diff --git a/conf/.env b/conf/.env new file mode 100644 index 0000000..620563f --- /dev/null +++ b/conf/.env @@ -0,0 +1,25 @@ +# Settings +MOBILIZON_INSTANCE_NAME="__NAME__" +MOBILIZON_INSTANCE_HOST="__DOMAIN__" +MOBILIZON_INSTANCE_EMAIL="__ADMIN_EMAIL__" +MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true + +# API +GRAPHQL_API_ENDPOINT="https://__DOMAIN__" +GRAPHQL_API_FULL_PATH="" + +# APP +MIX_ENV=prod +MOBILIZON_INSTANCE_PORT=__PORT__ +MOBILIZON_LOGLEVEL="info" +MOBILIZON_SECRET="__SECRET__" + +# Database +MOBILIZON_DATABASE_USERNAME="__DB_USER__" +MOBILIZON_DATABASE_PASSWORD="__DB_PWD__" +MOBILIZON_DATABASE_DBNAME="__DB_NAME__" +MOBILIZON_DATABASE_HOST="localhost" +MOBILIZON_DATABASE_PORT="5432" + + +MOBILIZON_LOGLEVEL="info" \ No newline at end of file diff --git a/conf/app.src b/conf/app.src index e4dd89f..5559d76 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=url of app's source -SOURCE_SUM=sha256 checksum +SOURCE_URL=https://framagit.org/framasoft/mobilizon/-/archive/master/2dcd65ea78e412365ab969c56279ea6653f5c54f.gz +SOURCE_SUM=543e318790be4338a140b51ddb98ca782a46cb0102e28b09ee76477a4a4ae52a SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/nginx.conf b/conf/nginx.conf index f2277ea..77b72b2 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,33 +1,18 @@ -#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; -location __PATH__/ { + location / { + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } - # Path to source - alias __FINALPATH__/ ; + # Standard nginx configuration + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } + proxy_pass http://localhost:__PORT__; -### Example PHP configuration (remove it if not used) - index index.php; + client_max_body_size 16m; - # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file - #client_max_body_size 50M; - - try_files $uri $uri/ index.php; - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; - - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - } -### End of PHP configuration part - - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; -} + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; + } diff --git a/conf/prod.exs b/conf/prod.exs new file mode 100644 index 0000000..e50d0ba --- /dev/null +++ b/conf/prod.exs @@ -0,0 +1,99 @@ +use Mix.Config + +# For production, we often load configuration from external +# sources, such as your system environment. For this reason, +# you won't find the :http configuration below, but set inside +# MobilizonWeb.Endpoint.init/2 when load_from_system_env is +# true. Any dynamic configuration should be done there. +# +# Don't forget to configure the url host to something meaningful, +# Phoenix uses this information when generating URLs. +# +# Finally, we also include the path to a cache manifest +# containing the digested version of static files. This +# manifest is generated by the mix phx.digest task +# which you typically run after static files are built. +config :mobilizon, MobilizonWeb.Endpoint, + load_from_system_env: true, + url: [ + host: "__DOMAIN__", + port: __PORT__ + ], + http: [ + port: __PORT__ + ], + secret_key_base: + "__SECRET__", + cache_static_manifest: "priv/static/cache_manifest.json" + +# Configure your database +config :mobilizon, Mobilizon.Repo, + types: Mobilizon.PostgresTypes, + username: "__DB_USER__", + password: "__DB_PWD__", + database: "__DB_NAME__", + hostname: "localhost", + port: "5432", + pool_size: 15 + +config :mobilizon, Mobilizon.Mailer, + adapter: Bamboo.SMTPAdapter, + server: "localhost", + hostname: "localhost", + port: 25, + # or {:system, "SMTP_USERNAME"} + username: nil, + # or {:system, "SMTP_PASSWORD"} + password: nil, + # can be `:always` or `:never` + tls: :if_available, + # or {":system", ALLOWED_TLS_VERSIONS"} w/ comma seprated values (e.g. "tlsv1.1,tlsv1.2") + allowed_tls_versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"], + # can be `true` + ssl: false, + retries: 1, + # can be `true` + no_mx_lookups: false + +# Do not print debug messages in production +#config :logger, level: System.get_env("MOBILIZON_LOGLEVEL") |> String.to_atom() || :info + +config :mobilizon, Mobilizon.Service.Geospatial, service: Mobilizon.Service.Geospatial.Nominatim + +# ## SSL Support +# +# To get SSL working, you will need to add the `https` key +# to the previous section and set your `:url` port to 443: +# +# config :mobilizon, MobilizonWeb.Endpoint, +# ... +# url: [host: "example.com", port: 443], +# https: [:inet6, +# port: 