diff --git a/check_process b/check_process index 6952a12..5045355 100644 --- a/check_process +++ b/check_process @@ -4,7 +4,7 @@ domain="domain.tld" (DOMAIN) admin="john" (USER) path="/path" (PATH) - passwd="adminpassword" + passwd="12345678" ; Checks pkg_linter=1 setup_sub_dir=0 @@ -26,9 +26,9 @@ Level 1=auto Level 2=auto Level 3=auto - Level 4=na - Level 5=1 -# level 5: le test ne semble pas tout à fait savoir ce qu'est vraiment un "exit". +# Level 4: TODO: https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Enabling-LDAP-login.md + Level 4=0 + Level 5=auto Level 6=auto Level 7=auto Level 8=0 diff --git a/conf/app-mastodon.src b/conf/app-mastodon.src new file mode 100644 index 0000000..62d10c6 --- /dev/null +++ b/conf/app-mastodon.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/tootsuite/mastodon/archive/v2.3.3.tar.gz +SOURCE_SUM=b2b2e2ee7cc034e92258263500c423b900611407db67682777eef0526118f66e +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/app-rbenv.src b/conf/app-rbenv.src new file mode 100644 index 0000000..d60155b --- /dev/null +++ b/conf/app-rbenv.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/rbenv/rbenv/archive/v1.1.1.tar.gz +SOURCE_SUM=41f1a60714c55eceb21d692a469aee1ec4f46bba351d0dfcb0c660ff9cf1a1c9 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/app-ruby-build.src b/conf/app-ruby-build.src new file mode 100644 index 0000000..3041556 --- /dev/null +++ b/conf/app-ruby-build.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/rbenv/ruby-build/archive/v20180424.tar.gz +SOURCE_SUM=71dbaf87081369c1f5d27b6a94a927c1eeeb1f36bdffe7851f0a9c1ec87b9373 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/mastodon-sidekiq.service b/conf/mastodon-sidekiq.service index 34074ed..f788332 100644 --- a/conf/mastodon-sidekiq.service +++ b/conf/mastodon-sidekiq.service @@ -1,17 +1,17 @@ [Unit] - Description=mastodon-sidekiq + Description=__APP__-sidekiq After=network.target [Service] Type=simple - User=mastodon - WorkingDirectory=/opt/mastodon/live + User=__APP__ + WorkingDirectory=__FINALPATH__/live Environment="RAILS_ENV=production" Environment="DB_POOL=20" - ExecStart=/opt/mastodon/.rbenv/shims/bundle exec sidekiq -c 20 -q default -q mailers -q pull -q push + ExecStart=__FINALPATH__/live/bin/bundle exec sidekiq -c 20 -q default -q mailers -q pull -q push TimeoutSec=15 Restart=always StandardError=syslog [Install] - WantedBy=multi-user.target \ No newline at end of file + WantedBy=multi-user.target diff --git a/conf/mastodon-streaming.service b/conf/mastodon-streaming.service index 1716b00..443cac0 100644 --- a/conf/mastodon-streaming.service +++ b/conf/mastodon-streaming.service @@ -1,11 +1,11 @@ [Unit] - Description=mastodon-streaming + Description=__APP__-streaming After=network.target [Service] Type=simple - User=mastodon - WorkingDirectory=/opt/mastodon/live + User=__APP__ + WorkingDirectory=__FINALPATH__/live Environment="NODE_ENV=production" Environment="PORT=4000" ExecStart=/usr/bin/npm run start @@ -14,4 +14,4 @@ StandardError=syslog [Install] - WantedBy=multi-user.target \ No newline at end of file + WantedBy=multi-user.target diff --git a/conf/mastodon-web.service b/conf/mastodon-web.service index 4632031..06069f1 100644 --- a/conf/mastodon-web.service +++ b/conf/mastodon-web.service @@ -1,17 +1,17 @@ [Unit] - Description=mastodon-web + Description=__APP__-web After=network.target [Service] Type=simple - User=mastodon - WorkingDirectory=/opt/mastodon/live + User=__APP__ + WorkingDirectory=__FINALPATH__/live Environment="RAILS_ENV=production" Environment="PORT=3000" - ExecStart=/opt/mastodon/.rbenv/shims/bundle exec puma -C config/puma.rb + ExecStart=__FINALPATH__/live/bin/bundle exec puma -C config/puma.rb TimeoutSec=15 Restart=always StandardError=syslog [Install] - WantedBy=multi-user.target \ No newline at end of file + WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index 228fa4b..dc1bde6 100644 --- a/manifest.json +++ b/manifest.json @@ -3,15 +3,15 @@ "id": "mastodon", "packaging_format": 1, "requirements": { - "yunohost": ">= 2.4" + "yunohost": ">= 2.7.9" }, "description": { "en": "Mastodon is a free, open-source social network.", "fr": "Mastodon est un réseau social gratuit et open source." }, - "version": "2.2.0", + "version": "2.3.3-1", "url": "https://github.com/tootsuite/mastodon", - "license": "AGPL v3.0", + "license": "AGPL-3.0-or-later", "maintainer": { "name": "cyp, nemsia", "email": "cyp@rouquin.me, nemsia@nemsia.org" diff --git a/scripts/.fonctions b/scripts/.fonctions deleted file mode 100644 index 20f9ea0..0000000 --- a/scripts/.fonctions +++ /dev/null @@ -1,263 +0,0 @@ -#!