YunoHost-Apps/mobilizon_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/mobilizon_ynh.git synced 2024-09-03 19:46:19 +02:00
Code Issues Activity Actions

install and remove

Browse source
This commit is contained in:
yalh76 2019-04-09 00:21:26 +02:00
parent 1c52c5c155
commit ae32c5cae5
11 changed files with 682 additions and 206 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
conf/.env Normal file
View file

@ -0,0 +1,25 @@
# Settings
MOBILIZON_INSTANCE_NAME="__NAME__"
MOBILIZON_INSTANCE_HOST="__DOMAIN__"
MOBILIZON_INSTANCE_EMAIL="__ADMIN_EMAIL__"
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
# API
GRAPHQL_API_ENDPOINT="https://__DOMAIN__"
GRAPHQL_API_FULL_PATH=""
# APP
MIX_ENV=prod
MOBILIZON_INSTANCE_PORT=__PORT__
MOBILIZON_LOGLEVEL="info"
MOBILIZON_SECRET="__SECRET__"
# Database
MOBILIZON_DATABASE_USERNAME="__DB_USER__"
MOBILIZON_DATABASE_PASSWORD="__DB_PWD__"
MOBILIZON_DATABASE_DBNAME="__DB_NAME__"
MOBILIZON_DATABASE_HOST="localhost"
MOBILIZON_DATABASE_PORT="5432"
MOBILIZON_LOGLEVEL="info"

4
conf/app.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=url of app's source
SOURCE_SUM=sha256 checksum
SOURCE_URL=https://framagit.org/framasoft/mobilizon/-/archive/master/2dcd65ea78e412365ab969c56279ea6653f5c54f.gz
SOURCE_SUM=543e318790be4338a140b51ddb98ca782a46cb0102e28b09ee76477a4a4ae52a
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

43
conf/nginx.conf
View file

@ -1,33 +1,18 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
location / {
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
# Path to source
alias __FINALPATH__/ ;
# Standard nginx configuration
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
proxy_pass http://localhost:__PORT__;
### Example PHP configuration (remove it if not used)
index index.php;
client_max_body_size 16m;
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
#client_max_body_size 50M;
try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
### End of PHP configuration part
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}

99
conf/prod.exs Normal file
View file

@ -0,0 +1,99 @@
use Mix.Config
# For production, we often load configuration from external
# sources, such as your system environment. For this reason,
# you won't find the :http configuration below, but set inside
# MobilizonWeb.Endpoint.init/2 when load_from_system_env is
# true. Any dynamic configuration should be done there.
#
# Don't forget to configure the url host to something meaningful,
# Phoenix uses this information when generating URLs.
#
# Finally, we also include the path to a cache manifest
# containing the digested version of static files. This
# manifest is generated by the mix phx.digest task
# which you typically run after static files are built.
config :mobilizon, MobilizonWeb.Endpoint,
load_from_system_env: true,
url: [
host: "__DOMAIN__",
port: __PORT__
],
http: [
port: __PORT__
],
secret_key_base:
"__SECRET__",
cache_static_manifest: "priv/static/cache_manifest.json"
# Configure your database
config :mobilizon, Mobilizon.Repo,
types: Mobilizon.PostgresTypes,
username: "__DB_USER__",
password: "__DB_PWD__",
database: "__DB_NAME__",
hostname: "localhost",
port: "5432",
pool_size: 15
config :mobilizon, Mobilizon.Mailer,
adapter: Bamboo.SMTPAdapter,
server: "localhost",
hostname: "localhost",
port: 25,
# or {:system, "SMTP_USERNAME"}
username: nil,
# or {:system, "SMTP_PASSWORD"}
password: nil,
# can be `:always` or `:never`
tls: :if_available,
# or {":system", ALLOWED_TLS_VERSIONS"} w/ comma seprated values (e.g. "tlsv1.1,tlsv1.2")
allowed_tls_versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"],
# can be `true`
ssl: false,
retries: 1,
# can be `true`
no_mx_lookups: false
# Do not print debug messages in production
#config :logger, level: System.get_env("MOBILIZON_LOGLEVEL") |> String.to_atom() || :info
config :mobilizon, Mobilizon.Service.Geospatial, service: Mobilizon.Service.Geospatial.Nominatim
# ## SSL Support
#
# To get SSL working, you will need to add the `https` key
# to the previous section and set your `:url` port to 443:
#
# config :mobilizon, MobilizonWeb.Endpoint,
# ...
# url: [host: "example.com", port: 443],
# https: [:inet6,
# port: 443,
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")]
#
# Where those two env variables return an absolute path to
# the key and cert in disk or a relative path inside priv,
# for example "priv/ssl/server.key".
#
# We also recommend setting `force_ssl`, ensuring no data is
# ever sent via http, always redirecting to https:
#
# config :mobilizon, MobilizonWeb.Endpoint,
# force_ssl: [hsts: true]
#
# Check `Plug.SSL` for all available options in `force_ssl`.
# ## Using releases
#
# If you are doing OTP releases, you need to instruct Phoenix
# to start the server for all endpoints:
#
# config :phoenix, :serve_endpoints, true
#
# Alternatively, you can configure exactly which server to
# start per endpoint:
#
# config :mobilizon, MobilizonWeb.Endpoint, server: true
#

