YunoHost-Apps/lufi_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lufi_ynh.git synced 2024-09-03 19:36:28 +02:00
Code Issues Activity Actions

Merge pull request #71 from YunoHost-Apps/testing

Browse source 
Allow LDAP on public and remove legacy permission and various fixes
This commit is contained in:
yalh76 2022-02-06 00:42:22 +01:00 committed by GitHub
commit b208e35276
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 249 additions and 268 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -15,9 +15,15 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview ## Overview
Self hosting files and sharing anonymous application It stores files and allows you to download them.
**Shipped version:** 0.05.16~ynh1 Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted.
The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-)
**Shipped version:** 0.05.16~ynh2
**Demo:** https://demo.lufi.io/ **Demo:** https://demo.lufi.io/

10
README_fr.md
View file

@ -11,9 +11,15 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
## Vue d'ensemble ## Vue d'ensemble
Application d'hébergement et de partage de fichiers anonyme It stores files and allows you to download them.
**Version incluse :** 0.05.16~ynh1 Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted.
The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-)
**Version incluse :** 0.05.16~ynh2
**Démo :** https://demo.lufi.io/ **Démo :** https://demo.lufi.io/

4
check_process
View file

@ -3,9 +3,9 @@
; Manifest ; Manifest
domain="domain.tld" domain="domain.tld"
path="/path" path="/path"
max_file_size=100
is_public=1 is_public=1
admin="john" max_file_size=100
use_ldap=0
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1

30
conf/lufi.conf.template
View file

@ -59,7 +59,7 @@
# max file size, in octets # max file size, in octets
# you can write it 100*1024*1024 # you can write it 100*1024*1024
# optional, no default # optional, no default
max_file_size => __MAX_FILE_SIZE__*1024*1024, __MAX_SIZE_SET__max_file_size => __MAX_FILE_SIZE__*1024*1024,
# if you want to have piwik statistics, provide a piwik image tracker # if you want to have piwik statistics, provide a piwik image tracker
# only the image tracker is allowed, no javascript # only the image tracker is allowed, no javascript
@ -199,20 +199,20 @@
# set `ldap` if you want that only authenticated users can upload files # set `ldap` if you want that only authenticated users can upload files
# please note that everybody can still download files # please note that everybody can still download files
# optional, no default # optional, no default
__IS_PUBLIC__ldap => { __LDAP__ldap => {
__IS_PUBLIC__ uri => 'ldap://localhost:389', # server URI __LDAP__ uri => 'ldap://localhost:389', # server URI
__IS_PUBLIC__ user_tree => 'dc=yunohost,dc=org', # search base DN __LDAP__ user_tree => 'dc=yunohost,dc=org', # search base DN
__IS_PUBLIC__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN __LDAP__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN
__IS_PUBLIC__ #bind_pwd => 'secr3t', # search bind password __LDAP__ #bind_pwd => 'secr3t', # search bind password
__IS_PUBLIC__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.) __LDAP__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
__IS_PUBLIC__ #user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.) __LDAP__ user_filter => '(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))', # user filter (to exclude some users, etc.)
__IS_PUBLIC__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls __LDAP__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
__IS_PUBLIC__ # don't set or uncomment if you don't want to configure it __LDAP__ # don't set or uncomment if you don't want to configure it
__IS_PUBLIC__ #start_tls => { __LDAP__ #start_tls => {
__IS_PUBLIC__ # verify => 'optional', __LDAP__ # verify => 'optional',
__IS_PUBLIC__ # clientcert => '/etc/ssl/certs/ca-bundle.pem' __LDAP__ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
__IS_PUBLIC__ #} __LDAP__ #}
__IS_PUBLIC__}, __LDAP__},
# if you've set ldap above, the session will last `session_duration` seconds before # if you've set ldap above, the session will last `session_duration` seconds before
# the user needs to reauthenticate # the user needs to reauthenticate

4
conf/nginx.conf
View file

@ -1,10 +1,6 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ { location __PATH__/ {
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
# This is important for user's privacy! # This is important for user's privacy!
access_log off; access_log off;
error_log /var/log/nginx/lufi.error.log; error_log /var/log/nginx/lufi.error.log;

6
doc/DESCRIPTION.md Normal file
View file

@ -0,0 +1,6 @@
It stores files and allows you to download them.
Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted.
The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-)

