YunoHost-Apps/lufi_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lufi_ynh.git synced 2024-09-03 19:36:28 +02:00
Code Issues Activity Actions

Merge pull request #23 from YunoHost-Apps/general-upgrade

Browse source 
General upgrade
This commit is contained in:
Kayou 2019-03-25 23:52:38 +01:00 committed by GitHub
commit 01ab43551f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 1101 additions and 334 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

90
README.md
View file

@ -1,44 +1,72 @@
# Lufi for YunoHost
[![Latest Version](https://img.shields.io/badge/version-_--_-green.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/releases)
[![Status](https://img.shields.io/badge/status-working-yellow.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/milestones)
[![Dependencies](https://img.shields.io/badge/dependencies-includes-lightgrey.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh#dependencies)
[![GitHub license](https://img.shields.io/badge/license-GPLv3-blue.svg?style=flat)](https://raw.githubusercontent.com/YunoHost-Apps/lufi_ynh/master/LICENSE)
[![Yunohost version](https://img.shields.io/badge/yunohost-2.4.2_tested-orange.svg?style=flat)](https://github.com/YunoHost/yunohost)
[![GitHub issues](https://img.shields.io/github/issues/YunoHost-Apps/lufi_ynh.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/issues)
[![Integration level](https://dash.yunohost.org/integration/lufi.svg)](https://dash.yunohost.org/appci/app/lufi)
[![Install lufi with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=lufi)
## Lufi c'est quoi ?
*[Lire ce readme en français.](./README_fr.md)*
Il stocke vos fichiers et vous permet de les télécharger.
Est-ce tout? Non. Tous les fichiers sont cryptés par le navigateur! Non chiffré. Ça ne marche pas. L'administrateur de l'instance Lufi ne pourra pas voir quel est votre administrateur réseau ou votre FAI.
La clé de cryptage est une ancre (voir Fragment Identifier), ce qui signifie que cette partie n'est traitée que par le client et n'atteint pas le serveur. :-)
Source: [Documentation de Lufi](https://framagit.org/luc/lufi/wikis/home)
### Installation
`$ sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh.git`
### Mise à jour
`$ sudo yunohost app upgrade --verbose lufi -u https://github.com/YunoHost-Apps/lufi_ynh.git`
## What is Lufi?
> *This package allow you to install lufi quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
## Overview
It stores files and allows you to download them.
Is that all? No. All the files are encrypted by the browser! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted.
The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
The encryption key part of the URL is a anchor (Cf. Fragment Identifier), that means this part is only processed client-side and does not reach the server. :-)
The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-)
Source: [Lufi documentation](https://framagit.org/luc/lufi/wikis/home)
**Shipped version:** 0.03.5
### Install
## Screenshots
`$ sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh.git`
![](https://framalibre.org/sites/default/files/screenshot_lufi_1.png)
### Update
## Demo
`$ sudo yunohost app upgrade --verbose lufi -u https://github.com/YunoHost-Apps/lufi_ynh.git`
* [Official demo](https://demo.lufi.io/)
## Configuration
How to configure this app: a plain file with SSH.
## Documentation
* Official documentation: https://framagit.org/luc/lufi/wikis/home
## YunoHost specific features
#### Multi-users support
Are LDAP and HTTP auth supported? **Yes**
Can the app be used by multiple users? **Yes**
#### Supported architectures
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/lufi%20%28Community%29.svg)](https://ci-apps.yunohost.org/ci/apps/lufi/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/lufi%20%28Community%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/lufi/)
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/lufi%20%28Community%29.svg)](https://ci-stretch.nohost.me/ci/apps/lufi/)
## Links
* Report a bug: https://github.com/YunoHost-Apps/lufi_ynh/issues
* App website: https://framagit.org/fiat-tux/hat-softwares/lufi
* YunoHost website: https://yunohost.org/
---
Developers info
----------------
**Only if you want to use a testing branch for coding, instead of merging directly into master.**
Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/lufi_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh/tree/testing --debug
or
sudo yunohost app upgrade lufi -u https://github.com/YunoHost-Apps/lufi_ynh/tree/testing --debug
```
**More information on the documentation page:**
https://yunohost.org/packaging_apps

116
README_fr.md Normal file
View file

@ -0,0 +1,116 @@
# Lufi pour YunoHost
[![Integration level](https://dash.yunohost.org/integration/lufi.svg)](https://dash.yunohost.org/appci/app/lufi)
[![Install lufi with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=lufi)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer lufi rapidement et simplement sur un serveur Yunohost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
## Vue d'ensemble
Il stocke vos fichiers et vous permet de les télécharger.
Est-ce tout? Non. Tous les fichiers sont cryptés par le navigateur! Non chiffré. Ça ne marche pas. L'administrateur de l'instance Lufi ne pourra pas voir quel est votre administrateur réseau ou votre FAI.
La clé de cryptage est une ancre (voir [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), ce qui signifie que cette partie n'est traitée que par le client et n'atteint pas le serveur. :-)
**Version incluse:** 0.03.5
## Captures d'écran
![](https://framalibre.org/sites/default/files/screenshot_lufi_1.png)
## Démo
* [Démo officielle](https://demo.lufi.io/)
## Configuration
Comment configurer cette application: un fichier brut en SSH.
## Documentation
* Documentation officielle: https://framagit.org/luc/lufi/wikis/home
## Caractéristiques spécifiques YunoHost
#### Support multi-utilisateurs
L'authentification LDAP et HTTP est-elle prise en charge? **Oui**
L'application peut-elle être utilisée par plusieurs utilisateurs? **Oui**
#### Supported architectures
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/lufi%20%28Community%29.svg)](https://ci-apps.yunohost.org/ci/apps/lufi/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/lufi%20%28Community%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/lufi/)
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/lufi%20%28Community%29.svg)](https://ci-stretch.nohost.me/ci/apps/lufi/)
## Links
* Signaler un bug: https://github.com/YunoHost-Apps/lufi_ynh/issues
* Site de l'application: https://framagit.org/fiat-tux/hat-softwares/lufi
* Site web YunoHost: https://yunohost.org/
---
Informations pour les développeurs
----------------
**Seulement si vous voulez utiliser une branche de test pour le codage, au lieu de fusionner directement dans la banche principale.**
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/lufi_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
```
sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh/tree/testing --debug
ou
sudo yunohost app upgrade lufi -u https://github.com/YunoHost-Apps/lufi_ynh/tree/testing --debug
```
**Plus d'informations sur la page de documentation:**
https://yunohost.org/packaging_apps
# Lufi for YunoHost
[![Latest Version](https://img.shields.io/badge/version-_--_-green.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/releases)
[![Status](https://img.shields.io/badge/status-working-yellow.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/milestones)
[![Dependencies](https://img.shields.io/badge/dependencies-includes-lightgrey.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh#dependencies)
[![GitHub license](https://img.shields.io/badge/license-GPLv3-blue.svg?style=flat)](https://raw.githubusercontent.com/YunoHost-Apps/lufi_ynh/master/LICENSE)
[![Yunohost version](https://img.shields.io/badge/yunohost-2.4.2_tested-orange.svg?style=flat)](https://github.com/YunoHost/yunohost)
[![GitHub issues](https://img.shields.io/github/issues/YunoHost-Apps/lufi_ynh.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/issues)
## Lufi c'est quoi ?
Il stocke vos fichiers et vous permet de les télécharger.
Est-ce tout? Non. Tous les fichiers sont cryptés par le navigateur! Non chiffré. Ça ne marche pas. L'administrateur de l'instance Lufi ne pourra pas voir quel est votre administrateur réseau ou votre FAI.
La clé de cryptage est une ancre (voir Fragment Identifier), ce qui signifie que cette partie n'est traitée que par le client et n'atteint pas le serveur. :-)
Source: [Documentation de Lufi](https://framagit.org/luc/lufi/wikis/home)
### Installation
`$ sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh.git`
### Mise à jour
`$ sudo yunohost app upgrade --verbose lufi -u https://github.com/YunoHost-Apps/lufi_ynh.git`
## What is Lufi?
It stores files and allows you to download them.
Is that all? No. All the files are encrypted by the browser! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
The encryption key part of the URL is a anchor (Cf. Fragment Identifier), that means this part is only processed client-side and does not reach the server. :-)
Source: [Lufi documentation](https://framagit.org/luc/lufi/wikis/home)
### Install
`$ sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh.git`
### Update
`$ sudo yunohost app upgrade --verbose lufi -u https://github.com/YunoHost-Apps/lufi_ynh.git`

22
check_process
View file

@ -4,8 +4,8 @@
domain="domain.tld" (DOMAIN)
path="/path" (PATH)
is_public="Yes" (PUBLIC|public=Yes|private=No)
admin="john" (USER)
max_file_size=100
admin="john" (USER)
; Checks
pkg_linter=1
setup_sub_dir=1
@ -14,24 +14,20 @@
setup_private=1
setup_public=1
upgrade=1
upgrade=1 from_commit=1d53901957efcf8861b10efc8d3f081cadd2ba9e
backup_restore=1
multi_instance=0
wrong_user=1
wrong_path=1
multi_instance=1
incorrect_path=1
corrupt_source=1
fail_download_source=1
port_already_use=1
final_path_already_use=1
port_already_use=1 (8095)
change_url=1
;;; Levels
Level 1=auto
Level 2=auto
Level 3=auto
Level 4=na
Level 5=1
# level 5: le test ne semble pas tout à fait savoir ce qu'est vraiment un "exit".
Level 4=1
Level 5=auto
Level 6=auto
Level 7=auto
Level 8=0
Level 9=0
Level 10=0
Level 10=0

7
conf/app.src
View file

@ -1,6 +1,5 @@
SOURCE_URL=https://framagit.org/luc/lufi/-/archive/7efebff4bfa3722796a80a783fb332d6e50d41de/lufi-7efebff4bfa3722796a80a783fb332d6e50d41de.tar.gz
SOURCE_SUM=cf69c08ae7aa2e696b5c275fc7d3bedf74946361e0114f819266c43ce33fac72
SOURCE_URL=https://framagit.org/fiat-tux/hat-softwares/lufi/-/archive/0.03.5/lufi-0.03.5.tar.gz
SOURCE_SUM=aeb4bb4e7b4d5a7a12a7b8a49578e98c4ef8b6cb606b266b4531767a6ea6debe
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

137
conf/lufi.conf.template
View file

