From d30042b577ac775757a232cf355c89c61368788e Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Sun, 26 Sep 2021 19:43:05 +0200
Subject: [PATCH] Fix

---
 scripts/backup  | 12 ++++++++----
 scripts/install | 19 ++++++++++++-------
 scripts/remove  | 10 +++++++++-
 scripts/restore | 24 ++++++++++++++----------
 scripts/upgrade | 44 +++++++++++++++++++++++---------------------
 5 files changed, 66 insertions(+), 43 deletions(-)

diff --git a/scripts/backup b/scripts/backup
index a64c9b1..98ca6fc 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -14,10 +14,6 @@ source /usr/share/yunohost/helpers
 # MANAGE SCRIPT FAILURE
 #=================================================
 
-ynh_clean_setup () {
-	### Remove this function if there's nothing to clean before calling the remove script.
-	true
-}
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
@@ -49,6 +45,14 @@ ynh_backup --src_path="$final_path"
 
 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
+#=================================================
+# SPECIFIC BACKUP
+#=================================================
+# BACKUP LOGROTATE
+#=================================================
+
+ynh_backup --src_path="/etc/logrotate.d/$app"
+
 #=================================================
 # BACKUP SYSTEMD
 #=================================================
diff --git a/scripts/install b/scripts/install
index 78fa0ed..ee03340 100755
--- a/scripts/install
+++ b/scripts/install
@@ -69,7 +69,7 @@ ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
 
 ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
 
-curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - 
+#curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - 
 ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
 
 #=================================================
@@ -89,7 +89,7 @@ ynh_psql_setup_db --db_user=$db_name --db_name=$db_name
 ynh_script_progression --message="Configuring system user..." --weight=2
 
 # Create a system user
-ynh_system_user_create --username=$app
+ynh_system_user_create --username=$app --home_dir="$final_path"
 
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
@@ -100,6 +100,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -121,6 +125,8 @@ ynh_add_systemd_config
 #=================================================
 
 ynh_add_config --template="../conf/default.yml" --destination="$final_path/.config/default.yml"
+chmod 400 "$final_path/.config/default.yml"
+chown $app:$app "$final_path/.config/default.yml"
 
 #=================================================
 # INSTALLING MISKKEY
@@ -134,13 +140,12 @@ pushd "$final_path"
 popd
 
 #=================================================
-# GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
+# SETUP LOGROTATE
 #=================================================
+ynh_script_progression --message="Configuring log rotation..." --weight=1
 
-# Set permissions to app files
-chown -R $app: $final_path
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
diff --git a/scripts/remove b/scripts/remove
index dcac200..6c252f3 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -41,7 +41,15 @@ fi
 ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
 
 # Remove the dedicated systemd config
-ynh_remove_systemd_config  --service="$app"
+ynh_remove_systemd_config
+
+#=================================================
+# REMOVE LOGROTATE CONFIGURATION
+#=================================================
+ynh_script_progression --message="Removing logrotate configuration..." --weight=1
+
+# Remove the app-specific logrotate config
+ynh_remove_logrotate
 
 #=================================================
 # REMOVE THE POSTGRESQL DATABASE
diff --git a/scripts/restore b/scripts/restore
index 36d0cf8..2cab8e9 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -50,13 +50,6 @@ test ! -d $final_path \
 
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
-#=================================================
-# RESTORE THE APP MAIN DIR
-#=================================================
-ynh_script_progression --message="Restoring the app main directory..." --weight=1
-
-ynh_restore_file --origin_path="$final_path"
-
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
@@ -66,11 +59,15 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
 ynh_system_user_create --username=$app --home_dir="$final_path"
 
 #=================================================
-# RESTORE USER RIGHTS
+# RESTORE THE APP MAIN DIR
 #=================================================
+ynh_script_progression --message="Restoring the app main directory..." --weight=1
 
-# Restore permissions on app files
-chown -R $app: $final_path
+ynh_restore_file --origin_path="$final_path"
+
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
 
 #=================================================
 # SPECIFIC RESTORATION
@@ -103,6 +100,13 @@ ynh_script_progression --message="Restoring the systemd configuration..." --weig
 ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
 systemctl enable $app.service --quiet
 
+#=================================================
+# RESTORE THE LOGROTATE CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1
+
+ynh_restore_file --origin_path="/etc/logrotate.d/$app"
+
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 81932fe..5e6e797 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -29,6 +29,20 @@ port=$(ynh_app_setting_get --app=$app --key=port)
 
 upgrade_type=$(ynh_check_app_version_changed)
 
+#=================================================
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+#=================================================
+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
+
+# Backup the current version of the app
+ynh_backup_before_upgrade
+ynh_clean_setup () {
+	# restore it if the upgrade fails
+	ynh_restore_upgradebackup
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
@@ -53,20 +67,6 @@ if ynh_legacy_permissions_exists; then
 	ynh_app_setting_delete --app=$app --key=is_public
 fi
 
-#=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
-#=================================================
-ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
-
-# Backup the current version of the app
-ynh_backup_before_upgrade
-ynh_clean_setup () {
-	# restore it if the upgrade fails
-	ynh_restore_upgradebackup
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
@@ -82,7 +82,7 @@ ynh_systemd_action --service_name=$app --action=stop --log_path=systemd --line_m
 ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
 
 # Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
+ynh_system_user_create --username=$app --home_dir="$final_path"
 
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
@@ -96,6 +96,10 @@ then
 	ynh_setup_source --dest_dir="$final_path" --keep="$final_path/.config/default.yml"
 fi
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -113,7 +117,6 @@ ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
 
 ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
 
-curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - 
 ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
 
 #=================================================
@@ -135,13 +138,12 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
 ynh_add_systemd_config
 
 #=================================================
-# GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
+# SETUP LOGROTATE
 #=================================================
+ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
 
-# Set permissions on app files
-chown -R $app: $final_path
+# Use logrotate to manage app-specific logfile(s)
+ynh_use_logrotate --non-append
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST