From 3197d265ca06ffe6c7f31cc2ca856b525329467b Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 14:38:49 +0200 Subject: [PATCH 01/17] Licenses are only refering to the package itself --- CHANGELOG | 45 ---- COPYING | 661 ----------------------------------------------------- LICENSE | 662 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 661 insertions(+), 707 deletions(-) delete mode 100644 CHANGELOG delete mode 100755 COPYING mode change 100644 => 100755 LICENSE diff --git a/CHANGELOG b/CHANGELOG deleted file mode 100644 index c203182..0000000 --- a/CHANGELOG +++ /dev/null @@ -1,45 +0,0 @@ -**Changelog** - -3.0.2 2017-12-29 -- Update to movim 0.13 -- Added php5-zmq - -3.0.1 2017-11-02 -- Backup to fixed movim release due to issues - -3.0.0 2017-10-20 -- movim_ynh now fetch movim HEAD - -2.0.8 2017-08-24 -- Update to movim 0.11 git2017-08-24 - -2.0.7 2017-06-08 -- Update to movim 0.11 git2017-06-08 - -2.0.6 2017-04-05 -- Update to movim 0.11 git2017-04-05 - -2.0.5 2017-03-15 -- Update to movim 0.11alpha1 git2017-03-15 -- Access to /?infos is now forbidden. - -2.0.4 2017-02-09 -- Update to movim 0.10 git2017-02-09 - -2.0.3 2016-11-16 -- Update to movim 0.10 git2016-11-16 -- Use start, --url and --port options for Movim daemon - -2.0.2 2016-10-06 -- Update to movim 0.10 git2016-10-06 - -2.0.1 2016-08-05 -- Update to movim 0.10 git2016-08-05 - -2.0 2016-07-12 -- Major code improvement thanks to @jeromelebleu, #28 : - - Download and update source code using git (fixed HEAD COMMIT though) - - Make use of new YunoHost helpers coming with the 2.4 version - - Redirect to the SSO on logging out -- YunoHost 2.4 helpers backport if 2.2 detected (_helpers.sh) -- Update to movim 0.9 git2016-07-12 diff --git a/COPYING b/COPYING deleted file mode 100755 index dba13ed..0000000 --- a/COPYING +++ /dev/null @@ -1,661 +0,0 @@ - GNU AFFERO GENERAL PUBLIC LICENSE - Version 3, 19 November 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU Affero General Public License is a free, copyleft license for -software and other kinds of works, specifically designed to ensure -cooperation with the community in the case of network server software. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -our General Public Licenses are intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - Developers that use our General Public Licenses protect your rights -with two steps: (1) assert copyright on the software, and (2) offer -you this License which gives you legal permission to copy, distribute -and/or modify the software. - - A secondary benefit of defending all users' freedom is that -improvements made in alternate versions of the program, if they -receive widespread use, become available for other developers to -incorporate. Many developers of free software are heartened and -encouraged by the resulting cooperation. However, in the case of -software used on network servers, this result may fail to come about. -The GNU General Public License permits making a modified version and -letting the public access it on a server without ever releasing its -source code to the public. - - The GNU Affero General Public License is designed specifically to -ensure that, in such cases, the modified source code becomes available -to the community. It requires the operator of a network server to -provide the source code of the modified version running there to the -users of that server. Therefore, public use of a modified version, on -a publicly accessible server, gives the public access to the source -code of the modified version. - - An older license, called the Affero General Public License and -published by Affero, was designed to accomplish similar goals. This is -a different license, not a version of the Affero GPL, but Affero has -released a new version of the Affero GPL which permits relicensing under -this license. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU Affero General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Remote Network Interaction; Use with the GNU General Public License. - - Notwithstanding any other provision of this License, if you modify the -Program, your modified version must prominently offer all users -interacting with it remotely through a computer network (if your version -supports such interaction) an opportunity to receive the Corresponding -Source of your version by providing access to the Corresponding Source -from a network server at no charge, through some standard or customary -means of facilitating copying of software. This Corresponding Source -shall include the Corresponding Source for any work covered by version 3 -of the GNU General Public License that is incorporated pursuant to the -following paragraph. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the work with which it is combined will remain governed by version -3 of the GNU General Public License. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU Affero General Public License from time to time. Such new versions -will be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU Affero General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU Affero General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU Affero General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If your software can interact with users remotely through a computer -network, you should also make sure that it provides a way for users to -get its source. For example, if your program is a web application, its -interface could display a "Source" link that leads users to an archive -of the code. There are many ways you could offer source, and different -solutions will be better for different programs; see section 13 for the -specific requirements. - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU AGPL, see -. diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 index 226cb0f..dba13ed --- a/LICENSE +++ b/LICENSE @@ -1 +1,661 @@ -Movim is released under the terms of the AGPL license. See COPYING for more details. + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. From ab820615ab30623cd6b2ffddd529cde978ae5a38 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 14:40:39 +0200 Subject: [PATCH 02/17] Improve manifest --- manifest.json | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/manifest.json b/manifest.json index b72daa1..18d6f28 100644 --- a/manifest.json +++ b/manifest.json @@ -1,11 +1,16 @@ { "name": "Movim", "id": "movim", + "packaging_format": 1, "description": { "en": "The Kickass Social Network" }, + "version": "0.13.0~ynh1", + "requirements": { + "yunohost": ">= 3.0" + }, "url": "https://movim.eu/", - "license": "AGPL-3", + "license": "AGPL-3.0-or-later", "maintainer": { "name": "src386", "email": "soyouz@src386.org", @@ -22,19 +27,19 @@ "install" : [ { "name": "domain", - "type": "domain", + "type": "domain", "ask": { "en": "Domain of the pod", - "fr": "Domaine du pod" + "fr": "Domaine du pod" }, "example": "domain.org" }, { "name": "path", - "type": "path", + "type": "path", "ask": { "en": "Path to the pod", - "fr": "Chemin vers le pod" + "fr": "Chemin vers le pod" }, "example": "/movim", "default": "/movim" @@ -44,20 +49,20 @@ "type": "user", "ask": { "en": "Pod administrator", - "fr": "Administrateur du pod" + "fr": "Administrateur du pod" }, "example": "homer" }, { "name": "password", - "type": "password", + "type": "password", "ask": { "en": "Administrator password", "fr": "Mot de passe administrateur" }, "example" : "password" }, - { + { "name": "language", "ask": { "en": "Pod language", @@ -70,16 +75,16 @@ "name": "ssoenabled", "ask": { "en": "Enable SSO support (autologin) ?", - "fr": "Activer le support SSO (connexin auto) ?" + "fr": "Activer le support SSO (connexin auto) ?" }, "choices": ["Yes", "No"], - "default": "Yes" + "default": "Yes" }, - { + { "name": "port", "ask": { "en": "Movim daemon port (internal only)", - "fr": "Port du daemon Movim (interne uniquement)" + "fr": "Port du daemon Movim (interne uniquement)" }, "default": "9537" } From 4d85218206cdba053e2b73e9b0db28ba4d6105e5 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 14:51:29 +0200 Subject: [PATCH 03/17] Add check_process for automated tests --- check_process | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 check_process diff --git a/check_process b/check_process new file mode 100644 index 0000000..53b9f8b --- /dev/null +++ b/check_process @@ -0,0 +1,43 @@ +# See here for more informations +# https://github.com/YunoHost/package_check#syntax-check_process-file + +# Move this file from check_process.default to check_process when you have filled it. + +;; Test complet + ; Manifest + domain="domain.tld" (DOMAIN) + path="/path" (PATH) + admin="john" (USER) + password="phrasedepasse" + language="fr" + ssoenabled="Yes" + port=9537 (PORT) + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_nourl=0 + setup_private=0 + setup_public=1 + upgrade=1 + backup_restore=0 + multi_instance=0 + incorrect_path=1 + port_already_use=1 + change_url=0 +;;; Levels + Level 1=auto + Level 2=auto + Level 3=auto +# Level 4: + Level 4=1 +# Level 5: + Level 5=auto + Level 6=auto + Level 7=auto + Level 8=0 + Level 9=0 + Level 10=0 +;;; Options +Email=jean-baptiste@holcroft.fr +Notification=all \ No newline at end of file From 297b38e371aea342a88a14284e639cbf1e39b357 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 14:59:24 +0200 Subject: [PATCH 04/17] Remove legacy local helper file --- scripts/_common.sh | 1 + scripts/_helpers.sh | 78 --------------------------------------------- scripts/install | 8 +---- scripts/remove | 8 +---- scripts/upgrade | 8 +---- 5 files changed, 4 insertions(+), 99 deletions(-) delete mode 100644 scripts/_helpers.sh diff --git a/scripts/_common.sh b/scripts/_common.sh index 38f4bca..51ef84d 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Common variables # diff --git a/scripts/_helpers.sh b/scripts/_helpers.sh deleted file mode 100644 index b8055d9..0000000 --- a/scripts/_helpers.sh +++ /dev/null @@ -1,78 +0,0 @@ -# -# Yunohost helpers -# - -ynh_die() { - echo "$1" 1>&2 - exit "${2:-1}" -} - -ynh_user_exists() { - sudo yunohost user info $admin -} - -ynh_system_user_exists() { - getent passwd "$1" &>/dev/null -} - -ynh_app_setting_get() { - sudo yunohost app setting "$1" "$2" -} - -ynh_app_setting_set() { - sudo yunohost app setting "$1" "$2" -v "$3" -} - -ynh_app_setting_delete() { - sudo yunohost app setting -d "$1" "$2" -} - -ynh_string_random() { - dd if=/dev/urandom bs=1 count=200 2> /dev/null \ - | tr -c -d '[A-Za-z0-9]' \ - | sed -n 's/\(.\{'"${1:-24}"'\}\).*/\1/p' -} - -MYSQL_ROOT_PWD_FILE=/etc/yunohost/mysql - -ynh_mysql_create_db() { - db=$1 - - sql="CREATE DATABASE ${db};" - - # grant all privilegies to user - if [[ $# -gt 1 ]]; then - sql+=" GRANT ALL PRIVILEGES ON ${db}.