/bin/bash - -ynh_version="2.4" - -YNH_VERSION () { # Returns the version number of the Yunohost moulinette - ynh_version=$(sudo yunohost -v | grep "moulinette:" | cut -d' ' -f2 | cut -d'.' -f1,2) -} - -CHECK_VAR () { # Verifies that the variable is not empty. - # $1 = Variable to be checked - # $2 = Display text on error - test -n "$1" || (echo "$2" >&2 && false) -} - -EXIT_PROPERLY () { # Causes the script to stop in the event of an error. And clean the residue. - trap '' ERR - echo -e "\e[91m \e[1m" # Shell in light red bold - echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2 - - if type -t CLEAN_SETUP > /dev/null; then # Checks the existence of the function before executing it. - CLEAN_SETUP # Call the specific cleanup function of the install script. - fi - - # Compensates the ssowat bug that does not remove the app's input in case of installation error. - sudo sed -i "\@\"$domain/\":@d" /etc/ssowat/conf.json - - if [ "$ynh_version" = "2.2" ]; then - /bin/bash $script_dir/remove - fi - - ynh_die -} - -TRAP_ON () { # Activate signal capture - trap EXIT_PROPERLY ERR # Capturing exit signals on error -} - -TRAP_OFF () { # Ignoring signal capture until TRAP_ON - trap '' ERR # Ignoring exit signals -} - -CHECK_USER () { # Check the validity of the user admin - # $1 = User admin variable - ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false) -} - -CHECK_PATH () { # Checks / at the beginning of the path. And his absence at the end. - if [ "${path:0:1}" != "/" ]; then # If the first character is not / - path="/$path" # Add / at the beginning of path - fi - if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # If the last character is a / and it is not the only character. - path="${path:0:${#path}-1}" # Delete last character - fi -} - -CHECK_DOMAINPATH () { # Checks the availability of the path and domain. - sudo yunohost app checkurl $domain -a $app -} - -CHECK_FINALPATH () { # Checks that the destination folder is not already in use. - final_path=/opt/$app - if [ -e "$final_path" ] - then - echo "This path already contains a folder" >&2 - false - fi -} - -STORE_MD5_CONFIG () { # Saves the checksum of the config file - # $1 = Name of the conf file for storage in settings.yml - # $2 = Full name and path of the conf file. - ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1) -} - -CHECK_MD5_CONFIG () { # Created a backup of the config file if it was changed. - # $1 = Name of the conf file for storage in settings.yml - # $2 = Full name and path of the conf file.onf. - if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then - sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" # Si le fichier de config a été modifié, créer un backup. - fi -} - -FIND_PORT () { # Search free port - # $1 = Port number to start the search. - port=$1 - while ! sudo yunohost app checkport $port ; do - port=$((port+1)) - done - CHECK_VAR "$port" "port empty" -} - -SETUP_SOURCE () { # Download source, decompress and copu into $final_path - src=$(cat ../sources/source_md5 | awk -F' ' {'print $2'}) - sudo wget -nv -i ../sources/source_url -O $src - # Checks the checksum of the downloaded source. - # md5sum -c ../sources/source_md5 --status || ynh_die "Corrupt source" - # Decompress source - if [ "$(echo ${src##*.})" == "tgz" ]; then - tar -x -f $src - elif [ "$(echo ${src##*.})" == "zip" ]; then - unzip -q $src - else - false # Unsupported archive format. - fi - # Copy file source - sudo cp -a $(cat ../sources/source_dir)/. "$final_path/live" - # Copy additional file and modified - if test -e "../sources/ajouts"; then - sudo cp -a ../sources/ajouts/. "$final_path" - fi -} - -# Create user with special hack -CREATE_USER () { - sudo curl -kSs https://${domain}/auth/sign_up --cookie-jar cookie | grep csrf > token || true - token=$(sudo cat token | sed -n '/csrf-token/s/.*name="csrf-token"\s\+content="\([^"]\+\).*/\1/p') - sudo curl -kSs https://${domain}/auth --data "&user[account_attributes][username]=${admin_mastodon}&user[email]=${admin_mastodon}@${domain}&user[password]=${admin_pass}&user[password_confirmation]=${admin_pass}&authenticity_token=${token}" --cookie cookie -} - -### REMOVE SCRIPT - -REMOVE_NGINX_CONF () { # Delete nginx configuration - if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config - echo "Delete nginx config" - sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf" - sudo systemctl reload nginx - fi -} - -REMOVE_LOGROTATE_CONF () { # Delete logrotate configuration - if [ -e "/etc/logrotate.d/$app" ]; then - echo "Delete logrotate config" - sudo rm "/etc/logrotate.d/$app" - fi -} - -SECURE_REMOVE () { # Deleting a folder with variable verification - chaine="$1" # The argument must be given between simple quotes '', to avoid interpreting the variables. - no_var=0 - while (echo "$chaine" | grep -q '\$') # Loop as long as there are $ in