30
conf/systemd.service
View file

@ -1,13 +1,29 @@
[Unit]
Description=Small description of the service
After=network.target
Description=__APP__ Mobilizon Service
After=network.target postgresql.service
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/
ExecStart=__FINALPATH__/script >> /var/log/__APP__/__APP__.log 2>&1
ExecReload=/bin/kill $MAINPID
KillMode=process
Restart=on-failure
User=mobilizon
Environment="MIX_ENV=prod"
EnvironmentFile=__FINALPATH__/__APP__/.env
WorkingDirectory=__FINALPATH__/__APP__
ExecStart=/usr/bin/mix phx.server
; Some security directives.
; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
PrivateTmp=true
; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
ProtectSystem=full
; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
PrivateDevices=false
; Ensures that the service process and all its children can never gain new privileges through execve().
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target

10
manifest.json
View file

@ -82,6 +82,16 @@
"fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question."
},
"example": "Choose a password"
},
{
"name": "name",
"type": "string",
"ask": {
"en": "Choose the instance name",
"fr": "Choisissez lle nom de l'instance"
},
"example": "My Mobilizon",
"default": "My Mobilizon"
}
]
}

5
scripts/_common.sh
View file

@ -5,7 +5,10 @@
#=================================================
# dependencies used by the app
pkg_dependencies="deb1 deb2"
pkg_dependencies="postgresql postgresql-contrib openssl make git postgis "
# build-essential inotify-tools postgresql-client
extra_pkg_dependencies="elixir esl-erlang"
# erlang-dev erlang-tools erlang-parsetools
#=================================================
# PERSONAL HELPERS

255
scripts/install
View file

@ -7,6 +7,8 @@
#=================================================
source _common.sh
source ynh_systemd_action
source ynh_add_secure_repos__3
source /usr/share/yunohost/helpers
#=================================================
@ -14,8 +16,8 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
read -p "key"
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -25,22 +27,16 @@ ynh_abort_if_errors
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
path_url="/"
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE
password=$YNH_APP_ARG_PASSWORD
### If it's a multi-instance app, meaning it can be installed several times independently
### The id of the app as stated in the manifest is available as $YNH_APP_ID
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...)
### The app instance name is available as $YNH_APP_INSTANCE_NAME
### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
### - ynhexample__{N} for the subsequent installations, with N=3,4, ...
### The app instance name is probably what interests you most, since this is
### guaranteed to be unique. This is a good unique identifier to define installation path,
### db names, ...
name=$YNH_APP_ARG_NAME
secret=$(ynh_string_random 30)
admin_mail=$(ynh_user_get_info $admin 'mail')
app=$YNH_APP_INSTANCE_NAME
#=================================================
@ -48,8 +44,6 @@ app=$YNH_APP_INSTANCE_NAME
#=================================================
ynh_print_info "Validating installation parameters..."
### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
@ -66,6 +60,9 @@ ynh_app_setting_set $app path $path_url
ynh_app_setting_set $app admin $admin
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app language $language
ynh_app_setting_set $app name $name
ynh_app_setting_set $app secret $secret
ynh_app_setting_set $app admin_mail $admin_mail
#=================================================
# STANDARD MODIFICATIONS
@ -74,15 +71,8 @@ ynh_app_setting_set $app language $language
#=================================================
ynh_print_info "Configuring firewall..."
### Use these lines if you have to open a port for the application
### `ynh_find_port` will find the first available port starting from the given port.
### If you're not using these lines:
### - Remove the section "CLOSE A PORT" in the remove script
# Find a free port
port=$(ynh_find_port 8095)
# Open this port
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
ynh_app_setting_set $app port $port
#=================================================
@ -90,46 +80,46 @@ ynh_app_setting_set $app port $port
#=================================================
ynh_print_info "Installing dependencies..."
### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
### Those deb packages will be installed as dependencies of this package.
### If you're not using this helper:
### - Remove the section "REMOVE DEPENDENCIES" in the remove script
### - Remove the variable "pkg_dependencies" in _common.sh
### - As well as the section "REINSTALL DEPENDENCIES" in the restore script
### - And the section "UPGRADE DEPENDENCIES" in the upgrade script
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE A MYSQL DATABASE
#=================================================
ynh_print_info "Creating a MySQL database..."
ynh_install_nodejs 10
### Use these lines if you need a database for the application.
### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password.
### The password will be stored as 'mysqlpwd' into the app settings,
### and will be available as $db_pwd
### If you're not using these lines:
### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script
### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script
### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script
#=================================================
# INSTALL EXTRA DEPENDENCIES
#=================================================
ynh_print_info "Installing extra dependencies ..."
lsb_name="$(lsb_release --codename --short)"
ynh_install_extra_app_dependencies --repo="deb http://packages.erlang-solutions.com/debian $lsb_name contrib" --package="$extra_pkg_dependencies" --key='https://packages.erlang-solutions.com/debian/erlang_solutions.asc'
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_print_info "Creating a PostgreSQL database..."
db_name=$(ynh_sanitize_dbid $app)
ynh_app_setting_set $app db_name $db_name
ynh_mysql_setup_db $db_name $db_name
db_user=$db_name
db_pwd=$(ynh_string_random 30)
ynh_app_setting_set "$app" db_name "$db_name"
ynh_app_setting_set "$app" db_pwd "$db_pwd"
ynh_psql_test_if_first_run
ynh_psql_create_user "$app" "$db_pwd"
ynh_psql_execute_as_root "CREATE DATABASE $db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $db_user;"
ynh_psql_execute_as_root "\connect $db_name
create extension if not exists postgis;"
ynh_psql_execute_as_root "\connect $db_name
CREATE EXTENSION IF NOT EXISTS pg_trgm;"
ynh_psql_execute_as_root "\connect $db_name
CREATE EXTENSION IF NOT EXISTS unaccent;"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_print_info "Setting up source files..."
### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
### downloaded from an upstream source, like a git repository.
### `ynh_setup_source` use the file conf/app.src
ynh_app_setting_set $app final_path $final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
ynh_setup_source "$final_path/$app"
#=================================================
# NGINX CONFIGURATION
@ -147,102 +137,82 @@ ynh_add_nginx_config
ynh_print_info "Configuring system user..."
# Create a system user
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Configuring php-fpm..."
### `ynh_add_fpm_config` is used to set up a PHP config.
### You can remove it if your app doesn't use PHP.
### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini
### If you're not using these lines:
### - You can remove these files in conf/.
### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script
### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script
### With the reload at the end of the script.
### - And the section "PHP-FPM CONFIGURATION" in the upgrade script
# Create a dedicated php-fpm config
ynh_add_fpm_config
ynh_system_user_create "$app" "$final_path"
#=================================================
# SPECIFIC SETUP
#=================================================
# ...
# MODIFY A CONFIG FILE
#=================================================
config="$final_path/$app/.env"
cp ../conf/.env "$config"
ynh_replace_string "__DOMAIN__" "$domain" "$config"
ynh_replace_string "__PORT__" "$port" "$config"
ynh_replace_string "__SECRET__" "$secret" "$config"