* TO '${2}'@'localhost'" - [[ -n ${3:-} ]] && sql+=" IDENTIFIED BY '${3}'" - sql+=" WITH GRANT OPTION;" - fi - - ynh_mysql_execute_as_root "$sql" -} - -ynh_mysql_drop_db() { - ynh_mysql_execute_as_root "DROP DATABASE ${1};" -} - -ynh_mysql_drop_user() { - ynh_mysql_execute_as_root "DROP USER '${1}'@'localhost';" -} - -ynh_mysql_execute_as_root() { - ynh_mysql_connect_as "root" "$(sudo cat $MYSQL_ROOT_PWD_FILE)" \ - "${2:-}" <<< "$1" -} - -ynh_mysql_connect_as() { - mysql -u "$1" --password="$2" -B "${3:-}" -} - - -ynh_package_install() { - ynh_apt -o Dpkg::Options::=--force-confdef \ - -o Dpkg::Options::=--force-confold install $@ -} - -ynh_apt() { - DEBIAN_FRONTEND=noninteractive sudo apt-get -y -qq $@ -} diff --git a/scripts/install b/scripts/install index 26da454..d29d3b9 100644 --- a/scripts/install +++ b/scripts/install @@ -18,13 +18,7 @@ timezone=`cat /etc/timezone` # Source local helpers source ./_common.sh -# Source YunoHost helpers if exists. -# If not, source backported helpers from file. -if [ -a "/usr/share/yunohost/helpers" ]; then - source /usr/share/yunohost/helpers -else - source ./_helpers.sh -fi +source /usr/share/yunohost/helpers # Check domain/path availability sudo yunohost app checkurl "${domain}${path}" -a "$app" \ diff --git a/scripts/remove b/scripts/remove index 9294d00..91866fb 100644 --- a/scripts/remove +++ b/scripts/remove @@ -5,13 +5,7 @@ app="movim" # Source local helpers source ./_common.sh -# Source YunoHost helpers if exists. -# If not, source backported helpers from file. -if [ -a "/usr/share/yunohost/helpers" ]; then - source /usr/share/yunohost/helpers -else - source ./_helpers.sh -fi +source /usr/share/yunohost/helpers # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) diff --git a/scripts/upgrade b/scripts/upgrade index 701026d..61a4a08 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -8,13 +8,7 @@ app="movim" # Source local helpers source ./_common.sh -# Source YunoHost helpers if exists. -# If not, source backported helpers from file. -if [ -a "/usr/share/yunohost/helpers" ]; then - source /usr/share/yunohost/helpers -else - source ./_helpers.sh -fi +source /usr/share/yunohost/helpers # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) From af6245e04f05626722113f4c124a4a73601a21dc Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 15:00:05 +0200 Subject: [PATCH 05/17] Use apt package helpers on i/r/u --- scripts/install | 2 +- scripts/remove | 7 +++++++ scripts/upgrade | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index d29d3b9..fdcdc26 100644 --- a/scripts/install +++ b/scripts/install @@ -59,7 +59,7 @@ db_name=movim ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd" # Install packages -ynh_package_install php5-gd php5-curl php5-imagick php5-cli php5-zmq +ynh_install_app_dependencies php5-gd php5-curl php5-imagick php5-cli php5-zmq # Download Movim source code tmp_path=/tmp/movim-git diff --git a/scripts/remove b/scripts/remove index 91866fb..2bd9960 100644 --- a/scripts/remove +++ b/scripts/remove @@ -29,6 +29,13 @@ else sudo rm -f /etc/init.d/movim fi +#================================================= +# REMOVE DEPENDENCIES +#================================================= + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + # Drop MySQL database and user db_user=movim db_name=movim diff --git a/scripts/upgrade b/scripts/upgrade index 61a4a08..603d936 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,7 +24,7 @@ timezone=`cat /etc/timezone` && echo "Detected timezone: $timezone" # Since Movim 0.13, zmq is required -ynh_package_install php5-zmq +ynh_install_app_dependencies php5-zmq # Init git repository as needed if [ ! -d "${DESTDIR}/.git" ]; then From 0b331472cab73d6c9d76a81019d244284c4930c7 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 15:55:41 +0200 Subject: [PATCH 06/17] Add comments, rename to --- scripts/install | 163 ++++++++++++++++++++++++++++++++++++------------ scripts/remove | 50 ++++++++++++--- scripts/upgrade | 110 +++++++++++++++++++++++++++----- 3 files changed, 259 insertions(+), 64 deletions(-) diff --git a/scripts/install b/scripts/install index fdcdc26..6c77d73 100644 --- a/scripts/install +++ b/scripts/install @@ -1,51 +1,83 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu - -app="movim" - -# Retrieve arguments -domain=$1 -path=${2:-/} -admin=$3 -password=$4 -language=$5 -ssoenabled=$6 -port=$7 -timezone=`cat /etc/timezone` - -# Source local helpers -source ./_common.sh +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= +source _common.sh source /usr/share/yunohost/helpers -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || exit 1 +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + +domain=$YNH_APP_ARG_DOMAIN +path_url=$YNH_APP_ARG_PATH +admin=$YNH_APP_ARG_ADMIN +password=$YNH_APP_ARG_PASSWORD +language=$YNH_APP_ARG_LANGUAGE +ssoenabled=$YNH_APP_ARG_SSOENABLED +port=$YNH_APP_ARG_PORT +timezone=$(cat /etc/timezone) + +### If it's a multi-instance app, meaning it can be installed several times independently +### The id of the app as stated in the manifest is available as $YNH_APP_ID +### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) +### The app instance name is available as $YNH_APP_INSTANCE_NAME +### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample +### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 +### - ynhexample__{N} for the subsequent installations, with N=3,4, ... +### The app instance name is probably what interests you most, since this is +### guaranteed to be unique. This is a good unique identifier to define installation path, +### db names, ... +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= + +# TODO: final_path=/var/www/$app +test ! -e "$DESTDIR" || ynh_die "This path already contains a folder" + +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) + +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url # Check port availability -sudo yunohost app checkport "$port" \ - || exit 1 +yunohost app checkport "$port" \ + || ynh_die "This port is already used" -# Check user availability -ynh_user_exists "$admin" \ - || ynh_die "The chosen admin user does not exist." - -# Check password not empty -[[ -n "$password" ]] \ - || ynh_die "You must set an admin password." - -# Check timezone -[[ -n "$timezone" ]] \ - || ynh_die "Could not detect timezone, please check /etc/timezone." \ - && echo "Detected timezone: $timezone" +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= # Save app settings ynh_app_setting_set "$app" admin "$admin" ynh_app_setting_set "$app" ssoenabled "$ssoenabled" ynh_app_setting_set "$app" port "$port" -ynh_app_setting_set "$app" path "$path" +ynh_app_setting_set "$app" path "$path_url" + + +#================================================= +# STANDARD MODIFICATIONS +#================================================= + +#================================================= +# CREATE A MYSQL DATABASE +#================================================= # Generate and save random MySQL password db_pwd=$(ynh_string_random 12) @@ -58,9 +90,17 @@ db_name=movim # Create MySQL database ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd" +#================================================= +# INSTALL DEPENDENCIES +#================================================= + # Install packages ynh_install_app_dependencies php5-gd php5-curl php5-imagick php5-cli php5-zmq +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + # Download Movim source code tmp_path=/tmp/movim-git sudo rm -rf "$tmp_path" @@ -68,21 +108,35 @@ sudo rm -rf "$tmp_path" && cd "$tmp_path" && git checkout "$HEAD_COMMIT") \ || ynh_die "Unable to download Movim source code." +#================================================= +# SET CONFIGURATION FILE +#================================================= + +# TODO: add checksum # Set database configuration cp "${tmp_path}/config/"{db.example.inc.php,db.inc.php} sed -i "s@'username' => 'username'@'username' => '$db_user'@g" \ "${tmp_path}/config/db.inc.php" sed -i "s@'password' => 'password'@'password' => '$db_pwd'@g" \ "${tmp_path}/config/db.inc.php" -## FIXME: consider installation in a subpath -sed -i "s@'/ws/'@'${path%/}/ws/'@g" \ +## TODO: consider installation in a subpath +sed -i "s@'/ws/'@'${path_url%/}/ws/'@g" \ "${tmp_path}/app/assets/js/movim_websocket.js" # Move Movim source code sudo mv "$tmp_path" "$DESTDIR" +#================================================= +# CREATE DEDICATED USER +#================================================= + # Create movim system user and set permissions sudo useradd -d /var/www/movim -s /bin/sh movim + +#================================================= +# SET PERMISSIONS +#================================================= + sudo chown -R movim:www-data "$DESTDIR" sudo find "${DESTDIR}/" -type f -print0 | sudo xargs -0 chmod 0644 sudo find "${DESTDIR}/" -type d -print0 | sudo xargs -0 chmod 0755 @@ -95,14 +149,23 @@ sudo chmod 400 "${DESTDIR}/config/db.inc.php" && exec_cmd php composer.phar install --no-interaction) \ || ynh_die "Unable to install Movim dependencies." + +#================================================= +# Set Movim database and configuration +#================================================= + # Set Movim database and configuration exec_cmd php mud.php db --set exec_cmd php mud.php config --loglevel=1 \ --locale="$language" --timezone="$timezone" \ --username="$admin" --password="$password" +#================================================= +# SETUP SYSTEMD +#================================================= + # Copy init script or systemd service -sudo sed -i "s@YHURL@${domain}${path}@g" ../conf/movim.{service,init} +sudo sed -i "s@YHURL@${domain}${path_url}@g" ../conf/movim.{service,init} sudo sed -i "s@YHDIR@${DESTDIR}@g" ../conf/movim.{service,init} sudo sed -i "s@YHPORT@${port}@g" ../conf/movim.{service,init} if [ -d /run/systemd/system ]; then @@ -117,17 +180,35 @@ else sudo /etc/init.d/movim start fi +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + # php-fpm configuration sed -i "s@YHTZ@$timezone@g" ../conf/php-fpm.conf sudo cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf +#================================================= +# NGINX CONFIGURATION +#================================================= + # Nginx configuration -sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf +sed -i "s@PATHTOCHANGE@$path_url@g" ../conf/nginx.conf sed -i "s@ALIASTOCHANGE@$DESTDIR/@g" ../conf/nginx.conf sed -i "s@YHPORT@$port@g" ../conf/nginx.conf sed -i "s@//ws/@/ws/@g" ../conf/nginx.conf # Avoid duplicate / sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf + +#================================================= +# GENERIC FINALIZATION +#================================================= + + +#================================================= +# SETUP SSOWAT +#================================================= + # SSOwat configuration if [[ "$ssoenabled" = "No" ]]; then ynh_app_setting_set "$app" skipped_uris "/" @@ -137,6 +218,10 @@ else apply_sso_patch fi +#================================================= +# RELOAD NGINX +#================================================= + # Reload services sudo service php5-fpm restart sudo service nginx reload diff --git a/scripts/remove b/scripts/remove index 2bd9960..6b8b50a 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,24 +1,45 @@ #!