443, +# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"), +# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")] +# +# Where those two env variables return an absolute path to +# the key and cert in disk or a relative path inside priv, +# for example "priv/ssl/server.key". +# +# We also recommend setting `force_ssl`, ensuring no data is +# ever sent via http, always redirecting to https: +# +# config :mobilizon, MobilizonWeb.Endpoint, +# force_ssl: [hsts: true] +# +# Check `Plug.SSL` for all available options in `force_ssl`. + +# ## Using releases +# +# If you are doing OTP releases, you need to instruct Phoenix +# to start the server for all endpoints: +# +# config :phoenix, :serve_endpoints, true +# +# Alternatively, you can configure exactly which server to +# start per endpoint: +# +# config :mobilizon, MobilizonWeb.Endpoint, server: true +# diff --git a/conf/systemd.service b/conf/systemd.service index 76cdf64..61f9e15 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,13 +1,29 @@ [Unit] -Description=Small description of the service -After=network.target +Description=__APP__ Mobilizon Service +After=network.target postgresql.service [Service] -Type=simple -User=__APP__ -Group=__APP__ -WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/script >> /var/log/__APP__/__APP__.log 2>&1 +ExecReload=/bin/kill $MAINPID +KillMode=process +Restart=on-failure +User=mobilizon + +Environment="MIX_ENV=prod" +EnvironmentFile=__FINALPATH__/__APP__/.env + +WorkingDirectory=__FINALPATH__/__APP__ +ExecStart=/usr/bin/mix phx.server + +; Some security directives. +; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops. +PrivateTmp=true +; Mount /usr, /boot, and /etc as read-only for processes invoked by this service. +ProtectSystem=full +; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi. +PrivateDevices=false +; Ensures that the service process and all its children can never gain new privileges through execve(). +NoNewPrivileges=true + [Install] WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index 16c206c..ddeead9 100644 --- a/manifest.json +++ b/manifest.json @@ -82,6 +82,16 @@ "fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question." }, "example": "Choose a password" + }, + { + "name": "name", + "type": "string", + "ask": { + "en": "Choose the instance name", + "fr": "Choisissez lle nom de l'instance" + }, + "example": "My Mobilizon", + "default": "My Mobilizon" } ] } diff --git a/scripts/_common.sh b/scripts/_common.sh index 8bb05b4..ff6fb78 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,10 @@ #================================================= # dependencies used by the app -pkg_dependencies="deb1 deb2" +pkg_dependencies="postgresql postgresql-contrib openssl make git postgis " +# build-essential inotify-tools postgresql-client +extra_pkg_dependencies="elixir esl-erlang" +# erlang-dev erlang-tools erlang-parsetools #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 3668578..cc3ae03 100644 --- a/scripts/install +++ b/scripts/install @@ -7,6 +7,8 @@ #================================================= source _common.sh +source ynh_systemd_action +source ynh_add_secure_repos__3 source /usr/share/yunohost/helpers #================================================= @@ -14,8 +16,8 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true + read -p "key" + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -25,22 +27,16 @@ ynh_abort_if_errors #================================================= domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH +path_url="/" admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE password=$YNH_APP_ARG_PASSWORD -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4, ... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names, ... +name=$YNH_APP_ARG_NAME +secret=$(ynh_string_random 30) +admin_mail=$(ynh_user_get_info $admin 'mail') + app=$YNH_APP_INSTANCE_NAME #================================================= @@ -48,8 +44,6 @@ app=$YNH_APP_INSTANCE_NAME #================================================= ynh_print_info "Validating installation parameters..." -### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" @@ -66,6 +60,9 @@ ynh_app_setting_set $app path $path_url ynh_app_setting_set $app admin $admin ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app language $language +ynh_app_setting_set $app name $name +ynh_app_setting_set $app secret $secret +ynh_app_setting_set $app admin_mail $admin_mail #================================================= # STANDARD