the string - do - no_var=1 - global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole the first variable found. - only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole completely the variable by adding the $ at the beginning and keeping only the name of the variable. Mostly gets rid of / and a possible path behind. - real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` Allows to interpret a variable contained in a variable. - if test -z "$real_var" || [ "$real_var" = "/" ]; then - echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2 - return 1 - fi - chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # Replaces variable with its value in the string. - done - if [ "$no_var" -eq 1 ] - then - if [ -e "$chaine" ]; then - echo "Delete directory $chaine" - sudo rm -r "$chaine" - fi - return 0 - else - echo "No detected variable." >&2 - return 1 - fi -} - -# Create a db without password -# -# usage: ynh_mysql_create_user user -# | arg: user - the user name to create -ynh_psql_create_db_without_password() { - db=$1 - sudo su -c "psql" postgres <<< \ - "CREATE USER $db CREATEDB;" -} - -# Create a user -# -# usage: ynh_mysql_create_user user pwd [host] -# | arg: user - the user name to create -# | arg: pwd - the password to identify user by -ynh_psql_create_user() { - sudo su -c "psql" postgres <<< \ - "CREATE USER ${1} WITH PASSWORD '${2}';" -} - -# Create a user without password -# -# usage: ynh_mysql_create_user user pwd [host] -# | arg: user - the user name to create -ynh_psql_create_user_without_password() { - sudo su -c "psql" postgres <<< \ - "CREATE USER ${1};" -} - -# Create a database and grant optionnaly privilegies to a user -# -# usage: ynh_mysql_create_db db [user [pwd]] -# | arg: db - the database name to create -# | arg: user - the user to grant privilegies -# | arg: pwd - the password to identify user by -ynh_psql_create_db() { - db=$1 - # grant all privilegies to user - if [[ $# -gt 1 ]]; then - ynh_psql_create_user ${2} "${3}" - sudo su -c "createdb -O ${2} $db" postgres - else - sudo su -c "createdb $db" postgres - fi - -} - -# Drop a role -# -# usage: ynh_mysql_drop_role db -# | arg: db - the database name to drop -ynh_psql_drop_role() { - sudo su -c "psql" postgres <<< \ - "DROP ROLE ${1};" -} - -# Drop a database -# -# usage: ynh_mysql_drop_db db -# | arg: db - the database name to drop -ynh_psql_drop_db() { - sudo su -c "dropdb ${1}" postgres -} - -# Drop a user -# -# usage: ynh_mysql_drop_user user -# | arg: user - the user name to drop -ynh_psql_drop_user() { - sudo su -c "dropuser ${1}" postgres -} - -# Remove a file or a directory securely -# -# usage: ynh_secure_remove path_to_remove -# | arg: path_to_remove - File or directory to remove -ynh_secure_remove () { - path_to_remove=$1 - forbidden_path=" \ - /var/www \ - /home/yunohost.app" - - if [[ "$forbidden_path" =~ "$path_to_remove" \ - # Match all path or subpath in $forbidden_path - || "$path_to_remove" =~ ^/[[:alnum:]]+$ \ - # Match all first level path from / (Like /var, /root, etc...) - || "${path_to_remove:${#path_to_remove}-1}" = "/" ]] - # Match if the path finish by /. Because it's seems there is an empty variable - then - echo "Avoid deleting of $path_to_remove." >&2 - else - if [ -e "$path_to_remove" ] - then - sudo rm -R "$path_to_remove" - else - echo "$path_to_remove doesn't deleted because it's not exist." >&2 - fi - fi -} \ No newline at end of file diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..7d4f823 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,175 @@ +#!/bin/bash + + +# Execute a command as another user +# usage: exec_as USER COMMAND [ARG ...] +exec_as() { + local user=$1 + shift 1 + + if [[ $user = $(whoami) ]]; then + eval "$@" + else + sudo --login --user="$user" "$@" + fi +} + +#================================================= +# +# POSTGRES HELPERS +# +# Point of contact : Jean-Baptiste Holcroft +#================================================= + +# Create a master password and set up global settings +# Please always call this script in install and restore scripts +# +# usage: ynh_psql_test_if_first_run + +ynh_psql_test_if_first_run() { + if [ -f /etc/yunohost/psql ]; + then + echo "PostgreSQL is already installed, no need to create master password" + else + pgsql=$(ynh_string_random) + pg_hba="" + echo "$pgsql" >> /etc/yunohost/psql + + if [ -e /etc/postgresql/9.4/ ] + then + pg_hba=/etc/postgresql/9.4/main/pg_hba.conf + elif [ -e /etc/postgresql/9.6/ ] + then + pg_hba=/etc/postgresql/9.6/main/pg_hba.conf + else + ynh_die "postgresql shoud be 9.4 or 9.6" + fi + + systemctl start postgresql + sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$pgsql'" postgres + + # force all user to connect to local