/bin/bash -app="movim" - -# Source local helpers -source ./_common.sh +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= +source _common.sh source /usr/share/yunohost/helpers +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME + # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) -# Remove nginx and php-fpm configuration files +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +# Remove the dedicated nginx config sudo rm -f "/etc/nginx/conf.d/${domain}.d/movim.conf" + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config sudo rm -f "/etc/php5/fpm/pool.d/movim.conf" # Reload services sudo service nginx reload sudo service php5-fpm restart -# Stop service and remove it +#================================================= +# STOP AND REMOVE SERVICE +#================================================= + sudo service movim stop if [ -d /run/systemd/system ]; then sudo systemctl --quiet disable movim.service @@ -36,13 +57,26 @@ fi # Remove metapackage and its dependencies ynh_remove_app_dependencies -# Drop MySQL database and user +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= + db_user=movim db_name=movim ynh_mysql_drop_db "$db_name" || true ynh_mysql_drop_user "$db_user" || true -# Remove Movim files and user +#================================================= +# REMOVE APP MAIN DIR +#================================================= + sudo rm -rf /var/www/movim + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= + ynh_system_user_exists movim \ && sudo userdel movim diff --git a/scripts/upgrade b/scripts/upgrade index 603d936..e37c592 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,31 +1,65 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu - -app="movim" - -# Source local helpers -source ./_common.sh +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= +source _common.sh source /usr/share/yunohost/helpers +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME + # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) +path_url=$(ynh_app_setting_get "$app" path) port=$(ynh_app_setting_get "$app" port) ssoenabled=$(ynh_app_setting_get "$app" ssoenabled) public_site=$(ynh_app_setting_get "$app" public_site) -timezone=`cat /etc/timezone` +timezone=$(cat /etc/timezone) -# Check timezone -[[ -n "$timezone" ]] \ - || ynh_die "Could not detect timezone, please check /etc/timezone." \ - && echo "Detected timezone: $timezone" +#================================================= +# ACTIVE TRAP +#================================================= + +# TODO: activate backup +# Backup the current version of the app +# ynh_backup_before_upgrade +# ynh_clean_setup () { + # restore it if the upgrade fails + # ynh_restore_upgradebackup +# } +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= + +#================================================= +# UPGRADE DEPENDENCIES +#================================================= # Since Movim 0.13, zmq is required ynh_install_app_dependencies php5-zmq +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + # Init git repository as needed if [ ! -d "${DESTDIR}/.git" ]; then tmp_path=/tmp/movim-git @@ -51,26 +85,47 @@ fi (exec_cmd git fetch origin \ && exec_cmd git reset --hard "$HEAD_COMMIT") \ || ynh_die "Unable to download Movim source code." -## FIXME: consider installation in a subpath -exec_cmd sed -i "s@'/ws/'@'${path%/}/ws/'@g" \ +## TODO: consider installation in a subpath +exec_cmd sed -i "s@'/ws/'@'${path_url%/}/ws/'@g" \ "${DESTDIR}/app/assets/js/movim_websocket.js" +#================================================= +# CREATE DEDICATED USER +#================================================= + # Create movim user if not exists and set permissions ynh_system_user_exists movim \ || sudo useradd -d /var/www/movim -s /bin/sh movim + +#================================================= +# SET PERMISSIONS +#================================================= + sudo chown -R movim:www-data "$DESTDIR" sudo find "${DESTDIR}/" -type f -print0 | sudo xargs -0 chmod 0644 sudo find "${DESTDIR}/" -type d -print0 | sudo xargs -0 chmod 0755 sudo chmod 400 "${DESTDIR}/config/db.inc.php" +#================================================= +# install PHP dependencies +#================================================= + # Update PHP dependencies using composer (exec_cmd php composer.phar config --global discard-changes true \ && exec_cmd php composer.phar install --no-interaction) \ || ynh_die "Unable to update Movim dependencies." +#================================================= +# Upgrade Movim Databas +#================================================= + # Upgrade Movim database as needed exec_cmd php mud.php db --set +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= + # Reset SSO parameters ynh_app_setting_delete "$app" protected_uris ynh_app_setting_delete "$app" skipped_uris @@ -85,6 +140,10 @@ if [ ! -z "$public_site" ]; then ynh_app_setting_set "$app" ssoenabled "$ssoenabled" fi +#================================================= +# SETUP SSOWAT +#================================================= + # SSOwat configuration if [[ "$ssoenabled" = "No" ]]; then ynh_app_setting_set "$app" skipped_uris "/" @@ -95,8 +154,13 @@ else apply_sso_patch fi + +#================================================= +# SETUP SYSTEMD +#================================================= + # Update init scripts -sudo sed -i "s@YHURL@${domain}${path}@g" ../conf/movim.{service,init} +sudo sed -i "s@YHURL@${domain}${path_url}@g" ../conf/movim.{service,init} sudo sed -i "s@YHDIR@${DESTDIR}@g" ../conf/movim.{service,init} sudo sed -i "s@YHPORT@${port}@g" ../conf/movim.{service,init} if [ -d /run/systemd/system ]; then @@ -111,17 +175,29 @@ else sudo /etc/init.d/movim start fi +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + # Update php-fpm configuration sed -i "s@YHTZ@$timezone@g" ../conf/php-fpm.conf sudo cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf +#================================================= +# NGINX CONFIGURATION +#================================================= + # Nginx configuration -sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf +sed -i "s@PATHTOCHANGE@$path_url@g" ../conf/nginx.conf sed -i "s@ALIASTOCHANGE@$DESTDIR/@g" ../conf/nginx.conf sed -i "s@YHPORT@$port@g" ../conf/nginx.conf sed -i "s@//ws/@/ws/@g" ../conf/nginx.conf # Avoid duplicate / sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf +#================================================= +# RELOAD SERVICES +#================================================= + # Reload services sudo service movim restart sudo service php5-fpm restart From 5182be43890db733098d601cf849d6cf4f90cd5c Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 16:36:04 +0200 Subject: [PATCH 07/17] s/DESTDIR/final_path/ --- scripts/_common.sh | 5 +---- scripts/install | 22 ++++++++++++---------- scripts/remove | 3 ++- scripts/upgrade | 37 ++++++++++++++++++++++++------------- 4 files changed, 39 insertions(+), 28 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 51ef84d..d72ade4 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -9,9 +9,6 @@ GIT_REPO="https://github.com/movim/movim" # Commit to checkout HEAD_COMMIT="ee249f1e37b548c71b9a339dd358fbd2136e3291" -# Source code destination directory -DESTDIR="/var/www/movim" - # App package root directory should be the parent folder PKGDIR=$(cd ../; pwd) @@ -22,7 +19,7 @@ PKGDIR=$(cd ../; pwd) # Execute a command as movim user in the destination directory # usage: exec_cmd COMMAND [ARG ...] exec_cmd() { - (cd "$DESTDIR" \ + (cd "$final_path" \ && sudo sudo -u movim "$@") } diff --git a/scripts/install b/scripts/install index 6c77d73..4c6fef0 100644 --- a/scripts/install +++ b/scripts/install @@ -45,8 +45,8 @@ app=$YNH_APP_INSTANCE_NAME # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -# TODO: final_path=/var/www/$app -test ! -e "$DESTDIR" || ynh_die "This path already contains a folder" +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax path_url=$(ynh_normalize_url_path $path_url) @@ -101,6 +101,8 @@ ynh_install_app_dependencies php5-gd php5-curl php5-imagick php5-cli php5-zmq # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_app_setting_set "$app" final_path "$final_path" + # Download Movim source code tmp_path=/tmp/movim-git sudo rm -rf "$tmp_path" @@ -124,7 +126,7 @@ sed -i "s@'/ws/'@'${path_url%/}/ws/'@g" \ "${tmp_path}/app/assets/js/movim_websocket.js" # Move Movim source code -sudo mv "$tmp_path" "$DESTDIR" +sudo mv "$tmp_path" "$final_path" #================================================= # CREATE DEDICATED USER @@ -137,14 +139,14 @@ sudo useradd -d /var/www/movim -s /bin/sh movim # SET PERMISSIONS #================================================= -sudo chown -R movim:www-data "$DESTDIR" -sudo find "${DESTDIR}/" -type f -print0 | sudo xargs -0 chmod 0644 -sudo find "${DESTDIR}/" -type d -print0 | sudo xargs -0 chmod 0755 -sudo chmod 400 "${DESTDIR}/config/db.inc.php" +sudo chown -R movim:www-data "$final_path" +sudo find "${final_path}/" -type f -print0 | sudo xargs -0 chmod 0644 +sudo find "${final_path}/" -type d -print0 | sudo xargs -0 chmod 0755 +sudo chmod 400 "${final_path}/config/db.inc.php" # Install PHP dependencies using composer (curl -sS https://getcomposer.org/installer \ - | exec_cmd php -- --install-dir="$DESTDIR" \ + | exec_cmd php -- --install-dir="$final_path" \ && exec_cmd php composer.phar config --global discard-changes true \ && exec_cmd php composer.phar install --no-interaction) \ || ynh_die "Unable to install Movim dependencies." @@ -166,7 +168,7 @@ exec_cmd php mud.php config --loglevel=1 \ # Copy init script or systemd service sudo sed -i "s@YHURL@${domain}${path_url}@g" ../conf/movim.{service,init} -sudo sed -i "s@YHDIR@${DESTDIR}@g" ../conf/movim.{service,init} +sudo sed -i "s@YHDIR@${final_path}@g" ../conf/movim.{service,init} sudo sed -i "s@YHPORT@${port}@g" ../conf/movim.{service,init} if [ -d /run/systemd/system ]; then sudo cp ../conf/movim.service /etc/systemd/system/ @@ -194,7 +196,7 @@ sudo cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf # Nginx configuration sed -i "s@PATHTOCHANGE@$path_url@g" ../conf/nginx.conf -sed -i "s@ALIASTOCHANGE@$DESTDIR/@g" ../conf/nginx.conf +sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf sed -i "s@YHPORT@$port@g" ../conf/nginx.conf sed -i "s@//ws/@/ws/@g" ../conf/nginx.conf # Avoid duplicate / sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf diff --git a/scripts/remove b/scripts/remove index 6b8b50a..a37e9c0 100644 --- a/scripts/remove +++ b/scripts/remove @@ -17,6 +17,7 @@ app=$YNH_APP_INSTANCE_NAME # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) +final_path=$(ynh_app_setting_get "$app" final_path) #================================================= # REMOVE NGINX CONFIGURATION @@ -70,7 +71,7 @@ ynh_mysql_drop_user "$db_user" || true # REMOVE APP MAIN DIR #================================================= -sudo rm -rf /var/www/movim +sudo rm -rf "$final_path" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index e37c592..ebe93c5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,6 +22,17 @@ port=$(ynh_app_setting_get "$app" port) ssoenabled=$(ynh_app_setting_get "$app" ssoenabled) public_site=$(ynh_app_setting_get "$app" public_site) timezone=$(cat /etc/timezone) +final_path=$(ynh_app_setting_get "$app" final_path) + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path="/var/www/$app" + ynh_app_setting_set "$app" final_path "$final_path" +fi #================================================= # ACTIVE TRAP @@ -61,7 +72,7 @@ ynh_install_app_dependencies php5-zmq #================================================= # Init git repository as needed -if [ ! -d "${DESTDIR}/.git" ]; then +if [ ! -d "${final_path}/.git" ]; then tmp_path=/tmp/movim-git sudo rm -rf "$tmp_path" @@ -69,16 +80,16 @@ if [ ! -d "${DESTDIR}/.git" ]; then (git clone "$GIT_REPO" "$tmp_path" \ && cd "$tmp_path" && git checkout "$HEAD_COMMIT") \ || ynh_die "Unable to download Movim source code." - sudo cp "${DESTDIR}/config/db.inc.php" "${tmp_path}/config/db.inc.php" + sudo cp "${final_path}/config/db.inc.php" "${tmp_path}/config/db.inc.php" # Replace current source code - sudo rm -rf "$DESTDIR" - sudo mv "$tmp_path" "$DESTDIR" - sudo chown -R movim:www-data "$DESTDIR" + sudo rm -rf "$final_path" + sudo mv "$tmp_path" "$final_path" + sudo chown -R movim:www-data "$final_path" # Install composer for PHP dependencies curl -sS https://getcomposer.org/installer \ - | exec_cmd php -- --install-dir="$DESTDIR" + | exec_cmd php -- --install-dir="$final_path" fi # Update Movim source code @@ -87,7 +98,7 @@ fi || ynh_die "Unable to download Movim source code." ## TODO: consider installation in a subpath exec_cmd sed -i "s@'/ws/'@'${path_url%/}/ws/'@g" \ - "${DESTDIR}/app/assets/js/movim_websocket.js" + "${final_path}/app/assets/js/movim_websocket.js" #================================================= # CREATE DEDICATED USER @@ -101,10 +112,10 @@ ynh_system_user_exists movim \ # SET PERMISSIONS #================================================= -sudo chown -R movim:www-data "$DESTDIR" -sudo find "${DESTDIR}/" -type f -print0 | sudo xargs -0 chmod 0644 -sudo find "${DESTDIR}/" -type d -print0 | sudo xargs -0 chmod 0755 -sudo chmod 400 "${DESTDIR}/config/db.inc.php" +sudo chown -R movim:www-data "$final_path" +sudo find "${final_path}/" -type f -print0 | sudo xargs -0 chmod 0644 +sudo find "${final_path}/" -type d -print0 | sudo xargs -0 chmod 0755 +sudo chmod 400 "${final_path}/config/db.inc.php" #================================================= # install PHP dependencies @@ -161,7 +172,7 @@ fi # Update init scripts sudo sed -i "s@YHURL@${domain}${path_url}@g" ../conf/movim.