ynh_replace_string "__DB_NAME__" "$db_name" "$config"
ynh_replace_string "__DB_USER__" "$db_user" "$config"
ynh_replace_string "__DB_PWD__" "$db_pwd" "$config"
ynh_replace_string "__NAME__" "$name" "$config"
ynh_replace_string "__ADMIN_EMAIL__" "$admin_mail" "$config"
#=================================================
# MAKE SETUP
#=================================================
# Temporarly bypass error : WARNING ** (ArgumentError) argument error and System.get_env doesn't load environment variables
ynh_replace_string "__DOMAIN__" "$domain" "../conf/prod.exs"
ynh_replace_string "__PORT__" "$port" "../conf/prod.exs"
ynh_replace_string "__SECRET__" "$secret" "../conf/prod.exs"
ynh_replace_string "__DB_NAME__" "$db_name" "../conf/prod.exs"
ynh_replace_string "__DB_USER__" "$db_user" "../conf/prod.exs"
ynh_replace_string "__DB_PWD__" "$db_pwd" "../conf/prod.exs"
ynh_replace_string "__NAME__" "$name" "../conf/prod.exs"
ynh_replace_string "__ADMIN_EMAIL__" "$admin_mail" "../conf/prod.exs"
cp ../conf/prod.exs "$final_path/$app/config/prod.exs"
# Give permission to the final_path
chown -R "$app":"$app" "$final_path"
pushd $final_path/$app/js
ynh_use_nodejs
sudo -u $app env PATH=$PATH npm install
sudo -u $app env PATH=$PATH npm run build
popd
pushd $final_path/$app
source .env
sudo -u "$app" MIX_ENV=prod mix local.hex --force
sudo -u "$app" MIX_ENV=prod mix local.rebar --force
sudo -u "$app" MIX_ENV=prod mix deps.get
sudo -u "$app" MIX_ENV=prod mix ecto.migrate
sudo -u "$app" MIX_ENV=prod mix phx.digest
# Add user
# sudo -u "$app" MIX_ENV=prod mix mobilizon.user new "$admin" "$admin_email" --password "$password" --moderator --admin -y
#Generate key pair
# sudo -u "$app" MIX_ENV=prod mix web_push.gen.keypair >> "config/prod.secret.exs"
# ynh_replace_string "administrator@example.com" "$admin_email" "$final_path/$app/config/prod.secret.exs"
popd
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_print_info "Configuring a systemd service..."
### `ynh_systemd_config` is used to configure a systemd script for an app.
### It can be used for apps that use sysvinit (with adaptation) or systemd.
### Have a look at the app to be sure this app needs a systemd script.
### `ynh_systemd_config` will use the file conf/systemd.service
### If you're not using these lines:
### - You can remove those files in conf/.
### - Remove the section "BACKUP SYSTEMD" in the backup script
### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script
### - As well as the section "RESTORE SYSTEMD" in the restore script
### - And the section "SETUP SYSTEMD" in the upgrade script
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# SETUP APPLICATION WITH CURL
#=================================================
### Use these lines only if the app installation needs to be finalized through
### web forms. We generally don't want to ask the final user,
### so we're going to use curl to automatically fill the fields and submit the
### forms.
# Set right permissions for curl install
chown -R $app: $final_path
# Set the app as temporarily public for curl call
ynh_print_info "Configuring SSOwat..."
ynh_app_setting_set $app skipped_uris "/"
# Reload SSOwat config
yunohost app ssowatconf
# Reload Nginx
systemctl reload nginx
# Installation with curl
ynh_print_info "Finalizing installation..."
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
# Remove the public access
if [ $is_public -eq 0 ]
then
ynh_app_setting_delete $app skipped_uris
fi
#=================================================
# MODIFY A CONFIG FILE
#=================================================
### `ynh_replace_string` is used to replace a string in a file.
### (It's compatible with sed regular expressions syntax)
ynh_replace_string "match_string" "replace_string" "$final_path/CONFIG_FILE"
#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================
### `ynh_store_file_checksum` is used to store the checksum of a file.
### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`,
### you can make a backup of this file before modifying it again if the admin had modified it.
ynh_print_info "Storing the config file checksum..."
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum "$final_path/CONFIG_FILE"
ynh_store_file_checksum "$config"
#=================================================
# GENERIC FINALIZATION
@ -250,26 +220,14 @@ ynh_store_file_checksum "$final_path/CONFIG_FILE"
# SECURE FILES AND DIRECTORIES
#=================================================
### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.
# Set permissions to app files
chown -R root: $final_path
chown -R "$app":"$app" "$final_path"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_print_info "Configuring log rotation..."
### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
### Use this helper only if there is effectively a log file for this app.
### If you're not using this helper:
### - Remove the section "BACKUP LOGROTATE" in the backup script
### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
### - And the section "SETUP LOGROTATE" in the upgrade script
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
@ -277,17 +235,9 @@ ynh_use_logrotate
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
### `yunohost service add` is a CLI yunohost command to add a service in the admin panel.
### You'll find the service in the 'services' section of YunoHost admin panel.
### This CLI command would be useless if the app does not have any services (systemd or sysvinit)
### If you're not using these lines:
### - You can remove these files in conf/.
### - Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script
### - As well as the section "ADVERTISE SERVICE IN ADMIN PANEL" in the restore script
yunohost service add $app --log "/var/log/$app/$app.log"
#yunohost service add $app --log "/var/log/$app/APP.log"
# if using yunohost version 3.2 or more in the 'manifest.json', a description can be added
#yunohost service add $app --description "$app daemon for XXX" --log "/var/log/$app/$app.log"
yunohost service add $app --description "$app daemon for Mobilizon" --log "/var/log/$app/$app.log"
#=================================================
# SETUP SSOWAT
@ -308,6 +258,13 @@ ynh_print_info "Reloading nginx web server..."
systemctl reload nginx
#=================================================
# START SERVICE
#=================================================
ynh_systemd_action --action=start --service_name=$app --log_path=systemd
# --line_match="Running Mobilizon.Web.Endpoint"
#=================================================
# END OF SCRIPT
#=================================================

34
scripts/remove
View file

@ -7,6 +7,7 @@
#=================================================
source _common.sh
source ynh_systemd_action
source /usr/share/yunohost/helpers
#=================================================
@ -19,7 +20,6 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
port=$(ynh_app_setting_get $app port)
db_name=$(ynh_app_setting_get $app db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get $app final_path)
#=================================================
@ -35,6 +35,12 @@ then
yunohost service remove $app
fi
#=================================================
# STOP SERVICE
#=================================================
ynh_systemd_action --action=stop --service_name=$app
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
@ -44,12 +50,15 @@ ynh_print_info "Stopping and removing the systemd service"
ynh_remove_systemd_config
#=================================================
# REMOVE THE MYSQL DATABASE
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_print_info "Removing the MySQL database"
ynh_print_info "Removing the PostgreSQL database"
ynh_psql_execute_as_root "\connect $db_name
SELECT pg_terminate_backend (pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = '$db_name';"
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db $db_user $db_name
ynh_psql_remove_db "$db_name" "$db_name"
#=================================================
# REMOVE DEPENDENCIES
@ -59,6 +68,8 @@ ynh_print_info "Removing dependencies"
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
ynh_remove_nodejs
#=================================================
# REMOVE APP MAIN DIR
#=================================================
@ -75,14 +86,6 @@ ynh_print_info "Removing nginx web server configuration"
# Remove the dedicated nginx config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Removing php-fpm configuration"
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
@ -94,6 +97,7 @@ ynh_remove_logrotate
#=================================================
# CLOSE A PORT
#=================================================
ynh_print_info "Close ports"
if yunohost firewall list | grep -q "\- $port$"
then
@ -107,12 +111,6 @@ fi
# REMOVE THE CRON FILE
#=================================================
# Remove a cron file
ynh_secure_remove "/etc/cron.d/$app"
# Remove a directory securely
ynh_secure_remove "/etc/$app/"
# Remove the log files
ynh_secure_remove "/var/log/$app/"