@ -6,19 +6,31 @@
# see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
hypnotoad => {
# array of IP addresses and ports you want to listen to
# you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock'
listen => ['http://127.0.0.1:__PORT__'],
# if you use Lufi behind a reverse proxy like Nginx, you want ro set proxy to 1
# if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1
# if you use Lufi directly, let it commented
proxy => 1,
# Please read http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers
# to adjust this to your server
workers => 30,
clients => 1,
},
# put a way to contact you here and uncomment it
# you can put some HTML in it
# MANDATORY
contact => 'webmaster@__DOMAIN__',
contact => '<a href="mailto:webmaster@__DOMAIN__">Contact page</a>',
# put an URL or an email address to receive file reports and uncomment it
# it's for make reporting illegal files easy for users
# MANDATORY
report => 'webmaster@__DOMAIN__',
# array of random strings used to encrypt cookies
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
secrets => ['__SECRET__'],
secrets => ['__SECRET__'],
# choose a theme. See the available themes in `themes` directory
# optional, default is 'default'
@ -43,7 +55,7 @@
# max file size, in octets
# you can write it 100*1024*1024
# optional, no default
#max_file_size => 104857600,
max_file_size => __MAX_FILE_SIZE__*1024*1024,
# if you want to have piwik statistics, provide a piwik image tracker
# only the image tracker is allowed, no javascript
@ -78,7 +90,7 @@
# example: you want to have Lufi under https://example.org/lufi/
# => set prefix to '/lufi' or to '/lufi/', it doesn't matter
# optional, defaut is /
prefix => '__PATH__',
prefix => '__PATH__',
# array of authorized domains for API calls.
# if you want to authorize everyone to use the API: ['*']
@ -102,12 +114,48 @@
# Optional, default to no-reply@lufi.io
#mail_sender => 'no-reply@lufi.io',
# choose what database you want to use
# valid choices are sqlite, postgresql and mysql (all lowercase)
# optional, default is sqlite
dbtype => '__DB_MANAGER__',
# SQLite ONLY - only used if dbtype is set to sqlite
# define a path to the SQLite database
# you can define it relative to lufi directory or set an absolute path
# remember that it has to be in a directory writable by Lufi user
# optional, default is lufi.db
#db_path => 'lufi.db',
# PostgreSQL ONLY - only used if dbtype is set to postgresql
# these are the credentials to access the PostgreSQL database
# mandatory if you choosed postgresql as dbtype
pgdb => {
database => '__DB_NAME__',
host => 'localhost',
# optional, default is 5432
#port => 5432,
user => '__DB_USER__',
pwd => '__DB_PWD__',
# https://mojolicious.org/perldoc/Mojo/Pg#max_connections
# optional, default is 1
#max_connections => 1,
},
# MySQL ONLY - only used if dbtype is set to mysql
# these are the credentials to access the MySQL database
# mandatory if you choosed mysql as dbtype
#mysqldb => {
# database => 'lufi',
# host => 'localhost',
# # optional, default is 3306
# #port => 3306,
# user => 'DBUSER',
# pwd => 'DBPASSWORD',
# # https://metacpan.org/pod/Mojo::mysql#max_connections
# # optional, default is 5 (set to 0 to disable persistent connections)
# #max_connections => 5,
#},
# define a path to the upload directory, where the uploaded files will be stored
# you can define it relative to lufi directory or set an absolute path
# remember that it has to be in a directory writable by Lufi user
@ -118,20 +166,79 @@
# set `ldap` if you want that only authenticated users can upload files
# please note that everybody can still download files
# optional, no default
#ldap => {
# uri => 'ldaps://ldap.example.org',
# user_tree => 'ou=users,dc=example,dc=org',
# bind_dn => ',ou=users,dc=example,dc=org',
# bind_user => 'uid=ldap_user',
# bind_pwd => 'secr3t',
# user_filter => '!(uid=ldap_user)'
#},
__IS_PUBLIC__ldap => {
__IS_PUBLIC__ uri => 'ldap://localhost:389', # server URI
__IS_PUBLIC__ user_tree => 'dc=yunohost,dc=org', # search base DN
__IS_PUBLIC__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN
__IS_PUBLIC__ #bind_pwd => 'secr3t', # search bind password
__IS_PUBLIC__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
__IS_PUBLIC__ #user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.)
__IS_PUBLIC__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
__IS_PUBLIC__ # don't set or uncomment if you don't want to configure it
__IS_PUBLIC__ #start_tls => {
__IS_PUBLIC__ # verify => 'optional',
__IS_PUBLIC__ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
__IS_PUBLIC__ #}
__IS_PUBLIC__},
# set `htpasswd` if you want to use an htpasswd file instead of ldap
# see 'man htpasswd' to know how to create such file
#htpasswd => 'lufi.passwd',
# if you've set ldap above, the session will last `session_duration` seconds before
# the user needs to reauthenticate
# optional, default is 3600
#session_duration => 3600,
# allow to add a password on files, asked before allowing to download files
# optional, default is 0
allow_pwd_on_files => 1,
# force all files to be in "Burn after reading mode"
# optional, default is 0
#force_burn_after_reading => 0,
# if set, the files' URLs will always use this domain
# optional, no default
#fixed_domain => 'example.org',
# abuse reasons
# set an integer in the abuse field of a file in the database and it will not be downloadable anymore
# the reason will be displayed to the downloader, according to the reasons you will configure here.
# optional, no default
#abuse => {
# 0 => 'Copyright infringment',
# 1 => 'Illegal content',
#},
# Content-Security-Policy header that will be sent by Lufi
# Set to '' to disable CSP header
# https://content-security-policy.com/ provides a good documentation about CSP.
# https://report-uri.com/home/generate provides a tool to generate a CSP header.
# optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
#csp => "",
# X-Frame-Options header that will be sent by Lufi
# Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
# Set to '' to disable X-Frame-Options header
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
# Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
# to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
# optional, default is 'DENY'
#x_frame_options => 'DENY',
# X-Content-Type-Options that will be sent by Lufi
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
# Set to '' to disable X-Content-Type-Options header
# optional, default is 'nosniff'
#x_content_type_options => 'nosniff',
# X-XSS-Protection that will be sent by Lufi
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
#########################
# Lufi cron jobs settings
#########################
@ -144,13 +251,13 @@
# max size of the files directory, in octets
# used by script/lufi cron watch to trigger an action
# optional, no default
max_total_size => 1024*1024*1024,
#max_total_size => 10*1024*1024*1024,
# default action when files directory is over max_total_size (used with script/lufi cron watch)
# valid values are 'warn', 'stop-upload' and 'delete'
# please, see readme
# optional, default is 'warn'
policy_when_full => 'stop-upload',
#policy_when_full => 'warn',
# images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
# if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted

13
conf/nginx.conf
View file

@ -8,11 +8,11 @@ location __PATH__ {
error_log /var/log/nginx/lufi.error.log;
# This is important ! Make it OK with your Lutim configuration
client_max_body_size 40M;
client_max_body_size __MAX_FILE_SIZE__M;
if ($request_uri ~* ^/(img|css|font|js)/) {
add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT";
add_header Cache-Control "public, max-age=315360000";
more_set_headers Expires "Thu, 31 Dec 2037 23:55:55 GMT";
more_set_headers Cache-Control "public, max-age=315360000";
}
proxy_pass http://127.0.0.1:__PORT____PATH__;
@ -25,15 +25,12 @@ location __PATH__ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# If you want to log the remote port of the file senders, you'll need that
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrite$
proxy_redirect off;
#--PRIVATE--# Include SSOWAT user panel.
#--PRIVATE--include conf.d/yunohost_panel.conf.inc;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}

8
conf/lufi.service → conf/systemd.service
View file

@ -5,15 +5,15 @@ Requires=network.target
After=network.target
[Service]
Type=forking
Type=simple
User=__APP__
Group=__APP__
RemainAfterExit=yes
WorkingDirectory=__FINALPATH__
PIDFile=__FINALPATH__script/hypnotoad.pid
ExecStart=/usr/local/bin/carton exec hypnotoad script/lufi >> /var/log/lufi/production.log 2>&1
ExecStop=/usr/local/bin/carton exec hypnotoad -s script/lufi >> /var/log/lufi/production.log 2>&1
ExecReload=/usr/local/bin/carton exec hypnotoad script/lufi >> /var/log/lufi/production.log 2>&1
ExecStart=/usr/local/bin/carton exec hypnotoad script/lufi
ExecStop=/usr/local/bin/carton exec hypnotoad -s script/lufi
ExecReload=/usr/local/bin/carton exec hypnotoad script/lufi
[Install]
WantedBy=multi-user.target

39
manifest.json
View file

@ -3,25 +3,25 @@
"id": "lufi",
"packaging_format": 1,
"requirements": {
"yunohost": ">= 2.4"
"yunohost": ">= 3.2.2"
},
"description": {
"en": "Self hosting files and sharing anonymous application",
"fr": "Application d'hébergement et de partage de fichiers anonyme"
},
"version": "0.6 dev",
"version": "0.03.5~ynh1",
"url": "https://git.framasoft.org/luc/lufi",
"license": "AGPL",
"license": "AGPL-3.0-or-later",
"maintainer": {
"name": "frju365, cyp",
"email": "win10@tutanota.com, cyp@rouquin.me"
},
"multi_instance": false,
"multi_instance": true,
"services": [
"nginx"
],
"arguments": {
"install" : [
"install": [
{
"name": "domain",
"type": "domain",
@ -42,23 +42,24 @@
"default": "/lufi"
},
{
"name": "admin",
"type": "user",
"name": "max_file_size",
"type": "string",
"ask": {
"en": "Choose the Lufi administrator (must be an existing YunoHost user)",
"fr": "Choisissez un administrateur Lufi (doit être un utilisateur YunoHost)"
"en": "Choose a max file size, in Mo (0 = no limit)",
"fr": "Choisissez une taille de fichier maximum chemin, en Mo (0 = pas de limite)"
},
"example": "john"
"example": "100",
"default": "100"
},
{
"name": "is_public",
"type": "boolean",
"ask": {
"en": "Is it a public application?",
"fr": "Est-ce une application publique ?"
},
"default": true
}
{
"name": "is_public",
"type": "boolean",
"ask": {
"en": "Is it a public application?",
"fr": "Est-ce une application publique ?"
},
"default": true
}
]
}
}

94
scripts/_common.sh
View file

@ -1 +1,95 @@
#!/bin/bash
# Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started
#
# usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ]
# | arg: -n, --service_name= - Name of the service to reload. Default : $app
# | arg: -a, --action= - Action to perform with systemctl. Default: start
# | arg: -l, --line_match= - Line to match - The line to find in the log to attest the service have finished to boot.
# If not defined it don't wait until the service is completely started.
# WARNING: When using --line_match, you should always add `ynh_clean_check_starting` into your
# `ynh_clean_setup` at the beginning of the script. Otherwise, tail will not stop in case of failure
# of the script. The script will then hang forever.
# | arg: -p, --log_path= - Log file - Path to the log file. Default : /var/log/$app/$app.log
# | arg: -t, --timeout= - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds.
# | arg: -e, --length= - Length of the error log : Default : 20
ynh_systemd_action() {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= )
local service_name
local action
local line_match
local length
local log_path
local timeout
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
local service_name="${service_name:-$app}"
local action=${action:-start}
local log_path="${log_path:-/var/log/$service_name/$service_name.log}"
local length=${length:-20}
local timeout=${timeout:-300}
# Start to read the log
if [[ -n "${line_match:-}" ]]
then
local templog="$(mktemp)"
# Following the starting of the app in its log
if [ "$log_path" == "systemd" ] ; then
# Read the systemd journal
journalctl --unit=$service_name --follow --since=-0 --quiet > "$templog" &
# Get the PID of the journalctl command
local pid_tail=$!
else
# Read the specified log file
tail -F -n0 "$log_path" > "$templog" &
# Get the PID of the tail command
local pid_tail=$!
fi
fi
echo "${action^} the service $service_name" >&2
systemctl $action $service_name \
|| ( journalctl --no-pager --lines=$length -u $service_name >&2 \
; test -e "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2 \
; false )
# Start the timeout and try to find line_match
if [[ -n "${line_match:-}" ]]
then
local i=0
for i in $(seq 1 $timeout)
do
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
if grep --quiet "$line_match" "$templog"
then
echo "The service $service_name has correctly started." >&2
break
fi
echo -n "." >&2
sleep 1
done
if [ $i -eq $timeout ]
then
echo "The service $service_name didn't fully started before the timeout." >&2
echo "Please find here an extract of the end of the log of the service $service_name:"
journalctl --no-pager --lines=$length -u $service_name >&2
test -e "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2
fi
echo ""
ynh_clean_check_starting
fi
}
# Clean temporary process and file used by ynh_check_starting
# (usually used in ynh_clean_setup scripts)
#
# usage: ynh_clean_check_starting
ynh_clean_check_starting () {
# Stop the execution of tail.
kill -s 15 $pid_tail 2>&1
ynh_secure_remove "$templog" 2>&1
}

94
scripts/backup
View file

@ -1,27 +1,87 @@
#!/bin/bash
# Exit on command errors and treat unset variables as an error
set -eu
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Source app helpers
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
# Get multi-instances specific variables
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
# Retrieve app settings
domain=$(ynh_app_setting_get "$app" domain)
final_path=$(ynh_app_setting_get $app final_path)
domain=$(ynh_app_setting_get $app domain)
db_name=$(ynh_app_setting_get $app db_name)
db_manager=$(ynh_app_setting_get $app db_manager)
# Copy the app files
final_path="/var/www/${app}"
ynh_backup "${final_path}" "sources" 1
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_print_info "Backing up the main app directory..."