21
manifest.json
View file

@ -6,7 +6,7 @@
"en": "Self hosting files and sharing anonymous application", "en": "Self hosting files and sharing anonymous application",
"fr": "Application d'hébergement et de partage de fichiers anonyme" "fr": "Application d'hébergement et de partage de fichiers anonyme"
}, },
"version": "0.05.16~ynh1", "version": "0.05.16~ynh2",
"url": "https://git.framasoft.org/luc/lufi", "url": "https://git.framasoft.org/luc/lufi",
"upstream": { "upstream": {
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
@ -20,7 +20,7 @@
"email": "win10@tutanota.com, cyp@rouquin.me" "email": "win10@tutanota.com, cyp@rouquin.me"
}, },
"requirements": { "requirements": {
"yunohost": ">= 4.2.3" "yunohost": ">= 4.3.0"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [
@ -38,6 +38,11 @@
"example": "/lufi", "example": "/lufi",
"default": "/lufi" "default": "/lufi"
}, },
{
"name": "is_public",
"type": "boolean",
"default": true
},
{ {
"name": "max_file_size", "name": "max_file_size",
"type": "string", "type": "string",
@ -49,9 +54,17 @@
"default": "100" "default": "100"
}, },
{ {
"name": "is_public", "name": "use_ldap",
"type": "boolean", "type": "boolean",
"default": true "ask": {
"en": "Install Lufi with LDAP configuration?",
"fr": "Installer Lufi avec la configuration LDAP ?"
},
"help": {
"en": "A Lufi with LDAP enabled will allow only YunoHost users to upload.",
"fr": "Un Lufi avec LDAP activé autorisera seulement les utilisateurs YunoHost à téléverser."
},
"default": false
} }
] ]
} }

4
scripts/backup
View file

@ -6,7 +6,7 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
@ -63,7 +63,7 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
ynh_backup --src_path="/etc/systemd/system/$app.service" ynh_backup --src_path="/etc/systemd/system/$app.service"
#================================================= #=================================================
# BACKUP A CRON FILE # BACKUP VARIOUS FILES
#================================================= #=================================================
ynh_backup --src_path="/etc/cron.d/$app" ynh_backup --src_path="/etc/cron.d/$app"

55
scripts/change_url
View file

@ -31,7 +31,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Add settings here as needed by your application # Add settings here as needed by your application
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
is_public=$(ynh_app_setting_get --app=$app --key=is_public) use_ldap=$(ynh_app_setting_get --app=$app --key=use_ldap)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
db_user=$db_name db_user=$db_name
@ -39,7 +39,7 @@ secret=$(ynh_app_setting_get --app=$app --key=secret)
max_file_size=$(ynh_app_setting_get --app=$app --key=max_file_size) max_file_size=$(ynh_app_setting_get --app=$app --key=max_file_size)
#================================================= #=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#================================================= #=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..."
@ -49,7 +49,7 @@ ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# restore it if the upgrade fails # Restore it if the upgrade fails
ynh_restore_upgradebackup ynh_restore_upgradebackup
} }
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
@ -96,7 +96,7 @@ then
domain="$old_domain" domain="$old_domain"
path_url="$new_path" path_url="$new_path"
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_nginx_config max_file_size ynh_add_nginx_config
fi fi
# Change the domain for NGINX # Change the domain for NGINX
@ -119,49 +119,22 @@ ynh_script_progression --message="Configuring lufi..."
domain="$new_domain" domain="$new_domain"
path_url="$new_path" path_url="$new_path"
config=${final_path}/lufi.conf ldap="#"
ynh_backup_if_checksum_is_different --file="$config" if [ $use_ldap -eq 1 ];
cp ../conf/lufi.conf.template "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
fi
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
if [ $is_public -eq 0 ];
then then
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config" ldap=""
else
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
fi fi
ynh_store_file_checksum --file="$config"
max_size_set=""
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
max_size_set="#"
fi
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
chmod 600 $final_path/lufi.conf chmod 600 $final_path/lufi.conf
chown $app:$app $final_path/lufi.conf chown $app:$app $final_path/lufi.conf
#=================================================
# UPDATE SSOWAT
#=================================================
ynh_script_progression --message="Reconfiguring permissions..."
ynh_permission_update --permission="main" --add="visitors"
if [ $is_public -eq 0 ]
then
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
fi
#================================================= #=================================================
# GENERIC FINALISATION # GENERIC FINALISATION
#================================================= #=================================================