294
scripts/ynh_add_secure_repos__3 Normal file
View file

@ -0,0 +1,294 @@
#!/bin/bash
# Pin a repository.
#
# usage: ynh_pin_repo --package=packages --pin=pin_filter [--priority=priority_value] [--name=name] [--append]
# | arg: -p, --package - Packages concerned by the pin. Or all, *.
# | arg: -i, --pin - Filter for the pin.
# | arg: -p, --priority - Priority for the pin
# | arg: -n, --name - Name for the files for this repo, $app as default value.
# | arg: -a, --append - Do not overwrite existing files.
#
# See https://manpages.debian.org/stretch/apt/apt_preferences.5.en.html for information about pinning.
#
ynh_pin_repo () {
# Declare an array to define the options of this helper.
local legacy_args=pirna
declare -Ar args_array=( [p]=package= [i]=pin= [r]=priority= [n]=name= [a]=append )
local package
local pin
local priority
local name
local append
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
package="${package:-*}"
priority=${priority:-50}
name="${name:-$app}"
append=${append:-0}
if [ $append -eq 1 ]
then
append="tee -a"
else
append="tee"
fi
mkdir -p "/etc/apt/preferences.d"
echo "Package: $package
Pin: $pin
Pin-Priority: $priority" \
| $append "/etc/apt/preferences.d/$name"
}
# Add a repository.
#
# usage: ynh_add_repo --uri=uri --suite=suite --component=component [--name=name] [--append]
# | arg: -u, --uri - Uri of the repository.
# | arg: -s, --suite - Suite of the repository.
# | arg: -c, --component - Component of the repository.
# | arg: -n, --name - Name for the files for this repo, $app as default value.
# | arg: -a, --append - Do not overwrite existing files.
#
# Example for a repo like deb http://forge.yunohost.org/debian/ stretch stable
# uri suite component
# ynh_add_repo --uri=http://forge.yunohost.org/debian/ --suite=stretch --component=stable
#
ynh_add_repo () {
# Declare an array to define the options of this helper.
local legacy_args=uscna
declare -Ar args_array=( [u]=uri= [s]=suite= [c]=component= [n]=name= [a]=append )
local uri
local suite
local component
local name
local append
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
name="${name:-$app}"
append=${append:-0}
if [ $append -eq 1 ]
then
append="tee -a"
else
append="tee"
fi
mkdir -p "/etc/apt/sources.list.d"
# Add the new repo in sources.list.d
echo "deb $uri $suite $component" \
| $append "/etc/apt/sources.list.d/$name.list"
}
# Add an extra repository correctly, pin it and get the key.
#
# usage: ynh_install_extra_repo --repo="repo" [--key=key_url] [--priority=priority_value] [--name=name] [--append]
# | arg: -r, --repo - Complete url of the extra repository.
# | arg: -k, --key - url to get the public key.
# | arg: -p, --priority - Priority for the pin
# | arg: -n, --name - Name for the files for this repo, $app as default value.
# | arg: -a, --append - Do not overwrite existing files.
ynh_install_extra_repo () {
# Declare an array to define the options of this helper.
local legacy_args=rkpna
declare -Ar args_array=( [r]=repo= [k]=key= [p]=priority= [n]=name= [a]=append )
local repo
local key
local priority
local name
local append
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
name="${name:-$app}"
append=${append:-0}
key=${key:-0}
priority=${priority:-}
if [ $append -eq 1 ]
then
append="--append"
wget_append="tee -a"
else
append=""
wget_append="tee"
fi
# Split the repository into uri, suite and components.
# Remove "deb " at the beginning of the repo.
repo="${repo#deb }"
# Get the uri
local uri="$(echo "$repo" | awk '{ print $1 }')"
# Get the suite
local suite="$(echo "$repo" | awk '{ print $2 }')"
# Get the components
local component="${repo##$uri $suite }"
# Add the repository into sources.list.d
ynh_add_repo --uri="$uri" --suite="$suite" --component="$component" --name="$name" $append
# Pin the new repo with the default priority, so it won't be used for upgrades.
# Build $pin from the uri without http and any sub path
local pin="${uri#*://}"
pin="${pin%%/*}"
# Set a priority only if asked
if [ -n "$priority" ]
then
priority="--priority=$priority"
fi
ynh_pin_repo --package="*" --pin="origin \"$pin\"" $priority --name="$name" $append
# Get the public key for the repo
if [ -n "$key" ]
then
mkdir -p "/etc/apt/trusted.gpg.d"
wget -q "$key" -O - | gpg --dearmor | $wget_append /etc/apt/trusted.gpg.d/$name.gpg > /dev/null
fi
# Update the list of package with the new repo
ynh_package_update
}
# Remove an extra repository and the assiociated configuration.
#
# usage: ynh_remove_extra_repo [--name=name]
# | arg: -n, --name - Name for the files for this repo, $app as default value.
ynh_remove_extra_repo () {