{service,init} -sudo sed -i "s@YHDIR@${DESTDIR}@g" ../conf/movim.{service,init} +sudo sed -i "s@YHDIR@${final_path}@g" ../conf/movim.{service,init} sudo sed -i "s@YHPORT@${port}@g" ../conf/movim.{service,init} if [ -d /run/systemd/system ]; then sudo rm -f /lib/systemd/system/movim.service @@ -189,7 +200,7 @@ sudo cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf # Nginx configuration sed -i "s@PATHTOCHANGE@$path_url@g" ../conf/nginx.conf -sed -i "s@ALIASTOCHANGE@$DESTDIR/@g" ../conf/nginx.conf +sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf sed -i "s@YHPORT@$port@g" ../conf/nginx.conf sed -i "s@//ws/@/ws/@g" ../conf/nginx.conf # Avoid duplicate / sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf From 24c4ccb8a6c439fb5f254fceceaeb54273a1ee5b Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 16:46:40 +0200 Subject: [PATCH 08/17] Remove sudo and use helper instead of rm and sed --- scripts/_common.sh | 2 +- scripts/install | 61 +++++++++++++++++++++-------------------- scripts/remove | 24 ++++++++-------- scripts/upgrade | 68 +++++++++++++++++++++++----------------------- 4 files changed, 78 insertions(+), 77 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index d72ade4..803c6a8 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -29,5 +29,5 @@ apply_sso_patch() { local patch_path="/tmp/sso-logout.patch" cp -f "${PKGDIR}/patches/sso-logout.patch" "$patch_path" exec_cmd git apply "$patch_path" - rm -f "$patch_path" + ynh_secure_remove "$patch_path" } diff --git a/scripts/install b/scripts/install index 4c6fef0..4630132 100644 --- a/scripts/install +++ b/scripts/install @@ -105,7 +105,7 @@ ynh_app_setting_set "$app" final_path "$final_path" # Download Movim source code tmp_path=/tmp/movim-git -sudo rm -rf "$tmp_path" +ynh_secure_remove "$tmp_path" (git clone "$GIT_REPO" "$tmp_path" \ && cd "$tmp_path" && git checkout "$HEAD_COMMIT") \ || ynh_die "Unable to download Movim source code." @@ -117,32 +117,32 @@ sudo rm -rf "$tmp_path" # TODO: add checksum # Set database configuration cp "${tmp_path}/config/"{db.example.inc.php,db.inc.php} -sed -i "s@'username' => 'username'@'username' => '$db_user'@g" \ +ynh_replace_string "'username' => 'username'" "'username' => '$db_user'" \ "${tmp_path}/config/db.inc.php" -sed -i "s@'password' => 'password'@'password' => '$db_pwd'@g" \ +ynh_replace_string "'password' => 'password'" "'password' => '$db_pwd'" \ "${tmp_path}/config/db.inc.php" ## TODO: consider installation in a subpath -sed -i "s@'/ws/'@'${path_url%/}/ws/'@g" \ +ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ "${tmp_path}/app/assets/js/movim_websocket.js" # Move Movim source code -sudo mv "$tmp_path" "$final_path" +mv "$tmp_path" "$final_path" #================================================= # CREATE DEDICATED USER #================================================= # Create movim system user and set permissions -sudo useradd -d /var/www/movim -s /bin/sh movim +useradd -d /var/www/movim -s /bin/sh movim #================================================= # SET PERMISSIONS #================================================= -sudo chown -R movim:www-data "$final_path" -sudo find "${final_path}/" -type f -print0 | sudo xargs -0 chmod 0644 -sudo find "${final_path}/" -type d -print0 | sudo xargs -0 chmod 0755 -sudo chmod 400 "${final_path}/config/db.inc.php" +chown -R movim:www-data "$final_path" +find "${final_path}/" -type f -print0 | xargs -0 chmod 0644 +find "${final_path}/" -type d -print0 | xargs -0 chmod 0755 +chmod 400 "${final_path}/config/db.inc.php" # Install PHP dependencies using composer (curl -sS https://getcomposer.org/installer \ @@ -167,19 +167,20 @@ exec_cmd php mud.php config --loglevel=1 \ #================================================= # Copy init script or systemd service -sudo sed -i "s@YHURL@${domain}${path_url}@g" ../conf/movim.{service,init} -sudo sed -i "s@YHDIR@${final_path}@g" ../conf/movim.{service,init} -sudo sed -i "s@YHPORT@${port}@g" ../conf/movim.{service,init} +ynh_replace_string "YHURL" "${domain}${path_url}" ../conf/movim.{service,init} +ynh_replace_string "YHDIR" "${final_path}" ../conf/movim.{service,init} +ynh_replace_string "YHPORT" "${port}" ../conf/movim.{service,init} + if [ -d /run/systemd/system ]; then - sudo cp ../conf/movim.service /etc/systemd/system/ - sudo systemctl daemon-reload - sudo systemctl enable movim.service - sudo systemctl start movim.service + cp ../conf/movim.service /etc/systemd/system/ + systemctl daemon-reload + systemctl enable movim.service + systemctl start movim.service else - sudo cp ../conf/movim.init /etc/init.d/movim - sudo chmod 755 /etc/init.d/movim - sudo update-rc.d movim defaults - sudo /etc/init.d/movim start + cp ../conf/movim.init /etc/init.d/movim + chmod 755 /etc/init.d/movim + update-rc.d movim defaults + /etc/init.d/movim start fi #================================================= @@ -187,19 +188,19 @@ fi #================================================= # php-fpm configuration -sed -i "s@YHTZ@$timezone@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf +ynh_replace_string "YHTZ" "$timezone" ../conf/php-fpm.conf +cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf #================================================= # NGINX CONFIGURATION #================================================= # Nginx configuration -sed -i "s@PATHTOCHANGE@$path_url@g" ../conf/nginx.conf -sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf -sed -i "s@YHPORT@$port@g" ../conf/nginx.conf -sed -i "s@//ws/@/ws/@g" ../conf/nginx.conf # Avoid duplicate / -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf +ynh_replace_string "PATHTOCHANGE" "$path_url" ../conf/nginx.conf +ynh_replace_string "ALIASTOCHANGE" "$final_path/" ../conf/nginx.conf +ynh_replace_string "YHPORT" "$port" ../conf/nginx.conf +ynh_replace_string "//ws/" "/ws/" ../conf/nginx.conf # Avoid duplicate / +cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf #================================================= @@ -225,5 +226,5 @@ fi #================================================= # Reload services -sudo service php5-fpm restart -sudo service nginx reload +service php5-fpm restart +service nginx reload diff --git a/scripts/remove b/scripts/remove index a37e9c0..9af6e81 100644 --- a/scripts/remove +++ b/scripts/remove @@ -24,31 +24,31 @@ final_path=$(ynh_app_setting_get "$app" final_path) #================================================= # Remove the dedicated nginx config -sudo rm -f "/etc/nginx/conf.d/${domain}.d/movim.conf" +ynh_secure_remove "/etc/nginx/conf.d/${domain}.d/movim.conf" #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= # Remove the dedicated php-fpm config -sudo rm -f "/etc/php5/fpm/pool.d/movim.conf" +ynh_secure_remove "/etc/php5/fpm/pool.d/movim.conf" # Reload services -sudo service nginx reload -sudo service php5-fpm restart +service nginx reload +service php5-fpm restart #================================================= # STOP AND REMOVE SERVICE #================================================= -sudo service movim stop +service movim stop if [ -d /run/systemd/system ]; then - sudo systemctl --quiet disable movim.service - sudo rm -f /lib/systemd/system/movim.service - sudo systemctl --quiet daemon-reload + systemctl --quiet disable movim.service + ynh_secure_remove /lib/systemd/system/movim.service + systemctl --quiet daemon-reload else - sudo update-rc.d -f movim remove - sudo rm -f /etc/init.d/movim + update-rc.d -f movim remove + ynh_secure_remove /etc/init.d/movim fi #================================================= @@ -71,7 +71,7 @@ ynh_mysql_drop_user "$db_user" || true # REMOVE APP MAIN DIR #================================================= -sudo rm -rf "$final_path" +ynh_secure_remove "$final_path" #================================================= # GENERIC FINALIZATION @@ -80,4 +80,4 @@ sudo rm -rf "$final_path" #================================================= ynh_system_user_exists movim \ - && sudo userdel movim + && userdel movim diff --git a/scripts/upgrade b/scripts/upgrade index ebe93c5..4adecd3 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -74,18 +74,18 @@ ynh_install_app_dependencies php5-zmq # Init git repository as needed if [ ! -d "${final_path}/.git" ]; then tmp_path=/tmp/movim-git - sudo rm -rf "$tmp_path" + ynh_secure_remove "$tmp_path" # Download Movim source code (git clone "$GIT_REPO" "$tmp_path" \ && cd "$tmp_path" && git checkout "$HEAD_COMMIT") \ || ynh_die "Unable to download Movim source code." - sudo cp "${final_path}/config/db.inc.php" "${tmp_path}/config/db.inc.php" + cp "${final_path}/config/db.inc.php" "${tmp_path}/config/db.inc.php" # Replace current source code - sudo rm -rf "$final_path" - sudo mv "$tmp_path" "$final_path" - sudo chown -R movim:www-data "$final_path" + ynh_secure_remove "$final_path" + mv "$tmp_path" "$final_path" + chown -R movim:www-data "$final_path" # Install composer for PHP dependencies curl -sS https://getcomposer.org/installer \ @@ -97,7 +97,7 @@ fi && exec_cmd git reset --hard "$HEAD_COMMIT") \ || ynh_die "Unable to download Movim source code." ## TODO: consider installation in a subpath -exec_cmd sed -i "s@'/ws/'@'${path_url%/}/ws/'@g" \ +exec_cmd ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ "${final_path}/app/assets/js/movim_websocket.js" #================================================= @@ -106,16 +106,16 @@ exec_cmd sed -i "s@'/ws/'@'${path_url%/}/ws/'@g" \ # Create movim user if not exists and set permissions ynh_system_user_exists movim \ - || sudo useradd -d /var/www/movim -s /bin/sh movim + || useradd -d /var/www/movim -s /bin/sh movim #================================================= # SET PERMISSIONS #================================================= -sudo chown -R movim:www-data "$final_path" -sudo find "${final_path}/" -type f -print0 | sudo xargs -0 chmod 0644 -sudo find "${final_path}/" -type d -print0 | sudo xargs -0 chmod 0755 -sudo chmod 400 "${final_path}/config/db.inc.php" +chown -R movim:www-data "$final_path" +find "${final_path}/" -type f -print0 | xargs -0 chmod 0644 +find "${final_path}/" -type d -print0 | xargs -0 chmod 0755 +chmod 400 "${final_path}/config/db.inc.php" #================================================= # install PHP dependencies @@ -140,7 +140,7 @@ exec_cmd php mud.php db --set # Reset SSO parameters ynh_app_setting_delete "$app" protected_uris ynh_app_setting_delete "$app" skipped_uris -sudo yunohost app clearaccess movim +yunohost app clearaccess movim # Replace old public_site variable (if exists) by ssoenabled if [ ! -z "$public_site" ]; then @@ -159,7 +159,7 @@ fi if [[ "$ssoenabled" = "No" ]]; then ynh_app_setting_set "$app" skipped_uris "/" exec_cmd php mud.php config --xmppwhitelist=$domain - sudo yunohost app ssowatconf + yunohost app ssowatconf else ynh_app_setting_set "$app" unprotected_uris "/" apply_sso_patch @@ -171,19 +171,19 @@ fi #================================================= # Update init scripts -sudo sed -i "s@YHURL@${domain}${path_url}@g" ../conf/movim.