diff --git a/README.md b/README.md index b74f1f8..e120027 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ It shall NOT be edited by hand. # Lufi for YunoHost -[![Integration level](https://dash.yunohost.org/integration/lufi.svg)](https://dash.yunohost.org/appci/app/lufi) ![Working status](https://ci-apps.yunohost.org/ci/badges/lufi.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/lufi.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/lufi.svg)](https://dash.yunohost.org/appci/app/lufi) ![Working status](https://ci-apps.yunohost.org/ci/badges/lufi.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/lufi.maintain.svg) + [![Install Lufi with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=lufi) *[Lire ce readme en français.](./README_fr.md)* @@ -20,7 +21,7 @@ The administrator of the Lufi instance you use will not be able to see what is i The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-) -**Shipped version:** 0.05.18~ynh2 +**Shipped version:** 0.05.21~ynh1 **Demo:** https://demo.lufi.io/ @@ -28,14 +29,9 @@ The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https: ![Screenshot of Lufi](./doc/screenshots/screenshot_lufi_1.png) -## Disclaimers / important information - -## Configuration - -* How to configure this app: a plain file at `/var/www/lufi/lufi.conf` with SSH. - ## Documentation and resources +* Official app website: * Official admin documentation: * Upstream app code repository: * YunoHost documentation for this app: diff --git a/README_fr.md b/README_fr.md index 349179f..cee8afb 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,39 +5,35 @@ It shall NOT be edited by hand. # Lufi pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/lufi.svg)](https://dash.yunohost.org/appci/app/lufi) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/lufi.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/lufi.maintain.svg) +[![Niveau d’intégration](https://dash.yunohost.org/integration/lufi.svg)](https://dash.yunohost.org/appci/app/lufi) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/lufi.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/lufi.maintain.svg) + [![Installer Lufi avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=lufi) *[Read this readme in english.](./README.md)* -> *Ce package vous permet d'installer Lufi rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* +> *Ce package vous permet d’installer Lufi rapidement et simplement sur un serveur YunoHost. +Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.* -## Vue d'ensemble +## Vue d’ensemble Lufi stores files and allows you to download them. Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-) -**Version incluse :** 0.05.18~ynh2 +**Version incluse :** 0.05.21~ynh1 **Démo :** https://demo.lufi.io/ -## Captures d'écran +## Captures d’écran -![Capture d'écran de Lufi](./doc/screenshots/screenshot_lufi_1.png) - -## Avertissements / informations importantes - -## Configuration - -* Comment configurer cette application : un fichier brut `/var/www/lufi/lufi.conf` en SSH. +![Capture d’écran de Lufi](./doc/screenshots/screenshot_lufi_1.png) ## Documentations et ressources -* Documentation officielle de l'admin : -* Dépôt de code officiel de l'app : +* Site officiel de l’app : +* Documentation officielle de l’admin : +* Dépôt de code officiel de l’app : * Documentation YunoHost pour cette app : * Signaler un bug : @@ -53,4 +49,4 @@ ou sudo yunohost app upgrade lufi -u https://github.com/YunoHost-Apps/lufi_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** +**Plus d’infos sur le packaging d’applications :** \ No newline at end of file diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index 3b6734e..0000000 --- a/conf/app.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://framagit.org/fiat-tux/hat-softwares/lufi/-/archive/0.05.18/lufi-0.05.18.tar.gz -SOURCE_SUM=da388595d8c39a82ae118c1c92bb7d8ad637f7351997392bbb645929852a3963 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/cron b/conf/cron new file mode 100644 index 0000000..bba990f --- /dev/null +++ b/conf/cron @@ -0,0 +1,11 @@ +# Génération des statistiques. Tous les jours, à 5h. +0 5 * * * __USER__ cd "__INSTALL_DIR__" && /usr/bin/carton exec script/lufi cron stats + +# Suppression des adresses IP obsolètes. Tous les jours, à 6h. +0 6 * * * __USER__ cd "__INSTALL_DIR__" && /usr/bin/carton exec script/lufi cron cleanbdd + +# Suppression des images dont le délai a expiré. Tous les jours, à 6h. +0 6 * * * __USER__ cd "__INSTALL_DIR__" && /usr/bin/carton exec script/lufi cron cleanfiles + +# Vérification de l'occupation du dossier des images. Tous les jours, à 7h. +0 7 * * * __USER__ cd "__INSTALL_DIR__" && /usr/bin/carton exec script/lufi cron watch diff --git a/conf/cron_lufi