# Declare an array to define the options of this helper.
local legacy_args=n
declare -Ar args_array=( [n]=name= )
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
name="${name:-$app}"
ynh_secure_remove "/etc/apt/sources.list.d/$name.list"
ynh_secure_remove "/etc/apt/preferences.d/$name"
ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.gpg"
ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.asc"
# Update the list of package to exclude the old repo
ynh_package_update
}
# Install packages from an extra repository properly.
#
# usage: ynh_install_extra_app_dependencies --repo="repo" --package="dep1 dep2" [--key=key_url] [--name=name]
# | arg: -r, --repo - Complete url of the extra repository.
# | arg: -p, --package - The packages to install from this extra repository
# | arg: -k, --key - url to get the public key.
# | arg: -n, --name - Name for the files for this repo, $app as default value.
ynh_install_extra_app_dependencies () {
# Declare an array to define the options of this helper.
local legacy_args=rpkn
declare -Ar args_array=( [r]=repo= [p]=package= [k]=key= [n]=name= )
local repo
local package
local key
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
name="${name:-$app}"
key=${key:-0}
# Set a key only if asked
if [ -n "$key" ]
then
key="--key=$key"
fi
# Add an extra repository for those packages
ynh_install_extra_repo --repo="$repo" $key --priority=995 --name=$name
# Install requested dependencies from this extra repository.
ynh_add_app_dependencies --package="$package"
# Remove this extra repository after packages are installed
ynh_remove_extra_repo --name=$app
}
#=================================================
# patched version of ynh_install_app_dependencies to be used with ynh_add_app_dependencies
# Define and install dependencies with a equivs control file
# This helper can/should only be called once per app
#
# usage: ynh_install_app_dependencies dep [dep [...]]
# | arg: dep - the package name to install in dependence
# You can give a choice between some package with this syntax : "dep1|dep2"
# Example : ynh_install_app_dependencies dep1 dep2 "dep3|dep4|dep5"
# This mean in the dependence tree : dep1 & dep2 & (dep3 | dep4 | dep5)
#
# Requires YunoHost version 2.6.4 or higher.
ynh_install_app_dependencies () {
local dependencies=$@
dependencies="$(echo "$dependencies" | sed 's/\([^\<=\>]\)\ \([^(]\)/\1, \2/g')"
dependencies=${dependencies//|/ | }
local manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
local version=$(grep '\"version\": ' "$manifest_path" | cut -d '"' -f 4) # Retrieve the version number in the manifest file.
if [ ${#version} -eq 0 ]; then
version="1.0"
fi
local dep_app=${app//_/-} # Replace all '_' by '-'
# Handle specific versions
if [[ "$dependencies" =~ [\<=\>] ]]
then
# Replace version specifications by relationships syntax
# https://www.debian.org/doc/debian-policy/ch-relationships.html
# Sed clarification
# [^(\<=\>] ignore if it begins by ( or < = >. To not apply twice.
# [\<=\>] matches < = or >
# \+ matches one or more occurence of the previous characters, for >= or >>.
# [^,]\+ matches all characters except ','
# Ex: package>=1.0 will be replaced by package (>= 1.0)
dependencies="$(echo "$dependencies" | sed 's/\([^(\<=\>]\)\([\<=\>]\+\)\([^,]\+\)/\1 (\2 \3)/g')"
fi
cat > /tmp/${dep_app}-ynh-deps.control << EOF # Make a control file for equivs-build
Section: misc
Priority: optional
Package: ${dep_app}-ynh-deps
Version: ${version}
Depends: ${dependencies}
Architecture: all
Description: Fake package for $app (YunoHost app) dependencies
This meta-package is only responsible of installing its dependencies.
EOF
ynh_package_install_from_equivs /tmp/${dep_app}-ynh-deps.control \
|| ynh_die --message="Unable to install dependencies" # Install the fake package and its dependencies
rm /tmp/${dep_app}-ynh-deps.control
ynh_app_setting_set --app=$app --key=apt_dependencies --value="$dependencies"
}
ynh_add_app_dependencies () {
# Declare an array to define the options of this helper.
local legacy_args=pr
declare -Ar args_array=( [p]=package= [r]=replace)
local package
local replace
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
replace=${replace:-0}
local current_dependencies=""
if [ $replace -eq 0 ]
then
local dep_app=${app//_/-} # Replace all '_' by '-'
if ynh_package_is_installed --package="${dep_app}-ynh-deps"
then
current_dependencies="$(dpkg-query --show --showformat='${Depends}' ${dep_app}-ynh-deps) "
fi
current_dependencies=${current_dependencies// | /|}
fi
ynh_install_app_dependencies "${current_dependencies}${package}"
}