# Copy the nginx conf files
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
ynh_backup "$final_path"
# Copy the lufi conf file
ynh_backup "${final_path}/lufi.conf" "lufi.conf"
ynh_backup "/etc/systemd/system/lufi.service" "systemd_lufi.service"
ynh_backup "/etc/cron.d/${app}" "cron_lufi"
ynh_backup "/etc/logrotate.d/${app}" "logrotate_lufi"
ynh_backup "/var/log/${app}/production.log" "production.log"
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_print_info "Backing up nginx web server configuration..."
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE POSTGRESQL DATABASE
#=================================================
ynh_print_info "Backing up the PostgreSQL database..."
if [ $db_manager = "postgresql" ]; then
ynh_psql_dump_db "$db_name" > db.sql
fi
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_print_info "Backing up logrotate configuration..."
ynh_backup "/etc/logrotate.d/$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_print_info "Backing up systemd configuration..."
ynh_backup "/etc/systemd/system/$app.service"
#=================================================
# BACKUP CRON
#=================================================
ynh_print_info "Backing up cron configuration..."
ynh_backup "/etc/cron.d/${app}"
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

166
scripts/change_url Normal file
View file

@ -0,0 +1,166 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get $app final_path)
# Needed for lufi conf
port=$(ynh_app_setting_get $app port)
is_public=$(ynh_app_setting_get $app is_public)
db_name=$(ynh_app_setting_get "$app" db_name)
db_pwd=$(ynh_app_setting_get $app psqlpwd)
db_user=$db_name
secret=$(ynh_app_setting_get $app secret)
max_file_size=$(ynh_app_setting_get $app max_file_size)
db_manager=$(ynh_app_setting_get $app db_manager)
#=================================================
# CHECK THE SYNTAX OF THE PATHS
#=================================================
test -n "$old_path" || old_path="/"
test -n "$new_path" || new_path="/"
new_path=$(ynh_normalize_url_path $new_path)
old_path=$(ynh_normalize_url_path $old_path)
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_print_info "Updating nginx web server configuration..."
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the nginx config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original nginx config file if modified
ynh_backup_if_checksum_is_different "$nginx_conf_path"
# Set global variables for nginx helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated nginx config
ynh_add_nginx_config max_file_size
fi
# Change the domain for nginx
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum "$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
# SETUP LUFI
#=================================================
ynh_print_info "Configuring lufi..."
domain="$new_domain"
path_url="$new_path"
cp ../conf/lufi.conf.template "${final_path}/lufi.conf"
ynh_replace_string "__DOMAIN__" "$domain" "${final_path}/lufi.conf"
ynh_replace_string "__PATH__" "$path_url" "${final_path}/lufi.conf"
ynh_replace_string "__PORT__" "$port" "${final_path}/lufi.conf"
ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf"
ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf"
ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf"
ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf"
ynh_replace_string "__DB_MANAGER__" "$db_manager" "${final_path}/lufi.conf"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string "max_file_size" "#max_file_size" "${final_path}/lufi.conf"
fi
ynh_replace_string "__SECRET__" "$secret" "${final_path}/lufi.conf"
if [ $is_public -eq 0 ];
then
ynh_replace_string "__IS_PUBLIC__" "" "${final_path}/lufi.conf"
else
ynh_replace_string "__IS_PUBLIC__" "#" "${final_path}/lufi.conf"
fi
ynh_store_file_checksum "${final_path}/lufi.conf"
#=================================================
# GENERIC FINALISATION
#=================================================
# UPDATE SSOWAT
#=================================================
ynh_print_info "Reconfigure SSOwat"
ynh_app_setting_set $app unprotected_uris "/"
if [ $is_public -eq 0 ]
then
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set $app protected_regex "$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
fi
#=================================================
# RESTART LUFI
#=================================================
ynh_systemd_action -n $app -a reload -l "Creating process id file" -p "$final_path/log/production.log"
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info "Reloading nginx web server..."
systemctl reload nginx
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Change of URL completed for $app"

183
scripts/install
View file

@ -14,7 +14,8 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
ynh_clean_check_starting
true
}
# Exit if an error occurs during the execution of the script
@ -26,61 +27,86 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE
app=$YNH_APP_INSTANCE_NAME
secret=$(ynh_string_random 24)
script_dir=$PWD
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_print_info "Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
domain_regex=$(echo "$domain" | sed 's@-@.@g')
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)
# Check if max_file_size is a number
if ! [[ $max_file_size =~ "^[\-0-9]+$" ]] && [ $max_file_size -lt 0 ]; then
ynh_die "Max file must be a number positive or zero"
fi
# Use postgresql by default
db_manager="postgresql"
# Check web path availability
ynh_webpath_available $domain $path_url
# Register (book) web path
ynh_webpath_register $app $domain $path_url
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_print_info "Configuring firewall..."
# Find a free port
port=$(ynh_find_port 8095)
# Open this port
yunohost firewall allow --no-upnp TCP $port 2>&1
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_print_info "Storing installation settings..."
ynh_app_setting_set $app admin $admin
ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app secret $secret
ynh_app_setting_set $app port $port
ynh_app_setting_set $app path $path_url
ynh_app_setting_set $app max_file_size $max_file_size
ynh_app_setting_set $app db_manager $db_manager
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
# Find a free port
port=$(ynh_find_port 8096)
# Open this port
yunohost firewall allow --no-upnp TCP $port 2>&1
ynh_app_setting_set $app port $port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_print_info "Installing dependencies..."
ynh_install_app_dependencies build-essential cpanminus
ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev postgresql cpanminus
# Install Carton
echo yes | cpanm Carton
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_print_info "Creating a PostgreSQL database..."
# Create postgresql database
ynh_psql_test_if_first_run
db_name=$(ynh_sanitize_dbid "$app")
db_user=$db_name
ynh_app_setting_set "$app" db_name "$db_name"
# Initialize database and store postgres password for upgrade
ynh_psql_setup_db "$db_name" "$db_user"
db_pwd=$(ynh_app_setting_get $app psqlpwd) # Password created in ynh_psql_setup_db function
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_print_info "Setting up source files..."
ynh_app_setting_set $app final_path $final_path
# Download, check integrity, uncompress and patch the source from app.src
@ -89,17 +115,15 @@ ynh_setup_source "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info "Configuring nginx web server..."
# Create a dedicated nginx config
ynh_add_nginx_config
if [ "$is_public" = true ];
then
sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf
fi
ynh_add_nginx_config max_file_size
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info "Configuring system user..."
# Create a system user
ynh_system_user_create $app
@ -107,49 +131,34 @@ ynh_system_user_create $app
#=================================================
# Copy and fix variable into lufi config
#=================================================
ynh_print_info "Configuring lufi..."
sudo cp ../conf/lufi.conf.template "${final_path}/lufi.conf"
cp ../conf/lufi.conf.template "${final_path}/lufi.conf"
ynh_replace_string "__DOMAIN__" "$domain" "${final_path}/lufi.conf"
ynh_replace_string "__PATH__" "$path_url" "${final_path}/lufi.conf"
ynh_replace_string "__PORT__" "$port" "${final_path}/lufi.conf"
ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf"
ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf"
ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf"
ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf"
ynh_replace_string "__DB_MANAGER__" "$db_manager" "${final_path}/lufi.conf"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string "max_file_size" "#max_file_size" "${final_path}/lufi.conf"
fi
secret=$(ynh_string_random 24)
ynh_app_setting_set $app secret $secret
ynh_replace_string "__SECRET__" "$secret" "${final_path}/lufi.conf"
#=================================================
# Set right permissions on new files created at first start
#=================================================
sudo chown -R $app:$app "$final_path"
#=================================================
# Install Carton
#=================================================
echo yes | sudo cpanm Carton
#=================================================
# Install lufi via carton
#=================================================
mkdir -p /var/log/$app/
pushd $final_path
carton install 2>&1 | sudo tee -a "/var/log/$app/setup_carton.log"
popd
#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================
if [ $is_public -eq 0 ];
then
ynh_replace_string "__IS_PUBLIC__" "" "${final_path}/lufi.conf"
else
ynh_replace_string "__IS_PUBLIC__" "#" "${final_path}/lufi.conf"
fi
ynh_store_file_checksum "${final_path}/lufi.conf"
#=================================================
# SETUP SYSTEMD
#=================================================
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
## Install cron
# SETUP CRON
#=================================================
cp ../conf/cron_lufi /etc/cron.d/$app
@ -157,22 +166,26 @@ ynh_replace_string "__FINALPATH__" "$final_path/" "/etc/cron.d/$app"
chmod +x $final_path/script/lufi
#=================================================
# Making log symbolic link to /var/log
# SETUP SYSTEMD
#=================================================
ynh_print_info "Configuring a systemd service..."
touch /var/log/$app/production.log
chown www-data: /var/log/$app/production.log
ln -s /var/log/$app/production.log "$final_path/log/production.log"
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# Start lufi
# Install lufi's dependencies via carton
#=================================================
ynh_print_info "Installing lufi..."
sudo systemctl start $app.service
pushd $final_path
carton install --deployment --without=sqlite --without=mysql
popd
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_print_info "Configuring log rotation..."
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
@ -181,26 +194,50 @@ ynh_use_logrotate
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add NAME_INIT.D --log "/var/log/FILE.log"
yunohost service add $app --log "$final_path/log/production.log"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_print_info "Configuring SSOwat..."
# Make app public if necessary
if [ $is_public -eq 1 ]
ynh_app_setting_set $app unprotected_uris "/"
if [ $is_public -eq 0 ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_app_setting_set $app unprotected_uris "/"
else
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
ynh_app_setting_set $app protected_regex "$domain_regex$path/stats$","$domain_regex$path/manifest.webapp$","$domain_regex$path/$","$domain_regex$path/d/.*$","$domain_regex$path/m/.*$"
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set $app protected_regex "$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
fi
#=================================================
# Configure owner
#=================================================
chown -R $app:$app "$final_path"
#=================================================
# Start lufi
#=================================================
systemctl enable $app.service
ynh_systemd_action -n $app -a start -l "Creating process id file" -p "$final_path/log/production.log"
ln -sf "$final_path/log/production.log" "/var/log/$app/production.log"
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info "Reloading nginx web server..."
# Reload Nginx
systemctl reload nginx
yunohost app ssowatconf
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Installation of $app completed"

65
scripts/remove
View file

@ -12,20 +12,18 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get $app final_path)
domain=$(ynh_app_setting_get $app domain)
port=$(ynh_app_setting_get $app port)
db_name=$(ynh_app_setting_get $app db_name)
db_user=$db_name
#=================================================
# STANDARD REMOVE
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
# Remove the dedicated systemd config
ynh_remove_systemd_config
#=================================================
# REMOVE SERVICE FROM ADMIN PANEL
#=================================================
@ -38,15 +36,17 @@ then
fi
#=================================================
# REMOVE DEPENDENCIES
# STOP AND REMOVE SERVICE
#=================================================
ynh_print_info "Stopping and removing the systemd service"
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
# Remove the dedicated systemd config
ynh_remove_systemd_config
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_print_info "Removing app main directory"
# Remove the app directory securely
ynh_secure_remove "$final_path"
@ -54,13 +54,21 @@ ynh_secure_remove "$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_print_info "Removing nginx web server configuration"
# Remove the dedicated nginx config
ynh_remove_nginx_config
#=================================================
# DELETE LOG
#=================================================
ynh_secure_remove "/var/log/$app"
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_print_info "Removing logrotate configuration"
# Remove the app-specific logrotate config
ynh_remove_logrotate
@ -71,10 +79,35 @@ ynh_remove_logrotate
if yunohost firewall list | grep -q "\- $port$"
then
echo "Close port $port" >&2
echo "Close port $port"
yunohost firewall disallow TCP $port 2>&1
fi
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_print_info "Removing dependencies"
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_print_info "Removing the PostgreSQL database"
ynh_psql_remove_db $db_name $db_user
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_print_info "Removing the dedicated system user"
# Delete a system user
ynh_system_user_delete $app
#=================================================
# SPECIFIC REMOVE
#=================================================
@ -84,14 +117,8 @@ fi
# Remove a cron file
ynh_secure_remove "/etc/cron.d/$app"
# Remove the log files
ynh_secure_remove "/var/log/$app/"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
# END OF SCRIPT
#=================================================
# Delete a system user
ynh_system_user_delete $app
ynh_print_info "Removal of $app completed"

193
scripts/restore
View file

@ -1,101 +1,144 @@
#!/bin/bash
# This restore script is adapted to Yunohost >=2.4
# Exit on command errors and treat unset variables as an error
set -eu
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Source app helpers
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
# The parameter $app is the id of the app instance ex: ynhexample__2
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading settings..."
app=$YNH_APP_INSTANCE_NAME
# Get old parameter of the app
domain=$(ynh_app_setting_get $app domain)
path=$(ynh_app_setting_get $app path)
is_public=$(ynh_app_setting_get $app is_public)
path_url=$(ynh_app_setting_get $app path)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
db_manager=$(ynh_app_setting_get $app db_manager)
ynh_package_update
ynh_package_install carton
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_print_info "Validating restoration parameters..."