database using passwords + # https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF + # Note: we can't use peer since YunoHost create users with nologin + # See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user + sed -i '/local\s*all\s*all\s*peer/i \ + local all all password' "$pg_hba" + systemctl enable postgresql + systemctl reload postgresql + fi +} + +# Open a connection as a user +# +# example: ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;" +# example: ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql +# +# usage: ynh_psql_connect_as user pwd [db] +# | arg: user - the user name to connect as +# | arg: pwd - the user password +# | arg: db - the database to connect to +ynh_psql_connect_as() { + user="$1" + pwd="$2" + db="$3" + sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$pwd" psql "$db" +} + +# # Execute a command as root user +# +# usage: ynh_psql_execute_as_root sql [db] +# | arg: sql - the SQL command to execute +# | arg: db - the database to connect to +ynh_psql_execute_as_root () { + sql="$1" + sudo --login --user=postgres psql <<< "$sql" +} + +# Execute a command from a file as root user +# +# usage: ynh_psql_execute_file_as_root file [db] +# | arg: file - the file containing SQL commands +# | arg: db - the database to connect to +ynh_psql_execute_file_as_root() { + file="$1" + db="$2" + sudo --login --user=postgres psql "$db" < "$file" +} + +# Create a database, an user and its password. Then store the password in the app's config +# +# After executing this helper, the password of the created database will be available in $db_pwd +# It will also be stored as "psqlpwd" into the app settings. +# +# usage: ynh_psql_setup_db user name [pwd] +# | arg: user - Owner of the database +# | arg: name - Name of the database +# | arg: pwd - Password of the database. If not given, a password will be generated +ynh_psql_setup_db () { + db_user="$1" + app="$1" + db_name="$2" + new_db_pwd=$(ynh_string_random) # Generate a random password + # If $3 is not given, use new_db_pwd instead for db_pwd. + db_pwd="${3:-$new_db_pwd}" + ynh_psql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database + ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config +} + +# Create a database and grant privilegies to a user +# +# usage: ynh_psql_create_db db [user [pwd]] +# | arg: db - the database name to create +# | arg: user - the user to grant privilegies +# | arg: pwd - the user password +ynh_psql_create_db() { + db="$1" + user="$2" + pwd="$3" + ynh_psql_create_user "$user" "$pwd" + sudo --login --user=postgres createdb --owner="$user" "$db" +} + +# Drop a database +# +# usage: ynh_psql_drop_db db +# | arg: db - the database name to drop +# | arg: user - the user to drop +ynh_psql_remove_db() { + db="$1" + user="$2" + sudo --login --user=postgres dropdb "$db" + ynh_psql_drop_user "$user" +} + +# Dump a database +# +# example: ynh_psql_dump_db 'roundcube' > ./dump.sql +# +# usage: ynh_psql_dump_db db +# | arg: db - the database name to dump +# | ret: the psqldump output +ynh_psql_dump_db() { + db="$1" + sudo --login --user=postgres pg_dump "$db" +} + + +# Create a user +# +# usage: ynh_psql_create_user user pwd [host] +# | arg: user - the user name to create +ynh_psql_create_user() { + user="$1" + pwd="$2" + sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd'" postgres +} + +# Drop a user +# +# usage: ynh_psql_drop_user user +# | arg: user - the user name to drop +ynh_psql_drop_user() { + user="$1" + sudo --login --user=postgres dropuser "$user" +} diff --git a/scripts/_future.sh b/scripts/_future.sh new file mode 100644 index 0000000..82f255c --- /dev/null +++ b/scripts/_future.sh @@ -0,0 +1,127 @@ +#!/bin/bash + +# needed to have "service_name" as an option +# https://github.com/YunoHost/yunohost/commit/9c4ddcca39d9d6d92bd5f9a23978337e48d0a4e1 +ynh_add_systemd_config () { + local service_name="${1:-$app}" + + finalsystemdconf="/etc/systemd/system/$service_name.service" + ynh_backup_if_checksum_is_different "$finalsystemdconf" + sudo cp ../conf/${2:-systemd.service} "$finalsystemdconf" + + # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. + # Substitute in a nginx config file only if the variable is not empty + if test -n "${final_path:-}"; then + ynh_replace_string "__FINALPATH__" "$final_path" "$finalsystemdconf" + fi + if test -n "${app:-}"; then + ynh_replace_string "__APP__" "$app" "$finalsystemdconf" + fi + ynh_store_file_checksum "$finalsystemdconf" + + sudo chown root: "$finalsystemdconf" + sudo systemctl enable $service_name + sudo systemctl daemon-reload +} + +# needed to have "service_name" as an option +# https://github.com/YunoHost/yunohost/commit/9c4ddcca39d9d6d92bd5f9a23978337e48d0a4e1 +ynh_remove_systemd_config () { + local service_name="${1:-$app}" + + local finalsystemdconf="/etc/systemd/system/$service_name.service" + if [ -e "$finalsystemdconf" ]; then + sudo systemctl stop $service_name + sudo systemctl disable $service_name + ynh_secure_remove "$finalsystemdconf" + sudo systemctl daemon-reload + fi +} + + +# LOCAL ADDITION: +# save file locally if not in the cache +# +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source () { + local dest_dir=$1 + local src_id=${2:-app} # If the argument is not given, source_id equals "app" + + # Load value from configuration file (see above for a small doc about this file + # format) + local src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_format=$(grep 'SOURCE_FORMAT=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_filename=$(grep 'SOURCE_FILENAME=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + + # Default value + src_sumprg=${src_sumprg:-sha256sum} + src_in_subdir=${src_in_subdir:-true} + src_format=${src_format:-tar.gz} + src_format=$(echo "$src_format" | tr '[:upper:]' '[:lower:]') + if [ "$src_filename" = "" ] ; then + src_filename="${src_id}.${src_format}" + fi + local local_src="/var/cache/yunohost/ynh_setup_source/${YNH_APP_ID}/${src_filename}" + + # if cache file exists and the checksum isn't good, download it again + # if not, just download the file + + if test -e "$local_src" + then + echo "${src_sum} ${local_src}" | ${src_sumprg} -c --status \ + || wget -nv -O $local_src $src_url + else + mkdir -p "/var/cache/yunohost/ynh_setup_source/${YNH_APP_ID}" + wget -nv -O $local_src $src_url + fi + cp $local_src $src_filename + + # Check the control sum + echo "${src_sum} ${src_filename}" | ${src_sumprg} -c --status \ + || ynh_die "Corrupt source" + + # Extract source into the app dir + mkdir -p "$dest_dir" + if [ "$src_format" = "zip" ] + then + # Zip format + # Using of a temp directory, because unzip doesn't manage --strip-components + if $src_in_subdir ; then + local tmp_dir=$(mktemp -d) + unzip -quo $src_filename -d "$tmp_dir" + cp -a $tmp_dir/*/. "$dest_dir" + ynh_secure_remove "$tmp_dir" + else + unzip -quo $src_filename -d "$dest_dir" + fi + else + local strip="" + if $src_in_subdir ; then + strip="--strip-components 1" + fi + if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]] ; then + tar -xf $src_filename -C "$dest_dir" $strip + else + ynh_die "Archive format unrecognized." + fi + fi + + # Apply patches + if (( $(find $YNH_CWD/../sources/patches/ -type f -name "${src_id}-*.patch" 2> /dev/null | wc -l) > "0" )); then + local old_dir=$(pwd) + (cd "$dest_dir" \ + && for p in $YNH_CWD/../sources/patches/${src_id}-*.patch; do \ + patch -p1 < $p; done) \ + || ynh_die "Unable to apply patches" + cd $old_dir + fi + + # Add supplementary files + if test -e "$YNH_CWD/../sources/extra_files/${src_id}"; then + cp -a $YNH_CWD/../sources/extra_files/$src_id/. "$dest_dir" + fi +} + diff --git a/scripts/backup b/scripts/backup index e4a5bba..5e134ac 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,47 +1,80 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -if [ ! -e .fonctions ]; then - # Get file fonction if not been to the current directory - sudo cp ../settings/scripts/.fonctions ./.fonctions - sudo chmod a+rx .fonctions +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + cp ../settings/scripts/_future.sh ./_future.sh + chmod a+rx _common.sh _future.sh fi -# Loads the generic functions usually used in the script -source .fonctions -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers +source _future.sh + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= # Get multi-instances specific variables app=$YNH_APP_INSTANCE_NAME # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) +final_path=$(ynh_app_setting_get "$app" final_path) +db_name=$(ynh_sanitize_dbid "$app") -# Copy the app files -final_path="/opt/${app}" -ynh_backup "$final_path" "sources" 1 +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= -# final_path on nginx -sudo sed -i "s@$final_path@__FINALPATH__@g" /etc/nginx/conf.d/${domain}.d/${app}.conf +ynh_backup "$final_path" + +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= + +ynh_psql_dump_db "$db_name" > db.sql + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP SYSTEMD +#================================================= + +ynh_backup "/etc/systemd/system/$app-web.service" +ynh_backup "/etc/systemd/system/$app-sidekiq.service" +ynh_backup "/etc/systemd/system/$app-streaming.service" + +#================================================= +# BACKUP THE CRON FILE +#================================================= # Copy the nginx conf files -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" -ynh_backup "/etc/cron.d/${app}" "cron.conf" -ynh_backup "/etc/systemd/system/mastodon-web.service" "systemd_web.service" -ynh_backup "/etc/systemd/system/mastodon-sidekiq.service" "systemd_sidekiq.service" -ynh_backup "/etc/systemd/system/mastodon-streaming.service" "systemd_streaming.service" +ynh_backup "/etc/cron.d/$app" + +#================================================= +# BACKUP THE sources.list FILES +#================================================= + ynh_backup "/etc/apt/sources.list.d/backports.list" "apt_backports.list" ynh_backup "/etc/apt/sources.list.d/yarn.list" "apt_yarn.list" - -# final_path on nginx -sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/${domain}.d/${app}.conf - -# Backup db -sudo su - postgres < mastodon_db.sql -COMMANDS -ynh_backup "/var/lib/postgresql/${app}_db.sql" "${app}_db.sql" -# Fix backup fail on yunohost 2.6 -#ynh_secure_remove /var/lib/postgresql/mastodon_db.sql diff --git a/scripts/install b/scripts/install index 3d5172f..8e505e7 100644 --- a/scripts/install +++ b/scripts/install @@ -1,17 +1,26 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -source .fonctions # Loads the generic functions usually used in the script -source /usr/share/yunohost/helpers # Source app helpers +source _common.sh +source /usr/share/yunohost/helpers +source _future.sh -CLEAN_SETUP () { - # Clean installation residues that are not supported by the remove script. - # Clean hosts - echo "" -} -TRAP_ON # Active trap to stop the script if an error is detected. +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================ domain=$YNH_APP_ARG_DOMAIN admin_mastodon=$YNH_APP_ARG_ADMIN @@ -19,217 +28,257 @@ admin_mastodon_mail=$(ynh_user_get_info $admin_mastodon 'mail') admin_pass=$YNH_APP_ARG_PASSWD language=$YNH_APP_ARG_LANGUAGE +path_url="/" + app=$YNH_APP_INSTANCE_NAME -CHECK_VAR "$app" "app name not set" +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= -CHECK_USER "$admin_mastodon" +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -CHECK_DOMAINPATH +# TODO: remove this test, don't as password anymore, generate it and send it by email to admin with: https://github.com/YunoHost-Apps/Experimental_helpers/tree/master/send_readme_to_admin +[[ ${#admin_pass} -gt 7 ]] || ynh_die "Password is too weak, must be longer than 7 characters" -CHECK_FINALPATH +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) + +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url + +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= ynh_app_setting_set $app domain $domain ynh_app_setting_set $app admin $admin_mastodon ynh_app_setting_set $app pass $admin_pass ynh_app_setting_set $app language $language +ynh_app_setting_set $app path $path_url -[[ ${#admin_pass} -gt 7 ]] || ynh_die \ -"The password is too weak, it must be longer than 7 characters" -# Create user unix -sudo adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login +#================================================= +# STANDARD MODIFICATIONS +#================================================= -# Install debian package -ynh_package_install imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev -# Install redis package -ynh_package_install redis-server redis-tools +#================================================= +# INSTALL DEPENDENCIES +#================================================= -# Install postgresql -ynh_package_install postgresql postgresql-contrib postgresql-server-dev-9.4 - -# Install Ruby -ynh_package_install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev +# TODO: add in a clean way backports and yarn # Import debian archive pubkey, need on ARM arch arch=$(uname -m) -if [[ $arch = arm* ]]; then - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 +if [[ "$arch" = arm* ]]; then + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 fi # Install source.list debian package backports & yarn -sudo cp ../conf/backports.list /etc/apt/sources.list.d/ -sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - -sudo cp ../conf/yarn.list /etc/apt/sources.list.d/ +cp ../conf/backports.list /etc/apt/sources.list.d/ +curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - +cp ../conf/yarn.list /etc/apt/sources.list.d/ ynh_package_update -# Install debian package backports -sudo apt-get -t jessie-backports -y install ffmpeg - # Creates the destination directory and stores its location. -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set "$app" final_path "$final_path" # Install de Node.js -pushd /opt -curl -sL https://deb.nodesource.com/setup_6.x | sudo bash - -sudo apt-get -y install nodejs +# TODO: use https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_install_nodejs/ynh_install_nodejs +( + cd /opt + curl -sL https://deb.nodesource.com/setup_6.x | bash - + apt-get -y install nodejs +) -# Install Yarn -ynh_package_install yarn +# TODO: use the same mecanism with other files +ynh_install_app_dependencies \ + `# debian packages ` \ + imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev \ + `# redis ` \ + redis-server redis-tools \ + `# postgresql ` \ + postgresql \ + `# Ruby ` \ + autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev \ + `# ffmpeg from backports ` \ + ffmpeg \ + `# Yarn ` \ + yarn +#================================================= +# CREATE A DATABASE +#================================================= + +# TODO: use non-official https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/postgres/postgres +# TODO: this commands doesn't looks like a requirement, you may fully remove it # Set UTF8 encoding by default -sudo su -c "psql" postgres <<< \ - "update pg_database set datistemplate='false' where datname='template1';" -sudo su -c "psql" postgres <<< \ - "drop database template1;" -sudo su -c "psql" postgres <<< \ - "create database template1 encoding='UTF8' template template0;" -sudo su -c "psql" postgres <<< \ - "update pg_database set datistemplate='true' where datname='template1';" -# Create DB without password -ynh_psql_create_db_without_password "$app" -sudo systemctl restart postgresql +ynh_psql_test_if_first_run + +db_user=$(ynh_sanitize_dbid "$app") +db_name=$(ynh_sanitize_dbid "$app") +db_pwd=$(ynh_string_random) +ynh_app_setting_set $app db_pwd $db_pwd +ynh_psql_setup_db "$db_user" "$db_name" "$db_pwd" + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= # Download all sources rbenv, ruby and mastodon -sudo su - $app <> ~/.profile -echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.bashrc -echo 'eval "\$(rbenv init -)"' >> ~/.profile -COMMANDS +( + cd $final_path/.rbenv + src/configure && make -C src + + echo "export PATH=\"$final_path/.rbenv/bin:$final_path/live/bin:\$PATH\" +eval \"\$(rbenv init -)\"" > $final_path/.profile + echo "export PATH=\"$final_path/.rbenv/bin:$final_path/live/bin:\$PATH\"" > $final_path/.bashrc +) # Install ruby-build -sudo su - $app <> .env.production -RAILS_ENV=production bin/bundle exec rails db:setup -RAILS_ENV=production bin/bundle exec rails --trace assets:precompile -CCOMMANDS +RAILS_ENV=production $final_path/live/bin/bundle exec rails db:migrate --quiet +RAILS_ENV=production $final_path/live/bin/bundle exec rails assets:precompile --quiet +INSTALL +) -# init rbenv & create bundle -sudo su - $app <=2.4 -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -if [ ! -e .fonctions ]; then - # Get file fonction if not been to the current directory - sudo cp ../settings/scripts/.fonctions ./.fonctions - sudo chmod a+rx .fonctions +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + cp ../settings/scripts/_future.sh ./_future.sh + chmod a+rx _common.sh _future.sh fi -# Loads the generic functions usually used in the script -source .fonctions -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers +source _future.sh + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= -# The parameter $app is the id of the app instance ex: ynhexample__2 app=$YNH_APP_INSTANCE_NAME # Get old parameter of the app domain=$(ynh_app_setting_get $app domain) -path=$(ynh_app_setting_get $app path) +path_url=$(ynh_app_setting_get $app path) is_public=$(ynh_app_setting_get $app is_public) +final_path=$(ynh_app_setting_get "$app" final_path) -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || ynh_die "Path not available: ${domain}${path}" +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= -# Check $final_path -final_path="/opt/${app}" -if [ -d $final_path ]; then - ynh_die "There is already a directory: $final_path" -fi +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ +|| ynh_die "There is already a directory: $final_path " -# Check configuration files nginx -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -if [ -f $nginx_conf ]; then - ynh_die "The NGINX configuration already exists at '${nginx_conf}'. - You should safely delete it before restoring this app." -fi -# Check configuration files php-fpm -crontab_conf="/etc/cron.d/${app}" -if [ -f $crontab_conf ]; then - ynh_die "The CRONTAB configuration already exists at '${crontab_conf}'. - You should safely delete it before restoring this app." -fi +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= -# Restore services -web_systemd="/etc/systemd/system/${app}-web.service" -if [ -f "${web_systemd}" ]; then - ynh_die "The MASTODON WEB configuration already exists at '${web_systemd}'. - You should safely delete it before restoring this app." -fi -sidekiq_systemd="/etc/systemd/system/${app}-sidekiq.service" -if [ -f "${sidekiq_systemd}" ]; then - ynh_die "The MASTODON