89
scripts/ynh_systemd_action Normal file
View file

@ -0,0 +1,89 @@
#!/bin/bash
# Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started
#
# usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ]
# | arg: -n, --service_name= - Name of the service to reload. Default : $app
# | arg: -a, --action= - Action to perform with systemctl. Default: start
# | arg: -l, --line_match= - Line to match - The line to find in the log to attest the service have finished to boot.
# If not defined it don't wait until the service is completely started.
# | arg: -p, --log_path= - Log file - Path to the log file. Default : /var/log/$app/$app.log
# | arg: -t, --timeout= - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds.
# | arg: -e, --length= - Length of the error log : Default : 20
ynh_systemd_action() {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= )
local service_name
local action
local line_match
local length
local log_path
local timeout
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
local service_name="${service_name:-$app}"
local action=${action:-start}
local log_path="${log_path:-/var/log/$service_name/$service_name.log}"
local length=${length:-20}
local timeout=${timeout:-300}
# Start to read the log
if [[ -n "${line_match:-}" ]]
then
local templog="$(mktemp)"
# Following the starting of the app in its log
if [ "$log_path" == "systemd" ] ; then
# Read the systemd journal
journalctl -u $service_name -f --since=-45 > "$templog" &
else
# Read the specified log file
tail -F -n0 "$log_path" > "$templog" &
fi
# Get the PID of the tail command
local pid_tail=$!
fi
echo "${action^} the service $service_name" >&2
systemctl $action $service_name \
|| ( journalctl --lines=$length -u $service_name >&2 \
; test -n "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2 \
; false )
# Start the timeout and try to find line_match
if [[ -n "${line_match:-}" ]]
then
local i=0
for i in $(seq 1 $timeout)
do
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
if grep --quiet "$line_match" "$templog"
then
echo "The service $service_name has correctly started." >&2
break
fi
echo -n "." >&2
sleep 1
done
if [ $i -eq $timeout ]
then
echo "The service $service_name didn't fully started before the timeout." >&2
journalctl --lines=$length -u $service_name >&2
test -n "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2
fi
echo ""
ynh_clean_check_starting
fi
}
# Clean temporary process and file used by ynh_check_starting
# (usually used in ynh_clean_setup scripts)
#
# usage: ynh_clean_check_starting
ynh_clean_check_starting () {
# Stop the execution of tail.
kill -s 15 $pid_tail 2>&1
ynh_secure_remove "$templog" 2>&1
}