MODIFICATIONS @@ -74,15 +71,8 @@ ynh_app_setting_set $app language $language #================================================= ynh_print_info "Configuring firewall..." -### Use these lines if you have to open a port for the application -### `ynh_find_port` will find the first available port starting from the given port. -### If you're not using these lines: -### - Remove the section "CLOSE A PORT" in the remove script - # Find a free port port=$(ynh_find_port 8095) -# Open this port -ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_app_setting_set $app port $port #================================================= @@ -90,46 +80,46 @@ ynh_app_setting_set $app port $port #================================================= ynh_print_info "Installing dependencies..." -### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. -### Those deb packages will be installed as dependencies of this package. -### If you're not using this helper: -### - Remove the section "REMOVE DEPENDENCIES" in the remove script -### - Remove the variable "pkg_dependencies" in _common.sh -### - As well as the section "REINSTALL DEPENDENCIES" in the restore script -### - And the section "UPGRADE DEPENDENCIES" in the upgrade script - ynh_install_app_dependencies $pkg_dependencies -#================================================= -# CREATE A MYSQL DATABASE -#================================================= -ynh_print_info "Creating a MySQL database..." +ynh_install_nodejs 10 -### Use these lines if you need a database for the application. -### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. -### The password will be stored as 'mysqlpwd' into the app settings, -### and will be available as $db_pwd -### If you're not using these lines: -### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script -### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script -### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script +#================================================= +# INSTALL EXTRA DEPENDENCIES +#================================================= +ynh_print_info "Installing extra dependencies ..." + +lsb_name="$(lsb_release --codename --short)" +ynh_install_extra_app_dependencies --repo="deb http://packages.erlang-solutions.com/debian $lsb_name contrib" --package="$extra_pkg_dependencies" --key='https://packages.erlang-solutions.com/debian/erlang_solutions.asc' + +#================================================= +# CREATE A POSTGRESQL DATABASE +#================================================= +ynh_print_info "Creating a PostgreSQL database..." db_name=$(ynh_sanitize_dbid $app) -ynh_app_setting_set $app db_name $db_name -ynh_mysql_setup_db $db_name $db_name +db_user=$db_name +db_pwd=$(ynh_string_random 30) +ynh_app_setting_set "$app" db_name "$db_name" +ynh_app_setting_set "$app" db_pwd "$db_pwd" +ynh_psql_test_if_first_run +ynh_psql_create_user "$app" "$db_pwd" +ynh_psql_execute_as_root "CREATE DATABASE $db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $db_user;" +ynh_psql_execute_as_root "\connect $db_name +create extension if not exists postgis;" +ynh_psql_execute_as_root "\connect $db_name +CREATE EXTENSION IF NOT EXISTS pg_trgm;" +ynh_psql_execute_as_root "\connect $db_name +CREATE EXTENSION IF NOT EXISTS unaccent;" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_print_info "Setting up source files..." -### `ynh_setup_source` is used to install an app from a zip or tar.gz file, -### downloaded from an upstream source, like a git repository. -### `ynh_setup_source` use the file conf/app.src - ynh_app_setting_set $app final_path $final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +ynh_setup_source "$final_path/$app" #================================================= # NGINX CONFIGURATION @@ -147,102 +137,82 @@ ynh_add_nginx_config ynh_print_info "Configuring system user..." # Create a system user -ynh_system_user_create $app - -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_print_info "Configuring php-fpm..." - -### `ynh_add_fpm_config` is used to set up a PHP config. -### You can remove it if your app doesn't use PHP. -### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script -### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script -### With the reload at the end of the script. -### - And the section "PHP-FPM CONFIGURATION" in the upgrade script - -# Create a dedicated php-fpm config -ynh_add_fpm_config +ynh_system_user_create "$app" "$final_path" #================================================= # SPECIFIC SETUP #================================================= -# ... +# MODIFY A CONFIG FILE #================================================= +config="$final_path/$app/.env" +cp ../conf/.env "$config" + +ynh_replace_string "__DOMAIN__" "$domain" "$config" +ynh_replace_string "__PORT__" "$port" "$config" +ynh_replace_string "__SECRET__" "$secret" "$config" +ynh_replace_string "__DB_NAME__" "$db_name" "$config" +ynh_replace_string "__DB_USER__" "$db_user" "$config" +ynh_replace_string "__DB_PWD__" "$db_pwd" "$config" +ynh_replace_string "__NAME__" "$name" "$config" +ynh_replace_string "__ADMIN_EMAIL__" "$admin_mail" "$config" + +#================================================= +# MAKE SETUP +#================================================= + +# Temporarly bypass error : WARNING ** (ArgumentError) argument error and System.get_env doesn't load environment variables + +ynh_replace_string "__DOMAIN__" "$domain" "../conf/prod.exs" +ynh_replace_string "__PORT__" "$port" "../conf/prod.exs" +ynh_replace_string "__SECRET__" "$secret" "../conf/prod.exs" +ynh_replace_string "__DB_NAME__" "$db_name" "../conf/prod.exs" +ynh_replace_string "__DB_USER__" "$db_user" "../conf/prod.exs" +ynh_replace_string "__DB_PWD__" "$db_pwd" "../conf/prod.exs" +ynh_replace_string "__NAME__" "$name" "../conf/prod.exs" +ynh_replace_string "__ADMIN_EMAIL__" "$admin_mail" "../conf/prod.exs" +cp ../conf/prod.exs "$final_path/$app/config/prod.exs" + +# Give permission to the final_path +chown -R "$app":"$app" "$final_path" + +pushd $final_path/$app/js + ynh_use_nodejs + sudo -u $app env PATH=$PATH npm install + sudo -u $app env PATH=$PATH npm run build +popd + +pushd $final_path/$app + source .env + sudo -u "$app" MIX_ENV=prod mix local.hex --force + sudo -u "$app" MIX_ENV=prod mix local.rebar --force + sudo -u "$app" MIX_ENV=prod mix deps.get + sudo -u "$app" MIX_ENV=prod mix ecto.migrate + sudo -u "$app" MIX_ENV=prod mix phx.digest + + # Add user + # sudo -u "$app" MIX_ENV=prod mix mobilizon.user new "$admin" "$admin_email" --password "$password" --moderator --admin -y + + #Generate key pair + # sudo -u "$app" MIX_ENV=prod mix web_push.gen.keypair >> "config/prod.secret.exs" + # ynh_replace_string "administrator@example.com" "$admin_email" "$final_path/$app/config/prod.secret.exs" +popd + #================================================= # SETUP SYSTEMD #================================================= ynh_print_info "Configuring a systemd service..." -### `ynh_systemd_config` is used to configure a systemd script for an app. -### It can be used for apps that use sysvinit (with adaptation) or systemd. -### Have a look at the app to be sure this app needs a systemd script. -### `ynh_systemd_config` will use the file conf/systemd.service -### If you're not using these lines: -### - You can remove those files in conf/. -### - Remove the section "BACKUP SYSTEMD" in the backup script -### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script -### - As well as the section "RESTORE SYSTEMD" in the restore script -### - And the section "SETUP SYSTEMD" in the upgrade script - # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# SETUP APPLICATION WITH CURL -#================================================= - -### Use these lines only if the app installation needs to be finalized through -### web forms. We generally don't want to ask the final user, -### so we're going to use curl to automatically fill the fields and submit the -### forms. - -# Set right permissions for curl install -chown -R $app: $final_path - -# Set the app as temporarily public for curl call -ynh_print_info "Configuring SSOwat..." -ynh_app_setting_set $app skipped_uris "/" -# Reload SSOwat config -yunohost app ssowatconf - -# Reload Nginx -systemctl reload nginx - -# Installation with curl -ynh_print_info "Finalizing installation..." -ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" - -# Remove the public access -if [ $is_public -eq 0 ] -then - ynh_app_setting_delete $app skipped_uris -fi - -#================================================= -# MODIFY A CONFIG FILE -#================================================= - -### `ynh_replace_string` is used to replace a string in a file. -### (It's compatible with sed regular expressions syntax) - -ynh_replace_string "match_string" "replace_string" "$final_path/CONFIG_FILE" - #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= - -### `ynh_store_file_checksum` is