From 128aa107baf2bbf713a6af43182e1bc6d9c7a1a7 Mon Sep 17 00:00:00 2001
From: magikcypress <cyp@rouquin.me>
Date: Tue, 18 Apr 2017 02:47:58 +0200
Subject: [PATCH 1/3] [fix] secure rm + upgrade

---
 scripts/.fonctions | 28 ++++++++++++++++++++++++++++
 scripts/backup     |  5 +++--
 scripts/remove     | 20 +++++++++-----------
 scripts/restore    | 12 +++++++++++-
 scripts/upgrade    |  2 +-
 5 files changed, 52 insertions(+), 15 deletions(-)

diff --git a/scripts/.fonctions b/scripts/.fonctions
index 0a148a6..064a0c9 100644
--- a/scripts/.fonctions
+++ b/scripts/.fonctions
@@ -226,3 +226,31 @@ ynh_psql_drop_db() {
 ynh_psql_drop_user() {
     sudo su -c "dropuser ${1}" postgres
 }
+
+# Remove a file or a directory securely
+#
+# usage: ynh_secure_remove path_to_remove
+# | arg: path_to_remove - File or directory to remove
+ynh_secure_remove () {
+  path_to_remove=$1
+  forbidden_path=" \
+  /var/www \
+  /home/yunohost.app"
+
+  if [[ "$forbidden_path" =~ "$path_to_remove" \
+    # Match all path or subpath in $forbidden_path
+    || "$path_to_remove" =~ ^/[[:alnum:]]+$ \
+    # Match all first level path from / (Like /var, /root, etc...)
+    || "${path_to_remove:${#path_to_remove}-1}" = "/" ]]
+    # Match if the path finish by /. Because it's seems there is an empty variable
+  then
+    echo "Avoid deleting of $path_to_remove." >&2
+  else
+    if [ -e "$path_to_remove" ]
+    then
+      sudo rm -R "$path_to_remove"
+    else
+      echo "$path_to_remove doesn't deleted because it's not exist." >&2
+    fi
+  fi
+}
\ No newline at end of file
diff --git a/scripts/backup b/scripts/backup
index 0ea98a6..6e77acf 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -25,6 +25,7 @@ ynh_backup "/etc/systemd/system/mastodon-streaming.service" "systemd_streaming.s
 
 # Backup db
 sudo su - postgres <<COMMANDS
-pg_dump mastodon_production > /home/backup/mastodon_db.sql
+pg_dump -U mastodon mastodon_production > mastodon_db.sql
 COMMANDS
-ynh_backup "/home/backup/mastodon_db.sql" "mastodon_db.sql"
\ No newline at end of file
+ynh_backup "./mastodon_db.sql" "mastodon_db.sql"
+ynh_secure_remove /var/lib/postgresql/mastodon_db.sql
\ No newline at end of file
diff --git a/scripts/remove b/scripts/remove
index a65bf14..6ddf97b 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -17,7 +17,7 @@ domain=$(ynh_app_setting_get "$app" domain)
 if [ -e "/etc/systemd/system/mastodon-web.service" ]; then
 	echo "Delete systemd script"
 	sudo systemctl stop mastodon-web.service
-	sudo rm "/etc/systemd/system/mastodon-web.service"
+	ynh_secure_remove "/etc/systemd/system/mastodon-web.service"
 	sudo systemctl disable mastodon-web.service
 fi
 
@@ -25,7 +25,7 @@ fi
 if [ -e "/etc/systemd/system/mastodon-sidekiq.service" ]; then
 	echo "Delete systemd script"
 	sudo systemctl stop mastodon-sidekiq.service
-	sudo rm "/etc/systemd/system/mastodon-sidekiq.service"
+	ynh_secure_remove "/etc/systemd/system/mastodon-sidekiq.service"
 	sudo systemctl disable mastodon-sidekiq.service
 fi
 
@@ -33,7 +33,7 @@ fi
 if [ -e "/etc/systemd/system/mastodon-streaming.service" ]; then
 	echo "Delete systemd script"
 	sudo systemctl stop mastodon-sidekiq.streaming
-	sudo rm "/etc/systemd/system/mastodon-streaming.service"
+	ynh_secure_remove "/etc/systemd/system/mastodon-streaming.service"
 	sudo systemctl disable mastodon-streaming.service
 fi
 
@@ -73,27 +73,25 @@ sudo apt-get remove --purge -y yarn
 #sudo apt-get remove --purge -y autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev
 
 # Delete app directory and configurations
-SECURE_REMOVE '/opt/$app'
+ynh_secure_remove /opt/$app
 [[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf"
 
 # Delete nginx configuration
 REMOVE_NGINX_CONF
 
-# Delete log
-SECURE_REMOVE '/var/log/$app/'
 # Delete cronlog
-SECURE_REMOVE '/etc/cron.d/$app'
+ynh_secure_remove /etc/cron.d/$app
 # Delete source.list
-sudo rm /etc/apt/sources.list.d/backports.list
-sudo rm /etc/apt/sources.list.d/yarn.list
+ynh_secure_remove /etc/apt/sources.list.d/backports.list
+ynh_secure_remove /etc/apt/sources.list.d/yarn.list
 
 # Delete ruby exec
-sudo rm /usr/bin/ruby
+ynh_secure_remove /usr/bin/ruby
 
 # Remove user
 sudo userdel -f $app
 
 # Reload services
-sudo service nginx reload
+sudo systemctl reload nginx
 
 echo -e "\e[0m"	# Restore normal color
diff --git a/scripts/restore b/scripts/restore
index f1c80ee..f79ee1c 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -61,10 +61,20 @@ sudo cp -a ./sources "$final_path"
 # Set permissions
 sudo chown -R $app: "$final_path"
 
+# Set UTF8 encoding by default
+sudo su -c "psql" postgres <<< \
+        "update pg_database set datistemplate='false' where datname='template1';"
+sudo su -c "psql" postgres <<< \
+	      "drop database template1;"
+sudo su -c "psql" postgres <<< \
+	      "create database template1 encoding='UTF8' template template0;"
+sudo su -c "psql" postgres <<< \
+	      "update pg_database set datistemplate='true' where datname='template1';"
+
 # Restore db
 ynh_psql_create_db_without_password "$app"
 sudo su - postgres <<COMMANDS
-pg_dump mastodon_production < ./mastodon_db.sql
+pg_dump -U mastodon mastodon_production < ./mastodon_db.sql
 COMMANDS
 
 # Restore Mastodon
diff --git a/scripts/upgrade b/scripts/upgrade
index 367ee94..c914a9c 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -39,7 +39,7 @@ sudo su - $app <<COMMANDS
 pushd ~/live
 git fetch
 git pull https://github.com/tootsuite/mastodon.git master
-git checkout v1.2
+git checkout $(git tag | tail -n 1)
 bin/bundle install
 yarn install --production
 RAILS_ENV=production bundle exec rails assets:clean

From 82fa072ce64ccf0307a650a66c5d578fb749d40f Mon Sep 17 00:00:00 2001
From: magikcypress <cyp@rouquin.me>
Date: Wed, 19 Apr 2017 02:37:40 +0200
Subject: [PATCH 2/3] [fix] Secret key install + backup correct + restore (need
 test restore)

---
 scripts/backup  | 17 ++++++++++++-----
 scripts/install |  9 ++++++---
 scripts/restore | 41 ++++++++++++++++++++++++++++++++++++-----
 scripts/upgrade |  6 ++++--
 4 files changed, 58 insertions(+), 15 deletions(-)

diff --git a/scripts/backup b/scripts/backup
index 6e77acf..bb90997 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -3,12 +3,19 @@
 # Exit on command errors and treat unset variables as an error
 set -eu
 