SIDEKIQ configuration already exists at '${sidekiq_systemd}'. - You should safely delete it before restoring this app." -fi -streaming_systemd="/etc/systemd/system/${app}-streaming.service" -if [ -f "${streaming_systemd}" ]; then - ynh_die "The MASTODON STREAMING configuration already exists at '${streaming_systemd}'. - You should safely delete it before restoring this app." -fi +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= + +ynh_restore_file "$final_path" + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= # Create user unix -sudo adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login +adduser $app --home $final_path --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password -# Reinstall dependencies - # Install debian package - ynh_package_install imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler +#================================================= +# RESTORE USER RIGHTS +#================================================= - # Install redis package - ynh_package_install redis-server redis-tools +# Restore permissions on app files +chown -R $app: $final_path - # Install postgresql - ynh_package_install postgresql postgresql-contrib +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= - # Install Ruby - ynh_package_install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev +# TODO: add in a clean way backports and yarn - # Install source.list debian package backports & yarn - sudo cp ./apt_backports.list /etc/apt/sources.list.d/backports.list - sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - - sudo cp ./apt_yarn.list /etc/apt/sources.list.d/yarn.list - ynh_package_update +# Import debian archive pubkey, need on ARM arch +arch=$(uname -m) +if [[ "$arch" = arm* ]]; then + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 +fi - # Install debian package backports - sudo apt-get -t jessie-backports -y install ffmpeg +# Install source.list debian package backports & yarn +cp ../conf/backports.list /etc/apt/sources.list.d/ +curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - +cp ../conf/yarn.list /etc/apt/sources.list.d/ +ynh_package_update - # Install de Node.js - pushd /opt - curl -sL https://deb.nodesource.com/setup_6.x | sudo bash - - sudo apt-get -y install nodejs +# Install de Node.js +# TODO: use https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_install_nodejs/ynh_install_nodejs +( + cd /opt + curl -sL https://deb.nodesource.com/setup_6.x | bash - + apt-get -y install nodejs +) - # Install Yarn - ynh_package_install yarn +# TODO: use the same mecanism with other files +ynh_install_app_dependencies \ + `# debian packages ` \ + imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev \ + `# redis ` \ + redis-server redis-tools \ + `# postgresql ` \ + postgresql \ + `# Ruby ` \ + autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev \ + `# ffmpeg from backports ` \ + ffmpeg \ + `# Yarn ` \ + yarn - # Return to home - popd +#================================================= +# RESTORE THE PostgreSQL DATABASE +#================================================= - # Restore sources & data -sudo cp -a ./sources/. "$final_path" +# Restore PostgreSQL database +db_user=$(ynh_sanitize_dbid "$app") +db_name=$(ynh_sanitize_dbid "$app") +db_pwd=$(ynh_app_setting_get "$app" db_pwd) -# Set permissions -sudo chown -R $app: "$final_path" +ynh_psql_test_if_first_run +ynh_psql_setup_db "$db_name" "$db_name" "$db_pwd" +ynh_psql_execute_file_as_root ./db.sql "$db_name" -# Debug -sudo ls -alh "$final_path" +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= -# Set UTF8 encoding by default -sudo su -c "psql" postgres <<< \ - "update pg_database set datistemplate='false' where datname='template1';" -sudo su -c "psql" postgres <<< \ - "drop database template1;" -sudo su -c "psql" postgres <<< \ - "create database template1 encoding='UTF8' template template0;" -sudo su -c "psql" postgres <<< \ - "update pg_database set datistemplate='true' where datname='template1';" +yunohost service add $app-web +yunohost service add $app-sidekiq +yunohost service add $app-streaming -# Install rbenv -sudo su - $app <> ~/.profile -echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.bashrc -echo 'eval "\$(rbenv init -)"' >> ~/.profile -COMMANDS +#================================================= +# RESTORE SYSTEMD +#================================================= -# Create user for db postgresql -ynh_psql_create_db_without_password "$app" +ynh_restore_file "/etc/systemd/system/$app-web.service" +ynh_restore_file "/etc/systemd/system/$app-sidekiq.service" +ynh_restore_file "/etc/systemd/system/$app-streaming.service" +systemctl enable "$app-web" "$app-sidekiq" "$app-streaming" -# Setup database -#sudo su - $app <