diff --git a/scripts/_common.sh b/scripts/_common.sh index d72ade4..803c6a8 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -29,5 +29,5 @@ apply_sso_patch() { local patch_path="/tmp/sso-logout.patch" cp -f "${PKGDIR}/patches/sso-logout.patch" "$patch_path" exec_cmd git apply "$patch_path" - rm -f "$patch_path" + ynh_secure_remove "$patch_path" } diff --git a/scripts/install b/scripts/install index 4c6fef0..4630132 100644 --- a/scripts/install +++ b/scripts/install @@ -105,7 +105,7 @@ ynh_app_setting_set "$app" final_path "$final_path" # Download Movim source code tmp_path=/tmp/movim-git -sudo rm -rf "$tmp_path" +ynh_secure_remove "$tmp_path" (git clone "$GIT_REPO" "$tmp_path" \ && cd "$tmp_path" && git checkout "$HEAD_COMMIT") \ || ynh_die "Unable to download Movim source code." @@ -117,32 +117,32 @@ sudo rm -rf "$tmp_path" # TODO: add checksum # Set database configuration cp "${tmp_path}/config/"{db.example.inc.php,db.inc.php} -sed -i "s@'username' => 'username'@'username' => '$db_user'@g" \ +ynh_replace_string "'username' => 'username'" "'username' => '$db_user'" \ "${tmp_path}/config/db.inc.php" -sed -i "s@'password' => 'password'@'password' => '$db_pwd'@g" \ +ynh_replace_string "'password' => 'password'" "'password' => '$db_pwd'" \ "${tmp_path}/config/db.inc.php" ## TODO: consider installation in a subpath -sed -i "s@'/ws/'@'${path_url%/}/ws/'@g" \ +ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ "${tmp_path}/app/assets/js/movim_websocket.js" # Move Movim source code -sudo mv "$tmp_path" "$final_path" +mv "$tmp_path" "$final_path" #================================================= # CREATE DEDICATED USER #================================================= # Create movim system user and set permissions -sudo useradd -d /var/www/movim -s /bin/sh movim +useradd -d /var/www/movim -s /bin/sh movim #================================================= # SET PERMISSIONS #================================================= -sudo chown -R movim:www-data "$final_path" -sudo find "${final_path}/" -type f -print0 | sudo xargs -0 chmod 0644 -sudo find "${final_path}/" -type d -print0 | sudo xargs -0 chmod 0755 -sudo chmod 400 "${final_path}/config/db.inc.php" +chown -R movim:www-data "$final_path" +find "${final_path}/" -type f -print0 | xargs -0 chmod 0644 +find "${final_path}/" -type d -print0 | xargs -0 chmod 0755 +chmod 400 "${final_path}/config/db.inc.php" # Install PHP dependencies using composer (curl -sS https://getcomposer.org/installer \ @@ -167,19 +167,20 @@ exec_cmd php mud.php config --loglevel=1 \ #================================================= # Copy init script or systemd service -sudo sed -i "s@YHURL@${domain}${path_url}@g" ../conf/movim.{service,init} -sudo sed -i "s@YHDIR@${final_path}@g" ../conf/movim.{service,init} -sudo sed -i "s@YHPORT@${port}@g" ../conf/movim.{service,init} +ynh_replace_string "YHURL" "${domain}${path_url}" ../conf/movim.{service,init} +ynh_replace_string "YHDIR" "${final_path}" ../conf/movim.{service,init} +ynh_replace_string "YHPORT" "${port}" ../conf/movim.{service,init} + if [ -d /run/systemd/system ]; then - sudo cp ../conf/movim.service /etc/systemd/system/ - sudo systemctl daemon-reload - sudo systemctl enable movim.service - sudo systemctl start movim.service + cp ../conf/movim.service /etc/systemd/system/ + systemctl daemon-reload + systemctl enable movim.service + systemctl start movim.service else - sudo cp ../conf/movim.init /etc/init.d/movim - sudo chmod 755 /etc/init.d/movim - sudo update-rc.d movim defaults - sudo /etc/init.d/movim start + cp ../conf/movim.init /etc/init.d/movim + chmod 755 /etc/init.d/movim + update-rc.d movim defaults + /etc/init.d/movim start fi #================================================= @@ -187,19 +188,19 @@ fi #================================================= # php-fpm configuration -sed -i "s@YHTZ@$timezone@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf +ynh_replace_string "YHTZ" "$timezone" ../conf/php-fpm.conf +cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf #================================================= # NGINX