-# Get multi-instances specific variables
-app=$YNH_APP_INSTANCE_NAME
-
+if [ ! -e .fonctions ]; then
+	# Get file fonction if not been to the current directory
+	sudo cp ../settings/scripts/.fonctions ./.fonctions
+	sudo chmod a+rx .fonctions
+fi
+# Loads the generic functions usually used in the script
+source .fonctions
 # Source app helpers
 source /usr/share/yunohost/helpers
 
+# Get multi-instances specific variables
+app=$YNH_APP_INSTANCE_NAME
+
 # Retrieve app settings
 domain=$(ynh_app_setting_get "$app" domain)
 
@@ -25,7 +32,7 @@ ynh_backup "/etc/systemd/system/mastodon-streaming.service" "systemd_streaming.s
 
 # Backup db
 sudo su - postgres <<COMMANDS
-pg_dump -U mastodon mastodon_production > mastodon_db.sql
+pg_dump --role=mastodon -U postgres --no-password mastodon_production > mastodon_db.sql
 COMMANDS
-ynh_backup "./mastodon_db.sql" "mastodon_db.sql"
+ynh_backup "/var/lib/postgresql/${app}_db.sql" "${app}_db.sql"
 ynh_secure_remove /var/lib/postgresql/mastodon_db.sql
\ No newline at end of file
diff --git a/scripts/install b/scripts/install
index d99ffe2..cf4b720 100644
--- a/scripts/install
+++ b/scripts/install
@@ -135,9 +135,12 @@ sudo sed -i "s@LOCAL_DOMAIN=example.com@LOCAL_DOMAIN=${domain}@g" "${final_path}
 language="$(echo $language | head -c 2)"
 sudo sed -i "s@# DEFAULT_LOCALE=de@DEFAULT_LOCALE=${language}@g" "${final_path}/live/.env.production"
 
-sudo sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=$(head -n128 /dev/urandom | tr -dc -d 'a-z0-9' | head -c128)@g" "${final_path}/live/.env.production"
-sudo sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=$(head -n128 /dev/urandom | tr -dc -d 'a-z0-9' | head -c128)@g" "${final_path}/live/.env.production"
-sudo sed -i "s@OTP_SECRET=@OTP_SECRET=$(head -n128 /dev/urandom | tr -dc -d 'a-z0-9' | head -c128)@g" "${final_path}/live/.env.production"
+paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
+secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
+otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
+sudo sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=${paperclip_secret}@g" "${final_path}/live/.env.production"
+sudo sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=${secret_key_base}@g" "${final_path}/live/.env.production"
+sudo sed -i "s@OTP_SECRET=@OTP_SECRET=${otp_secret}@g" "${final_path}/live/.env.production"
 
 sudo sed -i 's,SMTP_LOGIN=,SMTP_LOGIN='${admin_mastodon}'@'${domain}',' "${final_path}/live/.env.production"
 sudo sed -i "s@SMTP_PASSWORD=@SMTP_PASSWORD=${admin_pass}@g" "${final_path}/live/.env.production"
diff --git a/scripts/restore b/scripts/restore
index f79ee1c..f754d81 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -4,12 +4,19 @@
 # Exit on command errors and treat unset variables as an error
 set -eu
 
-# The parameter $app is the id of the app instance ex: ynhexample__2
-app=$YNH_APP_INSTANCE_NAME
-
+if [ ! -e .fonctions ]; then
+	# Get file fonction if not been to the current directory
+	sudo cp ../settings/scripts/.fonctions ./.fonctions
+	sudo chmod a+rx .fonctions
+fi
+# Loads the generic functions usually used in the script
+source .fonctions
 # Source app helpers
 source /usr/share/yunohost/helpers
 