47
scripts/install
View file

@ -25,8 +25,9 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH path_url=$YNH_APP_ARG_PATH
max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE
use_ldap=$YNH_APP_ARG_USE_LDAP
secret=$(ynh_string_random --length=24) secret=$(ynh_string_random --length=24)
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -54,7 +55,7 @@ ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=use_ldap --value=$use_ldap
ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size
ynh_app_setting_set --app=$app --key=secret --value=$secret ynh_app_setting_set --app=$app --key=secret --value=$secret
@ -116,7 +117,7 @@ chown -R $app:www-data "$final_path"
ynh_script_progression --message="Configuring NGINX web server..." ynh_script_progression --message="Configuring NGINX web server..."
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_nginx_config max_file_size ynh_add_nginx_config
#================================================= #=================================================
# SPECIFIC SETUP # SPECIFIC SETUP
@ -125,28 +126,18 @@ ynh_add_nginx_config max_file_size
#================================================= #=================================================
ynh_script_progression --message="Configuring $app..." ynh_script_progression --message="Configuring $app..."
config=${final_path}/lufi.conf ldap="#"
cp ../conf/lufi.conf.template "$config" if [ $use_ldap -eq 1 ];
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
fi
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
if [ $is_public -eq 0 ];
then then
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config" ldap=""
else
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
fi fi
ynh_store_file_checksum --file="$config" max_size_set=""
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
max_size_set="#"
fi
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
chmod 600 $final_path/lufi.conf chmod 600 $final_path/lufi.conf
chown $app:$app $final_path/lufi.conf chown $app:$app $final_path/lufi.conf
@ -204,17 +195,9 @@ ynh_systemd_action --service_name=$app --action="start" --line_match="Creating p
#================================================= #=================================================
ynh_script_progression --message="Configuring permissions..." ynh_script_progression --message="Configuring permissions..."
ynh_permission_update --permission="main" --add="visitors" if [ $is_public -eq 1 ]
if [ $is_public -eq 0 ]
then then
if [ "$path_url" == "/" ]; then ynh_permission_update --permission="main" --add="visitors"
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
fi fi
#================================================= #=================================================

36
scripts/remove
View file

@ -31,7 +31,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) # Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null if ynh_exec_warn_less yunohost service status $app >/dev/null
then then
ynh_script_progression --message="Removing $app service..." ynh_script_progression --message="Removing $app service integration..."
yunohost service remove $app yunohost service remove $app
fi fi
@ -43,6 +43,14 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config # Remove the dedicated systemd config
ynh_remove_systemd_config ynh_remove_systemd_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#================================================= #=================================================
# REMOVE THE POSTGRESQL DATABASE # REMOVE THE POSTGRESQL DATABASE
#================================================= #=================================================
@ -51,14 +59,6 @@ ynh_script_progression --message="Removing the PostgreSQL database..."
# Remove a database if it exists, along with the associated user # Remove a database if it exists, along with the associated user
ynh_psql_remove_db --db_user="$db_user" --db_name="$db_name" ynh_psql_remove_db --db_user="$db_user" --db_name="$db_name"
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#================================================= #=================================================
# REMOVE APP MAIN DIR # REMOVE APP MAIN DIR
#================================================= #=================================================
@ -76,28 +76,24 @@ ynh_script_progression --message="Removing NGINX web server configuration..."
ynh_remove_nginx_config ynh_remove_nginx_config
#================================================= #=================================================
# REMOVE LOGROTATE CONFIGURATION # REMOVE DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Removing logrotate configuration..." ynh_script_progression --message="Removing dependencies..."
# Remove the app-specific logrotate config # Remove metapackage and its dependencies
ynh_remove_logrotate ynh_remove_app_dependencies
#================================================= #=================================================
# SPECIFIC REMOVE # SPECIFIC REMOVE
#================================================= #=================================================
# REMOVE THE CRON FILE # REMOVE VARIOUS FILES
#================================================= #=================================================
ynh_script_progression --message="Removing the cron file..." ynh_script_progression --message="Removing various files..."
# Remove a cron file # Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app" ynh_secure_remove --file="/etc/cron.d/$app"
#================================================= # Remove the log files
# REMOVE LOG
#=================================================
ynh_script_progression --message="Removing the log file..."
ynh_secure_remove --file="/var/log/$app" ynh_secure_remove --file="/var/log/$app"
#================================================= #=================================================

30
scripts/restore
View file

@ -6,7 +6,7 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
@ -89,6 +89,13 @@ ynh_psql_test_if_first_run
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
#=================================================
# RESTORE VARIOUS FILES
#=================================================
ynh_script_progression --message="Restoring various files..."
ynh_restore_file --origin_path="/etc/cron.d/$app"
#================================================= #=================================================
# RESTORE SYSTEMD # RESTORE SYSTEMD
#================================================= #=================================================
@ -97,6 +104,13 @@ ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/systemd/system/$app.service" ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet systemctl enable $app.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..."
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
@ -111,20 +125,6 @@ ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/production.log" --line_match="Creating process id file" ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/production.log" --line_match="Creating process id file"
#=================================================
# RESTORE THE CRON FILE
#=================================================
ynh_script_progression --message="Restoring the cron file..."
ynh_restore_file --origin_path="/etc/cron.d/$app"
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..."
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================