{service,init} -sudo sed -i "s@YHDIR@${final_path}@g" ../conf/movim.{service,init} -sudo sed -i "s@YHPORT@${port}@g" ../conf/movim.{service,init} +ynh_replace_string "YHURL" "${domain}${path_url}" ../conf/movim.{service,init} +ynh_replace_string "YHDIR" "${final_path}" ../conf/movim.{service,init} +ynh_replace_string "YHPORT" "${port}" ../conf/movim.{service,init} if [ -d /run/systemd/system ]; then - sudo rm -f /lib/systemd/system/movim.service - sudo cp ../conf/movim.service /etc/systemd/system/ - sudo systemctl daemon-reload + ynh_secure_remove /lib/systemd/system/movim.service + cp ../conf/movim.service /etc/systemd/system/ + systemctl daemon-reload else - sudo /etc/init.d/movim stop - sudo cp ../conf/movim.init /etc/init.d/movim - sudo chmod 755 /etc/init.d/movim - sudo update-rc.d movim defaults - sudo /etc/init.d/movim start + /etc/init.d/movim stop + cp ../conf/movim.init /etc/init.d/movim + chmod 755 /etc/init.d/movim + update-rc.d movim defaults + /etc/init.d/movim start fi #================================================= @@ -191,25 +191,25 @@ fi #================================================= # Update php-fpm configuration -sed -i "s@YHTZ@$timezone@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf +ynh_replace_string "YHTZ" "$timezone" ../conf/php-fpm.conf +cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf #================================================= # NGINX CONFIGURATION #================================================= # Nginx configuration -sed -i "s@PATHTOCHANGE@$path_url@g" ../conf/nginx.conf -sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf -sed -i "s@YHPORT@$port@g" ../conf/nginx.conf -sed -i "s@//ws/@/ws/@g" ../conf/nginx.conf # Avoid duplicate / -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf +ynh_replace_string "PATHTOCHANGE" "$path_url" ../conf/nginx.conf +ynh_replace_string "ALIASTOCHANGE" "$final_path/" ../conf/nginx.conf +ynh_replace_string "YHPORT" "$port" ../conf/nginx.conf +ynh_replace_string "//ws/" "/ws/" ../conf/nginx.conf # Avoid duplicate / +cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf #================================================= # RELOAD SERVICES #================================================= # Reload services -sudo service movim restart -sudo service php5-fpm restart -sudo service nginx reload +service movim restart +service php5-fpm restart +service nginx reload From 7178bba198cecc21156169a500378f2a4a13de74 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 16:52:22 +0200 Subject: [PATCH 09/17] Remove legacy init.d support --- conf/movim.init | 98 ------------------------------------------------- scripts/install | 21 ++++------- scripts/remove | 12 ++---- scripts/upgrade | 22 ++++------- 4 files changed, 18 insertions(+), 135 deletions(-) delete mode 100644 conf/movim.init diff --git a/conf/movim.init b/conf/movim.init deleted file mode 100644 index 84e3e30..0000000 --- a/conf/movim.init +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: movim -# Required-Start: $remote_fs $syslog mysql -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start daemon at boot time -# Description: Enable service provided by daemon. -### END INIT INFO - -dir="YHDIR" -cmd="php daemon.php start --url=https://YHURL --port=YHPORT" -user="movim" - -name=`basename $0` -pid_file="/var/run/$name.pid" -stdout_log="/var/log/$name.log" -stderr_log="/var/log/$name.err" - -get_pid() { - cat "$pid_file" -} - -is_running() { - [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1 -} - -case "$1" in - start) - if is_running; then - echo "Already started" - else - echo "Starting $name" - cd "$dir" - if [ -z "$user" ]; then - sudo $cmd >> "$stdout_log" 2>> "$stderr_log" & - else - sudo -u "$user" $cmd >> "$stdout_log" 2>> "$stderr_log" & - fi - echo $! > "$pid_file" - if ! is_running; then - echo "Unable to start, see $stdout_log and $stderr_log" - exit 1 - fi - fi - ;; - stop) - if is_running; then - echo -n "Stopping $name.." - kill `get_pid` - for i in {1..10} - do - if ! is_running; then - break - fi - - echo -n "." - sleep 1 - done - echo - - if is_running; then - echo "Not stopped; may still be shutting down or shutdown may have failed" - exit 1 - else - echo "Stopped" - if [ -f "$pid_file" ]; then - rm "$pid_file" - fi - fi - else - echo "Not running" - fi - ;; - restart) - $0 stop - if is_running; then - echo "Unable to stop, will not attempt to start" - exit 1 - fi - $0 start - ;; - status) - if is_running; then - echo "Running" - else - echo "Stopped" - exit 1 - fi - ;; - *) - echo "Usage: $0 {start|stop|restart|status}" - exit 1 - ;; -esac - -exit 0 diff --git a/scripts/install b/scripts/install index 4630132..79f486d 100644 --- a/scripts/install +++ b/scripts/install @@ -167,21 +167,14 @@ exec_cmd php mud.php config --loglevel=1 \ #================================================= # Copy init script or systemd service -ynh_replace_string "YHURL" "${domain}${path_url}" ../conf/movim.{service,init} -ynh_replace_string "YHDIR" "${final_path}" ../conf/movim.{service,init} -ynh_replace_string "YHPORT" "${port}" ../conf/movim.{service,init} +ynh_replace_string "YHURL" "${domain}${path_url}" ../conf/movim.service +ynh_replace_string "YHDIR" "${final_path}" ../conf/movim.service +ynh_replace_string "YHPORT" "${port}" ../conf/movim.service -if [ -d /run/systemd/system ]; then - cp ../conf/movim.service /etc/systemd/system/ - systemctl daemon-reload - systemctl enable movim.service - systemctl start movim.service -else - cp ../conf/movim.init /etc/init.d/movim - chmod 755 /etc/init.d/movim - update-rc.d movim defaults - /etc/init.d/movim start -fi +cp ../conf/movim.service /etc/systemd/system/ +systemctl daemon-reload +systemctl enable movim.service +systemctl start movim.service #================================================= # PHP-FPM CONFIGURATION diff --git a/scripts/remove b/scripts/remove index 9af6e81..885f485 100644 --- a/scripts/remove +++ b/scripts/remove @@ -42,14 +42,10 @@ service php5-fpm restart #================================================= service movim stop -if [ -d /run/systemd/system ]; then - systemctl --quiet disable movim.service - ynh_secure_remove /lib/systemd/system/movim.service - systemctl --quiet daemon-reload -else - update-rc.d -f movim remove - ynh_secure_remove /etc/init.d/movim -fi + +systemctl --quiet disable movim.service +ynh_secure_remove /lib/systemd/system/movim.service +systemctl --quiet daemon-reload #================================================= # REMOVE DEPENDENCIES diff --git a/scripts/upgrade b/scripts/upgrade index 4adecd3..b81ae19 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -170,21 +170,13 @@ fi # SETUP SYSTEMD #================================================= -# Update init scripts -ynh_replace_string "YHURL" "${domain}${path_url}" ../conf/movim.{service,init} -ynh_replace_string "YHDIR" "${final_path}" ../conf/movim.{service,init} -ynh_replace_string "YHPORT" "${port}" ../conf/movim.{service,init} -if [ -d /run/systemd/system ]; then - ynh_secure_remove /lib/systemd/system/movim.service - cp ../conf/movim.service /etc/systemd/system/ - systemctl daemon-reload -else - /etc/init.d/movim stop - cp ../conf/movim.init /etc/init.d/movim - chmod 755 /etc/init.d/movim - update-rc.d movim defaults - /etc/init.d/movim start -fi +ynh_replace_string "YHURL" "${domain}${path_url}" ../conf/movim.service +ynh_replace_string "YHDIR" "${final_path}" ../conf/movim.service +ynh_replace_string "YHPORT" "${port}" ../conf/movim.service + +ynh_secure_remove /lib/systemd/system/movim.service +cp ../conf/movim.service /etc/systemd/system/ +systemctl daemon-reload #================================================= # PHP-FPM CONFIGURATION From 5836e86f8efe74413513a670fd18c98c05b22058 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 17:06:29 +0200 Subject: [PATCH 10/17] Disable the need of port, add automatic attribution --- manifest.json | 8 -------- scripts/install | 13 ++++++++----- scripts/remove | 11 +++++++++++ 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/manifest.json b/manifest.json index 18d6f28..7a8e320 100644 --- a/manifest.json +++ b/manifest.json @@ -79,14 +79,6 @@ }, "choices": ["Yes", "No"], "default": "Yes" - }, - { - "name": "port", - "ask": { - "en": "Movim daemon port (internal only)", - "fr": "Port du daemon Movim (interne uniquement)" - }, - "default": "9537" } ] } diff --git a/scripts/install b/scripts/install index 79f486d..9a013f0 100644 --- a/scripts/install +++ b/scripts/install @@ -26,7 +26,6 @@ admin=$YNH_APP_ARG_ADMIN password=$YNH_APP_ARG_PASSWORD language=$YNH_APP_ARG_LANGUAGE ssoenabled=$YNH_APP_ARG_SSOENABLED -port=$YNH_APP_ARG_PORT timezone=$(cat /etc/timezone) ### If it's a multi-instance app, meaning it can be installed several times independently @@ -56,9 +55,6 @@ ynh_webpath_available $domain $path_url # Register (book) web path ynh_webpath_register $app $domain $path_url -# Check port availability -yunohost app checkport "$port" \ - || ynh_die "This port is already used" #================================================= # STORE SETTINGS FROM MANIFEST @@ -67,13 +63,20 @@ yunohost app checkport "$port" \ # Save app settings ynh_app_setting_set "$app" admin "$admin" ynh_app_setting_set "$app" ssoenabled "$ssoenabled" -ynh_app_setting_set "$app" port "$port" ynh_app_setting_set "$app" path "$path_url" #================================================= # STANDARD MODIFICATIONS #================================================= +# FIND AND OPEN A PORT +#================================================= + +# Find a free port +port=$(ynh_find_port 9537) +# Open this port +yunohost firewall allow --no-upnp TCP "$port" 2>&1 +ynh_app_setting_set "$app" port "$port" #================================================= # CREATE A MYSQL DATABASE diff --git a/scripts/remove b/scripts/remove index 885f485..9c30f57 100644 --- a/scripts/remove +++ b/scripts/remove @@ -18,6 +18,7 @@ app=$YNH_APP_INSTANCE_NAME # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) final_path=$(ynh_app_setting_get "$app" final_path) +port=$(ynh_app_setting_get "$app" port) #================================================= # REMOVE NGINX CONFIGURATION @@ -69,6 +70,16 @@ ynh_mysql_drop_user "$db_user" || true ynh_secure_remove "$final_path" +#================================================= +# CLOSE A PORT +#================================================= + +if yunohost firewall list | grep -q "\- $port$" +then + echo "Close port $port" >&2 + yunohost firewall disallow TCP $port 2>&1 +fi + #================================================= # GENERIC FINALIZATION #================================================= From 626f858b2efc568a24b4a6d55d5e4fe3fe9f8577 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 17:27:41 +0200 Subject: [PATCH 11/17] use ynh_setup_source instead of git --- conf/app.src | 4 +++ scripts/_common.sh | 20 ++++-------- scripts/install | 24 ++++++-------- scripts/upgrade | 32 ++++--------------- .../patches/app-00-sso-logout.patch | 0 5 files changed, 28 insertions(+), 52 deletions(-) create mode 100644 conf/app.src rename patches/sso-logout.patch => sources/patches/app-00-sso-logout.patch (100%) diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..25328ed --- /dev/null +++ b/conf/app.src @@ -0,0 +1,4 @@ +SOURCE_URL=https://github.com/movim/movim/archive/v0.13.tar.gz +SOURCE_SUM=7aa5b2b6cd97e87a440981cfb6788a6f04ffd5eb4545026c49e1c61771593d11 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz \ No newline at end of file diff --git a/scripts/_common.sh b/scripts/_common.sh index 803c6a8..b4c690b 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,12 +3,6 @@ # Common variables # -# Git repository of Movim -GIT_REPO="https://github.com/movim/movim" - -# Commit to checkout -HEAD_COMMIT="ee249f1e37b548c71b9a339dd358fbd2136e3291" - # App package root directory should be the parent folder PKGDIR=$(cd ../; pwd) @@ -23,11 +17,11 @@ exec_cmd() { && sudo sudo -u movim "$@") } -# Apply the SSO patch to Movim source code -# usage: apply_sso_patch -apply_sso_patch() { - local patch_path="/tmp/sso-logout.patch" - cp -f "${PKGDIR}/patches/sso-logout.patch" "$patch_path" - exec_cmd git apply "$patch_path" - ynh_secure_remove "$patch_path" +# Undo the SSO patch to Movim source code (applied by default with ynh_setup_source) +# usage: undo_sso_patch +undo_sso_patch() { + ( + cd $final_path + patch -p1 -R < $YNH_CWD/../sources/patches/app-00-sso-logout.patch + ) } diff --git a/scripts/install b/scripts/install index 9a013f0..9e95ba5 100644 --- a/scripts/install +++ b/scripts/install @@ -106,12 +106,7 @@ ynh_install_app_dependencies php5-gd php5-curl php5-imagick php5-cli php5-zmq ynh_app_setting_set "$app" final_path "$final_path" -# Download Movim source code -tmp_path=/tmp/movim-git -ynh_secure_remove "$tmp_path" -(git clone "$GIT_REPO" "$tmp_path" \ - && cd "$tmp_path" && git checkout "$HEAD_COMMIT") \ - || ynh_die "Unable to download Movim source code." +ynh_setup_source "$final_path" #================================================= # SET CONFIGURATION FILE @@ -119,17 +114,14 @@ ynh_secure_remove "$tmp_path" # TODO: add checksum # Set database configuration -cp "${tmp_path}/config/"{db.example.inc.php,db.inc.php} +cp "$final_path/config/"{db.example.inc.php,db.inc.php} ynh_replace_string "'username' => 'username'" "'username' => '$db_user'" \ - "${tmp_path}/config/db.inc.php" + "$final_path/config/db.inc.php" ynh_replace_string "'password' => 'password'" "'password' => '$db_pwd'" \ - "${tmp_path}/config/db.inc.php" + "$final_path/config/db.inc.php" ## TODO: consider installation in a subpath ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ - "${tmp_path}/app/assets/js/movim_websocket.js" - -# Move Movim source code -mv "$tmp_path" "$final_path" + "$final_path/app/assets/js/movim_websocket.js" #================================================= # CREATE DEDICATED USER @@ -147,6 +139,10 @@ find "${final_path}/" -type f -print0 | xargs -0 chmod 0644 find "${final_path}/" -type d -print0 | xargs -0 chmod 0755 chmod 400 "${final_path}/config/db.inc.php" +#================================================= +# Install PHP dependencies using composer +#================================================= + # Install PHP dependencies using composer (curl -sS https://getcomposer.org/installer \ | exec_cmd php -- --install-dir="$final_path" \ @@ -212,9 +208,9 @@ cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf if [[ "$ssoenabled" = "No" ]]; then ynh_app_setting_set "$app" skipped_uris "/" exec_cmd php mud.php config --xmppwhitelist="$domain" + undo_sso_patch else ynh_app_setting_set "$app" unprotected_uris "/" - apply_sso_patch fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index b81ae19..4f13db0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -71,33 +71,12 @@ ynh_install_app_dependencies php5-zmq # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -# Init git repository as needed -if [ ! -d "${final_path}/.git" ]; then - tmp_path=/tmp/movim-git - ynh_secure_remove "$tmp_path" +ynh_setup_source "$final_path" - # Download Movim source code - (git clone "$GIT_REPO" "$tmp_path" \ - && cd "$tmp_path" && git checkout "$HEAD_COMMIT") \ - || ynh_die "Unable to download Movim source code." - cp "${final_path}/config/db.inc.php" "${tmp_path}/config/db.inc.php" +chown -R movim:www-data "$final_path" - # Replace current source code - ynh_secure_remove "$final_path" - mv "$tmp_path" "$final_path" - chown -R movim:www-data "$final_path" - - # Install composer for PHP dependencies - curl -sS https://getcomposer.org/installer \ - | exec_cmd php -- --install-dir="$final_path" -fi - -# Update Movim source code -(exec_cmd git fetch origin \ - && exec_cmd git reset --hard "$HEAD_COMMIT") \ - || ynh_die "Unable to download Movim source code." ## TODO: consider installation in a subpath -exec_cmd ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ +ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ "${final_path}/app/assets/js/movim_websocket.js" #================================================= @@ -121,6 +100,9 @@ chmod 400 "${final_path}/config/db.inc.php" # install PHP dependencies #================================================= +curl -sS https://getcomposer.org/installer \ +| exec_cmd php -- --install-dir="$final_path" + # Update PHP dependencies using composer (exec_cmd php composer.phar config --global discard-changes true \ && exec_cmd php composer.phar install --no-interaction) \ @@ -160,9 +142,9 @@ if [[ "$ssoenabled" = "No" ]]; then ynh_app_setting_set "$app" skipped_uris "/" exec_cmd php mud.php config --xmppwhitelist=$domain yunohost app ssowatconf + undo_sso_patch else ynh_app_setting_set "$app" unprotected_uris "/" - apply_sso_patch fi diff --git a/patches/sso-logout.patch b/sources/patches/app-00-sso-logout.patch similarity index 100% rename from patches/sso-logout.patch rename to sources/patches/app-00-sso-logout.patch From 49929c22951defc99bc961db4755b41b13e4d8c7 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 10 Aug 2018 17:29:21 +0200 Subject: [PATCH 12/17] Make sure we have the same dependencies --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 9e95ba5..bfb9945 100644 --- a/scripts/install +++ b/scripts/install @@ -98,7 +98,7 @@ ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd" #================================================= # Install packages -ynh_install_app_dependencies php5-gd php5-curl php5-imagick php5-cli php5-zmq +ynh_install_app_dependencies php-gd php-curl php-imagick php-cli php-zmq #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE diff --git a/scripts/upgrade b/scripts/upgrade index 4f13db0..b855f53 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -65,7 +65,7 @@ path_url=$(ynh_normalize_url_path $path_url) #================================================= # Since Movim 0.13, zmq is required -ynh_install_app_dependencies php5-zmq +ynh_install_app_dependencies php-gd php-curl php-imagick php-cli php-zmq #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE From f0da3da5dc57a4df4fe6d83cffa2a1bd54cf82e2 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Sun, 12 Aug 2018 00:03:51 +0200 Subject: [PATCH 13/17] Use php and fpm helpers --- conf/nginx.conf | 41 +++-- conf/php-fpm.conf | 392 +++++++++++++++++++++++++++++++++++++++++++++- conf/php-fpm.ini | 2 + scripts/install | 68 ++++---- scripts/remove | 8 +- scripts/upgrade | 42 +++-- 6 files changed, 458 insertions(+), 95 deletions(-) create mode 100644 conf/php-fpm.ini diff --git a/conf/nginx.conf b/conf/nginx.conf index f8ff454..0bc59e8 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,30 +1,30 @@ -location PATHTOCHANGE { - alias ALIASTOCHANGE; +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + alias __FINALPATH__/; if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; - } + } index index.php; try_files $uri $uri/ /index.php; location ~ [^/]\.php(/|$) { - - if ($request_uri ~ "\/movim\/\?infos") { - return 403; - } + if ($request_uri ~ "\/movim\/\?infos") { + return 403; + } fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-movim.sock; + fastcgi_pass unix:/var/run/php-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; - } + } - location ~ ^PATHTOCHANGE/ws/ { - proxy_pass http://localhost:YHPORT; + location ~ ^__PATH__/ws/ { + proxy_pass http://localhost:__PORT__; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; @@ -38,24 +38,23 @@ location PATHTOCHANGE { proxy_read_timeout 14400s; proxy_send_timeout 14400s; # (14400s is 4h) - } } + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; +} location ~ /\.ht { deny all; - } +} location ^~ /movim/log/ { - return 403; - } + return 403; +} location ^~ /movim/config/ { - return 403; - } + return 403; +} location ^~ /movim/?infos { return 403; - } - -# Include SSOWAT user panel. -include conf.d/yunohost_panel.conf.inc; +} \ No newline at end of file diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index fb2cf32..cccc8e2 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,16 +1,392 @@ -[movim] -listen = /var/run/php5-fpm-movim.sock +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[__NAMETOCHANGE__] + +; Per pool prefix +; It only applies on the following directives: +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php-fpm-__NAMETOCHANGE__.sock + +; Set listen(2) backlog. A value of '-1' means unlimited. +; Default Value: 128 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 128 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 listen.owner = www-data listen.group = www-data listen.mode = 0600 -user = movim -group = movim +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. pm = dynamic -pm.max_children = 5 + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' pm.max_spare_servers = 3 -chdir = /var/www/movim -php_admin_value[open_basedir] = none -php_admin_value[date.timezone] = "YHTZ" + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_slowlog_timeout = 5s + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = __FINALPATH__ + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +catch_workers_output = yes + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini new file mode 100644 index 0000000..b1221c2 --- /dev/null +++ b/conf/php-fpm.ini @@ -0,0 +1,2 @@ +open_basedir = none +date.timezone = "YHTZ" \ No newline at end of file diff --git a/scripts/install b/scripts/install index bfb9945..8ed9232 100644 --- a/scripts/install +++ b/scripts/install @@ -78,6 +78,13 @@ port=$(ynh_find_port 9537) yunohost firewall allow --no-upnp TCP "$port" 2>&1 ynh_app_setting_set "$app" port "$port" +#================================================= +# INSTALL DEPENDENCIES +#================================================= + +# Install packages +ynh_install_app_dependencies php-gd