+# The parameter $app is the id of the app instance ex: ynhexample__2
+app=$YNH_APP_INSTANCE_NAME
+
 # Get old parameter of the app
 domain=$(ynh_app_setting_get $app domain)
 path=$(ynh_app_setting_get $app path)
@@ -30,7 +37,7 @@ nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
 if [ -f $nginx_conf ]; then
 	ynh_die "The NGINX configuration already exists at '${nginx_conf}'. 
 	You should safely delete it before restoring this app."
-
+fi
 # Check configuration files php-fpm
 crontab_conf="/etc/cron.d/${app}"
 if [ -f $crontab_conf ]; then 
@@ -55,6 +62,9 @@ if [ -f "${streaming_systemd}" ]; then
 	You should safely delete it before restoring this app."
 fi
 
+# Create user unix
+sudo adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login
+
  # Restore sources & data
 sudo cp -a ./sources "$final_path"
 
@@ -74,9 +84,12 @@ sudo su -c "psql" postgres <<< \
 # Restore db
 ynh_psql_create_db_without_password "$app"
 sudo su - postgres <<COMMANDS
-pg_dump -U mastodon mastodon_production < ./mastodon_db.sql
+pg_dump --role=mastodon -U postgres --no-password mastodon < $YNH_APP_BACKUP_DIR/mastodon_db.sql
 COMMANDS
 
+# Create symlink for ruby
+sudo ln -s /opt/mastodon/.rbenv/versions/2.4.1/bin/ruby /usr/bin/ruby || true
+
 # Restore Mastodon
 sudo su - $app <<RCOMMANDS
 cd ~/live
@@ -89,5 +102,23 @@ sudo cp -a ./nginx.conf   "$nginx_conf"
 # Restore crontab
 sudo cp -a ./cron.conf "$crontab_conf"
 
+sudo cp ../conf/mastodon-web.service /etc/systemd/system/mastodon-web.service
+sudo chown root: /etc/systemd/system/mastodon-web.service
+sudo cp ../conf/mastodon-sidekiq.service /etc/systemd/system/mastodon-sidekiq.service
+sudo chown root: /etc/systemd/system/mastodon-sidekiq.service
+sudo cp ../conf/mastodon-streaming.service /etc/systemd/system/mastodon-streaming.service
+sudo chown root: /etc/systemd/system/mastodon-streaming.service
+
+sudo systemctl daemon-reload
+sudo systemctl enable /etc/systemd/system/mastodon-*.service
+sudo systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
+# debug
+sudo systemctl status mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
+
+# Add service YunoHost
+sudo yunohost service add mastodon-web
+sudo yunohost service add mastodon-sidekiq
+sudo yunohost service add mastodon-streaming
+
 # Reload services
 sudo systemctl reload nginx
\ No newline at end of file
diff --git a/scripts/upgrade b/scripts/upgrade
index c914a9c..1dffb98 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -3,8 +3,10 @@
 # Exit on command errors and treat unset variables as an error
 set -eu
 
-source .fonctions	# Loads the generic functions usually used in the script
-source /usr/share/yunohost/helpers # Source YunoHost helpers
+# Loads the generic functions usually used in the script
+source .fonctions
+# Source YunoHost helpers
+source /usr/share/yunohost/helpers
 
 # See comments in install script
 app=$YNH_APP_INSTANCE_NAME

From 7c60ab9d4b0edc139aec323d6e94b44178034d00 Mon Sep 17 00:00:00 2001
From: magikcypress <cyp@rouquin.me>
Date: Wed, 19 Apr 2017 15:00:57 +0200
Subject: [PATCH 3/3] [fix] admin password label

---
 manifest.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index 97ab963..c8d1a89 100644
--- a/manifest.json
+++ b/manifest.json
@@ -44,8 +44,8 @@
                 "name": "passwd",
                 "type": "password",
                 "ask": {
-                    "en": "Add password for the Admin YunoHost",
-                    "fr": "Ajouter le mot de passe l'Administrateur YunoHost"
+                    "en": "Enter password of this administrator",
+                    "fr": "Ajouter le mot de passe pour cette administrateur"
                 },
                 "example": "adminpassword"
             },