b/conf/cron_lufi deleted file mode 100644 index adb3f63..0000000 --- a/conf/cron_lufi +++ /dev/null @@ -1,11 +0,0 @@ -# Génération des statistiques. Tous les jours, à 5h. -0 5 * * * __USER__ cd "__FINALPATH__" && /usr/bin/carton exec script/lufi cron stats - -# Suppression des adresses IP obsolètes. Tous les jours, à 6h. -0 6 * * * __USER__ cd "__FINALPATH__" && /usr/bin/carton exec script/lufi cron cleanbdd - -# Suppression des images dont le délai a expiré. Tous les jours, à 6h. -0 6 * * * __USER__ cd "__FINALPATH__" && /usr/bin/carton exec script/lufi cron cleanfiles - -# Vérification de l'occupation du dossier des images. Tous les jours, à 7h. -0 7 * * * __USER__ cd "__FINALPATH__" && /usr/bin/carton exec script/lufi cron watch diff --git a/conf/logrotate b/conf/logrotate index d116834..d33a185 100644 --- a/conf/logrotate +++ b/conf/logrotate @@ -1,5 +1,5 @@ -__FINALPATH__/log/production.log { +__INSTALL_DIR__/log/production.log { # Effectue une rotation des logs tout les mois monthly # Ou si le fichier de log dépasse 100Mo diff --git a/conf/lufi.conf.template b/conf/lufi.conf similarity index 99% rename from conf/lufi.conf.template rename to conf/lufi.conf index 07e7ce8..6dc9d62 100644 --- a/conf/lufi.conf.template +++ b/conf/lufi.conf @@ -59,7 +59,7 @@ # Max file size, in octets # You can write it 100*1024*1024 # optional, no default - __MAX_SIZE_SET__max_file_size => __MAX_FILE_SIZE__*1024*1024, + max_file_size => __MAX_FILE_SIZE__*1024*1024, # If you want to have piwik statistics, provide a piwik image tracker # Only the image tracker is allowed, no javascript @@ -110,7 +110,7 @@ # Remember that it has to be in a directory writable by Lufi user # DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE # optional, default is 'files' - upload_dir => '__DATADIR__/upload', + upload_dir => '__DATA_DIR__/upload', #!!!!!!!!!!!!!!! # EXPERIMENTAL ! diff --git a/conf/systemd.service b/conf/systemd.service index 7e5e975..823d03d 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -8,11 +8,41 @@ After=network.target Type=forking User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ -PIDFile=__FINALPATH__/script/hypnotoad.pid +WorkingDirectory=__INSTALL_DIR__/ +PIDFile=__INSTALL_DIR__/script/hypnotoad.pid ExecStart=/usr/bin/carton exec hypnotoad script/lufi ExecStop=/usr/bin/carton exec hypnotoad -s script/lufi ExecReload=/usr/bin/carton exec hypnotoad script/lufi +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/config_panel.toml b/config_panel.toml new file mode 100644 index 0000000..85c0135 --- /dev/null +++ b/config_panel.toml @@ -0,0 +1,15 @@ +version = "1.0" + +[main] +name = "Lufi configuration" +services = ["__APP__"] + + [main.config] + name = "Configuration Options" + + [main.config.max_file_size] + ask = "Max file size" + type = "number" + default = 100 + help = "Choose the maximum file size allowed to send, in Mo (0 = no limit)" + bind = "max_file_size:/var/www/__APP__/lufi.conf" \ No newline at end of file diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..97927a3 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1 @@ +How to configure this app: a plain file at `__INSTALL_DIR__/lufi.conf` with SSH. diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..4737c63 --- /dev/null +++ b/doc/ADMIN_fr.md @@ -0,0 +1 @@ +Comment configurer cette application : un fichier brut `__INSTALL_DIR__/lufi.conf` en SSH. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index 1dcb41b..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,3 +0,0 @@ -## Configuration - -* How to configure this app: a plain file at `/var/www/lufi/lufi.conf` with SSH. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md deleted file mode 100644 index 1338c35..0000000 --- a/doc/DISCLAIMER_fr.md +++ /dev/null @@ -1,3 +0,0 @@ -## Configuration - -* Comment configurer cette application : un fichier brut `/var/www/lufi/lufi.conf` en SSH. diff --git a/manifest.json b/manifest.json deleted file mode 100644 index c94edf1..0000000 --- a/manifest.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "name": "Lufi", - "id": "lufi", - "packaging_format": 1, - "description": { - "en": "Self hosting files and sharing anonymous application", - "fr": "Application d'hébergement et de partage de fichiers anonyme" - }, - "version": "0.05.18~ynh2", - "url": "https://git.framasoft.org/luc/lufi", - "upstream": { - "license": "AGPL-3.0-or-later", - "demo": "https://demo.lufi.io/", - "admindoc": "https://framagit.org/luc/lufi/wikis/home", - "code": "https://framagit.org/fiat-tux/hat-softwares/lufi" - }, - "license": "AGPL-3.0-or-later", - "maintainer": { - "name": "frju365, cyp", - "email": "win10@tutanota.com, cyp@rouquin.me" - }, - "requirements": { - "yunohost": ">= 