# Check domain/path availability
sudo yunohost app checkurl "${domain}${path}" -a "${app}" \
|| ynh_die "Path not available: ${domain}${path}"
ynh_webpath_available $domain $path_url \
|| ynh_die "Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path "
# Check $final_path
final_path="/var/www/${app}"
if [ -d "${final_path}" ]; then
ynh_die "There is already a directory: ${final_path}"
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_print_info "Reinstalling dependencies..."
# Define and install dependencies
ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev postgresql cpanminus
# Install Carton
echo yes | cpanm Carton
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_print_info "Restoring the app main directory..."
ynh_restore_file "$final_path"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info "Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
if [ $db_manager = "postgresql" ]; then
ynh_print_info "Restoring the PostregSQL database..."
db_pwd=$(ynh_app_setting_get $app psqlpwd)
ynh_psql_test_if_first_run
ynh_psql_setup_db $db_name $db_name $db_pwd
ynh_psql_connect_as $db_name $db_pwd $db_name < ./db.sql
fi
# Check configuration files nginx
nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
if [ -f "${nginx_conf}" ]; then
ynh_die "The NGINX configuration already exists at '${nginx_conf}'. You should safely delete it before restoring this app."
fi
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Check configuration files lufi
lufi_conf="${final_path}/${app}.conf"
if [ -f "${lufi_conf}" ]; then
ynh_die "The LUFI CONF configuration already exists at '${lufi_conf}'. You should safely delete it before restoring this app."
fi
# Restore permissions on app files
chown -R $app:$app "$final_path"
lufi_systemd="/etc/systemd/system/${app}.service"
if [ -f "${lufi_systemd}" ]; then
ynh_die "The LUFI SYSTEMD configuration already exists at '${lufi_systemd}'. You should safely delete it before restoring this app."
fi
#=================================================
# SPECIFIC RESTORATION
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_print_info "Restoring the systemd configuration..."
lufi_cron="/etc/cron.d/${app}"
if [ -f "${lufi_cron}" ]; then
ynh_die "The LUFI CRONTAB configuration already exists at '${lufi_cron}'. You should safely delete it before restoring this app."
fi
ynh_restore_file "/etc/systemd/system/$app.service"
systemctl enable $app.service
ynh_systemd_action -n $app -a start -l "Creating process id file" -p "$final_path/log/production.log"
ln -sf "$final_path/log/production.log" "/var/log/$app/production.log"
lufi_logrotate="/etc/logrotate.d/${app}"
if [ -f "${lufi_logrotate}" ]; then
ynh_die "The LUFI LOGROTATE configuration already exists at '${lufi_logrotate}'. You should safely delete it before restoring this app."
fi
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
lufi_log="/var/log/${app}/production.log"
if [ -f "${lufi_log}" ]; then
ynh_die "The LUFI LOG configuration already exists at '${lufi_log}'. You should safely delete it before restoring this app."
fi
yunohost service add $app --log "$final_path/log/production.log"
# Restore sources & data
sudo cp -a ./sources "${final_path}"
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
# Set permissions
sudo chown -R www-data: "${final_path}"
ynh_restore_file "/etc/logrotate.d/$app"
# Restore nginx configuration files
sudo cp -a ./nginx.conf "${nginx_conf}"
#=================================================
# RESTORE THE CRON CONFIGURATION
#=================================================
# Restore lufi configuration files
sudo cp -a ./lufi.conf "${lufi_conf}"
ynh_restore_file "/etc/cron.d/$app"
# Restore service
sudo cp -a ./systemd_lufi.service "${lufi_systemd}"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info "Reloading nginx web server..."
sudo cp -a ./cron_lufi "${lufi_cron}"
sudo cp -a ./logrotate_lufi "${lufi_logrotate}"
systemctl reload nginx
yunohost app ssowatconf
# Create log production
sudo mkdir "/var/log/${app}/"
sudo cp -a ./production.log "${lufi_log}"
# Delete symbolic link and restore
sudo rm -fr "${final_path}/log/production.log"
sudo ln -s "/var/log/${app}/production.log" "${final_path}/log/production.log"
#=================================================
# END OF SCRIPT
#=================================================
# Reload lufi service
sudo systemctl daemon-reload
sudo systemctl start lufi.service
sudo systemctl enable lufi.service
# Set ssowat config
if [ "$is_public" = "No" ];
then
ynh_app_setting_delete $app skipped_uris
fi
# Reload services
sudo systemctl reload nginx
sudo yunohost app ssowatconf
ynh_print_info "Restoration completed for $app"

202
scripts/upgrade
View file

@ -1,28 +1,32 @@
#!/bin/bash
set -eu
#=================================================
# GENERIC STARTING
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source .fonctions
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
path=$(ynh_app_setting_get $app path)
path_url=$(ynh_app_setting_get $app path)
is_public=$(ynh_app_setting_get $app is_public)
port=$(ynh_app_setting_get $app port)
final_path=$(ynh_app_setting_get $app final_path)
secret=$(ynh_app_setting_get $app secret)
db_name=$(ynh_app_setting_get $app db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get $app psqlpwd)
max_file_size=$(ynh_app_setting_get $app max_file_size)
db_manager=$(ynh_app_setting_get $app db_manager)
#=================================================
# FIX OLD THINGS
@ -41,95 +45,187 @@ then # Si final_path n'est pas renseigné dans la config yunohost, cas d'ancien
final_path=/var/www/$app
fi
CHECK_PATH # Checks and corrects the syntax of the path.
# Get source
SETUP_SOURCE
# If db_manager is empty, use sqlite for a backward compatibility
if [ -z "$db_manager" ]; then
db_manager="sqlite"
fi
if [ -z "$db_pwd" && "$db_manager" = "postgresql"]; then
# Create postgresql database
ynh_psql_test_if_first_run
db_name=$(ynh_sanitize_dbid "$app")
db_user=$db_name
ynh_app_setting_set "$app" db_name "$db_name"
# Initialize database and store postgres password for upgrade
ynh_psql_setup_db "$db_name" "$db_user"
db_pwd=$(ynh_app_setting_get $app psqlpwd) # Password created in ynh_psql_setup_db function
fi
if [ -z "$max_file_size" ]; then
max_file_size=100 # 100 Mo
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_print_info "Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_print_info "Upgrading source files..."
ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev postgresql cpanminus
ynh_setup_source "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info "Upgrading nginx web server configuration..."
# Et copie le fichier de config nginx
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
# Modify Nginx configuration file and copy it to Nginx conf directory
sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf
sudo sed -i "s@__PORT__@$port@g" /etc/nginx/conf.d/$domain.d/$app.conf
# Create a dedicated nginx config
ynh_add_nginx_config max_file_size
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info "Making sure dedicated system user exists..."
if [ "$is_public" = "Yes" ];
then
sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf
fi
# Create a dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# SPECIFIC UPGRADE
#=================================================
# SETUP LUFI
#=================================================
ynh_print_info "Configuring lufi..."
## Copie et configuration du fichier de conf.
CHECK_MD5_CONFIG "lufi.conf" "$final_path/lufi.conf" # Créé un backup du fichier de config si il a été modifié.
sudo cp ../conf/lufi.conf.template "$final_path/lufi.conf"
sudo sed -i "s@__DOMAIN__@$domain@g" "$final_path/lufi.conf"
sudo sed -i "s@__PATH__@$path@g" "$final_path/lufi.conf"
sudo sed -i "s@__PORT__@$port@g" "$final_path/lufi.conf"
sudo sed -i "s@__SECRET__@$secret@g" "${final_path}/lufi.conf"
STORE_MD5_CONFIG "lufi.conf" "$final_path/lufi.conf" # Réenregistre la somme de contrôle du fichier de config
cp ../conf/lufi.conf.template "${final_path}/lufi.conf"
ynh_replace_string "__DOMAIN__" "$domain" "${final_path}/lufi.conf"
ynh_replace_string "__PATH__" "$path_url" "${final_path}/lufi.conf"
ynh_replace_string "__PORT__" "$port" "${final_path}/lufi.conf"
ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf"
ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf"
ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf"
ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf"
ynh_replace_string "__DB_MANAGER__" "$db_manager" "${final_path}/lufi.conf"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string "max_file_size" "#max_file_size" "${final_path}/lufi.conf"
fi
#=================================================
# SETUP SYSTEMD
#=================================================
# Mise en place du script systemd
sudo systemctl stop $app
sudo cp ../conf/lufi.service /etc/systemd/system/$app.service
sudo chown root: /etc/systemd/system/$app.service
sudo sed -i "s@__FINALPATH__@$final_path/@g" /etc/systemd/system/$app.service
sudo sed -i "s@__APP__@$app@g" /etc/systemd/system/$app.service
## Démarrage auto du service
sudo systemctl enable $app
ynh_replace_string "__SECRET__" "$secret" "${final_path}/lufi.conf"
if [ $is_public -eq 0 ];
then
ynh_replace_string "__IS_PUBLIC__" "" "${final_path}/lufi.conf"
else
ynh_replace_string "__IS_PUBLIC__" "#" "${final_path}/lufi.conf"
fi
ynh_store_file_checksum "${final_path}/lufi.conf"
#=================================================
# SETUP CRON
#=================================================
sudo cp ../conf/cron_lufi /etc/cron.d/$app
sudo sed -i "s@__FINALPATH__@$final_path/@g" /etc/cron.d/$app
#=================================================
# UPDATE LUFI WITH CARTON
#=================================================
pushd $final_path # cd avec une stack pour revenir en arrière
echo yes | sudo carton install 2>&1 | sudo tee -a "/var/log/$app/setup_carton.log"
popd # Revient au dossier courant avant pushd
cp ../conf/cron_lufi /etc/cron.d/$app
ynh_replace_string "__FINALPATH__" "$final_path/" "/etc/cron.d/$app"
chmod +x $final_path/script/lufi
#=================================================
# SECURING FILES AND DIRECTORIES
#=================================================
sudo chown -R www-data: $final_path
chown -R $app: "$final_path"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_print_info "Upgrading systemd configuration..."
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# Install lufi's dependencies via carton
#=================================================
pushd $final_path
if [ $db_manager = "postgresql" ]; then
carton install --deployment --without=sqlite --without=mysql
else
carton install --deployment --without=postgresql --without=mysql
fi
popd
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_print_info "Upgrading logrotate configuration..."
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
# if /var/log/$app/production.log is a symbolic link, then move it to $final_path/log/production.log
if [ ! -L "/var/log/$app/production.log" ]
then
mv "/var/log/$app/production.log" "$final_path/log/production.log"
chown -R $app: "$final_path/log/production.log"
fi
yunohost service add $app --log "$final_path/log/production.log"
#=================================================
# RESTART LUFI
#=================================================
sudo systemctl restart lufi.service
ln -sf "$final_path/log/production.log" "/var/log/$app/production.log"
ynh_systemd_action -n $app -a restart -l "Creating process id file" -p "$final_path/log/production.log"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_print_info "Upgrading SSOwat configuration..."
ynh_app_setting_set $app skipped_uris "/"
ynh_app_setting_set $app unprotected_uris "/"
if [ $is_public -eq 0 ]
then
ynh_app_setting_set "$app" unprotected_uris "/"
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set $app protected_regex "$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info "Reloading nginx web server..."
sudo systemctl reload nginx
sudo yunohost app ssowatconf
systemctl reload nginx
yunohost app ssowatconf
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Upgrade of $app completed"