used to store the checksum of a file. -### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`, -### you can make a backup of this file before modifying it again if the admin had modified it. +ynh_print_info "Storing the config file checksum..." # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum "$final_path/CONFIG_FILE" +ynh_store_file_checksum "$config" #================================================= # GENERIC FINALIZATION @@ -250,26 +220,14 @@ ynh_store_file_checksum "$final_path/CONFIG_FILE" # SECURE FILES AND DIRECTORIES #================================================= -### For security reason, any app should set the permissions to root: before anything else. -### Then, if write authorization is needed, any access should be given only to directories -### that really need such authorization. - # Set permissions to app files -chown -R root: $final_path +chown -R "$app":"$app" "$final_path" #================================================= # SETUP LOGROTATE #================================================= ynh_print_info "Configuring log rotation..." -### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. -### Use this helper only if there is effectively a log file for this app. -### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script - # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -277,17 +235,9 @@ ynh_use_logrotate # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -### `yunohost service add` is a CLI yunohost command to add a service in the admin panel. -### You'll find the service in the 'services' section of YunoHost admin panel. -### This CLI command would be useless if the app does not have any services (systemd or sysvinit) -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script -### - As well as the section "ADVERTISE SERVICE IN ADMIN PANEL" in the restore script - -yunohost service add $app --log "/var/log/$app/$app.log" +#yunohost service add $app --log "/var/log/$app/APP.log" # if using yunohost version 3.2 or more in the 'manifest.json', a description can be added -#yunohost service add $app --description "$app daemon for XXX" --log "/var/log/$app/$app.log" +yunohost service add $app --description "$app daemon for Mobilizon" --log "/var/log/$app/$app.log" #================================================= # SETUP SSOWAT @@ -308,6 +258,13 @@ ynh_print_info "Reloading nginx web server..." systemctl reload nginx +#================================================= +# START SERVICE +#================================================= + +ynh_systemd_action --action=start --service_name=$app --log_path=systemd +# --line_match="Running Mobilizon.Web.Endpoint" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 7188258..dbfdd95 100644 --- a/scripts/remove +++ b/scripts/remove @@ -7,6 +7,7 @@ #================================================= source _common.sh +source ynh_systemd_action source /usr/share/yunohost/helpers #================================================= @@ -19,7 +20,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) port=$(ynh_app_setting_get $app port) db_name=$(ynh_app_setting_get $app db_name) -db_user=$db_name final_path=$(ynh_app_setting_get $app final_path) #================================================= @@ -35,6 +35,12 @@ then yunohost service remove $app fi +#================================================= +# STOP SERVICE +#================================================= + +ynh_systemd_action --action=stop --service_name=$app + #================================================= # STOP AND REMOVE SERVICE #================================================= @@ -44,12 +50,15 @@ ynh_print_info "Stopping and removing the systemd service" ynh_remove_systemd_config #================================================= -# REMOVE THE MYSQL DATABASE +# REMOVE THE POSTGRESQL DATABASE #================================================= -ynh_print_info "Removing the MySQL database" +ynh_print_info "Removing the PostgreSQL database" + +ynh_psql_execute_as_root "\connect $db_name +SELECT pg_terminate_backend (pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = '$db_name';" # Remove a database if it exists, along with the associated user -ynh_mysql_remove_db $db_user $db_name +ynh_psql_remove_db "$db_name" "$db_name" #================================================= # REMOVE DEPENDENCIES @@ -59,6 +68,8 @@ ynh_print_info "Removing dependencies" # Remove metapackage and its dependencies ynh_remove_app_dependencies +ynh_remove_nodejs + #================================================= # REMOVE APP MAIN DIR #================================================= @@ -75,14 +86,6 @@ ynh_print_info "Removing nginx web server configuration" # Remove the dedicated nginx config ynh_remove_nginx_config -#================================================= -# REMOVE PHP-FPM CONFIGURATION -#================================================= -ynh_print_info "Removing php-fpm configuration" - -# Remove the dedicated php-fpm config -ynh_remove_fpm_config - #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= @@ -94,6 +97,7 @@ ynh_remove_logrotate #================================================= # CLOSE A PORT #================================================= +ynh_print_info "Close ports" if yunohost firewall list | grep -q "\- $port$" then @@ -107,12 +111,6 @@ fi # REMOVE THE CRON FILE #================================================= -# Remove a cron file -ynh_secure_remove "/etc/cron.d/$app" - -# Remove a directory securely -ynh_secure_remove "/etc/$app/" - # Remove the log files ynh_secure_remove "/var/log/$app/" diff --git a/scripts/ynh_add_secure_repos__3 b/scripts/ynh_add_secure_repos__3 new file mode 100644 index 0000000..3276f00 --- /dev/null +++ b/scripts/ynh_add_secure_repos__3 @@ -0,0 +1,294 @@ +#!/bin/bash + +# Pin a repository. +# +# usage: ynh_pin_repo --package=packages --pin=pin_filter [--priority=priority_value] [--name=name] [--append] +# | arg: -p, --package - Packages concerned by the pin. Or all, *. +# | arg: -i, --pin - Filter for the pin. +# | arg: -p, --priority - Priority for the pin +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +# +# See https://manpages.debian.org/stretch/apt/apt_preferences.5.en.html for information about pinning. +# +ynh_pin_repo () { + # Declare an array to define the options of this helper. + local legacy_args=pirna + declare -Ar args_array=( [p]=package= [i]=pin= [r]=priority= [n]=name= [a]=append ) + local package + local pin + local priority + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + package="${package:-*}" + priority=${priority:-50} + name="${name:-$app}" + append=${append:-0} + + if [ $append -eq 1 ] + then + append="tee -a" + else + append="tee" + fi + + mkdir -p "/etc/apt/preferences.d" + echo "Package: $package +Pin: $pin +Pin-Priority: $priority" \ + | $append "/etc/apt/preferences.d/$name" +} + +# Add a repository. +# +# usage: ynh_add_repo --uri=uri --suite=suite --component=component [--name=name] [--append] +# | arg: -u, --uri - Uri of the repository. +# | arg: -s, --suite - Suite of the repository. +# | arg: -c, --component - Component of the repository. +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +# +# Example for a repo like deb http://forge.yunohost.org/debian/ stretch stable +# uri suite component +# ynh_add_repo --uri=http://forge.yunohost.org/debian/ --suite=stretch --component=stable +# +ynh_add_repo () { + # Declare an array to define the options of this helper. + local legacy_args=uscna + declare -Ar args_array=( [u]=uri= [s]=suite= [c]=component= [n]=name= [a]=append ) + local uri + local suite + local component + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + append=${append:-0} + + if [ $append -eq 1 ] + then + append="tee -a" + else + append="tee" + fi + + mkdir -p "/etc/apt/sources.list.d" + # Add the new repo in sources.list.d + echo "deb $uri $suite $component" \ + | $append "/etc/apt/sources.list.d/$name.list" +} + +# Add an extra repository correctly, pin it and get the key. +# +# usage: ynh_install_extra_repo --repo="repo" [--key=key_url] [--priority=priority_value] [--name=name] [--append] +# | arg: -r, --repo - Complete url of the extra repository. +# | arg: -k, --key - url to get the public key. +# | arg: -p, --priority - Priority for the pin +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +ynh_install_extra_repo () { + # Declare an array to define the options of this helper. + local legacy_args=rkpna + declare -Ar args_array=( [r]=repo= [k]=key= [p]=priority= [n]=name= [a]=append ) + local repo + local key + local priority + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + append=${append:-0} + key=${key:-0} + priority=${priority:-} + + if [ $append -eq 1 ] + then + append="--append" + wget_append="tee -a" + else + append="" + wget_append="tee" + fi + + # Split the repository into uri, suite and components. + # Remove "deb " at the beginning of the repo. + repo="${repo#deb }" + + # Get the uri + local uri="$(echo "$repo" | awk '{ print $1 }')" + + # Get the suite + local suite="$(echo "$repo" | awk '{ print $2 }')" + + # Get the components + local component="${repo##$uri $suite }" + + # Add the repository into sources.list.d + ynh_add_repo --uri="$uri" --suite="$suite" --component="$component" --name="$name" $append + + # Pin the new repo with the default priority, so it won't be used for upgrades. + # Build $pin from the uri without http and any sub path + local pin="${uri#*://}" + pin="${pin%%/*}" + # Set a priority only if asked + if [ -n "$priority" ] + then + priority="--priority=$priority" + fi + ynh_pin_repo --package="*" --pin="origin \"$pin\"" $priority --name="$name" $append + + # Get the public key for the repo + if [ -n "$key" ] + then + mkdir -p "/etc/apt/trusted.gpg.d" + wget -q "$key" -O - | gpg --dearmor | $wget_append /etc/apt/trusted.gpg.d/$name.gpg > /dev/null + fi + + # Update the list of package with the new repo + ynh_package_update +} + +# Remove an extra repository and the assiociated configuration. +# +# usage: ynh_remove_extra_repo [--name=name] +# | arg: -n, --name - Name for the files for this repo, $app as default value. +ynh_remove_extra_repo () { + # Declare an array to define the options of this helper. + local legacy_args=n + declare -Ar args_array=( [n]=name= ) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + + ynh_secure_remove "/etc/apt/sources.list.d/$name.list" + ynh_secure_remove "/etc/apt/preferences.d/$name" + ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.gpg" + ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.asc" + + # Update the list of package to exclude the old repo + ynh_package_update +} + +# Install packages from an extra repository properly. +# +# usage: ynh_install_extra_app_dependencies --repo="repo" --package="dep1 dep2" [--key=key_url] [--name=name] +# | arg: -r, --repo - Complete url of the extra repository. +# | arg: -p, --package - The packages to install from this extra repository +# | arg: -k, --key - url to get the public key. +# | arg: -n, --name - Name for the files for this repo, $app as default value. +ynh_install_extra_app_dependencies () { + # Declare an array to define the options of this helper. + local legacy_args=rpkn + declare -Ar args_array=( [r]=repo= [p]=package= [k]=key= [n]=name= ) + local repo + local package + local key + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + key=${key:-0} + + # Set a key only if asked + if [ -n "$key" ] + then + key="--key=$key" + fi + # Add an extra repository for those packages + ynh_install_extra_repo --repo="$repo" $key --priority=995 --name=$name + + # Install requested dependencies from this extra repository. + ynh_add_app_dependencies --package="$package" + + # Remove this extra repository after packages are installed + ynh_remove_extra_repo --name=$app +} + +#================================================= + +# patched version of ynh_install_app_dependencies to be used with ynh_add_app_dependencies + +# Define and install dependencies with a equivs control file +# This helper can/should only be called once per app +# +# usage: ynh_install_app_dependencies dep [dep [...]] +# | arg: dep - the package name to install in dependence +# You can give a choice between some package with this syntax : "dep1|dep2" +# Example : ynh_install_app_dependencies dep1 dep2 "dep3|dep4|dep5" +# This mean in the dependence tree : dep1 & dep2 & (dep3 | dep4 | dep5) +# +# Requires YunoHost version 2.6.4 or higher. +ynh_install_app_dependencies () { + local dependencies=$@ + dependencies="$(echo "$dependencies" | sed 's/\([^\<=\>]\)\ \([^(]\)/\1, \2/g')" + dependencies=${dependencies//|/ | } + local manifest_path="../manifest.json" + if [ ! -e "$manifest_path" ]; then + manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place + fi + + local version=$(grep '\"version\": ' "$manifest_path" | cut -d '"' -f 4) # Retrieve the version number in the manifest file. + if [ ${#version} -eq 0 ]; then + version="1.0" + fi + local dep_app=${app//_/-} # Replace all '_' by '-' + + # Handle specific versions + if [[ "$dependencies" =~ [\<=\>] ]] + then + # Replace version specifications by relationships syntax + # https://www.debian.org/doc/debian-policy/ch-relationships.html + # Sed clarification + # [^(\<=\>] ignore if it begins by ( or < = >. To not apply twice. + # [\<=\>] matches < = or > + # \+ matches one or more occurence of the previous characters, for >= or >>. + # [^,]\+ matches all characters except ',' + # Ex: package>=1.0 will be replaced by package (>= 1.0) + dependencies="$(echo "$dependencies" | sed 's/\([^(\<=\>]\)\([\<=\>]\+\)\([^,]\+\)/\1 (\2 \3)/g')" + fi + + cat > /tmp/${dep_app}-ynh-deps.control << EOF # Make a control file for equivs-build +Section: misc +Priority: optional +Package: ${dep_app}-ynh-deps +Version: ${version} +Depends: ${dependencies} +Architecture: all +Description: Fake package for $app (YunoHost app) dependencies + This meta-package is only responsible of installing its dependencies. +EOF + ynh_package_install_from_equivs /tmp/${dep_app}-ynh-deps.control \ + || ynh_die --message="Unable to install dependencies" # Install the fake package and its dependencies + rm /tmp/${dep_app}-ynh-deps.control + ynh_app_setting_set --app=$app --key=apt_dependencies --value="$dependencies" +} + +ynh_add_app_dependencies () { + # Declare an array to define the options of this helper. + local legacy_args=pr + declare -Ar args_array=( [p]=package= [r]=replace) + local package + local replace + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + replace=${replace:-0} + + local current_dependencies="" + if [ $replace -eq 0 ] + then + local dep_app=${app//_/-} # Replace all '_' by '-' + if ynh_package_is_installed --package="${dep_app}-ynh-deps" + then + current_dependencies="$(dpkg-query --show --showformat='${Depends}' ${dep_app}-ynh-deps) " + fi + + current_dependencies=${current_dependencies// | /|} + fi + + ynh_install_app_dependencies "${current_dependencies}${package}" +} diff --git a/scripts/ynh_systemd_action b/scripts/ynh_systemd_action new file mode 100644 index 0000000..6bed6be --- /dev/null +++ b/scripts/ynh_systemd_action @@ -0,0 +1,89 @@ +#!/bin/bash + +# Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started +# +# usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ] +# | arg: -n, --service_name= - Name of the service to reload. Default : $app +# | arg: -a, --action= - Action to perform with systemctl. Default: start +# | arg: -l, --line_match= - Line to match - The line to find in the log to attest the service have finished to boot. +# If not defined it don't wait until the service is completely started. +# | arg: -p, --log_path= - Log file - Path to the log file. Default : /var/log/$app/$app.log +# | arg: -t, --timeout= - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds. +# | arg: -e, --length= - Length of the error log : Default : 20 +ynh_systemd_action() { + # Declare an array to define the options of this helper. + declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= ) + local service_name + local action + local line_match + local length + local log_path + local timeout + + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + local service_name="${service_name:-$app}" + local action=${action:-start} + local log_path="${log_path:-/var/log/$service_name/$service_name.log}" + local length=${length:-20} + local timeout=${timeout:-300} + + # Start to read the log + if [[ -n "${line_match:-}" ]] + then + local templog="$(mktemp)" + # Following the starting of the app in its log + if [ "$log_path" == "systemd" ] ; then + # Read the systemd journal + journalctl -u $service_name -f --since=-45 > "$templog" & + else + # Read the specified log file + tail -F -n0 "$log_path" > "$templog" & + fi + # Get the PID of the tail command + local pid_tail=$! + fi + + echo "${action^} the service $service_name" >&2 + systemctl $action $service_name \ + || ( journalctl --lines=$length -u $service_name >&2 \ + ; test -n "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2 \ + ; false ) + + # Start the timeout and try to find line_match + if [[ -n "${line_match:-}" ]] + then + local i=0 + for i in $(seq 1 $timeout) + do + # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout + if grep --quiet "$line_match" "$templog" + then + echo "The service $service_name has correctly started." >&2 + break + fi + echo -n "." >&2 + sleep 1 + done + if [ $i -eq $timeout ] + then + echo "The service $service_name didn't fully started before the timeout." >&2 + journalctl --lines=$length -u $service_name >&2 + test -n "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2 + fi + + echo "" + ynh_clean_check_starting + fi +} + +# Clean temporary process and file used by ynh_check_starting +# (usually used in ynh_clean_setup scripts) +# +# usage: ynh_clean_check_starting +ynh_clean_check_starting () { + # Stop the execution of tail. + kill -s 15 $pid_tail 2>&1 + ynh_secure_remove "$templog" 2>&1 +}