11.0.9" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/lufi", - "default": "/lufi" - }, - { - "name": "is_public", - "type": "boolean", - "default": true - }, - { - "name": "max_file_size", - "type": "string", - "ask": { - "en": "Choose a max file size, in Mo (0 = no limit)", - "fr": "Choisissez une taille de fichier maximum chemin, en Mo (0 = pas de limite)" - }, - "example": "100", - "default": "100" - }, - { - "name": "use_ldap", - "type": "boolean", - "ask": { - "en": "Install Lufi with LDAP configuration?", - "fr": "Installer Lufi avec la configuration LDAP ?" - }, - "help": { - "en": "A Lufi with LDAP enabled will allow only YunoHost users to upload.", - "fr": "Un Lufi avec LDAP activé autorisera seulement les utilisateurs YunoHost à téléverser." - }, - "default": false - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..891e6d7 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,70 @@ +packaging_format = 2 + +id = "lufi" +name = "Lufi" +description.en = "Files and sharing anonymous application" +description.fr = "Application de partage de fichiers anonyme" + +version = "0.05.21~ynh1" + +maintainers = ["frju365, cyp"] + +[upstream] +license = "AGPL-3.0-or-later" +demo = "https://demo.lufi.io/" +admindoc = "https://framagit.org/luc/lufi/wikis/home" +code = "https://framagit.org/fiat-tux/hat-softwares/lufi" +website = "https://git.framasoft.org/luc/lufi" + +[integration] +yunohost = ">= 11.1.17" +architectures = "all" +multi_instance = true +ldap = true +sso = false +disk = "50M" +ram.build = "550M" +ram.runtime = "50M" + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/lufi" + + [install.init_main_permission] + type = "group" + default = "visitors" + + [install.use_ldap] + ask.en = "Install Lufi with LDAP configuration?" + ask.fr = "Installer Lufi avec la configuration LDAP ?" + help.en = "Lufi with LDAP enabled will allow only YunoHost users to upload." + help.fr = "Lufi avec LDAP activé autorisera seulement les utilisateurs YunoHost à téléverser." + type = "boolean" + default = false + +[resources] + [resources.sources.main] + url = "https://framagit.org/fiat-tux/hat-softwares/lufi/-/archive/0.05.21/lufi-0.05.21.tar.gz" + sha256 = "a1da42688d82239a9441355ad0e1d773e24d0225edcdc463b425a5032133765a" + + [resources.ports] + + [resources.system_user] + + [resources.install_dir] + + [resources.data_dir] + subdirs = "upload" + + [resources.permissions] + main.url = "/" + + [resources.apt] + packages = "build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev postgresql carton" + + [resources.database] + type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index 9977374..944a65e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,9 +4,6 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app -pkg_dependencies="build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev postgresql carton" - #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index a06ba98..bf540fc 100644 --- a/scripts/backup +++ b/scripts/backup @@ -10,28 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -41,13 +19,13 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE DATA DIR #================================================= -ynh_backup --src_path="$datadir" --is_big +ynh_backup --src_path="$data_dir" --is_big #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index ecf19ea..80fb431 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,70 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -# Add settings here as needed by your application -port=$(ynh_app_setting_get --app=$app --key=port) -use_ldap=$(ynh_app_setting_get --app=$app --key=use_ldap) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -db_user=$db_name -secret=$(ynh_app_setting_get --app=$app --key=secret) -max_file_size=$(ynh_app_setting_get --app=$app --key=max_file_size) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= @@ -80,36 +16,14 @@ fi #================================================= ynh_script_progression --message="Stopping a systemd service..." -ynh_systemd_action --service_name=$app --action="stop" --log_path="$final_path/log/production.log" +ynh_systemd_action --service_name=$app --action="stop" --log_path="$install_dir/log/production.log" #================================================= # MODIFY URL IN NGINX CONF #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi +ynh_change_url_nginx_config #================================================= # SPECIFIC MODIFICATIONS @@ -119,7 +33,7 @@ fi ynh_script_progression --message="Configuring lufi..." domain="$new_domain" -path_url="$new_path" +path="$new_path" ldap="#" if [ $use_ldap -eq 1 ]; @@ -127,15 +41,10 @@ then ldap="" fi -max_size_set="" -if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit - max_size_set="#" -fi +ynh_add_config --template="../conf/lufi.conf" --destination="$install_dir/lufi.conf" -ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf" - -chmod 600 $final_path/lufi.conf -chown $app:$app $final_path/lufi.conf +chmod 600 $install_dir/lufi.conf +chown $app:$app $install_dir/lufi.conf #================================================= # GENERIC FINALISATION @@ -145,14 +54,7 @@ chown $app:$app $final_path/lufi.conf ynh_script_progression --message="Starting a systemd service..." # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/production.log" --line_match="Creating process id file" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemd_action --service_name=$app --action="start" --log_path="$install_dir/log/production.log" --line_match="Creating process id file" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 45609a6..b8321f4 100644 --- a/scripts/install +++ b/scripts/install @@ -8,108 +8,32 @@ source _common.sh source /usr/share/yunohost/helpers - -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -is_public=$YNH_APP_ARG_IS_PUBLIC -max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE -use_ldap=$YNH_APP_ARG_USE_LDAP secret=$(ynh_string_random --length=24) - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Check if max_file_size is a number -if ! [[ $max_file_size =~ "^[\-0-9]+$" ]] && [ $max_file_size -lt 0 ]; then - ynh_die --message="Max file must be a number positive or zero" -fi - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url +max_file_size=100 +use_ldap=$YNH_APP_ARG_USE_LDAP #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=use_ldap --value=$use_ldap ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size ynh_app_setting_set --app=$app --key=secret --value=$secret -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." - -# Find an available port -port=$(ynh_find_port --port=8095) -ynh_app_setting_set --app=$app --key=port --value=$port - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Creating a PostgreSQL database..." - -# Create postgresql database -ynh_psql_test_if_first_run -db_name=$(ynh_sanitize_dbid --db_name=$app) -db_user=$db_name -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) # Password created in ynh_psql_setup_db function - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # NGINX CONFIGURATION @@ -119,21 +43,16 @@ ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# SPECIFIC SETUP -#================================================= -# CREATE DATA DIRECTORY -#================================================= -ynh_script_progression --message="Creating a data directory..." +# Create a dedicated systemd config +ynh_add_systemd_config -datadir=/home/yunohost.app/$app -ynh_app_setting_set --app=$app --key=datadir --value=$datadir +# Use logrotate to manage application logfile(s) +ynh_use_logrotate -mkdir -p $datadir/upload +yunohost service add $app --description="Lufi service" --log="$install_dir/log/production.log" -chmod 750 "$datadir" -chmod -R o-rwx "$datadir" -chown -R $app:www-data "$datadir" +ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" +chmod +x $install_dir/script/lufi #================================================= # CONFIGURE LUFI @@ -146,83 +65,27 @@ then ldap="" fi -max_size_set="" -if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit - max_size_set="#" -fi +ynh_add_config --template="../conf/lufi.conf" --destination="$install_dir/lufi.conf" -ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf" - -chmod 600 $final_path/lufi.conf -chown $app:$app $final_path/lufi.conf +chmod 600 $install_dir/lufi.conf +chown $app:$app $install_dir/lufi.conf #================================================= # INSTALL LUFI #================================================= ynh_script_progression --message="Installing $app..." -pushd $final_path +pushd $install_dir carton install --deployment --without=sqlite --without=mysql --without=htpasswd --without=test popd -#================================================= -# SETUP CRON -#================================================= -ynh_script_progression --message="Setuping a cron..." - -ynh_add_config --template="../conf/cron_lufi" --destination="/etc/cron.d/$app" -chmod +x $final_path/script/lufi - -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Configuring a systemd service..." - -# Create a dedicated systemd config -ynh_add_systemd_config - -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring log rotation..." - -# Use logrotate to manage application logfile(s) -ynh_use_logrotate - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description="Lufi service" --log="$final_path/log/production.log" - #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --line_match="Creating process id