120
scripts/upgrade
View file

@ -18,7 +18,7 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
is_public=$(ynh_app_setting_get --app=$app --key=is_public) use_ldap=$(ynh_app_setting_get --app=$app --key=use_ldap)
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
secret=$(ynh_app_setting_get --app=$app --key=secret) secret=$(ynh_app_setting_get --app=$app --key=secret)
@ -30,6 +30,7 @@ max_file_size=$(ynh_app_setting_get --app=$app --key=max_file_size)
#================================================= #=================================================
# CHECK VERSION # CHECK VERSION
#================================================= #=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
@ -42,12 +43,21 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
ynh_backup_before_upgrade ynh_backup_before_upgrade
ynh_clean_setup () { ynh_clean_setup () {
ynh_clean_check_starting ynh_clean_check_starting
# restore it if the upgrade fails # Restore it if the upgrade fails
ynh_restore_upgradebackup ynh_restore_upgradebackup
} }
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action=stop --log_path="$final_path/log/production.log"
#================================================= #=================================================
# ENSURE DOWNWARD COMPATIBILITY # ENSURE DOWNWARD COMPATIBILITY
#================================================= #=================================================
@ -70,21 +80,38 @@ if [ -z "$max_file_size" ]; then
ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size
fi fi
# Cleaning legacy permissions # Check if is_public settings exist and is set to true
if ynh_legacy_permissions_exists; then was_public=$(ynh_app_setting_get --app=$app --key=is_public)
ynh_legacy_permissions_delete_all if [ $was_public -eq 1 ]
then
# Fix permissions if true
ynh_print_info --message="Upgrading from legacy permission..."
ynh_print_info --message="Legacy public instance detected, allow visitors with new permission."
use_ldap=0
# Add new permission to allow visitors
ynh_permission_update --permission="main" --add="visitors"
# Remove deprecated is_public settings
ynh_app_setting_delete --app=$app --key=is_public ynh_app_setting_delete --app=$app --key=is_public
fi fi
#================================================= # Check if legacy permissions exists (meanning that is_public was set to false)
# STANDARD UPGRADE STEPS if ynh_legacy_permissions_exists; then
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action=stop --log_path="$final_path/log/production.log" ynh_print_info --message="Upgrading from legacy permission..."
ynh_print_info --message="Legacy private instance detected, keep LDAP enabled."
# Legacy private install have LDAP enabled
use_ldap=1
# Cleaning legacy permissions
ynh_print_info --message="Removing legacy permission..."
ynh_legacy_permissions_delete_all
# Remove deprecated is_public settings
ynh_app_setting_delete --app=$app --key=is_public
fi
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
@ -115,8 +142,8 @@ chown -R $app:www-data "$final_path"
#================================================= #=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated nginx config # Create a dedicated NGINX config
ynh_add_nginx_config max_file_size ynh_add_nginx_config
#================================================= #=================================================
# UPGRADE DEPENDENCIES # UPGRADE DEPENDENCIES
@ -125,34 +152,25 @@ ynh_script_progression --message="Upgrading dependencies..."
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
#=================================================
# SPECIFIC UPGRADE
#================================================= #=================================================
# SETUP LUFI # SETUP LUFI
#================================================= #=================================================
ynh_script_progression --message="Configuring Lufi..." ynh_script_progression --message="Configuring Lufi..."
config=${final_path}/lufi.conf ldap="#"
ynh_backup_if_checksum_is_different --file="$config" if [ $use_ldap -eq 1 ];
cp ../conf/lufi.conf.template "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
fi
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
if [ $is_public -eq 0 ];
then then
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config" ldap=""
else
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
fi fi
ynh_store_file_checksum --file="$config" max_size_set=""
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
max_size_set="#"
fi
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
chmod 600 $final_path/lufi.conf chmod 600 $final_path/lufi.conf
chown $app:$app $final_path/lufi.conf chown $app:$app $final_path/lufi.conf
@ -175,12 +193,15 @@ ynh_add_config --template="../conf/cron_lufi" --destination="/etc/cron.d/$app"
chmod +x $final_path/script/lufi chmod +x $final_path/script/lufi
#================================================= #=================================================
# ADVERTISE SERVICE IN ADMIN PANEL # SETUP SYSTEMD
#================================================= #=================================================
ynh_script_progression --message="Storing the config file checksum..." ynh_script_progression --message="Upgrading systemd configuration..."
yunohost service add $app --description="Lufi service" --log="$final_path/log/production.log" # Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
#================================================= #=================================================
# SETUP LOGROTATE # SETUP LOGROTATE
#================================================= #=================================================
@ -190,30 +211,11 @@ ynh_script_progression --message="Upgrading logrotate configuration..."
ynh_use_logrotate --non-append ynh_use_logrotate --non-append
#================================================= #=================================================
# SETUP SYSTEMD # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
ynh_script_progression --message="Upgrading systemd configuration..." ynh_script_progression --message="Integrating service in YunoHost..."
# Create a dedicated systemd config yunohost service add $app --description="Lufi service" --log="$final_path/log/production.log"
ynh_add_systemd_config
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading permissions..."
ynh_permission_update --permission="main" --add="visitors"
if [ $is_public -eq 0 ]
then
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
fi
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE