279f17..df1b1c6 100755 --- a/scripts/install +++ b/scripts/install @@ -1,102 +1,63 @@ #!/bin/bash +source /usr/share/yunohost/helpers +source _common.sh -set -e -# Delete db and user if exit with an error -function exit_properly -{ - set +e - root_pwd=$(sudo cat /etc/yunohost/mysql) - mysql -u root -p$root_pwd -e "DROP DATABASE limesurvey ; DROP USER limesurvey@localhost ;" - sudo rm -Rf /var/www/limesurvey - exit 1 -} -app="limesurvey" +ynh_trap_on + +export app=$YNH_APP_INSTANCE_NAME +user=$app # Retrieve arguments -domain=$1 -path=$2 -admin=$3 -language=$4 +ynh_export domain path admin is_public language +export local_path=/var/www/$app +export data_path=/home/yunohost.app/$app -# Check if admin exists -sudo yunohost user list --json | grep -qi "\"username\": \"$admin\"" \ - || (echo "User does not exist: $admin" && exit 1) -sudo yunohost app setting $app admin -v $admin -sudo yunohost app setting $app language -v $language +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS +#================================================= +ynh_check_var "$app" "app name not set" +ynh_user_exists "$admin" || ynh_die "User does not exist: $admin" +ynh_normalize_url_path "$path" +ynh_path_validity "$domain$path" +ynh_local_path_available "$local_path" +ynh_local_path_available "$data_path" -# Check domain/path availability -sudo yunohost app checkurl $domain$path -a $app \ - || (echo "Path not available: $domain$path" && exit 1) +#================================================= +# SETUP THE APP BY MODIFYING THE SYSTEM +#================================================= -# Remove trailing "/" for next commands -path=${path%/} +ynh_save_args domain path admin is_public language local_path -# Generate random password -db_pwd=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d '[A-Za-z0-9]' | sed -n 's/\(.\{24\}\).*/\1/p') +ynh_package_install php5-imap -# Use 'opensondage' as database name and user -db_user=$app +ynh_mysql_generate_db "$user" "$app" -# Initialize database and store mysql password for upgrade -sudo yunohost app initdb $db_user -p $db_pwd -sudo yunohost app setting $app mysqlpwd -v $db_pwd - -# Delete db and user if exit with an error -trap exit_properly ERR +ynh_system_user_create "$user" "$local_path" +ynh_setup_source "$local_path" "$user" -# Copy files to the right place -final_path=/var/www/$app -upload_path=/home/yunohost.app/$app/upload -sudo mkdir -p $final_path -sudo mkdir -p $upload_path -sudo cp -a ../sources/* $final_path -sudo rm -Rf $final_path/upload -sudo cp -a ../sources/upload/* $upload_path -sudo ln -s $upload_path ../sources/upload +# Move upload directory in yunohost.app +ynh_mv_to_home $local_path/upload -# Db installation -mysql -u $db_user -p$db_pwd $db_user < ../sources/installer/sql/create-mysql.sql -sudo sed -i "s/yunoadmin/$admin/g" ../conf/mysql_data.sql -mysql -u $db_user -p$db_pwd $db_user < ../conf/mysql_data.sql +ynh_configure config.php "$local_path/application/config/config.php" - -sudo cp ../conf/config.php.template $final_path/application/config/config.php - -sudo sed -i "s/yunouser/$db_user/g" $final_path/application/config/config.php -sudo sed -i "s/yunopass/$db_pwd/g" $final_path/application/config/config.php -sudo sed -i "s/yunobase/$db_user/g" $final_path/application/config/config.php - -for user in $(sudo yunohost user list | grep '^ [^ ]*:' | sed -e "s/^ \([^ ]*\):/\1/g") -do - if [ $user != $admin ]; - then - mysql -u $db_user -p$db_pwd $db_user -e "INSERT INTO prefix_users (users_name) VALUES ('$user');INSERT INTO prefix_permissions (entity,entity_id,uid,permission,create_p,read_p,update_p,delete_p,import_p,export_p) SELECT 'global',0,uid,'surveys',1,1,1,1,0,1 FROM prefix_users WHERE users_name='$user'" - fi -done +# Fill LimeSurvey database +sed 's/`prefix_/`lime_/g' $local_path/installer/sql/create-mysql.sql > ./structure.sql +mysql -u $db_user -p$db_pwd $db_user < ./structure.sql +ynh_configure data.sql ./data.sql +mysql -u $db_user -p$db_pwd $db_user < ./data.sql # Set permissions -sudo chown -R www-data:www-data $final_path -sudo chown -R www-data:www-data $upload_path -sudo chmod -R 664 $final_path -sudo find $final_path -type d -print0 | xargs -0 sudo chmod 775 \ - || echo "No file to modify" -sudo chmod -R 664 $upload_path -sudo find $upload_path -type d -print0 | xargs -0 sudo chmod 775 \ - || echo "No file to modify" -sudo chmod u+w $final_path/tmp -sudo chmod u+w $upload_path -sudo chmod u+w $final_path/application/config/ +ynh_set_default_perm $local_path +ynh_set_default_perm $data_path/upload +sudo chmod u+w $local_path/tmp +sudo chmod u+w $data_path/upload +sudo chmod u+w $local_path/application/config/ sudo yunohost app addaccess $app -u $admin - -# Modify Nginx configuration file and copy it to Nginx conf directory -sudo sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf -sudo sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf -# Reload Nginx and regenerate SSOwat conf -sudo service nginx reload -sudo yunohost app setting $app skipped_uris -v "/" +sudo yunohost app setting $app unprotected_uris -v "/" #sudo yunohost app setting $app protected_uris -v "/index.php?r=admin,/index.php?r=plugins,/scripts" sudo yunohost app ssowatconf +ynh_configure_php_fpm +ynh_configure_nginx diff --git a/scripts/remove b/scripts/remove index 4b49c3c..3878264 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,10 +1,18 @@ #!/bin/bash -app="limesurvey" -db_user=$app -db_name=$app -root_pwd=$(sudo cat /etc/yunohost/mysql) -domain=$(sudo yunohost app setting $app domain) +source /usr/share/yunohost/helpers +source _common.sh -mysql -u root -p$root_pwd -e "DROP DATABASE $db_name ; DROP USER $db_user@localhost ;" -sudo rm -rf /var/www/$app -sudo rm -f /etc/nginx/conf.d/$domain.d/$app.conf +app=$YNH_APP_INSTANCE_NAME +user=$app +local_path=$(sudo yunohost app setting $app local_path) +domain=$(ynh_app_setting_get $app domain) + +ynh_mysql_remove_db "$user" "$app" +ynh_system_user_delete "$user" + +ynh_secure_rm "$local_path" +ynh_secure_rm "/home/yunohost.app/$app" +ynh_rm_nginx_conf +ynh_rm_php_fpm_conf +sudo yunohost app ssowatconf +echo -e "\e[0m" # Restore norml color