file" --log_path="$final_path/log/production.log" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemd_action --service_name=$app --action="start" --line_match="Creating process id file" --log_path="$install_dir/log/production.log" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 61314a5..721f049 100644 --- a/scripts/remove +++ b/scripts/remove @@ -9,20 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -port=$(ynh_app_setting_get --app=$app --key=port) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - #================================================= # STANDARD REMOVE #================================================= @@ -36,88 +22,21 @@ then yunohost service remove $app fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." - # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." - # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE THE POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Removing the PostgreSQL database..." - -# Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user=$db_user --db_name=$db_name - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE DATA DIR -#================================================= - -# Remove the data directory if --purge option is used -if [ "${YNH_APP_PURGE:-0}" -eq 1 ] -then - ynh_script_progression --message="Removing app data directory..." - ynh_secure_remove --file="$datadir" -fi - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." - # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." - # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" # Remove the log files ynh_secure_remove --file="/var/log/$app" -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 40dc3e0..c621c16 100644 --- a/scripts/restore +++ b/scripts/restore @@ -10,141 +10,49 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# RESTORE THE DATA DIRECTORY -#================================================= -ynh_script_progression --message="Restoring the data directory..." - -ynh_restore_file --origin_path="$datadir" --not_mandatory - -mkdir -p $datadir - -chmod 750 "$datadir" -chmod -R o-rwx "$datadir" -chown -R $app:www-data "$datadir" - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." - -# Define and install dependencies -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies - -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= ynh_script_progression --message="Restoring the PostregSQL database..." -ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" #================================================= -# RESTORE VARIOUS FILES +# RESTORE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Restoring various files..." +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/cron.d/$app" -#================================================= -# RESTORE SYSTEMD -#================================================= -ynh_script_progression --message="Restoring the systemd configuration..." - ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." - ynh_restore_file --origin_path="/etc/logrotate.d/$app" -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description="Lufi service" --log="$final_path/log/production.log" - -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." - -ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/production.log" --line_match="Creating process id file" +yunohost service add $app --description="Lufi service" --log="$install_dir/log/production.log" #================================================= # GENERIC FINALIZATION #================================================= -# RELOAD NGINX +# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= -ynh_script_progression --message="Reloading NGINX web server..." +ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="$install_dir/log/production.log" --line_match="Creating process id file" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index c31355e..707a138 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,47 +9,12 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -use_ldap=$(ynh_app_setting_get --app=$app --key=use_ldap) -port=$(ynh_app_setting_get --app=$app --key=port) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -secret=$(ynh_app_setting_get --app=$app --key=secret) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -max_file_size=$(ynh_app_setting_get --app=$app --key=max_file_size) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - #================================================= # CHECK VERSION #================================================= -ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -57,82 +22,18 @@ ynh_abort_if_errors #================================================= ynh_script_progression --message="Stopping a systemd service..." -ynh_systemd_action --service_name=$app --action="stop" --log_path="$final_path/log/production.log" +ynh_systemd_action --service_name=$app --action="stop" --log_path="$install_dir/log/production.log" #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." -# If db_name doesn't exist, create it -if [ -z "$db_name" ]; then - db_name=$(ynh_sanitize_dbid --db_name=$app) - ynh_app_setting_set --app=$app --key=db_name --value=$db_name -fi - -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path=/var/www/$app - ynh_app_setting_set --app=$app --key=final_path --value=$final_path -fi - -if [ -z "$max_file_size" ]; then +if [ -z "${max_file_size:-}" ]; then max_file_size=100 # 100 Mo ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size fi -# Check if is_public settings exist and is set to true -was_public=$(ynh_app_setting_get --app=$app --key=is_public) -if [ $was_public -eq 1 ] -then - # Fix permissions if true - ynh_print_info --message="Upgrading from legacy permission..." - ynh_print_info --message="Legacy public instance detected, allow visitors with new permission." - use_ldap=0 - - # Add new permission to allow visitors - ynh_permission_update --permission="main" --add="visitors" - - # Remove deprecated is_public settings - ynh_app_setting_delete --app=$app --key=is_public -fi - -# Check if legacy permissions exists (meanning that is_public was set to false) -if ynh_legacy_permissions_exists; then - - ynh_print_info --message="Upgrading from legacy permission..." - ynh_print_info --message="Legacy private instance detected, keep LDAP enabled." - - # Legacy private install have LDAP enabled - use_ldap=1 - - # Cleaning legacy permissions - ynh_print_info --message="Removing legacy permission..." - ynh_legacy_permissions_delete_all - - # Remove deprecated is_public settings - ynh_app_setting_delete --app=$app --key=is_public -fi - -# If datadir doesn't exist, create it -if [ -z "$datadir" ]; then - datadir=/home/yunohost.app/$app - ynh_app_setting_set --app=$app --key=datadir --value=$datadir - mkdir -p $datadir - mv -f "$final_path/files" "$datadir/upload" - chmod 750 "$datadir" - chmod -R o-rwx "$datadir" - chown -R $app:www-data "$datadir" -fi - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -142,27 +43,11 @@ then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$install_dir" fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies - -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." - -# Create a dedicated NGINX config -ynh_add_nginx_config +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # SPECIFIC UPGRADE @@ -177,22 +62,17 @@ then ldap="" fi -max_size_set="" -if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit - max_size_set="#" -fi +ynh_add_config --template="../conf/lufi.conf" --destination="$install_dir/lufi.conf" -ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf" - -chmod 600 $final_path/lufi.conf -chown $app:$app $final_path/lufi.conf +chmod 600 $install_dir/lufi.conf +chown $app:$app $install_dir/lufi.conf #================================================= # BUILD LUFI #================================================= ynh_script_progression --message="Building Lufi..." -pushd $final_path +pushd $install_dir carton install --deployment --without=sqlite --without=mysql --without=htpasswd --without=test popd @@ -201,47 +81,26 @@ popd #================================================= ynh_script_progression --message="Setuping cron..." -ynh_add_config --template="../conf/cron_lufi" --destination="/etc/cron.d/$app" -chmod +x $final_path/script/lufi +# Create a dedicated NGINX config +ynh_add_nginx_config -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Upgrading systemd configuration..." +ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" +chmod +x $install_dir/script/lufi # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." - # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description="Lufi service" --log="$final_path/log/production.log" +yunohost service add $app --description="Lufi service" --log="$install_dir/log/production.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --service_name=$app --action="restart" --log_path="$final_path/log/production.log" --line_match="Creating process id file" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemd_action --service_name=$app --action="restart" --log_path="$install_dir/log/production.log" --line_match="Creating process id file" #================================================= # END OF SCRIPT diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..addbc4d --- /dev/null +++ b/tests.toml @@ -0,0 +1,9 @@ +test_format = 1.0 + +[default] + + # ------------------------------- + # Default args to use for install + # ------------------------------- + + args.use_ldap=0