php-curl php-imagick php-cli php-zmq + #================================================= # CREATE A MYSQL DATABASE #================================================= @@ -93,13 +100,6 @@ db_name=movim # Create MySQL database ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd" -#================================================= -# INSTALL DEPENDENCIES -#================================================= - -# Install packages -ynh_install_app_dependencies php-gd php-curl php-imagick php-cli php-zmq - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -108,6 +108,30 @@ ynh_app_setting_set "$app" final_path "$final_path" ynh_setup_source "$final_path" +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +ynh_replace_string "//ws/" "/ws/" "$finalnginxconf" # Avoid duplicate / + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create movim system user and set permissions +useradd -d /var/www/movim -s /bin/sh movim + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_replace_string "YHTZ" "$timezone" ../conf/php-fpm.ini +ynh_add_fpm_config + #================================================= # SET CONFIGURATION FILE #================================================= @@ -123,13 +147,6 @@ ynh_replace_string "'password' => 'password'" "'password' => '$db_pwd'" \ ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ "$final_path/app/assets/js/movim_websocket.js" -#================================================= -# CREATE DEDICATED USER -#================================================= - -# Create movim system user and set permissions -useradd -d /var/www/movim -s /bin/sh movim - #================================================= # SET PERMISSIONS #================================================= @@ -175,31 +192,10 @@ systemctl daemon-reload systemctl enable movim.service systemctl start movim.service -#================================================= -# PHP-FPM CONFIGURATION -#================================================= - -# php-fpm configuration -ynh_replace_string "YHTZ" "$timezone" ../conf/php-fpm.conf -cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf - -#================================================= -# NGINX CONFIGURATION -#================================================= - -# Nginx configuration -ynh_replace_string "PATHTOCHANGE" "$path_url" ../conf/nginx.conf -ynh_replace_string "ALIASTOCHANGE" "$final_path/" ../conf/nginx.conf -ynh_replace_string "YHPORT" "$port" ../conf/nginx.conf -ynh_replace_string "//ws/" "/ws/" ../conf/nginx.conf # Avoid duplicate / -cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf - - #================================================= # GENERIC FINALIZATION #================================================= - #================================================= # SETUP SSOWAT #================================================= @@ -217,6 +213,4 @@ fi # RELOAD NGINX #================================================= -# Reload services -service php5-fpm restart service nginx reload diff --git a/scripts/remove b/scripts/remove index 9c30f57..16939f4 100644 --- a/scripts/remove +++ b/scripts/remove @@ -25,18 +25,14 @@ port=$(ynh_app_setting_get "$app" port) #================================================= # Remove the dedicated nginx config -ynh_secure_remove "/etc/nginx/conf.d/${domain}.d/movim.conf" +ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= # Remove the dedicated php-fpm config -ynh_secure_remove "/etc/php5/fpm/pool.d/movim.conf" - -# Reload services -service nginx reload -service php5-fpm restart +ynh_remove_fpm_config #================================================= # STOP AND REMOVE SERVICE diff --git a/scripts/upgrade b/scripts/upgrade index b855f53..d7ebc56 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -73,11 +73,12 @@ ynh_install_app_dependencies php-gd php-curl php-imagick php-cli php-zmq ynh_setup_source "$final_path" -chown -R movim:www-data "$final_path" +#================================================= +# NGINX CONFIGURATION +#================================================= -## TODO: consider installation in a subpath -ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ - "${final_path}/app/assets/js/movim_websocket.js" +# Create a dedicated nginx config +ynh_add_nginx_config #================================================= # CREATE DEDICATED USER @@ -87,6 +88,20 @@ ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ ynh_system_user_exists movim \ || useradd -d /var/www/movim -s /bin/sh movim +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + + +chown -R movim:www-data "$final_path" + +## TODO: consider installation in a subpath +ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ + "${final_path}/app/assets/js/movim_websocket.js" + #================================================= # SET PERMISSIONS #================================================= @@ -160,25 +175,6 @@ ynh_secure_remove /lib/systemd/system/movim.service cp ../conf/movim.service /etc/systemd/system/ systemctl daemon-reload -#================================================= -# PHP-FPM CONFIGURATION -#================================================= - -# Update php-fpm configuration -ynh_replace_string "YHTZ" "$timezone" ../conf/php-fpm.conf -cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/movim.conf - -#================================================= -# NGINX CONFIGURATION -#================================================= - -# Nginx configuration -ynh_replace_string "PATHTOCHANGE" "$path_url" ../conf/nginx.conf -ynh_replace_string "ALIASTOCHANGE" "$final_path/" ../conf/nginx.conf -ynh_replace_string "YHPORT" "$port" ../conf/nginx.conf -ynh_replace_string "//ws/" "/ws/" ../conf/nginx.conf # Avoid duplicate / -cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf - #================================================= # RELOAD SERVICES #================================================= From 709d745b7307554af01e320cef2d4c55813b3ec8 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Sun, 12 Aug 2018 00:10:46 +0200 Subject: [PATCH 14/17] Use helpers for user creation and deletion --- scripts/install | 4 ++-- scripts/remove | 4 ++-- scripts/upgrade | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/install b/scripts/install index 8ed9232..219138e 100644 --- a/scripts/install +++ b/scripts/install @@ -121,8 +121,8 @@ ynh_replace_string "//ws/" "/ws/" "$finalnginxconf" # Avoid duplicate / # CREATE DEDICATED USER #================================================= -# Create movim system user and set permissions -useradd -d /var/www/movim -s /bin/sh movim +# Create a system user +ynh_system_user_create "$app" #================================================= # PHP-FPM CONFIGURATION diff --git a/scripts/remove b/scripts/remove index 16939f4..b9139c4 100644 --- a/scripts/remove +++ b/scripts/remove @@ -82,5 +82,5 @@ fi # REMOVE DEDICATED USER #================================================= -ynh_system_user_exists movim \ - && userdel movim +# Delete a system user +ynh_system_user_delete "$app" diff --git a/scripts/upgrade b/scripts/upgrade index d7ebc56..1c6adbe 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -84,9 +84,8 @@ ynh_add_nginx_config # CREATE DEDICATED USER #================================================= -# Create movim user if not exists and set permissions -ynh_system_user_exists movim \ - || useradd -d /var/www/movim -s /bin/sh movim +# Create a dedicated user (if not existing) +ynh_system_user_create "$app" #================================================= # PHP-FPM CONFIGURATION @@ -140,6 +139,7 @@ ynh_app_setting_delete "$app" skipped_uris yunohost app clearaccess movim # Replace old public_site variable (if exists) by ssoenabled +# TODO: add clean support for old/new setting public_site/ssoenabled if [ ! -z "$public_site" ]; then [[ $public_site = "Yes" ]] \ && ssoenabled="No" \ From 094ed3a8a1bb37ff91622b34a9004119fa73c5b9 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Sun, 12 Aug 2018 00:22:31 +0200 Subject: [PATCH 15/17] Use systemd helpers --- conf/{movim.service => systemd.service} | 10 +++++----- scripts/install | 13 ++++--------- scripts/remove | 7 ++----- scripts/upgrade | 11 ++++------- 4 files changed, 15 insertions(+), 26 deletions(-) rename conf/{movim.service => systemd.service} (65%) diff --git a/conf/movim.service b/conf/systemd.service similarity index 65% rename from conf/movim.service rename to conf/systemd.service index 85950f1..2b90155 100644 --- a/conf/movim.service +++ b/conf/systemd.service @@ -1,15 +1,15 @@ [Unit] -Description=Movim daemon +Description=Movim daemon (__APP__) After=nginx.service network.target local-fs.target mysql.service [Service] -User=movim Type=simple +User=__APP__ +Group=__APP__ +WorkingDirectory=__FINALPATH__/ ExecStart=/usr/bin/php daemon.php start --url=https://YHURL --port=YHPORT -WorkingDirectory=YHDIR StandardOutput=syslog -SyslogIdentifier=movim -PIDFile=/run/movim.pid +SyslogIdentifier=__APP__ [Install] WantedBy=multi-user.target diff --git a/scripts/install b/scripts/install index 219138e..6c9b363 100644 --- a/scripts/install +++ b/scripts/install @@ -182,15 +182,10 @@ exec_cmd php mud.php config --loglevel=1 \ # SETUP SYSTEMD #================================================= -# Copy init script or systemd service -ynh_replace_string "YHURL" "${domain}${path_url}" ../conf/movim.service -ynh_replace_string "YHDIR" "${final_path}" ../conf/movim.service -ynh_replace_string "YHPORT" "${port}" ../conf/movim.service - -cp ../conf/movim.service /etc/systemd/system/ -systemctl daemon-reload -systemctl enable movim.service -systemctl start movim.service +# Create a dedicated systemd config +ynh_replace_string "__URL__" "${domain}${path_url}" ../conf/systemd.service +ynh_replace_string "__PORT__" "${port}" ../conf/systemd.service +ynh_add_systemd_config #================================================= # GENERIC FINALIZATION diff --git a/scripts/remove b/scripts/remove index b9139c4..abff694 100644 --- a/scripts/remove +++ b/scripts/remove @@ -38,11 +38,8 @@ ynh_remove_fpm_config # STOP AND REMOVE SERVICE #================================================= -service movim stop - -systemctl --quiet disable movim.service -ynh_secure_remove /lib/systemd/system/movim.service -systemctl --quiet daemon-reload +# Remove the dedicated systemd config +ynh_remove_systemd_config #================================================= # REMOVE DEPENDENCIES diff --git a/scripts/upgrade b/scripts/upgrade index 1c6adbe..71f3c05 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -167,13 +167,10 @@ fi # SETUP SYSTEMD #================================================= -ynh_replace_string "YHURL" "${domain}${path_url}" ../conf/movim.service -ynh_replace_string "YHDIR" "${final_path}" ../conf/movim.service -ynh_replace_string "YHPORT" "${port}" ../conf/movim.service - -ynh_secure_remove /lib/systemd/system/movim.service -cp ../conf/movim.service /etc/systemd/system/ -systemctl daemon-reload +# Create a dedicated systemd config +ynh_replace_string "__URL__" "${domain}${path_url}" ../conf/systemd.service +ynh_replace_string "__PORT__" "${port}" ../conf/systemd.service +ynh_add_systemd_config #================================================= # RELOAD SERVICES From 1c4e766984657411f58ad79732cb4333accf2382 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Sun, 12 Aug 2018 00:29:57 +0200 Subject: [PATCH 16/17] More standard usage of mysql helper --- scripts/install | 14 ++++---------- scripts/remove | 7 +++---- scripts/upgrade | 8 ++++++++ 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/scripts/install b/scripts/install index 6c9b363..3e3eac1 100644 --- a/scripts/install +++ b/scripts/install @@ -89,16 +89,10 @@ ynh_install_app_dependencies php-gd php-curl php-imagick php-cli php-zmq # CREATE A MYSQL DATABASE #================================================= -# Generate and save random MySQL password -db_pwd=$(ynh_string_random 12) -ynh_app_setting_set "$app" mysqlpwd "$db_pwd" - -# Use 'movim' as database name and user -db_user=movim -db_name=movim - -# Create MySQL database -ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd" +db_name=$(ynh_sanitize_dbid "$app") +db_user=$db_name +ynh_app_setting_set "$app" db_name "$db_name" +ynh_mysql_setup_db "$db_user" "$db_name" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE diff --git a/scripts/remove b/scripts/remove index abff694..f9d7661 100644 --- a/scripts/remove +++ b/scripts/remove @@ -19,6 +19,8 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get "$app" domain) final_path=$(ynh_app_setting_get "$app" final_path) port=$(ynh_app_setting_get "$app" port) +db_name=$(ynh_app_setting_get "$app" db_name) +db_user=$db_name #================================================= # REMOVE NGINX CONFIGURATION @@ -52,10 +54,7 @@ ynh_remove_app_dependencies # REMOVE THE MYSQL DATABASE #================================================= -db_user=movim -db_name=movim -ynh_mysql_drop_db "$db_name" || true -ynh_mysql_drop_user "$db_user" || true +ynh_mysql_remove_db "$db_user" "$db_name" #================================================= # REMOVE APP MAIN DIR diff --git a/scripts/upgrade b/scripts/upgrade index 71f3c05..0b626a5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -23,6 +23,7 @@ ssoenabled=$(ynh_app_setting_get "$app" ssoenabled) public_site=$(ynh_app_setting_get "$app" public_site) timezone=$(cat /etc/timezone) final_path=$(ynh_app_setting_get "$app" final_path) +db_name=$(ynh_app_setting_get "$app" db_name) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -34,6 +35,13 @@ if [ -z "$final_path" ]; then ynh_app_setting_set "$app" final_path "$final_path" fi + +# If db_name doesn't exist, create it +if [ -z "$db_name" ]; then + db_name=$(ynh_sanitize_dbid "$app") + ynh_app_setting_set "$app" db_name "$db_name" +fi + #================================================= # ACTIVE TRAP #================================================= From 5504deffe2ddb9db5fcb23451cfcd78cae7a9f0a Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Sun, 12 Aug 2018 00:59:39 +0200 Subject: [PATCH 17/17] Remove exec_cm and cleanups --- conf/db.inc.php | 17 ++++++++++++ scripts/_common.sh | 9 +------ scripts/install | 66 +++++++++++++++++++++++----------------------- scripts/remove | 2 +- scripts/upgrade | 43 +++++++++++++----------------- 5 files changed, 71 insertions(+), 66 deletions(-) create mode 100644 conf/db.inc.php diff --git a/conf/db.inc.php b/conf/db.inc.php new file mode 100644 index 0000000..e876147 --- /dev/null +++ b/conf/db.inc.php @@ -0,0 +1,17 @@ + 'mysql', + # The database username + 'username' => '__DB_USER__', + # The password + 'password' => '__DB_PWD__', + # Where can we find the database ? + 'host' => 'localhost', + # The port number, 3306 for MySQL and 5432 for PostGreSQL + 'port' => 3306, + # The database name + 'database' => '__DB_NAME__' +]; diff --git a/scripts/_common.sh b/scripts/_common.sh index b4c690b..b7a2c22 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,14 +10,7 @@ PKGDIR=$(cd ../; pwd) # Common helpers # -# Execute a command as movim user in the destination directory -# usage: exec_cmd COMMAND [ARG ...] -exec_cmd() { - (cd "$final_path" \ - && sudo sudo -u movim "$@") -} - -# Undo the SSO patch to Movim source code (applied by default with ynh_setup_source) +# Undo the SSO patch to source code (applied by default with ynh_setup_source) # usage: undo_sso_patch undo_sso_patch() { ( diff --git a/scripts/install b/scripts/install index 3e3eac1..5dc2a07 100644 --- a/scripts/install +++ b/scripts/install @@ -131,46 +131,26 @@ ynh_add_fpm_config #================================================= # TODO: add checksum -# Set database configuration -cp "$final_path/config/"{db.example.inc.php,db.inc.php} -ynh_replace_string "'username' => 'username'" "'username' => '$db_user'" \ - "$final_path/config/db.inc.php" -ynh_replace_string "'password' => 'password'" "'password' => '$db_pwd'" \ - "$final_path/config/db.inc.php" +cp ../conf/db.inc.php "$final_path/config/db.inc.php" + +ynh_replace_string "__DB_USER__" "$db_user" "$final_path/config/db.inc.php" +ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/config/db.inc.php" +ynh_replace_string "__DB_NAME__" "$db_name" "$final_path/config/db.inc.php" + ## TODO: consider installation in a subpath ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ "$final_path/app/assets/js/movim_websocket.js" -#================================================= -# SET PERMISSIONS -#================================================= - -chown -R movim:www-data "$final_path" -find "${final_path}/" -type f -print0 | xargs -0 chmod 0644 -find "${final_path}/" -type d -print0 | xargs -0 chmod 0755 -chmod 400 "${final_path}/config/db.inc.php" - #================================================= # Install PHP dependencies using composer #================================================= -# Install PHP dependencies using composer -(curl -sS https://getcomposer.org/installer \ - | exec_cmd php -- --install-dir="$final_path" \ - && exec_cmd php composer.phar config --global discard-changes true \ - && exec_cmd php composer.phar install --no-interaction) \ - || ynh_die "Unable to install Movim dependencies." - - -#================================================= -# Set Movim database and configuration -#================================================= - -# Set Movim database and configuration -exec_cmd php mud.php db --set -exec_cmd php mud.php config --loglevel=1 \ - --locale="$language" --timezone="$timezone" \ - --username="$admin" --password="$password" +( + cd "$final_path" + curl -sS https://getcomposer.org/installer | php -- --install-dir="$final_path" \ + && php composer.phar config --global discard-changes true --quiet \ + && php composer.phar install --no-interaction --quiet +) #================================================= # SETUP SYSTEMD @@ -181,9 +161,29 @@ ynh_replace_string "__URL__" "${domain}${path_url}" ../conf/systemd.service ynh_replace_string "__PORT__" "${port}" ../conf/systemd.service ynh_add_systemd_config +#================================================= +# Set-up database and configuration +#================================================= + +( + cd "$final_path" + php mud.php db --set + php mud.php config --loglevel=1 \ + --locale="$language" --timezone="$timezone" \ + --username="$admin" --password="$password" +) + #================================================= # GENERIC FINALIZATION #================================================= +# SET PERMISSIONS +#================================================= + +# TODO: use more strict permissions +chown -R "$app":www-data "$final_path" +find "${final_path}/" -type f -print0 | xargs -0 chmod 0644 +find "${final_path}/" -type d -print0 | xargs -0 chmod 0755 +chmod 400 "${final_path}/config/db.inc.php" #================================================= # SETUP SSOWAT @@ -192,7 +192,7 @@ ynh_add_systemd_config # SSOwat configuration if [[ "$ssoenabled" = "No" ]]; then ynh_app_setting_set "$app" skipped_uris "/" - exec_cmd php mud.php config --xmppwhitelist="$domain" + (cd "$final_path" && php mud.php config --xmppwhitelist="$domain") undo_sso_patch else ynh_app_setting_set "$app" unprotected_uris "/" diff --git a/scripts/remove b/scripts/remove index f9d7661..8017332 100644 --- a/scripts/remove +++ b/scripts/remove @@ -69,7 +69,7 @@ ynh_secure_remove "$final_path" if yunohost firewall list | grep -q "\- $port$" then echo "Close port $port" >&2 - yunohost firewall disallow TCP $port 2>&1 + yunohost firewall disallow TCP "$port" 2>&1 fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 0b626a5..939f1f0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -72,7 +72,6 @@ path_url=$(ynh_normalize_url_path $path_url) # UPGRADE DEPENDENCIES #================================================= -# Since Movim 0.13, zmq is required ynh_install_app_dependencies php-gd php-curl php-imagick php-cli php-zmq #================================================= @@ -81,6 +80,10 @@ ynh_install_app_dependencies php-gd php-curl php-imagick php-cli php-zmq ynh_setup_source "$final_path" +## TODO: consider installation in a subpath +ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ + "${final_path}/app/assets/js/movim_websocket.js" + #================================================= # NGINX CONFIGURATION #================================================= @@ -102,40 +105,34 @@ ynh_system_user_create "$app" # Create a dedicated php-fpm config ynh_add_fpm_config - -chown -R movim:www-data "$final_path" - -## TODO: consider installation in a subpath -ynh_replace_string "'/ws/'" "'${path_url%/}/ws/'" \ - "${final_path}/app/assets/js/movim_websocket.js" - #================================================= # SET PERMISSIONS #================================================= -chown -R movim:www-data "$final_path" +chown -R "$app":www-data "$final_path" find "${final_path}/" -type f -print0 | xargs -0 chmod 0644 find "${final_path}/" -type d -print0 | xargs -0 chmod 0755 chmod 400 "${final_path}/config/db.inc.php" #================================================= -# install PHP dependencies +# Install PHP dependencies using composer #================================================= -curl -sS https://getcomposer.org/installer \ -| exec_cmd php -- --install-dir="$final_path" - -# Update PHP dependencies using composer -(exec_cmd php composer.phar config --global discard-changes true \ - && exec_cmd php composer.phar install --no-interaction) \ - || ynh_die "Unable to update Movim dependencies." +( + cd "$final_path" + curl -sS https://getcomposer.org/installer | php -- --install-dir="$final_path" \ + && php composer.phar config --global discard-changes true --quiet \ + && php composer.phar install --no-interaction --quiet +) #================================================= -# Upgrade Movim Databas +# Set-up database #================================================= -# Upgrade Movim database as needed -exec_cmd php mud.php db --set +( + cd "$final_path" + php mud.php db --set +) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -144,7 +141,7 @@ exec_cmd php mud.php db --set # Reset SSO parameters ynh_app_setting_delete "$app" protected_uris ynh_app_setting_delete "$app" skipped_uris -yunohost app clearaccess movim +yunohost app clearaccess "$app" # Replace old public_site variable (if exists) by ssoenabled # TODO: add clean support for old/new setting public_site/ssoenabled @@ -163,7 +160,7 @@ fi # SSOwat configuration if [[ "$ssoenabled" = "No" ]]; then ynh_app_setting_set "$app" skipped_uris "/" - exec_cmd php mud.php config --xmppwhitelist=$domain + (cd "$final_path" && php mud.php config --xmppwhitelist="$domain") yunohost app ssowatconf undo_sso_patch else @@ -185,6 +182,4 @@ ynh_add_systemd_config #================================================= # Reload services -service movim restart -service php5-fpm restart service nginx reload