CONFIGURATION #================================================= # Nginx configuration -sed -i "s@PATHTOCHANGE@$path_url@g" ../conf/nginx.conf -sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf -sed -i "s@YHPORT@$port@g" ../conf/nginx.conf -sed -i "s@//ws/@/ws/@g" ../conf/nginx.conf # Avoid duplicate / -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf +ynh_replace_string "PATHTOCHANGE" "$path_url" ../conf/nginx.conf +ynh_replace_string "ALIASTOCHANGE" "$final_path/" ../conf/nginx.conf +ynh_replace_string "YHPORT" "$port" ../conf/nginx.conf +ynh_replace_string "//ws/" "/ws/" ../conf/nginx.conf # Avoid duplicate / +cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf #================================================= @@ -225,5 +226,5 @@ fi #================================================= # Reload services -sudo service php5-fpm restart -sudo service nginx reload +service php5-fpm restart +service nginx reload diff --git a/scripts/remove b/scripts/remove index a37e9c0..9af6e81 100644 --- a/scripts/remove +++ b/scripts/remove @@ -24,31 +24,31 @@ final_path=$(ynh_app_setting_get "$app" final_path) #================================================= # Remove the dedicated nginx config -sudo rm -f "/etc/nginx/conf.d/${domain}.d/movim.conf" +ynh_secure_remove "/etc/nginx/conf.d/${domain}.d/movim.conf" #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= # Remove the dedicated php-fpm config -sudo rm -f "/etc/php5/fpm/pool.d/movim.conf" +ynh_secure_remove "/etc/php5/fpm/pool.d/movim.conf" # Reload services -sudo service nginx reload -sudo service php5-fpm restart +service nginx reload +service php5-fpm restart #================================================= # STOP AND REMOVE SERVICE #================================================= -sudo service movim stop +service movim stop if [ -d /run/systemd/system ]; then - sudo systemctl --quiet disable movim.service - sudo rm -f /lib/systemd/system/movim.service - sudo systemctl --quiet daemon-reload + systemctl --quiet disable movim.service + ynh_secure_remove /lib/systemd/system/movim.service + systemctl --quiet daemon-reload else - sudo update-rc.d -f movim remove - sudo rm -f /etc/init.d/movim + update-rc.d -f movim remove + ynh_secure_remove /etc/init.d/movim fi #================================================= @@ -71,7 +71,7 @@ ynh_mysql_drop_user "$db_user" || true # REMOVE APP MAIN DIR #================================================= -sudo rm -rf "$final_path" +ynh_secure_remove "$final_path" #================================================= # GENERIC FINALIZATION @@ -80,4 +80,4 @@ sudo rm -rf "$final_path" #================================================= ynh_system_user_exists movim \ - && sudo userdel movim + && userdel movim diff --git a/scripts/upgrade b/scripts/upgrade index ebe93c5..4adecd3 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -74,18 +74,18 @@ ynh_install_app_dependencies php5-zmq # Init git repository as needed if [ ! -d "${final_path}/.git" ]; then tmp_path=/tmp/movim-git - sudo rm -rf "$tmp_path" + ynh_secure_remove "$tmp_path" # Download Movim source code (git clone "$GIT_REPO" "$tmp_path" \ && cd "$tmp_path" && git checkout "$HEAD_COMMIT") \ || ynh_die "Unable to download Movim source code." - sudo cp "${final_path}/config/db.inc.php" "${tmp_path}/config/db.inc.php" + cp "${final_path}/config/db.inc.php" "${tmp_path}/config/db.inc.php" # Replace current source code - sudo rm -rf "$final_path" - sudo mv "$tmp_path" "$final_path" - sudo chown -R movim:www-data "$final_path" + ynh_secure_remove "$final_path" + mv "$tmp_path" "$final_path" + chown -R movim:www-data "$final_path" # Install composer for PHP dependencies curl -sS https://getcomposer.org/installer \ @@ -97,7 +97,7 @@ fi && exec_cmd git reset --hard "$HEAD_COMMIT") \ || ynh_die "Unable to download Movim source code." ## TODO: consider installation in a subpath -exec_cmd sed -i "s@'/ws/'@'${path_url%/}/ws/'@g" \ +exec_cmd ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ "${final_path}/app/assets/js/movim_websocket.js" #================================================= @@ -106,16 +106,16 @@ exec_cmd sed -i "s@'/ws/'@'${path_url%/}/ws/'@g" \ # Create movim user if not exists and set permissions ynh_system_user_exists movim \ - || sudo useradd -d /var/www/movim -s /bin/sh movim + || useradd -d /var/www/movim -s /bin/sh movim #================================================= # SET PERMISSIONS #================================================= -sudo chown -R movim:www-data "$final_path" -sudo find "${final_path}/" -type f -print0 | sudo xargs -0 chmod 0644 -sudo find "${final_path}/" -type d -print0 | sudo xargs -0 chmod 0755 -sudo chmod 400 "${final_path}/config/db.inc.php" +chown -R movim:www-data "$final_path" +find "${final_path}/" -type f -print0 | xargs -0 chmod 0644 +find "${final_path}/" -type d -print0 | xargs -0 chmod 0755 +chmod 400 "${final_path}/config/db.inc.php" #================================================= # install PHP dependencies @@ -140,7 +140,7 @@ exec_cmd php mud.php db --set # Reset SSO parameters ynh_app_setting_delete "$app" protected_uris ynh_app_setting_delete "$app" skipped_uris -sudo yunohost app clearaccess movim +yunohost app clearaccess movim # Replace old public_site variable (if exists) by ssoenabled if [ ! -z "$public_site" ]; then @@ -159,7 +159,7 @@ fi if [[ "$ssoenabled" = "No" ]]; then ynh_app_setting_set "$app" skipped_uris "/" exec_cmd php mud.php config --xmppwhitelist=$domain - sudo yunohost app ssowatconf + yunohost app ssowatconf else ynh_app_setting_set "$app" unprotected_uris "/" apply_sso_patch @@ -171,19 +171,19 @@ fi #================================================= # Update init scripts -sudo sed -i "s@YHURL@${domain}${path_url}@g" ../conf/movim.{service,init} -sudo sed -i "s@YHDIR@${final_path}@g" ../conf/movim.{service,init} -sudo sed -i "s@YHPORT@${port}@g" ../conf/movim.{service,init} +ynh_replace_string "YHURL" "${domain}${path_url}" ../conf/movim.{service,init} +ynh_replace_string "YHDIR" "${final_path}" ../conf/movim.{service,init} +ynh_replace_string "YHPORT" "${port}" ../conf/movim.{service,init} if [ -d /run/systemd/system ]; then - sudo rm -f /lib/systemd/system/movim.service - sudo cp ../conf/movim.service /etc/systemd/system/ - sudo systemctl daemon-reload + ynh_secure_remove /lib/systemd/system/movim.service + cp ../conf/movim.service /etc/systemd/system/ + systemctl daemon-reload else - sudo /etc/init.d/movim stop - sudo cp ../conf/movim.init /etc/init.d/movim - sudo chmod 755 /etc/init.d/movim - sudo update-rc.d movim defaults - sudo /etc/init.d/movim start + /etc/init.d/movim stop + cp ../conf/movim.init /etc/init.d/movim + chmod 755 /etc/init.d/movim + update-rc.d movim defaults + /etc/init.d/movim start fi #================================================= @@ -191,25 +191,25 @@ fi #================================================= # Update php-fpm configuration -sed -i "s@YHTZ@$timezone@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf +ynh_replace_string "YHTZ" "$timezone" ../conf/php-fpm.conf +cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf #================================================= # NGINX CONFIGURATION #================================================= # Nginx configuration -sed -i "s@PATHTOCHANGE@$path_url@g" ../conf/nginx.conf -sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf -sed -i "s@YHPORT@$port@g" ../conf/nginx.conf -sed -i "s@//ws/@/ws/@g" ../conf/nginx.conf # Avoid duplicate / -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf +ynh_replace_string "PATHTOCHANGE" "$path_url" ../conf/nginx.conf +ynh_replace_string "ALIASTOCHANGE" "$final_path/" ../conf/nginx.conf +ynh_replace_string "YHPORT" "$port" ../conf/nginx.conf +ynh_replace_string "//ws/" "/ws/" ../conf/nginx.conf # Avoid duplicate / +cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf #================================================= # RELOAD SERVICES #================================================= # Reload services -sudo service movim restart -sudo service php5-fpm restart -sudo service nginx reload +service movim restart +service php5-fpm restart +service nginx reload